# FORGE RESTful API Endpoint Guide

## Warning
The documentation is incomplete at the moment. Feel free to contribute to its completion.

## Introduction
FORGE now supports a low-level, lightweight and efficient RESTful API with optimal endpoints. The talk-to-server frequencies are kept to a bare minimum to enforce anonymity. Also the requests and responses are designed to minimize network activity. The *stateless* endpoints provided by the FORGE RESTful API are listed in the following lines. These greatly rely on the client-side application on how the security is maintained.

## Design
1. The API is HTTP-based so all requests and responses would come across as JSON documents with GET fetches.
2. Every successful response from the server would have a `retncode` index to state operational status.
3. Some responses from the server can consists of an array of JSON documents or nothing at all.
4. Application should imbibe security-by-design principles to avoid undue load of bad requests to the API servers.
5. There is a need of session management implemented inside the application as responses are stateless.

## Endpoints
Keep a note that `cloudurl` refers to the reachable URL of the RESTful API server

### Login request

```python
data = {
    "username": "<username>",
    "password": "<password>",
}
rqst = requests.get("<cloudurl>/entrydir/", json = data)
print(rqst.json())
```

The possible state operational status in response are
* `LOGINOKE` - The username and password are checked out and match perfectly. Application can allow login for the provided username.
* `ACNOEXST` - The username and password are checked out but no account with such username exists. Application must not allow login for the provided username.
* `WRNGPSWD` - The username and password are checked out but do not match. Application must not allow login for the provided username.

### Account creation

```python
data = {
    "fullname": "<fullname>",
    "username": "<username>",
    "password": "<password>",
    "emailadr": "<emailadr>",
}
rqst = requests.get("<cloudurl>/makeacnt/", json = data)
print(make.json())
```

The possible responses are
* `ALRDYEXT` - The username is checked with those in the database and was found to match with an existing user. Account creation has not taken place.
* `MADEACNT` - The username is checked with those in the database and was found to not match with anyone. Account creation has taken place.

### Fetching mails for inbox

```python
data = {
    "username": "<username>",
}
rqst = requests.get("<cloudurl>/inbxpage/", json = data)
print(rqst.json())
```

There is only one possible response here
* `INBXPAGE` - The username is checked and both sent and received mails are synchronised from the server.