Reputation: 618
OpenAPI Authentication issues - signature calculation
I am working on a project for an integration with HikCentral Professional OpenAPI.
I want to send a couple of requests to the API but I am unable to properly authenticate.
I have created partner appKey and appSecret but based on the documentation I have to also calculate X-CA-Signature with HmacSHA-256 and base64.
I am trying to do this through postman at the moment but I haven't had much luck with the pre-request scripts.
I used the following to generate the signature in JS inside postman in order to set it as a variable:
var signature = CryptoJS.HmacSHA256("secret-key").toString();
pm.environment.set("appSignature", "signature");
The above doesn't work, (probably because it is missing the base64 encoding?) although CryptoJS is a postman built-in library.
I also tried to generate the signature with Python on a separate script:
import hashlib
import hmac
import base64
secret = "secret-key"
hashed = hmac.new(secret.encode(), b"", hashlib.sha256)
digest = hashed.digest()
base64_encoded = base64.b64encode(digest).decode()
print(base64_encoded)
I have set the above encoded signature manually as a value in the headers of postman but I get timeouts in the response.
Any help would be appreciated.
Upvotes: 1
Views: 1540
Answers (2)
Reputation: 618
So, for anyone interested, I was able to resolve the issue by opening a support ticket to HikVision. They provided a PDF with detailed instructions on how to calculate the signature in Postman and they even provided a postman collection with examples.
In general you should use the following as a spre-req script in order to properly generate the signature.
var appSecret = "appSecret";
var textToSign = "POST"+"\n"+"application/json"+"\n"+"application/json;charset=UTF-8"+"\n"+"/artemis/api/resource/v1/vehicle/vehicleList";
console.log(textToSign);
var hash = CryptoJS.HmacSHA256(textToSign, appSecret);
var signature = hash.toString(CryptoJS.enc.Base64);
pm.environment.set("SIGNATURE", signature);
If anyone ever needs help again with this, ping me and I can provide all the relevant files and postman collection.
Upvotes: 1
Reputation: 524
I see in your answer that your server is hosted on 10.19.133.55, which is an IP address reserved for private networks. Since Postman runs in the cloud, it will never be able to access your local network directly.
There are some workarounds to test locally, like running postman's local enterprise application, but I would recommend using a tool like cURL to test locally. To build whatever integration/application your working on, I'd reccomend python's Requests library or node.js's axios api.
Be careful of where your code is running. If you're creating a web app, javascript will likely run in the browser, so you would need some kind of gateway to access the api on a local server.
Upvotes: 0
Related Questions
- JWT signature verification failing
- An index signature parameter type cannot be a union type. Consider using a mapped object type instead
- CryptoJS and Crypto (nodejs) won't generate the same HMAC SHA256 hash
- PHP hash_hmac to JS Hmac
- Encoding request body with HMAC sha256 and base64
- Testing API routes with HMAC-SHA256 authentication in OpenAPI (Swagger)
- How to convert this signature method from crypto (node) to crypto-js (browser)?
- Implementing HMAC-SHA256 for Keybase in Javascript