Postman Setup

Use a Postman pre-request script to generate HMAC signatures automatically for every request in a collection.

Pre-request Script

Add this to the collection-level or request-level Pre-request Script tab:

javascript
const apiKey = pm.environment.get("api_key");const secretKey = pm.environment.get("secret_key");
if (!apiKey || !secretKey) {  throw new Error("Missing api_key or secret_key in the active environment");}
let requestBody = "";if (pm.request.body) {  if (pm.request.body.raw) {    requestBody = pm.request.body.raw;  } else if (pm.request.body.urlencoded) {    requestBody = pm.request.body.urlencoded.toString();  } else if (pm.request.body.formdata) {    requestBody = pm.request.body.formdata.toString();  }}
const timestamp = new Date().toISOString();const dataToSign = requestBody + "|" + timestamp;const signature = CryptoJS.HmacSHA256(dataToSign, secretKey).toString(CryptoJS.enc.Hex);
pm.request.headers.remove("x-api-key");pm.request.headers.remove("x-timestamp");pm.request.headers.remove("x-signature");
pm.request.headers.add({ key: "x-api-key", value: apiKey });pm.request.headers.add({ key: "x-timestamp", value: timestamp });pm.request.headers.add({ key: "x-signature", value: signature });

Setup Steps

  1. Create or select a Postman environment.
  2. Add api_key and secret_key variables.
  3. Paste the script at the collection level so all requests inherit it.
  4. Send a signed request to a client API endpoint.
  5. Use the Postman console to inspect the generated timestamp and signature if debugging is needed.

Troubleshooting

Missing credentials

Make sure the active Postman environment contains both:

  • api_key
  • secret_key

Invalid signature

Check that:

  1. the body in Postman is exactly what gets sent
  2. the correct secret key is loaded
  3. no conflicting headers are being set manually

CryptoJS errors

Postman ships with CryptoJS. If it is unavailable, update Postman before debugging the API integration itself.

Related Pages