Skip to main content
API Access
Updated over 4 months ago

API Documentation

Base URL of API: https://api.snuggpro.com

Generating API Keys

Companies

Company admins can generate API Keys by going to:

Settings > Companies > Your company > App Integrations > Generate API Key

Programs

Program administrators must contact support to obtain an API key.

API Authentication

We implemented an API authentication scheme which is similar to AWS. To authenticate API requests, Authorization and X-Date headers should be passed. X-Date is the timestamp at the time of making a request. This timestamp should also be used for creating signature, which is a part of Authorization header.

The authorization header has two parts:

1. Credential: Credential is public_key

2. Signature. The hash created using HMAC-SHA256 algorithm as described below:

Authorization: Credential: public_key, Signature: signature created with private_key and date

Steps to generate the signature

  1. Create a HMAC with sha256 hashing algorithm and private_key.

  2. Sign date with the HMAC created.

  3. Digest of HMAC in hex format is the signature.

Sample JavaScript for Postman pre-request script

Start exploring quickly with this script...

const CryptoJS = require('crypto-js');
const dateStr = (new Date()).toISOString();
const publicKey = "YOUR_PUBLIC_KEY_GOES_HERE";
const secretKey = "YOUR_PRIVATE_KEY_GOES_HERE";
const hash = CryptoJS.HmacSHA256(dateStr, secretKey);
const signature = hash.toString(CryptoJS.enc.Hex);
const authHeader = `Credential=${publicKey},Signature=${signature}`;
pm.request.headers.add(dateStr, 'x-Date');
pm.request.headers.add(authHeader, 'Authorization');

Another JavaScript code snippet for creating signature (not for Postman):

const crypto = require('crypto'); const date = new Date().toISOString() const hmac = crypto.createHmac('sha256', private_key) hmac.update(date) const signature = hmac.digest('hex')

Example: Lets assume below API keys and date

const public_key = '02a7c3886d0877072cc6e5e00bbd8cad15829dd2dae01f53184885b2b0669a20'

const private_key = '63170612a05596173c61115373b195ab10dae3121d56391c6524f0c29427e2ed'
date = '2017-06-19T13:22:19.701Z'

// Creating HMAC with private key
let hmac = crypto.createHmac('sha256', '63170612a05596173c61115373b195ab10dae3121d56391c6524f0c29427e2ed')

// Sign date
hmac.update('2017-06-19T13:22:19.701Z')

// Generate signature const signature = hmac.digest('hex')
// Signature for above keys and date is '7d1752a91fd9e507c11a4111fa096059edf11bf6401581642d48f96955466f0d'

// Headers formed based on signature, public_key and date
const headers = { Authorization: 'Credential=02a7c3886d0877072cc6e5e00bbd8cad15829dd2dae01f53184885b2b0669a20, Signature=7d1752a91fd9e507c11a4111fa096059edf11bf6401581642d48f96955466f0d' 'X-Date': '2017-06-19T13:22:19.701Z' }

Webhooks

Did this answer your question?