* Needs to be a system that scales infinitely.
= APIS v1.0 =
'''Unless stated otherwise, all APIs are using applicationsee http:/json for the requests and responses content types/docs.services.mozilla.com/token/apis.'''html
== GET /1.0/<app_name>/<app_version> ==
Asks for new token given some credentials in the Authorization header.
By default, the authentication scheme is Browser ID but other schemes can potentially be used if supported by the login server. '''app_name''' is the name of the application to access, like '''sync'''. '''app_version''' is the specific version number of the api that you want to access. The first /1.0/ in the URL defines the version of the sagrada token.
Example for Browser-Id:
<pre>
GET /1.0/sync/2.0
Host: token.services.mozilla.com
Authorization: Browser-ID <assertion>
</pre>
This API returns several values in a json mapping:
* '''oauth_consumer_key''' - a signed authorization token, containing the user's id and expiration
* '''oauth_consumer_secret''' - a secret derived from the shared secret
* '''service_entry''': a node url
Example:
<pre>
HTTP/1.1 200 OK
Content-Type: application/json
{'oauth_consumer_key': <token>,
'oauth_consumer_secret': <derived-secret>,
'service_entry': <node>,
}
</pre>
All errors are also returned as json responses, following the structure described in Cornice.
XXX need to document this in Cornice
Status codes and error codes:
* 404 : unknown URL (0), or unsupported application (1).
* 400 : malformed request - missing option or bad values(2) or malformed json (3) or unsupported authentication protocol (4)
* 401 : authentication failed or protocol not supported (5). The response in that case will contain WWW-Authenticate headers (one per supported scheme)
* 405 : unsupported method (6)
* 406 : unacceptable - the client asked for an Accept we don't support (7)
* 503 : service unavailable (ldap or snode backends may be down) (8)
= Proposed Design =
