HMAC Signature Prescript generated bad signature

I am using a prescript to generate an HMAC signature of the request body, all works find except when the body is empty.

Every other tool I have tried generated the same signature of my development environment, but post man comes up with a different signature.

My PreScript is
pm.variables.set(“hmac”, CryptoJS.HmacSHA256(,pm.environment.get(“SigningKey”)).toString(CryptoJS.digest));

And my SigningKey is

My Backend Code, and Hash and HMAC calculator both say that an emtpy string should produce a signature of

But the script gives me

I found a few post that seemed to indicate I needed to use a variable for the empty string so I tried this script
x = ‘’
pm.variables.set(“hmac”, CryptoJS.HmacSHA256(x,pm.environment.get(“SigningKey”)).toString(CryptoJS.digest));

But I still get the same incorrect signature.

Any suggestions?

FYI, the script works correctly as long as there is some data in the body, my issue is just the emtpy string, I haven’t figure out any method on my backend trying null, empty string 0 byte etc. to generate the signature that postman is on an empty string

Hi @flight-observer-1467

I think your issue here is that ‘’ will return { } brackets when the payload is blank … so technically this is not an ‘empty’ payload.

Try changing the payload in the CryptoJS.HmacSHA256 function to a blank variable.

const payload = ``;
const secretKey = 'ed2eea4451174aeb9161e0cc1fdf304d4982b18497a6e2842ee3f27ea0948d28';

let hmac = CryptoJS.HmacSHA256(payload,secretKey).toString(CryptoJS.digest);


If this works, you could build a conditional statement to pass in the payload or set it to empty.

something like this:

let payload;

if(JSON.stringify( === "{}") {
    payload = ``;
} else {
    payload =

const secretKey = 'ed2eea4451174aeb9161e0cc1fdf304d4982b18497a6e2842ee3f27ea0948d28';

let hmac = CryptoJS.HmacSHA256(payload,secretKey).toString(CryptoJS.digest);


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.