Endpoints

# Endpoint Name Method Description
1 / Index GET / POST The Main Page. Shows up a congratulations Alert if the server is running.
2 /docs Docs GET This Page. The entire Documentation & Guide of the API.
3 /signin Sign In POST It validates the credentials in the form for account login and creates a new session ID token and logs in the user while returning the session ID token to the user in the form of JSON Response, otherwise returns a JSON Response with the appropriate error.
4 /signup Sign Up POST It validates the credentials in the form for account creation and creates an account, otherwise returns a JSON Response with the appropriate error.
5 /vault-get Vault Get POST It validates the user's Email and Session ID and then gives the user's entire list of passwords in their account.
6 /vault-new Vault New POST It validates the user's Email and Session ID and creates a new entry of password in theirs password's list.
7 /vault-delete Vault Delete POST It validates the user's Email and Session ID and deletes an entry of password in theirs password's list.
8 /vault-edit Vault Edit POST It validates the user's Email and Session ID and edits an entry of password in theirs password's list.
9 /session-get Session Get POST It validates the user's Email and Session ID and then gives the user's entire list of active sessions in their account.
10 /session-delete Session Delete POST It validates the user's Email and Session ID and deletes an entry of session in theirs sessions list.
11 /session-edit Session Edit POST It validates the user's Email and Session ID and edits an entry of session in their sessions list.
12 /pp-get Profile Picture Get POST It validates the user's Email and Session ID and returns the PP.
13 /pp-new Profile Picture New POST It validates the user's Email and Session ID and edits their pp.
14 /otp-send OTP Send POST It validates the user's Email and Session ID and sends an otp on their provided email.
15 /otp-verify OTP Verify POST It validates the user's Email and Session ID and the sent OTP.
16 /change-password Change Password POST It validates the user's Email and Session ID and the Master Password, after which, the user can change the Master Password

Config

The "config.json" file contains the config for the API. It is located at "Project_Directory/config.json" (Root Directory of Project). It can be edited according to the user's needs. Some of the fields in it are required to be changed by the user so the API can function correctly and securely.


Below is the description of the entirety of the config file and the entire guide for it.

  1. debug:

    Data Type: Boolean

    This field determines that should the API run in debug mode or not. When in debug mode, the API, on encountering errors, may print out additional information in the browser which is a critical security risk. In normal circumstances, this field should be set to "false".


  2. security_key: (MUST BE CHANGED)

    Data Type: String

    This field contains the Secret Key of Django. When setting up this project, the user needs to change this field. A new secret key can be generated by using an online django Secret Key Generator. For example, the user can use this Generator.


  3. allowed_hosts: (MUST BE CHANGED)

    Data Type: Array

    This field contains the list of hosts which can serve the API. This field must be changed after setting the "debug" to "true". ["127.0.0.1"] this can be used if the API is served locally or the ip can be substituted for the host name or DNS if the API is being served and hosted on a server. For example, ["example.com"] can be used if the server serving the API has a DNS of "example.com". At last, ["*"] this wildcard can be used to allow anyone to serve this API, but it may pose some security risks.


  4. db_host | db_port

    Data Type: String

    These Fields contain the IP and PORT of the machine running the DB. If the DB is running locally and the PORT is not changed then the default value would already work.


  5. db_username | db_password

    Data Type: String

    These Fields contain the Username and Password of the user which has the rights to access the DB. If the REAMD.md file is followed exactly then these fields should not be changed in the config.


  6. db_name

    Data Type: String

    This field contains the name of the DB which is used to store the data of the Application. If the REAMD.md file is followed exactly then this field should not be changed in the config.


  7. db_srv

    Data Type: Boolean

    This field contains the the bool to check if the db connections uses srv or not These can be changed but are not necessary to do so.


  8. server_host | server_port

    Data Type: String

    This field contains the host and the port of the api on which the api would be served. These can be changed but are not necessary to do so.


  9. username_min_length | username_max_length

    Data Type: Integer

    These fields determine, when a user creates a new account and sets up a username, what the minimum and maximum length of the username should be. These can be changed but are not necessary to do so.


  10. password_min_length | password_max_length

    Data Type: Integer

    These fields determine, when a user creates a new account and sets up a password, what the minimum and maximum length of the password should be. These can be changed but are not necessary to do so.


  11. sessionId_length

    Data Type: Integer

    When a user login into the account, he is allotted a new session id. This field determines the length of that session id. This can be changed but are not necessary and recommended to do so.


  12. salt_length

    Data Type: Integer

    When a user creates an account, a new salt is generated. This field determines the length of that salt. This can be changed but is not necessary and recommended to do so.


  13. max_sessions

    Data Type: Integer

    When a user logs into the account, a new session is generated. This field determines that how many sessions can be generated for a single user. This can be changed but is not necessary and recommended to do so.


  14. pp_width | pp_height

    Data Type: Integer

    This is the size of the profile picture of the user. It is in Pixels.


  15. email_verification

    Data Type: Boolean

    If set to true, only then the functionality of email verification would work.


  16. email_host | email_port

    Data Type: String

    This field contains the host and the port of the email server to use. These can be changed but are not necessary to do so and can be null if email_verification is False.


  17. email_host_user | email_host_password

    Data Type: String

    This field contains the email from which to send verification and app password if using Gmail. These must be changed but can be null if email_verification is False.


Default Config File

POST Demo Data

This section contains some demo data for the post requests on different endpoints. The demo data is in the form json.

Note: Whenever the API must be called on a POST endpoint, the url should always have a "/" at the end.

Note: Encryption of Password in the Vault is done on client, not on the server. The "password" field in the json data is already encrypted by the client.

  1. /signup


  2. /signin


  3. /vault-get


  4. /vault-new


  5. /vault-delete


  6. /vault-edit


  7. /session-get


  8. /session-delete


  9. /session-edit


  10. /pp-new


  11. /pp-get


  12. /otp-send


  13. /otp-verify


  14. /change-password