I am trying to issue requests against an API which is HMAC protected.
I can successfully send a request using a HMAC auth plugin for HTTPie like this:
http --auth-type=hmackey --auth="key1:secret1" api_url
However, I've not had any success by issuing requests through Postman. I'm following the link below which explains how to use a pre-request script, but I'm always getting a 401:
https://github.com/acquia/http-hmac-postman
Any thoguhts?
If you want to create a hmac for the post request and set it to the header, simply use cryptoJs as below in the pre-request script.
const secret = 'your_secret';
var hash = CryptoJS.HmacSHA256(pm.request.body.toString(), secret);
var hashBase64 = CryptoJS.enc.Base64.stringify(hash);
console.log(hashBase64);
//set it to the environment variable
pm.environment.set("HmacContentSha", "hashBase64");
The environment variable HmacContentSha need to pass in the request header.