The SnapInspect 3 API is a RESTful interface, allowing you to programmtically update and access much of your data on the platform. It provides URLs for accessing resources and uses HTTP to receive commands and return responses.
|
Authentication Endpoint |
https://my.snapinspect.com/integration/SnapInspectConnect |
|
Exchange Token Endpoint |
https://my.snapinspect.com/integration/ExchangeToken |
|
API Endpoint |
https://api-v3.snapinspect.com/ |
Personal Access Tokens are a useful mechanism for accessing the API in scenarios where OAuth would be considered overkill, such as access from the command line and personal scripts or applications, or direct integration.
Personal Access Tokens should be used similarly to OAuth access tokens when accessing the API, passing them in the Authorization header:
curl -H "Authorization: Bearer ACCESS_TOKEN" https://api-v3.snapinspect.com/user
You can request your Personal Access Token by email support@snapinspect.com along with the Webhook callback URL (optional).
Note: Remember to keep your tokens secret; treat them just like passwords! They act on your behalf when interacting with the API. Don’t hardcode them into your programs; instead, opt to use them as environment variables.
SnapInspect Connect is an easy and secure way to grant API access to third-party application without sharing your username and password. Now, wheather you're signing into the partner app or granting the partner app access to your inspections, you can use SnapInspect Connect to securely authenticate and connect to your SnapInspect 3 Account.
1. Register an application by email to support@snapinspect.com to obtain your unique Client ID (an application's username), and the client secret, an application's password.
2. A user will arrive at your application and click a button that says "Connect with SnapInspect"
3. This takes the customer to the User Authorization Endpoint, which displays a page asking the user if they would like to grant access to your third-party application.
4. If the customer click "Allow", they are redirected back to the application with a Refresh Token and Access Token as a query parameter.
5. The application can use the Access Token to make request to API on behalf of the customer.
6. The application can also use the Refresh Token to make request to Token Exchange Endpoint to refresh Access Token on demand.
Note: The Access Token will not expire unless you invoke the Token Exchange Endpoint to refresh Access Token.
You must first register your application with SnapInspect to receive a client ID and client secret by email support@snapinspect.com
Please supply your request to connection with:
App Name - The Name of your application. Your customers will see this name when your application request to access their SnapInspect account.
Redirect URL - As described in the OAuth specification, this is where the user will be redirected upon successful or failed authentications. For security reasons we only accept https URL.
Icon - Optional. The icon of your application. Your customers will see this icon when your application request to access their SnapInspect account.
Webhook URL - Optional. A unique call back URL where we can send changes, notifications etc happens to the customers' SnapInspect account.
Your app redirect the user to https://my.snapinspect.com/integration/SnapInspectConnect, along with parameters as a standard query string
| Parameter | Description |
|---|---|
| response_type | required Please use code as fixed value for this parameter. |
| client_id | required The Client ID uniquely identifies the application making the request. |
| redirect_uri | required Must match the redirect_uri that you submitted in the original connection request. |
| state | required state of the app, which will be returned in the response and can be used to match the response up to a given request. |
Upon the success request. The user will see a screen prompt them to accept or reject the request of authorization. In their case, the user will be redirected back to the redirect_uri with the following parameters.
| Parameter | Description |
|---|---|
| access_token | This is the token your app can use to make requests of the API.< |
| token_type | Identifies the type of token returned. At this time, this field will always have the value Bearer. |
| state | The state parameter that was sent with the authorizing request |
| refresh_token | The code you can use to grant a new access token. |
To get a new access token, please make a POST request to https://my.snapinspect.com/integration/ExchangeToken with the following parameters as part of a standard form-encoded post body
| Parameter | Description |
|---|---|
| response_type | required Please use code as fixed value for this parameter. |
| client_id | required The Client ID uniquely identifies the application making the request. |
| client_secret | required The Client Secret belonging to the app. |
| redirect_uri | required Must match the redirect_uri that you submitted in the original connection request. |
| state | required state of the app, which will be returned in the response and can be used to match the response up to a given request. |
| refresh_token | required The refresh_token you obtained during authentication of the application. |
In the response you will receive JSON payload with the following parameter
| Parameter | Description |
|---|---|
| access_token | This is the token your app can use to make requests of the API.< |
| token_type | Identifies the type of token returned. At this time, this field will always have the value Bearer. |
| state | The state parameter that was sent with the authorizing request |
| refresh_token | The code you can use to grant a new access token. |
As the redirect from the authorization endpoint is secret between SnapInspect Authorization servers and your application, this response should not occur in plain text over unencrypted http connection. Please provide https redirect endpoint. You application will need to be have proper SSL/TLS setup.
WebHook is an easy way to get push notifications. A webhook is like an inverted API endpoint where you define a call back URL to which we will POST information as things happen to your SnapInspect account.
We used to We are enforcing WebHook call back URL to https as well.
Currently the WebHook will POST information when there is an inspection uploaded to our server so you can instantly access SnapInspect API to execute actions.
The WebHook payload is in JSON format and include the Inspection ID (the unique identifier for this inspection in SnapInspect), and its SnapInspect internal Company ID (the unique identifier for the Company). It is hightly recommend to retain the internal Company ID to help identify the inspection belonging.
Note: Please return code 200 to help us identify delivery of the WebHook message. In case the delivery fails, we will retry the WebHook for another 4 times within the next 2 hours before remove the message.