Award token
From ePrize Developers Wiki
(Difference between revisions)
| Line 16: | Line 16: | ||
<profile>{profile}</profile> | <profile>{profile}</profile> | ||
<game>{game}</game> | <game>{game}</game> | ||
| + | <redeemed>false</redeemed> | ||
</token> | </token> | ||
</result> | </result> | ||
Revision as of 17:35, 13 April 2009
API Home Page :: Games and Awards
Summary
TODO: Fill me in.
Example: Successfully Awarding a Token
Summary
This demonstrates successfully awarding a token to a user.
Request
profile: /v1/{apikey}/profile/{uid}
Response
HTTP Status Code: 201 Created
HTTP Redirect Location: /v1/{apikey}/game/{game}/token/{token}
<?xml version="1.0" encoding="UTF-8" ?>
<result ver="ePrize Web Services 1.0">
<token>
<id>{token}</id>
<profile>{profile}</profile>
<game>{game}</game>
<redeemed>false</redeemed>
</token>
</result>
Notes
The {profile} value that is seen in the request and response of this call is the canonical URL of the profile that the token should be awarded to.
This URL can be easily attacked by the owner of a profile because the owner knows his own canonical profile URL. Award limits create an upper bound on the attack damage.
Example: Awarding Token to Invalid Profile
Summary
This demonstrates attempting to award a token to a profile resource that doesn't exist.
Request
profile: foo
Response
HTTP Status Code: 400 Bad Request
<?xml version="1.0" encoding="UTF-8"?> <result ver="ePrize Web Services 1.0"> <result>Unable to validate the provided profile.</result> <status>0</status> </result>
Extra Notes
Response if limit reached: 403 Forbidden
