You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Beginning discussion about creating an API here. It should be a RESTful API, as standard. The base API URL would be https://example.com/api/. So far, I've only come up with the basics:
Method
URI
Action
POST
https://example.com/api/create
Create a new encrypted note.
GET
https://example.com/api/[random_URI]
Retrieve an encrypted note.
Creation
Creating a note would mean including the required note, the required hashcash token, an optional passphrase, and an optional duress key. As standard, the application will return the random URL. The data in the note could be JSON formatted data, unless there is an easier format to store the data in:
note = [
{
'data': u'Encrypt all the things.',
'hashcash': u'1:20:140615:token::H4pKzifj5g65gx9g:Bzlg',
'passphrase': u'Y6stJWMfaUT5E3L4KeSetezQ',
'duress': u'65y48qszwCmNU3BPGt1U8S3L'
}
]
The data should also accept a plaintext file to encrypt. The hashcash token will need to be minted either by the application, or by hand using the hashcash(1) utility on Unix. The passphrase should always be generated client-side, so the server knows nothing of it, thus protecting the server administrator (and the end user). The duress key should also be generated client-side. Both the passphrase and the duress key are optional.
Retrieval
When retrieving an encrypted note, to be fully RESTful, if a passphrase was used to decrypt the note, then that will need to be passed as part of the URL. I'm thinking something like this:
I can't help but wonder if we can't clean up fetch_url(). Beginning to create the api_retrieve() function, and it seems that a lot of code is about to get duplicated. So, looking at the code, and not liking what I'm seeing, I'm on a mission to clean it up.
@atoponce was this implemented, or is it still incubating after 7 years? 😃
Indeed the API is really necessary, and it's available with Privnote for instance.
Beginning discussion about creating an API here. It should be a RESTful API, as standard. The base API URL would be https://example.com/api/. So far, I've only come up with the basics:
Creation
Creating a note would mean including the required note, the required hashcash token, an optional passphrase, and an optional duress key. As standard, the application will return the random URL. The data in the note could be JSON formatted data, unless there is an easier format to store the data in:
The data should also accept a plaintext file to encrypt. The hashcash token will need to be minted either by the application, or by hand using the
hashcash(1)
utility on Unix. The passphrase should always be generated client-side, so the server knows nothing of it, thus protecting the server administrator (and the end user). The duress key should also be generated client-side. Both the passphrase and the duress key are optional.Retrieval
When retrieving an encrypted note, to be fully RESTful, if a passphrase was used to decrypt the note, then that will need to be passed as part of the URL. I'm thinking something like this:
This will return only the plaintext of the note, and no underlying HTML from any templates.
The text was updated successfully, but these errors were encountered: