【postman】authorization 鉴权接口鉴权方式&hmac验签

1、authorization BASIC
2、Bearer Token(Token 令牌)
3、hmac验签

const date = new Date().toGMTString();
const accessKey = pm.environment.get(“gatWayAk”);
const secretKey = pm.environment.get(“gatWaySk”);
const method = request.method;

let param = {};
const queryParams = pm.request.url.query;
queryParams.each(item => {
if (!item.disabled) {
param[item.key] = item.value;
}
});
let keys = [];
for (let key in param) {
keys.push(key);
}
keys.sort();
let paramPair = [];
for (let i = 0, len = keys.length; i < len; i++) {
let k = keys[i];
paramPair.push(k + ‘=’ + encodeURIComponent(param[k]));
}

const paramSignTemp = paramPair.join(‘&’);
const urlSignTemp = ‘/’+pm.environment.get(“serviceName”)+“/”+ pm.request.url.path.join(‘/’);

const stringSignTemp = ${method}\n${urlSignTemp}\n${paramSignTemp}\n${accessKey}\n${date}\n;

const sign = CryptoJS.enc.Base64.stringify(CryptoJS.HmacSHA256(stringSignTemp, secretKey));

pm.request.headers.add({
key: ‘X-DATE’,
value: date
});
pm.request.headers.add({
key: ‘X-HMAC-SIGNATURE’,
value: sign
});
pm.request.headers.add({
key: ‘X-HMAC-ACCESS-KEY’,
value: accessKey
});
pm.request.headers.add({
key: ‘X-HMAC-ALGORITHM’,
value: ‘hmac-sha256’
});

注意：放在pre-request，不是post-response

验签脚本如下：可以设置环境变量如下