Generating the X-SAJ-Signature

To ensure authenticity, Snagajob requires that you generate a signature and provide it within the header of your requests. (X-SAJ-Signature)

The X-SAJ-Signature is generated using composed of six values:

requestBody
requestVerb
requestPath
requestQuery
apiSecret
dateHeader (RFC1123 format)

The following code samples show how you can generate a valid signature:

The output of the values listed in the code samples should return a signature equal to:5hY9zBIziUhrAqfEIfSsQB4HddU=

using System;
using System.Security.Cryptography;
using System.Text;
 
public class Program
{
    public static void Main(string[] args)
    {
        string requestBody = "";
        string requestVerb = "POST";
        string requestPath = "/v1/public-api/validate-authorization";
        string requestQuery = "";
        string apiSecret = "your api secret key";
        string dateHeader = "Mon, 31 Oct 2022 20:23:10 GMT";
 
        string  signature = ComputeSignature($"{requestVerb}{requestPath}?{requestQuery};{requestBody};{dateHeader}", apiSecret);
        if (signature.Equals("5hY9zBIziUhrAqfEIfSsQB4HddU="))
        {
            Console.WriteLine("B64 HMAC SHA1: " + signature);
        }
        else
        {
            Console.WriteLine("invalid value: " + signature);
        }
    }
 
    private static string ComputeSignature(string input, string key)
    {
        byte[] keyBytes = Encoding.UTF8.GetBytes(key);
        using(HMACSHA1 myhmacsha1 = new HMACSHA1(keyBytes))
        {
            byte[] inputBytes = Encoding.UTF8.GetBytes(input);
            byte[] hash = myhmacsha1.ComputeHash(inputBytes);
            return Convert.ToBase64String(hash);
        }
    }
}

import hmac
import hashlib
import base64

def compute_signature(input, key):
    key_bytes = key.encode('utf-8')
    input_bytes = input.encode('utf-8')
    hashed = hmac.new(key_bytes, input_bytes, hashlib.sha1)
    return base64.b64encode(hashed.digest()).decode()

def main():
    request_body = ""
    request_verb = 'POST'
    request_path = '/v1/public-api/validate-authorization'
    request_query = ""
    api_secret = 'your api secret key'
    date_header = 'Mon, 31 Oct 2022 20:23:10 GMT'


    signed_string = f'{request_verb}{request_path}?{request_query};{request_body};{date_header}'
    signature = compute_signature(f'{request_verb}{request_path}?{request_query};{request_body};{date_header}', api_secret)

    print(signed_string)
    
    
    print("B64 HMAC SHA1: " + signature)


if __name__ == "__main__":
    main()

Testing your signature

You can use this route to validate your authentication:

post

Authorizations

Header parameters

X-SAJ-AccountstringOptional

The account identifier provided by Snagajob. Required if X-SAJ-Partner is not provided.

X-SAJ-PartnerstringOptional

A key provided by Snagajob that represents the partner. Required if X-SAJ-Account is not provided.

X-SAJ-PartnerAccountstringOptional

The unique identifier of the partner's account. The value is owned by partner but shared with Snagajob.

X-SAJ-DatestringRequired

The date and time of the request in the RFC1123 format (eg: Mon, 31 Oct 2022 20:23:10 GMT). Dates older then 15 minutes will be rejected.

X-SAJ-SignaturestringRequired

A string specific to the request and signed with a private key as described https://docs.snagajob.com/authentication/generating-the-x-saj-signature".

Responses

200

application/json

Responsestring

post

/v1/public-api/validate-authorization

POST /v1/public-api/validate-authorization HTTP/1.1
X-SAJ-Date: text
X-SAJ-Signature: text
Accept: */*

200

text

PreviousObtaining API Access NextXML Feed Reference

Last updated 10 months ago

Was this helpful?

hashtagTesting your signature

Testing your signature