Using Postman with Lingk APIs

You can use Postman to test Lingk API calls before embedding them into Lingk recipes or into your application.

Example configuration of an HTTP POST to the Lingk Event REST API

In an environment, create the following variables:

  • client-key

  • client-secret

The values for client-key and client-secret from your Lingk Workspace's "Overview" > "Settings" tab.

The Pre-request Script for Lingk Auth

function computeHttpSignature(config, headerHash) {
  var template = 'keyid="${keyId}",algorithm="${algorithm}",headers="${headers}",signature="${signature}"',
      sig = template;

  console.log(template); 
  console.log(headerHash); 

  // compute sig here
  var signingBase = '';
  config.headers.forEach(function(h){
    console.log(h);
    if (signingBase !== '') { signingBase += '\n'; }
    signingBase += h.toLowerCase() + ": " + headerHash[h];
  });

  console.log(signingBase); 

  var hashf = (function() {
      switch (config.algorithm) {
        case 'hmac-sha1': return CryptoJS.HmacSHA1;
        case 'hmac-sha256': return CryptoJS.HmacSHA256;
        case 'hmac-sha512': return CryptoJS.HmacSHA512;
        default : return null;
      }
    }());

  console.log("hashAlgorithm: " + config.algorithm);

  var hash = hashf(signingBase, config.secretkey);

  console.log("hash: " + hash);

  var signatureOptions = {
        keyId : config.keyId,
        algorithm: config.algorithm,
        headers: config.headers,
        signature : encodeURIComponent(CryptoJS.enc.Base64.stringify(hash))
      };

  console.log(signatureOptions); 

  // build sig string here
  Object.keys(signatureOptions).forEach(function(key) {
    var pattern = "${" + key + "}",
        value = (typeof signatureOptions[key] != 'string') ? signatureOptions[key].join(' ') : signatureOptions[key];
    sig = sig.replace(pattern, value);
  });
   console.log(sig); 

  return sig;
}


var curDate = new Date().toUTCString();
var targetUrl = request.url.trim(); // there may be surrounding ws
targetUrl = targetUrl.replace(new RegExp('^https?://[^/]+/'),'/'); // strip hostname
var method = request.method.toLowerCase();
var sha256digest = CryptoJS.SHA256(request.data);
var base64sha256 = CryptoJS.enc.Base64.stringify(sha256digest);
var computedDigest = 'sha-256=' + base64sha256;

var headerHash = {
      date : curDate,
      '(request-target)' : method + ' ' + targetUrl
    };

var config = {
      algorithm : 'hmac-sha1',
      keyId : environment['client-key'],
      secretkey : environment['client-secret'],
      headers : [ 'date', '(request-target)'  ]
    };

var sig = computeHttpSignature(config, headerHash);

postman.setEnvironmentVariable('httpsig', sig);
postman.setEnvironmentVariable("current-date", curDate);

Troubleshooting

When the API response is an HTTP 410 "Clock skew outside of acceptable bounds", you may be behind a proxy server which filters the "Date" header. Therefore add an "x-aux-date" header and apply the same date header variable.

PreviousLingk REST APIsNextEvents & Webhooks

Last updated