Hash Creation in Postman

Hi Team,

we are using the marvel developer APIs for QA hiring purpose but we observed hash issues, who we will create the hash in the API.
You can create account from “https://developer.marvel.com/account” website if doesn’t have already.

End Point: https://gateway.marvel.com:443/v1/public/characters
Error occurred and says

To remove error, we need to give the public key as a parameter as highlighted below

When I added public key as parameter, I got the error as “hash unavailable”
Could you please suggest how we can create hash parameter

I found something from google but not exact the same

  • hash - a md5 digest of the ts parameter, your private key and your public key (e.g. md5(ts+privateKey+publicKey)
    CryptoJS.MD5(timestamp+privateKey+publicKey)

Could someone please let me know I can create hash from timestamp, private and public key.

Hey @aakashjain8693,

Welcome to the community :wave:

Actually, it asks you to send ts (timestamp) and apiKey and hash when sending requests. If the API key will be your public key hash, it should be timestamp + privateKey + publicKey as you said.

https://www.md5hashgenerator.com/ you can generate a sample hash here.

You can easily access information from this document. https://developer.marvel.com/documentation/authorization

You can hire me. I’m just kidding :sweat_smile:

Thanks, Got the missing points.
Definitely let me connect you for the hiring process :slight_smile:

Just for the reference, I created pre-request Script too.

const public1=pm.environment.get("public");
const private1=pm.environment.get("private");
const time=pm.environment.get("ts");
hash= CryptoJS.MD5(time+private1+public1).toString();
pm.environment.set('hash', hash);
console.log(hash);  

Do you have any idea why we can not go ahead with timestamp value as “{{$timestamp}}” to get the system generated values?

1 Like

This would need to be replaced with const time=pm.environment.replaceIn("{{$timestamp}}"); if you wanted to use that dynamic variable in the request.

Script as

const public1=pm.environment.get("public");
const private1=pm.environment.get("private");
const time=pm.environment.replaceIn("{{$timestamp}}");
hash= CryptoJS.MD5(time+private1+public1).toString();
pm.environment.set('hash', hash);
console.log(hash);

Nope, Error introduced as

{
    "code": "InvalidCredentials",
    "message": "That hash, timestamp and key combination is invalid."
}

Without knowing what ts was in the environment variable and why you needed to change this to {{$timestamp}} - This code doesn’t really mean anything.

The code will create something with a timestamp, using that dynamic variable.

const public1 = pm.environment.get("public"),
    private1 = pm.environment.get("private"),
    time = pm.environment.replaceIn("{{$timestamp}}"),
    hash = CryptoJS.MD5(time + private1 + public1).toString();
    
pm.environment.set('hash', hash);

console.log({time})
console.log({hash})

It feels like using something that you don’t know how to use, as a portal for hiring someone new seems strange.

Thanks @dannydainton.
Yup, Strange but org. looking into different perspective.

Anyway thanks for the solution. I was just looking for different views on ts hard code value as “1” and timestamp system generated encrypted code.