Content
Introduction
The SRAPS REST API allows our customers and partners to create their own integrated and interactive solution with SRAPS. The API is available for all end-user and reseller user accounts on SRAPS.
All the available methods allow you to interact with our provisioning server with the same features that are currently available in SRAPS web portal, creating a smooth orchestration for today's hyperconnected networks ecosystems.
Use Cases
API-driven Auto-Provisioning is a very powerful tool to provide customers with an easy to use and secure endpoint provisioning. The biggest advantage is that you can "outsource" the creation and hosting of auto-provisioning templates to us. Your customers do not have to leave your customer portal, but can add new phones and change configurations conveniently using their service provider's web portal.
The SRAPS API enables users to add endpoints, create/edit provisioning profiles, create/edit Product Defaults, create users and retrieve real-time information from logs, endpoints with more than 50 available methods, providing a turning point in the administration experience.
Documentation
The complete API reference documentation with examples and explanation can be found on the SRAPS portal (https://sraps.snom.com).
Authentication
The authentication relies on Hawk scheme (see Hawk on GitHub_). To use the API, you have to obtain API keys first, and then authenticate using Hawk with any subsequent API invocation.
The implementation of Hawk inside SRAPS uses several security mechanisms to ensure the validity of the requests:
- any request has to be signed with a valid SHA-256 MAC signature
- replay protection, using a nonce and request date-time validity
- optional payload validation
The signature is based on these values:
- full URL, including hostname
- HTTP verb used
- date and time of the request
- security nonce
- [Content-Type]
- [Payload hash]
In theory, you could run such requests across unsecured HTTP connection, without TLS, provided the contents of request payloads or response payloads are not considered sensitive data. However, in the case of SRAPS, all communication is run through TLS, no matter what the situation.
HTTP Responses
SRAPS REST API uses conventional HTTP response codes to indicate the status of the API request:
| Response Code | Description |
|---|---|
| 200 OK | Standard OK response with a body |
| 201 CREATED | A resource was created. You get Location, as well as the resource in the body |
| 202 ACCEPTED | A resource will take an asynchronous action and response/result cannot be supplied immediately |
| 204 NO CONTENT | A resource was deleted and the response does not have a body |
| 400 BAD REQUEST | Your request body is malformed somehow |
| 401 UNAUTHORIZED | You did not supply the Authorization header. |
| 403 FORBIDDEN | Even though you supplied a correct Authorization header, you're not allowed to access this resource |
| 404 NOT FOUNDÂ | The resource is not found |
| 405 METHOD NOT ALLOWED | You're trying to use an unsupported method on a resource |
| 406 NOT ACCEPTABLE | You did not supply correct Accept header with version specification |
| 413 REQUEST ENTITY TOO LARGEÂ | You exceeded the 10MB limit for a request |
| 429 TOO MANY REQUESTS | You exceeded number of requests allowed |
| 500 INTERNAL SERVER ERROR | Something bad happened on the server (it might be a bug) |
| 502 BAD GATEWAYÂ | The server is not available |
| 503 SERVICE UNAVAILABLE | The server is most probably in maintenance mode |
| 504 GATEWAY TIMEOUT | The server is not available (processing the request took way too long) |
Recommended Testing Tool
If you want to try out the REST API, and send your first requests to SRAPS we recommend using the well known Postman API client.
Further Information
Related articles
Overview
Content Tools
Tasks
