In April 2020, to improve data security, the ACTIVENet System APIs have enhanced authentication that requires an additional dynamic digital signature in every API request.
New API users must enable their API license, make API requests using both their API key and a digital signature. For more information, please refer the following sections on this page.
Existing API users can continue to make API requests using only their API key. Please refer to the following sections and plan accordingly to migrate to the enhanced-security APIs and modify your application’s API requests. If you have any questions, please contact your account manager or the ACTIVENet support team.
Submit a support ticket to request implementation of the new API authentication method for your API requests.
The ACTIVENet back-office team will update the API configuration for your ACTIVENet site and the ACTIVENet support team will provide you with an API key (for existing API users, this API key will be the same as their current API key) and a sharedSecret key.
Update your program to use the API key and the sharedSecret key to generate dynamic digital signatures and then make API requests using the API key and the dynamic digital signatures.
When the updates to your program are complete, inform the ACTIVENet support team.
The ACTIVENet back-office team will disable the old API authentication method for your ACTIVENet site and the ACTIVENet support team will inform you when the old API authentication method is disabled.
To access the ACTIVE Net System API, you must have a valid Public APIs license. When your license expires, your access to the API will cease, even if you possess the API key.
Note that Calling a POST or PUT API require a write-access API key. To apply for a write-access API key, please contact the ACTIVENet support team.
To enable your API license, please contact the ACTIVE Net support team (activenetsupport@activenetwork.com).
An API key is an alphanumeric Universal Unique Identifier (UUID) string generated by ACTIVE Net, for example: 1234567890xn3xnteudxsavw. The API Key authenticates your organization's access to the API.
Note:
The API key is CONFIDENTIAL and should be distributed to authorized parties only. Your organization’s API key allows the querying of confidential information from your organization, for example, customer data.
A single, unique API key is issued per organization.
Access to the ACTIVE Net System API is limited by organization. The API key for one organization cannot be used to retrieve data from another organization.
To apply for an API key for your organization, please contact the ACTIVE Net support team (activenetsupport@activenetwork.com).
The ACTIVE Net Trainer site and Live site are different systems. To retrieve data from the Trainer site, contact the ACTIVE Net support team (activenetsupport@activenetwork.com) and request an API key for the Trainer site.
A sharedSerect key is a string used along with the API key to generate a digital signature.
The digital signature is a dynamic, 64-digit string encrypted using the API key, the sharedSecret key and a timestamp. The digital signature allows the API server to verify that an API request using your API key is authorized to access ACTIVENet data.
Refer to the following Java code example on generating a dynamic digital signature. The token string is the dynamic digital signature to be used in an API request.
package com.activenet.web;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.time.Instant;
public class MasheryAuthenticationTest {
/**
* Create token with SHA-256
* @param message
* @return
*/
private static String sha256Hash(String message) {
MessageDigest md = null;
try {
md = MessageDigest.getInstance("SHA-256");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
md.update(message.getBytes(StandardCharsets.UTF_8));
byte[] hash = md.digest();
StringBuffer hexString = new StringBuffer();
for (int i = 0; i < hash.length; i++) {
String hex = Integer.toHexString(0xff & hash[i]);
if(hex.length() == 1) hexString.append('0');
hexString.append(hex);
}
return hexString.toString();
}
/**
* Get current timestamp
* @return
*/
private static String getTimestamp() {
Instant instant = Instant.now();
long timeStampEpochSeconds = instant.getEpochSecond();
return String.valueOf(timeStampEpochSeconds);
}
/**Test request a API with token
* @param args
* @throws MalformedURLException
* @throws IOException
*/
public static void main(String[] args) throws MalformedURLException, IOException {
String apiKey = "12345678902jvnsj9sjtaeg2";
String sharedSecret = "12345KQ6nU";
String url = "https://api.amp.active.com/anet-systemapi-stg-sec/orgtest/api/v1/activities?activity_status_id=1&site_ids=101,102&api_key=12345678902jvnsj9sjtaeg2&sig=";
String timestamp = getTimestamp();
System.out.println("Timestamp: " + timestamp);
// Generate token from api key, shared key and timestamp.
String token = sha256Hash(apiKey + sharedSecret + timestamp);
System.out.println(token);
url = url + token;
System.out.println("URL is " + url);
// Send HTTP request based on URL.
HttpURLConnection con = (HttpURLConnection) new URL(url).openConnection();
con.setRequestMethod("GET");
int status = con.getResponseCode();
System.out.println("Response code: " + status);
InputStream input = null;
if (status < 400) {
input = con.getInputStream();
} else {
input = con.getErrorStream();
}
BufferedReader in = new BufferedReader(
new InputStreamReader(input));
String inputLine;
// Handle API response.
StringBuffer content = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
content.append(inputLine);
}
in.close();
System.out.println(content.toString());
con.disconnect();
}
}
If you have enabled the enhanced-security APIs, then the API request URL requires the following changes:
Change the {service name} field to:
For US organizations: anet-systemapi-sec
For Canadian organizations: anet-systemapi-ca-sec
Append the digital signature field: sig={dynamic signature}
For more information on digital signatures, please refer to Generating a dynamic digital signature.
To prepare an API request URL, refer to the fields in bold below:
Previously, an API request URL contained the following fields:
{https}://{host address}/{service name}/{organization id}/api/{API version}/{resource name}?{request parameter strings 1}&{request parameter strings 2}&api_key={your API key}
Now, an API request URL must contain the following fields:
{https}://{host address}/{new service name}/{organization id}/api/{API version}/{resource name}?{request parameter strings 1}&{request parameter strings 2}&api_key={your API key}&sig={dynamic signature}
For more information on preparing an API request URL, refer here.
For example, if:
You are an US organization, then your service name is anet-systemapi-sec
Your live site organization ID is orgtest
You are using version 1 (v1) of the API. Refer to the List of System APIs to view specifications for the required API. To retrieve summary information for closed activities under site IDs 101 and 102:
The required resource name to retrieve summary information for activities is activities
For a closed activity, activity_status_id=1
For activities under Site IDs 101 and 102, site_ids=101,102
Your live site API key is api_key=12345678902jvnsj9sjtaeg2
A digital signature generated from your live site API key, live site sharedSecret and the timestamp at the time of the request: 123456789053d04a986960dd0d53f925568556c888db653669420a54746f9375
The API request URL for the live site is thus:
https://api.amp.active.com/anet-systemapi-sec/orgtest/api/v1/activities?activity_status_id=1&site_ids=101,102&api_key=12345678902jvnsj9sjtaeg2&sig=12345678953d04a986960dd0d53f925568556c888db653669420a54746f9375
Retrieving data from ACTIVE Net