Error of authorized to access this resource on postman

Your question may already have an answer on the community forum. Please search for related topics, and then read through the guidelines before creating a new topic.

Here’s an outline with best practices for making your inquiry.

I’m using postman for an api request. My question is; I’m getting an error when I made one of the variables random.

For example when I sent request this link;

it is working. But when I change with this;{{transactionId}}

I’m getting this error; “You are not authorized to access this resource”

In my collection pre-request script;

var apiKey = pm.collectionVariables.get("API-KEY");
var apiSecret = pm.collectionVariables.get("API-SECRET");

var nonce = _.random(1, 50000000);
var signature = pm.request.method + "\n" + pm.request.url.getPath() + "\n" + nonce + "\n";
var hash = CryptoJS.HmacSHA256(signature, apiSecret).toString();

pm.request.headers.add("AUTHENTICATION: HMAC " + apiKey + ":" + hash + ":" + nonce);

I added this in collection pre-request script or request in pre-request script I’m getting error;

var random = Math.floor(Math.random() * 10);

If it works when it’s not randomised, then it sounds like the issue is with {{transactionId} rather than the authorisation per se as it works when the transaction ID is hardcoded into the URL.

What does the console log look like for the request?
Is it actually adding the number to the request?

It might be that you have set the transactionID as a local variable, which means its only available within that script.

Change it to a collection variable so it’s available for the whole collection and see if that works.


Actually, the request running first before script like this:{{transactionId}}

Then it fills the transactionId field. That’s why the error is coming.

Same error it’s coming.

Do you see signature? Normally transaction id have to fill before this.


That is the icon for “enter key” … make sure you are not passing this in your variables, it could be what is causing you issues.

(Usually caused by copy/paste)

var signature = pm.request.method + “\n” + pm.request.url.getPath() + “\n” + nonce + “\n”;

it’s about \n. Our hmac calculation formula like this. Already if I send a fixed value for transaction_id it’s working.

And I think question is how to change url of request in collection pre- request script? Because hmac calculation is in the collection pre request script. So the flow is starting there. For this reason it’s coming like this {{transaction_id}}. But I have to set on request url a random number in collection pre-request script before send a request.

Change your signature line to this;

var signature = pm.request.method + "\n" + pm.request.url.getPath().slice(0,-17) + random + "\n" + nonce + "\n";

This will trim the “{{transactionId}}” (17 characters) which is being passed as a string because the action to save the value hasn’t happened yet. It then adds ‘random’ which is the same value you are planning to store to the ‘transactionId’ variable.

1 Like

Hi, it worked, thank you! Also I added this code;

var transaction_id = _.random(1, 50000000);
var signature = pm.request.method + "\n" + pm.request.url.getPath().slice(0,-17) + transaction_id + "\n" + nonce + "\n";