Closed vladimiry closed 2 years ago
Today, usually there's no difference, but in the future there will be, so for the sake of not breaking things I strongly encourage use of the separate domains for separate purposes. Also, the /api formulation largely exists to avoid CORS issues. If you can instead use mail-api.protonmail, calendar-api.proton.me, etc (without the /api please) then that would be preferred for us.
If you can instead use mail-api.protonmail, calendar-api.proton.me, etc
The <app-type>-api
-like subdomains don't seem to exist on protonmail.ch
and protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion
domains (related #248).
The
-api-like subdomains don't seem to exist on protonmail.ch and protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion domains (related #248).
My bad, it exists on protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion, proton.me and protonmail.com domains, but not on protonmail.ch.
Does it mean that protonmail.ch
domain support for API purposes is going to be stopped soon?
Yes, and eventually also protonmail.com. So please use either proton.me and Tor. -api subdomains.
Thanks for the support. Very helpful.
You're welcome (edited)!
If you can instead use mail-api.protonmail, calendar-api.proton.me, etc
@bartbutler there is an issue with set-cookie headers on some requests.
For example, https://mail-api.protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/auth/cookies request sets the REFRESH-
record with path=/api/auth/refresh
and AUTH-
record with path=/api/
and so the consequent requests end up with 401 error since we don't use /api/
prefix for calling the API (and so the AUTH cookie doesn't get applied for the consequent requests), but <app-type>-api
subdomain (notice auth call was made via /auth/cookies
, without /api/
but via subdomain).
It's not a big problem since it's easy for me to modify some cookies before sending them to a browser, but it generally looks like a room for improvement.
If you can instead use mail-api.protonmail, calendar-api.proton.me, etc
The upcoming ElectronMail v5.0.0 release coming with <app-type>-api
subdomain API address use. I had to remove the possible /api
prefix from the cookie.path
as described in the previous message.
Is there a difference if I use "mail"-prefixed API address, like https://mail.proton.me/api, for all apps (mail/calendar/drive/account/vpn) vs using the API address prefixed with app type subdomain for each app (https://mail.proton.me/api, https://calendar.proton.me/api, https://drive.proton.me/api, etc) which is a default behavior for the in-browser clients (relative to page origin API address, ie
/api
)?For my need, it's easier to use a single mail.proton.me/api-like address to all apps, but I'm interested are there any negative implications? Like if you run/deploy different backend versions for each service independently, and so using for example the https://mail.proton.me/api address on "calendar" app won't be a good idea since "calendar" app requires own/specific backend.
Currently, used API addresses, global for all apps (mail/calendar/drive/account/vpn):
CC @mmso / @bartbutler