API Documentation

  1. Overview
  2. Getting Started
  3. Authentication
    1. Request Expiration
    2. Request Signing
    3. IP Whitelisting
    4. Link Signing
  4. API Reference
    1. Lookup Calls
      1. Lookup Request Time Offset
      2. Lookup All Supported Countries
      3. Lookup Questions By CountryID
      4. Lookup Postal Code Questions By CountryID
    2. Feasibility Calls
      1. Run Feasibility
      2. Run Feasibility by Project
    3. Project Calls
      1. Create Project
      2. Update Project
      3. Delete Project
      4. Duplicate Project
      5. Project Settings - Update
      6. Get Project Settings
      7. Update CPI
      8. Project Multi-Links
      9. Get Project Info
      10. Get Stats By Project
      11. Get Quotas By Project
      12. Get Project List
      13. Update Aggregate Stats by Project
    4. Quota Calls
      1. Create Quota
      2. Update Quota
      3. Delete Quota
    5. Recontact Calls
      1. Recontact by Panelist
      2. Recontact by Transaction
      3. Get Recontact List
      4. Remove Recontact Entries
    6. Completion Calls
      1. Transaction Completion (Redirect)
      2. Register Completion (S2S)
    7. Project Transaction Calls
      1. Transaction Reconciliation
      2. Create Project Transaction
      3. Lookup Transaction Status
      4. Lookup Multiple Transaction Statuses
  5. Test Project URL
  6. Webhooks
    1. Real Time Pricing
    2. Project Status Update
  7. Appendix
    1. JSON Examples
    2. Collecting User Data
    3. Real Time Pricing Overview
    4. Project Types
    5. Error Codes
    6. FAQ

3.2.Request Signing

Each request to the Prodege MR API must be signed. The signature is based on the following formula, where StringToSign consists of all request parameters sorted alphabetically by key and concatenated using a colon (:).

Base64( SHA256( UTF-8-Encoding-Of(SecretKey + “:” + StringToSign) ) )

For example:

For a request to https://www.swagbucks.com/prodegemr/project-create with parameters: apik=yBnXUjjiXSXZ, country_id=1, loi=10, project_id=2025, project_name=Test Survey, project_type_id=1, project_url=https://google.com/%transid%/, and request_date=1442254164458, the StringToSign would be:

apik=yBnXUjjiXSXZ:country_id=1:loi=10:project_id=2025:project_name=Test Survey:project_type_id=1:project_url=https://google.com/%transid%/:request_date=1442254164458

The signature is generated as:

Base64( SHA256( UTF-8-Encoding-Of(SecretKey + ":" + StringToSign) ) )

Note: Since the SHA256 output is Base64-encoded and may contain URL-unsafe characters, the following replacements must be applied before sending:

Character Replacement
+
/ _
= EMPTY STRING

In Java:


static String getProdegeMRSignature(String stringToSign, String secretKey)
{
    byte[] utf8Bytes = (secretKey + ":" + stringToSign).getBytes("UTF-8");
    MessageDigest digest = MessageDigest.getInstance("SHA-256");
    byte[] hash = digest.digest(utf8Bytes);
    byte[] base64Hash = Base64.encodeBase64(hash);
    String signature = new String(base64Hash).replace("+", "-")
                                             .replace("/", "_")
                                             .replace("=", "");
    return signature;
}

In C#:


static string GetProdegeMRSignature(string stringToSign, string secretKey)
{
    var bytes = Encoding.UTF8.GetBytes(secretKey + ":" + stringToSign);
    var algo = new SHA256Managed();
    var hashBytes = algo.ComputeHash(bytes);
    var base64String = System.Convert.ToBase64String(hashBytes);
    var result = base64String.Replace("+", "-")
                             .Replace("/", "_")
                             .Replace("=", "");
    return result;
}

In PHP:


function getProdegeMRSignature($stringToSign, $secretKey)
{
    $utf8_encoded   = utf8_encode($secretKey . ":" . $stringToSign);
    $sha256_hash    = hash('sha256', $utf8_encoded, true);
    $base64_encoded = base64_encode($sha256_hash);
    $signature      = str_replace("+", "-",
                          str_replace("/", "_",
                          str_replace("=", "", $base64_encoded)));
    return $signature;
}

In Python:


from hashlib import sha256
from base64 import b64encode

def get_prodegemr_signature(string_to_sign: str, secret_key: str) -> str:
    utf8_encoded = f"{secret_key}:{string_to_sign}".encode("UTF-8")
    hashed = sha256(utf8_encoded).digest()
    base64_encoded = b64encode(hashed).decode("UTF-8")
    return base64_encoded.replace("+", "-").replace("/", "_").replace("=", "")
« Request ExpirationIP Whitelisting »
Help Guide Powered by Documentor
Suggest Edit