The authentication used for this action must be Anonymous User authentication.
#Droplr upload limit password#
Password must be a SHA1 hash of the user inputĤ00 (Bad Request): Invalid Username Header KeyĤ09 (Conflict): Username Already Taken Header KeyĤ09 (Conflict): Domain Already Taken Header Key That email is already taken if it's yours please contact Droplr supportĤ00 (Bad Request): Invalid Password Header Key subdomain.d.pr/xkdg).Įrror Responses 400 (Bad Request): Missing Email or Password Header KeyĤ00 (Bad Request): Invalid Email Header KeyĤ09 (Conflict): Email Already Taken Header Key The subdomain to be used shortlinks (e.g.
What should be used in shortlinks DEFAULT, DOMAIN, SUB_DOMAIN Required The account password, hashed with SHA1 algorythm
Required The email of the account to be created The applications of this authentication are limited currently it's only valid for the creation of new accounts and reading drops - assuming the application has enough privileges to execute the operations. This authentication's formula is exactly the same as user-based authentication, except for the fact that the email must be and the password is a SHA-1 hash of the string anonymous.įurthermore, the type of authentication identifier of the Authorization header is droplranon rather than droplr.Īuthorization: droplranon cHVibGlja2V5OmFub255bW91c0Bkcm9wbHIuY29t:m3n/LQOwt3Cv95KfJsnlbG2R/lM= Anonyomous Authenticationĭroplr's API server also supports anonymous user authentication.
When using session based authentication against Create Drop - Link, Create Drop - Note or Create Drop - File operations, the server will either associate the drop with an existing session or create a new record, if no previous session with the same id existed. The only way to create new sessions using session-based authentication is to perform a drop upload. The process to create the stringToSign token is exactly the same as for user based authentication. The Salt is a safe string (not documented here) to further reduce the chances of creating a valid request for abuse. Password = SUBSTRING(SessionId, 0, 16) + SUBSTRING(authenticityToken, 16, 32) # the password is the first half of the sessionId concatenated with the second half of the authenticity token Its formula is thus:ĪuthenticityToken = MD5(ApplicationPrivateKey:SessionId:Salt) In order for Droplr to ensure the validity of the request, the password is itself a token calculated based on the session id. Since we're talking about anonymous volatile sessions, there are not passwords set. The first big difference to the user based authentication system appears here. HMAC_SHA1(ApplicationPrivateKey:Password, stringToSign) The formula to compute the signature parameter is: Where ApplicationPublicKey and SessionId are the application's assigned public key and the session identifier. Starting from the end, an example of how an session Authorization header should look is:Īuthorization: droplrses cHVibGlja2V5OmQwNmY2ZTZlOTEyOGEyMzkzYjczNThmZjcwMTI0NTUw:QC0bWeSf8m979k4+AJ6lLxeMAfg=Īuthorization: droplrses BASE64(ApplicationPublicKey:SessionId):signature The session id must be 32-char long alphanumeric string (MD5 hash). In the process of registering, all the previous anonymous uploads are migrated - if a user uploads a file using the anonymous drag&drop and then registers, that file will be present when he lists the drops in his new account. The idea of anonymous upload is to allow people to try out Droplr really quick and then proceed to register a regular account.
#Droplr upload limit registration#
However, this system is not adequate for the anonymous drag and drop upload feature presented by Droplr's web app.ĭroplr's API had, therefore, to support some kind of anonymous authentication mechanism that worked pretty much the same way as an email/password authentication system, except accounts could be created on-the-fly without registration info. The basis of the authentication system is the email/password based authentication. Private Operations Session-based Authenticationĭroplr's API server notion of session is a bit different from what the name may imply.
0 kommentar(er)
