How to Get the Real Value of Dynamic Parameters and Encrypt Them?
During the process of making API requests, it is common to convert referenced variables into actual request data. However, some high-security level APIs may require the request data to be encrypted or signed. In such cases, the requesting party needs to sign the complete request data before sending the encrypted data to the server.
To ensure API encryption and signing, it is recommended to use a professional signature algorithm or encryption library to encrypt the entire request data before initiating the request. Apidog provides a convenient solution by allowing you to perform this signing process in the "Pre-request Script" section, ensuring compliance with the API's security requirements.
Setting Up Pre-request Script
The system includes a default built-in "Variable Replacement" step in the pre-request script for all APIs. This step converts all referenced variables in the API request parameters, including dynamic values and mock request parameters, into their actual request data.
Adding Custom Script
In the pre-request script, you can add a custom script that utilizes built-in libraries or calls encryption/signature programs written in other languages.
Example Code:
var Base64={_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",encode:function(e){var t="";var n,r,i,s,o,u,a;var f=0;e=Base64._utf8_encode(e);while(f<e.length){n=e.charCodeAt(f++);r=e.charCodeAt(f++);i=e.charCodeAt(f++);s=n>>2;o=(n&3)<<4|r>>4;u=(r&15)<<2|i>>6;a=i&63;if(isNaN(r)){u=a=64}else if(isNaN(i)){a=64}t=t+this._keyStr.charAt(s)+this._keyStr.charAt(o)+this._keyStr.charAt(u)+this._keyStr.charAt(a)}return t},decode:function(e){var t="";var n,r,i;var s,o,u,a;var f=0;e=e.replace(/[^A-Za-z0-9+/=]/g,"");while(f<e.length){s=this._keyStr.indexOf(e.charAt(f++));o=this._keyStr.indexOf(e.charAt(f++));u=this._keyStr.indexOf(e.charAt(f++));a=this._keyStr.indexOf(e.charAt(f++));n=s<<2|o>>4;r=(o&15)<<4|u>>2;i=(u&3)<<6|a;t=t+String.fromCharCode(n);if(u!=64){t=t+String.fromCharCode(r)}if(a!=64){t=t+String.fromCharCode(i)}}t=Base64._utf8_decode(t);return t},_utf8_encode:function(e){e=e.replace(/rn/g,"n");var t="";for(var n=0;n<e.length;n++){var r=e.charCodeAt(n);if(r<128){t+=String.fromCharCode(r)}else if(r>127&&r<2048){t+=String.fromCharCode(r>>6|192);t+=String.fromCharCode(r&63|128)}else{t+=String.fromCharCode(r>>12|224);t+=String.fromCharCode(r>>6&63|128);t+=String.fromCharCode(r&63|128)}}return t},_utf8_decode:function(e){var t="";var n=0;var r=c1=c2=0;while(n<e.length){r=e.charCodeAt(n);if(r<128){t+=String.fromCharCode(r);n++}else if(r>191&&r<224){c2=e.charCodeAt(n+1);t+=String.fromCharCode((r&31)<<6|c2&63);n+=2}else{c2=e.charCodeAt(n+1);c3=e.charCodeAt(n+2);t+=String.fromCharCode((r&15)<<12|(c2&63)<<6|c3&63);n+=3}}return t}}
var ID = pm.request.headers.get("ID");
var Password = pm.request.headers.get("Password");
console.log(ID)
console.log(Password)
//var ID=pm.globals.get('ID');
//var Password=pm.globals.get('Password');
var Timestamp=Date.now();
// custom stringsA
var Ciphertext = ID+Password+Timestamp;
// encrypt
var encodedString = Base64.encode(Ciphertext);
pm.globals.set('Timestamp',Timestamp);
pm.globals.set('Ciphertext',encodedString);
console.log(encodedString); // export: "SGVsbG8gV29ybGQh"
console.log(Ciphertext)
Please refer to the Apidog's Handle API Signatures for more script examples.
Adjusting Script Order
The order in which scripts run determines the processing effect on the request data. You can rearrange the order of scripts by dragging and dropping them.
Running the Script
The following example demonstrates the console details after running the script, focusing on Mock parameters.
If the "Custom Script" is placed after the "Variable Substitution" step, the signature script can obtain the actual request data after variable replacement and encrypt it accordingly.
If the "Custom Script" is placed before the "Variable Substitution" step, the signature script will be executed first, followed by the "Variable Replacement" step.
Custom operations, such as setting variables using scripts, should be placed before the "Variable Substitution" step. Otherwise, variables set by the script will not take effect in the actual request parameters of the current API.