Miva JSON API - Add X-Miva-API-Authorization HMAC Signature with JavaScript's CryptoJS as a Postman Pre-Request Script

00__README.md

Add X-Miva-API-Authorization HMAC Signature to a Postman Request

Uses JavaScript's CryptoJS library within a Postman Pre-Request script to: parse the request-body, create a SHA256 HMAC signature, build the Miva JSON API's authorization HTTP Header, and add the header to the current Postman request.

Instructions

Setup Postman Environmental Variables

1. Navigate to the "Miva Admin > Settings > Users > API Tokens"
2. Edit a token
3. Create a Postman Environmental Variable called API_Token that is set to the "Edit API Token > Access Token" value
4. Create a Postman Environmental Variable called API_SigningKey that is set to the "Edit API Token > Signature" value

Add to a Single Request

1. Edit a request in Postman
2. Switch to the "Scripts" tab of the request
3. Switch to the "Pre-request" code
4. Populate it with 01__standalone-pre-request-script.js

OR Add Multiple Requests with a Postman Package

1. Open the Postman > Package Library
   1. Edit a request in Postman
   2. Switch to the "Scripts" tab of the request
   3. Switch to the "Pre-request" code
   4. Click the "Open package library" link
2. Create a "New Package"
3. Populate it with 02__package--source.js
4. "Save" your package
5. Edit a request in Postman
6. Switch to the "Scripts" tab of the request
7. Switch to the "Pre-request" code
8. In the "Packages" search-dropdown, select your package
9. Require and use your package like it is done in 03__package--pre-request-script.js

Helpful Links

• https://docs.miva.com/developer/developer-resources/json-api/api-getting-started/
• https://learning.postman.com/docs/tests-and-scripts/write-scripts/postman-sandbox-api-reference/
• https://learning.postman.com/docs/tests-and-scripts/write-scripts/package-library/
• https://www.postman.com/postman/postman-answers/request/xy5m1mu/sha256?tab=scripts
• https://cryptojs.gitbook.io/docs#documentation

01__standalone-pre-request-script.js

const CryptoJS = require('crypto-js');

const token = pm.environment.get('API_Token');
const signingKey = pm.environment.get('API_SigningKey');
const requestBody = pm.variables.replaceIn(pm.request.body.toString());

const signature = CryptoJS.HmacSHA256(
    CryptoJS.enc.Utf8.parse(requestBody),
    CryptoJS.enc.Base64.parse(signingKey)
).toString(CryptoJS.enc.Base64);

pm.request.headers.add({
    key: 'X-Miva-API-Authorization',
    value: `MIVA-HMAC-SHA256 ${token}:${signature}`
});

02__package--source.js

const CryptoJS = require('crypto-js');

const addAuthorizationHeader = ({token = pm.environment.get('API_Token'), signingKey = pm.environment.get('API_SigningKey'), requestBody = pm.variables.replaceIn(pm.request.body.toString())} = {}) => {
    const signature = CryptoJS.HmacSHA256(
        CryptoJS.enc.Utf8.parse(requestBody),
        CryptoJS.enc.Base64.parse(signingKey)
    ).toString(CryptoJS.enc.Base64);

    pm.request.headers.add({
        key: 'X-Miva-API-Authorization',
        value: `MIVA-HMAC-SHA256 ${token}:${signature}`
    });
};

module.exports = {
    addAuthorizationHeader
};

03__package--pre-request-script.js

const miva = pm.require('@red-flare-1249/miva');
miva.addAuthorizationHeader();