aboutsummaryrefslogtreecommitdiffhomepage
path: root/doc/md/REST-API.md
diff options
context:
space:
mode:
authornodiscc <nodiscc@gmail.com>2017-01-26 18:52:54 +0100
committernodiscc <nodiscc@gmail.com>2017-06-18 00:19:49 +0200
commit53ed6d7d1e678d7486337ce67a2f17b30bac21ac (patch)
treef8bef0164a70bd03d2b9781951c01bdd018f1842 /doc/md/REST-API.md
parentd5d22a6d07917865c44148ad76f43c65a929a890 (diff)
downloadShaarli-53ed6d7d1e678d7486337ce67a2f17b30bac21ac.tar.gz
Shaarli-53ed6d7d1e678d7486337ce67a2f17b30bac21ac.tar.zst
Shaarli-53ed6d7d1e678d7486337ce67a2f17b30bac21ac.zip
Generate HTML documentation using MkDocs (WIP)
MkDocs is a static site generator geared towards building project documentation. Documentation source files are written in Markdown, and configured with a single YAML file. * http://www.mkdocs.org/ * http://www.mkdocs.org/user-guide/configuration/ Ref. #312 * remove pandoc-generated HTML documentation * move markdown doc to doc/md/, * mkdocs.yml: * generate HTML doc in doc/html * add pages TOC/ordering * use index.md as index page * Makefile: remove execute permissions from generated files * Makefile: rewrite htmlpages GFM to markdown conversion using sed: awk expression aslo matched '][' which causes invalid output on complex links with images or code blocks * Add mkdocs.yml to .gitattributes, exclude this file from release archives * Makefile: rename: htmldoc -> doc_html target * run make doc: pull latest markdown documentation from wiki * run make htmlpages: update html documentation
Diffstat (limited to 'doc/md/REST-API.md')
-rw-r--r--doc/md/REST-API.md104
1 files changed, 104 insertions, 0 deletions
diff --git a/doc/md/REST-API.md b/doc/md/REST-API.md
new file mode 100644
index 00000000..8f3f7303
--- /dev/null
+++ b/doc/md/REST-API.md
@@ -0,0 +1,104 @@
1## Usage
2
3See the [REST API documentation](http://shaarli.github.io/api-documentation/).
4
5## Authentication
6
7All requests to Shaarli's API must include a JWT token to verify their authenticity.
8
9This token has to be included as an HTTP header called `Authentication: Bearer <jwt token>`.
10
11JWT resources :
12
13 * [jwt.io](https://jwt.io) (including a list of client per language).
14 * RFC : https://tools.ietf.org/html/rfc7519
15 * https://float-middle.com/json-web-tokens-jwt-vs-sessions/
16 * HackerNews thread: https://news.ycombinator.com/item?id=11929267
17
18
19### Shaarli JWT Token
20
21JWT tokens are composed by three parts, separated by a dot `.` and encoded in base64:
22
23```
24[header].[payload].[signature]
25```
26
27#### Header
28
29Shaarli only allow one hash algorithm, so the header will always be the same:
30
31```json
32{
33 "typ": "JWT",
34 "alg": "HS512"
35}
36```
37
38Encoded in base64, it gives:
39
40```
41ewogICAgICAgICJ0eXAiOiAiSldUIiwKICAgICAgICAiYWxnIjogIkhTNTEyIgogICAgfQ==
42```
43
44#### Payload
45
46**Validity duration**
47
48To avoid infinite token validity, JWT tokens must include their creation date in UNIX timestamp format (timezone independant - UTC) under the key `iat` (issued at). This token will be accepted during 9 minutes.
49
50```json
51{
52 "iat": 1468663519
53}
54```
55
56See [RFC reference](https://tools.ietf.org/html/rfc7519#section-4.1.6).
57
58
59#### Signature
60
61The signature authenticate the token validity. It contains the base64 of the header and the body, separated by a dot `.`, hashed in SHA512 with the API secret available in Shaarli administration page.
62
63Signature example with PHP:
64
65```php
66$content = base64_encode($header) . '.' . base64_encode($payload);
67$signature = hash_hmac('sha512', $content, $secret);
68```
69
70
71### Complete example
72
73#### PHP
74
75```php
76function generateToken($secret) {
77 $header = base64_encode('{
78 "typ": "JWT",
79 "alg": "HS512"
80 }');
81 $payload = base64_encode('{
82 "iat": '. time() .'
83 }');
84 $signature = hash_hmac('sha512', $header .'.'. $payload , $secret);
85 return $header .'.'. $payload .'.'. $signature;
86}
87
88$secret = 'mysecret';
89$token = generateToken($secret);
90echo $token;
91```
92
93> `ewogICAgICAgICJ0eXAiOiAiSldUIiwKICAgICAgICAiYWxnIjogIkhTNTEyIgogICAgfQ==.ewogICAgICAgICJpYXQiOiAxNDY4NjY3MDQ3CiAgICB9.1d2c54fa947daf594fdbf7591796195652c8bc63bffad7f6a6db2a41c313f495a542cbfb595acade79e83f3810d709b4251d7b940bbc10b531a6e6134af63a68`
94
95```php
96$options = [
97 'http' => [
98 'method' => 'GET',
99 'jwt' => $token,
100 ],
101];
102$context = stream_context_create($options);
103file_get_contents($apiEndpoint, false, $context);
104```