I am trying to issue requests against an API which is HMAC protected.
I can successfully send a request using a HMAC auth plugin for HTTPie like this:
http --auth-type=hmackey --auth="key1:secret1" api_url
However, I've not had any success by issuing requests through Postman. I'm following the link below which explains how to use a pre-request script, but I'm always getting a 401:
https://github.com/acquia/http-hmac-postman
Any thoguhts?
If you want to create a hmac for the post request and set it to the header, simply use cryptoJs as below in the pre-request script.
const secret = 'your_secret';
var hash = CryptoJS.HmacSHA256(pm.request.body.toString(), secret);
var hashBase64 = CryptoJS.enc.Base64.stringify(hash);
console.log(hashBase64);
//set it to the environment variable
pm.environment.set("HmacContentSha", "hashBase64");
The environment variable HmacContentSha need to pass in the request header.
Related
I have a Postman pre-request script which uses pm.sendRequest to call an endpoint that uses the same authorisation as the current request. I tried to use pm.request.headers in the script to get the Authorization header so I could add the same header in the pm.sendRequest call, but it doesn’t return the auto-generated headers, only the headers I’ve set manually. Is there any way to access the auto-generated headers in a pre-request script?
I tried
header: {
"Authorization": pm.request.headers.get("Authorization"),
"Content-Type": "application/json"
},
I do not know how to access the auto-generated headers, but you can actually access the data from the Authorization tab of Postman and thus also the access token:
pm.request.auth.parameters().get("accessToken")
I use this for setting the token parameter to a Postman variable named token_param when hitting the OIDC token introspection endpoint after having authenticated via OAuth 2.0 Authorization Code Flow in a browser tab from Postman:
pm.variables.set('token_param', pm.request.auth.parameters().get("accessToken"))
You can also check what's inside the auth object by calling the toJSON method:
console.info(pm.request.auth.toJSON())
That way I found the accessToken:
Is there a way in Postman to obtain automatically, if an endpoint returns an HTTP 401, a new API key for that user by calling the login endpoint? In this situation Postman loads the result and store the API key in a variable in the specific Environment.
The test tab in Postman allows you to write some JS code that retrieves the response data and allows you to act accordingly.
Then the postman API allows you to set the next request in the collection runner or newman, so you can just call the login request properly.
Basically something like this:
const jsonData = pm.response.json()
if (pm.response.code === 401) {
pm.setNextRequest('login')
}
Here is some further reading about scripting in postman.
I've tried making POST requests with
var https = require('https');
and
var request = require('request');
I have the request package in the node_modules folder in the Lambda function. Neither of them seem to be able to properly authenticate with Shopify and send the request properly. What is the best way to go about this? I can't seem to find an example anywhere. This is not a webhook, I'm not getting data, I'm trying to update a metafield on a customer when something else triggers this Lambda function.
I need to get data from an ApiGateway api method. My API is deployed and url is like /greetings. "greetings" is my resource name in which I have a GET method with Authentication set to aws_iam.
The method returns a json response which i want to simply fetch and return. Before authenticating below code was enough to get the response:
String url = "XXXX/greetings"; // xxxx is replaced by api url
URL obj = new URL(url);
con.setRequestMethod("GET");
//add request header
con.setRequestProperty("User-Agent", USER_AGENT);
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
//print response
Note: I understand that I have to pass Authentication token with the request and I am able to access the authenticated API url with Postman by using my AWS credentials. My query is how do I do this in Java?
You can generate the Java SDK on your API and use that to call your API. You can set the credentials on the client just like in Postman.
Here is a guide https://aws.amazon.com/blogs/developer/api-gateway-java-sdk/ to generate and use Java SDK with API Gateway.
If for some reason you don't want to use the generated SDK, you can read up on SigV4 signing and do that yourself or use a third party library like the one mentioned here.
I want to send a http request to a webservice ,which I implemented earlier, that need the user to be login. Now, I implemented a form page that do this for me and I need to change it for every different request.
As far as I know, Django need "csrftoken" and "sessionid" to allow requests. Unfortunately, I can not figure out how to add this two field to Postman client and interact with my Django services.
Postman receives cookies from chrome and you can retrieve them using the Postman interception plugin.
See here
Now after installing the plugin :
Create a new environment so environment variables can be stored
Create a method with a test to store the XSRF cookie value in an environment variable, in the test tab post this code
var token = postman.getResponseCookie("XSRF");
postman.setEnvironmentVariable("xsrf-token", token .value);
Now you will have an environment variable with xsrf-token in it.
Save your method
Create the new post and add XSRF-Token-Header Key in the header.
Access the token value with {{xsrf-token}}
Now before running your new request make sure you run the method, so that it can store the environment variable, and then when you run the actual request it will append its value in the header.
You can also refer this post.
Just in case : For ajax requests you can refer to the django docs