forked from Ailur/burgernotes-server
Update APIDOCS.md
This commit is contained in:
parent
cda77cd3b9
commit
e3359a02a8
40
APIDOCS.md
40
APIDOCS.md
|
@ -3,16 +3,18 @@ Use the Burgernotes API to automate tasks, build your own client, and more!
|
||||||
|
|
||||||
Headers should be: "Content-type: application/json; charset=UTF-8" for all POSTs
|
Headers should be: "Content-type: application/json; charset=UTF-8" for all POSTs
|
||||||
|
|
||||||
## 🔑 Authentication
|
## 🔑 Authentication (version 1)
|
||||||
|
|
||||||
POST - /api/signup - provide "username" and "password".
|
POST - /api/signup - provide "username" and "password".
|
||||||
|
|
||||||
POST - /api/login - provide "username", "password"
|
POST - /api/login - provide "username", "password" and "newpass"
|
||||||
|
|
||||||
To prevent the server from knowing the encryption key, the password you provide in the request must be hashed with the SHA-3 algorithm with 128 iterations (the hash is hashed again 128 times).
|
To prevent the server from knowing the encryption key, the password you provide in the request must be hashed with the SHA-3 algorithm with 128 iterations (the hash is hashed again 128 times).
|
||||||
|
|
||||||
Password should be at least 8 characters, username must be under 20 characters and alphanumeric.
|
Password should be at least 8 characters, username must be under 20 characters and alphanumeric.
|
||||||
|
|
||||||
|
Newpass is a more direct call to /api/changepassword that is deprecated in version 2. Set newpass to a value of "no" in order to identify as a version 1 api and not trigger the backwards compatibility layer.
|
||||||
|
|
||||||
If username is taken, error code 422 will return.
|
If username is taken, error code 422 will return.
|
||||||
|
|
||||||
Assuming everything went correctly, the server will return a secret key.
|
Assuming everything went correctly, the server will return a secret key.
|
||||||
|
@ -21,6 +23,30 @@ You'll need to store two things in local storage:
|
||||||
- The secret key you just got, used to fetch notes, save stuff etc.
|
- The secret key you just got, used to fetch notes, save stuff etc.
|
||||||
- A SHA512 hashed password, used as encryption key
|
- A SHA512 hashed password, used as encryption key
|
||||||
|
|
||||||
|
### Additional notes on version 2
|
||||||
|
|
||||||
|
For version two, /api/signup and /api/login require the legacyPassword API, to allow for backwards compatibility up to version 0. To do this, set the header "X-Burgernotes-Version" to the current version number without any dots (E.G 2.1.4 -> 214).
|
||||||
|
|
||||||
|
During signup, "legacyPassword" should also be provided. legacyPassword should be the SHA-3 128 iteration hash of the Argon2ID hash of the password following these settings (yes, hashing a hash):
|
||||||
|
|
||||||
|
```
|
||||||
|
Parallelism should be 1
|
||||||
|
|
||||||
|
Iterations should be 256
|
||||||
|
|
||||||
|
Memory Allocated in bytes should be 512
|
||||||
|
|
||||||
|
Length of Hash should be 32 bytes
|
||||||
|
|
||||||
|
The output should be in the encoded format, not the hashed format
|
||||||
|
|
||||||
|
Salt should be the SHA512 of the password
|
||||||
|
```
|
||||||
|
|
||||||
|
On login, as well as the key, the server may return "legacyPasswordNeeded" = true.
|
||||||
|
|
||||||
|
If this is the case, POST /api/v2/addlegacypassword (with the aforementioned header), provide "secretKey" and "legacyPassword" (hashed the same way as signup).
|
||||||
|
|
||||||
## 🔐 Encryption
|
## 🔐 Encryption
|
||||||
|
|
||||||
Note content and title is encrypted using AES 256-bit.
|
Note content and title is encrypted using AES 256-bit.
|
||||||
|
@ -46,7 +72,10 @@ POST - /api/editnote - edit notes, provide "secretKey", "noteId", "title", and "
|
||||||
|
|
||||||
POST - /api/removenote - remove notes, provide "secretKey" and "noteId"
|
POST - /api/removenote - remove notes, provide "secretKey" and "noteId"
|
||||||
|
|
||||||
## ⚙️ More stuff
|
## ⚙️ Account managment
|
||||||
|
|
||||||
|
POST - /api/changepassword - change account password, provide "secretKey", "newPassword"
|
||||||
|
encrypt the same way as /api/login
|
||||||
|
|
||||||
POST - /api/deleteaccount - delete account, provide "secretKey"
|
POST - /api/deleteaccount - delete account, provide "secretKey"
|
||||||
please display a warning before this action
|
please display a warning before this action
|
||||||
|
@ -54,8 +83,13 @@ please display a warning before this action
|
||||||
POST - /api/exportnotes - export notes, provide "secretKey"
|
POST - /api/exportnotes - export notes, provide "secretKey"
|
||||||
note content and title will have to be decrypted
|
note content and title will have to be decrypted
|
||||||
|
|
||||||
|
POST - /api/importnotes - import notes, provide "secretKey" and "notes"
|
||||||
|
note content should be encrypted and follow the /api/exportnotes format, in a marshalled json string
|
||||||
|
|
||||||
POST - /api/sessions/list - show all sessions, provide "secretKey"
|
POST - /api/sessions/list - show all sessions, provide "secretKey"
|
||||||
|
|
||||||
POST - /api/sessions/remove - remove session, provide "secretKey" and "sessionId"
|
POST - /api/sessions/remove - remove session, provide "secretKey" and "sessionId"
|
||||||
|
|
||||||
|
## 💼 Admin controls
|
||||||
|
|
||||||
POST - /api/listusers - lists all users in JSON, provide "masterKey" (set in config.ini)
|
POST - /api/listusers - lists all users in JSON, provide "masterKey" (set in config.ini)
|
||||||
|
|
Loading…
Reference in New Issue