5/16/2023 0 Comments Postman scriptIt allows for adding dynamic behavior to request execution. Pre-request scripts are logic or piece of code that are guaranteed to execute before the request execution begins. If there is any script/logic added as a part of the pre-request script that gets executed first following which the actual request execution takes place and once the response is received, the tests or the post request scripts get executed. The pre-request script is the entry point for request execution in Postman. Refer to the below figure to understand Postman Request Flow. The scripts are nothing but Javascript code that the Postman sandbox understands and executes as desired. Postman has a powerful runtime which is Node JS based that allows adding scripting capabilities before and after request execution. Using Pre-Request & Post-Request Scripts With Collectionsįirst, let’s try to understand how Postman enables or allows the pre and test scripts to get executed in the context of request execution.And it will be needed to run it again every time the access token has expired. Now the Postman request is ready to be run. Var sJWT = (header.alg, sHeader, sPayload, prvKey) "exp" : Math.ceil(expirationTimeSeconds), Var expirationTimeSeconds = timestamp/1000 + 3600 Var issuedAtTimeSeconds = timestamp/1000 Var timestamp = new Date() // The current time in milliseconds Var navigator = // Fake a window object for the libĮval(pm.environment.get("jsrsasign")) // Import JavaScript jsrsasign Loading the jsrsasign library into Postman Sandbox I’ll create another environment variable, jwk, to store (in Base64 format) the private key for the app, which is generated in your DocuSign account on the Apps and Keys page.įor this example, some values are directly hard-coded in the assertion body (including iss, sub, aud, and scope), but you could also use environment variables to implement them, of course. Then I’ll create an environment variable, jsrsasign, with its value assigned from the library content: I'll use the open-source free JavaScript cryptography library jsrsasign. The request returns the JWT access token through the Docusign REST API “POST and assigns it to an environment variable accessToken: Step 2: Embed the crypto library and private key in environment variables This request takes as input the encoded assertion that I must provide: I’ll use the already-implemented Postman request “Docusign REST API > Authentication > 02 JWT Access Token” available in the DocuSign Postman collections. Step 1: Start with the DocuSign Postman Collections I’ll also embed a JavaScript cryptography library inside a variable value, allowing me to import crypto functions that I will use to handle the private key and create the encoded assertion. The solution I’m describing in this post uses pre-request scripts in Postman to execute JavaScript before the HTTP API request runs. ĭevelopers need a straightforward way to generate the access token directly in Postman without having to juggle with another tool. Then the token value is copied into Postman against the API function to be run, using the header: Authorization: Bearer. At the moment, to make the JWT Grant authorization flow work with Postman, developers often resort to generating the access token using an SDK, or sometimes manually using Curl functions. This raises an awkward development scenario. Many of those same developers choose the JSON Web Token (JWT) Grant authentication flow to replace legacy authentication methods, based on the X-Docusign-Authentication header, in their existing DocuSign apps because legacy authentication will soon no longer be supported. Postman is a collaboration platform for API development used by many DocuSign developers to test Docusign API functions in demo environments.
0 Comments
Leave a Reply. |