How to use SHA-1 dynamic key in Postman
Question
I'm trying to use Postman to send a GET http request which contains a parameter which is dynamically generated by taking the full request query string (everything to the right of the question mark in the URL, after URL encoding), concatenating a previously assigned shared secret key, and then performing a SHA-1 hash of the resulting string.
I would use a Pre-request Script to achieve this.
Thank you.
2 answers
solution1
8 2016-05-19 21:12:46
I actually found a solution and would like to share it.
var params = [ ["client_id", "222"] ,["account_id", ""] ]; // Build the request body string from the Postman request.data object var requestBody = ""; var firstpass = true; for(var i=0;i < params.length; i++) { if(!firstpass){ requestBody += "&"; } requestBody += params[i][0] + "=" + params[i][1]; firstpass = false; postman.setGlobalVariable(params[i][0], params[i][1]); } requestBody += postman.getEnvironmentVariable("sharedSecretKey"); postman.setGlobalVariable("requestBody", requestBody); var mac = ""; if(requestBody){ // SHA1 hash mac = CryptoJS.SHA1(requestBody); } postman.setGlobalVariable("mac", mac);
Then I just need to set the parameters in the URL : {{baseUrl}}/get?client_id={{client_id}}&account_id={{account_id}}&mac={{mac}}
where {{baseUrl}} is an environment variable and {{client_id}}, {{account_id}} are global variables
Hope it can be helpful to someone.
Thank you.
solution2
0 2019-08-04 04:03:08
Inspired by this answer , I used the following Postman pre-request script to create a SHA1 hash of a request.
Note that request.data is an implied variable and the CryptoJS library are provided by the Postman Sandbox for pre-request scripts .
const hash = CryptoJS.HmacSHA1(request.data, 'yourSecret');
pm.globals.set('hash', hash);
You can now reference the hash value as a postman global variable using {{hash}} syntax.
Creating X-Hub-Signature Header like GitHub API Webhook Requests
My purpose in all this was to simulate the X-Hub-Signature header provided by the GitHub Webhooks API because my web service validates all webhook payloads to match the signature. So for me to test my web service, I also needed postman to generate a valid signature header.
Here's an adaptation of the above code snippet for generating the X-Hub-Signature request header value.
- In GitHub, I set a webhook secret for my GitHub App .
- In Postman, I created an environment and added the key=value pair
GITHUB_WEBHOOK_SECRETwith the value I specified when I created my GitHub App.
- In Postman, I used the following pre-request script. It set the computed hash as a global variable.
const hash = CryptoJS.HmacSHA1(
request.data,
pm.environment.get('GITHUB_WEBHOOK_SECRET')
);
pm.globals.set('X-HUB-SIGNATURE', 'sha1=' + hash);
- In Postman, I reference the global hash variable as a header in my requests, just like the GitHub Webhooks API will.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.