Back to notify.me main site
Recent pages

Edit
page

New
page

Print
page
Page last modified 16:34, 1 Jul 2009 by arnie
0
Page Notifications Off
notify.me - User Wiki > API > REST API

REST API

From $1

Current Version: 0.1

This document only covers what is currently implemented in the API. For a roadmap of the API, refer to "Roadmap Draft".

Client Implementations

Overview

Account Service is the public REST API into the notify.me service. The API serves both end users and notification sources

Verb:Suffix Description
GET:/accounts/{id}/authenticate Retrieve authentication credential requirements
POST:/accounts/{id}/authenticate Authenticate the account
GET:/accounts/{id}/sources Retrieve sources
POST:/accounts/{id}/sources Create a new source
GET:/accounts/{id}/sources/{id} Get source information
PUT:/accounts/{id}/sources/{id} Modify a source
DELETE:/accounts/{id}/sources/{id} Remove a source
POST:/accounts/{id}/sources/{id}/notifications Post a new notification to a source

  1. 1. Client Implementations
  2. 2. Overview
  3. 3. Authentication
  4. 4. Exposing Sources for Users to subscribe to
  5. 5. Global Headers
    1. 5.1. X-Api-Version
    2. 5.2. X-Auth
  6. 6. Data Types
    1. 6.1. Legal Id Values
    2. 6.2. Notification
    3. 6.3. Source
  7. 7. Features
    1. 7.1. Account Information
      1. 7.1.1. Retrieve authentication credential requirements
      2. 7.1.2. Authenticate account
    2. 7.2. Sources
      1. 7.2.1. Retrieve all Sources for the account
      2. 7.2.2. Create a new Source on the account
      3. 7.2.3. Retrieve Source Information
      4. 7.2.4. Create a Source with a specific Id or Modify an existing Source
      5. 7.2.5. Remove an existing Source
      6. 7.2.6. Post new notification to the source

Authentication

The notify.me API provides two mechanisms for providing authentication information:

  • An auth cookie (for client frameworks supporting the persistence of cookies)
  • An X-Auth Header (in case cookies are not supported)

Both forms of authentication are used to provide the same authentication token to the API. For security reasons, this authentication token is temporary and tied to the client's IP. Any client using the notify.me API must be able to to cope with 401 - Unauthorized response (which includes a Location header for the authentication endpoint) and re-authenticate before continuing.

An example authentication workflow follows:

  1. Client calls some API uri, such as GET:/accounts/{id}/notifications
  2. Server responds with 401 - Unauthorized, provideing a Location of http://{server}/accounts/{id}/authenticate
  3. Client MUST do a GET on the authentication URI, generally GET:/accounts/{id}/authenticate to retrieve the authentication challenge
  4. Client computes the response to the Server challenge
    1. Client constructs a string from the account password and the challenge node content, like {password}{challenge}
    2. Client creates an encoded md5sum hash from the {password}{challenge} string
    3. Client constructs an authentication document including the challenge and the computed response
  5. Client POSTs the authentication document at POST:/accounts/{id}/authenticate
  6. Upon verfication of the response string, Server responds with a 200 - Ok, including an auth cookie and an X-Auth header, either one of which can be used for authentication
  7. Client resumes, by calling the original URI providing the new authentication credentials

Since the auth token is tied to an IP, clustered client services CANNOT share a single authtoken, but MUST go through the above authetication flow and persist their authentication token locally.

Exposing Sources for Users to subscribe to

The href attribute of the affiliate element that is returned in with the following call GET:/accounts/{id}/sources provides a uri that a customer can post for users to subsribe to that source. You can get a notify.me badge for your site from the following page: Notify.me Affiliate Program.

Global Headers

Note on Headers: By rfc2616, Http header field names are case-insensitive, i.e. while this document describes headers in mixed-case, it is not guaranteed that the API will return them as such.

X-Api-Version

All API keys should include an X-Api-Version header to indicate the compatibility mode desired. If omitted, the current API compatibility level is assumed

X-Auth

To be used for authentication by clients that cannot use cookie authentication.

Data Types

Legal Id Values

A resource id is specified as part of a URI as an alphanumeric ID. {sourceid}, {notificationid} and {subscriptionid} are both resource id's and are created either by:

  • a POST against the base URI for its path (i.e. the Id in the X-Id header)
    • in the POST scenario, it is the responsibility of the API to generate a resource id
  • a PUT against the URI with the resource id as the postfix
    • in the PUT scenario, a resource id is only created if no resource exists at the uri, otherwise an existing resource is updated with the PUT data

Notification

<notification id="..." href="...">
  <uri>...</uri>
  <subject>...</subject>
</notification>

id and href are meta-daa about the notification returned by GET requests and are ignored if included in PUT or POST requests. id is the globally unique reference id for the notification associated on creation, while href is the canonical uri to the notification document.

Source

<source id="..." href="...">
    <name>...</name>
    
    <!-- href to be used on source owner site to direct users to www.notify.me
         to subscribe -->
    <affiliate href="..." />

    <!-- uri is optional and used to provide an information link about the source -->
    <uri>...</uri>
</source>

id and href are meta-data about the source returned by GET requests and are ignored if included in PUT or POST requests. id is the account unique reference id for the source, either generated by the API on POST or provided as part of the Uri on PUT, while href is the canonical uri to the source document.

The default type (i.e. if omitted on create) is api, meaning that the source receives notifications from posts to the REST API.

Features

Account Information

Retrieve authentication credential requirements

Path: GET:/accounts/{id}/authenticate

This feature returns the challenge key that must be used to execute a successful authenticate PUT

Response

Response Response Body Description
Ok (200) see below
 operation completed successfully
Bad Request (400) text/xml request could not be completed, because of invalid data in the request

Response body

<authenticate>
    <challenge>...</challenge>
</authenticate>

Authenticate account

Path: POST:/accounts/{id}/authenticate

This call must follow a GET on the same URL, since the request body must include the challenge and a response, which consists of an md5sum ofthe account password and the challenge contatenated like

{password}{challenge}

Request body

<authenticate>
    <challenge>...</challenge>
    <response>...</response>
</authenticate>

Response

Response Response Body Description
Ok (200) see below
 operation completed successfully
Bad Request (400) text/xml request could not be completed, because of invalid data in the request
Unauthorized (401) text/xml Missing or bad authentication
Forbidden (403) text/xml Authenticated user does not have access

Response body

The reponse body will always be empty, but on Ok (200) the response will include a authentication cookie (for clients that can use cookies) and an X-Auth header which can be used in lieu of the cookie.

Sources

Retrieve all Sources for the account

Path: GET:/accounts/{id}/sources

This feature returns all sources owned by the account

Request

Query Argument
 Type Description
limit (optional) int Max number of sources to retrieve
skip (optional) int Skips the first n sources (used for pagination). Must be used in conjunction with limit

Response

Response Response Body Description
Ok (200) see below
 operation completed successfully
Bad Request (400) text/xml request could not be completed, because of invalid data in the request
Unauthorized (401) text/xml Missing or bad authentication
Forbidden (403) text/xml Authenticated user does not have access

Response body

<sources>
    <source>
        <!-- see above -->
    </source>
    ...
</sources>

Create a new Source on the account

Path: POST:/accounts/{id}/sources

Post a registration of a new source available for subscription by other accounts that this account posts messages to

Request Body

<source>
    <!-- see above -->
</source>

Response

Response Response Body Description
Created (201) text/xml
 operation completed successfully
Bad Request (400) text/xml request could not be completed, because of invalid data in the request
Unauthorized (401) text/xml Missing or bad authentication
Forbidden (403) text/xml Authenticated user does not have access

Response Headers

Header Description
Location the location the created source can be retrieved from
X-Id The unique id of the created notification (used as {sourceid} to construct the Location

Retrieve Source Information

Path: GET:/accounts/{id}/sources/{sourceid}

Create a Source with a specific Id or Modify an existing Source

Path: PUT:/accounts/{id}/sources/{sourceid}

Remove an existing Source

Path: DELETE:/accounts/{id}/sources/{sourceid}

Post new notification to the source

Path: POST:/accounts/{id}/sources/{sourceid}/notifications

Tags:
Attach file or image
Files (0)
 
Images (0)
 
Comments (0)
You must login to post a comment.

 
Powered by MindTouch Core v.9.02.2