MyShaarli/doc/md/REST-API.md
nodiscc 53ed6d7d1e Generate HTML documentation using MkDocs (WIP)
MkDocs is a static site generator geared towards building project documentation.
Documentation source files are written in Markdown, and configured with a single YAML file.

 * http://www.mkdocs.org/
 * http://www.mkdocs.org/user-guide/configuration/

Ref. #312

* remove pandoc-generated HTML documentation
* move markdown doc to doc/md/,
* mkdocs.yml:
  * generate HTML doc in doc/html
  * add pages TOC/ordering
  * use index.md as index page
* Makefile: remove execute permissions from generated files
* Makefile: rewrite htmlpages GFM to markdown conversion using sed:
   awk expression aslo matched '][' which causes invalid output on complex links with images or code blocks
* Add mkdocs.yml to .gitattributes, exclude this file from release archives
* Makefile: rename: htmldoc -> doc_html target
* run make doc: pull latest markdown documentation from wiki
* run make htmlpages: update html documentation
2017-06-18 00:19:49 +02:00

2.5 KiB

Usage

See the REST API documentation.

Authentication

All requests to Shaarli's API must include a JWT token to verify their authenticity.

This token has to be included as an HTTP header called Authentication: Bearer <jwt token>.

JWT resources :

Shaarli JWT Token

JWT tokens are composed by three parts, separated by a dot . and encoded in base64:

[header].[payload].[signature]

Header

Shaarli only allow one hash algorithm, so the header will always be the same:

{
    "typ": "JWT",
    "alg": "HS512"
}

Encoded in base64, it gives:

ewogICAgICAgICJ0eXAiOiAiSldUIiwKICAgICAgICAiYWxnIjogIkhTNTEyIgogICAgfQ==

Payload

Validity duration

To avoid infinite token validity, JWT tokens must include their creation date in UNIX timestamp format (timezone independant - UTC) under the key iat (issued at). This token will be accepted during 9 minutes.

{
    "iat": 1468663519
}

See RFC reference.

Signature

The signature authenticate the token validity. It contains the base64 of the header and the body, separated by a dot ., hashed in SHA512 with the API secret available in Shaarli administration page.

Signature example with PHP:

$content = base64_encode($header) . '.' . base64_encode($payload);
$signature = hash_hmac('sha512', $content, $secret);

Complete example

PHP

function generateToken($secret) {
    $header = base64_encode('{
        "typ": "JWT",
        "alg": "HS512"
    }');
    $payload = base64_encode('{
        "iat": '. time() .'
    }');
    $signature = hash_hmac('sha512', $header .'.'. $payload , $secret);
    return $header .'.'. $payload .'.'. $signature;
}

$secret = 'mysecret';
$token = generateToken($secret);
echo $token;

ewogICAgICAgICJ0eXAiOiAiSldUIiwKICAgICAgICAiYWxnIjogIkhTNTEyIgogICAgfQ==.ewogICAgICAgICJpYXQiOiAxNDY4NjY3MDQ3CiAgICB9.1d2c54fa947daf594fdbf7591796195652c8bc63bffad7f6a6db2a41c313f495a542cbfb595acade79e83f3810d709b4251d7b940bbc10b531a6e6134af63a68

$options = [
    'http' => [
        'method' => 'GET',
        'jwt' => $token,
    ],
];
$context = stream_context_create($options);
file_get_contents($apiEndpoint, false, $context);