deaddrop can be used from a program by using the API. This documentation will explain how to create an integration with deaddrop for machine to machine communication.
The API will change in the future and customers who have notified sysctl that they using the API will get notification before upgrades or changes in the API to ensure their software can be upgraded in time before the changes are deployed.
To use the API a user with the API role must be created. The API user will use basic auth to authenticate with deaddrop. The users must still have a email address as username and a mobile number when creating the account. The mobile number must not be a real number but use the correct format. After the account has been created must the API key be set for the user.
The user can be created with the following commands:
/opt/sysctl/deaddrop/admscripts/add_account.pl api@sysctl.se 46123456789 api
htpasswd -bBC6 /var/deaddrop/html/api\@sysctl.se/.htpasswd api@sysctl.se API_KEY
It is possible to do different tasks, like sending a file to a receiver or permit a contact to use deaddrop for a limited time. It is also possible to get the history etc. All data except the file upload and download will use the JSON format.
Removing a contact is the same function as when adding contacts, it is a list of new contacts. To remove all contacts, just send and empty JSON array “[]”
Removing a contact as a receiver is the same function as when adding contacts as a receiver, it is a list of contacts. To remove all contacts as receivers, just send and empty JSON array “[]”
The CSRF token is accessible from a http response when sending a GET to a users index page. The value from the hidden input-tag "csrftoken" is the CSRF token that is needed for all CGI requests See the example of the input field below with CSRF-token in bold font.
<input type="hidden" id="csrftoken" name="csrftoken" value="1dJMRBNRMacGnfRzhpgda7Sq7eU=">
This value needs to be used in ALL CGI requests.
Don’t forget the trailing slash in the URL.
Request
GET https://deaddrop.sysctl.se/apiuser@sysctl.se/
Response
index html code which include the CSRF token
curl -u apiuser@sysctl.se:apipassword https://deaddrop.sysctl.se/apiuser@sysctl.se/
> GET /apiuser@sysctl.se/ HTTP/1.1
> Authorization: Basic YXBpdXNlckBzeXNjdGwuc2U6YXBpcGFzc3dvcmQ=
> Host: deaddrop.sysctl.se
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Wed, 11 Oct 2017 00:30:57 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000
< Content-Security-Policy: default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; child-src 'self'; object-src 'self';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-UA-Compatible: IE=edge
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, must-revalidate
< Expires: 0
< Pragma: no-cache
< Content-Length: 34287
< Content-Type: text/html; charset=utf-8
<
< <!DOCTYPE html>
< <html lang='en'>
< <head>
< ...
< ...
< </footer>
< <input type="hidden" id="refreshed" value="no"><input type="hidden" id="csrftoken" name="csrftoken" value="1dJMRBNRMacGnfRzhpgda7Sq7eU="></body></html>
Before adding a contact, one needs to verify that the contact does not already exist. Adding a contact fails if it already exists.
Request
GET https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/contacts_read.cgi
Response
json dictonary with arrays of local and global contact objects or empty arrays if no contacts exists
curl -u apiuser@sysctl.se:apipassword -H "CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=" https://deaddrop.domain.se:443/apiuser@sysctl.se/cgi/contacts_read.cgi
> GET /apiuser@sysctl.se/cgi/contacts_read.cgi HTTP/1.1
> Authorization: Basic YXBpdXNlckBzeXNjdGwuc2U6YXBpcGFzc3dvcmQ=
> Host: deaddrop.sysctl.se
> Accept: */*
> CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=
>
< HTTP/1.1 200 OK
< Date: Sat, 14 Oct 2017 03:17:09 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000
< Content-Security-Policy: default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; child-src 'self'; object-src 'self';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-UA-Compatible: IE=edge
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, must-revalidate
< Expires: 0
< Pragma: no-cache
< Content-Length: 105
< Content-Type: application/json; charset=utf-8
<
<{"local":[{"email":"contact@sysctl.se","number":"123456789","language":"en","groups":["sysctl"],"nick":"contact"}],"global":[]}
To send a file to a receiver at least one contact is needed, the contacts can be the receivers of the file. A contact can also be used to allow temporary use of deaddrop functionality for a limited time.
Request
POST https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/contacts_add.cgi
POST data: json array with contact
Response
json object with status code
curl -u apiuser@sysctl.se:apipassword -H "CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=" -H "Content-Type: application/json" -X POST -d '[{"email":"contact@sysctl.se","number":"123456789","language":"en","groups":["sysctl"],"nick":"contact"}]' https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/contacts_add.cgi
> POST /apiuser@sysctl.se/cgi/contacts_add.cgi HTTP/1.1
> Authorization: Basic YXBpdXNlckBzeXNjdGwuc2U6YXBpcGFzc3dvcmQ=
> Host: deaddrop.sysctl.se
> Accept: */*
> CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=
> Content-Type: application/json
> Content-Length: 105
>
> [{"email":"contact@sysctl.se","number":"123456789","language":"en","groups":["sysctl"],"nick":"contact"}]
>
< HTTP/1.1 200 OK
< Date: Wed, 11 Oct 2017 00:52:02 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000
< Content-Security-Policy: default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; child-src 'self'; object-src 'self';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-UA-Compatible: IE=edge
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, must-revalidate
< Expires: 0
< Pragma: no-cache
< Content-Length: 15
< Content-Type: application/json; charset=utf-8
<
< {"status":"ok"}
To send a file to a receiver a contact must be added as a receiver. One or many contacts can be receivers.
Request
POST https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/receivers_set.cgi
POST data: array with receiver(s)
Response
object with status code
curl -u apiuser@sysctl.se:apipassword -H "CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=" -H "Content-Type: application/json" -X POST -d '[{"email":"contact@sysctl.se","number":"123456789","language":"en","groups":["sysctl"],"nick":"contact"}]' https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/receivers_set.cgi
> POST /apiuser@sysctl.se/cgi/receivers_set.cgi HTTP/1.1
> Authorization: Basic YXBpdXNlckBzeXNjdGwuc2U6YXBpcGFzc3dvcmQ=
> Host: deaddrop.sysctl.se
> Accept: */*
> CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=
> Content-Type: application/json
> Content-Length: 105
>
> [{"email":"contact@sysctl.se","number":"123456789","language":"en","groups":["sysctl"],"nick":"contact"}]
>
< HTTP/1.1 200 OK
< Date: Wed, 11 Oct 2017 08:05:46 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000
< Content-Security-Policy: default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; child-src 'self'; object-src 'self';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-UA-Compatible: IE=edge
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, must-revalidate
< Expires: 0
< Pragma: no-cache
< Content-Length: 15
< Content-Type: application/json; charset=utf-8
<
< {"status":"ok"}
To get ithe list of all the files that has been uploaded. This will also create the server side list of uploaded files, which are required before a file can be shared.
Request
GET https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/get_files.cgi
Response
json array of objects or empty array if no file exists
curl -u apiuser@sysctl.se:apipassword -H "CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=" https://deaddrop.domain.se:443/apiuser@sysctl.se/cgi/get_files.cgi
> GET /testuser@sysctl.se/cgi/get_files.cgi HTTP/1.1
> Authorization: Basic YXBpdXNlckBzeXNjdGwuc2U6YXBpcGFzc3dvcmQ=
> Host: deaddrop.sysctl.se
> Accept: */*
> CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=
>
< HTTP/1.1 200 OK
< Date: Wed, 03 Oct 2018 19:48:00 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000
< Content-Security-Policy: default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; child-src 'self'; object-src 'self';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-UA-Compatible: IE=edge
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, must-revalidate
< Expires: 0
< Pragma: no-cache
< Content-Length: 71
< Content-Type: application/json; charset=utf-8
<
< [{"name":"gigfile","type":"application/octet-stream","size":"1.07 GB"}]
To delete a file, get the uploaded files list and remove a file by using the filename as argument in the get request.
Request
GET https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/remove_file.cgi?filename=gigfile
Response
json status
curl -u apiuser@sysctl.se:apipassword -H "CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=" https://deaddrop.domain.se:443/apiuser@sysctl.se/cgi/remove_file.cgi?filename=gigfile
> GET /testuser@sysctl.se/cgi/remove_file.cgi?filename=gigfile HTTP/1.1
> Authorization: Basic YXBpdXNlckBzeXNjdGwuc2U6YXBpcGFzc3dvcmQ=
> Host: deaddrop.sysctl.se
> Accept: */*
> CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=
>
< HTTP/1.1 200 OK
< Date: Wed, 03 Oct 2018 19:48:00 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000
< Content-Security-Policy: default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; child-src 'self'; object-src 'self';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-UA-Compatible: IE=edge
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, must-revalidate
< Expires: 0
< Pragma: no-cache
< Content-Length: 20
< Content-Type: application/json; charset=utf-8
<
< {"status":"deldone"}
One or more files can be uploaded to deaddrop and in the next step be shared to receivers The upload is using multipart/form-data
Request
POST https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/upload.cgi
do=upload
file data
Response
json object with status code
curl -u apiuser@sysctl.se:apipassword -H "CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=" -F do=upload -F file=@/var/deaddrop/html/favicon.png https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/upload.cgi
> POST /apiuser@sysctl.se/cgi/upload.cgi HTTP/1.1
> Authorization: Basic YXBpdXNlckBzeXNjdGwuc2U6YXBpcGFzc3dvcmQ=
> Host: deaddrop.sysctl.se
> Accept: */*
> CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=
> Content-Length: 2756
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=----------------------------9be544cb78fe
>
> data of file
>
< HTTP/1.1 100 Continue
< HTTP/1.1 200 OK
< Date: Wed, 11 Oct 2017 18:55:54 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000
< Content-Security-Policy: default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; child-src 'self'; object-src 'self';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-UA-Compatible: IE=edge
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, must-revalidate
< Expires: 0
< Pragma: no-cache
< Transfer-Encoding: chunked
< Content-Type: application/json; charset=utf-8
<
< {"status":"done"}
Create deaddrop will send receivers list with the uploaded file(s) together with the post data to the backend. The backend will create download pages for all receivers.
Request
POST https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/createdeaddrop.cgi
{"desttime":1,"ddmessage":"You have received this mail because you are allowed to download protected files delivered by the deaddrop service"}
Response
json object with status code
curl -u apiuser@sysctl.se:apipassword -H "CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=" -H "Content-Type: application/json" -X POST -d '{"desttime":1,"ddmessage":"You have received this mail because you are allowed to download protected files delivered by the deaddrop service"}' https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/createdeaddrop.cgi
> POST /apiuser@sysctl.se/cgi/createdeaddrop.cgi HTTP/1.1
> Authorization: Basic YXBpdXNlckBzeXNjdGwuc2U6YXBpcGFzc3dvcmQ=
> Host: deaddrop.sysctl.se
> Accept: */*
> CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=
> Content-Type: application/json
> Content-Length: 142
>
> {"desttime":1,"ddmessage":"You have received this mail because you are allowed to download protected files delivered by the deaddrop service"}
>
< HTTP/1.1 200 OK
< Date: Wed, 11 Oct 2017 19:03:42 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000
< Content-Security-Policy: default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; child-src 'self'; object-src 'self';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-UA-Compatible: IE=edge
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, must-revalidate
< Expires: 0
< Pragma: no-cache
< Content-Length: 15
< Content-Type: application/json; charset=utf-8
<
< {"status":"ok"}
Get the history of created deaddrops (shared files) and to get a list of files that can be downloaded
Request
GET https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/get_history.cgi
Response
json object with status code
curl -u apiuser@sysctl.se:apipassword -H "CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=" https://deaddrop.domain.se:443/apiuser@sysctl.se/cgi/get_history.cgi
> GET /testuser@sysctl.se/cgi/get_history.cgi HTTP/1.1
> Authorization: Basic YXBpdXNlckBzeXNjdGwuc2U6YXBpcGFzc3dvcmQ=
> Host: deaddrop.sysctl.se
> Accept: */*
> CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=
> Content-Type: application/json
>
< HTTP/1.1 200 OK
< Date: Wed, 03 Oct 2018 20:56:49 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000
< Content-Security-Policy: default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; child-src 'self'; object-src 'self';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-UA-Compatible: IE=edge
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, must-revalidate
< Expires: 0
< Pragma: no-cache
< Content-Length: 1452
< Content-Type: application/json; charset=utf-8
<
< {"history":[{"deaddrop_type":"downloadfiles","create_time":"1538593281","ttl":"1","receivers":[{"email":"contact@sysctl.se","language":"en","number":"123456789","groups":["sysctl"],"nick":"contact"}],"ddmessage":"You have received this mail because you are allowed to download protected files delivered by the deaddrop service","sender":{"email":"testuser@sysctl.se","number":"46733755989","lang":"sv","first_run":"false","accountType":"perm","change_passwd":"false","settings":{"show_number":"true","show_email":"true","show_lang":"false","show_nick":"true"}},"files":[{"name": "favicon.png", "settings":"[]"}]},{"deaddrop_type":"downloadfiles","create_time":"1538600193","ttl":"1","receivers":[{"email":"testuser@sysctl.se","language":"en","number":"124456789","name":"","groups":["sysctl"],"nick":"testuser"}],"ddmessage":"You have received this mail because you are allowed to download protected files delivered by the deaddrop service","sender":{"email":"testuser@sysctl.se","number":"46733755989","lang":"sv","first_run":"false","accountType":"perm","change_passwd":"false","settings":{"show_number":"true","show_email":"true","show_lang":"false","show_nick":"true"}},"files":[{"name": "exfat.jpg", "settings":"[]"}]}],"live_deaddrops":"1","inbox":[{"ttl":"1","createtime":"1538600197","sender":"testuser@sysctl.se","files":[{"name":"exfat.jpg","settings":"[]"}],"url":"9e025a8b12526ef0eb0f79348abe9342c4cd107a909ddb4cea7ae44ff69890f8"}]}
To download a file the JSON data from “get history” must be parsed to get the correct url. This is explained in the data format section.
Request
GET https://deaddrop.sysctl.se/apiuser@sysctl.se/9e025a8b12526ef0eb0f79348abe9342c4cd107a909ddb4cea7ae44ff69890f8/files/exfat.jpg
Response
json status
curl -o exfat.jpg -u apiuser@sysctl.se:apipassword -H "CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=" https://deaddrop.domain.se:443/apiuser@sysctl.se/9e025a8b12526ef0eb0f79348abe9342c4cd107a909ddb4cea7ae44ff69890f8/files/exfat.jpg
> GET /testuser@sysctl.se/9e025a8b12526ef0eb0f79348abe9342c4cd107a909ddb4cea7ae44ff69890f8/files/exfat.jpg HTTP/1.1
> Authorization: Basic YXBpdXNlckBzeXNjdGwuc2U6YXBpcGFzc3dvcmQ=
> Host: deaddrop.sysctl.se
> Accept: */*
> CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=
>
< HTTP/1.1 200 OK
< Date: Wed, 03 Oct 2018 19:48:00 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000
< Content-Security-Policy: default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; child-src 'self'; object-src 'self';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-UA-Compatible: IE=edge
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, must-revalidate
< Expires: 0
< Pragma: no-cache
< Content-Length: 20
< Content-Type: application/json; charset=utf-8
<
< [data not shown]
deaddrop use json objects and arrays for data communication
| key | value | example |
|---|---|---|
| “email”:”contact@sysctl.se” | ||
| number | number | “number”:”123456789” |
| language | string | “language”:”en” |
| groups | array of strings | “groups”:[“group1”,”group2”] |
| nick | string | “nick”:”nickname” |
{"email":"contact@sysctl.se","number":"123456789","language":"en","groups":["sysctl"],"nick":"contact"}
{"email":"contact@sysctl.se","number":"123456789","language":"en","groups":["sysctl"],"nick":"contact"}
| key | value | example |
|---|---|---|
| desttime | number | “desttime”:1 |
| ddmessage | string | “ddmessage”:”hello world” |
{"desttime":1,"ddmessage":"You have received this mail because you are allowed to download protected files delivered by the deaddrop service"}
Response message will be change in the future to be more strict
{"status":"done"}
{"status":"deldone"}
{"status":"ok"}
{
"history": [{
"deaddrop_type": "downloadfiles",
"create_time": "1538593281",
"ttl": "1",
"receivers": [{
"email": "contact@sysctl.se",
"language": "en",
"number": "123456789",
"groups": ["sysctl"],
"nick": "contact"
}],
"ddmessage": "You have received this mail because you are allowed to download protected files delivered by the deaddrop service",
"sender": {
"email": "testuser@sysctl.se",
"number": "46733755989",
"lang": "sv",
"first_run": "false",
"accountType": "perm",
"change_passwd": "false",
"settings": {
"show_number": "true",
"show_email": "true",
"show_lang": "false",
"show_nick": "true"
}
},
"files": [{
"name": "favicon.png",
"settings": "[]"
}]
}, {
"deaddrop_type": "downloadfiles",
"create_time": "1538600193",
"ttl": "1",
"receivers": [{
"email": "testuser@sysctl.se",
"language": "en",
"number": "124456789",
"name": "",
"groups": ["sysctl"],
"nick": "testuser"
}],
"ddmessage": "You have received this mail because you are allowed to download protected files delivered by the deaddrop service",
"sender": {
"email": "testuser@sysctl.se",
"number": "46733755989",
"lang": "sv",
"first_run": "false",
"accountType": "perm",
"change_passwd": "false",
"settings": {
"show_number": "true",
"show_email": "true",
"show_lang": "false",
"show_nick": "true"
}
},
"files": [{
"name": "exfat.jpg",
"settings": "[]"
}]
}],
"live_deaddrops": "1",
"inbox": [{
"ttl": "1",
"createtime": "1538600197",
"sender": "testuser@sysctl.se",
"files": [{
"name": "exfat.jpg",
"settings": "[]"
}],
"url": "9e025a8b12526ef0eb0f79348abe9342c4cd107a909ddb4cea7ae44ff69890f8"
}]
}
The history part of the json message is an array that shows all deaddrop that has been created
The live_deaddrop is a number of active downloads that exists
The inbox is an array of metadata for every file that can be downloaded.
To download a file specified in the inbox:
example:
https://deaddrop.sysctl.se/testuser@sysctl.se/9e025a8b12526ef0eb0f79348abe9342c4cd107a909ddb4cea7ae44ff69890f8/files/exfat.jpg
The request must include a valid CSRF token.
© Copyright sysctl Aktiebolag 2013-2023. All rights reserved