1. The introduction
When you call a third party interface, you usually get ClientID and SecretKey, and then you can request the third party interface by signing. Can you do all this tedious signing with just Postman? The answer is yes. Let’s take a look at the power of Postman.
2. The service side
First, let’s look at the server validation logic shown below:
If you are careful, you may notice that I only get the Sign and Timestamp in the request, and the MasterKey is directly from the configuration. This article focuses on Postman’s interface signature, so it simplifies the server-side logic. Need to understand the interface signature design can search for learning, this article does not elaborate.
Here we can see that the interface request needs to contain x-sign and X-timestamp, and the signature rule is MD5(${masterKey}.${timestamp}). After we know the interface authentication rule, we can go forward.
3. Construct the request
Ahem, next to the main point of this article. First, take a look at Postman’s main screen:
To facilitate subsequent testing, we first add Host and MasterKey to the environment variables:
Then we complete the request mode, interface address and request Body in turn:
Ok, after filling in the content, we need to fill in the X-sign and X-timestamp in Headers:
Now the problem is, normally we need to fill in fixed content in Headers. But now the X-sign and X-timestamp we need to fill in need to be calculated. Can not directly fill in, what to do?
Before we solve this problem, I need to add some knowledge points. Here’s a look at how Postman works:
Postman has the option to execute a pre-Request script before each request is made. This gives us the opportunity to generate the data we need before the request is initiated. Without further ado, let’s open the Pre-Request Script panel in Postman:
It should be added here that pre-Request Script only supports JavaScript syntax. With that in mind, let’s go back to what we’re doing: generating x-sign and X-timestamp. We break the task down into smaller steps:
- Access to MasterKey
- Get the current timestamp
- Calculate the MD5 signature value
- Populate Headers with timestamp and signature values
The first step is very simple. Remember where we put the MasterKey? That’s right, we put MasterKey in the environment variable at the beginning, and we have a Snippet on the right side of the panel: Get an Environment variable. Click on it and you Get the statement that gets the environment variable.
The second step is not difficult either. We use date.now () to generate the current timestamp:
Then we move on to the next step. Calculate MD5?? What if JavaScript does not provide a ready-made calculation function? Postman had this in mind and built in a series of common libraries:
Now we can use the CryptoJS library to compute MD5 values:
Next, we add sign and timestamp to the variable:
Finally, we add {{timestamp}} and {{sign}} in headers:
4. Verify the result
We will issue the written request and break it on the server to see if we can get the x-sign and x-timestamp, and compare the calculated sign to see if it is consistent:
The signature result is consistent. Verification is successful!
5. To summarize
Postman is a very powerful interface tool, as he says:
Postman Makes API Development Simple.
We also learned how to perform some logical operations and modify the header before the interface request is initiated. In addition, I will give the front end students a rough understanding of how the backend interface signature design works. I’ll continue to explore some of Postman’s fun tricks to help you make better use of Postman for productivity.