Ensure same Guids and IsoTimeStamps pre and post request

qfyra · March 29, 2021, 1:40pm

Assume that I need to POST a raw json body containing a random {{$guid}} and the current {{$isoTimestamp}}.

Assume also that I need to hash that very same body using e.g. CryptoJS.MD5() as part of a larger HMAC authentication scheme where the remote API will also perform the same MD5 hash and compare it to the hash of the incoming request.

Given that I can use pm.variables.replaceIn(pm.request.body) to “resolve” both the {{$guid}} and the {{$isoTimestamp}} in the pre-request script, and use the result to generate the MD5 hash, how can I ensure that the exact same {{$guid}} and {{$isoTimestamp}} that are used in the pre-request script are also used in the actual request?

Right now, it seems Postman (v8) just generates another {{$guid}} and {{$isoTimestamp}}, which of course makes the authentication fail due to different MD5 hashes.

pranavdavar · March 29, 2021, 4:38pm

Hi @qfyra, Welcome to the community!

A better way would be to save the random values to environment/globals/collection variables and use them later in the request body.

In the below example, I have assigned the values to global variables in the pre-request script.

const c_guid=pm.variables.replaceIn("{{$guid}}");

pm.globals.set("c_guid",c_guid);

const c_isotimestamp=pm.variables.replaceIn("{{$isoTimestamp}}");

pm.globals.set("c_isotimestamp",c_isotimestamp);

console.log(pm.variables.replaceIn(pm.request.body));

console.log(c_guid);

console.log(c_isotimestamp);

Once the above variables are set, they will not change and the postman will not override the random values.

Hope this helps

qfyra · March 30, 2021, 1:43pm

Very good, thank you. I ended up doing this in the pre-request script:

var randomGuid = pm.variables.replaceIn("{{$guid}}");
var dateTimeNow = pm.variables.replaceIn("{{$isoTimestamp}}");
var aYearFromNow = new Date();
aYearFromNow.setFullYear(aYearFromNow.getFullYear() + 1);
pm.variables.set("randomGuid", randomGuid);
pm.variables.set("dateTimeNow", dateTimeNow);
pm.variables.set("aYearFromNow", aYearFromNow.toISOString());

if (pm.request.body && !pm.request.body.isEmpty()) {
    var body = pm.variables.replaceIn(pm.request.body);
    var md5 = CryptoJS.MD5(body.toString());

And this in the Postman request body:

{
   "Name": "PM Test {{randomGuid}}",
   "StartDate": "{{dateTimeNow}}",
   "SubscriptionExpiryDate": "{{aYearFromNow}}"
}

Seems to be working as I intended. I get a new guid and new datetimes per request, and it is the same guid and timestamps that are used for the MD5 hash.

All good.

Topic		Replies	Views
Get body variables from Pre-Request Script Ask the Experts and Postman Tips pre-request-script , body-parameters	8	59165	August 24, 2023
Is there a way to ensure Data Variables are assigned prior to the Pre-Request Script executing? Ask the Experts and Postman Tips variables , scripts , csvdatafile	5	3225	December 16, 2018
HMAC-SHA256 digest construction using Current date on a GET request Ask the Experts and Postman Tips tests , variables , authentication	0	1733	July 5, 2021
Use Environment.Set Variable in URL and Body Ask the Experts and Postman Tips variables	3	7087	November 25, 2020
Pre-Request Script Need Actual Body for Hashmac calculation Ask the Experts and Postman Tips variables , json , request-body	7	1012	January 31, 2024

Ensure same Guids and IsoTimeStamps pre and post request

Related topics