Authenticating a API Request using the HASH node

Jules_Huguenin · October 5, 2022, 12:51am

Hi there,
I’m trying to generate a signature for an API authentication.
I have successfully tested it on Postman with a script supplied by the third party app, here is their script:

//HTTP-HMAC-POSTMAN
var message = request.url;

message = message.replace("{{appKey}}", pm.variables.get('appKey'));
message = message.replace("{{accessKey}}", pm.variables.get('accessKey'));
message = message.replace("{{subdomain}}", pm.variables.get('subdomain'));

//	Remove the protocol part
if (message.indexOf("http://") === 0) {
    message = message.substring("http://".length);
} else if (message.indexOf("https://") === 0) {
    message = message.substring("https://".length);
}


console.log(message);
var mac = CryptoJS.HmacSHA256(message, pm.variables.get('secretKey'));
var encodedMac = CryptoJS.enc.Hex.stringify(mac).toLowerCase();

pm.environment.set('auth', encodedMac);

I’m using the HASH node to replicate this but so far I’m only getting and error with “Invalid credentials provided”.
Here is a screenshot of my hash node:

Note that in the data template variable, I have removed the protocol part of my url. I have also tried to lowercase the hash response with a STRING node without success either.

Here is the thrid party app doc about authentication.

Kevin_Niemiller · October 5, 2022, 1:45pm

Hi Jules,

I don’t have access to a Fiix account (I actually created one but the free version did not come with API access) and I don’t have access to your account so I’ll try my best to help with the questions below.

The overall question is at what point is your Losant workflow not producing the same output as the code you are using in Postman? A couple questions to hopefully help us answer this overall question are below.

Does the URI (with protocol) in Losant match your Postman code output for the URI (with protocol)?
Does the URI (without protocol) in Losant match your Postman code output for the URI (without protocol)?
Does the output of the Hash Node match your Postman code output (I think it was named encodedMac)?
Is the secret identical?
Are you properly putting the output from the Hash Node as a HTTP Header named Authorization in the HTTP Node?
Are you using the same headers that are specified in Postman in the HTTP Node?

From the screenshot above, it looks like you are using the Hash Node properly.

-Kevin

Jules_Huguenin · October 5, 2022, 7:23pm

Thanks @Kevin_Niemiller!
Yes for all 6 points.
I looked into it a bit further and it seems that the http node request does not like the combination of string + variable in the URL template:
I went from this:

to this by adding the https:// into the {{working.request.url)):

and now it works fine.
Cheers
Jules

Topic		Replies	Views
Please let me know how to call a AWS REST API from Losant using Access Key and Secret Key ? Also please explain the header signature generator process Help rest-api , aws	7	433	July 26, 2022
CryptoJS API supported or not? Feature Request	5	950	September 17, 2020
Losant API Node trouble Help workflow	2	427	October 29, 2021
What type of data send the http node post? Help http	4	596	March 7, 2022
Talk2M api using http block Help	4	778	November 6, 2018

Authenticating a API Request using the HASH node

Related Topics