2 <!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
3 <!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
6 <meta http-equiv=
"X-UA-Compatible" content=
"IE=edge">
7 <meta name=
"viewport" content=
"width=device-width, initial-scale=1.0">
10 <link rel=
"shortcut icon" href=
"../img/favicon.ico">
11 <title>REST API - Shaarli Documentation
</title>
12 <link href='https://fonts.googleapis.com/css?family=Lato:
400,
700|Roboto+Slab:
400,
700|Inconsolata:
400,
700' rel='stylesheet' type='text/css'
>
14 <link rel=
"stylesheet" href=
"../css/theme.css" type=
"text/css" />
15 <link rel=
"stylesheet" href=
"../css/theme_extra.css" type=
"text/css" />
16 <link rel=
"stylesheet" href=
"../css/highlight.css">
17 <link href=
"../github-markdown.css" rel=
"stylesheet">
21 var mkdocs_page_name = "REST API";
22 var mkdocs_page_input_path = "REST-API.md";
23 var mkdocs_page_url = "/REST-API/";
26 <script src=
"../js/jquery-2.1.1.min.js"></script>
27 <script src=
"../js/modernizr-2.8.3.min.js"></script>
28 <script type=
"text/javascript" src=
"../js/highlight.pack.js"></script>
32 <body class=
"wy-body-for-nav" role=
"document">
34 <div class=
"wy-grid-for-nav">
37 <nav data-toggle=
"wy-nav-shift" class=
"wy-nav-side stickynav">
38 <div class=
"wy-side-nav-search">
39 <a href=
".." class=
"icon icon-home"> Shaarli Documentation
</a>
41 <form id =
"rtd-search-form" class=
"wy-form" action=
"../search.html" method=
"get">
42 <input type=
"text" name=
"q" placeholder=
"Search docs" />
47 <div class=
"wy-menu wy-menu-vertical" data-spy=
"affix" role=
"navigation" aria-label=
"main navigation">
51 <li class=
"toctree-l1">
53 <a class=
"" href=
"..">Home
</a>
56 <li class=
"toctree-l1">
58 <span class=
"caption-text">Setup
</span>
62 <a class=
"" href=
"../Download-and-Installation/">Download and Installation
</a>
66 <a class=
"" href=
"../Upgrade-and-migration/">Upgrade and migration
</a>
70 <a class=
"" href=
"../Server-requirements/">Server requirements
</a>
74 <a class=
"" href=
"../Server-configuration/">Server configuration
</a>
78 <a class=
"" href=
"../Server-security/">Server security
</a>
82 <a class=
"" href=
"../Shaarli-configuration/">Shaarli configuration
</a>
86 <a class=
"" href=
"../Plugins/">Plugins
</a>
91 <li class=
"toctree-l1">
93 <span class=
"caption-text">Docker
</span>
97 <a class=
"" href=
"../Docker-101/">Docker
101</a>
101 <a class=
"" href=
"../Shaarli-images/">Shaarli images
</a>
105 <a class=
"" href=
"../Reverse-proxy-configuration/">Reverse proxy configuration
</a>
109 <a class=
"" href=
"../Docker-resources/">Docker resources
</a>
114 <li class=
"toctree-l1">
116 <span class=
"caption-text">Usage
</span>
120 <a class=
"" href=
"../Features/">Features
</a>
124 <a class=
"" href=
"../Bookmarklet/">Bookmarklet
</a>
128 <a class=
"" href=
"../Browsing-and-searching/">Browsing and searching
</a>
132 <a class=
"" href=
"../Firefox-share/">Firefox share
</a>
136 <a class=
"" href=
"../RSS-feeds/">RSS feeds
</a>
138 <li class=
" current">
140 <a class=
"current" href=
"./">REST API
</a>
143 <li class=
"toctree-l3"><a href=
"#usage">Usage
</a></li>
146 <li class=
"toctree-l3"><a href=
"#authentication">Authentication
</a></li>
150 <li><a class=
"toctree-l4" href=
"#shaarli-jwt-token">Shaarli JWT Token
</a></li>
152 <li><a class=
"toctree-l4" href=
"#complete-example">Complete example
</a></li>
162 <li class=
"toctree-l1">
164 <span class=
"caption-text">How To
</span>
168 <a class=
"" href=
"../Backup,-restore,-import-and-export/">Backup, restore, import and export
</a>
172 <a class=
"" href=
"../Various-hacks/">Various hacks
</a>
177 <li class=
"toctree-l1">
179 <a class=
"" href=
"../Troubleshooting/">Troubleshooting
</a>
182 <li class=
"toctree-l1">
184 <span class=
"caption-text">Development
</span>
188 <a class=
"" href=
"../Development-guidelines/">Development guidelines
</a>
192 <a class=
"" href=
"../Continuous-integration-tools/">Continuous integration tools
</a>
196 <a class=
"" href=
"../GnuPG-signature/">GnuPG signature
</a>
200 <a class=
"" href=
"../Coding-guidelines/">Coding guidelines
</a>
204 <a class=
"" href=
"../Directory-structure/">Directory structure
</a>
208 <a class=
"" href=
"../3rd-party-libraries/">3rd party libraries
</a>
212 <a class=
"" href=
"../Plugin-System/">Plugin System
</a>
216 <a class=
"" href=
"../Release-Shaarli/">Release Shaarli
</a>
220 <a class=
"" href=
"../Versioning-and-Branches/">Versioning and Branches
</a>
224 <a class=
"" href=
"../Security/">Security
</a>
228 <a class=
"" href=
"../Static-analysis/">Static analysis
</a>
232 <a class=
"" href=
"../Theming/">Theming
</a>
236 <a class=
"" href=
"../Unit-tests/">Unit tests
</a>
241 <li class=
"toctree-l1">
243 <span class=
"caption-text">About
</span>
247 <a class=
"" href=
"../FAQ/">FAQ
</a>
251 <a class=
"" href=
"../Community-&-Related-software/">Community & Related software
</a>
261 <section data-toggle=
"wy-nav-shift" class=
"wy-nav-content-wrap">
264 <nav class=
"wy-nav-top" role=
"navigation" aria-label=
"top navigation">
265 <i data-toggle=
"wy-nav-top" class=
"fa fa-bars"></i>
266 <a href=
"..">Shaarli Documentation
</a>
270 <div class=
"wy-nav-content">
271 <div class=
"rst-content">
272 <div role=
"navigation" aria-label=
"breadcrumbs navigation">
273 <ul class=
"wy-breadcrumbs">
274 <li><a href=
"..">Docs
</a> »</li>
278 <li>Usage
»</li>
283 <li class=
"wy-breadcrumbs-aside">
285 <a href=
"https://github.com/shaarli/Shaarli/edit/master/docs/REST-API.md"
286 class=
"icon icon-github"> Edit on GitHub
</a>
293 <div class=
"section">
295 <h2 id=
"usage">Usage
</h2>
296 <p>See the
<a href=
"http://shaarli.github.io/api-documentation/">REST API documentation
</a>.
</p>
297 <h2 id=
"authentication">Authentication
</h2>
298 <p>All requests to Shaarli's API must include a JWT token to verify their authenticity.
</p>
299 <p>This token has to be included as an HTTP header called
<code>Authentication: Bearer
<jwt token
></code>.
</p>
300 <p>JWT resources :
</p>
302 <li><a href=
"https://jwt.io">jwt.io
</a> (including a list of client per language).
</li>
303 <li>RFC : https://tools.ietf.org/html/rfc7519
</li>
304 <li>https://float-middle.com/json-web-tokens-jwt-vs-sessions/
</li>
305 <li>HackerNews thread: https://news.ycombinator.com/item?id=
11929267</li>
307 <h3 id=
"shaarli-jwt-token">Shaarli JWT Token
</h3>
308 <p>JWT tokens are composed by three parts, separated by a dot
<code>.
</code> and encoded in base64:
</p>
309 <pre><code>[header].[payload].[signature]
312 <h4 id=
"header">Header
</h4>
313 <p>Shaarli only allow one hash algorithm, so the header will always be the same:
</p>
314 <pre><code class=
"json">{
315 "typ
":
"JWT
",
316 "alg
":
"HS512
"
320 <p>Encoded in base64, it gives:
</p>
321 <pre><code>ewogICAgICAgICJ0eXAiOiAiSldUIiwKICAgICAgICAiYWxnIjogIkhTNTEyIgogICAgfQ==
324 <h4 id=
"payload">Payload
</h4>
325 <p><strong>Validity duration
</strong></p>
326 <p>To avoid infinite token validity, JWT tokens must include their creation date in UNIX timestamp format (timezone independant - UTC) under the key
<code>iat
</code> (issued at). This token will be accepted during
9 minutes.
</p>
327 <pre><code class=
"json">{
328 "iat
":
1468663519
332 <p>See
<a href=
"https://tools.ietf.org/html/rfc7519#section-4.1.6">RFC reference
</a>.
</p>
333 <h4 id=
"signature">Signature
</h4>
334 <p>The signature authenticate the token validity. It contains the base64 of the header and the body, separated by a dot
<code>.
</code>, hashed in SHA512 with the API secret available in Shaarli administration page.
</p>
335 <p>Signature example with PHP:
</p>
336 <pre><code class=
"php">$content = base64_encode($header) . '.' . base64_encode($payload);
337 $signature = hash_hmac('sha512', $content, $secret);
340 <h3 id=
"complete-example">Complete example
</h3>
341 <h4 id=
"php">PHP
</h4>
342 <pre><code class=
"php">function generateToken($secret) {
343 $header = base64_encode('{
344 "typ
":
"JWT
",
345 "alg
":
"HS512
"
347 $payload = base64_encode('{
348 "iat
": '. time() .'
350 $signature = hash_hmac('sha512', $header .'.'. $payload , $secret);
351 return $header .'.'. $payload .'.'. $signature;
354 $secret = 'mysecret';
355 $token = generateToken($secret);
360 <p><code>ewogICAgICAgICJ0eXAiOiAiSldUIiwKICAgICAgICAiYWxnIjogIkhTNTEyIgogICAgfQ==.ewogICAgICAgICJpYXQiOiAxNDY4NjY3MDQ3CiAgICB9.1d2c54fa947daf594fdbf7591796195652c8bc63bffad7f6a6db2a41c313f495a542cbfb595acade79e83f3810d709b4251d7b940bbc10b531a6e6134af63a68
</code></p>
362 <pre><code class=
"php">$options = [
364 'method' =
> 'GET',
368 $context = stream_context_create($options);
369 file_get_contents($apiEndpoint, false, $context);
376 <div class=
"rst-footer-buttons" role=
"navigation" aria-label=
"footer navigation">
378 <a href=
"../Backup,-restore,-import-and-export/" class=
"btn btn-neutral float-right" title=
"Backup, restore, import and export">Next
<span class=
"icon icon-circle-arrow-right"></span></a>
381 <a href=
"../RSS-feeds/" class=
"btn btn-neutral" title=
"RSS feeds"><span class=
"icon icon-circle-arrow-left"></span> Previous
</a>
388 <div role=
"contentinfo">
389 <!-- Copyright etc -->
393 Built with
<a href=
"http://www.mkdocs.org">MkDocs
</a> using a
<a href=
"https://github.com/snide/sphinx_rtd_theme">theme
</a> provided by
<a href=
"https://readthedocs.org">Read the Docs
</a>.
403 <div class=
"rst-versions" role=
"note" style=
"cursor: pointer">
404 <span class=
"rst-current-version" data-toggle=
"rst-current-version">
406 <a href=
"https://github.com/shaarli/Shaarli" class=
"fa fa-github" style=
"float: left; color: #fcfcfc"> GitHub
</a>
409 <span><a href=
"../RSS-feeds/" style=
"color: #fcfcfc;">« Previous
</a></span>
412 <span style=
"margin-left: 15px"><a href=
"../Backup,-restore,-import-and-export/" style=
"color: #fcfcfc">Next
»</a></span>
416 <script src=
"../js/theme.js"></script>