### 1. Fork Banxa Sandbox Collection Use Banxa API collection in Postman by accessing the read-only Banxa Workspace and forking the Collection to your personal or company Workspace. Link to Banxa Workspace: [https://www.postman.com/crimson-comet-2961/workspace/banxa-api-sandbox-public/collection/19155430-c6f45571-964c-4ac9-8b01-8b08b1bc3806](https://www.postman.com/crimson-comet-2961/workspace/banxa-api-sandbox-public/collection/19155430-c6f45571-964c-4ac9-8b01-8b08b1bc3806) ![Postman Fork Collection](/assets/postman-fork-collection.b88db578e9eb0e1abe3d5e4b92a119473af5e41cc1ca24536c1b06868615303c.2f40b509.png) ### 2. Configure credentials Configure your authorization credentials and domain. Click Save. > Make sure that "https://" is included in front of the domain that you have been provided. e.g. [https://binance.banxa.com](https://binance.banxa.com) ![Configure credentials and domain](/assets/configure-credentials.b97e8e142e44c8888cf3ad27147526cc5b3465d463ac5853154c22dd4b0bcc76.2f40b509.png) ### 3. Start invoking the APIs using your credentials Ensure that the *Banxa API Sandbox* environment is selected so that environment variables are applied to each request. ![Environment Selection](/assets/environment-selection.efe45e1f5303895891c168ee4dc7b9881d73f947dff034bbeb2ee886571ac364.2f40b509.png) ### Troubleshooting If you are getting an unauthorized error message when running an API call, double the following things: * The domain configured in your Environments variables include a "https://" in front of the URL e.g. [https://binance.banxa.com](https://binance.banxa.com) * Ensure that the Header variables of your API call includes Authorization and a Value is generated ![Postman Authorization](/assets/postman-authorization.f29e23ad2fa7d30498be51a307a81ba22cdca100896f06a4c78f320b1f26e398.2f40b509.png) * The Collection level Authorization Type is Bearer Token, and the Token is HMAC. The Folders and API calls should inherit Authorization settings from the parent. ![Postman Authorization 2](/assets/postman-authorization-2.f29e23ad2fa7d30498be51a307a81ba22cdca100896f06a4c78f320b1f26e398.2f40b509.png) * Double check that the Pre-request Script at the Collection level is as per below ![Postman Pre-request Script](/assets/postman-pre-request-script.73779ac97a35b6da814d9317181fc7af1960afacfc3870ffda58143ae0a06245.2f40b509.png) ```javascript var CLIENT_KEY = pm.environment.get("key"); var SECRET_KEY = pm.environment.get("secret"); var AUTH_TYPE = 'HMAC-SHA512'; var AUTH_VERSION = '5.1.2'; function epochTime() { var d = new Date(); var t = d.getTime(); var o = t + ""; return o.substring(0, 10); } var timestamp = epochTime(); function getAuthHeader(httpMethod, requestUrl, requestBody) { var requestPath = pm.request.url.getPath(); var requestData; if (httpMethod=="GET"){ requestPath = pm.request.url.getPathWithQuery(); requestPath = replaceVariablesWithValues(requestPath); requestData = [httpMethod, requestPath, timestamp].join("\n"); } else { requestPath = replaceVariablesWithValues(requestPath); requestBody = replaceVariablesWithValues(requestBody); body = JSON.stringify(JSON.parse(requestBody)); requestData = [httpMethod, requestPath, timestamp, body].join("\n"); } console.log(requestData); return CryptoJS.enc.Hex.stringify(CryptoJS.HmacSHA256(requestData, SECRET_KEY)); } function replaceVariablesWithValues(str) { var env = pm.environment.toObject(); for (var p in env) { if( env.hasOwnProperty(p) ) { str = str.replace('{{' + p + '}}', env[p]) } } return str; } console.log(request['headers']); signature = getAuthHeader(request['method'], request['url'], request['data']); postman.setEnvironmentVariable('hmac', CLIENT_KEY + ":" + signature + ":" + timestamp ); ```