Authenticating a API Request using the HASH node

Hi there,
I’m trying to generate a signature for an API authentication.
I have successfully tested it on Postman with a script supplied by the third party app, here is their script:

var message = request.url;

message = message.replace("{{appKey}}", pm.variables.get('appKey'));
message = message.replace("{{accessKey}}", pm.variables.get('accessKey'));
message = message.replace("{{subdomain}}", pm.variables.get('subdomain'));

//	Remove the protocol part
if (message.indexOf("http://") === 0) {
    message = message.substring("http://".length);
} else if (message.indexOf("https://") === 0) {
    message = message.substring("https://".length);

var mac = CryptoJS.HmacSHA256(message, pm.variables.get('secretKey'));
var encodedMac = CryptoJS.enc.Hex.stringify(mac).toLowerCase();

pm.environment.set('auth', encodedMac);

I’m using the HASH node to replicate this but so far I’m only getting and error with “Invalid credentials provided”.
Here is a screenshot of my hash node:

Note that in the data template variable, I have removed the protocol part of my url. I have also tried to lowercase the hash response with a STRING node without success either.

Here is the thrid party app doc about authentication.

Hi Jules,

I don’t have access to a Fiix account (I actually created one but the free version did not come with API access) and I don’t have access to your account so I’ll try my best to help with the questions below.

The overall question is at what point is your Losant workflow not producing the same output as the code you are using in Postman? A couple questions to hopefully help us answer this overall question are below.

  1. Does the URI (with protocol) in Losant match your Postman code output for the URI (with protocol)?
  2. Does the URI (without protocol) in Losant match your Postman code output for the URI (without protocol)?
  3. Does the output of the Hash Node match your Postman code output (I think it was named encodedMac)?
  4. Is the secret identical?
  5. Are you properly putting the output from the Hash Node as a HTTP Header named Authorization in the HTTP Node?
  6. Are you using the same headers that are specified in Postman in the HTTP Node?

From the screenshot above, it looks like you are using the Hash Node properly.


Thanks @Kevin_Niemiller!
Yes for all 6 points.
I looked into it a bit further and it seems that the http node request does not like the combination of string + variable in the URL template:
I went from this:

to this by adding the https:// into the {{working.request.url)):


and now it works fine.