OpenAPI Authentication issues - signature calculation

I am working on a project for an integration with HikCentral Professional OpenAPI.

I want to send a couple of requests to the API but I am unable to properly authenticate.

I have created partner appKey and appSecret but based on the documentation I have to also calculate X-CA-Signature with HmacSHA-256 and base64.

I am trying to do this through postman at the moment but I haven’t had much luck with the pre-request scripts.

I used the following to generate the signature in JS inside postman in order to set it as a variable:

var signature = CryptoJS.HmacSHA256("secret-key").toString();
pm.environment.set("appSignature", "signature");

The above doesn’t work, (probably because it is missing the base64 encoding?) although CryptoJS is a postman built-in library.

I also tried to generate the signature with Python on a separate script:

import hashlib
import hmac
import base64

secret = "secret-key"

hashed = hmac.new(secret.encode(), b"", hashlib.sha256)
digest = hashed.digest()
base64_encoded = base64.b64encode(digest).decode()

print(base64_encoded)

I have set the above encoded signature manually as a value in the headers of postman but I get timeouts in the response.

Any help would be appreciated.

Thanks!

Screenshot 2023-07-06 at 10.23.37 PM1571×1264 258 KB

Any ideas? Anyone?

I would appreciate any help.

Thanks!

Hi, also working on HikVision API, I can’t seem to get the signature thing correct. I wanted to comment on your stackoverflow solution so that I can have a look since you said they sent you a collection on how to generate and authenticate.

Hi,

Yes, I was actually able to resolve it by using instructions Hik has shared with me, including the signature calculation as well as the postman collection.

Please, send me a pm to share a dropbox link with you, as I am unable to upload PDFs and Zip files here and in the meantime check this here as well:

https://www.postman.com/elbert1990/hki-hik-api/collection/ntf0ruw/hcp-openapi

Might prove helpful.