Generating the X-SAJ-Signature

To ensure authenticity, Snagajob requires that you generate a signature and provide it within the header of your requests. (X-SAJ-Signature)

The X-SAJ-Signature is generated using composed of six values:

requestBody
requestVerb
requestPath
requestQuery
apiSecret
dateHeader (RFC1123 format)

The following code samples show how you can generate a valid signature:

The output of the values listed in the code samples should return a signature equal to:5hY9zBIziUhrAqfEIfSsQB4HddU=

using System;
using System.Security.Cryptography;
using System.Text;
 
public class Program
{
    public static void Main(string[] args)
    {
        string requestBody = "";
        string requestVerb = "POST";
        string requestPath = "/v1/public-api/validate-authorization";
        string requestQuery = "";
        string apiSecret = "your api secret key";
        string dateHeader = "Mon, 31 Oct 2022 20:23:10 GMT";
 
        string  signature = ComputeSignature($"{requestVerb}{requestPath}?{requestQuery};{requestBody};{dateHeader}", apiSecret);
        if (signature.Equals("5hY9zBIziUhrAqfEIfSsQB4HddU="))
        {
            Console.WriteLine("B64 HMAC SHA1: " + signature);
        }
        else
        {
            Console.WriteLine("invalid value: " + signature);
        }
    }
 
    private static string ComputeSignature(string input, string key)
    {
        byte[] keyBytes = Encoding.UTF8.GetBytes(key);
        using(HMACSHA1 myhmacsha1 = new HMACSHA1(keyBytes))
        {
            byte[] inputBytes = Encoding.UTF8.GetBytes(input);
            byte[] hash = myhmacsha1.ComputeHash(inputBytes);
            return Convert.ToBase64String(hash);
        }
    }
}

import hmac
import hashlib
import base64

def compute_signature(input, key):
    key_bytes = key.encode('utf-8')
    input_bytes = input.encode('utf-8')
    hashed = hmac.new(key_bytes, input_bytes, hashlib.sha1)
    return base64.b64encode(hashed.digest()).decode()

def main():
    request_body = ""
    request_verb = 'POST'
    request_path = '/v1/public-api/validate-authorization'
    request_query = ""
    api_secret = 'your api secret key'
    date_header = 'Mon, 31 Oct 2022 20:23:10 GMT'


    signed_string = f'{request_verb}{request_path}?{request_query};{request_body};{date_header}'
    signature = compute_signature(f'{request_verb}{request_path}?{request_query};{request_body};{date_header}', api_secret)

    print(signed_string)
    
    
    print("B64 HMAC SHA1: " + signature)


if __name__ == "__main__":
    main()

Testing your signature

You can use this route to validate your authentication:

PreviousObtaining API Access NextXML Feed Reference

Last updated 3 months ago

Was this helpful?

using System; using System.Security.Cryptography; using System.Text; public class Program { public static void Main(string[] args) { string requestBody = ""; string requestVerb = "POST"; string requestPath = "/v1/public-api/validate-authorization"; string requestQuery = ""; string apiSecret = "your api secret key"; string dateHeader = "Mon, 31 Oct 2022 20:23:10 GMT"; string signature = ComputeSignature($"{requestVerb}{requestPath}?{requestQuery};{requestBody};{dateHeader}", apiSecret); if (signature.Equals("5hY9zBIziUhrAqfEIfSsQB4HddU=")) { Console.WriteLine("B64 HMAC SHA1: " + signature); } else { Console.WriteLine("invalid value: " + signature); } } private static string ComputeSignature(string input, string key) { byte[] keyBytes = Encoding.UTF8.GetBytes(key); using(HMACSHA1 myhmacsha1 = new HMACSHA1(keyBytes)) { byte[] inputBytes = Encoding.UTF8.GetBytes(input); byte[] hash = myhmacsha1.ComputeHash(inputBytes); return Convert.ToBase64String(hash); } } }

import hmac import hashlib import base64 def compute_signature(input, key): key_bytes = key.encode('utf-8') input_bytes = input.encode('utf-8') hashed = hmac.new(key_bytes, input_bytes, hashlib.sha1) return base64.b64encode(hashed.digest()).decode() def main(): request_body = "" request_verb = 'POST' request_path = '/v1/public-api/validate-authorization' request_query = "" api_secret = 'your api secret key' date_header = 'Mon, 31 Oct 2022 20:23:10 GMT' signed_string = f'{request_verb}{request_path}?{request_query};{request_body};{date_header}' signature = compute_signature(f'{request_verb}{request_path}?{request_query};{request_body};{date_header}', api_secret) print(signed_string) print("B64 HMAC SHA1: " + signature) if __name__ == "__main__": main()