diff options
Diffstat (limited to 'core/api-sync.rst')
-rw-r--r-- | core/api-sync.rst | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/core/api-sync.rst b/core/api-sync.rst index 50cde653..52415071 100644 --- a/core/api-sync.rst +++ b/core/api-sync.rst @@ -212,15 +212,13 @@ Receiving Terms of Service for example due to concurrent activities from other accounts on the same account! - The request must also include an "Sync-Signature" signing + The request MUST also include an "Sync-Signature" signing the "If-Match" SHA-512 value and the SHA-512 hash of the body with the account private key. - Finally, the SHA-512 hash of the body must also be given in an - "Etag" header of the request (so that the signature can be verified - before the upload is allowed to proceed). We note that the use - of "ETag" in HTTP requests is non-standard, but in this case - logical. + Finally, the SHA-512 hash of the body MUST also be given in an + "If-None-Match" header of the request (so that the signature can be verified + before the upload is allowed to proceed). The uploaded body must have at least 32 bytes of payload (see suggested upload format beginning with an ephemeral key). |