I'm trying to use Postman to send a GET http request which contains a parameter which is dynamically generated by taking the full request query string (everything to the right of the question mark in the URL, after URL encoding), concatenating a previously assigned shared secret key, and then performing a SHA-1 hash of the resulting string.
I would use a Pre-request Script to achieve this.
Thank you.
I'm trying to use Postman to send a GET http request which contains a parameter which is dynamically generated by taking the full request query string (everything to the right of the question mark in the URL, after URL encoding), concatenating a previously assigned shared secret key, and then performing a SHA-1 hash of the resulting string.
I would use a Pre-request Script to achieve this.
Thank you.
Share Improve this question asked May 19, 2016 at 21:06 BoogiemanBoogieman 2131 gold badge2 silver badges8 bronze badges2 Answers
Reset to default 11I actually found a solution and would like to share it.
var params = [
["client_id", "222"]
,["account_id", ""]
];
// Build the request body string from the Postman request.data object
var requestBody = "";
var firstpass = true;
for(var i=0;i < params.length; i++) {
if(!firstpass){
requestBody += "&";
}
requestBody += params[i][0] + "=" + params[i][1];
firstpass = false;
postman.setGlobalVariable(params[i][0], params[i][1]);
}
requestBody += postman.getEnvironmentVariable("sharedSecretKey");
postman.setGlobalVariable("requestBody", requestBody);
var mac = "";
if(requestBody){
// SHA1 hash
mac = CryptoJS.SHA1(requestBody);
}
postman.setGlobalVariable("mac", mac);Then I just need to set the parameters in the URL : {{baseUrl}}/get?client_id={{client_id}}&account_id={{account_id}}&mac={{mac}}
where {{baseUrl}} is an environment variable and {{client_id}}, {{account_id}} are global variables
Hope it can be helpful to someone.
Thank you.
Inspired by this answer, I used the following Postman pre-request script to create a SHA1 hash of a request.
Note that request.data is an implied variable and the CryptoJS library are provided by the Postman Sandbox for pre-request scripts.
const hash = CryptoJS.HmacSHA1(request.data, 'yourSecret').toString();
pm.globals.set('hash', hash);
You can now reference the hash value as a postman global variable using {{hash}} syntax.
Creating X-Hub-Signature Header like GitHub API Webhook Requests
My purpose in all this was to simulate the X-Hub-Signature header provided by the GitHub Webhooks API because my web service validates all webhook payloads to match the signature. So for me to test my web service, I also needed postman to generate a valid signature header.
Here's an adaptation of the above code snippet for generating the X-Hub-Signature request header value.
- In GitHub, I set a webhook secret for my GitHub App.
- In Postman, I created an environment and added the key=value pair
GITHUB_WEBHOOK_SECRETwith the value I specified when I created my GitHub App.
- In Postman, I used the following pre-request script. It set the puted hash as a global variable.
const hash = CryptoJS.HmacSHA1(
request.data,
pm.environment.get('GITHUB_WEBHOOK_SECRET')
).toString();
pm.globals.set('X-HUB-SIGNATURE', 'sha1=' + hash);
- In Postman, I reference the global hash variable as a header in my requests, just like the GitHub Webhooks API will.