Enable HMAC support
You can use the HMAC support to enable Hash-based Message Authentication Codes (HMAC) for your API messages.
|
The HMAC support is part of the API & OSV Early Access components. The API & OSV Early Access components are in the Early Adopter phase. Tricentis does not guarantee full functionality or usability in the current or future Tricentis Tosca versions. |
To enable HMAC support, follow the steps below:
-
Enable the feature in the Options - API and OSV Early Access menu. The Scripting tab becomes visible under API Scan.
-
Create a new API message.
-
On the Scripting tab, implement the IProcessor interface via C# code, as in the example below:
HMAC scripting
Below, you can find the C# code example in a copyable format:
using System;
using System.Linq;
using System.Text;
using System.Security.Cryptography;
using Tricentis.Automation.Api.Core.Extensions;
using Tricentis.Automation.Api.Core.Tc;
using Tricentis.Automation.Api.Engine.Scripting;
namespace HmacSupport {
public class OwnProcessor : IProcessor {
public void BeforeExecute(IApiMessage message) {
var algorithm = new HMACSHA256();
var hash = algorithm.ComputeHash(message.Payload);
message.HeaderList.Add(new KeyValue("HMAC", Convert.ToBase64String(hash)));
}
}
}
The IProcessor interface can have only a single implementation, and the implementation must have a constructor without a parameter. Optionally, you can use the default, parameterless constructor.
-
Enter the payload of your API message on the Payload tab:
HMAC payload
-
Click Run in the menu to run your message.
-
You can catch the returning message via the Message Recorder:
HMAC response
|
|
If you want to use the HMAC support only via the API Scan Standalone (that is, on a PC where you do not have Tosca Commander installed), ensure that you start the ApiScanStandalone.exe with the /script flag, that is, type ApiScanStandalone.exe /script into the command line. |