Http Signed Request via Postman
Need to send a Signed request via postman? quick sample code on how to do it.
You can use a pre-request script in Postman to automatically sign your http request to do so the following steps are required - this can be customized based on your approach - see more at https://http-signatures-php.readthedocs.io/en/stable/reference/headers.html
for our example we are validating on the request body and request date.
Steps
Add 2 variable headers to your postman call: (note dateStr and not date as the variable as date is reserved)
Add global variable for your key name and key value and placeholdes for signature and dateStr for your project.
in your pre-request scripts section put the following code:
const url = require('url')
const keyName = pm.globals.get('keyName'); //'key';
const key = pm.globals.get('keyName');//'zon-art-signed-request'
const signatureString = []
const dateStr = new Date().toGMTString();
const requestUrl = pm.request.url.toString().replace('{{API_URL}}', pm.environment.get("API_URL"));
const parsedUrl = url.parse(requestUrl)
const srchStr = parsedUrl.search === null ? '' : parsedUrl.search;
signatureString.push(`(request-target): ${pm.request.method.toLowerCase()} ${parsedUrl.path.replace(/\[/g, '%5B').replace(/\]/g,'%5D')}`)
signatureString.push(`date: ${dateStr}`)
const signature = signatureString.join('\n')
const signatureSign = CryptoJS.HmacSHA256(signature, key).toString(CryptoJS.enc.Base64)
const authorization = `keyId="${keyName}",algorithm="hmac-sha256",headers="(request-target) date",signature="${signatureSign}"`
pm.globals.set('signature', authorization);
pm.globals.set('dateStr', dateStr);
Done :-)