Authenticate with Hawk access authentication in Postman

Hawk authentication enables you to authorize requests using partial cryptographic verification.

To use Hawk authentication, do the following:

  1. In the Authorization tab for a request, select Hawk Authentication from the Type dropdown list.

  2. Enter your details in the Hawk Auth ID, Hawk Auth Key, and Algorithm fields. You can optionally set advanced details, but Postman will try to generate values for them if necessary.

When the required details are complete in the Authorization tab for your request, Postman will add them to the Headers.

The Hawk Authentication parameters are as follows:

  • Hawk Auth ID - Your API authentication ID value.
  • Hawk Auth Key - Your API authentication key value.
  • Algorithm - The hash algorithm used to create the message authentication code (MAC).
  • Advanced parameters:
    • User - The username.
    • Nonce - A random string generated by the client.
    • ext - Any application-specific information to be sent with the request.
    • app - The binding between credentials and the application to prevent an attacker using credentials issued to someone else.
    • dlg - The ID of the application the credentials were issued to.
    • Timestamp - Timestamp the server uses to prevent replay attacks outside the time window.

Last modified: 2022/12/12