Testing with Postman

Accessing the Postman Workspace

To get started with testing the SafeSky UAV API, you can access ~~SafeSky~~SafeSky's online Postman workspace with pre-built requests and authentication:

Access the Workspace:
- Visit the SafeSky UAV API Postman Workspace
- Click Fork Collection to add it to your own Postman workspace
What's Included:
- Pre-configured API requests ~~with~~for ~~HMAC-SHA256~~Live ~~authentication~~UAV and Advisory UAV operations
- Automatic HMAC-SHA256 signature generation using a collection-level pre-request ~~scripts~~script
- Sample request bodies ~~and~~with ~~query~~dynamic ~~parameters~~{{timestamp}} variables
- ~~Environment~~A ~~variables~~collection variable for easy API key configuration

Setting Up Your EnvironmentAPI Key

After forking the collection, configure your ~~environment~~API ~~variables:~~key:

~~Select~~Open ~~the Environment~~:
- ~~In the top-right corner of Postman, click on the environment dropdown~~
- ~~Select~~ ~~SafeSky UAV API - Sandbox~~ ~~(or create a new environment)~~

~~Configure Environment~~Collection Variables:
- Click on the ~~eye~~SafeSky ~~icon~~UAV API ~~(👁️)~~collection ~~next~~name in the sidebar
- Go to the ~~environment~~Variables ~~dropdown,~~tab
~~click~~ ~~Edit~~
Set ~~the~~Your ~~following~~API ~~variables:~~

Key

Variable	Initial Value	Current Value
`server`	`https://sandbox-public-api.safesky.app`	`https://sandbox-public-api.safesky.app`
`ss-api-key`	(leave empty)	`<your_api_key>`

~~Important: Set~~ ss-api-key ~~as a~~ ~~secret~~ ~~type variable to keep~~Enter your API key ~~secure~~in the Current Value column
~~The~~Important: Keep the Initial Value ~~will be~~ empty ~~when~~so your key is not shared if you ~~share~~export or publish the ~~collection, while~~ Current Value ~~contains your personal API key~~collection
Click Save

~~Verify Environment Selection~~:
- ~~Ensure the correct environment is selected in the~~ ~~top-right corner~~ ~~of Postman~~
- ~~The environment name should be visible (e.g., "SafeSky UAV API - Sandbox")~~

Understanding the Authentication

The collection includes a collection-level pre-request script that ~~automatically:~~automatically runs before every request. It:

Derives a KID (Key Identifier) from your API key using SHA-256

Derives an HMAC signing key using HKDF-SHA256 (salt: safesky-hmac-salt-v1, info: auth-v1)

Generates an ISO 8601 timestamp and a UUID v4 nonce

Builds a canonical request (method, path, sorted query string, headers, body hash)

Computes the HMAC-SHA256 signature

Sets the required ~~HMAC-SHA256 signature for each request~~

~~Sets~~ authentication headers (automatically:
- Authorization, — SS-HMAC Credential={kid}/v1, SignedHeaders=host;x-ss-date;x-ss-nonce, Signature={sig}
- X-SS-Date, — Current ISO 8601 timestamp
- X-SS-Nonce, — Unique UUID v4
- X-SS-Alg) — SS-HMAC-SHA256-V1
- ~~Handles~~
~~timestamp generation for request bodies~~
Resolves ~~environment~~the ~~variables~~{{timestamp}} variable in request bodies to the ~~canonical~~current ~~request~~epoch milliseconds

You don't need to manually configure authentication -— just ensure your ss-api-key ~~environment~~collection variable is set correctly.

Available Requests

All requests target the production endpoint https://uav-api.safesky.app.

Live UAV Operations (/v1/uav)

Request	Method	Description
GET nearby aircraft by viewport	`GET`	Retrieve traffic within a bounding box (`viewport` parameter)
GET nearby aircraft by radius	`GET`	Retrieve traffic within a radius (`lat`, `lng`, `radius` parameters)
Publish UAV	`POST`	Publish a single UAV position
Publish UAV and Get Nearby Aircraft	`POST`	Publish a UAV position and retrieve nearby traffic (`return_nearby_traffic=true`)
POST UAV with icao	`POST`	Publish a UAV position with an ICAO24 transponder code
POST UAV light	`POST`	Publish a minimal UAV position (only required fields)
POST multiple UAV and Retrieve Traffic	`POST`	Publish multiple UAV positions in a batch and retrieve nearby traffic

Advisory UAV Operations (/v1/advisory)

Request	Method	Description
Publishing a Polygon Advisory	`POST`	Publish an advisory zone defined by a GeoJSON Polygon
Publishing a Point Advisory with a Radius	`POST`	Publish an advisory zone defined by a GeoJSON Point with `max_distance`
Publishing Multiple Advisories	`POST`	Publish multiple advisories (polygon + point) in a single request

Other

Request	Method	Description
Check API health	`GET`	Verify the API gateway is reachable

Start Testing

Once ~~the~~your ~~environment~~API key is configured:

Select a Request: Choose any request from the collection (e.g., POST multiple UAV lightand -Retrieve return trafficTraffic)
Review the Request: Check the request body and query parameters — {{timestamp}} is resolved automatically
Send the Request: Click Send
View the Response: The API will return nearby aircraft traffic based on your UAV positions

Troubleshooting

If you encounter authentication errors:

Verify your ss-api-key is correctly set in the ~~environment~~collection Variables tab (check the Current Value column)

Open the Postman Console (View → Show Postman Console) to see ✓ Authentication headers set or any error messages
Ensure the ~~correct~~request ~~environment is selected in the top-right corner~~

~~Check that~~ server ~~variable~~URL points to https://sandbox-public-uav-api.safesky.app
~~Review~~Check that the ~~Postman~~Content-Type: consoleapplication/json ~~for~~header ~~detailed~~is ~~error~~present ~~messages~~on POST requests

If you see API_KEY not found, make sure you saved the collection variables after entering your key