The API is stateless so each API call needs to be authenticated. Each call to the API must include the following request headers:
- X-USERNAME containing the Snap XMP Online email address for the user
- X-API-KEY containing the API key for the user
Creating the key
To create the key for the user’s account do the following:
- Log onto Snap XMP Online.
- Go to the Your account section.
- Click on the Integrations link.
- Click the Generate key button.
- Click the Copy to clipboard button.
Your API key is now in the clipboard and you can paste this into your API calls.
Failure to include the X-USERNAME and X-API-KEY header parameters, or an incorrect X-API-KEY or use of a revoked API token will result in a 401 – Unauthorised response code, from all API calls.
Failure to secure your API key could result in your data being accessible by someone else.
If you think your API key has become known, then you should revoke your key (with the Revoke now button on the Integrations page) or replace the key (with the Replace key button which will make the previous key no longer usable). You will then have to change your client code to use the new key.