Overview
This node performs HTTP requests with an HMAC (Hash-based Message Authentication Code) signature added to the request for enhanced security and authentication. It supports various HTTP methods (GET, POST, PUT, PATCH, DELETE) and allows users to customize how the HMAC signature is generated and included in the request.
Common scenarios where this node is beneficial include:
- Interacting with APIs that require HMAC-signed requests for authentication.
- Automating secure API calls where message integrity and authenticity must be verified.
- Integrating with services like AWS, Stripe, GitHub, Binance, or any custom API that uses HMAC signatures.
Practical examples:
- Sending a signed GET request to retrieve protected data from a financial API.
- Posting JSON data to a webhook endpoint that requires a timestamped HMAC signature in headers.
- Customizing the signature pattern to match a proprietary API’s requirements.
Properties
| Name | Meaning |
|---|---|
| Method | The HTTP method to use. Options: DELETE, GET, PATCH, POST, PUT. |
| URL | The full URL to which the HTTP request will be sent. |
| HMAC Algorithm | The cryptographic hash algorithm used to generate the HMAC signature. Options: SHA-1, SHA-256, SHA-384, SHA-512. |
| Encoding | The encoding format of the generated signature. Options: Hex, Base64. |
| Signature Pattern | The pattern used to create the string that will be signed. Options: AWS v4 (method + path + query + hashed payload), Stripe/GitHub (timestamp + "." + body), Simple Body Hash (just hash the request body), Binance (timestamp + method + path + query + body), Custom Pattern (user-defined). |
| Custom Pattern | A user-defined pattern for signature generation using placeholders {method}, {path}, {query}, {body}, {timestamp}. Only shown if "Custom Pattern" is selected as Signature Pattern. |
| Signature Placement | Where to place the generated signature in the request. Options: Header, Query Parameter. |
| Signature Header/Parameter Name | The name of the header or query parameter where the signature will be placed. Default is X-Signature. |
| Include Timestamp | Whether to include a timestamp in the request and signature. Boolean toggle. |
| Timestamp Format | The format of the timestamp if included. Options: ISO 8601, Unix (seconds), Unix Milliseconds. Only shown if Include Timestamp is true. |
| Timestamp Header/Parameter Name | The name of the header or query parameter where the timestamp will be placed. Default is X-Timestamp. Only shown if Include Timestamp is true. |
| Body Content Type | The content type of the request body for POST, PUT, PATCH methods. Options: Form Data, JSON, Raw. |
| Body | The JSON body to send when content type is JSON or Form Data. Only shown for POST, PUT, PATCH with JSON or Form content types. |
| Raw Body | The raw string body to send when content type is Raw. Only shown for POST, PUT, PATCH with Raw content type. |
| Additional Fields | Collection of optional additional settings: |
| - Headers | Additional HTTP headers to include in the request, specified as JSON. |
| - Query Parameters | Additional query parameters to append to the URL, specified as JSON. |
| - Timeout | Request timeout in milliseconds. Default is 10000 ms (10 seconds). |
Output
The node outputs an array of items, each containing a json property with the parsed response from the HTTP request. The structure of the json output depends on the API response but typically includes the data returned by the requested endpoint.
If the API returns binary data, it would be included in the response, but this node primarily handles JSON and form data responses. Binary data handling is not explicitly implemented here.
Example output item:
{
"json": {
"key1": "value1",
"key2": "value2"
}
}
Dependencies
- Requires an API key credential for HMAC signing (referred generically as "an API key credential").
- Uses Node.js built-in
URLclass for URL parsing and manipulation. - Utilizes helper functions from bundled utilities for signature generation.
- Requires network access to the target URL.
- No additional external npm packages beyond those bundled with n8n are required.
Troubleshooting
- Invalid JSON in Body parameter: If the JSON body or form data is malformed, the node throws an error indicating invalid JSON. Ensure the JSON syntax is correct.
- Request timeout: If the request takes longer than the configured timeout (default 10 seconds), it will fail. Increase the timeout if necessary.
- Signature mismatch errors from API: If the API rejects the request due to signature issues, verify the signature pattern, algorithm, encoding, and placement settings match the API's expectations.
- Missing or incorrect API key: Ensure the API key credential is correctly configured and accessible by the node.
- Incorrect URL or query parameters: Verify the URL and any additional query parameters are valid and properly formatted.