Award token

From ePrize Developers Wiki

(Difference between revisions)
Jump to: navigation, search
(New page: <pre>Request representation: profile:{profile} Response: 201 Created Location: /v1/{apikey}/game/{game}/token/{token} Entity body same as GET /v1/{apikey}/game/{game}/token/{token} Respo...)
Line 1: Line 1:
-
<pre>Request representation:
+
{{RESTfulAPI
-
profile:{profile}
+
|crumbs=[[API Home Page]] :: [[Games and Awards]]
 +
|summary=TODO: Fill me in.
 +
}}
-
Response:
+
{{RESTfulExample
-
201 Created
+
|title=Successfully Awarding a Token
-
Location: /v1/{apikey}/game/{game}/token/{token}
+
|summary=This demonstrates successfully awarding a token to a user.
-
Entity body same as GET /v1/{apikey}/game/{game}/token/{token}
+
|request=profile: /v1/{apikey}/profile/{uid}
 +
|responsecode=201 Created
 +
|responseloc=/v1/{apikey}/game/{game}/token/{token}
 +
|response=<?xml version="1.0" encoding="UTF-8" ?>
 +
<result ver="ePrize Web Services 1.0">
 +
<result>
 +
<token>
 +
<id>{token}</id>
 +
<profile>{profile}</profile>
 +
<game>{game}</game>
 +
</token>
 +
</result>
 +
<status>1</status>
 +
</result>
 +
|extranotes=The {profile} value that is seen in the request and response of this call is the canonical URL of the profile that the token should be awarded to.
-
Response if request invalid:
+
This URL can be easily attacked by the owner of a profile because the owner knows his own canonical profile URL. Award limits create an upper bound on the attack damage.
-
400 Bad Request
+
}}
-
Entity body describing failed validations
+
 +
{{RESTfulExample
 +
|title=Awarding Token to Invalid Profile
 +
|summary=This demonstrates attempting to award a token to a profile resource that doesn't exist.
 +
|request=profile: foo
 +
|responsecode=400 Bad Request
 +
|response=<?xml version="1.0" encoding="UTF-8"?>
 +
<result ver="ePrize Web Services 1.0">
 +
<result>Unable to validate the provided profile.</result>
 +
<status>0</status>
 +
</result>
 +
}}
 +
 +
== Extra Notes ==
 +
 +
<pre>
Response if limit reached:
Response if limit reached:
403 Forbidden
403 Forbidden
</pre>
</pre>
- 
-
The {profile} value is the canonical URL of the profile that the token should be awarded to.
 
- 
-
This URL can be easily attacked by the owner of a profile because the owner knows his own canonical profile URL. Award limits create an upper bound on the attack damage.
 

Revision as of 18:53, 9 April 2009

API Home Page :: Games and Awards

Summary

TODO: Fill me in.





Example: Successfully Awarding a Token

Summary

This demonstrates successfully awarding a token to a user.

Request 

profile: /v1/{apikey}/profile/{uid}

Response

HTTP Status Code: 201 Created

HTTP Redirect Location: /v1/{apikey}/game/{game}/token/{token} 

<?xml version="1.0" encoding="UTF-8" ?>
<result ver="ePrize Web Services 1.0">
  <result>
    <token>
      <id>{token}</id>
      <profile>{profile}</profile>
      <game>{game}</game>
    </token>
  </result>
  <status>1</status>
</result>

Notes

The {profile} value that is seen in the request and response of this call is the canonical URL of the profile that the token should be awarded to.

This URL can be easily attacked by the owner of a profile because the owner knows his own canonical profile URL. Award limits create an upper bound on the attack damage.

Example: Awarding Token to Invalid Profile

Summary

This demonstrates attempting to award a token to a profile resource that doesn't exist.

Request 

profile: foo

Response

HTTP Status Code: 400 Bad Request 


<?xml version="1.0" encoding="UTF-8"?>
<result ver="ePrize Web Services 1.0">
  <result>Unable to validate the provided profile.</result>
  <status>0</status>
</result>


Extra Notes 

Response if limit reached:
403 Forbidden
Retrieved from "https://code.helloworld.com/wiki/index.php/Award_token"
Personal tools