Table of contents
1.
Introduction
2.
What is Hawk?
3.
How to use Hawk Authentication in Postman?
4.
Hawk Authentication Parameters
5.
Frequently Asked Questions
5.1.
For what purpose is Postman used?
5.2.
What is OAuth?
5.3.
Why is it important to authorize requests?
6.
Conclusion
Last Updated: Mar 27, 2024

Hawk Authentication in Postman

Author Neha Chauhan
0 upvote
Career growth poll
Do you think IIT Guwahati certified course can help you in your career?

Introduction

Postman is an API development platform for designing, building and testing API (Application Programming Interface). It can create different HTTP requests (GET, POST, PUT), save environments for later use, and convert the API to code for various languages (like JavaScript, Python).

hawk authentication

Authorizing requests will allow verifying the identity of the client who is requesting access to the protected resources. The client can be a user (individual user) or another service (third-party service). This is done to ensure that the data is secure. There are many types of Authorization like No Auth, Bearer Token, AWS signature, OAuth 1.0, OAuth 2.0, etc. 

In this article, we will discuss about Hawk authorization technique.

What is Hawk?

what is hawk?

Hawk is an HTTP authentication scheme that provides partial HTTP request cryptographic verification. It uses a Message authentication code (MAC) to authenticate. MAC is a cryptographic string that is sent along with a request to detect any kind of tampering with the data. Both the receiver and sender will have the same shared secret to create MAC. 

There are a set of client credentials used in Hawk Authentication. These credentials are a Hawk Authentication ID which is the API’s authentication ID and a Hawk Authentication Key which is the API’s secret key. 

In hawk authentication, unlike Basic HTTP authentication, the Hawk Authentication Key is not added to the request endpoint. The Hawk Authentication Key is used to generate a MAC string. 

How to use Hawk Authentication in Postman?

Open Postman Desktop App🖥️

https://postman-echo.com/auth/hawk is the endpoint that we will use for this example. Postman echo is a request which simply echos back the message sent in the request. In this endpoint, we are using hawk authentication for authorization. 

🚀 Create a new➕request with the above endpoint. Select GET verb. 

🚀 Change to Authorization tab. 

Fill Hawk Auth ID with dh37fgj492je

Fill Hawk Auth key with werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn

Choose the sha256 algorithm. 

🚀 Hit! the Send button. 

✅ You must have received a response body with 200 OK status. 

Yay!🥳 You just learned how to use Hawk Authentication in Postman. 

Hawk Authentication Parameters

hawk auth parameters

Hawk Auth ID - API authentication ID value.

Hawk Auth Key - API authentication key value.

Algorithm - The hash algorithm used to create the message authentication code (MAC).

User - Name of the User.

Nonce - A random string generated by the client.

ext - Any information specific to the application that needs to be sent with the request.

app - The binding between credentials and the application to prevent an attacker using credentials issued to someone else.

dlg - The ID of the application the credentials were issued to.

Timestamp - Timestamp the server uses to prevent replay attacks outside the time window.

Frequently Asked Questions

For what purpose is Postman used?

Postman is an API client that makes it easy for developers to create, share, test and document APIs. Users are allowed to create and save simple and complex HTTP/s requests, as well as read their responses.

What is OAuth?

OAuth is a mechanism that allows services to give authorization to each other on behalf of a user. Keep in mind - the authorization is done only after taking the user’s permission.

Why is it important to authorize requests?

Authorizing requests will allow verifying the identity of the client who is requesting access to the protected resources. The client can be a user (individual user) or another service (third-party service). This is done to ensure that the data is secure.

Conclusion

Congratulations🎉on finishing the article. We discussed what is Hawk Authentication and how to use it with postman. We also discussed Hawk parameters.

If you want to read more about Postman we recommend you read these articles: 

🔥 How to install and setup Postman

🔥 Managing Environments in Postman

🔥 Scripts in Postman
 

You can also visit these links to learn more about web testing and API testing, we recommend you follow these links:

🔥 Web Testing

🔥 API

🔥 API Testing

Head to the Guided Path on the Coding Ninjas Studio and upskill in Data Structures and AlgorithmsCompetitive ProgrammingSystem Design, and many more courses.

If you want to Practice top Coding Problems, attempt mock tests, or read interview experiences, head to the Coding Ninjas Studio, our practice platform.

We wish you Good Luck!🎈 Please upvote our blog 🏆 and help other ninjas grow.

Live masterclass