> ## Documentation Index
> Fetch the complete documentation index at: https://docs.chip-in.asia/llms.txt
> Use this file to discover all available pages before exploring further.

# Pre-Request Script

> Pre-request script for API authentication

## How to use the pre-request script?

For Postman, simply add the given code snippet into postman pre-request script tab.

Postman Pre-Request Script:

```javascript theme={null}
var epoch = (new Date).getTime();
var epochSecs = Math.floor( epoch / 1000 );
pm.collectionVariables.set("epoch", epochSecs);
var data = epochSecs.toString() + environment["api_key"];
var hmacDigest = CryptoJS.enc.Hex.stringify(CryptoJS.HmacSHA512(data, environment["api_secret"]));
pm.collectionVariables.set("checksum", hmacDigest);
```

## Why pre-request script is needed?

We use checksum calculation in pre-request script, It is required to authenticate the CHIP Send API. It acts as an extra layer of protection to mitigate data tampering and prevent replay attacks.

## Pre-request script in other languages

Example Ruby code:

```ruby theme={null}
epoch = Time.current.to_i
application = Application.find_by(slug: "aaa")
OpenSSL::HMAC.hexdigest OpenSSL::Digest.new('sha512'), application.api_secret, "#{epoch}#{application.api_key}"
```

Example PHP code:

```php theme={null}
<?php

$str = '1689826456e0645c9e-fcf2-4f29-a327-202f7ed3d969';
$hmac = hash_hmac( 'sha512', $str, 'a118729e-4243-4145-83b3-0b8cb213fe8e' );
```

## FAQ

Frequently asked questions regarding pre-request script.

1. Where can I get `api_key` and `api_secret`?<br />
   For `api_key`, you can obtain it from the [CHIP Control Applications](https://portal.chip-in.asia/control/settings/applications) <br />
   For `api_secret`, you need to request from CHIP sales team

2. What hashing algorithm is used for pre-request script? <br />
   The hashing algorithm used is `SHA-512`