Confirmed users
927
edits
Services/KeyExchange: Difference between revisions
Jump to navigation
Jump to search
→Server API
Tarek.ziade (talk | contribs) |
Tarek.ziade (talk | contribs) |
||
| Line 85: | Line 85: | ||
The only valid HTTP response codes are 200 and 304 since those are part of the protocol and expected to happen. Anything else, like 400, 403, 404 or 503 must result in a complete termination of the password exchange. The client can retry the exchange then at a later time, starting all over with clean state. | The only valid HTTP response codes are 200 and 304 since those are part of the protocol and expected to happen. Anything else, like 400, 403, 404 or 503 must result in a complete termination of the password exchange. The client can retry the exchange then at a later time, starting all over with clean state. | ||
Every call must be done with a ''X-Weave-ClientID'' header, containing | Every call must be done with a ''X-Weave-ClientID'' header, containing a half-session identifier for the client. This id must be a string of 256 chars. The server will keep track of the two first ids used for a given channel, from its creation to its deletion and will close the channel and issue a 400 if any request is made with an unkown id or with no id at all. | ||
Last, if a given IP attempts to do more than 100 requests in less than 5 minutes, the server will blacklist the IP for 10 minutes and return a 403 in the interim. When receiving this error code, legitimate clients can fall back to a manual transaction. | Last, if a given IP attempts to do more than 100 requests in less than 5 minutes, the server will blacklist the IP for 10 minutes and return a 403 in the interim. When receiving this error code, legitimate clients can fall back to a manual transaction. | ||