As part of some prototype code that I am writing for a startup, I have been trying out the Web Almond Oauth2.0 API using postman as the vehicle. I have tried to simultaneously follow the Almond documentation (Web Almond as a Service) and the postman documentation on Oauth2.0. When I do this, I am redirected to the Almond Login page, but after I log in I get an error saying “invalid redirect uri”. (I am using the redirect uri recommendation from the postman documentation.) With this in mind, my questions are as follows:

1. 1. From my rather skimpy description above, is there anything obvious that I am doing wrong?
2. Is there some way to get more debug info on the error I get from Almond?
3. Is postman the right tool for this work? If not, is there another preferred tool that I should be using?
4. Why do I need to provide a username and password to access Thingpedia? I already have a registered client id/secret - shouldn’t that be enough? Ultimately this prototype code should turn into an autonomous application, so no human input will be possible.

I’m not sure what you mean by “the redirect uri recommendation from the postman documentation”.
You should ensure that postman is calling Almond with exactly the same URL you put in when you created the client id/client secret.

I’m afraid there is not much else in debugging available (for security reasons), but I can take a look at the logs if you provide more details.

Also, it looks like you’re trying to access Web Almond. Web Almond is tied to a specific account, because it has the credentials of a specific user for Twitter, Spotify, Home Assistant, etc.
Hence you need to login with username and password (through OAuth) to use the API.

If you want to create an independent Almond client, you should use Almond Server instead (use the stable version, not master). Almond Server can be configured with no username or password, for use in an embedded application. It communicates with Thingpedia using the Thingpedia API, which has no authentication.
You can also use the Thingpedia API directly, in specialized applications, or through the Thingpedia SDK, if you want to invoke APIs provided by Thingpedia devices without the virtual assistant parts.

Thank you very much, Giovanni. That answers most if not all of my questions. I’m still digesting your response - you gave me a lot to think about.