تصميم:دواسوا/cryptographic-token

من ويكي أضِف
< تصميم:دواسوا
مراجعة 13:35، 2 يناير 2017 بواسطة أحمد (نقاش | مساهمات) (underscore for nodejs hates dashes)
(فرق) → مراجعة أقدم | المراجعة الحالية (فرق) | مراجعة أحدث ← (فرق)
اذهب إلى التنقل اذهب إلى البحث

The system has no user accounts nor sessions, and the API is all public. All actions are confirmed via email messages

API actions that commit changes to the listings database are performed over two steps:

  1. a request is received containing the object information to be affected, where all information is public
  2. a confirmation action follows by providing using a cryptographic token received over email, which uniquely identifies the object.

The cryptographic token is constructed as follows:

base62(sha512(id . verb . cryptographic_token_salt))

Where verb is the literal name of the action being performed; i.e. one of instate_entry or remove_entry