Postman
Use the Postman collection to test Asaas API endpoints with correct authentication, environment, and troubleshooting.

Use the Postman collection to test Asaas API endpoints in Sandbox before implementing calls in your application.
When to use the Postman collection
Use the collection when you need to:
- Validate authentication, headers, and URLs before writing code.
- Explore documented endpoints without building requests manually.
- Reproduce integration errors and compare API behavior between Sandbox and Production.
- Share a set of requests with your team during development.
Prerequisites
Before running requests:
- Install Postman or sign in via browser.
- Create a test account in the Asaas Sandbox.
- Generate an API key for the environment you want to use. See the API Keys guide.
- Read the Authentication guide to confirm the required headers.
Do not share your API key in public workspaces, screenshots, repositories, or conversations. The key identifies your account and authorizes calls on your behalf.
Access and fork the collection
- Open the Asaas API in Postman:
- In the left sidebar, expand Asaas API and click Collection Asaas.

- Click Fork in the top-right corner and select the Workspace where you want to copy the collection.

Configure authentication and environment
After forking, configure the collection or the request you want to test with the headers below.
| Header | Value | Required | Notes |
|---|---|---|---|
Content-Type | application/json | Yes | Indicates the request body will be sent as JSON. |
User-Agent | your_application_name | Yes for new root accounts created after 06/13/2024 | Use a name that identifies your application. |
access_token | your_api_key | Yes | Send the API key for the same environment as the URL used in the request. |
Use the correct URL for the environment you want to test:
| Environment | URL |
|---|---|
| Sandbox | https://api-sandbox.asaas.com/v3 |
| Production | https://api.asaas.com/v3 |
Sandbox and Production API keys are different. If you use a Production key with a Sandbox URL, or vice versa, the API will return an authentication error.
If the collection uses Postman environment variables, update the base URL variable and the API key variable before sending the first request. If not using variables, check these values directly in the request headers and URL.
Testing a request
- Select an endpoint inside Collection Asaas.
- Confirm the URL points to the desired environment.
- Confirm the
Content-Type,User-Agent, andaccess_tokenheaders are present. - Click Send.
- Check the HTTP status and response body.
A successful response varies by endpoint, but should return a 2xx status. If authentication fails, the API returns 401 Unauthorized with details in the response body.
Example error when the key is used in the wrong environment:
{
"errors": [
{
"code": "invalid_environment",
"description": "The provided API key does not belong to this environment"
}
]
}Example error when the authentication header is missing:
{
"errors": [
{
"code": "access_token_not_found",
"description": "The authentication header 'access_token' is required and was not found in the request"
}
]
}Troubleshooting
| Problem | Likely cause | How to resolve |
|---|---|---|
401 Unauthorized | Missing, invalid, revoked key, or key used in the wrong environment. | Check the access_token header, remove extra spaces, and verify the key belongs to the same environment as the URL. |
Error: access_token_not_found | The access_token header was not sent. | Add the header to the collection, environment, or directly to the request. |
Error: invalid_environment | A Sandbox key was used in Production, or a Production key was used in Sandbox. | Switch the base URL or use the key that matches the correct environment. |
| Request missing application identity | User-Agent is absent. | Send the User-Agent header with your application name. |
Related content
- Authentication: see required headers, environment URLs, and authentication errors.
- API Keys: learn how to create and manage your API key.
- Sandbox: test your integration with fictional data before going to Production.
