Domain Verification Protocol makes domain name verification as easy as verifying an email address or telephone number
Edit on GitLab

Salt Store Specification

This document specifies version 1 of Domain Verification Salt Stores.

URL

The URL of the salt store must only respond over HTTPS, HTTP requests must fail and not redirect.

Method

Requests should be made using the HTTP POST method.

Parameters

  • token - a Service Provider’s authorised token
  • saltId - the ID of the salt being looked up

Responses

The Salt Store should return a JSON object and a HTTP status code. The status returned must match those listed below.

Success

The JSON object for a succesful lookup must return 200 status and include at least the key salt with the salt string returned as the value of this key. Other data may be returned depending on implementation:

{ "salt" : "X"}

Failure

The JSON objects returned for error are suggestions and may vary depending on implementation.

No Token

If the token is not provided, return a 401 status and the following JSON:

{"error": "No token, not authorised"}

Token Not Found or Not Authorised

If the token is not found or not authorised, return 401 status and the following JSON: json {"error": "Token not authorised"}

No Salt

If the saltId is not provided, return a 400 status and the following JSON:

{"error": "No saltId"}

Example Salt

If the saltId provided is the example given in any documentation, return a 404 status and the following JSON:

{"error": "Salt not found, this salt ID is only used for examples"}

Salt Not Found

If the saltId provided is not found in the Salt Store, return a 404 status and the following JSON:

{"error": "Salt not found"}