2017-01-26 18:52:54 +01:00
<!DOCTYPE html>
<!-- [if IE 8]><html class="no - js lt - ie9" lang="en" > <![endif] -->
<!-- [if gt IE 8]><! --> < html class = "no-js" lang = "en" > <!-- <![endif] -->
< head >
< meta charset = "utf-8" >
< meta http-equiv = "X-UA-Compatible" content = "IE=edge" >
< meta name = "viewport" content = "width=device-width, initial-scale=1.0" >
< link rel = "shortcut icon" href = "../img/favicon.ico" >
< title > REST API - Shaarli Documentation< / title >
< link href = 'https://fonts.googleapis.com/css?family=Lato:400,700|Roboto+Slab:400,700|Inconsolata:400,700' rel = 'stylesheet' type = 'text/css' >
< link rel = "stylesheet" href = "../css/theme.css" type = "text/css" / >
< link rel = "stylesheet" href = "../css/theme_extra.css" type = "text/css" / >
< link rel = "stylesheet" href = "../css/highlight.css" >
< link href = "../github-markdown.css" rel = "stylesheet" >
< script >
// Current page data
var mkdocs_page_name = "REST API";
var mkdocs_page_input_path = "REST-API.md";
var mkdocs_page_url = "/REST-API/";
< / script >
< script src = "../js/jquery-2.1.1.min.js" > < / script >
< script src = "../js/modernizr-2.8.3.min.js" > < / script >
< script type = "text/javascript" src = "../js/highlight.pack.js" > < / script >
< / head >
< body class = "wy-body-for-nav" role = "document" >
< div class = "wy-grid-for-nav" >
< nav data-toggle = "wy-nav-shift" class = "wy-nav-side stickynav" >
< div class = "wy-side-nav-search" >
< a href = ".." class = "icon icon-home" > Shaarli Documentation< / a >
< div role = "search" >
< form id = "rtd-search-form" class = "wy-form" action = "../search.html" method = "get" >
< input type = "text" name = "q" placeholder = "Search docs" / >
< / form >
< / div >
< / div >
< div class = "wy-menu wy-menu-vertical" data-spy = "affix" role = "navigation" aria-label = "main navigation" >
< ul class = "current" >
< li class = "toctree-l1" >
< a class = "" href = ".." > Home< / a >
< / li >
< li class = "toctree-l1" >
< span class = "caption-text" > Setup< / span >
< ul class = "subnav" >
< li class = "" >
< a class = "" href = "../Download-and-Installation/" > Download and Installation< / a >
< / li >
< li class = "" >
< a class = "" href = "../Upgrade-and-migration/" > Upgrade and migration< / a >
< / li >
< li class = "" >
< a class = "" href = "../Server-requirements/" > Server requirements< / a >
< / li >
< li class = "" >
< a class = "" href = "../Server-configuration/" > Server configuration< / a >
< / li >
< li class = "" >
< a class = "" href = "../Server-security/" > Server security< / a >
< / li >
< li class = "" >
< a class = "" href = "../Shaarli-configuration/" > Shaarli configuration< / a >
< / li >
< li class = "" >
< a class = "" href = "../Plugins/" > Plugins< / a >
< / li >
< / ul >
< / li >
< li class = "toctree-l1" >
< span class = "caption-text" > Docker< / span >
< ul class = "subnav" >
< li class = "" >
< a class = "" href = "../Docker-101/" > Docker 101< / a >
< / li >
< li class = "" >
< a class = "" href = "../Shaarli-images/" > Shaarli images< / a >
< / li >
< li class = "" >
< a class = "" href = "../Reverse-proxy-configuration/" > Reverse proxy configuration< / a >
< / li >
< li class = "" >
< a class = "" href = "../Docker-resources/" > Docker resources< / a >
< / li >
< / ul >
< / li >
< li class = "toctree-l1" >
< span class = "caption-text" > Usage< / span >
< ul class = "subnav" >
< li class = "" >
< a class = "" href = "../Features/" > Features< / a >
< / li >
< li class = "" >
< a class = "" href = "../Bookmarklet/" > Bookmarklet< / a >
< / li >
< li class = "" >
< a class = "" href = "../Browsing-and-searching/" > Browsing and searching< / a >
< / li >
< li class = "" >
< a class = "" href = "../Firefox-share/" > Firefox share< / a >
< / li >
< li class = "" >
< a class = "" href = "../RSS-feeds/" > RSS feeds< / a >
< / li >
< li class = " current" >
< a class = "current" href = "./" > REST API< / a >
< ul class = "subnav" >
< li class = "toctree-l3" > < a href = "#usage" > Usage< / a > < / li >
< li class = "toctree-l3" > < a href = "#authentication" > Authentication< / a > < / li >
< ul >
< li > < a class = "toctree-l4" href = "#shaarli-jwt-token" > Shaarli JWT Token< / a > < / li >
< li > < a class = "toctree-l4" href = "#complete-example" > Complete example< / a > < / li >
< / ul >
< / ul >
< / li >
< / ul >
< / li >
< li class = "toctree-l1" >
< span class = "caption-text" > How To< / span >
< ul class = "subnav" >
< li class = "" >
< a class = "" href = "../Backup,-restore,-import-and-export/" > Backup, restore, import and export< / a >
< / li >
< li class = "" >
2017-06-18 06:32:30 +02:00
< a class = "" href = "../Various-hacks/" > Various hacks< / a >
2017-01-26 18:52:54 +01:00
< / li >
< / ul >
< / li >
< li class = "toctree-l1" >
< a class = "" href = "../Troubleshooting/" > Troubleshooting< / a >
< / li >
< li class = "toctree-l1" >
< span class = "caption-text" > Development< / span >
< ul class = "subnav" >
< li class = "" >
< a class = "" href = "../Development-guidelines/" > Development guidelines< / a >
< / li >
< li class = "" >
< a class = "" href = "../Continuous-integration-tools/" > Continuous integration tools< / a >
< / li >
< li class = "" >
< a class = "" href = "../GnuPG-signature/" > GnuPG signature< / a >
< / li >
< li class = "" >
< a class = "" href = "../Coding-guidelines/" > Coding guidelines< / a >
< / li >
< li class = "" >
< a class = "" href = "../Directory-structure/" > Directory structure< / a >
< / li >
< li class = "" >
< a class = "" href = "../3rd-party-libraries/" > 3rd party libraries< / a >
< / li >
< li class = "" >
< a class = "" href = "../Plugin-System/" > Plugin System< / a >
< / li >
< li class = "" >
< a class = "" href = "../Release-Shaarli/" > Release Shaarli< / a >
< / li >
< li class = "" >
< a class = "" href = "../Versioning-and-Branches/" > Versioning and Branches< / a >
< / li >
< li class = "" >
< a class = "" href = "../Security/" > Security< / a >
< / li >
< li class = "" >
< a class = "" href = "../Static-analysis/" > Static analysis< / a >
< / li >
< li class = "" >
< a class = "" href = "../Theming/" > Theming< / a >
< / li >
< li class = "" >
< a class = "" href = "../Unit-tests/" > Unit tests< / a >
< / li >
< / ul >
< / li >
< li class = "toctree-l1" >
< span class = "caption-text" > About< / span >
< ul class = "subnav" >
< li class = "" >
< a class = "" href = "../FAQ/" > FAQ< / a >
< / li >
< li class = "" >
< a class = "" href = "../Community-&-Related-software/" > Community & Related software< / a >
< / li >
< / ul >
< / li >
< / ul >
< / div >
< / nav >
< section data-toggle = "wy-nav-shift" class = "wy-nav-content-wrap" >
< nav class = "wy-nav-top" role = "navigation" aria-label = "top navigation" >
< i data-toggle = "wy-nav-top" class = "fa fa-bars" > < / i >
< a href = ".." > Shaarli Documentation< / a >
< / nav >
< div class = "wy-nav-content" >
< div class = "rst-content" >
< div role = "navigation" aria-label = "breadcrumbs navigation" >
< ul class = "wy-breadcrumbs" >
< li > < a href = ".." > Docs< / a > » < / li >
< li > Usage » < / li >
< li > REST API< / li >
< li class = "wy-breadcrumbs-aside" >
< a href = "https://github.com/shaarli/Shaarli/edit/master/docs/REST-API.md"
class="icon icon-github"> Edit on GitHub< / a >
< / li >
< / ul >
< hr / >
< / div >
< div role = "main" >
< div class = "section" >
< h2 id = "usage" > Usage< / h2 >
< p > See the < a href = "http://shaarli.github.io/api-documentation/" > REST API documentation< / a > .< / p >
< h2 id = "authentication" > Authentication< / h2 >
< p > All requests to Shaarli's API must include a JWT token to verify their authenticity.< / p >
< p > This token has to be included as an HTTP header called < code > Authentication: Bearer < jwt token> < / code > .< / p >
< p > JWT resources :< / p >
< ul >
< li > < a href = "https://jwt.io" > jwt.io< / a > (including a list of client per language).< / li >
< li > RFC : https://tools.ietf.org/html/rfc7519< / li >
< li > https://float-middle.com/json-web-tokens-jwt-vs-sessions/< / li >
< li > HackerNews thread: https://news.ycombinator.com/item?id=11929267< / li >
< / ul >
< h3 id = "shaarli-jwt-token" > Shaarli JWT Token< / h3 >
< p > JWT tokens are composed by three parts, separated by a dot < code > .< / code > and encoded in base64:< / p >
< pre > < code > [header].[payload].[signature]
< / code > < / pre >
< h4 id = "header" > Header< / h4 >
< p > Shaarli only allow one hash algorithm, so the header will always be the same:< / p >
< pre > < code class = "json" > {
" typ" : " JWT" ,
" alg" : " HS512"
}
< / code > < / pre >
< p > Encoded in base64, it gives:< / p >
< pre > < code > ewogICAgICAgICJ0eXAiOiAiSldUIiwKICAgICAgICAiYWxnIjogIkhTNTEyIgogICAgfQ==
< / code > < / pre >
< h4 id = "payload" > Payload< / h4 >
< p > < strong > Validity duration< / strong > < / p >
< p > To avoid infinite token validity, JWT tokens must include their creation date in UNIX timestamp format (timezone independant - UTC) under the key < code > iat< / code > (issued at). This token will be accepted during 9 minutes.< / p >
< pre > < code class = "json" > {
" iat" : 1468663519
}
< / code > < / pre >
< p > See < a href = "https://tools.ietf.org/html/rfc7519#section-4.1.6" > RFC reference< / a > .< / p >
< h4 id = "signature" > Signature< / h4 >
< p > The signature authenticate the token validity. It contains the base64 of the header and the body, separated by a dot < code > .< / code > , hashed in SHA512 with the API secret available in Shaarli administration page.< / p >
< p > Signature example with PHP:< / p >
< pre > < code class = "php" > $content = base64_encode($header) . '.' . base64_encode($payload);
$signature = hash_hmac('sha512', $content, $secret);
< / code > < / pre >
< h3 id = "complete-example" > Complete example< / h3 >
< h4 id = "php" > PHP< / h4 >
< pre > < code class = "php" > function generateToken($secret) {
$header = base64_encode('{
" typ" : " JWT" ,
" alg" : " HS512"
}');
$payload = base64_encode('{
" iat" : '. time() .'
}');
$signature = hash_hmac('sha512', $header .'.'. $payload , $secret);
return $header .'.'. $payload .'.'. $signature;
}
$secret = 'mysecret';
$token = generateToken($secret);
echo $token;
< / code > < / pre >
< blockquote >
< p > < code > ewogICAgICAgICJ0eXAiOiAiSldUIiwKICAgICAgICAiYWxnIjogIkhTNTEyIgogICAgfQ==.ewogICAgICAgICJpYXQiOiAxNDY4NjY3MDQ3CiAgICB9.1d2c54fa947daf594fdbf7591796195652c8bc63bffad7f6a6db2a41c313f495a542cbfb595acade79e83f3810d709b4251d7b940bbc10b531a6e6134af63a68< / code > < / p >
< / blockquote >
< pre > < code class = "php" > $options = [
'http' => [
'method' => 'GET',
'jwt' => $token,
],
];
$context = stream_context_create($options);
file_get_contents($apiEndpoint, false, $context);
< / code > < / pre >
< / div >
< / div >
< footer >
< div class = "rst-footer-buttons" role = "navigation" aria-label = "footer navigation" >
< a href = "../Backup,-restore,-import-and-export/" class = "btn btn-neutral float-right" title = "Backup, restore, import and export" > Next < span class = "icon icon-circle-arrow-right" > < / span > < / a >
< a href = "../RSS-feeds/" class = "btn btn-neutral" title = "RSS feeds" > < span class = "icon icon-circle-arrow-left" > < / span > Previous< / a >
< / div >
< hr / >
< div role = "contentinfo" >
<!-- Copyright etc -->
< / div >
Built with < a href = "http://www.mkdocs.org" > MkDocs< / a > using a < a href = "https://github.com/snide/sphinx_rtd_theme" > theme< / a > provided by < a href = "https://readthedocs.org" > Read the Docs< / a > .
< / footer >
< / div >
< / div >
< / section >
< / div >
< div class = "rst-versions" role = "note" style = "cursor: pointer" >
< span class = "rst-current-version" data-toggle = "rst-current-version" >
< a href = "https://github.com/shaarli/Shaarli" class = "fa fa-github" style = "float: left; color: #fcfcfc" > GitHub< / a >
< span > < a href = "../RSS-feeds/" style = "color: #fcfcfc;" > « Previous< / a > < / span >
< span style = "margin-left: 15px" > < a href = "../Backup,-restore,-import-and-export/" style = "color: #fcfcfc" > Next » < / a > < / span >
< / span >
< / div >
< script src = "../js/theme.js" > < / script >
< / body >
< / html >