Internet DRAFT - draft-baum-jmap-rest
draft-baum-jmap-rest
JMAP J.M. Baum, Ed.
Internet-Draft H.J. Happel, Ed.
Intended status: Standards Track audriga
Expires: 13 May 2024 10 November 2023
JMAP REST Mapping
draft-baum-jmap-rest-01
Abstract
This document specifies a REST Mapping for JMAP endpoints to impose
fewer requirements on applications compared to conventional JMAP
endpoints.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 13 May 2024.
Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Baum & Happel Expires 13 May 2024 [Page 1]
Internet-Draft JMAP REST November 2023
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Conventions Used In This Document . . . . . . . . . . . . 2
1.2. Addition to the capabilities object . . . . . . . . . . . 2
1.2.1. urn:ietf:params:jmap:rest . . . . . . . . . . . . . . 3
1.3. Addition to the Session Resource . . . . . . . . . . . . 3
2. Changes to structured data exchange . . . . . . . . . . . . . 3
3. Example: Endpoint supporting using and accountId as URL
Parameters . . . . . . . . . . . . . . . . . . . . . . . 4
4. Security considerations . . . . . . . . . . . . . . . . . . . 5
5. IANA considerations . . . . . . . . . . . . . . . . . . . . . 5
5.1. JMAP Capability registration for "rest" . . . . . . . . . 5
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6
7. Normative References . . . . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction
Structured data exchange over JMAP [RFC8620] usually involves
processing JMAP Request JSON payloads. This might impose unnecessary
requirements for certain use cases of JMAP. Likely scenarios in
which this is beneficiary are situations in which portability needs
to be provided due to regulatory requirements or when migrating user
data away from legacy platforms.
For rapid development of a JMAP API, the essential properties of the
Request object can instead be implemented as a URI.
1.1. Conventions Used In This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
The definitions of JSON keys and datatypes in the document follow the
conventions described in the core JMAP specification [RFC8620].
1.2. Addition to the capabilities object
The capabilities object is returned as part of the JMAP Session
object; see [RFC8620], Section 2. This document defines one
additional capability URI.
Baum & Happel Expires 13 May 2024 [Page 2]
Internet-Draft JMAP REST November 2023
1.2.1. urn:ietf:params:jmap:rest
The capability urn:ietf:params:jmap:rest being present in the
"capabilities" property represents support for the simplified JMAP
REST API.
The value of this property in the JMAP Session capabilities property
and the account's accountCapabilities property is an empty object.
1.3. Addition to the Session Resource
The JMAP Session Resource will be extended by the following property:
* *apiUrlRest*: String The URL to use for JMAP API requests. THE
URL MUST contain the variable methodCall, the name of the method
to call as defined in [RFC8620] Section 3.2. For example,
Mailbox/get.
One MAY specify additional variables here, also those specific to
a JMAP method like using, ids or accountId. Only properties that
are a subset of the types String, Number, Boolean and arrays (as
defined in [RFC8620] Section 1.1) can be referenced as variables.
All values of arrays MUST also be of a type that is a subset of
String, Number, Boolean or Id. For properties that are arrays,
the value is a comma-separated list of values in the array. An
example property of type array is the using property: using=urn%3A
ietf%3Aparams%3Ajmap%3Acontacts,urn%3Aietf%3Aparams%3Ajmap%3Acore.
The required variables MAY be implemented as query parameters to
avoid routing logic as a requirement.
2. Changes to structured data exchange
Clients make API Requests by issuing authenticated POST requests to
the API resource, defined by the _apiUrlRest_ property of the Session
object.
The request typically consists of a single JSON-encoded Request
object, as defined in [RFC8620] Section 3.3. Requests with a JSON
body MUST be of type application/json. The response MUST be of type
application/json and typically consists of a single Response object,
as defined in [RFC8620] Section 3.4.
Properties referenced via variables in the apiUrlRest property MAY be
omitted by clients in the POST request body. If all properties of a
method call can be supplied as URL parameters, the methodCalls
property ([RFC7540] Section 3.3) can be omitted completely in the
Baum & Happel Expires 13 May 2024 [Page 3]
Internet-Draft JMAP REST November 2023
request. Clients issuing an API request for which all properties of
the request can be supplied as URL parameters MAY omit the
application/json type and the whole JSON body.
The method call id in the Invocation object of JMAP Responses to JMAP
REST requests SHOULD be set to empty string.
JMAP allows to batch multiple method calls in a single request by
default by specifying them as multiple Invocations inside the
methodCalls property. When using JMAP REST requests, this is no
longer possible. Servers MAY support HTTP/2 multiplexing instead
([RFC7540] Section 5) to improve performance in that scenario.
3. Example: Endpoint supporting using and accountId as URL Parameters
Example value in the Session Object:
{
...
"capabilities": {
...,
"urn:ietf:params:jmap:rest": {}
},
"apiUrlRest": "https://jmap.me/api/<methodCall>
?using=<using>&accountId=<accountId>"
}
For the example, we chose ContactCard/get as the method call.
Request:
POST /api/ContactCard/get/?
using=urn%3Aietf%3Aparams%3Ajmap%3Acontacts,
urn%3Aietf%3Aparams%3Ajmap%3Acore&
accountId=u7339402f
Host: jmap.me
Accept: application/json
Response:
Baum & Happel Expires 13 May 2024 [Page 4]
Internet-Draft JMAP REST November 2023
HTTP/2 200 OK
Content-Type: application/json
Location:
https://jmap.me/api/ContactCard/get/?
using=urn%3Aietf%3Aparams%3Ajmap%3Acontacts,
urn%3Aietf%3Aparams%3Ajmap%3Acore&
accountId=u7339402f
{
"methodResponses" : [
[
"ContactCard/get",
{
"accountId" : "u7339402f",
"list" : [
{
"id": "123-12345",
"addressBookId": "22294",
...
}
],
"notFound" : [],
"state" : "62"
},
""
]
],
"sessionState" : ""
}
4. Security considerations
All security considerations of JMAP [RFC8620] apply to this
specification.
The values of URL parameters SHOULD not contain sensitive data, as
requested URLs are typically visible to third parties. Place
sensitive data in HTTP bodies instead.
5. IANA considerations
5.1. JMAP Capability registration for "rest"
IANA is requested to register the "rest" JMAP Capability as follows:
Capability Name: urn:ietf:params:jmap:rest
Specification document: this document
Baum & Happel Expires 13 May 2024 [Page 5]
Internet-Draft JMAP REST November 2023
Intended use: common
Change Controller: IETF
Security and privacy considerations: this document, Section 4.
6. Acknowledgements
Bron Gondwana, Neil Jenkins, Alexey Melnikov, Ken Murchison, Robert
Stepanek and the JMAP working group at the IETF.
7. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext
Transfer Protocol Version 2 (HTTP/2)", RFC 7540,
DOI 10.17487/RFC7540, May 2015,
<https://www.rfc-editor.org/info/rfc7540>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8620] Jenkins, N. and C. Newman, "The JSON Meta Application
Protocol (JMAP)", RFC 8620, DOI 10.17487/RFC8620, July
2019, <https://www.rfc-editor.org/info/rfc8620>.
Authors' Addresses
Joris Baum (editor)
audriga
Alter Schlachthof 57
76137 Karlsruhe
Germany
Email: joris@audriga.com
URI: https://www.audriga.com
Hans-Joerg (editor)
audriga
Alter Schlachthof 57
76137 Karlsruhe
Germany
Email: hans-joerg@audriga.com
Baum & Happel Expires 13 May 2024 [Page 6]
Internet-Draft JMAP REST November 2023
URI: https://www.audriga.com
Baum & Happel Expires 13 May 2024 [Page 7]