Admin API / Documentation

Our Admin API gives complete control to all aspects of your Curios license programmitcally. It is robust and powerful - use wisely! Read our Admin API documentation at the URL below:

Request Signing

Every request must include a signature in the curios-signature header value.

Signature requests are created by following very specific steps as outlined below - be warned, the slightest deviation from these steps could lead to your signature not validating.

STEP 1: Define the request date

The request date must be sent as a UTC date/time stamp.
The exact format of the value must be yyyy-mm-ddThh:mm:ss.000Z (case sensitive).

STEP 2: Define the resource endpoint path

The resource endpoint path is the URL path values that exist AFTER /v2/api/.
The value must NOT have a leading slash or trailing slash.
The path must include any relevant ID values for those endpoints that require it.
The value is case sensitive.

  1. CORRECT EXAMPLE: collections
  2. INCORRECT EXAMPLE: /collections/
  3. CORRECT EXAMPLE: collections/0xf9ab70b4141e2ffd61fc8396e0f7585e82d103c2
  4. INCORRECT EXAMPLE: /api/collections/0xf9ab70b4141e2ffd61fc8396e0f7585e82d103c2
  5. CORRECT EXAMPLE: customers/resetPassword
  6. INCORRECT EXAMPLE: Customers/ResetPassword

STEP 3: Concatenate the values into a string

The string values created for request date, [space], and endpoint path must be contactenated into a single string.

const string_to_sign = {request date}+' '+{endpoint path};

STEP 4: Create the signature

The signature is a "signed" version of the concatenated string, created with HMAC SHA256 encryption, using your API Secret as the encryption key.

const signature = HmacSHA256(string_to_sign, {API Secret});