Weave User API v1.0
Release Date: TBD
All data passed into the User API should be utf-8 encoded.
URL Semantics
User account URLs follow, for the most part, REST semantics. Request and response bodies are all JSON-encoded.
The URL for User requests is structured as follows:
https://<server name>/<api pathname>/<version>/<username>/<further instruction>
| Component | Mozilla Default | Description |
| server name | auth.services.mozilla.com | the hostname of the server |
| pathname | user | the prefix associated with the service on the box |
| version | 1.0 | The API version. |
| username | (none) | the name of the object (user) to be manipulated |
| further instruction | (none) | The additional function information as defined in the paths below |
Certain functions use HTTP basic auth (over SSL, so as to maintain password security). If the auth username does not match the username in the path, the server will issue an Error Response
The Weave User API has a set of Weave Response Codes to cover errors in the request or on the server side. The format of a successful response is defined in the appropriate request method section.
GET
https://server/pathname/version/username/
Returns 1 if the username is in use, 0 if it is available.
https://server/pathname/version/username/node/weave
Returns the Weave Node that the client is located on. Weave-specific calls should be directed to that node.
PUT
https://server/pathname/version/username
Requests that an account be created for username.
The JSON payload should include
| Field | Description |
| password | The password to be associated with the account. |
| invite-code | A Weave invite code |
| Email address associated with the account | |
| captcha-challenge | The challenge string from the captcha (see miscellaneous functions below) |
| captcha-response | The response to the captcha. Only required if WEAVE_REGISTER_USE_CAPTCHA is set |
| secret | If set, the shared secret, which will override the captcha (for testing and automation) |
The server will return the username on success, or an error message if some portion of the process fails.
POST
https://server/pathname/version/username/email
NOTE: Requires basic authentication with the username and password associated with the account. The auth username must match the username in the path.
Changes the email address associated with the account to the value specified in the "email" POST value.
The server will return the new email address on success, or an error message if some portion of the process fails.
https://server/pathname/version/username/password
NOTE: Requires basic authentication with the username and (current) password associated with the account. The auth username must match the username in the path.
Changes the password associated with the account to the value specified in the "password" POST value.
The server will return 1 on success, or an error message if some portion of the process fails.
DELETE
https://server/pathname/version/username/
NOTE: Requires simple authentication with the username and password associated with the account. The auth username must match the username in the path.
Deletes the user account.
X-Weave-Alert
This header may be sent back from any transaction, and contains potential warning messages, information, or other alerts. The contents are intended to be human-readable.
Miscellaneous Functions
https://server/user/1.0/captcha_html
Returns an html body string containing a Recaptcha challenge captcha. If the WEAVE_REGISTER_USE_CAPTCHA is set to 1, the PUT API above will expect the challenge and response from this captcha.
Note: this function outputs html, not json.