Get Started with Salesforce Spiff Import API and Object API

Import records into Salesforce Spiff, such as teams and team assignments, or create, read, update, and delete Spiff objects and fields.

All endpoints in the Spiff Import API and Spiff Object API require a signature header with a SHA-256 hash-based message authentication code (HMAC) digest, in the format t={timestamp},v1={digest}, where {timestamp} is a UTC epoch timestamp and {digest} is a string representation of the HMAC digest.

First, contact Salesforce Customer Support and request your Company Secret, which is required for generating the HMAC signature.

Here's a JavaScript example for generating a signature.

Replace these values:

  • KEY: The Company Secret that you received.

Here's a Python example.

Replace these values:

  • KEY: The Company Secret that you received.
  • OBJECT_ID: The ID of a Spiff object, such as 0a5de148-4864-41f3-bd59-03ee50435e14, or the name of a supported Spiff object, such as teams

To verify that you generated the HMAC signature correctly, pass the signature in a header with the testImport endpoint.

Replace these values:

  • SUBDOMAIN: The subdomain for your Spiff environment.
    • If you're in the US and using Google Cloud Platform, use app.
    • If you're in the US and using Hyperforce, use us1.
    • If you're in the EU and using Google Cloud Platform, use eu.
    • If you're in the EU and using Hyperforce, use eu1.
  • COMPANY_ID: Your company's UUID in Spiff, which you can find at Admin » Settings » Company Settings » Company Identifiers.
  • TIMESTAMP: The string representation of the UTC epoch timestamp when the signature was created.
  • HASH: The string representation of the HMAC signature that you generated.

You can now use the other endpoints in the Import API and Object API. See Spiff Import API and Spiff Object API. Make sure that you pass the signature header for every endpoint.

See Also