rest service for ip registration

[geirkairam]

for the new wizard we would like to register IPs during configuration (see freifunk-berlin/firmware-wizard-frontend#9)
is it possible to get a service for ip registration with the following spec?

method: reserveIPs
params: routername, mail, meships count, subnet (yes/no), v6prefix) that sends a mail with an confirmation key
function: reserve IPs and send mail to user with confirmation key
return: success / failure

method: confirmIPs
params: confirmation key, email
function: register ips for the user, send success mail
return: success (json with IPs) / failure

[cholin]

Surely it's possible. What would be your preferred authentication method? Token-based? Do you really want to rely on the email-confirmation method? For an API I don't know if it is the most useable and convient way to go with...

[geirkairam]

mhh.. I did'nt thought about authentication yet. I guess we could skip the mail,
but it may be also nice for the user to have a mail with a link to release IPs if they are not longer needed or use the IPs again for another installation or something like that.
@andrenarchy what do you think?

[booo]

The user should receive a mail with all the data.

[andrenarchy]

I think the email verification is the easiest way. We don't want users to create accounts so I don't see an alternative. Furthermore: why should we switch to a different authentication mechanism? I see this as another way to access the IP registry functionality that already exists.

So I can imagine something like:

POST /ips/
Requeat payload:

{
  "email": " [email protected]",
  "routerName": "wurstrouter",
  "v4count": 3,
  "v4subnet": 26,
  "v6subnet": 56
}

Response: 200 for success without body.
Action: register IPs as " pending" and send verification mail with a link and a TOKEN.

Clicking the verification link should work as before.

GET /ips/TOKEN
Response: IPs as JSON.
Action: remove "pending" flag and send confirmation mail (same as clicking the link).

[cholin]

Well I like token based authentication methods for external apps to prevent massive spam registrations. Nothing fancy we could just add tokens for enabled apps in our config file.

[cholin]

Furthermore I would prefer to use lists for subnets and get rid of the count param like the following:

POST /ips/
   {
     "email": " [email protected]",
     "routerName": "wurstrouter",
     "routerModel": " WDR4300",    # optional
     "v4subnet": [26, 24],
     "v6subnet": [56]
   }

If vXsubnet is a number instead of a list we only create one subnet.

[carpodaster]

Response: 200 for success without body.

May I suggest 201 Created or 202 Accepted instead? (yes I know, nitpicking. But I <3 proper status codes ;) )

[andrenarchy]

Absolutely right! 😄 http://httpstatus.es/201

[booo]

I nominate 204 for the election process.

[andrenarchy]

preliminary API documentation: https://pad.freifunk.net/p/berlin-wizard :)