Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create an API #32

Open
atoponce opened this issue Jun 15, 2014 · 2 comments
Open

Create an API #32

atoponce opened this issue Jun 15, 2014 · 2 comments

Comments

@atoponce
Copy link
Owner

Beginning discussion about creating an API here. It should be a RESTful API, as standard. The base API URL would be https://example.com/api/. So far, I've only come up with the basics:

MethodURIAction
POSThttps://example.com/api/createCreate a new encrypted note.
GEThttps://example.com/api/[random_URI]Retrieve an encrypted note.

Creation

Creating a note would mean including the required note, the required hashcash token, an optional passphrase, and an optional duress key. As standard, the application will return the random URL. The data in the note could be JSON formatted data, unless there is an easier format to store the data in:

note = [
    {
        'data': u'Encrypt all the things.',
        'hashcash': u'1:20:140615:token::H4pKzifj5g65gx9g:Bzlg', 
        'passphrase': u'Y6stJWMfaUT5E3L4KeSetezQ',
        'duress': u'65y48qszwCmNU3BPGt1U8S3L'
    }
]

The data should also accept a plaintext file to encrypt. The hashcash token will need to be minted either by the application, or by hand using the hashcash(1) utility on Unix. The passphrase should always be generated client-side, so the server knows nothing of it, thus protecting the server administrator (and the end user). The duress key should also be generated client-side. Both the passphrase and the duress key are optional.

Retrieval

When retrieving an encrypted note, to be fully RESTful, if a passphrase was used to decrypt the note, then that will need to be passed as part of the URL. I'm thinking something like this:

https://example.com/api/[random_url]?p=Y6stJWMfaUT5E3L4KeSetezQ

This will return only the plaintext of the note, and no underlying HTML from any templates.

@atoponce atoponce added this to the Butisol 30mg milestone Jun 15, 2014
@atoponce
Copy link
Owner Author

I can't help but wonder if we can't clean up fetch_url(). Beginning to create the api_retrieve() function, and it seems that a lot of code is about to get duplicated. So, looking at the code, and not liking what I'm seeing, I'm on a mission to clean it up.

@maxadamo
Copy link

@atoponce was this implemented, or is it still incubating after 7 years? 😃
Indeed the API is really necessary, and it's available with Privnote for instance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants