Accessing API through Postman

[Robert Curlette]

I would like to access the ResourceApi through Postman with a RESTful request.  However, I have an 'invalid signature' response when querying the API.

I'm passing in 3 params:

* user: admin

* sign: 256 HSA hash using the site: https://xorbin.com/tools/sha256-hash-calculator

user=admin&do_search%26param1=+%21collection40%26param2=%26param3=%26param4=%26param5=%26param6=

* function: do_search%26param1=+%21collection40%26param2=%26param3=%26param4=%26param5=%26param6=

I'm trying to follow this example: 

https://www.resourcespace.com/knowledge-base/api/

and the API Test page gives me a result

https://me.trial.resourcespace.com/pages/api_test.php

Query: function=do_search&param1=+%21collection40&param2=&param3=&param4=&param5=&param6=

What am I doing wrong?

Thanks,

Robert

[Pedro L]

Hi Robert,

From what I see in the generation part of the HASH, you lack the value of the $private_key.

Looking like this
PRIVATE_KEYuser=USERAPI&function=do_search&param1=&param2=&param3=&param4=&param5=&param6=

And the rest works well in PostMan.

Regards.

[Muhammad Sarwar Rana]

Hi Pedro,

I have the similar issue but I am getting below message in PostMan.

Could not get any response

There was an error connecting to .

Why this might have happened:

• The server couldn't send a response:

  Ensure that the backend is working properly
• Self-signed SSL certificates are being blocked:

  Fix this by turning off 'SSL certificate verification' in Settings > General
• Proxy configured incorrectly

  Ensure that proxy is configured correctly in Settings > Proxy
• Request timeout:

  Change request timeout in Settings > General

This is the first time I am connecting to API and have been give admin permission , not too sure if it needs some additional permissions to call API? I am genrating the HASH as suggested in documenation.

Also my user name is 'Sarwar Rana'  and has space in the name, would that matter? shouldn't do but I thought just put it out there. 

Any help will be much appreciated.

Thanks

[Muhammad Sarwar Rana]

Bit of update.

I have switched off SSL Verification Off and updated my user name but its throwing error 'Invalid Signature'.

Please see attached image on original message.

Thanks

[Pedro L]

Hi Muhammad,

The only thing I can think of is that the hash you generate for API is wrong.
I've checked the steps and  postMan works.

Remember that the meaning has to be the SUM
from
User's Private API Key(black) and the query(blue) that is made (No spaces between the two parts).

And its structure is :

Example :

In this direction youcan generate the SHA-256

https://xorbin.com/tools/sha256-hash-calculator

NUMBER_PRIVATEKEY_SarwarRanauser=SarwarRana&function=do_search&param1=bollard

[Jazz Avenue Productions Kabale]

if this worked for you guys, wud you mind sharing the postman workspace link

[Jazz Avenue Productions Kabale]

can you please specify on the hash key generationg method

[danielt...@gmail.com]

Found myself setting this up today and recalled this thread. In the current version of Postman this is easily handed via a pre-request script. Here's what mine looks like in case its helpful, just be sure to replace the api_key with the actual value attached to the user sending the request and to exclude the "sign" param from the list in the params tab, or else it will be added twice.

const api_key = "apikey1234replacethis"
let querystring = pm.request.url.query.toString()
let sign = CryptoJS.SHA256(api_key+querystring).toString()

pm.request.url.query.add({key: 'sign', value: sign})

Dan