Cloud Confusing

Explaining hosting, AWS, Wordpress, static sites, and all manner of cloud solutions.

This article will cover some of the initial features you should learn how to use once you get past the absolute basics of Postman. It’s a super useful tool for developments, QA, data scientists, and product managers, so it’s worth digging into. In this article we’ll bypass the basics and get into some of what you’ll want to learn as you dig into the tool.

What is Postman?

If you work with a lot of APIs then Postman is a great tool to use. Postman does a lot of things, but for the purpose of this article it is a desktop client that can submit HTTP requests to RESTful APIs. It’s often used as a convenient tool for testing, learning, and documenting APIs. Postman has a web component, which will save your your work to the web and allow of easy backup and sharing. There are other uses as well, like scheduled runs of API queries and the ability to intercept HTTP requests.

Postman is an Electron app on the desktop and can be used as a Chrome extension as well.

What is a Pre-Request Script and When Do I Need One?

You’ll need to submit some sort of dynamic element, perhaps an MD5 signature or timestamp in a request header, which means simply adding a parameter isn’t going to get the job done (at least not for long). So how do you do this?

The first thing you’ll want to know about is Pre-Request Scripts. This is simply a snippet of javascript code that Postman runs before your request. Sounds useful right?

The results of the JS code you create can be turned into variable that can then be added to your HTTP requests, in URLs, in params, etc. using {{ }} and the appropriate variable.

An example flow of this would be that you are provided with a set of initial values (API key, target directories, etc.) which can be used to create environmental variables. These can keep your request URLs clean or make requests more dynamic. Environmental variables can also be fed into pre-request scripts, say if you needs to submit a has of your secret and a timestamp for validation.

How To Compute an MD5 Hash in Postman

This is one of the first things most people want to learn once they start to work with more secure/enterprise APIs. MD5 hashing strings is not something that can be done with a native javascript command, so you’ll need to use a library to do this. The good news is that Postman has a few common libraries pre-loaded so this action is completely turnkey. In this case we’ll be using CryptoJS. (LoDash and cheerio are both included as well, if you were curious.)

The basic action we’ll be taking to hash your inputs is this:

var input1 = one
var input2 = two
var hash = CryptoJS.MD5(input1 + input2).toString();
postman.setEnvironmentVariable('hash', hash);

And then in your GET request you can simply input {{hash}} in order to get the value you need in there! That said, this method doesn’t really do anything for you until you have a dynamic value as an input. Something like this would be more helpful:

var input1 = one
var input2 = two
var now =;
var hash = CryptoJS.MD5(input1 + input2 + now).toString();
postman.setEnvironmentVariable('hash', hash);

Now we have a proper pre-request script that is serving a function. will return the millisecond time as a variable, which will mean a hash that changes every time you send a request.

Also note the console.log at the end. This is how you can check to make sure your hash is updating as it should. Postman is essentially a web app (it’s built with Electron) so a proper Chrome console is supported. Just go to View > Show Dev Tools and you’ll be able to see your console. Your js logs will show up there so you can review anything you’d like to log.

November 4th, 2018

Posted In: Web Development

Tags: , ,

© 2022 | Privacy Policy | About | UTM Creator | CVE Reporting