Here you can find pre-request script examples on how to sign Merchant Initiate payment request. You can upload these samples in Postman and start testing. You can upload below sample in Setting parameters Test section.
/* this example is using postman-util-lib library (https://joolfe.github.io/postman-util-lib), copywrited by joolfe and licensed under MIT License:
Copyright (c) 2019 joolfe
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
*/
pm.test("Status code should be 200", function () {
// Delete all enviroment variables
//pm.environment.clear();
// Download postman-util-lib library for crypto
pm.response.to.have.status(200)
pm.environment.set("pmlib_code", responseBody)
eval(pm.environment.get('pmlib_code'))
//setting Basic Auth header for smoother response sample management
let BasicAuthPlain = pm.environment.get("ClientId") + ":" + pm.environment.get("ClientSecret");
let BasicAuthEncrypted = CryptoJS.enc.Base64.stringify(CryptoJS.enc.Utf8.parse( BasicAuthPlain));
pm.environment.set("BasicAuth", "Basic " + BasicAuthEncrypted);
//console.log(`Encoded value: ${pm.environment.get("BasicAuth")}`);
// Test to make sure that the private key is valid
pm.test("Private key should be valid", function () {
const errorMsg = "Please check your private key (SignaturePrivateKey) that is set in __Set parameters Pre-request script."
const privateKey = pm.environment.get('SignaturePrivateKey') || '';
try {
var sig = new pmlib.rs.KJUR.crypto.Signature({"alg": "SHA256withRSA"});
sig.init(privateKey);
var hash = sig.signString("test");
var testSignature = CryptoJS.enc.Base64.stringify(CryptoJS.enc.Hex.parse(hash));
} catch(e) {
console.log(e);
console.error(errorMsg);
pm.expect.fail(errorMsg);
}
});
});
After that, you can upload below sample to Pre-request script section.
//*************** PLEASE SET YOUR PARAMETERS BELOW ***************
// Merchant 2048 bit Private Key (Insert your private key here)
pm.environment.set("SignaturePrivateKey",
"-----BEGIN RSA PRIVATE KEY-----\n" +
"MIIEpQIBAAKCAQEAz4geWRDv5Yv2b3PmHjbqtNIZmoMGyqXHCUSd2ms7dktT56Jv\n" +
"[...]\n" +
"[...]\n" +
"[...]\n" +
"[...]\n" +
"[...]\n" +
"ZcMUYN/SsgE+sQ7Wcgny+pSHxOUVfyVlcnmYOTnRyf+1SjhTjZWOj0c=\n" +
"-----END RSA PRIVATE KEY-----");
pm.environment.set("ClientId", "ClientId from Dev App properties" );
pm.environment.set("ClientSecret", "ClientSecret from DevApp properties" );
pm.environment.set("ClientBrandId", "BrandId from your Merchant profile" );
pm.environment.set("RedirectUrl", "https://your.callback/url" );
// STAGE endpoints
pm.environment.set("baseUrlBackend", "api-stage" );
pm.environment.set("baseUrlPublic", "api2-stage" );
// PROD endpoints
//pm.environment.set("baseUrlBackend", "api" );
//pm.environment.set("baseUrlPublic", "api2" );
//****************************************************************
For more details see RFC-7617 .
When you’ll upload Initiate payment API structure, you can add Pre-request script below:
if (pm.environment.get('pmlib_code') == null || pm.environment.get('pmlib_code').length < 100) {
console.error("Please run __Set parameters script first");
throw new Error("Please run __Set parameters script first");
}
// Loading the library
eval(pm.environment.get('pmlib_code'))
// Get private key and request body hash
const privateKey = pm.environment.get('SignaturePrivateKey') || ''; // RSA 2048 or 4096 bit private key "-----BEGIN RSA PRIVATE KEY-----..." generated locally
const reqMethod = pm.request.method.toString().toLowerCase(); // Get request method POST, GET, etc...
const reqUrl = pm.variables.replaceIn(pm.request.url).toString().toLowerCase().split("//")[1]; // Get URL, fill in Postman variables and remove "https://"
const reqBody = pm.variables.replaceIn(pm.request.body).toString() // Get request body and fill in Postman variables
const reqBodyMinified = reqBody.replace(/\s+/g, ''); // Remove spaces, newlines, etc. from request body
pm.request.body.update(reqBody); // Update request body with postman variables to prevent possible signature issues.
const dataToSign = reqMethod + "|" + reqUrl + "|" + reqBodyMinified;
//console.log('Data to sign: ' + dataToSign)
var sig = new pmlib.rs.KJUR.crypto.Signature({"alg": "SHA256withRSA"});
sig.init(privateKey);
var hash = sig.signString(dataToSign);
const signature = CryptoJS.enc.Base64.stringify(CryptoJS.enc.Hex.parse(hash));
pm.environment.set("RequestSignature", signature)
//console.log('Merchant API signature: ' + signature);
And then you can add similar test as below:
if (pm.response.code === 201) {
var jsonData = JSON.parse(responseBody);
pm.environment.set("PaymentId", jsonData.payment.paymentId);
If you feel that more help is needed, please contact our support at [email protected] .