projects / platal.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Implements PlSession::apiAuth. The authentication is based on a HMAC
[platal.git] / configs / platal.ini
diff --git a/configs/platal.ini b/configs/platal.ini
index 7263936..7459807 100644 (file)
--- a/configs/platal.ini
+++ b/configs/platal.ini
@@ -156,6 +156,21 @@ register_skin = "register"
 econfiance = ""
 
 
+; The API section contains  the configuration for the web services.
+[Api]
+
+; $globals->api->hmac_algo
+; Algorithm to use for HMAC-based authentication of API requests. Note that this
+; value is shared with clients, and must be changed in all places at once.
+hmac_algo = "sha256"
+
+; $globals->api->timestamp_tolerance
+; Maximum number of seconds of drift allowed between the client-side UNIX clock
+; and the server-side clock. This should be big enough to also allow for network
+; latency, but not too high, to limit replay opportunities.
+timestamp_tolerance = 10
+
+
 ; The banana section contains the configuration of the forums.
 [Banana]
 
@@ -214,6 +229,7 @@ gmaps_hl = "fr"
 ; Default location preference.
 gmaps_gl = "fr"
 
+
 ; The lists section contains parameters used to interact with mailman.
 [Lists]
 
plat/al