Get Started with Salesforce Spiff Import API and Object API

Import records into Salesforce Spiff, such as teams and team assignments, or create, read, update, and delete Spiff objects and fields.

All endpoints in the Spiff Import API and Spiff Object API require a signature header, which is a HMAC-SHA256 cryptographic hash of the current time, the request body, and a secret key for your company. The signature format is t={timestamp},v1={digest}, where {timestamp} is a UTC epoch timestamp and {digest} is a string representation of the HMAC-SHA256 digest.

First, contact Salesforce Customer Support and request the secret key for your company. Then, generate the signature.

Here's a cURL example for generating a signature.

Replace these values:

  • COMPANY_ID: Your Spiff company ID, which you can find at Admin » Settings » Company Settings » Company Identifiers.
  • COMPANY_SECRET: Your Spiff company secret that you received from Salesforce Customer Support.
  • SUBDOMAIN: The subdomain for your Spiff environment.
    • If you're in the US, use us1.
    • If you're in the EU, use eu1.

Here's a Python example.

Replace these values:

  • KEY: Your Spiff company secret that you received from Salesforce Customer Support.
  • OBJECT_ID: The ID of a Spiff object, such as 0a5de148-4864-41f3-bd59-03ee50435e14, or the name of a supported Spiff object, such as teams.

To verify that you generated the HMAC-SHA256 signature correctly, pass the signature in a header with the testImport endpoint.

Replace these values:

  • SUBDOMAIN: The subdomain for your Spiff environment.
    • If you're in the US, use us1.
    • If you're in the EU, use eu1.
  • COMPANY_ID: Your company's UUID in Spiff, which you can find at Admin » Settings » Company Settings » Company Identifiers.
  • TIMESTAMP: The string representation of the UTC epoch timestamp when the signature was created.
  • DIGEST: The string representation of the HMAC-SHA256 signature that you generated.

You can now use the other endpoints in the Import API and Object API. See Spiff Import API and Spiff Object API. Make sure that you pass the signature header for every endpoint.

See Also