546
edits
UDP API Definition: Difference between revisions
→Authing Commands
Epoximator (talk | contribs) |
Epoximator (talk | contribs) |
||
| Line 193: | Line 193: | ||
* A Login and its assigned ''session_key'' is valid until the virtual UDP connection times out or until a LOGOUT command is issued. | * A Login and its assigned ''session_key'' is valid until the virtual UDP connection times out or until a LOGOUT command is issued. | ||
* The virtual UDP connection times out if no data was recieved from the client for '''35 minutes'''. | * The virtual UDP connection times out if no data was recieved from the client for '''35 minutes'''. | ||
* A client should issue a | * A client should issue a UPTIME command once every 30 minutes to keep the connection alive should that be required. | ||
* If the client does not use any of the notification/push features of the API it should NOT keep the connection alive, furthermore it should explicitly terminate the connection by issueing a LOGOUT command once it finished it's work. | * If the client does not use any of the notification/push features of the API it should NOT keep the connection alive, furthermore it should explicitly terminate the connection by issueing a LOGOUT command once it finished it's work. | ||
* If it is very likely that another command will be issued shortly (within the next 20 minutes) a client may keep the current connection open, until it times out on it's own, by not sending a LOGOUT command. | * If it is very likely that another command will be issued shortly (within the next 20 minutes) a client may keep the current connection open, until it times out on it's own, by not sending a LOGOUT command. | ||
| Line 224: | Line 224: | ||
* This command only works if you are already logged in. | * This command only works if you are already logged in. | ||
* A logout should ALWAYS be issued if the client is currently logged in and is either exiting or not expecting to send/receive any anidb api packets for the next >= 30 minutes. | * A logout should ALWAYS be issued if the client is currently logged in and is either exiting or not expecting to send/receive any anidb api packets for the next >= 30 minutes. | ||
---- | |||
=== ENCRYPT: Start Encrypted Session === | |||
Will cause all future messages from the server, except the first (the reply to the ENCRYPT command itself), to be encrypted (128 bit [http://en.wikipedia.org/wiki/Advanced_Encryption_Standard AES]). The client will also have to encrypt all future requests sent to the server. All non-encrypted messages will be discarded by the server. The encryption key is the [http://en.wikipedia.org/wiki/MD5 MD5] hash of a special ''API Password'' (defined in the users profile) concatenated with the salt string as given in the reply to the ENCRYPT message. A normal AUTH message is still necessary to authenticate and should follow the ENCRYPT command once the API has acknowledged the encryption. | |||
'''Command String:''' | |||
* ENCRYPT user={str name}&type={int2 type} | |||
'''Possible Replies:''' | |||
* 209 {str salt} ENCRYPTION ENABLED | |||
* 309 API PASSWORD NOT DEFINED | |||
* 509 NO SUCH ENCRYPTION TYPE | |||
* 394 NO SUCH USER | |||
'''Info:''' | |||
* ''user'' is the user name. | |||
* ''type'' is the type of encryption; 1 => 128 bit AES (only one defined). | |||
* ''API Password'' is the one defined in the profile settings [http://anidb.info/perl-bin/animedb.pl?show=profile page]. | |||
* It is not possible to disable the encryption once enabled while staying logged in. | |||
** A logout (the logout message needs to be correctly encrypted) or timeout will disable the encryption. | |||
* In order to minimize server load, encryption should be disabled by default and should have to be enabled manually by the user in the configuration options. | |||
* The encryption key is md5(api_password_of_user+''salt''). | |||
* Padding of the message needs to be done according to the PKCS5Padding scheme. | |||
== Notify Commands == | == Notify Commands == | ||