Overview
A Pre-Request Script is a piece of code that runs before the execution of an HTTP request.
In eZintegrations, pre-request scripts allow users to modify request headers, parameters, body content, and authentication details after variables are resolved but before the request is sent.
This ensures that requests are dynamically generated, authenticated, and formatted correctly at runtime.
When to Use
Use Pre-Request Scripts when request values must be generated dynamically before execution.
- Generating authentication signatures
- Creating OAuth headers
- Setting timestamps and nonces
- Encoding parameters
- Logging debug information
- Setting dynamic body or header values
How It Works
The script executes before the HTTP request is sent. It calculates required values such as signatures, tokens, timestamps, or hashes and assigns them to request headers or parameters.
After execution, the modified request is sent to the target system.
Example – Generating Signatures for Authentication
Below are examples of Pre-Request Scripts used for different platforms.
Amazon SP API – POST
import time
import datetime, hashlib, hmac
import json
access_key='{{access_key}}'
secret_key='{{secret_key}}'
host='{{host}}'
canonical_uri='{{canonical_uri}}'
body={{body}}
request_parameters=json.dumps(body)
t=datetime.datetime.utcnow()
amzdate=t.strftime('%Y%m%dT%H%M%SZ')
datestamp=t.strftime('%Y%m%d')
method='POST'
service='execute-api'
region='us-east-1'
canonical_querystring=''
canonical_headers='host:'+host+'\n'+'x-amz-date:'+amzdate+'\n'
signed_headers='host;x-amz-date'
payload_hash=hashlib.sha256(request_parameters.encode('utf-8')).hexdigest()
canonical_request=method+'\n'+canonical_uri+'\n'+canonical_querystring+'\n'+canonical_headers+'\n'+signed_headers+'\n'+payload_hash
algorithm='AWS4-HMAC-SHA256'
credential_scope=datestamp+'/'+region+'/'+service+'/aws4_request'
string_to_sign=algorithm+'\n'+amzdate+'\n'+credential_scope+'\n'+hashlib.sha256(canonical_request.encode('utf-8')).hexdigest()
kDate=hmac.new(('AWS4'+secret_key).encode('utf-8'),datestamp.encode('utf-8'),hashlib.sha256).digest()
kRegion=hmac.new(kDate,region.encode('utf-8'),hashlib.sha256).digest()
kService=hmac.new(kRegion,service.encode('utf-8'),hashlib.sha256).digest()
kSigning=hmac.new(kService,'aws4_request'.encode('utf-8'),hashlib.sha256).digest()
signature=hmac.new(kSigning,string_to_sign.encode('utf-8'),hashlib.sha256).hexdigest()
authorization_header=algorithm+' '+'Credential='+access_key+'/'+credential_scope+', '+'SignedHeaders='+signed_headers+', '+'Signature='+signature
Oracle NetSuite – OAuth 1.0 Signature
import datetime
import random
import string
import hashlib
import base64
import hmac
import urllib.parse
oauth_consumer_id='{{consumer_id}}'
oauth_consumer_key='{{consumer_key}}'
oauth_consumer_secret='{{consumer_secret}}'
oauth_token='{{token}}'
oauth_token_secret='{{token_secret}}'
request_method='POST'
url='https://{{account_id}}.suitetalk.api.netsuite.com/services/rest/query/v1/suiteql'
oauth_signature_method='HMAC-SHA256'
oauth_timestamp=str(int(datetime.datetime.now().timestamp()))
oauth_nonce=''.join(random.choices(string.ascii_letters+string.digits,k=11))
oauth_version='1.0'
normalized_string_url=urllib.parse.quote(url,safe='')
normalized_params={
'oauth_consumer_key':oauth_consumer_key,
'oauth_token':oauth_token,
'oauth_signature_method':oauth_signature_method,
'oauth_timestamp':oauth_timestamp,
'oauth_nonce':oauth_nonce,
'oauth_version':oauth_version
}
sorted_params=dict(sorted(normalized_params.items()))
normalized_string_parmas='&'.join([k+'='+v for k,v in sorted_params.items()])
normalized_string_parmas=urllib.parse.quote(normalized_string_parmas,safe='')
base_string=request_method+'&'+normalized_string_url+'&'+normalized_string_parmas
signature_key=oauth_consumer_secret+'&'+oauth_token_secret
oauth_signature=hmac.new(signature_key.encode(),base_string.encode(),hashlib.sha256)
oauth_signature=base64.b64encode(oauth_signature.digest()).decode('UTF-8')
oauth_signature=urllib.parse.quote(oauth_signature,safe='')
signature='OAuth realm="'+oauth_consumer_id+'",oauth_consumer_key="'+oauth_consumer_key+'",oauth_token="'+oauth_token+'",oauth_signature_method="'+oauth_signature_method+'",oauth_timestamp="'+oauth_timestamp+'",oauth_nonce="'+oauth_nonce+'",oauth_version="'+oauth_version+'",oauth_signature="'+oauth_signature+'"'
Azure Cosmos DB – Authorization Header
from wsgiref.handlers import format_date_time
from datetime import datetime
from time import mktime
import base64
from urllib.parse import quote
import hmac
from hashlib import sha256
endpoint_url='{{hostname}}'
master_key='{{master_key}}'
resource_type='{{resource_type}}'
resource_id='{{resource_id}}'
key=base64.b64decode(master_key)
endpoint_method='post'
now=datetime.now()
stamp=mktime(now.timetuple())
date=format_date_time(stamp)
text='{endpoint_method}\n{resource_type}\n{resource_id}\n{date}\n\n'.format(
endpoint_method=endpoint_method.lower(),
resource_type=resource_type.lower(),
resource_id=resource_id,
date=date.lower())
body=text.encode('utf-8')
digest=hmac.new(key,body,sha256).digest()
signature=base64.encodebytes(digest).decode('utf-8')
uri=f'type=master&ver=1.0&sig={signature[:-1]}'
authorization=quote(uri)
Amazon S3 – PUT
import hashlib
import hmac
import datetime
access_key='{{access_key}}'
secret_key='{{secret_key}}'
region='{{region}}'
host='{{host}}'
canonical_uri='/{{canonical_uri}}'
payload='{{payload}}'
method='PUT'
amzdate=datetime.datetime.utcnow().strftime('%Y%m%dT%H%M%SZ')
datestamp=datetime.datetime.utcnow().strftime('%Y%m%d')
payload_hash=hashlib.sha256(payload.encode()).hexdigest()
canonical_headers='host:'+host+'\n'+'x-amz-content-sha256:'+payload_hash+'\n'+'x-amz-date:'+amzdate+'\n'
signed_headers='host;x-amz-content-sha256;x-amz-date'
canonical_request=method+'\n'+canonical_uri+'\n'+'\n'+canonical_headers+'\n'+signed_headers+'\n'+payload_hash
algorithm='AWS4-HMAC-SHA256'
credential_scope=datestamp+'/'+region+'/s3/aws4_request'
string_to_sign=algorithm+'\n'+amzdate+'\n'+credential_scope+'\n'+hashlib.sha256(canonical_request.encode()).hexdigest()
date_key=hmac.new(('AWS4'+secret_key).encode(),datestamp.encode(),hashlib.sha256).digest()
region_key=hmac.new(date_key,region.encode(),hashlib.sha256).digest()
service_key=hmac.new(region_key,'s3'.encode(),hashlib.sha256).digest()
signing_key=hmac.new(service_key,'aws4_request'.encode(),hashlib.sha256).digest()
signature=hmac.new(signing_key,string_to_sign.encode(),hashlib.sha256).hexdigest()
authorization_header=algorithm+' Credential='+access_key+'/'+credential_scope+', SignedHeaders='+signed_headers+', Signature='+signature
Frequently Asked Questions
What is a Pre-Request Script in eZintegrations?
A Pre-Request Script is code that executes before an API request to prepare, modify, or authenticate the request.
When are Pre-Request Scripts executed?
Pre-Request Scripts are executed after variable resolution and immediately before the HTTP request is sent.
Can Pre-Request Scripts modify request headers?
Yes. They can dynamically create, update, or remove headers, including authorization and custom headers.
Are Pre-Request Scripts mandatory for all integrations?
No. They are optional and only required when dynamic processing or authentication logic is needed.
Can I use Pre-Request Scripts for OAuth and signature generation?
Yes. They are commonly used to generate OAuth tokens, AWS signatures, and other authentication credentials.
Can Pre-Request Scripts access request body and parameters?
Yes. Scripts can read and modify request body data, query parameters, and environment variables.
Do Pre-Request Scripts affect performance?
Minimal performance impact may occur depending on script complexity, but properly optimized scripts execute quickly.
Can Pre-Request Scripts be reused across integrations?
Yes. Similar scripts can be reused across multiple sources, operations, and targets with appropriate parameterization.
Notes
- Ensure credentials are securely stored.
- Verify correct HTTP method (POST, GET, PATCH, PUT).
- Use secure timestamp generation.
- Test authentication in staging before production deployment.
- Pre-request scripts execute before every request.
