Most of the requests in SnapHRM API require an access token. An access token provides a temporary and secure access to SnapHRM API.


1. Obtaining an access token


To obtain an access token, you need to send a request to /auth/application endpoint of the API. An example code and response using PHP have been given below. For details, please refer to the SnapHRM API Documentation.


<?php
$host = "http://froiden.snaphrm.localhost";
// Replace with your app key
$app_key = "2147483647";

// Replace with your app secret
$app_secret="zDKKWreX4oerWibhus7AhWfF0H1nNLshr0IX1G1HNYfMpuLleiFmgubIQSbR";
$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => $host."/api/v1/auth/application",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => "app_key=$app_key&amp;app_secret=$app_secret",
  CURLOPT_HTTPHEADER => array(
    "x-requested-with: XMLHttpRequest",
    "x-snaphrm-host: ".$host
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}


Response successful authorization will be:


{
  "message": "Token generated successfully",
  "data": {
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MDk4NTY4OTksImFwcGxpY2F0aW9uIjoyLCJzdWIiOjEsImlzcyI6Imh0dHA6XC9cL2Zyb2lkZW4uc25hcGhybS5sb2NhbGhvc3RcL2FwaVwvdjFcL2F1dGhcL2FwcGxpY2F0aW9uIiwiaWF0IjoxNTA3MTc4NDk5LCJuYmYiOjE1MDcxNzg0OTksImp0aSI6IjFhYjQwODk4YWRkMTNiZTAwNTg3NjNhZjk1ZTMxMjE2In0.txmBmxxX-LFgpqGGcl6MKnKBnzp36STJ8lyWW1yeqdI",
    "expires": "2017-11-05T10:11:39+05:30"
  }
}


In the response, data.token contains the required access token. This token needs to be sent in Authorization header for all other requests. 


2. Important Points


Some important points to keep in mind about access tokens:


  • Access tokens have an expire time and need to be refreshed or re-authorized regularly. By default, an access token has 30 days validity.
  • Access tokens need to be kept secret because they allow to access and manipulate your data on SnapHRM. They should not be stored statically in code.
  • Disabling the application or making the Authorized Employee inactive will make access token invalid.


3. Making Requests


To make requests to the API, you simply send a request with the access token and required headers. An example code for getting all the job openings in PHP is given below. For details, please refer to the SnapHRM API Documentation.


<?php
$host = "http://froiden.snaphrm.localhost";
// Replace with your app key
$app_key = "2147483647";

// Replace with your app secret
$app_secret="zDKKWreX4oerWibhus7AhWfF0H1nNLshr0IX1G1HNYfMpuLleiFmgubIQSbR"

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => $host."/api/v1/job?fields=id,role,introduction,responsibilities,skill_set,experience_required,ctc,vacancies,posted_date,last_date,posted_as,status,slug",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "GET",
  CURLOPT_HTTPHEADER => array(
    "authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MDk4NTY4OTksImFwcGxpY2F0aW9uIjoyLCJzdWIiOjEsImlzcyI6Imh0dHA6XC9cL2Zyb2lkZW4uc25hcGhybS5sb2NhbGhvc3RcL2FwaVwvdjFcL2F1dGhcL2FwcGxpY2F0aW9uIiwiaWF0IjoxNTA3MTc4NDk5LCJuYmYiOjE1MDcxNzg0OTksImp0aSI6IjFhYjQwODk4YWRkMTNiZTAwNTg3NjNhZjk1ZTMxMjE2In0.txmBmxxX-LFgpqGGcl6MKnKBnzp36STJ8lyWW1yeqdI",
    "content-type: application/json",
    "x-requested-with: XMLHttpRequest",
    "x-snaphrm-host: ".$host
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}