Basics
The basics for using the Tap API
Access
Sign up for a management account on Tap Web. Once you’re registered, navigate to Account → API management.
Make your first API app to create your primary and secondary API keys. Store those securely, because you will not be able to retrieve them later on.
Webhooks
You can set up webhooks via Webhooks.
Authenticating webhook events
You may want to verify Tap is the sender of webhook events. All webhook events have a signature and timestamp header.
X-Tap-Signature: 38BB580D8BAD61FAD95442AC6006C9AB017CE1FDE03D071630ED71AD08880288
X-Tap-Timestamp: 1751554641Each webhook you create will have its own webhook secret. You can verify the payload was sent by Tap and was not modified along the way with the following logic and your webhook secret, and the timestamp and signature from the headers.
Ensure the json body is used exactly as it was received.
import hmac
import hashlib
# === CONFIG ===
# Replace with your real secret in hex format:
secret_string = "9F2ABRACADABRA"
# The timestamp you received:
timestamp = "1751553006"
# The signature you received:
provided_signature = "85DCF2E6CD3C8E169AEAF3B20781BCEDF0223994A2D9AB23209C87325B8CB725"
# The **exact minified JSON** you received:
json_body = '{"id":"evt_mC4Ou1mHUUKcEaGwYvo17Q","type":"TokenAuthorization","data":{"tokenAuthId":"NL-TAP-C12345-6","tokenVisualId":"TAP-ABCDE-X","locationDetails":{"locationId":"139B2228-2D46-4694-A374-ACB9D49C21D7","coordinates":{"latitude":52.374171,"longitude":4.84897}},"createdAt":"2025-07-03T14:30:06.4017443Z"}}'
# === VERIFICATION ===
# Combine timestamp + '.' + body exactly
payload = f"{timestamp}.{json_body}"
# Convert secret from string to bytes
secret_key = secret_string.encode("utf-8")
# Compute HMAC-SHA256
computed_signature = hmac.new(secret_key, payload.encode("utf-8"), hashlib.sha256).hexdigest().upper()
print(f"Payload:\n{payload}\n")
print(f"Expected signature : {provided_signature}")
print(f"Computed signature : {computed_signature}")
if computed_signature == provided_signature:
print("\nSignature matches!")
else:
print("\n Signature does NOT match!")