Accessing AWT Signature authentication via pm.sendRequest

🙋 Help
1

Postman supports AWS authentication when making http calls via the auth tab. Is there anyway to access this authentication method via pm.sendRequest?

I have found references to being able to use basic and digest authentication via pm.sendRequest by declaring an ‘auth’ parameter in the options object. Something similar to the following:

{
  url: host + path,
  method: 'POST',
  auth: {
    type: "basic",
    basic: {
      username: 'BASIC_USER',
      password: 'BASIC_PASS'
    }     
  }}

I have found a similar question posted in 2020, however the following post from 2023 makes me think that the AWS Signature support might have been added to postman later than that question and I am hoping that it has also been exposed to the sendRequest method.

Assuming that pm.sendRequest does now support AWS, what are the runes required to access it. I am expecting something like the following but I keep getting ‘handler not found’ errors.


auth: {
type: "aws",
"aws": {
"AccessKey": "",
"SecretKey": "",
"AWS Region": "eu-central-1",
"Service Name": "ssm",
"Session Token":""
}
2

When you use the auth tab, this will send a request that you can view in the console logs.

Check this request to see how the headers and body are created which you can then replicate using sendRequest().

3

Hi Mike, and thank you. The headers that have to be generated are hmac encodings of some secrets and the http request itself after some preprocessing to make the encoding repeatable. Information on the AWS encoding is well documented here. It is not straight forward to replicate in the postman environment and I would prefer to use the AWS Signature support within postman, if it has been exposed to sendRequest. I am hoping that it has. If not then it would be great if it was.

4

The authorization helpers do a lot of stuff in the background, and I don’t think its replicated for sendRequest().

Hopefully someone from Postman will be able to provide more information.

5

You wouldn’t be able to achieve this with pm.sendRequest(), as Mike mentioned, the auth helpers are doing a whole bunch of things in the background to make this easier.

Some auth methods can be created with pm.sendRequest() but I don’t believe that this would be one of those.

6

I just found the JavaScript code for this function in Postman.

postman-runtime/lib/authorizer/aws4.js at develop · postmanlabs/postman-runtime · GitHub

Just so we can see how complicated it is. You could in theory replicate that as a pre-request script but I wouldn’t want that task :slight_smile:

1 Like
7

You superstar Mike, that reference to the code was exactly the lead that I needed. From there I was able to find the registration of the security handlers within postman and I found that pm.sendRequest is wired up there. The following are the runes that I needed and I share incase anybody else ever requires them:

pm.sendRequest({
    url: "https://ssm.eu-central-1.amazonaws.com",
    method: "POST",
    header: {
        'Content-Type': 'application/x-amz-json-1.1',
        'X-Amz-Target': 'AmazonSSM.GetParameter'
    },
    auth: {
        type: "awsv4",
        "awsv4": {
            "accessKey": "$ACCESSKEY",
            "secretKey": "$SECRET",
            "region": "eu-central-1",
            "service": "ssm",
            "sessionToken": "$SESSION_TOKEN"
        }
    },
    body: .....
}, function (err, response) {
    ....
});

Happy days, I am so pleased that it is working. Thank you for your help everybody.

2 Likes
8

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.