| Internet-Draft | JMAP REST | November 2023 |
| Baum & Happel | Expires 13 May 2024 | [Page] |
- Workgroup:
- JMAP
- Internet-Draft:
- draft-baum-jmap-rest-01
- Published:
- Intended Status:
- Standards Track
- Expires:
JMAP REST Mapping
Abstract
This document specifies a REST Mapping for JMAP endpoints to impose fewer requirements on applications compared to conventional JMAP endpoints.¶
Status of This Memo
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 13 May 2024.¶
Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
1. Introduction
Structured data exchange over JMAP [RFC8620] usually involves processing JMAP Request JSON payloads. This might impose unnecessary requirements for certain use cases of JMAP. Likely scenarios in which this is beneficiary are situations in which portability needs to be provided due to regulatory requirements or when migrating user data away from legacy platforms.¶
For rapid development of a JMAP API, the essential properties of the Request object can instead be implemented as a URI.¶
1.1. Conventions Used In This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
The definitions of JSON keys and datatypes in the document follow the conventions described in the core JMAP specification [RFC8620].¶
1.2. Addition to the capabilities object
The capabilities object is returned as part of the JMAP Session object; see [RFC8620], Section 2. This document defines one additional capability URI.¶
1.2.1. urn:ietf:params:jmap:rest
The capability urn:ietf:params:jmap:rest being present in the "capabilities" property represents support for the simplified JMAP REST API.¶
The value of this property in the JMAP Session capabilities property and the account's accountCapabilities property is an empty object.¶
1.3. Addition to the Session Resource
The JMAP Session Resource will be extended by the following property:¶
-
apiUrlRest:
StringThe URL to use for JMAP API requests. THE URL MUST contain the variablemethodCall, the name of the method to call as defined in [RFC8620] Section 3.2. For example, Mailbox/get.¶One MAY specify additional variables here, also those specific to a JMAP method like
using,idsoraccountId. Only properties that are a subset of the typesString,Number,Booleanand arrays (as defined in [RFC8620] Section 1.1) can be referenced as variables.¶All values of arrays MUST also be of a type that is a subset of
String,Number,BooleanorId. For properties that are arrays, the value is a comma-separated list of values in the array. An example property of type array is the using property:using=urn%3Aietf%3Aparams%3Ajmap%3Acontacts,urn%3Aietf%3Aparams%3Ajmap%3Acore.¶
The required variables MAY be implemented as query parameters to avoid routing logic as a requirement.¶
2. Changes to structured data exchange
Clients make API Requests by issuing authenticated POST requests to the API resource, defined by the apiUrlRest property of the Session object.¶
The request typically consists of a single JSON-encoded Request object, as defined in [RFC8620] Section 3.3. Requests with a JSON body MUST be of type application/json. The response MUST be of type application/json and typically consists of a single Response object, as defined in [RFC8620] Section 3.4.¶
Properties referenced via variables in the apiUrlRest property MAY be omitted by clients in the POST request body. If all properties of a method call can be supplied as URL parameters, the methodCalls property ([RFC7540] Section 3.3) can be omitted completely in the request. Clients issuing an API request for which all properties of the request can be supplied as URL parameters MAY omit the application/json type and the whole JSON body.¶
The method call id in the Invocation object of JMAP Responses to JMAP REST requests SHOULD be set to empty string.¶
JMAP allows to batch multiple method calls in a single request by default by specifying them as multiple Invocations inside the methodCalls property. When using JMAP REST requests, this is no longer possible. Servers MAY support HTTP/2 multiplexing instead ([RFC7540] Section 5) to improve performance in that scenario.¶
3. Example: Endpoint supporting using and accountId as URL Parameters
Example value in the Session Object:¶
{
...
"capabilities": {
...,
"urn:ietf:params:jmap:rest": {}
},
"apiUrlRest": "https://jmap.me/api/<methodCall>
?using=<using>&accountId=<accountId>"
}
¶
For the example, we chose ContactCard/get as the method call.¶
Request:¶
POST /api/ContactCard/get/? using=urn%3Aietf%3Aparams%3Ajmap%3Acontacts, urn%3Aietf%3Aparams%3Ajmap%3Acore& accountId=u7339402f Host: jmap.me Accept: application/json¶
Response:¶
HTTP/2 200 OK
Content-Type: application/json
Location:
https://jmap.me/api/ContactCard/get/?
using=urn%3Aietf%3Aparams%3Ajmap%3Acontacts,
urn%3Aietf%3Aparams%3Ajmap%3Acore&
accountId=u7339402f
{
"methodResponses" : [
[
"ContactCard/get",
{
"accountId" : "u7339402f",
"list" : [
{
"id": "123-12345",
"addressBookId": "22294",
...
}
],
"notFound" : [],
"state" : "62"
},
""
]
],
"sessionState" : ""
}
¶
4. Security considerations
All security considerations of JMAP [RFC8620] apply to this specification.¶
The values of URL parameters SHOULD not contain sensitive data, as requested URLs are typically visible to third parties. Place sensitive data in HTTP bodies instead.¶
5. IANA considerations
5.1. JMAP Capability registration for "rest"
IANA is requested to register the "rest" JMAP Capability as follows:¶
Capability Name: urn:ietf:params:jmap:rest¶
Specification document: this document¶
Intended use: common¶
Change Controller: IETF¶
Security and privacy considerations: this document, Section 4.¶
6. Acknowledgements
Bron Gondwana, Neil Jenkins, Alexey Melnikov, Ken Murchison, Robert Stepanek and the JMAP working group at the IETF.¶
7. Normative References
- [RFC2119]
- Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.
- [RFC7540]
- Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext Transfer Protocol Version 2 (HTTP/2)", RFC 7540, DOI 10.17487/RFC7540, , <https://www.rfc-editor.org/info/rfc7540>.
- [RFC8174]
- Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/info/rfc8174>.
- [RFC8620]
- Jenkins, N. and C. Newman, "The JSON Meta Application Protocol (JMAP)", RFC 8620, DOI 10.17487/RFC8620, , <https://www.rfc-editor.org/info/rfc8620>.
