Postman: Ninja RMM API

At my day job, we use NinjaRMM for managing our client’s computers. I’ve been using Postman for a while to test API calls before coding anything. One really bleeping frustrating thing about the NinjaRMM API is how they decided to make authentication┬ácompletely un-normal, unconventional and different from anything. Just to get PostMan working you have to use a “Pre-request Script”.

First setup a couple of global variables:

Now to add the code to the “Pre-request Script” tab:

var privateKey = postman.getEnvironmentVariable('ninja_private_key');

var requestDateTime = new Date().toUTCString();
var path = request.url.substr( request.url.indexOf('.com/') + 4 );

postman.setGlobalVariable('ninja_date', requestDateTime);
postman.setGlobalVariable('ninja_signature', getSignature(privateKey, getStringToSign('GET', '', '', requestDateTime, path)));

function getStringToSign(httpMethod, contentMD5, contentType, requestDateTime, canonicalPath) {
    return httpMethod+"\n"+contentMD5+"\n"+contentType+"\n"+requestDateTime+"\n"+canonicalPath;
}

function getSignature(secretAccessKey, stringToSign) {
    var encodedString = base64_encode(stringToSign);
    var signature = CryptoJS.HmacSHA1(encodedString, secretAccessKey);

    return signature.toString(CryptoJS.enc.Base64);
}

function base64_encode( str ) {
    return btoa(unescape(encodeURIComponent( str )));  
}

After that is setup you could be able to use Postman to test the API.

Follow
( 9 Followers )
X

Follow

E-mail : *
3 comments
  • Guy
    January 5, 2019 at 1:24 am

    Hi Drew,

    thanks a lot, this helped me to fix my implementation in Python…

    keep up to good posts ­čÖé

    cheers

    Guy

    Reply
  • Parker
    August 14, 2019 at 7:29 am

    Hey Drew,
    Thank you for this great resource. The company I am working at also uses NinjaRMM for managing clients. I was working with Postman to test Ninja’s API and was having trouble until I came across this post. I’m still receiving a invalid authorization header error. The version of Postman that I have does support AWS Signature Authorization, but the syntax for the Authorization header Postman uses is not the same as the syntax from Ninja’s API documentation (Authorization: NJ AccessKeyId:Signature). Since the signature is dynamic, I can’t just copy/paste it from the global variables. I could be wrong, but I don’t think header values can be set to global variables either.

    If you have any insight or suggestions, it would be greatly appreciated.

    Thanks,
    Parker

    Reply
  • Parker
    August 14, 2019 at 7:49 am

    Hey Drew,

    Disregard the last comment, the problem was solved. Once again thank you for this script!

    -Parker

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.