Implementing Parameter Encryption in JMeter and Postman for API Testing

When an API requires a signature generated by sorting all request parameters by key, concatenating them, and applying MD5 (e.g., md5(bar=2&baz=3&foo=1)), the resulting hash is appended as a signature parameter. To automate this during load testing, JMeter can be used with a BeanShell PreProcessor.

Steps in JMeter:

1. Write a Java class that performs the MD5 signing logic and export it as a JAR file.

2. Place the JAR under D:\jmeter\apache-jmeter-3.3\lib.

3. In JMeter, add an HTTP Sampler for the target API and attach a BeanShell PreProcessor to the sampler.

4. In the BeanShell script, import the custom JAR, retrieve request parameters via vars.get(String paramStr), compute the MD5 signature, and store the result back into JMeter variables using vars.put(String key, String value). These variables (e.g., signs1, signs2, signs3) can then be concatenated into the final request URL.

After configuring the pre‑processor, each request sent by JMeter will include the encrypted parameters and the computed signature.

Postman alternative:

1. Define environment variables for the parameters.

2. Reference the signature variable in the request parameters.

3. In the Pre‑request Script, write JavaScript code that performs the same MD5 signing (using a suitable library) and assigns the result to a variable.

Notes:

Postman’s encryption feature requires a recent version; older versions may fail.

For POST requests, use request.data to access parameters; for GET requests, parse request.url to extract and process query parameters.

View Pre‑request Script logs via View → Show Postman Console .

With these configurations, dynamic parameter encryption can be tested and load‑tested efficiently using JMeter, while Postman offers a quick way to verify the signing logic.