Create registration for Azure Notification Hub in Postman

I created a Service Bus / Notification Hub in my Azure Portal.

Now I'm trying to use the Azure REST API with Postman based on this doc : https://msdn.microsoft.com/en-us/library/azure/dn223265.aspx

Here is the Postman configuration I have :

It's a POST method of the following url (Create Registration) https://mysite.servicebus.windows.net/mysite-notif/registrations/?api-version=2015-01 (I replaced with mysite in that url for privacy reasons)

In the Headers, I typed 2 entries :

Content-Type application/atom+xml;type=entry;charset=utf-8

Authorization Endpoint=sb://[mysite].servicebus.windows.net/;SharedAccessKeyName=DefaultFullSharedAccessSignature;SharedAccessKey=[mykey] (this Connection information I copied from the Azure portal)

In the Body, I chose raw - XML(txt/xml) and pasted :

<?xml version="1.0" encoding="utf-8"?>
<entry xmlns="http://www.w3.org/2005/Atom">
    <content type="application/xml">
        <WindowsRegistrationDescription xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/netservices/2010/10/servicebus/connect">
            <Tags>myTag, myOtherTag</Tags>
            <ChannelUri>{ChannelUri}</ChannelUri>
        </WindowsRegistrationDescription>
    </content>
</entry>

(it's the Native registration for Windows Notification Service example)

When I send this call from within Postman, I get a 401 Error :

<Error>
    <Code>401</Code>
    <Detail>MalformedToken: The credentials contained in the authorization header are not in the WRAP format..TrackingId:ee0d87ef-6175-46a1-9b35-6c31eed6049d_G2,TimeStamp:8/13/2015 9:58:26 AM</Detail>
</Error>

What am I missing ? Is it the Authorization tab I left on "No Auth" in Postman ? Is it the value of the Authorization header that should be encoded like shown here ? Creating registration ID for Azure Notification Hub via REST api

Thanks.

Your "Authorization" header is not correct.

As stated in the Azure Notification Hubs REST API documentation, e.g. for creating a registration, the "Authorization" header has to contain the "Token generated as specified in Shared Access Signature Authentication with Service Bus"...

The token format is specified in the documentation for Shared Access Signature Authentication with Service Bus as the following:

SharedAccessSignature sig=<signature-string>&se=<expiry>&skn=<keyName>&sr=<URL-encoded-resourceURI>

• URL-encoded-resourceURI: The url you send the POST request to (in your case "https://mysite.servicebus.windows.net/mysite-notif/registrations/?api-version=2015-01")
• keyName: In your case the default key name "DefaultFullSharedAccessSignature"
• expiry: The expiry is represented as the number of seconds since the epoch 00:00:00 UTC on 1 January 1970.
• signature-string: The signature for the SAS token is computed using the HMAC-SHA256 of a string-to-sign with the PrimaryKey property of an authorization rule. The string-to-sign consists of a resource URI and an expiry, formatted as follows:
  • StringToSign = <resourceURI> + "\n" + expiry;
  • resourceURI should be the same as URL-encoded-resourceURI (also URL encoded)
  • Compute the HMAC-SHA256 of StringToSign using the SAS key (what you replaces with [mykey] in your example). Use the URL encoded result for signature-string then.