...
You may notice that some parts of the API (like adding organisation roles to users) currently only support user-based authentication rather than client-based authentication. Should you need to use these APIs right now, you can actually get a JWT token for the user and use that to authenticate. Look at the login flow in the network panel, and pay attention to the JWT we return when you login AND when you access an org. Those are the bearer tokens (depending on whether you are at the site, or org level). See Administrator level authentication flow for more information.
Postman
Below are details of the Postman Collections and Environment that you can use.
...