OpenAPI Authentication issues - signature calculation

I am working on a project for an integration with HikCentral Professional OpenAPI.

I want to send a couple of requests to the API but I am unable to properly authenticate.

I have created partner appKey and appSecret but based on the documentation I have to also calculate X-CA-Signature with HmacSHA-256 and base64.

I am trying to do this through postman at the moment but I haven’t had much luck with the pre-request scripts.

I used the following to generate the signature in JS inside postman in order to set it as a variable:

var signature = CryptoJS.HmacSHA256("secret-key").toString();
pm.environment.set("appSignature", "signature");

The above doesn’t work, (probably because it is missing the base64 encoding?) although CryptoJS is a postman built-in library.

I also tried to generate the signature with Python on a separate script:

import hashlib
import hmac
import base64

secret = "secret-key"

hashed =, b"", hashlib.sha256)
digest = hashed.digest()
base64_encoded = base64.b64encode(digest).decode()


I have set the above encoded signature manually as a value in the headers of postman but I get timeouts in the response.

Any help would be appreciated.


Any ideas? Anyone?

I would appreciate any help.