d-note icon indicating copy to clipboard operation
d-note copied to clipboard

Published 20 hours ago verified publisher icon atoponce

Create an API

Open atoponce opened this issue 10 years ago • 2 comments

Beginning discussion about creating an API here. It should be a RESTful API, as standard. The base API URL would be https://example.com/api/. So far, I've only come up with the basics:

MethodURIAction
POSThttps://example.com/api/createCreate a new encrypted note.
GEThttps://example.com/api/[random_URI]Retrieve an encrypted note.

Creation

Creating a note would mean including the required note, the required hashcash token, an optional passphrase, and an optional duress key. As standard, the application will return the random URL. The data in the note could be JSON formatted data, unless there is an easier format to store the data in:

note = [
    {
        'data': u'Encrypt all the things.',
        'hashcash': u'1:20:140615:token::H4pKzifj5g65gx9g:Bzlg', 
        'passphrase': u'Y6stJWMfaUT5E3L4KeSetezQ',
        'duress': u'65y48qszwCmNU3BPGt1U8S3L'
    }
]

The data should also accept a plaintext file to encrypt. The hashcash token will need to be minted either by the application, or by hand using the hashcash(1) utility on Unix. The passphrase should always be generated client-side, so the server knows nothing of it, thus protecting the server administrator (and the end user). The duress key should also be generated client-side. Both the passphrase and the duress key are optional.

Retrieval

When retrieving an encrypted note, to be fully RESTful, if a passphrase was used to decrypt the note, then that will need to be passed as part of the URL. I'm thinking something like this:

https://example.com/api/[random_url]?p=Y6stJWMfaUT5E3L4KeSetezQ

This will return only the plaintext of the note, and no underlying HTML from any templates.

atoponce avatar Jun 15 '14 15:06 atoponce

I can't help but wonder if we can't clean up fetch_url(). Beginning to create the api_retrieve() function, and it seems that a lot of code is about to get duplicated. So, looking at the code, and not liking what I'm seeing, I'm on a mission to clean it up.

atoponce avatar Jun 16 '14 12:06 atoponce

@atoponce was this implemented, or is it still incubating after 7 years? :smiley: Indeed the API is really necessary, and it's available with Privnote for instance.

maxadamo avatar Jul 28 '21 12:07 maxadamo