Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include account ID in authz/challenge URLs #7683

Open
aarongable opened this issue Aug 27, 2024 · 0 comments
Open

Include account ID in authz/challenge URLs #7683

aarongable opened this issue Aug 27, 2024 · 0 comments
Milestone
Sprint 2024-10-22

Comments

@aarongable
Copy link
Contributor

We plan to horizontally shard our database in the new future, directing data into shards based on shard keys. It's very likely that our shard key will include the registration ID of the account owning the order, authz, or challenge. However, our public-facing API URLs for authzs and challenges do not currently include the owning regID, so if we get a query for one of those objects, we won't know which shard to look it up in.

We should augment the URLs that we provide in our API responses to embed the account's regID in the paths for authz and challenge objects.

Proposed RESTful URL scheme:

  • /accts/{RegID}
  • /accts/{RegID}/orders/{OrderID}
  • /accts/{RegID}/authzs/{AuthzID}
  • /accts/{RegID}/authzs/{AuthzID}/challs/{ChallStringID}

Alternate scheme (pro: less disruptive; cons: less obvious)

  • /acme/acct/{RegID} (no change)
  • /acme/order/{RegID}/{OrderID} (no change)
  • /acme/authz/{RegID}/{AuthzID}
  • /acme/chall/{RegID}/{AuthzID}/{ChallStringID}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Sprint 2024-10-22
Development

No branches or pull requests
3 participants
@jsha @aarongable @beautifulentropy