Last active
May 13, 2019 15:17
-
-
Save PassKit/d65d83a8db807921b42a0b9a296d4167 to your computer and use it in GitHub Desktop.
Pre-request script for Postman app to help make requests against the PassKit API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var apiKey = "passkit_api_key", | |
apiSecret = "passkit_api_secret"; | |
var jwtBody = { | |
"key": apiKey, | |
"exp": Math.floor(new Date().getTime() / 1000) + 30, | |
"iat": Math.floor(new Date().getTime() / 1000), | |
"url": request.url, | |
"method": request.method | |
}; | |
if (request.hasOwnProperty("data") && request.data !== null && request.data.length > 0) { | |
jwtBody.signature = CryptoJS.SHA256(request.data).toString(CryptoJS.enc.Hex); | |
} | |
postman.setEnvironmentVariable('jwt', "PKAuth " + generateJWT(jwtBody, apiSecret)); | |
function generateJWT(body, secret) { | |
header = { | |
"alg": "HS256", | |
"typ": "JWT" | |
}; | |
var token = []; | |
token[0] = base64url(JSON.stringify(header)); | |
token[1] = base64url(JSON.stringify(body)); | |
token[2] = genTokenSign(token, secret); | |
return token.join("."); | |
} | |
function genTokenSign(token, secret) { | |
if (token.length != 2) { | |
return; | |
} | |
var hash = CryptoJS.HmacSHA256(token.join("."), secret); | |
var base64Hash = CryptoJS.enc.Base64.stringify(hash); | |
return urlConvertBase64(base64Hash); | |
} | |
function base64url(input) { | |
var base64String = btoa(input); | |
return urlConvertBase64(base64String); | |
} | |
function urlConvertBase64(input) { | |
var output = input.replace(/=+$/, ''); | |
output = output.replace(/\+/g, '-'); | |
output = output.replace(/\//g, '_'); | |
return output; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment