HMAC protected API and Postman request

2.5k Views Asked by Carlos Gonzalez At 07 April 2025 at 17:48

I am trying to issue requests against an API which is HMAC protected.

I can successfully send a request using a HMAC auth plugin for HTTPie like this:

http --auth-type=hmackey --auth="key1:secret1" api_url

However, I've not had any success by issuing requests through Postman. I'm following the link below which explains how to use a pre-request script, but I'm always getting a 401:

https://github.com/acquia/http-hmac-postman

Any thoguhts?

Original Q&A

There are 1 best solutions below

Divyang Desai On 04 June 2021 at 05:56 BEST ANSWER

If you want to create a hmac for the post request and set it to the header, simply use cryptoJs as below in the pre-request script.

const secret = 'your_secret';

var hash = CryptoJS.HmacSHA256(pm.request.body.toString(), secret);
var hashBase64 = CryptoJS.enc.Base64.stringify(hash);

console.log(hashBase64);

//set it to the environment variable
pm.environment.set("HmacContentSha", "hashBase64");

The environment variable HmacContentSha need to pass in the request header.

HMAC protected API and Postman request

There are 1 best solutions below

Related Questions in POSTMAN

Related Questions in HMAC

Related Questions in HTTPIE

Trending Questions

Popular # Hahtags

Popular Questions