Admin API / Documentation
Our Admin API gives complete control to all aspects of your Curios license programmitcally. It is robust and powerful - use wisely! Read our Admin API documentation at the URL below:
https://docs.google.com/document/d/11Vv8u3JwVRh8TM9zJzJYzuOW8bFvrK6gcQ9gF2DoZgg
Request Signing
Every request must include a signature in the curios-signature
header value.
Signature requests are created by following very specific steps as outlined below - be warned, the slightest deviation from these steps could lead to your signature not validating.
STEP 1: Define the request date
The request date must be sent as a UTC date/time stamp.
The exact format of the value must be yyyy-mm-ddThh:mm:ss.000Z
(case sensitive).
STEP 2: Define the resource endpoint path
The resource endpoint path is the URL path values that exist AFTER /v2/api/.
The value must NOT have a leading slash or trailing slash.
The path must include any relevant ID values for those endpoints that require it.
The value is case sensitive.
- CORRECT EXAMPLE:
collections
- INCORRECT EXAMPLE:
/collections/
- CORRECT EXAMPLE:
collections/0xf9ab70b4141e2ffd61fc8396e0f7585e82d103c2
- INCORRECT EXAMPLE:
/api/collections/0xf9ab70b4141e2ffd61fc8396e0f7585e82d103c2
- CORRECT EXAMPLE:
customers/resetPassword
- INCORRECT EXAMPLE:
Customers/ResetPassword
STEP 3: Concatenate the values into a string
The string values created for request date
, [space]
, and endpoint path
must be contactenated into a single string.
const string_to_sign = {request date}+' '+{endpoint path};
STEP 4: Create the signature
The signature is a "signed" version of the concatenated string, created with HMAC SHA256 encryption, using your API Secret
as the encryption key.
const signature = HmacSHA256(string_to_sign, {API Secret});