Skip to content

CanyonCasa/HomebrewAPI

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 

Repository files navigation

HomebrewAPI

Keywords: Homebrew, API

Application Programming Interface to the Homebrew Tools

_By Dave Campbell_

Abstract

HomebrewAPI defines the application programming interface (API) to the Homebrew family of tools, principally HomebrewLite.

HomebrewAPI

Apache (.htacess) Setup

Authentication

HomebrewAPI authentication uses the Basic HTTP Authentication header for requests defined as

Authentication: Basic base64_encoded(user:password) 1,2

Every GET/POST request generally requires authentication, but depends on defined API recipes,

A successful authentication will POST the requested source (unless an error occurs). A failed authentication will have a status code 200, OK, but will return a JSON error object containing a code and message, such as {"code": 401,"msg": "Unauthorized"}. Note, the fetch promise response (from FetchWrapper.js) includes a jxOK value that can test the validity of responses and the response jx field contains the recovered JSON output.

Authentication supports two forms: multi-user (i.e. shared token) and single-user (i.e. user specific credentials), with individual permissions possible in both cases. Verification first trys to match the user specific password. On failure of the user password, it will try to match the authAs password, if specified in the cfg.json file (discussed below).

Authentication: Basic base64_encoded(token:password) 3

Authentication Notes:

  1. HomebrewAPI uses the Basic authentication method, which passes clear text credentials in the request header. Therefore, it requires use of https access (instead of http) for credentials security.

  2. HomebrewAPI assumes server support for Bcrypt password encryption to authenticate developer and author uploads.

  3. Multi-user mode does not ensure absolute security as it does not prevent a user from "spoofing someone else"! It is intended for easy management of a small group of trusted users, such as a family or small business employees.

  4. IoT devices utilize an API key and auth code handled same as user:pw, i.e. key:auth_code

Cross Origin Requests (CORS)

HomebrewAPI handles cross-origin requests between multiple sites as defined in the cfg.json file.

Special Server Operations

The server-side implements handlers for fullfilling client requests. HomebrewLite includes 3 handlers by default outlined below:

  • Data management
  • Action management
  • Info management

Changes

  • Initial release.

To Do

About

Description of API for HomebrewLite server

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published