Skip to main content

API Access

Updated over 3 weeks ago

API Documentation

Base URL of API: https://api.snuggpro.com

Generating API Keys

Companies

Company admins can generate API Keys by going to:

Settings > Your Companies > Your company > App Integrations > Generate API Key

Programs

Program admins generate API Keys by going to:

Settings > Your Programs > Your program > App Integrations > Generate API Key

API Authentication

We implemented an API authentication scheme which is similar to AWS. To authenticate API requests, Authorization and X-Date headers should be passed. X-Date is the timestamp at the time of making a request. This timestamp should also be used for creating signature, which is a part of Authorization header.

The authorization header has two parts:

1. Credential: Credential is public_key

2. Signature. The hash created using HMAC-SHA256 algorithm as described below:

Authorization: Credential: public_key, Signature: signature created with private_key and date

Steps to generate the signature

  1. Create a HMAC with sha256 hashing algorithm and private_key.

  2. Sign date with the HMAC created.

  3. Digest of HMAC in hex format is the signature.

Sample JavaScript for Postman pre-request script

Start exploring quickly with this script...

const CryptoJS = require('crypto-js');
const dateStr = (new Date()).toISOString();
const publicKey = "YOUR_PUBLIC_KEY_GOES_HERE";
const secretKey = "YOUR_PRIVATE_KEY_GOES_HERE";
const hash = CryptoJS.HmacSHA256(dateStr, secretKey);
const signature = hash.toString(CryptoJS.enc.Hex);
const authHeader = `Credential=${publicKey},Signature=${signature}`;
pm.request.headers.add(dateStr, 'x-Date');
pm.request.headers.add(authHeader, 'Authorization');

Another JavaScript code snippet for creating signature (not for Postman):

const crypto = require('crypto'); const date = new Date().toISOString() const hmac = crypto.createHmac('sha256', private_key) hmac.update(date) const signature = hmac.digest('hex')

Example: Lets assume below API keys and date

const public_key = '02a7c3886d0877072cc6e5e00bbd8cad15829dd2dae01f53184885b2b0669a20'

const private_key = '63170612a05596173c61115373b195ab10dae3121d56391c6524f0c29427e2ed'
date = '2017-06-19T13:22:19.701Z'

// Creating HMAC with private key
let hmac = crypto.createHmac('sha256', '63170612a05596173c61115373b195ab10dae3121d56391c6524f0c29427e2ed')

// Sign date
hmac.update('2017-06-19T13:22:19.701Z')

// Generate signature const signature = hmac.digest('hex')
// Signature for above keys and date is '7d1752a91fd9e507c11a4111fa096059edf11bf6401581642d48f96955466f0d'

// Headers formed based on signature, public_key and date
const headers = { Authorization: 'Credential=02a7c3886d0877072cc6e5e00bbd8cad15829dd2dae01f53184885b2b0669a20, Signature=7d1752a91fd9e507c11a4111fa096059edf11bf6401581642d48f96955466f0d' 'X-Date': '2017-06-19T13:22:19.701Z' }

Webhooks

Did this answer your question?