Securing API Requests with MD5 Hashing and Salt Key in Postman

Modified on Thu, 18 Apr 2024 at 06:50 PM

MD5 algorithm

MD5, short for Message Digest Algorithm 5, is a cryptographic hash function that generates a unique 128-bit hash value, often represented as a 32-character hexadecimal number. This hash value is used to verify data integrity and ensure that the data has not been tampered with during transmission or storage.

When creating an MD5 hash value with a salt key, the salt key is a random value added to the input data before hashing. This approach ensures that even if the same input data is hashed multiple times, the resulting hash values will differ due to the unique salt key. This added complexity enhances security by making it harder for attackers to crack the hash.

Creating an MD5 Hash Value with a Salt Key using a Custom Code

The following code snippet is for Postman, a tool used for API testing. It demonstrates how to create an MD5 hash value with a salt key for a request body in Postman. This method is designed to manage API requests while ensuring the accuracy and security of data through hash calculations.

This example Java method, setAPIRequest, performs several operations related to API requests:

public void setAPIRequest(String param,int index,String page,String XpathKey, String identifier)

   {
     param=CommonUtil.GetData(param);
     param = RestAssuredUtil.getValueFromAPiResponse(param);
     param = RestAssuredUtil.getApipayloadDict(param);

     try {

   String xyz=param.replaceAll(" ", "").replaceAll(",\"hash\":\"@md5Hash\"", "");
   //xyz=xyz.replaceAll(",\"validateHash\":true", "");
   String saltkey = "Nd-T+tS-KyZu";
   String xyzone =xyz+saltkey;
   System.out.println("valuexyzone=" + xyzone);
     MessageDigest md = MessageDigest.getInstance("MD5");
   //  md.update(saltkey.getBytes());
      byte[] messageDigest = md.digest(xyzone.getBytes());
      BigInteger no = new BigInteger(1, messageDigest);
      String hashtext = no.toString(16);
        while (hashtext.length() < 32) {
            hashtext = "0" + hashtext;
            System.out.println("hashtext=" + hashtext);
        }
        param=param.replaceAll("@md5Hash", hashtext);
     }

     catch(Exception e) {}
     ExtentCucumberAdapter.addTestStepLog("Request param : "+param);
     RestAssuredUtil.setRequestParameters(param);
   }

The following table provides code-line arguments:

Code-line	Description
param=CommonUtil.GetData(param);	Uses the CommonUtil class to retrieve data for the param string.
param = RestAssuredUtil.getValueFromAPiResponse(param);	Uses the RestAssuredUtil class to get a value from the API response and updates the param string.
param = RestAssuredUtil.getApipayloadDict(param);	Uses the RestAssuredUtil class to get the API payload dictionary and updates the param string.
String xyz=param.replaceAll(" ", "").replaceAll(",\"hash\":\"@md5Hash\"", "");	Performs string manipulation on the param string to remove spaces and a specific substring related to a hash.
String saltkey = "Nd-T+tS-KyZu";	Defines a salt key used for cryptographic hashing.
String xyzone = xyz + saltkey;	Concatenates the manipulated param string with the salt key.
MessageDigest md = MessageDigest.getInstance("MD5");	Gets an instance of the MessageDigest class for MD5 hashing.
byte[] messageDigest = md.digest(xyzone.getBytes());	Computes the MD5 hash of the concatenated string xyzone.
String hashtext = no.toString(16);	Converts the BigInteger hash value to a hexadecimal string representation.
while (hashtext.length() < 32) { hashtext = "0" + hashtext; }	Ensures that the hexadecimal hash string is 32 characters long by adding leading zeros if necessary.
param=param.replaceAll("@md5Hash", hashtext);	Replaces a placeholder (@md5Hash) in the param string with the computed hash value.
ExtentCucumberAdapter.addTestStepLog("Request param : "+param);	Logs the updated param string for debugging or logging purposes.
RestAssuredUtil.setRequestParameters(param);	Sets the updated param string as the request parameters for further use in the API request.