groovecoder
commented
8 years ago @bbangert - is there an autopush service or push messages API endpoint I can hit to trigger removing the public key from message-recording?
Closed groovecoder closed 8 years ago
groovecoder
commented
8 years ago @bbangert - is there an autopush service or push messages API endpoint I can hit to trigger removing the public key from message-recording?
bbangert
commented
8 years ago Sure, there's a DELETE call you can make.
groovecoder
commented
8 years ago Cool, so just DELETE /keys/{key} ? Or does it need to be in the body of the request like the POST to add?
DELETE /keys
public-key={key}?
bbangert
commented
8 years ago https://github.com/mozilla-services/push-messages/blob/master/push_api.yaml#L62
Yea, I need to figure out a way to have the docs statically generated and throw them on github pages.
groovecoder
commented
8 years ago @bbangert - When I receive a 404 from the GET /messages/{key}, I reset all applications' status to restart recording messages.
Should I do the same here? Or should I just ignore 404 responses to DELETE /keys/{key} on the assumption that the key was already removed from the messages API?
bbangert
commented
8 years ago delete only returns a 204, it never checks to see if it existed first.
groovecoder
commented
8 years ago Okay, the push_api.yaml suggests it could return a 404. But if it doesn't, then I'll just check for 204's and I'll raise everything else as an exception.
bbangert
commented
8 years ago Oh, can you file an issue against that?
When a VAPID key leaks, allow the push service to PUT status=revoked for the push app, so the application's messages are not leaked.