تصميم:دواسوا/cryptographic-token

The system has no user accounts nor sessions, and the API is all public. All actions are confirmed via email messages

API actions that commit changes to the listings database are performed over two steps:

1. a request is received containing the object information to be affected, where all information is public
2. a confirmation action follows by providing using a cryptographic token received over email, which uniquely identifies the object.

The cryptographic token is constructed as follows:

base62(sha512(id . verb . cryptographic_token_salt))

Where verb is the literal name of the action being performed; i.e. one of instate_entry or remove_entry