This is javascript for use with Postman's pre-request script feature. It generates HTTP request headers for HMAC authentication with Kong. More specifically, Kong's HMAC Authentication Plugin.
The script could easily be modified for use with custom HMAC authentication schemes.
-
Copy the contents of postman-pre-request-script.js into the "Pre-request Script" tab in Postman.
-
Create an environment and add two key-value pairs at Postman's "Manage Environments" settings dialog.
keyIdcontaining the ID or username of the API consumer, andsecretcontaining the shared secret key.
-
Switch to the new environment.
-
On the "Headers" tab click "Bulk Edit" and paste the following content into the headers field. Note that the
Content-Typeheader must be set manually to the content type of your request. The other headers will be generated automatically by the script.Authorization:{{auth-header}} Date:{{date-header}} Content-MD5:{{content-md5}} Content-Length:{{content-length}} Content-Type:application/jsonAs shown below:
-
Send the request.
If you don't require all five headers to be included in the signature hash you can comment out the headers you don't want in the javascript as shown below:
var sigHeaders = {
'request-line' : requestLine,
'date' : dateHeader,
//'content-type' : contentType,
'content-md5' : base64md5,
'content-length' : contentLength
};When making modifications to the script it is helpful to check the contents of the generated environment variables. You can do this by clicking on the eye icon next to the environment management button after sending a request.
MIT License - see the LICENSE file for details