Thanks for your interest in using our API, to get you going, here is an example that can help.
Let us start with a simple API call that will help you retrieve your "keys", keys are used to refer to your connections to your cloud infrastructure accounts. See more info here: https://cloudsploit.docs.apiary.io/#reference/keys/keys-collection/get-list-all-keys
Let's start with some requires at the top:
var crypto = require('crypto'); var moment = require('moment'); var request = require('request');
Next, add your API key and secrets:
var key = 'YOUR_API_KEY_GOES_HERE'; var secret = 'YOUR_API_SECRET_GOES_HERE'; var apiUrl = 'https://api.cloudsploit.com';
Now work on the signature, first generate a timestamp using moment, this is important because each API call signature will expire after 30 seconds.
var timestamp = (moment.unix(new Date()))/1000; var endpoint = apiURL + path; var string = timestamp + method + path + (body && Object.keys(body).length > 0 ? JSON.stringify(body) : '');
Now, use the timestamped request string to create an HMAC (In cryptography, an HMAC (sometimes expanded as either keyed-hash message authentication code or hash-based message authentication code) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key).
var hmac = crypto.createHmac('sha256', secret); hmac.setEncoding('hex'); hmac.write(string); hmac.end(); var signature = hmac.read();
Once your signature is generated, simply create your request options as follows. Tip: Use a null body for GET requests.
var options = { method: method, url: endpoint, headers: { 'Accept': 'application/json', 'X-API-Key': key, 'X-Signature': signature, 'X-Timestamp': timestamp, "content-type": "application/json" } }; if (body) options.json = body;
Send your request and done!
request(options, function (error, response, body){ console.log(JSON.stringify(response)); });
Now, let's see it all together in an encapsulated makeApiCall function:
var crypto = require('crypto'); var moment = require('moment'); var request = require('request'); var key = 'YOUR_API_KEY_GOES_HERE'; var secret = 'YOUR_API_SECRET_GOES_HERE'; var apiURL = 'https://api.cloudsploit.com'; var makeApiCall = function(method, path, query, body, callback) { var timestamp = (moment.unix(new Date()))/1000; var endpoint = apiURL + path; var string = timestamp + method + path + (body && Object.keys(body).length > 0 ? JSON.stringify(body) : ''); var hmac = crypto.createHmac('sha256', secret); hmac.setEncoding('hex'); hmac.write(string); hmac.end(); var signature = hmac.read(); var options = { method: method, url: endpoint, headers: { 'Accept': 'application/json', 'X-API-Key': key, 'X-Signature': signature, 'X-Timestamp': timestamp, "content-type": "application/json" } }; if (body) options.json = body; console.log(JSON.stringify(options,null,2)); request(options, function (error, response, body){ if (error) return callback(error); callback(null, body); }); }; makeApiCall('GET', '/v2/keys', '', null, function(err, data){ if (err) return console.log(err); console.log(data); });
Below, a more complex example, that requests a realtime scan of a cloud infrastructure account and waits for the results to come back, this is a great example of an API call that can be used for CI (Continuous Integration).
var crypto = require('crypto'); var moment = require('moment'); var request = require('request'); var key = 'YOUR_API_KEY_GOES_HERE'; var secret = 'YOUR_API_SECRET_GOES_HERE'; var apiURL = 'https://api.cloudsploit.com'; var cloudInfrastructureKeyToScan = 5536; var makeApiCall = function(method, path, query, body, callback) { var timestamp = (moment.unix(new Date()))/1000; var endpoint = apiURL + path; var string = timestamp + method + path + (body && Object.keys(body).length > 0 ? JSON.stringify(body) : ''); var hmac = crypto.createHmac('sha256', secret); hmac.setEncoding('hex'); hmac.write(string); hmac.end(); var signature = hmac.read(); var options = { method: method, url: endpoint, headers: { 'Accept': 'application/json', 'X-API-Key': key, 'X-Signature': signature, 'X-Timestamp': timestamp, "content-type": "application/json" } }; if (body) options.json = body; console.log(JSON.stringify(options,null,2)); request(options, function (error, response, body){ if (error) return callback(error); callback(null, body); }); }; var body = { key_id: cloudInfrastructureKeyToScan }; makeApiCall('POST', '/v2/realtimes', '', body, function(err, data){ if (err) return console.log(err); console.log(data); setInterval(function(){ makeApiCall('GET', '/v2/realtimes/' + data.data.realtime_id.toString(), '', null, function(gErr, gData){ if (gErr) return console.log(gErr); console.log(gData); }); }, 5000); });