...
The following environment variables must be defined in either your Collection:
Variable | Current Value |
---|---|
tc_access_id | Access ID for the API user you intend to use |
tc_secret_key | Secret Key for the API user you intend to use |
tc_auth_key | |
tc_timestamp |
In the table above, fields with a blank value are intentional and should be specified this way in the Postman configuration as well.
...
In order to authenticate with the ThreatConnect API, you must use a Pre-request Script that generates the appropriate HMAC signature required for calls. Here’s an example of a script that could be used for this purpose:
Code Block | ||
---|---|---|
| ||
// https://stackoverflow.com/a/56288336 var moment = require("moment"); var requestURI = new RegExp('(?<=https://.*)(/.*)','g').exec(pm.request.url)[0]; var requestMethod = pm.request.method; var requestTimeStamp = moment(new Date().toUTCString()).valueOf() / 1000; var signatureRawData = requestURI + ":" + requestMethod + ":" + requestTimeStamp; var signatureBytes = CryptoJS.HmacSHA256(signatureRawData,pm.collectionVariables.get("tc_secret_key")); var signatureBase64 = CryptoJS.enc.Base64.stringify(signatureBytes); var authKey = "TC " + accessid=pm.collectionVariables.get("tc_access_id") var authKey = "TC " + accessid + ":" + signatureBase64; pm.environmentcollectionVariables.set("tc_auth_key",authKey); pm.environmentcollectionVariables.set("tc_timestamp",requestTimeStamp); |
...
Within each individual request, define the following headers that will use the output of the script in the previous section:
Key | Value |
---|---|
Authorization | {{tc_auth_key}} |
Timestamp | {{tc_timestamp}} |
Specify the appropriate method for your call and, if necessary, add a JSON payload to the Body of your Request as required by the individual call. See the REST API Documentation for the specific requirements of an individual call.
...