diff options
author | Drew DeVault <sir@cmpwn.com> | 2019-03-03 14:29:34 -0700 |
---|---|---|
committer | Drew DeVault <sir@cmpwn.com> | 2019-03-03 14:29:34 -0700 |
commit | 8c7b1dd7f8e3975b6e403d319b3a1b0576a270d7 (patch) | |
tree | b9f7c948f016c0f7bee9366947d4e49a42578c43 | |
parent | f42dc0e1938f8d1f05a436bd08c04a44ecf28e6f (diff) | |
download | sr.ht-docs-8c7b1dd7f8e3975b6e403d319b3a1b0576a270d7.tar.gz |
Add meta.sr.ht user API documentation
-rw-r--r-- | api-conventions.md | 4 | ||||
-rw-r--r-- | meta.sr.ht/user-api.md | 265 |
2 files changed, 266 insertions, 3 deletions
diff --git a/api-conventions.md b/api-conventions.md index 4a9a835..c48c0dc 100644 --- a/api-conventions.md +++ b/api-conventions.md @@ -147,7 +147,7 @@ guarantees about interface stability. "email": "email", "url": "url" or null, "location": "location" or null, - "bio": "bio" or null, + "bio": "bio" or null } ``` @@ -156,7 +156,7 @@ guarantees about interface stability. ```json { "canonical_name": "~username", - "name": "username", + "name": "username" } ``` diff --git a/meta.sr.ht/user-api.md b/meta.sr.ht/user-api.md index 5606b4b..0c154e2 100644 --- a/meta.sr.ht/user-api.md +++ b/meta.sr.ht/user-api.md @@ -1,3 +1,266 @@ # meta.sr.ht user API -TODO: write this doc +The meta.sr.ht API allows you to view and edit user information on meta.sr.ht +programmatically. This API follows the [standard sourcehut API +conventions](../api-conventions.md). + +## Authentication + +Authentication is done via the [meta.sr.ht OAuth +flow](oauth-api.md). The following OAuth scopes are available for meta.sr.ht: + +- **audit:read**: read the security audit log +- **keys:read**, **keys:write**: read & update user SSH & PGP keys +- **profile:read**, **profile:write**: read & update profile information + +## Resources + +### User resource + +meta.sr.ht expands on the [standard user +resource](../api-conventions.md#user-resource). + +```json +{ + "canonical_name": "~username", + "name": "username", + "email": "email", + "url": "url" or null, + "location": "location" or null, + "bio": "bio" or null, + "use_pgp_key": pgp key resource ID +} +``` + +- **use_pgp_key** is the ID of the user's preferred PGP key, which can be found + via [`GET /api/user/pgp-keys/:id`](#get-apiuserpgpkeysid). + +### Audit log entry resource + +```json +{ + "id": integer, + "ip": "IP address", + "action": "event type", + "details": "event details", + "created": "timestamp" +} +``` + +### SSH key resource + +```json +{ + "id": integer, + "authorized": "timestamp", + "comment": "SSH key comment", + "fingerprint": "SSH key fingerprint", + "key": "SSH key (authorized_keys format)", + "owner": short-form user resource, + "last_used": "timestamp" +} +``` + +- **last_used** is omitted when viewing an SSH key which is not owned by the + authorized user. + +### PGP key resource + +```json +{ + "id": integer, + "key": "armored PGP key", + "key_id": "PGP key fingerprint", + "email": "First email found in the PGP key", + "authorized": "timestamp", + "owner": short-form user resource +} +``` + +## Endpoints + +### GET /api/user/profile + +**OAuth scope**: `profile:read` + +Returns the authenticated user's [user resource](#user-resource). + +### PUT /api/user/profile + +**OAuth scope**: `profile:update` + +Updates the authenticated user's profile. + +**Request body** + +```json +{ + "url": "url" or null, (optional) + "location": "location" or null, (optional) + "bio": "bio" or null, (optional) + "email": "email" (optional) +} +``` + +**Response** + +Updated [user resource](#user-resource). + +**Notes** + +- When updating **email**, the returned user resource will not reflect the + update. The user must click the confirmation link which is sent to their new + email address before the update will take effect. + +### GET /api/user/audit-log + +**OAuth scope**: `audit-log:read` + +List of [audit log entry resources](#audit-log-entry-resource). + +### GET /api/user/ssh-keys + +**OAuth scope**: `keys:read` + +List of [SSH key resources](#ssh-key-resource). + +### POST /api/user/ssh-keys + +**OAuth scope**: `keys:write` + +Creates a new [SSH key resource](#ssh-key-resource). + +**Request body** + +```json +{ + "ssh-key": "SSH key (authorized_keys format)" +} +``` + +**Response** + +The new [SSH key resource](#ssh-key-resource). + +### GET /api/user/ssh-keys/:id + +**OAuth scope**: `keys:read` + +Retrieves an [SSH key resource](#ssh-key-resource). + +### PUT /api/user/ssh-keys/:id + +**OAuth scope**: `keys:write` + +Updates the "last_used" time of this SSH key resource. + +**Response** + +The updated [SSH key resource](#ssh-key-resource). + +### DELETE /api/user/ssh-keys/:id + +**OAuth scope**: `keys:write` + +Deletes this SSH key resource. + +### GET /api/user/pgp-keys + +**OAuth scope**: `keys:read` + +List of [PGP key resources](#pgp-key-resource). + +### POST /api/user/pgp-keys + +**OAuth scope**: `keys:write` + +Creates a new [PGP key resource](#pgp-key-resource). + +**Request body** + +```json +{ + "pgp-key": "armored PGP key" +} +``` + +**Response** + +The new [PGP key resource](#pgp-key-resource). + +### GET /api/user/pgp-keys/:id + +**OAuth scope**: `keys:read` + +Retrieves a [PGP key resource](#pgp-key-resource). + +### DELETE /api/user/pgp-keys/:id + +**OAuth scope**: `keys:write` + +Deletes this PGP key resource. + +## Webhooks + +### /api/user/... + +Webhook for user events. Includes the [standard webhook +endpoints](../api-conventions.md#webhooks) + +#### profile:update + +**OAuth scope**: `profile:read` + +Issued when the user's profile (bio, email, etc) is updated. + +**Request body** + +The updated [user resource](#user-resource). + +#### ssh-key:add + +**OAuth scope**: `keys:read` + +Issued when the user adds an SSH key to their account. + +**Request body** + +The new [SSH key resource](#ssh-key-resource). + +#### ssh-key:remove + +**OAuth scope**: `keys:read` + +Issued when the user removes an SSH key from their account. + +**Request body** + +```json +{ + "id": integer ID of the affected SSH key resource +} +``` + +#### pgp-key:add + +**OAuth scope**: `keys:read` + +Issued when the user adds a PGP key to their account. + +**Request body** + +The new [PGP key resource](#pgp-key-resource). + +#### pgp-key:remove + +**OAuth scope**: `keys:read` + +Issued when the user removes a PGP key from their account. + +**Request body** + +```json +{ + "id": integer ID of the affected PGP key resource +} +``` |