//Sign with Remote.it Http-Signature
const urlTool = require('url')
function computeHttpSignature(config, headerHash) {
let sig = 'Signature keyId="${keyId}",algorithm="${algorithm}",headers="${headers}",signature="${signature}"'
config.headers.forEach(function(h){
if (signingBase !== '') { signingBase += '\n' }
signingBase += h.toLowerCase() + ": " + headerHash[h]
const hashf = (function() {
switch (config.algorithm) {
case 'hmac-sha1': return CryptoJS.HmacSHA1
case 'hmac-sha256': return CryptoJS.HmacSHA256
case 'hmac-sha512': return CryptoJS.HmacSHA512
const hash = hashf(signingBase, config.secretkey)
const signatureOptions = {
algorithm: config.algorithm,
signature : CryptoJS.enc.Base64.stringify(hash)
Object.keys(signatureOptions).forEach(function(key) {
var pattern = "${" + key + "}",
value = (typeof signatureOptions[key] != 'string') ? signatureOptions[key].join(' ') : signatureOptions[key]
sig = sig.replace(pattern, value)
//postman version 9.0.5 doesn't allow you get length of the body in all cases. Its dependent on the body 'mode' and computed at send request
function computeContentLength(mode, body){
if (body.raw == undefined) {
return Buffer.byteLength(body.raw)
case 'graphql': return Buffer.byteLength(getModifiedBody(body.graphql))
function getModifiedBody(body) {
Object.keys(body).forEach(function (h) {
if (body[h] !== "" && body[h] !== 'undefined') modifiedBody[h]= body[h]
const modifiedBodyString = JSON.stringify(modifiedBody)
return modifiedBodyString
function replaceVariables(content) {
while(content.indexOf('{{') >= 0) {
const variableName = content.substring(content.indexOf('{{')+2, content.indexOf('}}'))
const variableValue= pm.environment.get(variableName) || pm.globals.get(variableName)
content = content.replace('{{'+variableName+'}}', variableValue)
const url = replaceVariables(request.url)
const { hostname } = urlTool.parse(url)
const accessKey = pm.environment.get('R3_ACCESS_KEY_ID') || pm.globals.get('R3_ACCESS_KEY_ID')
const accessKeySecretPreParse = pm.environment.get("R3_SECRET_ACCESS_KEY") || pm.globals.get("R3_SECRET_ACCESS_KEY")
const accessKeySecret = CryptoJS.enc.Base64.parse(accessKeySecretPreParse)
const curDate = new Date().toGMTString()
const targetUrl = url.trim().replace(new RegExp('^https?://[^/]+/'),'/') // strip hostname
const method = request.method.toLowerCase()
const contentLength = computeContentLength(pm.request.body.mode, pm.request.body)
const contentType = 'application/json'
'(request-target)' : method + ' ' + targetUrl,
'content-type': contentType,
'content-length' : contentLength
algorithm : 'hmac-sha256',
secretkey : accessKeySecret,
headers : [ '(request-target)', 'host','date', 'content-type', 'content-length' ]
const sig = computeHttpSignature(config, headerHash)
pm.request.headers.add({key: 'Authorization', value: sig})
pm.request.headers.add({key: 'Date', value: curDate})
pm.request.headers.add({key: 'content-length', value: contentLength})
pm.request.headers.add({key: 'content-type', value: contentType})
pm.request.headers.add({key: 'developerkey', value: '{{R3_DEVELOPER_API_KEY}}' })