Adam, thanks for starting this discussion, Le 20/02/2014 04:52, Adam Roach a écrit : > Putting this together, what we want is something that semantically > evaluates to: > > http://authority/action/url-format-version/{serial > #,caller,callee,expiration,hmac} As Martin points out, URLs should not represent actions, they should represent things.
On the experiment we made with Romain Gauthier and Nicolas Perriault, we went ahead and chose the following scheme: # A "*" means this URI requires authentication (a valid token from the token server, # which contains user id). * POST /call-url/ → Create the call url a callee can click on. GET /calls/{token} → Get the app (that's the url in question, which displays an app) POST /calls/{token} → Add an incoming call (does a simple push notif and gets room tokens) * GET /calls/ → List incoming calls for the authenticated user. {token} was something that is containing the user id of the callee plus a . I don't understand why we're trying to put information about the caller here, since we don't know who is this. In your proposal, I don't understand what is the "serial #", and especially why it can't replace the version as you specify it. It seems straightforward to just have a serial number (randomly generated and not auto incremented, because auto increment is harder to scale) that we can revoke if needed. It means that before displaying the app and accepting a call (we can also chose one of them only), we will have to check in the database if this serial # is still a valid one. We could let the user chose what's the duration of their call-url, and default to something specified in a configuration file if the user don't specify anything. > Ideally, we also want the ability to identify multiple versions of URL > encodings, should we decide to migrate to include an enhanced scheme > in the future. If you're thinking about having multiple versions of the service running at once, then I think this shouldn't be handled this way. When you ask for a node to the token server, you ask for a particular version of the service, and you get an endpoint to this service. This allows us to not have to deal with multiple versions of the API in the server code. If that's not what you're refering to, can you provide more info? — Alexis _______________________________________________ dev-media mailing list dev-media@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-media