Using JavaScript to properly sign a string using HmacSHA256 -

in houndify api docs authentication, have following block of content:

---

an example of authenticating request

let's assume have following information:

userid: ae06fcd3-6447-4356-afaa-813aa4f2ba41     requestid: 70aa7c25-c74f-48be-8ca8-cbf73627c05f     timestamp: 1418068667        clientid: kfvh6rpy3tuiml-pcufppg==     clientkey: kgmluq-k1ocuv5bztlkajf_mgo0t07jtogbi6apcqla114ccph3rlk4c0rkty30xleq49mz-c2bmyfovqo4pya== 

1. concatenate userid string, requestid string, , timestamp string in following format: {user_id};{request_id}{timestamp}

2. with values example, expected output in case: ae06fcd3-6447-4356-afaa-813aa4f2ba41;70aa7c25-c74f-48be-8ca8-cbf73627c05f1418068667

3. sign message decoded clientkey. result 32-byte binary string (which can’t represent visually). after base-64 encoding, however, signature is: mywdefhj7av8op23v8pch1pill_gxh4udoaxmi06akk=

4. the client generates 2 authentication headers hound-request-authentication , hound-client-authentication.

5. the hound-request-authentication header composed concatenating userid , requestid in following format: {user-id};{request-id}. continuing example above, value header be: hound-request-authentication: ae06fcd3-6447-4356-afaa-813aa4f2ba41;70aa7c25-c74f-48be-8ca8-cbf73627c05f

6. the hound-client-authentication header composed concatening clientid, timestamp string , signature in following format: {client-id};{timestamp};{signature}. continuing example above, value header be: hound-client-authentication: kfvh6rpy3tuiml-pcufppg==;1418068667;mywdefhj7av8op23v8pch1pill_gxh4udoaxmi06akk=

---

for number 3, says "sign message decoded clientkey". "message" , "clientkey" 2 distinct strings.

my question(s): how sign 1 string string i.e. mean? , how in javascript?

var message = 'my_message'; var key = 'signing_key';  //??what next?? 

i'm trying figure out can create pre-request script in postman proper hmacsha256 hash.

according documentation, if you're using 1 of sdks, automatically authenticate requests:

sdks handle authentication you. have provide sdk client id , client key generated client when created. if not using sdk, use code example right generate own http headers authenticate request.

however, if want manually, believe need compute hmac value of string describe in link in question , send base64 encoded part of hound-client-authentication header in requests. provide example node.js:

var uuid = require('node-uuid'); var crypto = require('crypto');  function generateauthheaders (clientid, clientkey, userid, requestid) {      if (!clientid || !clientkey) {         throw new error('must provide client id , client key');     }      // generate unique userid , requestid.     userid      = userid || uuid.v1();      // keep track of requestid, need requestinfo object     requestid   = requestid || uuid.v1();      var requestdata = userid + ';' + requestid;      // keep track of timestamp, need requestinfo object     var timestamp   = math.floor(date.now() / 1000),            unescapebase64url = function (key) {             return key.replace(/-/g, '+').replace(/_/g, '/');         },          escapebase64url = function (key) {             return key.replace(/\+/g, '-').replace(/\//g, '_');         },          signkey = function (clientkey, message) {             var key = new buffer(unescapebase64url(clientkey), 'base64');             var hash = crypto.createhmac('sha256', key).update(message).digest('base64');             return escapebase64url(hash);          },          encodeddata = signkey(clientkey, requestdata + timestamp),         headers = {             'hound-request-authentication': requestdata,             'hound-client-authentication': clientid + ';' + timestamp + ';' + encodeddata         };      return headers; };