API Documentation
Base URL of API: https://api.snuggpro.com
Generating API Keys
Companies
Company admins can generate API Keys by going to:
Settings > Your Companies > Your company > App Integrations > Generate API Key
Programs
Program admins generate API Keys by going to:
Settings > Your Programs > Your program > App Integrations > Generate API Key
API Authentication
We implemented an API authentication scheme which is similar to AWS. To authenticate API requests, Authorization and X-Date headers should be passed. X-Date is the timestamp at the time of making a request. This timestamp should also be used for creating signature, which is a part of Authorization header.
The authorization header has two parts:
1. Credential: Credential is public_key
2. Signature. The hash created using HMAC-SHA256 algorithm as described below:
Authorization: Credential: public_key, Signature: signature created with private_key and date
Steps to generate the signature
Create a HMAC with sha256 hashing algorithm and private_key.
Sign date with the HMAC created.
Digest of HMAC in hex format is the signature.
Sample JavaScript for Postman pre-request script
Start exploring quickly with this script...
const CryptoJS = require('crypto-js');
const dateStr = (new Date()).toISOString();
const publicKey = "YOUR_PUBLIC_KEY_GOES_HERE";
const secretKey = "YOUR_PRIVATE_KEY_GOES_HERE";
const hash = CryptoJS.HmacSHA256(dateStr, secretKey);
const signature = hash.toString(CryptoJS.enc.Hex);
const authHeader = `Credential=${publicKey},Signature=${signature}`;
pm.request.headers.add(dateStr, 'x-Date');
pm.request.headers.add(authHeader, 'Authorization');
Another JavaScript code snippet for creating signature (not for Postman):
const crypto = require('crypto'); const date = new Date().toISOString() const hmac = crypto.createHmac('sha256', private_key) hmac.update(date) const signature = hmac.digest('hex')
Example: Lets assume below API keys and date
const public_key = '02a7c3886d0877072cc6e5e00bbd8cad15829dd2dae01f53184885b2b0669a20'
const private_key = '63170612a05596173c61115373b195ab10dae3121d56391c6524f0c29427e2ed'
date = '2017-06-19T13:22:19.701Z'
// Creating HMAC with private key
let hmac = crypto.createHmac('sha256', '63170612a05596173c61115373b195ab10dae3121d56391c6524f0c29427e2ed')
// Sign date
hmac.update('2017-06-19T13:22:19.701Z')
// Generate signature const signature = hmac.digest('hex')
// Signature for above keys and date is '7d1752a91fd9e507c11a4111fa096059edf11bf6401581642d48f96955466f0d'
// Headers formed based on signature, public_key and date
const headers = { Authorization: 'Credential=02a7c3886d0877072cc6e5e00bbd8cad15829dd2dae01f53184885b2b0669a20, Signature=7d1752a91fd9e507c11a4111fa096059edf11bf6401581642d48f96955466f0d' 'X-Date': '2017-06-19T13:22:19.701Z' }