Calculation of Signature

Here is a great doc on the Request Signature that will help.

Alternatively here is our sample Postman Collection that you can download and look at the Pre-request Script.

var timestamp = (Math.floor(new Date().getTime() / 1000) - 10).toString();
postman.setGlobalVariable("rapyd_request_timestamp", timestamp);

var signature_salt = CryptoJS.lib.WordArray.random(12);
postman.setGlobalVariable("rapyd_signature_salt", signature_salt);

var body = '';
if (JSON.stringify( !== '{}' && !== '' && typeof !=='object' ){
body = JSON.stringify(JSON.parse(;

var secret = pm.environment.get('rapyd_secret_key');
var to_sign = request.method.toLowerCase() + request.url.replace('{{base_uri}}','/v1') + signature_salt + timestamp + pm.environment.get('rapyd_access_key') + secret + body;

console.log("to_sign " + to_sign);
var rapyd_signature = CryptoJS.enc.Hex.stringify(CryptoJS.HmacSHA256(to_sign, secret));
rapyd_signature = CryptoJS.enc.Base64.stringify(CryptoJS.enc.Utf8.parse(rapyd_signature));
console.log("rapyd_signature " + rapyd_signature);
postman.setGlobalVariable("rapyd_signature", rapyd_signature);

Note the following points about the signature calculation:

  • There is no signature on the API response.
  • There is a small difference between the API request signature and the webhook signature: The HTTP method (get, post, put, delete) is present for the API request and not for the webhook.
  • You need to run some tests with your Base64 algorithm to determine whether you have all the right settings.
1 Like