WhereYouAre: Difference between revisions

From Bitpost wiki
No edit summary
No edit summary
Line 33: Line 33:
      
      
== rest api ==
== rest api ==
The best example I have to follow is the [http://apiwiki.twitter.com/Twitter-API-Documentation Twitter API].  It *obviously* scales.
 
-- Examples --
#The best example I have to follow is the [http://apiwiki.twitter.com/Twitter-API-Documentation Twitter API].  It *obviously* scales. It uses Basic Authentication, which sucks (everything is plaintext, holy shit).  BETTER force it to use SSL.
#The other excellent example is the [http://docs.amazonwebservices.com/AmazonS3/latest/index.html?RESTAuthentication.html Amazon S3 API].  Authentication is brilliant - it uses a SHA1 signature of the request, which MUST include a timestamp within the last 15 minutes.  There is a set of rules for turning the request URL into the request string that is signed.
Signature = Base64( HMAC-SHA1( UTF-8-Encoding-Of( YourSecretAccessKeyID, StringToSign ) ) );


  whereyouare.com/
  whereyouare.com/

Revision as of 20:52, 9 February 2010

Design

   all f's of all users running app need constant location ping
       f's must be shared with phone# as key
       server must track users' flist
       server must constantly work on getting f updates
   user starts up app
       user logs in to server and sends friendlist
       server adds user to userlist, merges friendlist into totalfriendlist (w/refcount?)
       server should do its best to get all friends' locations
           ** this is a separate task from communicating with user **
       user pings server with location, gets f updates
           ping every 15 seconds?
           only send updates if they have not been received by user?  (how to get best performance?)
       user shuts down app (or times out)
       user is logged out of server
   server f location collector
       use external services to poll for location for all f that are not running app	
           ping every 15 seconds?
           users that are running app are all sending locations, no need to collect them
       include occasional push check:
           if f owns app
               if f is not running app
                   if f is in meetup
                       push request to f1


   <iph>			<tdm_rest>		<tdm_pusher>		<apl>			<loc_server>
   -----			-----			-----			-----			-----
   

rest api

-- Examples --

  1. The best example I have to follow is the Twitter API. It *obviously* scales. It uses Basic Authentication, which sucks (everything is plaintext, holy shit). BETTER force it to use SSL.
  2. The other excellent example is the Amazon S3 API. Authentication is brilliant - it uses a SHA1 signature of the request, which MUST include a timestamp within the last 15 minutes. There is a set of rules for turning the request URL into the request string that is signed.
Signature = Base64( HMAC-SHA1( UTF-8-Encoding-Of( YourSecretAccessKeyID, StringToSign ) ) );
	whereyouare.com/
		myaccountid/
			friendlist (GET)
			friendid/
				location (GET,POST)