HMAC-SHA256 method to calculate the request signature

Hello, I’m trying to use the HMAC-SHA256 method to calculate the request signature, but I can’t figure out how. These are the instructions I have:

Each request must contain a minimum of 3 parameters required for authentication: user, institutionID, signature.

Signature calculation:

data = HTTP_REQUEST_METHOD + CRLF
institutionID + CRLF
RequestURI + CRLF
Dates

signature = HMAC-SHA256(data, password)

  • HTTP_REQUEST_METHOD: GET or POST
  • institutionID: institution ID in the system
  • RequestURI: requested resource (ex: “/users/”)
  • Date: CEST (UTC+2), in format YYYY-MM-DD HH:ii (current: 2023-02-13 20:19)
  • CRLF: Carriage return (char(13)) + Line feed (char(10))

Thanks in advance.

Hey there!

This request shows you how to encrypt and decrypt parameters using HMAC-SHA256:
https://www.postman.com/postman/workspace/postman-answers/request/18070393-cef8bd0f-11eb-4684-a724-f5c7a63a62d8

I’m not too sure about the rest of your instructions as they don’t seem specific to Postman, try to get it working in there and then let us know what issues you are facing. :slight_smile:

Thanks for the help, but I can’t figure out how to do it without getting the authorization faild error.

I have an example in Php of how to get the signature, if that helps:

$data =	'GET' . "\r\n" .
	'999' . "\r\n" .
	'/users' . "\r\n" .
	'2022-12-31 23:59';
$signature = hash_hmac('sha256', $data, 'password');

where is 999 - institution ID.

And the request should look like this: https://api.test.com/users?user=test&institutionID=999&signature=7e745d74b69b7f69da11deb4bc24adccb69bc28138c95947a56e35826c62e8e2