How to authorize to API using SHA256 (Api-key, Secret, timestamp in seconds)

I’m trying to authorize to Hotelbeds API https://developer.hotelbeds.com/, but script is not working.
Requirement for authorization " To authenticate, you must send both the API Key and the X-Signature , a SHA256 hash in Hex format calculated from your API key, your secret plus current timestamps in seconds":

image1368×347 72 KB

I am using script:
var Apikey = “xxx”;
var secret = “xxx”;
var d = new Date();
var timestamp = d.getTime();
var hash = Apikey + secret + timestamp;
console.log("hash :: " + hash);
var signature = CryptoJS.HmacSHA256(request.data, hash).toString(CryptoJS.digest);
var signature = CryptoJS.SHA256(hash).toString();
pm.request.addHeader({
key: ‘X-Signature’,
value: signature
});
console.log("Signature :: " + signature)

Hey! I think the issue is that it’s looking for time in seconds and you’re providing milliseconds.

Could you try something like this in your pre-request script

let apiKey = 'yourApiKey'; // Replace with your API Key
let secret = 'yourSecret'; // Replace with your Secret
let timestamp = Math.floor(Date.now() / 1000); // Current timestamp in seconds
let hash = crypto.SHA256(apiKey + secret + timestamp).toString();
pm.environment.set('X-Signature', hash);

Then in the headers tab, add a new header using this {{X-Signature}} variable.

Also, the header key ‘Accept’ with value ‘application/json’