Closed groovecoder closed 8 years ago
@bbangert - is there an autopush service or push messages API endpoint I can hit to trigger removing the public key from message-recording?
Sure, there's a DELETE call you can make.
Cool, so just DELETE /keys/{key}
? Or does it need to be in the body of the request like the POST to add?
DELETE /keys
public-key={key}
?
https://github.com/mozilla-services/push-messages/blob/master/push_api.yaml#L62
Yea, I need to figure out a way to have the docs statically generated and throw them on github pages.
@bbangert - When I receive a 404
from the GET /messages/{key}
, I reset all applications' status to restart recording messages.
Should I do the same here? Or should I just ignore 404 responses to DELETE /keys/{key}
on the assumption that the key was already removed from the messages API?
delete only returns a 204, it never checks to see if it existed first.
Okay, the push_api.yaml
suggests it could return a 404. But if it doesn't, then I'll just check for 204's and I'll raise everything else as an exception.
Oh, can you file an issue against that?
When a VAPID key leaks, allow the push service to PUT status=revoked for the push app, so the application's messages are not leaked.