Services/Sync/Server/API/User/1.0

< Services‎ | Sync‎ | Server‎ | API

Weave User API v1.0

Release Date: TBD


All data passed into the User API should be utf-8 encoded.

URL Semantics

User account URLs follow, for the most part, REST semantics. Request and response bodies are all JSON-encoded.

The URL for User requests is structured as follows:

https://<server name>/<api pathname>/<version>/<username>/<further instruction>

Component Mozilla Default Description
server name auth.services.mozilla.com the hostname of the server
pathname user the prefix associated with the service on the box
version 1.0 The API version.
username (none) the name of the object (user) to be manipulated
further instruction (none) The additional function information as defined in the paths below

Certain functions use HTTP basic auth (over SSL, so as to maintain password security). If the auth username does not match the username in the path, the server will issue an Error Response

The Weave User API has a set of Weave Response Codes to cover errors in the request or on the server side. The format of a successful response is defined in the appropriate request method section.


GET

https://server/pathname/version/username/

Returns 1 if the username is in use, 0 if it is available.

https://server/pathname/version/username/node/weave

Returns the Weave Node that the client is located on. Weave-specific calls should be directed to that node.

PUT

https://server/pathname/version/username

Requests that an account be created for username.

The JSON payload should include

Field Description
password The password to be associated with the account.
invite-code A Weave invite code
email Email address associated with the account
captcha-challenge The challenge string from the captcha (see miscellaneous functions below)
captcha-response The response to the captcha. Only required if WEAVE_REGISTER_USE_CAPTCHA is set
secret If set, the shared secret, which will override the captcha (for testing and automation)

The server will return the username on success, or an error message if some portion of the process fails.

POST

https://server/pathname/version/username/email

NOTE: Requires basic authentication with the username and password associated with the account. The auth username must match the username in the path.

Changes the email address associated with the account to the value specified in the "email" POST value.

The server will return the new email address on success, or an error message if some portion of the process fails.

https://server/pathname/version/username/password

NOTE: Requires basic authentication with the username and (current) password associated with the account. The auth username must match the username in the path.

Changes the password associated with the account to the value specified in the "password" POST value.

The server will return 1 on success, or an error message if some portion of the process fails.

DELETE

https://server/pathname/version/username/

NOTE: Requires simple authentication with the username and password associated with the account. The auth username must match the username in the path.

Deletes the user account.

X-Weave-Alert

This header may be sent back from any transaction, and contains potential warning messages, information, or other alerts. The contents are intended to be human-readable.


Miscellaneous Functions

https://server/user/1.0/captcha_html

Returns an html body string containing a Recaptcha challenge captcha. If the WEAVE_REGISTER_USE_CAPTCHA is set to 1, the PUT API above will expect the challenge and response from this captcha.

Note: this function outputs html, not json.