[aerogear-dev] Passphrase encryption - REST API discussion
Bruno Oliveira
bruno at abstractj.org
Thu Mar 13 08:45:28 EDT 2014
That would make sense into the Sender request, once we don’t have ways to identify if the data was encrypted or not, something like "--header “protected: true” (always optional). For example:
curl -3 -u "{PushApplicationID}:{MasterSecret}"
-v -H "Accept: application/json" -H "Content-type: application/json”
--header “protected: true"
-X POST
-d '{
"variants" : ["c3f0a94f-48de-4b77-a08e-68114460857e", "444939cd-ae63-4ce1-96a4-de74b77e3737" ....],
"categories" : ["someCategory"],
"alias" : ["user at account.com", "jay at redhat.org", ....],
"deviceType" : ["iPad", "AndroidTablet", "web"],
"message": {"key":"value", "key2":"other value", "alert":"HELLO!"},
"simple-push": "version=123"
}'
https://SERVER:PORT/CONTEXT/rest/sender
Does it make sense to you? In the future with the key agreement, that might not be necessary.
--
abstractj
On March 13, 2014 at 9:33:07 AM, Sebastien Blanc (scm.blanc at gmail.com) wrote:
> > Shouldn't there be a flag in the request telling the cert and
> passphrase are encrypted or not ? Or maybe the server can detect
> by itself if it's encrypted or not .
More information about the aerogear-dev
mailing list