diff options
Diffstat (limited to 'docs/http-api.md')
-rw-r--r-- | docs/http-api.md | 29 |
1 files changed, 0 insertions, 29 deletions
diff --git a/docs/http-api.md b/docs/http-api.md deleted file mode 100644 index d78f2ee..0000000 --- a/docs/http-api.md +++ /dev/null @@ -1,29 +0,0 @@ -# HTTP API - -The monitor listens for HTTP POST requests on a well-known endpoint. For -example, the well-known endpoint might be `https://example.com/add-chain` or -`http://exampled3jsb2t6n2f5f6r4v4gkqmqd7h4hjucwb7y5.onion/add-chain`. - -The HTTP POST request body should be an X.509v3 chain in PEM format. The first -certificate must be a leaf. The remaining certificates must be CA certificates. - -To authenticate the node adding a certificate chain to the monitor, the HTTP -authorization header needs to be present and carry a valid value. - - Authorization: TYPE NAME:VALUE - -`TYPE`: custom HTTP authorization type used by the monitor, set to "silent-ct". - -`NAME`: identifier that the monitor uses to locate the right pre-shared secret. - -`VALUE`: HMAC with SHA256 as the hash function for the entire HTTP POST request -body. The HMAC key is derived by the node and the monitor from the pre-shared -secret `SECRET`, node name `NAME`, and HTTP authorization type `TYPE`. In Go: - - hkdf := hkdf.New(sha256.New, SECRET, TYPE, NAME) - key := make([]byte, 16) - io.ReadFull(hkdf, key) - -On successful processing of a request, the monitor outputs HTTP 200 OK. If the -HMAC value is incorrect or the node is not allowed to request certificates for -the domain names in the request body, the monitor outputs HTTP 401 Unauthorized. |