Flow & PreRequest CryptoJS.enc.Base64

Hi everybody!

Findout this great tool “Postman Flows”, but got problem with it.

I tried to use this in my project, set up authorisation chain, but i got stuck in send next request after authorisation.

In normal ways in last step in auth i get sessionkey and than in prerequest script next request i use this

// to replace all variables in {{...}} of the text object
function multiReplace(obj){
    // console.log(obj);
    if (~obj.indexOf("{{")) {
        var var1, var1End, var1Name, var1Value;
        var var1Start = -1;
        while ((var1Start = obj.indexOf("{{", var1Start + 1)) != -1) {
            var var1End = obj.indexOf("}}", var1Start) + "}}".length;
            var var1 = obj.slice(var1Start, var1End);
            var var1Name = obj.slice(var1Start, var1End).replace(/}}/, "").replace(/{{/, "").trim();
            var var1Value = pm.variables.get(var1Name);
            // console.log(var1Value);
            obj = obj.replace(var1, var1Value);

    // console.log(obj);
    return obj;

var path = pm.request.url.getPathWithQuery();
// to get post-request path
path = multiReplace(path)
// console.log("path: ", path);

var body = pm.request.body.toString();
// to get post-request body
if (body) {body = multiReplace(body)};
// console.log("body: ", body);

var crypto = CryptoJS.enc.Base64.parse(pm.variables.get("SessionKey"));
// console.log("SessionKey: ", pm.variables.get("SessionKey"));
if (body.length) {
    signature = CryptoJS.enc.Base64.stringify(CryptoJS.HmacSHA1(path + '\n' + body, crypto));
} else {
    signature = CryptoJS.enc.Base64.stringify(CryptoJS.HmacSHA1(path, crypto));
console.log("signature: ", signature);

// Setting collection and environment variables
pm.collectionVariables.set("signatureHeader", signature);

and this signatureHeader generated in every request after auth and used in Headers.

Can anybody help and explain, how i can generate and use it in Postman Flows?

Hi @kochva

This isn’t possible just yet in Flows. We don’t support updating collection or environment variables from a script and then using the value in Flows.

What I can share is that you will be able to achieve the above in the evaluate block in Flows after Post/Con (next week).

I’ll come back and update my answer here after that’s available :slightly_smiling_face:


Thanks for the answer. I’ll be looking forward to it.

Updating variables is not so important for execution (although they are convenient).
The main goal is to receive correct responses to requests with their correct execution. But the method is not so important for now.

Hi @kochva

See if this works for the crypto piece in the evaluate block using TypeScript:

const sessionKeyBytes = new TextEncoder().encode(sessionKey);
crypto.subtle.importKey("raw", sessionKeyBytes, { name: "HMAC", hash: { name: "SHA-1" } }, false, ["sign"])
    .then(cryptoKey => {
        const data = body.length ? new TextEncoder().encode(path + '\n' + body) : new TextEncoder().encode(path);
        return crypto.subtle.sign("HMAC", cryptoKey, data);
    .then(signature => {
        const signatureBytes = new Uint8Array(signature);
        const signatureHex = Array.from(signatureBytes).map(byte => {
            return ('0' + (byte & 0xFF).toString(16)).slice(-2);
        return signatureHex;

I’m making some assumptions about how your flow of things might be set up so let me know and I can adjust but this would be the general flow (placeholder requests used):

So the authorization is made, and sessionKey is returned which is used as input to the evaluate function along with the body and a path to replicate what you have above.

It looks like you’re filling in variables in your multiReplace function above, are these values constants or depend on a previous function call? There might be a way to solve it with Flows depending on the answer.