Skip to main content
Welcome to Virtru's support portal. As we work to make this page more accessible to screen readers, please contact us at support@virtru.com for technical support.

Virtru Audit API with Postman

  • Updated

About

Postman is a popular tool to help test and develop APIs. To make it more convenient for developers integrating with the Virtru Audit API, we've compiled the necessary steps to make a Postman API call that will authenticate and pull audit events.

Prerequisites

To retrieve events from the Virtru Audit API, you will need the following:

  • Postman Client
  • Virtru Audit API HMAC Token

If you do not already have your Audit HMAC token from Virtru, please reach out to your Virtru representative to have one provisioned for your organization. 

Implementation

To leverage the Virtru Audit API with Postman, you can use the following steps to make a request. Within this example, you will need to configure the customFromDate and customToDate in the script to pull specific sets of data for a given timeframe. You also have the option to leverage other query parameters built into our Audit API which can be found HERE

 

1. Navigate to your Postman client of choice (Web, Desktop, etc)

2. Create new blank collection within your workspace

Screenshot 2025-04-10 at 10.05.28 AM.png

3. Click 'Add a request' to set up a new API GET request

Screenshot 2025-04-10 at 10.06.05 AM.png

4. Update the request URL to:

https://api.virtru.com/audit/api/v1/events?from={{fromTime}}&to={{toTime}}

Screenshot 2025-04-10 at 10.46.18 AM.png

5. Update the headers tab to include the values below:
Screenshot 2025-04-10 at 10.46.36 AM.png

(In Bulk Edit View ):

Authorization:HMAC {{apiTokenId}}:{{signature}}
accept:application/json
X-Request-Limit:100
Date:{{now}}
Content-Type:application/json; charset=utf-8
X-Auth-Signedheaders:content-type;date;host
Host:api.virtru.com

 

6. In the scripts tab, update the Pre-Request Script to the below script which will handle the HMAC authentication, and passage of relevant query parameters to the API

pm.environment.set("apiTokenId", "your_api_token_ID");
const apiToken = "your_api_token_Secret";


const fromTimeStr = pm.variables.get("customFromDate") || "2025-04-01T00:00:00Z";
const toTimeStr = pm.variables.get("customToDate") || "2025-04-02T23:59:59Z";
const nowStr = new Date().toUTCString();

pm.environment.set("fromTime", fromTimeStr);
pm.environment.set("toTime", toTimeStr);
pm.environment.set("now", nowStr);

const path = `/audit/api/v1/events?from=${fromTimeStr}&to=${toTimeStr}`;
const queryParams = `from=${fromTimeStr}&to=${toTimeStr}`;
const host = "api.virtru.com";

const bodyHex = CryptoJS.SHA256("").toString();

const messageToSign = `GET
${path}
${queryParams}
content-type:application/json; charset=utf-8
date:${nowStr}
host:${host}

content-type;date;host
${bodyHex}`;

const signature = CryptoJS.HmacSHA256(messageToSign, apiToken).toString();
pm.environment.set("signature", signature);

Ensure you have your API TokenID, and API Token Secret set in lines 1 and 2 of the script.
Additionally, if filtering by From/To dates, set these values to your desired timeframe:

const fromTimeStr = pm.variables.get("customFromDate") || "2025-04-01T00:00:00Z";
const toTimeStr = pm.variables.get("customToDate") || "2025-04-02T23:59:59Z";


7. Click 'Send' and review the output in the response section of postman. You should see your organizations Audit events.

Related articles