The Signal Vine API provides access to your data via HTTPS. We follow a RESTful approach, using standard HTTP verbs and HATEOAS links. To make resource requests you need to create a token and a secret. They are used to sign requests so they can be authorized and authenticated. Contact support to sign up for the beta program and retrieve a token and secret for use with your account.
You will create a string from components of the HTTP request, and encrypt it using your application secret. The token acts as the shared key is used by the api to decrypt and verify the contents of the signature.
Lowercase & concatenate the following fields together, using\n as a separator.
Use your secret and token to encrypt the string using SHA2 - 256bit encryption.
The api looks for 2 particular headers on all inbound requests, they contain the timestamp you encoded into the signature, along with the token and signature themselves. The signature should be sent as a BASE64 string.
| Header name | Format |
|---|---|
| Authorization | token:signature |
| SignalVine-Date | timestamp encoded in the signature in step 1 |
POST https://api.signalvine.com/Foo/Bar?waz=xax HTTP/1.1
Host: https://app.example.com
Content-Type: application/json
Content-Length: 10
SignalVine-Date: 2014-03-11T05:03:08.619Z
Authorization: SignalVine 123456:7LWA3dHvkOC87h5uRVBofIehmeGRxZJ0DFgWra2E6rs
{woo: war}
String to Sign
123456
post
/foo/bar
{woo: war}
2014-03-11t05:03:08.619z
GET https://api.signalvine.com/Foo/Bar?waz=xax HTTP/1.1
Host: https://app.example.com
Content-Type: application/json
Content-Length: 0
SignalVine-Date: 2014-03-11T05:03:08.619Z
Authorization: SignalVine 123456:7LWA3dHvkOC87h5uRVBofIehmeGRxZJ0DFgWra2E6rs
String to Sign
123456 get /foo/bar 2014-03-11t05:03:08.619z