Security

The API is stateless so each API call needs to be authenticated. Each call to the API must include the following request headers:

  • X-USERNAME containing the Snap XMP Online email address for the user
  • X-API-KEY containing the API key for the user

Creating the key

To create the key for the user’s account do the following:

  1. Log onto Snap XMP Online.
  2. Go to the Your account section.
  1. Click on the Integrations link.
  1. Click the Generate key button.
Note: This API key is shown as an example. Your API key should remain private.
  1. Click the Copy to clipboard button.

Your API key is now in the clipboard and you can paste this into your API calls.

Failure to include the X-USERNAME and X-API-KEY header parameters, or an incorrect X-API-KEY or use of a revoked API token will result in a 401 – Unauthorised response code, from all API calls.

Note: You should never reveal your API key to anyone or add it to code that is publicly accessible – this includes code in JavaScript files that is easily viewed using the Developer tools in a web browser.

Failure to secure your API key could result in your data being accessible by someone else.

If you think your API key has become known, then you should revoke your key (with the Revoke now button on the Integrations page) or replace the key (with the Replace key button which will make the previous key no longer usable). You will then have to change your client code to use the new key.

Contents