Make nonce-bearing Abaco URIs cleaner via URL rewriting #54
Assignees
Labels
Comments
mwvaughn
added
enhancement
priority.verylow
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Here's an example callback used in some ongoing work that leverages Abaco, where actor
EEDKw7NAr4E0xcan accept this message and use it to set a value for a variableshorthashin database record1073f4ff-c2b9-5190-bd9a-e6a406d9796a.https://api.sd2e.org/actors/v2/EEDKw7NAr4E0x/messages?x-nonce=TACC_kOMDBMNGo1r3m&shorthash=3f643e7b2722f16e&uuid=1073f4ff-c2b9-5190-bd9a-e6a406d9796a
Compared to the callback URL generated by several popular platforms, this feels a bit clunky and I think it is because the extended string of URL parameters carries both the nonce and the payload parameters.
It feels more intuitive for the base URL to include the nonce inline:
https://api.sd2e.org/actors/v2/EEDKw7NAr4E0x/messages/x-nonce/TACC_kOMDBMNGo1r3m
This makes it very clear which part of the URL is user payload versus the portion authorizing access to the actor.
https://api.sd2e.org/actors/v2/EEDKw7NAr4E0x/messages/x-nonce/TACC_kOMDBMNGo1r3m?token=3f643e7b2722f16e&uuid=1073f4ff-c2b9-5190-bd9a-e6a406d9796a
The text was updated successfully, but these errors were encountered: