Mandatory: any apixtrib request header have to set with:
{xalias,xhash,xdays,xtribe,xlang,xapp}
This webapp use :
In few words:
A Pagan is identify by an Alias (for human) known by api as a publicKey (for machine).
The owner of this Alias (stored in header xalias) have a privateKey generate when a Pagan is created.
This private key is used to sign (with openpgp.js detachedsignature) the message "xalias_xdays" where xdays is a
timestamp this signature is store into xhash (header)
It is possible to trust a tribe to store this privateKey (and passphrase that encrypt this privatekey, that can be
empty, if not the passphrase is needed to uncipher the stored privateKey).
api accept only xhash with a timestamp less than 24hours. Means app needs to store privatekey.
When authenticated, a Pagan can be identify as a Person into a tribe (xtribe) and then has an
object
instance of Person named "alias" into the tribe space (means /nationchains/tribe/xtribe/Person/alias.json).
In this file we get a key call accessright based onto the schema accessright to the ressource of the xtribe
only.
accessright is based on a CRUDOwner rules per object. Owner of an instance can do any things on his data
(until it respects schema). An object can have multiple Owners.
Other user needs to have specifics right to act on object instance {objectname:'CRUD', ..}.
Person can have key "profil" user of an app to manage webapp but action has to be on line with accessright to
work.
GET nationchains/pagans/idx/alias_all.json -> data:{alias:{alias:publicKey}}
To allow trustable Tribe to store the Private and Passphrase Key, you get from the townId_all.json key:tribes
GET /nationchains/towns/idx/townId_all.json -> data:{townId:{tribes:[list of tribeId inside a town]}}
GET 'api/pagans/isauth' -> status 200 : Well authenticated with alias, status 400: not authenticated
apXtrib allow you to create keys to identify yourself with a universal alias
Download your keys at least PrivateKey this have to save in a secret place