Internet-Draft JMAP REST November 2023
Baum & Happel Expires 13 May 2024 [Page]
Workgroup:
JMAP
Internet-Draft:
draft-baum-jmap-rest-01
Published:
Intended Status:
Standards Track
Expires:
Authors:
J.M. Baum, Ed.
audriga
H.J. Happel, Ed.
audriga

JMAP REST Mapping

Abstract

This document specifies a REST Mapping for JMAP endpoints to impose fewer requirements on applications compared to conventional JMAP endpoints.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 13 May 2024.

Table of Contents

1. Introduction

Structured data exchange over JMAP [RFC8620] usually involves processing JMAP Request JSON payloads. This might impose unnecessary requirements for certain use cases of JMAP. Likely scenarios in which this is beneficiary are situations in which portability needs to be provided due to regulatory requirements or when migrating user data away from legacy platforms.

For rapid development of a JMAP API, the essential properties of the Request object can instead be implemented as a URI.

1.1. Conventions Used In This Document

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

The definitions of JSON keys and datatypes in the document follow the conventions described in the core JMAP specification [RFC8620].

1.2. Addition to the capabilities object

The capabilities object is returned as part of the JMAP Session object; see [RFC8620], Section 2. This document defines one additional capability URI.

1.2.1. urn:ietf:params:jmap:rest

The capability urn:ietf:params:jmap:rest being present in the "capabilities" property represents support for the simplified JMAP REST API.

The value of this property in the JMAP Session capabilities property and the account's accountCapabilities property is an empty object.

1.3. Addition to the Session Resource

The JMAP Session Resource will be extended by the following property:

  • apiUrlRest: String The URL to use for JMAP API requests. THE URL MUST contain the variable methodCall, the name of the method to call as defined in [RFC8620] Section 3.2. For example, Mailbox/get.

    One MAY specify additional variables here, also those specific to a JMAP method like using, ids or accountId. Only properties that are a subset of the types String, Number, Boolean and arrays (as defined in [RFC8620] Section 1.1) can be referenced as variables.

    All values of arrays MUST also be of a type that is a subset of String, Number, Boolean or Id. For properties that are arrays, the value is a comma-separated list of values in the array. An example property of type array is the using property: using=urn%3Aietf%3Aparams%3Ajmap%3Acontacts,urn%3Aietf%3Aparams%3Ajmap%3Acore.

The required variables MAY be implemented as query parameters to avoid routing logic as a requirement.

2. Changes to structured data exchange

Clients make API Requests by issuing authenticated POST requests to the API resource, defined by the apiUrlRest property of the Session object.

The request typically consists of a single JSON-encoded Request object, as defined in [RFC8620] Section 3.3. Requests with a JSON body MUST be of type application/json. The response MUST be of type application/json and typically consists of a single Response object, as defined in [RFC8620] Section 3.4.

Properties referenced via variables in the apiUrlRest property MAY be omitted by clients in the POST request body. If all properties of a method call can be supplied as URL parameters, the methodCalls property ([RFC7540] Section 3.3) can be omitted completely in the request. Clients issuing an API request for which all properties of the request can be supplied as URL parameters MAY omit the application/json type and the whole JSON body.

The method call id in the Invocation object of JMAP Responses to JMAP REST requests SHOULD be set to empty string.

JMAP allows to batch multiple method calls in a single request by default by specifying them as multiple Invocations inside the methodCalls property. When using JMAP REST requests, this is no longer possible. Servers MAY support HTTP/2 multiplexing instead ([RFC7540] Section 5) to improve performance in that scenario.

3. Example: Endpoint supporting using and accountId as URL Parameters

Example value in the Session Object:

{
  ...
  "capabilities": {
    ...,
    "urn:ietf:params:jmap:rest": {}
  },
  "apiUrlRest": "https://jmap.me/api/<methodCall>
    ?using=<using>&accountId=<accountId>"
}

For the example, we chose ContactCard/get as the method call.

Request:

POST /api/ContactCard/get/?
 using=urn%3Aietf%3Aparams%3Ajmap%3Acontacts,
 urn%3Aietf%3Aparams%3Ajmap%3Acore&
 accountId=u7339402f
Host: jmap.me
Accept: application/json

Response:

HTTP/2 200 OK
Content-Type: application/json
Location:
 https://jmap.me/api/ContactCard/get/?
 using=urn%3Aietf%3Aparams%3Ajmap%3Acontacts,
 urn%3Aietf%3Aparams%3Ajmap%3Acore&
 accountId=u7339402f

{
   "methodResponses" : [
      [
         "ContactCard/get",
         {
            "accountId" : "u7339402f",
            "list" : [
               {
                "id": "123-12345",
                "addressBookId": "22294",
                ...
               }
            ],
            "notFound" : [],
            "state" : "62"
         },
         ""
      ]
   ],
   "sessionState" : ""
}

4. Security considerations

All security considerations of JMAP [RFC8620] apply to this specification.

The values of URL parameters SHOULD not contain sensitive data, as requested URLs are typically visible to third parties. Place sensitive data in HTTP bodies instead.

5. IANA considerations

5.1. JMAP Capability registration for "rest"

IANA is requested to register the "rest" JMAP Capability as follows:

Capability Name: urn:ietf:params:jmap:rest

Specification document: this document

Intended use: common

Change Controller: IETF

Security and privacy considerations: this document, Section 4.

6. Acknowledgements

Bron Gondwana, Neil Jenkins, Alexey Melnikov, Ken Murchison, Robert Stepanek and the JMAP working group at the IETF.

7. Normative References

[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.
[RFC7540]
Belshe, M., Peon, R., and M. Thomson, Ed., "Hypertext Transfer Protocol Version 2 (HTTP/2)", RFC 7540, DOI 10.17487/RFC7540, , <https://www.rfc-editor.org/info/rfc7540>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/info/rfc8174>.
[RFC8620]
Jenkins, N. and C. Newman, "The JSON Meta Application Protocol (JMAP)", RFC 8620, DOI 10.17487/RFC8620, , <https://www.rfc-editor.org/info/rfc8620>.

Authors' Addresses

Joris Baum (editor)
audriga
Alter Schlachthof 57
76137 Karlsruhe
Germany
URI: https://www.audriga.com
Hans-Joerg (editor)
audriga
Alter Schlachthof 57
76137 Karlsruhe
Germany
URI: https://www.audriga.com