API Documentation
Base URL of API: https://api.snuggpro.com
Generating API Keys
Companies
Company admins can generate API Keys by going to:
Settings > Companies > Your company > App Integrations > Generate API Key
Programs
Program administrators must contact support to obtain an API key.
API Authentication
We implemented an API authentication scheme which is similar to AWS. To authenticate API requests, Authorization and X-Date headers should be passed. X-Date is the timestamp at the time of making a request. This timestamp should also be used for creating signature, which is a part of Authorization header.
The authorization header has two parts:
1. Credential: Credential is public_key
2. Signature. The hash created using HMAC-SHA256 algorithm as described below:
Authorization: Credential: public_key, Signature: signature created with private_key and date
Steps to generate the signature
Create a HMAC with sha256 hashing algorithm and private_key.
Sign date with the HMAC created.
Digest of HMAC in hex format is the signature.
Sample JavaScript for Postman pre-request script
Start exploring quickly with this script...
const CryptoJS = require('crypto-js');
const dateStr = (new Date()).toISOString();
const publicKey = "YOUR_PUBLIC_KEY_GOES_HERE";
const secretKey = "YOUR_PRIVATE_KEY_GOES_HERE";
const hash = CryptoJS.HmacSHA256(dateStr, secretKey);
const signature = hash.toString(CryptoJS.enc.Hex);
const authHeader = `Credential=${publicKey},Signature=${signature}`;
pm.request.headers.add(dateStr, 'x-Date');
pm.request.headers.add(authHeader, 'Authorization');
Another JavaScript code snippet for creating signature (not for Postman):
const crypto = require('crypto'); const date = new Date().toISOString() const hmac = crypto.createHmac('sha256', private_key) hmac.update(date) const signature = hmac.digest('hex')
Example: Lets assume below API keys and date
const public_key = '02a7c3886d0877072cc6e5e00bbd8cad15829dd2dae01f53184885b2b0669a20'
const private_key = '63170612a05596173c61115373b195ab10dae3121d56391c6524f0c29427e2ed'
date = '2017-06-19T13:22:19.701Z'
// Creating HMAC with private key
let hmac = crypto.createHmac('sha256', '63170612a05596173c61115373b195ab10dae3121d56391c6524f0c29427e2ed')
// Sign date
hmac.update('2017-06-19T13:22:19.701Z')
// Generate signature const signature = hmac.digest('hex')
// Signature for above keys and date is '7d1752a91fd9e507c11a4111fa096059edf11bf6401581642d48f96955466f0d'
// Headers formed based on signature, public_key and date
const headers = { Authorization: 'Credential=02a7c3886d0877072cc6e5e00bbd8cad15829dd2dae01f53184885b2b0669a20, Signature=7d1752a91fd9e507c11a4111fa096059edf11bf6401581642d48f96955466f0d' 'X-Date': '2017-06-19T13:22:19.701Z' }