Menu
I'm trying to simulate webhook POST request to my Rails app (which works well in a real workflow) by Postman. I found lots of examples but none of them work - I keep getting a 401 code. What I did is defined headers and Pre-request Script like below:
JS as Pre-request Script based on this docs
postman.setEnvironmentVariable("hmac", CryptoJS.HmacSHA256(request.data, 'my_secret_string').toString(CryptoJS.digest));
And still I'm getting the 401 error.
The external API docs which I use to trigger webhook clearly state:
Each webhook will be sent with the X-AQID-Signature header, which is created by hashing the request's payload with the HMAC method and SHA256 algorithm, using the shared secret as salt. This means that upon receiving a payload, you can verify its integrity by replicating the hashing method.
And like I said it works well in a real life workflow so I have an error in the postman implementation. What did I missed?
822
asked Mar 23 '26 08:03
You don't need to set any environment variable, you just have to add a header from your script. I did this in a very similar case:
var signBytes = crypto.HmacSHA256(pm.request.body.raw, 'YOUR_SECRET');
var signHex = crypto.enc.Hex.stringify(signBytes);
pm.request.headers.add({
key: "HEADER_NAME",
value: signHex
});
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
