HTTP Based Phonon Inbox Design

# HTTP Based Phonon Inbox Design ## What is a phonon inbox? With the change of direction to a messaged based protocol, the Phonon Protocol allows for phonons to be sent and received asynchronously. To create a phonon transfer packet, a sender requires the recipient's phonon's card public identity key and a nonce. Once created, the sender must also known where the recipient wishes the transfer packet to be sent to. A phonon inbox serves three main functions 1. provide the details required to construct a phonon transfer packet for a particular recipient 2. receive and store phonon transfer packets 3. provide phonon transfer packets to their recipients when requested ## Assumptions - A phonon transfer packet can only contain a single phonon ## Authentication Possibly implement HMAC authentication which requires each request's content to be hashed and signed with a valid phonon card identity key. The authorization signature could include - request method. (e.g. "GET or "POST") - request url - nonce (e.g. using unix timestamp value) - request body (JSON format no white space) An authorization token could then be `<card certificate>:<authorization signature>` ## Endpoints ### Register (POST /register) Request Body ``` { username: string cardCount: number } ``` Success Response ``` { success: true } ``` ### Request Slot (POST /slot) - The sender may wish to send multiple phonons that should be associated with the same transaction so they are able to request the number of counts they require. Request Body ``` { username: string countsRequired: number } ``` Success Response ``` { slotId: string expiryTimestamp: number publicIdentityKey: string counts: number[] } ``` ### Fill Slot (POST /slot) Request Body ``` { slotId: string packets: string[] } ``` Success Response ``` { success: true } ``` ### Consume Next Packet (GET /packet) Request Body ``` {} ``` Success Response ``` { packet: string } ``` ### Mark as Consumed (DEL /slot) - Card may return a signature confirming a packet was successfully consumed. Request Body ``` { signature: string } ``` Success Response ``` { success: true } ```