You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Aug 15, 2025. It is now read-only.
Request a new ID-Cert, usually done when wanting to authenticate a new session, or after
136
+
an ID-Cert has been revoked, to re-authenticate a session.
137
+
parameters:
138
+
- name: X-P2-Sensitive-Solution
139
+
in: header
140
+
required: true
141
+
description: Sensitive actions require a second factor of authentication to be executed. Read [section 4.1.2 of the protocol definition](https://docs.polyphony.chat/Protocol%20Specifications/core/#412-sensitive-actions) for more information.
142
+
schema:
143
+
type: string
144
+
responses:
145
+
'201':
146
+
description: The request has succeeded and a new resource has been created as a result.
147
+
content:
148
+
application/json:
149
+
schema:
150
+
type: object
151
+
properties:
152
+
id_cert:
153
+
type: string
154
+
example: ------BEGIN CERTIFICATE------...
155
+
description: The generated [ID-Cert](/Protocol%20Specifications/core/#71-home-server-signed-certificates-for-public-client-identity-keys-id-cert) in PEM format.
156
+
token:
157
+
type: string
158
+
description: An authorization secret, called a "session token", valid for this `id_cert`/session.
159
+
required:
160
+
- id_cert
161
+
- token
162
+
tags:
163
+
- Federated Identity - Registration required
164
+
- Sensitive Actions
165
+
requestBody:
166
+
required: true
167
+
content:
168
+
application/json:
169
+
schema:
170
+
type: string
171
+
security:
172
+
- BearerAuth: []
130
173
/.p2/core/v1/idcert/actor/{fid}:
131
174
get:
132
175
operationId: Unregistered_actorCerts
@@ -212,9 +255,10 @@ paths:
212
255
summary: Rotate Server Identity Key
213
256
description: Rotate the server's identity key. Requires server administrator permissions.
214
257
parameters:
215
-
- name: X-P2-CHALLENGE-STRING-SOLUTION
258
+
- name: X-P2-Sensitive-Solution
216
259
in: header
217
260
required: true
261
+
description: Sensitive actions require a second factor of authentication to be executed. Read [section 4.1.2 of the protocol definition](https://docs.polyphony.chat/Protocol%20Specifications/core/#412-sensitive-actions) for more information.
218
262
schema:
219
263
type: string
220
264
responses:
@@ -226,7 +270,7 @@ paths:
226
270
type: string
227
271
tags:
228
272
- Federated Identity - Registration not required
229
-
- Sensitive Action
273
+
- Sensitive Actions
230
274
security:
231
275
- BearerAuth: []
232
276
get:
@@ -715,6 +759,12 @@ paths:
715
759
the server will select a new primary service provider from the list of available providers.
716
760
This new provider will be returned in the response body.
717
761
parameters:
762
+
- name: X-P2-Sensitive-Solution
763
+
in: header
764
+
required: false
765
+
description: Sensitive actions require a second factor of authentication to be executed. Read [section 4.1.2 of the protocol definition](https://docs.polyphony.chat/Protocol%20Specifications/core/#412-sensitive-actions) for more information.
766
+
schema:
767
+
type: string
718
768
- name: url
719
769
in: query
720
770
required: true
@@ -754,10 +804,13 @@ paths:
754
804
- new_primary
755
805
'400':
756
806
description: The server could not understand the request due to invalid syntax.
807
+
'403':
808
+
description: Access is forbidden.
757
809
'404':
758
810
description: The server cannot find the requested resource.
759
811
tags:
760
812
- Services - Registration required
813
+
- Sensitive Actions
761
814
security:
762
815
- BearerAuth: []
763
816
/.p2/core/v1/services/discover/{fid}:
@@ -883,7 +936,13 @@ paths:
883
936
provider should be used by default by other actors, when multiple service providers are available
884
937
for a given service namespace. The service specified by the arguments in the body must be a
885
938
valid, already existing service.
886
-
parameters: []
939
+
parameters:
940
+
- name: X-P2-Sensitive-Solution
941
+
in: header
942
+
required: true
943
+
description: Sensitive actions require a second factor of authentication to be executed. Read [section 4.1.2 of the protocol definition](https://docs.polyphony.chat/Protocol%20Specifications/core/#412-sensitive-actions) for more information.
An array of at minimum one, and at maximum 2 [service](./Types/service.md) objects.
961
+
The response will contain the updated previous primary service provider, if there was one, along
962
+
with the new primary service provider.
963
+
'403':
964
+
description: |-
965
+
An array of at minimum one, and at maximum 2 [service](./Types/service.md) objects.
966
+
The response will contain the updated previous primary service provider, if there was one, along
967
+
with the new primary service provider.
899
968
tags:
900
969
- Services - Registration required
970
+
- Sensitive Actions
901
971
requestBody:
902
972
required: true
903
973
content:
@@ -920,10 +990,18 @@ paths:
920
990
- BearerAuth: []
921
991
/.p2/core/v1/session:
922
992
delete:
923
-
operationId: Unregistered_deleteSession
993
+
operationId: Registered_deleteSession
924
994
summary: Delete/Revoke Session
925
-
description: Invalidate a session token by naming the session ID associated with it.
995
+
description: |-
996
+
Invalidate a session and its' associated ID-Cert by providing the session ID associated
997
+
with it.
926
998
parameters:
999
+
- name: X-P2-Sensitive-Solution
1000
+
in: header
1001
+
required: true
1002
+
description: Sensitive actions require a second factor of authentication to be executed. Read [section 4.1.2 of the protocol definition](https://docs.polyphony.chat/Protocol%20Specifications/core/#412-sensitive-actions) for more information.
1003
+
schema:
1004
+
type: string
927
1005
- name: session_id
928
1006
in: query
929
1007
required: true
@@ -942,56 +1020,24 @@ paths:
942
1020
- 0
943
1021
'404':
944
1022
description: The server cannot find the requested resource.
945
-
tags:
946
-
- Federated Identity - Registration not required
947
-
security:
948
-
- BearerAuth: []
949
-
/.p2/core/v1/session/idcert:
950
-
post:
951
-
operationId: Registered_rotateIdCert
952
-
summary: Rotate session ID-Cert
953
-
description: |-
954
-
Rotate your keys for a given session. The `session_id` in the supplied `csr` must correspond to the
955
-
session token used in the `authorization`-Header.
956
-
parameters: []
957
-
responses:
958
-
'201':
959
-
description: Contains your new ID-Cert, along with a new session token.
960
-
content:
961
-
application/json:
962
-
schema:
963
-
type: object
964
-
properties:
965
-
id_cert:
966
-
type: string
967
-
example: ------BEGIN CERTIFICATE------...
968
-
description: The generated [ID-Cert](/Protocol%20Specifications/core/#71-home-server-signed-certificates-for-public-client-identity-keys-id-cert) in PEM format.
969
-
token:
970
-
type: string
971
-
description: An authorization secret, called a "token", valid for this `id_cert`.
972
-
required:
973
-
- id_cert
974
-
- token
975
1023
tags:
976
1024
- Federated Identity - Registration required
977
-
requestBody:
978
-
required: true
979
-
content:
980
-
application/json:
981
-
schema:
982
-
type: string
983
-
description: A new [certificate signing request (CSR)](/Protocol%20Specifications/core/#71-home-server-signed-certificates-for-public-client-identity-keys-id-cert) with the same session ID
984
1025
security:
985
1026
- BearerAuth: []
986
1027
/.p2/core/v1/session/idcert/extern:
987
1028
put:
988
1029
operationId: Unregistered_updateSessionCert
989
1030
summary: Update session ID-Cert
990
-
description: Lets a foreign server know that the ID-Cert of this session has changed.
1031
+
description: |-
1032
+
Lets a foreign server know that the ID-Cert of a session has changed. This route is also
1033
+
used to inform foreign servers about the revocation of an ID-Cert. The ID-Cert passed as
1034
+
body in this route must belong to the actor making the request.
991
1035
parameters: []
992
1036
responses:
993
1037
'201':
994
-
description: The request has succeeded and a new resource has been created as a result.
1038
+
description: 201 on success, 400 if the body is somehow invalid.
1039
+
'400':
1040
+
description: 201 on success, 400 if the body is somehow invalid.
995
1041
tags:
996
1042
- Federated Identity - Registration not required
997
1043
requestBody:
@@ -1076,10 +1122,10 @@ paths:
1076
1122
Delete encrypted private key material from the server. The `serial_number(s)`, must match
1077
1123
the serial numbers of ID-Certs that the client has uploaded key material for.
1078
1124
parameters:
1079
-
- name: X-P2-CHALLENGE-STRING-SOLUTION
1125
+
- name: X-P2-Sensitive-Solution
1080
1126
in: header
1081
1127
required: true
1082
-
description: Sensitive actions require a [challenge string solution](/docs/Protocol%20Specifications/core.md) to be executed.
1128
+
description: Sensitive actions require a second factor of authentication to be executed. Read [section 4.1.2 of the protocol definition](https://docs.polyphony.chat/Protocol%20Specifications/core/#412-sensitive-actions) for more information.
1083
1129
schema:
1084
1130
type: string
1085
1131
- name: serials
@@ -1098,7 +1144,7 @@ paths:
1098
1144
description: The server cannot find the requested resource.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments