Re: [aerogear-dev] Passphrase encryption - REST API discussion

That would make sense into the Sender request, once we don't have ways to identify if the data was encrypted or not, something like "--header "protected: true" (always optional). For example:

curl -3 -u "{PushApplicationID}:{MasterSecret}" -v -H "Accept: application/json" -H "Content-type: application/json" --header "protected: true" -X POST -d '{ "variants" : ["c3f0a94f-48de-4b77-a08e-68114460857e", "444939cd-ae63-4ce1-96a4-de74b77e3737" ....], "categories" : ["someCategory"], "alias" : ["user(a)account.com", "jay(a)redhat.org", ....], "deviceType" : ["iPad", "AndroidTablet", "web"], "message": {"key":"value", "key2":"other value", "alert":"HELLO!"}, "simple-push": "version=123" }' https://SERVER:PORT/CONTEXT/rest/sender Does it make sense to you? In the future with the key agreement, that might not be necessary. -- abstractj On March 13, 2014 at 9:33:07 AM, Sebastien Blanc (scm.blanc(a)gmail.com) wrote: > > Shouldn't there be a flag in the request telling the cert and > passphrase are encrypted or not ? Or maybe the server can detect > by itself if it's encrypted or not . _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev