Hey everyone,
I’m trying to build a secure POST request to an external API in Wized. The API requires a SHA-512 signature based on a JSON payload combined with a static private key.
I created a variable signature that uses those other vars and generates the hash using Web Crypto, but the API keeps returning a 401 “Invalid Signature” error, even though the same payload works in Postman using CryptoJS.
This is the pre-request script that works in Postman:
const payload = {
verb: "reserve",
products: [
{
edtn: "00000-00000"}
],
clientid: "client@mail.com",
requested: new Date().toISOString()
};
let compact = JSON.stringify(payload);
const unsigned = compact.slice(0, -1) + ',"private-key":"STRING"}';
const hash = CryptoJS.SHA512(unsigned).toString(CryptoJS.enc.Hex).toUpperCase();
const signed = compact.slice(0, -1) + ',"signature":"' + hash + '"}';
pm.variables.set("signedBody", signed);
How do I get this to work in Wized?
Appreciate any tips!
Zack
Hi @zack.kinnaer welcome to the Wized forum!
There’s two things which could cause the issue:
- The way this same script is ported over to Wized isn’t in a proper format
- The API you are using doesn’t support front-end(browser-based) requests and requires only server side requests (which is what postman facilitates)
I’d like to think the first issue can be resolved, how have you impelemented the script in Wized?
Hi Elvis,
Thanks for the quick response!
To clarify where I’m at now:
-
An adjusted script is now running via trigger before the request to update v.signature:
I’ve translated the Postman script to a new async function in Wized. It runs first when the user clicks a button. This function builds the payload (based on variables like v.verb, v.edtn, v.clientid, v.requested) and generates a SHA-512 hash using Web Crypto. That hash is supposed to be saved in a computed variable v.signature, which is then used in my actual API request. However, the v.signature variable never gets updated. It seems the return value of the “run function” isn’t saved at all.
-
The API connection works, but it says my body is empty:
I do get a response back from the API. So the request is reaching it but it returns "{"result": "Invalid Signature.", "request":""}", which logs that the request body is empty, even though I’m setting all the keys and values (item by item) in Wized based on the same payload as the signature. So the body is not being sent correctly although all fields are populated in the request config.
I’ve attached screenshots to show my request headers, body and items setup, trigger config and payload signature function.
The variables I’m using:
- v.edtn: “00000-00000”
- v.clientid: “firstname.lastname@mail.com”
- v.signature: generated hash-key (currently null)
- v.verb: “reserve”
- v.requested: return new Date().toISOString()
The v.signature update function, triggered right before my request via a button click:
return (async () => {
const payload = {
verb: v.verb,
products: [
{ edtn: v.edtn }
],
clientid: v.clientid,
requested: v.requested
};
const compact = JSON.stringify(payload);
const unsigned = compact.slice(0, -1) + ',"private-key":"WEBFLOWONLY"}';
const enc = new TextEncoder();
const buf = await crypto.subtle.digest("SHA-512", enc.encode(unsigned));
const hash = Array.from(new Uint8Array(buf))
.map(b => b.toString(16).padStart(2, "0"))
.join("")
.toUpperCase();
const signed = compact.slice(0, -1) + ',"signature":"' + hash + '"}';
return hash;
})();
Thanks again for taking a look! Let me know if there’s a better way to tackle this use case or debug how/if the variable is being set or if I’m maybe misunderstanding the way async functions or computed variables behave inside Wized.
Best,
Zack
The request body being empty can be due to setting the “Content-Type” header as “application/json” but the body being sent isn’t in JSON format, JSON is a string the body is specified in Key-Value pairs. Could you delete the header and retry sending the request and check if the request body is still empty?
1 Like
Hi @elvisben,
Status:
What I’ve tried (all failed to populate v.signature in time):
-
Computed variable with async Web Crypto
-
Putting the async function directly in the variable’s default → stays empty.
-
Placing the function inside the request body value (signature field) → stays empty.
-
Event/trigger on button click that should “set variable” using an inline async function → v.signature value still isn’t updated.
But the same function does return a correct hash in the Function Editor preview.-
What’s the recommended approach for this?
This is the function I want to run right before the request to update v.signature:
return (async () => {
const payload = {
verb: v.verb,
products: [{ edtn: v.edtn }],
clientid: v.clientid,
requested: v.requested
};
const compact = JSON.stringify(payload);
const unsigned = compact.slice(0, -1) + ',"private-key":"PRIVATEKEY"}';
const enc = new TextEncoder();
const buf = await crypto.subtle.digest("SHA-512", enc.encode(unsigned));
const hash = Array.from(new Uint8Array(buf))
.map(b => b.toString(16).padStart(2, "0"))
.join("")
.toUpperCase();
return hash;
})();
Thanks a lot!
Zack
With this, the only thing I can think of is that the code never actually gets to run so the value is never set.
Could you perhaps share the staging link so I can test it live and walk through the execution bit by bit?
Ok, makes sense. Do I send u the link via email or just drop it in this post?
Over here its okay, you can enable the preview as I debug and then disable it after resolution.
Got to see it via the preview, and there’s somethings I saw which didn’t make immediate sense from my view:
- The “Prevent Default” checked for the click here - I do not see the need to prevent the default functionality of the click behavior for the element specified
- In the run function we do not assign the resulting hash to the signature so there isn’t a new value for it, to correct it would simple be a simple assignment like this:
Let me know if these help
1 Like
Hi Elvis
Adding the last line to set the variable fixed it. Thank you!
In the log we saw you did some updates too. Is our project open to anyone or just to the wized team? Meaning: do we have to edit something in the settings so that not just anyone can view the project?
Zack
Nice to hear that its good now.
Yes there is a setting to prevent project sharing, its documentation is here: Intro to the settings panel | Wized Docs
1 Like
