Postman: Ninja RMM API

At my day job, we use NinjaRMM for managing our client’s computers. I’ve been using Postman for a while to test API calls before coding anything. One really bleeping frustrating thing about the NinjaRMM API is how they decided to make authentication completely un-normal, unconventional and different from anything. Just to get PostMan working you have to use a “Pre-request Script”.

First setup a couple of global variables:

Now to add the code to the “Pre-request Script” tab:

var privateKey = postman.getEnvironmentVariable('ninja_private_key');

var requestDateTime = new Date().toUTCString();
var path = request.url.substr( request.url.indexOf('.com/') + 4 );

postman.setGlobalVariable('ninja_date', requestDateTime);
postman.setGlobalVariable('ninja_signature', getSignature(privateKey, getStringToSign('GET', '', '', requestDateTime, path)));

function getStringToSign(httpMethod, contentMD5, contentType, requestDateTime, canonicalPath) {
    return httpMethod+"\n"+contentMD5+"\n"+contentType+"\n"+requestDateTime+"\n"+canonicalPath;

function getSignature(secretAccessKey, stringToSign) {
    var encodedString = base64_encode(stringToSign);
    var signature = CryptoJS.HmacSHA1(encodedString, secretAccessKey);

    return signature.toString(CryptoJS.enc.Base64);

function base64_encode( str ) {
    return btoa(unescape(encodeURIComponent( str )));  

After that is setup you could be able to use Postman to test the API.



E-mail : *
  • Guy
    January 5, 2019 at 1:24 am

    Hi Drew,

    thanks a lot, this helped me to fix my implementation in Python…

    keep up to good posts 🙂



  • Parker
    August 14, 2019 at 7:29 am

    Hey Drew,
    Thank you for this great resource. The company I am working at also uses NinjaRMM for managing clients. I was working with Postman to test Ninja’s API and was having trouble until I came across this post. I’m still receiving a invalid authorization header error. The version of Postman that I have does support AWS Signature Authorization, but the syntax for the Authorization header Postman uses is not the same as the syntax from Ninja’s API documentation (Authorization: NJ AccessKeyId:Signature). Since the signature is dynamic, I can’t just copy/paste it from the global variables. I could be wrong, but I don’t think header values can be set to global variables either.

    If you have any insight or suggestions, it would be greatly appreciated.


    • Ryan
      April 25, 2020 at 7:22 pm

      Parker, I think I am having the same problem. Can you explain how you solved this? After using this script I still get the missing headers error message. Can someone explain what else needs to be done in Postman along with this script? Thanks

  • Parker
    August 14, 2019 at 7:49 am

    Hey Drew,

    Disregard the last comment, the problem was solved. Once again thank you for this script!


  • tomas
    March 18, 2020 at 12:54 pm

    How did you solve this?

    • Drew Gauderman • Post Author •
      March 20, 2020 at 9:06 am

      Tomas, What kind of issue are you having?

  • Danny van Oijen
    June 16, 2020 at 2:20 am

    Does someone have a script that i can use without postman?
    Like powershell or python?

  • olivierolejniczak
    January 18, 2021 at 6:03 am

    I use this powershell library for NinjaRMM:


Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.