JMAP J.M. Baum, Ed. Internet-Draft H.J. Happel, Ed. Intended status: Standards Track audriga Expires: 22 August 2024 19 February 2024 JMAP REST Mapping draft-ietf-jmap-rest-00 Abstract This document specifies a REST Mapping for JMAP endpoints to impose fewer requirements on applications compared to conventional JMAP endpoints. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 22 August 2024. Copyright Notice Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Baum & Happel Expires 22 August 2024 [Page 1] Internet-Draft JMAP REST February 2024 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Conventions Used In This Document . . . . . . . . . . . . 2 1.2. Addition to the capabilities object . . . . . . . . . . . 2 1.2.1. urn:ietf:params:jmap:rest . . . . . . . . . . . . . . 3 1.3. Addition to the Session Resource . . . . . . . . . . . . 3 2. Changes to structured data exchange . . . . . . . . . . . . . 3 3. Example: Endpoint supporting using and accountId as URL Parameters . . . . . . . . . . . . . . . . . . . . . . . 4 4. Security considerations . . . . . . . . . . . . . . . . . . . 5 5. IANA considerations . . . . . . . . . . . . . . . . . . . . . 5 5.1. JMAP Capability registration for "rest" . . . . . . . . . 5 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 7. Normative References . . . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 1. Introduction Structured data exchange over JMAP [RFC8620] usually involves processing JMAP Request JSON payloads. This might impose unnecessary requirements for certain use cases of JMAP. Likely scenarios in which this is beneficiary are situations in which portability needs to be provided due to regulatory requirements or when migrating user data away from legacy platforms. For rapid development of a JMAP API, the essential properties of the Request object can instead be implemented as a URI. 1.1. Conventions Used In This Document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. The definitions of JSON keys and datatypes in the document follow the conventions described in the core JMAP specification [RFC8620]. 1.2. Addition to the capabilities object The capabilities object is returned as part of the JMAP Session object; see [RFC8620], Section 2. This document defines one additional capability URI. Baum & Happel Expires 22 August 2024 [Page 2] Internet-Draft JMAP REST February 2024 1.2.1. urn:ietf:params:jmap:rest The capability urn:ietf:params:jmap:rest being present in the "capabilities" property represents support for the simplified JMAP REST API. The value of this property in the JMAP Session capabilities property and the account's accountCapabilities property is an empty object. 1.3. Addition to the Session Resource The JMAP Session Resource will be extended by the following property: * *apiUrlRest*: String The URL to use for JMAP API requests. THE URL MUST contain the variable methodCall, the name of the method to call as defined in [RFC8620] Section 3.2. For example, Mailbox/get. One MAY specify additional variables here, also those specific to a JMAP method like using, ids or accountId. Only properties that are a subset of the types String, Number, Boolean and arrays (as defined in [RFC8620] Section 1.1) can be referenced as variables. All values of arrays MUST also be of a type that is a subset of String, Number, Boolean or Id. For properties that are arrays, the value is a comma-separated list of values in the array. An example property of type array is the using property: using=urn%3A ietf%3Aparams%3Ajmap%3Acontacts,urn%3Aietf%3Aparams%3Ajmap%3Acore. The required variables MAY be implemented as query parameters to avoid routing logic as a requirement. 2. Changes to structured data exchange Clients make API Requests by issuing authenticated POST requests to the API resource, defined by the _apiUrlRest_ property of the Session object. The request typically consists of a single JSON-encoded Request object, as defined in [RFC8620] Section 3.3. Requests with a JSON body MUST be of type application/json. The response MUST be of type application/json and typically consists of a single Response object, as defined in [RFC8620] Section 3.4. Properties referenced via variables in the apiUrlRest property MAY be omitted by clients in the POST request body. If all properties of a method call can be supplied as URL parameters, the methodCalls property ([RFC7540] Section 3.3) can be omitted completely in the Baum & Happel Expires 22 August 2024 [Page 3] Internet-Draft JMAP REST February 2024 request. Clients issuing an API request for which all properties of the request can be supplied as URL parameters MAY omit the application/json type and the whole JSON body. The method call id in the Invocation object of JMAP Responses to JMAP REST requests SHOULD be set to empty string. JMAP allows to batch multiple method calls in a single request by default by specifying them as multiple Invocations inside the methodCalls property. When using JMAP REST requests, this is no longer possible. Servers MAY support HTTP/2 multiplexing instead ([RFC7540] Section 5) to improve performance in that scenario. 3. Example: Endpoint supporting using and accountId as URL Parameters Example value in the Session Object: { ... "capabilities": { ..., "urn:ietf:params:jmap:rest": {} }, "apiUrlRest": "https://jmap.me/api/ ?using=&accountId=" } For the example, we chose ContactCard/get as the method call. Request: POST /api/ContactCard/get/? using=urn%3Aietf%3Aparams%3Ajmap%3Acontacts, urn%3Aietf%3Aparams%3Ajmap%3Acore& accountId=u7339402f Host: jmap.me Accept: application/json Response: Baum & Happel Expires 22 August 2024 [Page 4] Internet-Draft JMAP REST February 2024 HTTP/2 200 OK Content-Type: application/json Location: https://jmap.me/api/ContactCard/get/? using=urn%3Aietf%3Aparams%3Ajmap%3Acontacts, urn%3Aietf%3Aparams%3Ajmap%3Acore& accountId=u7339402f { "methodResponses" : [ [ "ContactCard/get", { "accountId" : "u7339402f", "list" : [ { "id": "123-12345", "addressBookId": "22294", ... } ], "notFound" : [], "state" : "62" }, "" ] ], "sessionState" : "" } 4. Security considerations All security considerations of JMAP [RFC8620] apply to this specification. The values of URL parameters SHOULD not contain sensitive data, as requested URLs are typically visible to third parties. Place sensitive data in HTTP bodies instead. 5. IANA considerations 5.1. JMAP Capability registration for "rest" IANA is requested to register the "rest" JMAP Capability as follows: Capability Name: urn:ietf:params:jmap:rest Specification document: this document Baum & Happel Expires 22 August 2024 [Page 5] Internet-Draft JMAP REST February 2024 Intended use: common Change Controller: IETF Security and privacy considerations: this document, Section 4. 6. Acknowledgements Bron Gondwana, Neil Jenkins, Alexey Melnikov, Ken Murchison, Robert Stepanek and the JMAP working group at the IETF. 7. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC7540] Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext Transfer Protocol Version 2 (HTTP/2)", RFC 7540, DOI 10.17487/RFC7540, May 2015, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8620] Jenkins, N. and C. Newman, "The JSON Meta Application Protocol (JMAP)", RFC 8620, DOI 10.17487/RFC8620, July 2019, . Authors' Addresses Joris Baum (editor) audriga Alter Schlachthof 57 76137 Karlsruhe Germany Email: joris@audriga.com URI: https://www.audriga.com Hans-Joerg (editor) audriga Alter Schlachthof 57 76137 Karlsruhe Germany Email: hans-joerg@audriga.com Baum & Happel Expires 22 August 2024 [Page 6] Internet-Draft JMAP REST February 2024 URI: https://www.audriga.com Baum & Happel Expires 22 August 2024 [Page 7]