Skip to content

Releases: Pogify/pogify-api

Pogify API v2.0.0 Beta 3

10 Apr 05:48
@jeongY-Cho jeongY-Cho
v2.0.0-beta.3
78cf422
Compare
Choose a tag to compare
Pogify API v2.0.0 Beta 3 Pre-release
Pre-release

Changelog

  • Added blanket cors policy.
Assets 2
Loading

Pogify api v2 beta 2

29 Sep 11:59
@jeongY-Cho jeongY-Cho
v2.0.0-beta.2
e01b509
Compare
Choose a tag to compare
Pogify api v2 beta 2 Pre-release
Pre-release

pogify api v2 changes:

  • endpoints are changed
    • old endpoints names were to keep in line with pogify-functions
  • a new proof of work system for starting sessions

About Proof of Work

Pogify does not require any kind of authentication for basic usage and as such its difficult to rate limit the endpoint to start a session. This opens up the possibility of a malignant actor sending millions of requests to start sessions to reserve session IDs and closing the available IDs for other clients. By implementing a proof of work system to start a session, we can effectively limit the rate at which any individual client can claim access to a session. The new flow is as follows:

  1. Clients request a new session problem to /issue
  2. Clients calculate a hash that fulfills the difficulty set by the server
  3. Clients requests a claim to a session using the solved problem to /claim
  4. Server returns with a JWT that grants claim to that session ID.
    • when the session problem is issued the server does not check whether the session already exists.
    • this does mean that a client could solve a problem and not be able to claim a session because it already exists.
      • server will return a status 410 when such happens
Assets 2
Loading