Developer API
Welcome to the SquidVault developers API. Before you get started you will need to have your API token and API secret to hand. If you haven't requested a developer account please contact Support.
Getting started
If you are using PHP, you can simply copy and use the request function with its 2 helper functions (encrypt and decrypt).
- OR -
You can use any language that supports POST requests and JSON parsing as all requests are HTTPS POSTs with exactly 2 parameters (apiKey and data) that return a JSON array.
1. The apiKey parameter is your unique API token.
2. The data parameter is a JSON array that has been encrypted using AES-256-CBC with your unique API secret and then base64 encoded for transmission.
All requests return a JSON array of the following form
Response Structure
{
"error": String,
"status": String,
"data": String,
"action": String,
"version": String,
"proc_time": Integer,
"proc_id": Integer
}
In the event of an authentication error, it is normal for only the "error" and "status" fields to be returned.
Other failures will return with the "data" field containing a base 64 encoded and encrypted JSON object that is either empty or has some diagnostic content.
Response Fields
error: Error message, if any. Blank if successful.
status: "success" or "failure".
data: Base 64 encoded and AES-256-CBC encrypted string that decrypts (using your unique API secret) to give the body of the result.
action: The specific API call that was made.
version: The version of the API called.
proc_time: A unix timestame for the time the call was made.
proc_id: A unique ID for the call issued be SquidVault for reference.
Next step
<?php
function encrypt($plaintext,$api_sec){
$ivlen = openssl_cipher_iv_length($cipher="AES-256-CBC");
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext_raw = openssl_encrypt($plaintext, $cipher, $api_sec, $options=OPENSSL_RAW_DATA, $iv);
$hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
return base64_encode( $iv.$hmac.$ciphertext_raw );
}
function decrypt($ciphertext,$api_sec){
$c = base64_decode($ciphertext);
$ivlen = openssl_cipher_iv_length($cipher="AES-256-CBC");
$iv = substr($c, 0, $ivlen);
$hmac = substr($c, $ivlen, $sha2len=32);
$ciphertext_raw = substr($c, $ivlen+$sha2len);
return openssl_decrypt($ciphertext_raw, $cipher, $api_sec, $options=OPENSSL_RAW_DATA, $iv);
}
function request($requestArray) {
##############################################
# TODO: Request a developer account to obtain
# a Token and secret for your company.
#
# Change this to your API token
$api_key = 'company_XXXXXXXXXXXX';
#
# Change this to your API secret
$api_sec = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
#
##############################################
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://Squidvault.com/api/");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,
http_build_query([
'apiKey' => $api_key,
'data' => encrypt( json_encode($requestArray), $api_sec )
])
);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$responseJSON = curl_exec($ch);
if(($responseJSON===false) || curl_errno($ch)) {
return curl_error($ch);
}
curl_close($ch);
$responseArray = json_decode($responseJSON,true);
if(is_null($responseArray)){
return 'API Error ('.$responseJSON.')';
}
if(isset($responseArray['data']) && ($responseArray['data']!='')){
$responseArray['data'] = decrypt($responseArray['data'],$api_sec);
}
return $responseArray;
}
?>