The SnapInspect 3 API is a RESTful interface, allowing you to programmtically update and access much of your data on the platform. It provides URLs for accessing resources and uses HTTP to receive commands and return responses.
Authentication Endpoint |
https://my.snapinspect.com/integration/SnapInspectConnect |
Exchange Token Endpoint |
https://my.snapinspect.com/integration/ExchangeToken |
API Endpoint |
https://api-v3.snapinspect.com/ |
Personal Access Tokens are a useful mechanism for accessing the API in scenarios where OAuth would be considered overkill, such as access from the command line and personal scripts or applications, or direct integration.
Personal Access Tokens should be used similarly to OAuth access tokens when accessing the API, passing them in the Authorization header:
curl -H "Authorization: Bearer ACCESS_TOKEN" https://api-v3.snapinspect.com/user
You can request your Personal Access Token by email support@snapinspect.com along with the Webhook callback URL (optional).
Note: Remember to keep your tokens secret; treat them just like passwords! They act on your behalf when interacting with the API. Don’t hardcode them into your programs; instead, opt to use them as environment variables.
SnapInspect Connect is an easy and secure way to grant API access to third-party application without sharing your username and password. Now, wheather you're signing into the partner app or granting the partner app access to your inspections, you can use SnapInspect Connect to securely authenticate and connect to your SnapInspect 3 Account.
1. Register an application by email to support@snapinspect.com to obtain your unique Client ID (an application's username), and the client secret, an application's password.
2. A user will arrive at your application and click a button that says "Connect with SnapInspect"
3. This takes the customer to the User Authorization Endpoint, which displays a page asking the user if they would like to grant access to your third-party application.
4. If the customer click "Allow", they are redirected back to the application with a Refresh Token and Access Token as a query parameter.
5. The application can use the Access Token to make request to API on behalf of the customer.
6. The application can also use the Refresh Token to make request to Token Exchange Endpoint to refresh Access Token on demand.
Note: The Access Token will not expire unless you invoke the Token Exchange Endpoint to refresh Access Token.
You must first register your application with SnapInspect to receive a client ID and client secret by email support@snapinspect.com
Please supply your request to connection with:
App Name - The Name of your application. Your customers will see this name when your application request to access their SnapInspect account.
Redirect URL - As described in the OAuth specification, this is where the user will be redirected upon successful or failed authentications. For security reasons we only accept https URL.
Icon - Optional. The icon of your application. Your customers will see this icon when your application request to access their SnapInspect account.
Webhook URL - Optional. A unique call back URL where we can send changes, notifications etc happens to the customers' SnapInspect account.
Your app redirect the user to https://my.snapinspect.com/integration/SnapInspectConnect, along with parameters as a standard query string
Parameter | Description |
---|---|
response_type | required Please use code as fixed value for this parameter. |
client_id | required The Client ID uniquely identifies the application making the request. |
redirect_uri | required Must match the redirect_uri that you submitted in the original connection request. |
state | required state of the app, which will be returned in the response and can be used to match the response up to a given request. |
Upon the success request. The user will see a screen prompt them to accept or reject the request of authorization. In their case, the user will be redirected back to the redirect_uri with the following parameters.
Parameter | Description |
---|---|
access_token | This is the token your app can use to make requests of the API.< |
token_type | Identifies the type of token returned. At this time, this field will always have the value Bearer. |
state | The state parameter that was sent with the authorizing request |
refresh_token | The code you can use to grant a new access token. |
To get a new access token, please make a POST request to https://my.snapinspect.com/integration/ExchangeToken with the following parameters as part of a standard form-encoded post body
Parameter | Description |
---|---|
response_type | required Please use code as fixed value for this parameter. |
client_id | required The Client ID uniquely identifies the application making the request. |
client_secret | required The Client Secret belonging to the app. |
redirect_uri | required Must match the redirect_uri that you submitted in the original connection request. |
state | required state of the app, which will be returned in the response and can be used to match the response up to a given request. |
refresh_token | required The refresh_token you obtained during authentication of the application. |
In the response you will receive JSON payload with the following parameter
Parameter | Description |
---|---|
access_token | This is the token your app can use to make requests of the API.< |
token_type | Identifies the type of token returned. At this time, this field will always have the value Bearer. |
state | The state parameter that was sent with the authorizing request |
refresh_token | The code you can use to grant a new access token. |
As the redirect from the authorization endpoint is secret between SnapInspect Authorization servers and your application, this response should not occur in plain text over unencrypted http connection. Please provide https redirect endpoint. You application will need to be have proper SSL/TLS setup.
WebHook is an easy way to get push notifications. A webhook is like an inverted API endpoint where you define a call back URL to which we will POST information as things happen to your SnapInspect account.
Note: Please return code 200 to confirm receipt of the webhook message. If a webhook fails to deliver its message, we will retry up to three times within the next 10 minutes. If all attempts fail, the message will be removed.