The API allows our Star Alliance partners, a straightforward way to view reviews, manage users and push reviews to the GreatNonprofits review system.

The API consumer maintains full control over any reviews or users linked to their account and can freely edit, update and delete these records and users as needed. GreatNonprofits simply provides a mechanism for your organization to push reviews out to our system and a way to associate them with your users; all user authentication, and validation occurs within your internal systems.

Security & Calculating the HMAC Token

All API calls on production must include an HMAC token generated using one of your API keys and the SHA256 digest algorithm. This token must be passed to server on the “GNP-HMAC-Authorization” request header.

The HMAC token should be generated against the request url, request headers (sorted alphabetically) and the message body separated by colons “:”. (e.g. $url . “:” . $headerString . “:” . $body).