Could I sign a request using Post-fuzz hooks?

[AlexB1986]

Hello, Team! Currently I am trying to test Flick API using your beautiful tool. Seems that Flick API use OAuth and all request to the Flickr API need to be signed using HMAC-SHA-1 (see details on https://www.flickr.com/services/api/auth.oauth.html). Is it possible to achieve that in current version (e.g. using Post-fuzz hooks) or I should think about workaround? Thank you!

[OiCMudkips]

Yes you should be able to use post-fuzz hooks to sign API requests. You need to define a post-fuzz hook as defined in our documentation.

Then you would need to make sure your Swagger definition for Flickr knows about every parameter that needs to be signed. This might be accomplished with fixtures.

By the time fuzzed_input reaches your post-fuzz hook, it will have all these parameters defined, so you can create the HMAC and add it as a parameter to fuzzed_input. This does mean that the oauth_signature needs to be a parameter in all your endpoint definitions, which probably isn't the cleanest thing to do, but I don't think there's a better way to do it.

[AlexB1986]

Yes you should be able to use post-fuzz hooks to sign API requests. You need to define a post-fuzz hook as defined in our documentation.

Then you would need to make sure your Swagger definition for Flickr knows about every parameter that needs to be signed. This might be accomplished with fixtures.

By the time fuzzed_input reaches your post-fuzz hook, it will have all these parameters defined, so you can create the HMAC and add it as a parameter to fuzzed_input. This does mean that the oauth_signature needs to be a parameter in all your endpoint definitions, which probably isn't the cleanest thing to do, but I don't think there's a better way to do it.

[AlexB1986]

Works for me. Thank you!