Pre-Request Script

​

How to use the pre-request script?

For Postman, simply add the given code snippet into postman pre-request script tab.

Postman Pre-Request Script:

var epoch = (new Date).getTime();
var epochSecs = Math.floor( epoch / 1000 );
pm.collectionVariables.set("epoch", epochSecs);
var data = epochSecs.toString() + environment["api_key"];
var hmacDigest = CryptoJS.enc.Hex.stringify(CryptoJS.HmacSHA512(data, environment["api_secret"]));
pm.collectionVariables.set("checksum", hmacDigest);

​

Why pre-request script is needed?

We use checksum calculation in pre-request script, It is required to authenticate the CHIP Send API. It acts as an extra layer of protection to mitigate data tampering and prevent replay attacks.

​

Pre-request script in other languages

Example Ruby code:

epoch = Time.current.to_i
application = Application.find_by(slug: "aaa")
OpenSSL::HMAC.hexdigest OpenSSL::Digest.new('sha512'), application.api_secret, "#{epoch}#{application.api_key}"

Example PHP code:

<?php

$str = '1689826456e0645c9e-fcf2-4f29-a327-202f7ed3d969';
$hmac = hash_hmac( 'sha512', $str, 'a118729e-4243-4145-83b3-0b8cb213fe8e' );

​

FAQ

Frequently asked questions regarding pre-request script.

1. Where can I get api_key and api_secret?
   For api_key, you can obtain it from the CHIP Control Applications
   For api_secret, you need to request from CHIP sales team

2. What hashing algorithm is used for pre-request script?
   The hashing algorithm used is SHA-512