You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »


You can use the API tokenization feature in the Armor Management Portal (AMP) to create an API key. This key will help you log into the Armor API system. 

After you create the API key, you can use that information to access the Armor API system via Postman. 

To learn how to create an API key or to learn a different way to access the Armor API system, see Log into Armor API.

Authenticate into the Armor API system

  1. In your Postman application, create a new GET request with the following endpoint:
  2. Click Headers
  3. Under Key, select Authorization
  4. In Value, enter {{hmacAuthHeader}}.
  5. Click Pre-request Script
  6. Enter the script below with the following updated parameters: 

Enter the Key ID generated from AMP.

In the example below, replace <use the api key id> with your key ID.


Enter the Secret Key generated from AMP.

In the example below, replace <use the secret key> with your secret key.


Enter a unique ID.

  • This ID cannot be longer than 128 characters.
  • This ID cannot contain a colon ( : ). 
timestampEnter a unix time stamp within 5 minutes of current time.
function getPath(url) {
    var pathRegex = /.+?\:\/\/.+?(\/.+?)(?:#|\?|$)/;
    var result = url.match(pathRegex);
    return result && result.length > 1 ? result[1] : '';
function getQueryString(url) {
    var arrSplit = url.split('?');
    return arrSplit.length > 1 ? url.substring(url.indexOf('?')+1) : '';
function getAuthHeader(httpMethod, requestUrl, requestBody) {
    *var APP_ID = '<use the api key id>';*
    *var SECRET_KEY = '<use the secret key>';*
    var AUTH_TYPE = 'ARMOR-PSK';
    var requestPath = getPath(requestUrl).replace('https', 'http');
    var queryString = getQueryString(requestUrl);
    if (httpMethod == 'GET' || !requestBody) {
        requestBody = '';
    } else {
        requestBody = requestBody.toString();
        requestBody = CryptoJS.enc.Base64.stringify(CryptoJS.SHA512(requestBody));
    var timestamp = Math.round(new Date().getTime() / 1000);
    var nonce = timestamp;
    var requestData = [APP_ID, httpMethod, requestPath, nonce, timestamp, requestBody].join("");
    var mac = CryptoJS.HmacSHA512(requestData, SECRET_KEY);
    var signature = CryptoJS.enc.Base64.stringify(mac);
    var authHeader = AUTH_TYPE + ' ' + APP_ID + ':' + signature + ':' + nonce + ':' + timestamp;
    return authHeader;
postman.setEnvironmentVariable('hmacAuthHeader', getAuthHeader(request['method'], request['url'], request['data']));

Related documentation 

  • To learn about the different calls that you can make, see Armor API Guide.