Reputation: 1377
Postman - Adding signature query string parameter to - PTV Timetable API (Melbourne, Victoria, Australia)
I am trying to use Postman to access the Victorian Government's Public Transport Victoria (PTV) Timetable API.
I have obtained a developer id (devid) and an API key from the API team via email.
These instructions https://www.ptv.vic.gov.au/assets/default-site/footer/data-and-reporting/Datasets/PTV-Timetable-API/60096c0692/PTV-Timetable-API-key-and-signature-document.rtf advise we need to compute:
a HMAC-SHA1 hash of the completed request (minus the base URL but including your user ID, known as “devid”) and the API key.
We must include this signature as a signature= query string parameter in the request.
I am using this code in the pre-request script:
const apiKey = 'obfiscat-edBu-tDas-hesI-nRightPosies'; // these are actually all hex digita (0-9abcdef) in my key
const devid = '1234567'; // same number of decimal digits as my devid
let path = pm.request.url.getPath();
const pathAndQueryString=`${path}?devid=${devid}`;
console.log(pathAndQueryString);
var sha1Hash = CryptoJS.SHA1(pathAndQueryString,apiKey).toString();
console.log(`Hash of '${pathAndQueryString}' is '${sha1Hash}'`);
// now save this to the postman signature variable:
pm.variables.set('signature',sha1Hash.toString());
The simplest API endpoint has no path parameters:
{{baseUrl}}/v3/route_types?devid={{devid}}&signature={{signature}}
Here is a link to the Swagger docs for the API: https://timetableapi.ptv.vic.gov.au/swagger/ui/index#/
I have set the base URL to: https://timetableapi.ptv.vic.gov.au as a collection variable.
When I send the query in postman, I get back:
{
"message": "Forbidden (403): Supplied signature is invalid for request.",
"status": {
"version": "3.0",
"health": 1
}
}
I know my devid is valid, because when I send an incorrect one, I get different message values in the response, including:
"Forbidden (403): Account for devid 12345 has been disabled. Developer account permanently removed"
and
"BadRequest (400): devid 1234555444 is invalid."
I know the signature is being received by the server, as if I omit it from the query string paramters, the message I get back is:
BadRequest (400): No signature parameter supplied in query string.
Does anyone have any advice on what else I can try to compute this HMAC-SHA1 hash, and add it to my postman request as a query string parameter?
Upvotes: 0
Views: 63
Answers (1)
Reputation: 1377
Found it! Need to use the CryptoJS.HmacSHA1() function, not the CryptoJS.SHA1() function.
This code in my pre-request script:
const apiKey = 'obfiscat-edBu-tDas-hesI-nRightPosies'; // these are actually all hex digita (0-9abcdef) in my key
const devid = '1234567'; // same number of decimal digits as my devid
let path = pm.request.url.getPath();
const pathAndQueryString=`${path}?devid=${devid}`;
console.log(pathAndQueryString);
var sha1Hash = CryptoJS.HmacSHA1(pathAndQueryString,apiKey).toString();
console.log(`Hash of '${pathAndQueryString}' is '${sha1Hash}'`);
// now save this to the postman signature variable:
pm.variables.set('signature',sha1Hash.toString());
returns this data from the {{baseUrl}}/v3/route_types?devid={{devid}}&signature={{signature}} endpoint:
{
"route_types": [
{
"route_type_name": "Train",
"route_type": 0
},
{
"route_type_name": "Tram",
"route_type": 1
},
{
"route_type_name": "Bus",
"route_type": 2
},
{
"route_type_name": "Vline",
"route_type": 3
},
{
"route_type_name": "Night Bus",
"route_type": 4
}
],
"status": {
"version": "3.0",
"health": 1
}
}
Upvotes: 0
Related Questions
- How to send query parameter values through script in postman for GET API request
- Loop Query Parameter Postman
- "TypeError: Cannot read property 'sigBytes' of undefined" error in pre-request CryptoJS script
- Signing a request with a hmacSHA25 signature in Postman using a pre-request script for NiceHash API
- Is there any way to store array/list as variable/parameter in constructing an API in Postman?
- Postman - Selective run of API Requests within the same Iteration