Postman: Ninja RMM API

At my day job, we use NinjaRMM for managing our client’s computers. I’ve been using Postman for a while to test API calls before coding anything. One really bleeping frustrating thing about the NinjaRMM API is how they decided to make authentication┬ácompletely un-normal, unconventional and different from anything. Just to get PostMan working you have to use a “Pre-request Script”.

First setup a couple of global variables:

Now to add the code to the “Pre-request Script” tab:

var privateKey = postman.getEnvironmentVariable('ninja_private_key');

var requestDateTime = new Date().toUTCString();
var path = request.url.substr( request.url.indexOf('.com/') + 4 );

postman.setGlobalVariable('ninja_date', requestDateTime);
postman.setGlobalVariable('ninja_signature', getSignature(privateKey, getStringToSign('GET', '', '', requestDateTime, path)));

function getStringToSign(httpMethod, contentMD5, contentType, requestDateTime, canonicalPath) {
    return httpMethod+"\n"+contentMD5+"\n"+contentType+"\n"+requestDateTime+"\n"+canonicalPath;

function getSignature(secretAccessKey, stringToSign) {
    var encodedString = base64_encode(stringToSign);
    var signature = CryptoJS.HmacSHA1(encodedString, secretAccessKey);

    return signature.toString(CryptoJS.enc.Base64);

function base64_encode( str ) {
    return btoa(unescape(encodeURIComponent( str )));  

After that is setup you could be able to use Postman to test the API.



E-mail : *

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.