canmove, Confirmed users
725
edits
Services/KeyExchange: Difference between revisions
→Server API
| Line 85: | Line 85: | ||
The only valid HTTP response codes are 200 and 304 since those are part of the protocol and expected to happen. Anything else, like 400, 403, 404 or 503 must result in a complete termination of the password exchange. The client can retry the exchange then at a later time, starting all over with clean state. | The only valid HTTP response codes are 200 and 304 since those are part of the protocol and expected to happen. Anything else, like 400, 403, 404 or 503 must result in a complete termination of the password exchange. The client can retry the exchange then at a later time, starting all over with clean state. | ||
Every call must be done with a ''X-KeyExchange-Id'' header, containing a half-session identifier for the channel. This | Every call must be done with a ''X-KeyExchange-Id'' header, containing a half-session identifier for the channel. This client ID must be a string of 256 chars. The server will keep track of the two first ids used for a given channel, from its creation to its deletion and will close the channel and issue a 400 if any request is made with an unknown id or with no id at all. | ||
Last, if a given IP attempts to do more than 100 requests in less than 5 minutes, the server will blacklist the IP for 10 minutes and return a 403 in the interim. When receiving this error code, legitimate clients can fall back to a manual transaction. | Last, if a given IP attempts to do more than 100 requests in less than 5 minutes, the server will blacklist the IP for 10 minutes and return a 403 in the interim. When receiving this error code, legitimate clients can fall back to a manual transaction. | ||
| Line 103: | Line 103: | ||
- 200: channel created successfully | - 200: channel created successfully | ||
- 503: the server was unable to create a new channel. | - 503: the server was unable to create a new channel. | ||
- 400: Bad or no | - 400: Bad or no client ID. The channel is deleted. | ||
- 403: the IP is blacklisted. | - 403: the IP is blacklisted. | ||
| Line 121: | Line 121: | ||
to ''new_channel'' or timed out. | to ''new_channel'' or timed out. | ||
- 304: the data was not changed. | - 304: the data was not changed. | ||
- 400: Bad or no | - 400: Bad or no client ID. The channel is deleted. | ||
- 403: the IP is blacklisted. | - 403: the IP is blacklisted. | ||
| Line 134: | Line 134: | ||
- 404: the channel does not exists. It was not created by a call | - 404: the channel does not exists. It was not created by a call | ||
to ''new_channel'' or timed out. | to ''new_channel'' or timed out. | ||
- 400: Bad or no | - 400: Bad or no client ID. The channel is deleted. | ||
- 403: the IP is blacklisted. | - 403: the IP is blacklisted. | ||
| Line 147: | Line 147: | ||
- 404: the channel does not exists. It was not created by a call | - 404: the channel does not exists. It was not created by a call | ||
to ''new_channel'' or timed out or already deleted. | to ''new_channel'' or timed out or already deleted. | ||
- 400: Bad or no | - 400: Bad or no client ID. The channel is deleted. | ||
- 403: the IP is blacklisted. | - 403: the IP is blacklisted. | ||