API Documentation

Each request to the Prodege MR API must be signed. The signature scheme is built based on the following formula where StringToSign consists of all parameters included in the request, in alphabetical order, and concatenated by a colon (:).

Base64( SHA256( UTF-8-Encoding-Of(SecretKey + “:” + StringToSign) ) ),

For example:

For request to https://www.swagbucks.com/prodegemr/project-create  with parameters: country_id=1,  project_id=2025, project_type_id=1, project_name=Test Survey, loi=10,  project_url=https://google.com/%transid%/, apik=tpm!34oyuohj, and request_date=230194972104, the signature would be calculated as follows:

Base64( SHA256( UTF-8-Encoding-Of(SecretKey + “:” + “apik=tpm!34oyuohj:country_id=1:loi=10:project_id=2025:project_name=Test Survey:project_type_id=1:project_url=https://google.com/%transid%/:request_date=1442254164458”) ) )

Note: As the result of SHA256 can have characters that cannot be passed un-encoded as a query string parameter, the following character replacements must be made:

In Java:

       static String getProdegeMRSignature(String stringToSign, String secretKey)
       {
           //get utf8 bytes
           byte[] utf8Bytes = (secretKey + ":" + stringToSign).getBytes("UTF-8");
           //define hashing algo
           MessageDigest digest = MessageDigest.getInstance("SHA-256");
           //generate hash
           byte[] hash = digest.digest(utf8Bytes);
           //base64
           byte[] base64Hash = Base64.encodeBase64(hash);
           //replace url-unfriendly chars
           String signature = new String(base64Hash).replace("+", "-")
                                                    .replace("/", "_")
                                                    .replace("=", "");
           return signature;
       }

In C#:

        static string GetProdegeMRSignature(string stringToSign, string secretKey)
        {
            //get utf8 bytes (important in c# since default is utf16)
            var bytes = Encoding.UTF8.GetBytes(secretKey + ":" + stringToSign);
            //define hashing algo
            var algo = new SHA256Managed();
            //generate hash
            var hashBytes = algo.ComputeHash(bytes);
            //base64
            var base64String = System.Convert.ToBase64String(hashBytes);
            //replace url-unfriendly chars
            var result = base64String.Replace("+", "-").Replace("/", "_").Replace("=", "");
            return result;
        }

In PHP#:

        function getProdegeMRSignature($stringToSign, $secretKey)
        {
                $utf8_encoded   = utf8_encode($secretKey.":".$stringToSign);
                $sha256_hash    = hash('sha256', $utf8_encoded, true);
                $base64_encoded = base64_encode($sha256_hash);
                $signature      = str_replace("+", "-"
                , str_replace("/", "_"
                , str_replace("=", "", $base64_encoded)));
                return $signature;
        }

In Python:

        from hashlib import sha256
        from base64 import b64encode
        def get_prodegemr_signature(string_to_sign: str, secret_key: str) -> str:
                utf_8_encoded = ':'.join((secret_key, string_to_sign)).encode(encoding='UTF-8')
                hashed = sha256(utf_8_encoded).digest()
                base64_encoded = b64encode(hashed).decode(encoding='UTF-8')
                return base64_encoded.replace('+', '-').replace('/', '_').replace('=', '')