Step 2: Postman

1. Fork Banxa Sandbox Collection

Use Banxa API collection in Postman by accessing the read-only Banxa Workspace and forking the Collection to your personal or company Workspace.

Link to Banxa Workspace:


2. Configure credentials

Configure your authorization credentials and domain. Click Save.


Make sure that "https://" is included in front of the domain that you have been provided. e.g.


3. Start invoking the APIs using your credentials

Ensure that the Banxa API Sandbox environment is selected so that environment variables are applied to each request.



If you are getting an unauthorized error message when running an API call, double the following things:

  • The domain configured in your Environments variables include a "https://" in front of the URL e.g.
  • Ensure that the Header variables of your API call includes Authorization and a Value is generated
  • The Collection level Authorization Type is Bearer Token, and the Token is HMAC. The Folders and API calls should inherit Authorization settings from the parent.
  • Double check that the Pre-request Script at the Collection level is as per below
var CLIENT_KEY = pm.environment.get("key");
var SECRET_KEY = pm.environment.get("secret");
var AUTH_TYPE = 'HMAC-SHA512';
var AUTH_VERSION = '5.1.2';

function epochTime() {
    var d = new Date();
    var t = d.getTime();
    var o = t + "";
    return o.substring(0, 10);

var timestamp = epochTime();
function getAuthHeader(httpMethod, requestUrl, requestBody) {
    var requestPath = pm.request.url.getPath();
    var requestData;
    if (httpMethod=="GET"){
        requestPath = pm.request.url.getPathWithQuery();
        requestPath = replaceVariablesWithValues(requestPath);
        requestData = [httpMethod, requestPath, timestamp].join("\n");
    } else {
        requestPath = replaceVariablesWithValues(requestPath);
        requestBody = replaceVariablesWithValues(requestBody);
        body = JSON.stringify(JSON.parse(requestBody));
        requestData = [httpMethod, requestPath, timestamp, body].join("\n");
    return CryptoJS.enc.Hex.stringify(CryptoJS.HmacSHA256(requestData, SECRET_KEY));

function replaceVariablesWithValues(str) {
    var env = pm.environment.toObject();
    for (var p in env) {
        if( env.hasOwnProperty(p) ) {
            str = str.replace('{{' + p + '}}', env[p])
    return str;
signature = getAuthHeader(request['method'], request['url'], request['data']);
postman.setEnvironmentVariable('hmac', CLIENT_KEY + ":" + signature + ":" + timestamp );

Whatโ€™s Next