Confirmed users
927
edits
Services/KeyExchange: Difference between revisions
→Server API
(Fleshing out notes.) |
Tarek.ziade (talk | contribs) |
||
| Line 83: | Line 83: | ||
== Server API == | == Server API == | ||
The only valid HTTP response codes are 200 and 304 since those are part of the protocol and expected to happen. Anything else, like 404 or 503 must result in a complete termination of the password exchange. The client can retry the exchange then at a later time, starting all over with clean state. | The only valid HTTP response codes are 200 and 304 since those are part of the protocol and expected to happen. Anything else, like 400, 404 or 503 must result in a complete termination of the password exchange. The client can retry the exchange then at a later time, starting all over with clean state. | ||
The server API knows | Every call must be done with a X-Weave-ClientID header, containing an identifier for the client. This id must be a string of at least 32 chars and at most 256 chars. It can be created with a md5 or sha hash of a random number for instance. The server will keep track of the two first ids used for a given channel, from its creation to its deletion and will close the channel and issue a 400 if any request is made with an unkown id or with no id at all. | ||
The server API knows four calls: | |||
'''GET''' '''https://''server''/new_channel''' | '''GET''' '''https://''server''/new_channel''' | ||
Returns in the response body a random channel id | Returns in the response body a random channel id of N chars from [a-z0-9], | ||
followed by a suggested length for the password the client should use. | |||
The response is a JSON-encoded list of two element. Example: ["dfc", 6] | |||
When the API is called, The id returned is guaranteed to be unique. | |||
The channel created will have a limited ttl (currently configured to 5 minutes). | |||
Return codes: | Return codes: | ||
- 200: channel created successfully | - 200: channel created successfully | ||
- 503: the server was unable to create a new channel. | - 503: the server was unable to create a new channel. | ||
- 400: Bad or no ClientId. The channel is deleted. | |||
| Line 112: | Line 118: | ||
to ''new_channel'' or timed out. | to ''new_channel'' or timed out. | ||
- 304: the data was not changed. | - 304: the data was not changed. | ||
- 400: Bad or no ClientId. The channel is deleted. | |||
| Line 124: | Line 130: | ||
- 404: the channel does not exists. It was not created by a call | - 404: the channel does not exists. It was not created by a call | ||
to ''new_channel'' or timed out. | to ''new_channel'' or timed out. | ||
- 400: Bad or no ClientId. The channel is deleted. | |||
'''DELETE''' '''https://''server''/''channel_id'' ''' | '''DELETE''' '''https://''server''/''channel_id'' ''' | ||
Delete the channel of id ''channel_id''. | Delete the channel of id ''channel_id''. If the response bidy is not empty, it will be used to issue a security log. The body size is limited to 1000. | ||
Return codes: | Return codes: | ||
- 200: channel deleted successfully | - 200: channel deleted successfully | ||
- 503: the server was unable to | - 503: the server was unable to delete the channel | ||
- 404: the channel does not exists. It was not created by a call | - 404: the channel does not exists. It was not created by a call | ||
to ''new_channel'' or timed out. | to ''new_channel'' or timed out or already deleted. | ||
- 400: Bad or no ClientId. The channel is deleted. | |||
== Detailed Flow == | == Detailed Flow == | ||