{
  "info": {
    "_postman_id": "0b3cc808-1e44-4e1f-bcb3-c2bc76341c2a",
    "name": "Vomule SMS API",
    "description": "Signed REST API requests for Vomule SMS. The JSON request signs itself in the pre-request script. For CSV file upload, Postman cannot read selected local file bytes in scripts, so compute `file_body_hash`, `file_signature`, and `file_timestamp` externally using the PHP, JavaScript, or Python examples in the docs.",
    "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
    "_exporter_id": "vomule"
  },
  "variable": [
    {
      "key": "base_url",
      "value": "https://sms.vomule.net",
      "type": "string"
    },
    {
      "key": "client_id",
      "value": "CLS-your-client-id",
      "type": "string"
    },
    {
      "key": "client_secret",
      "value": "replace-with-your-client-secret",
      "type": "string"
    },
    {
      "key": "request_id",
      "value": "postman-{{$timestamp}}",
      "type": "string"
    },
    {
      "key": "file_timestamp",
      "value": "",
      "type": "string"
    },
    {
      "key": "file_body_hash",
      "value": "",
      "type": "string"
    },
    {
      "key": "file_signature",
      "value": "",
      "type": "string"
    }
  ],
  "auth": {
    "type": "noauth"
  },
  "event": [
    {
      "listen": "prerequest",
      "script": {
        "type": "text/javascript",
        "exec": [
          "const path = '/api/v1/send-sms';",
          "const method = 'POST';",
          "const clientSecret = pm.variables.get('client_secret');",
          "if (!clientSecret || clientSecret === 'replace-with-your-client-secret') {",
          "  console.warn('Set client_secret before sending signed requests.');",
          "}",
          "if (pm.request.body && pm.request.body.mode === 'raw') {",
          "  const rawBody = pm.variables.replaceIn(pm.request.body.raw || '');",
          "  const timestamp = Math.floor(Date.now() / 1000).toString();",
          "  const bodyHash = CryptoJS.SHA256(rawBody).toString(CryptoJS.enc.Hex);",
          "  const signatureBase = timestamp + method + path + bodyHash;",
          "  const signature = CryptoJS.HmacSHA256(signatureBase, clientSecret).toString(CryptoJS.enc.Hex);",
          "  pm.variables.set('timestamp', timestamp);",
          "  pm.variables.set('body_hash', bodyHash);",
          "  pm.variables.set('signature', signature);",
          "}"
        ]
      }
    }
  ],
  "item": [
    {
      "name": "Send single SMS (JSON)",
      "event": [
        {
          "listen": "test",
          "script": {
            "type": "text/javascript",
            "exec": [
              "pm.test('Response is JSON', function () {",
              "  pm.response.to.have.header('Content-Type');",
              "});",
              "pm.test('Accepted or validation response', function () {",
              "  pm.expect([200, 201, 400, 401, 422, 429]).to.include(pm.response.code);",
              "});"
            ]
          }
        }
      ],
      "request": {
        "method": "POST",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/json"
          },
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "key": "X-Client-ID",
            "value": "{{client_id}}"
          },
          {
            "key": "X-Timestamp",
            "value": "{{timestamp}}"
          },
          {
            "key": "X-Body-Hash",
            "value": "{{body_hash}}"
          },
          {
            "key": "X-Signature",
            "value": "{{signature}}"
          }
        ],
        "body": {
          "mode": "raw",
          "raw": "{\n  \"msisdn\": \"+26650123456\",\n  \"message\": \"Hello from Postman\",\n  \"request_id\": \"{{request_id}}\"\n}"
        },
        "url": {
          "raw": "{{base_url}}/api/v1/send-sms",
          "host": ["{{base_url}}"],
          "path": ["api", "v1", "send-sms"]
        },
        "description": "Fully automated signed JSON request. Set `base_url`, `client_id`, and `client_secret` in collection variables before sending."
      },
      "response": []
    },
    {
      "name": "Send bulk SMS (CSV file)",
      "request": {
        "method": "POST",
        "header": [
          {
            "key": "Accept",
            "value": "application/json"
          },
          {
            "key": "X-Client-ID",
            "value": "{{client_id}}"
          },
          {
            "key": "X-Timestamp",
            "value": "{{file_timestamp}}"
          },
          {
            "key": "X-Body-Hash",
            "value": "{{file_body_hash}}"
          },
          {
            "key": "X-Signature",
            "value": "{{file_signature}}"
          }
        ],
        "body": {
          "mode": "formdata",
          "formdata": [
            {
              "key": "file",
              "type": "file",
              "src": []
            }
          ]
        },
        "url": {
          "raw": "{{base_url}}/api/v1/send-sms",
          "host": ["{{base_url}}"],
          "path": ["api", "v1", "send-sms"]
        },
        "description": "Select a CSV file, then set `file_timestamp`, `file_body_hash`, and `file_signature`. Postman cannot read selected local file bytes in pre-request scripts, but the API requires the SHA-256 hash of those bytes."
      },
      "response": []
    }
  ]
}
