Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Generate Auth Token for Vendor API

Repository

[

GitHub - fhyfirman/generate-hmac-auth-token: Generate HMAC Authentication Token using API KEY and API SECRET KEY

Generate HMAC Authentication Token using API KEY and API SECRET KEY - GitHub - fhyfirman/generate-hmac-auth-token: Generate HMAC Authentication Token using API KEY and API SECRET KEY

https://github.com/fhyfirman/generate-hmac-auth-token

](https://github.com/fhyfirman/generate-hmac-auth-token)

Generate Using TypeScript

import humps from "humps";
import { AxiosRequestConfig } from "axios";

const VENDOR_API_KEY = process.env.VUE_APP_VENDOR_API_KEY;
const VENDOR_API_SECRET_KEY = process.env.VUE_APP_VENDOR_API_SECRET_KEY;

export async function generateToken(
  request: AxiosRequestConfig,
  apiKey?: string,
  apiSecretKey?: string
): Promise<string> {
  const httpMethod = request.method ? request.method.toUpperCase() : "GET";
  const url = new URL(request.url as string);
  const searchParams = new URLSearchParams(url.search);
  searchParams.set("client_type", "web");
  url.search = searchParams.toString();
  const path = url.pathname + url.search;
  const currentTime = new Date().getTime().toString();
  let body, rawSignature;

  if (httpMethod === "GET") {
    rawSignature = `${currentTime}\r\n${httpMethod}\r\n${path}\r\n\r\n`;
  } else {
    body = request.data
      ? JSON.stringify(humps.decamelizeKeys(request.data))
      : "";
    rawSignature = `${currentTime}\r\n${httpMethod}\r\n${path}\r\n\r\n${body}`;
  }

  // Use default values for apiKey and apiSecretKey if not provided
  apiKey = apiKey || VENDOR_API_KEY;
  apiSecretKey = apiSecretKey || VENDOR_API_SECRET_KEY;

  if (!apiKey || !apiSecretKey) {
    throw new Error("API key and/or secret key not provided");
  }

  const CryptoJS = await import(
    /* webpackChunkName: "crypto-js" */ "crypto-js"
  );

  const signature = CryptoJS.HmacSHA256(rawSignature, apiSecretKey).toString();
  const token = `hmac ${apiKey}:${currentTime}:${signature}`;

  return token;
}

Generate using Postman

To generate auth token using Postman you need to put the script in the pre-request script on your Postman app

// get http method
const httpMethod = pm.request.method;

// get api key and secret from environment
const apiKey = pm.environment.get('API_KEY');
const apiSecretKey = pm.environment.get('API_SECRET_KEY');

// generate time and get full path from url
const currentTime = new Date().getTime().toString();
const path = pm.variables.replaceIn(pm.request.url.getPathWithQuery());
let body, rawSignature;

// check and generate raw signature
if (httpMethod === 'GET') {
    rawSignature = `${currentTime}\r\n${httpMethod}\r\n${path}\r\n\r\n`;
} else {
    body = pm.request.body.raw;
    rawSignature = `${currentTime}\r\n${httpMethod}\r\n${path}\r\n\r\n${body}`;
}

// generate signature
const signature = CryptoJS.HmacSHA256(rawSignature, apiSecretKey).toString();

// generate token
const token = `hmac ${apiKey}:${currentTime}:${signature}`;

// store token to environment and set auth header
pm.environment.set('API_TOKEN', token)
pm.request.headers.add({
  key: "Authorization",
  value: token
});