Child pages
  • REST API


Introduction

The SRAPS REST API allows our customers and partners to create their own integrated and interactive solution with SRAPS. The API is available for all end-user and reseller user accounts on SRAPS.

All the available methods allow you to interact with our provisioning server with the same features that are currently available in SRAPS web portal, creating a smooth orchestration for today's hyperconnected networks ecosystems.

Use Cases

API-driven Auto-Provisioning is a very powerful tool to provide customers with an easy to use and secure endpoint provisioning. The biggest advantage is that you can "outsource" the creation and hosting of auto-provisioning templates to us. Your customers do not have to leave your customer portal, but can add new phones and change configurations conveniently using their service provider's web portal.

The SRAPS API enables users to add endpoints, create/edit provisioning profiles, create/edit Product Defaults, create users and retrieve real-time information from logs, endpoints with more than 50 available methods, providing a turning point in the administration experience.

Documentation

The complete API reference documentation with examples and explanation can be found on the SRAPS portal (https://sraps.snom.com).

Authentication

The authentication relies on Hawk scheme (see Hawk on GitHub_). To use the API, you have to obtain API keys first, and then authenticate using Hawk with any subsequent API invocation.

The implementation of Hawk inside SRAPS uses several security mechanisms to ensure the validity of the requests:

  • any request has to be signed with a valid SHA-256 MAC signature
  • replay protection, using a nonce and request date-time validity
  • optional payload validation

The signature is based on these values:

  • full URL, including hostname
  • HTTP verb used
  • date and time of the request
  • security nonce
  • [Content-Type]
  • [Payload hash]

In theory, you could run such requests across unsecured HTTP connection, without TLS, provided the contents of request payloads or response payloads are not considered sensitive data. However, in the case of SRAPS, all communication is run through TLS, no matter what the situation.

HTTP Responses

SRAPS REST API uses conventional HTTP response codes to indicate the status of the API request:


Response CodeDescription
200 OKStandard OK response with a body
201 CREATEDA resource was created. You get Location, as well as the resource in the body
202 ACCEPTEDA resource will take an asynchronous action and response/result cannot be supplied immediately
204 NO CONTENTA resource was deleted and the response does not have a body
400 BAD REQUESTYour request body is malformed somehow
401 UNAUTHORIZEDYou did not supply the Authorization header.
403 FORBIDDEN Even though you supplied a correct Authorization header, you're not allowed to access this resource
404 NOT FOUND The resource is not found
405 METHOD NOT ALLOWEDYou're trying to use an unsupported method on a resource
406 NOT ACCEPTABLEYou did not supply correct Accept header with version specification
413 REQUEST ENTITY TOO LARGE You exceeded the 10MB limit for a request
429 TOO MANY REQUESTSYou exceeded number of requests allowed
500 INTERNAL SERVER ERRORSomething bad happened on the server (it might be a bug)
502 BAD GATEWAY The server is not available
503 SERVICE UNAVAILABLE

The server is most probably in maintenance mode

504 GATEWAY TIMEOUTThe server is not available (processing the request took way too long)

Recommended Testing Tool

If you want to try out the REST API, and send your first requests to SRAPS we recommend using the well known Postman API client.

  • No labels