boulder icon indicating copy to clipboard operation
boulder copied to clipboard
verified publisher icon letsencrypt

Include account ID in authz/challenge URLs

Open aarongable opened this issue 1 year ago • 0 comments

We plan to horizontally shard our database in the new future, directing data into shards based on shard keys. It's very likely that our shard key will include the registration ID of the account owning the order, authz, or challenge. However, our public-facing API URLs for authzs and challenges do not currently include the owning regID, so if we get a query for one of those objects, we won't know which shard to look it up in.

We should augment the URLs that we provide in our API responses to embed the account's regID in the paths for authz and challenge objects.

Proposed RESTful URL scheme:

  • /accts/{RegID}
  • /accts/{RegID}/orders/{OrderID}
  • /accts/{RegID}/authzs/{AuthzID}
  • /accts/{RegID}/authzs/{AuthzID}/challs/{ChallStringID}

Alternate scheme (pro: less disruptive; cons: less obvious)

  • /acme/acct/{RegID} (no change)
  • /acme/order/{RegID}/{OrderID} (no change)
  • /acme/authz/{RegID}/{AuthzID}
  • /acme/chall/{RegID}/{AuthzID}/{ChallStringID}

aarongable avatar Aug 27 '24 20:08 aarongable