|
|
@ -16,6 +16,8 @@
|
|
|
|
Federation API
|
|
|
|
Federation API
|
|
|
|
==============
|
|
|
|
==============
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
{{unstable_warning_block_SERVER_RELEASE_LABEL}}
|
|
|
|
|
|
|
|
|
|
|
|
Matrix homeservers use the Federation APIs (also known as server-server APIs)
|
|
|
|
Matrix homeservers use the Federation APIs (also known as server-server APIs)
|
|
|
|
to communicate with each other. Homeservers use these APIs to push messages to
|
|
|
|
to communicate with each other. Homeservers use these APIs to push messages to
|
|
|
|
each other in real-time, to retrieve historic messages from each other, and to
|
|
|
|
each other in real-time, to retrieve historic messages from each other, and to
|
|
|
@ -78,6 +80,7 @@ Other versions of this specification
|
|
|
|
The following other versions are also available, in reverse chronological order:
|
|
|
|
The following other versions are also available, in reverse chronological order:
|
|
|
|
|
|
|
|
|
|
|
|
- `HEAD <https://matrix.org/docs/spec/server_server/unstable.html>`_: Includes all changes since the latest versioned release.
|
|
|
|
- `HEAD <https://matrix.org/docs/spec/server_server/unstable.html>`_: Includes all changes since the latest versioned release.
|
|
|
|
|
|
|
|
- `r0.1.1 <https://matrix.org/docs/spec/server_server/r0.1.1.html>`_
|
|
|
|
- `r0.1.0 <https://matrix.org/docs/spec/server_server/r0.1.0.html>`_
|
|
|
|
- `r0.1.0 <https://matrix.org/docs/spec/server_server/r0.1.0.html>`_
|
|
|
|
|
|
|
|
|
|
|
|
Server discovery
|
|
|
|
Server discovery
|
|
|
@ -157,14 +160,14 @@ The process overall is as follows:
|
|
|
|
and a port of 8448, using a ``Host`` header of ``<delegated_hostname>``.
|
|
|
|
and a port of 8448, using a ``Host`` header of ``<delegated_hostname>``.
|
|
|
|
The target server must present a valid certificate for ``<delegated_hostname>``.
|
|
|
|
The target server must present a valid certificate for ``<delegated_hostname>``.
|
|
|
|
|
|
|
|
|
|
|
|
4. If the `/.well-known` request resulted in an error response, a server
|
|
|
|
4. If the ``/.well-known`` request resulted in an error response, a server
|
|
|
|
is found by resolving an SRV record for ``_matrix._tcp.<hostname>``. This
|
|
|
|
is found by resolving an SRV record for ``_matrix._tcp.<hostname>``. This
|
|
|
|
may result in a hostname (to be resolved using AAAA or A records) and
|
|
|
|
may result in a hostname (to be resolved using AAAA or A records) and
|
|
|
|
port. Requests are made to the resolved IP address and port, using 8448
|
|
|
|
port. Requests are made to the resolved IP address and port, using 8448
|
|
|
|
as a default port, with a ``Host`` header of ``<hostname>``. The target
|
|
|
|
as a default port, with a ``Host`` header of ``<hostname>``. The target
|
|
|
|
server must present a valid certificate for ``<hostname>``.
|
|
|
|
server must present a valid certificate for ``<hostname>``.
|
|
|
|
|
|
|
|
|
|
|
|
5. If the `/.well-known` request returned an error response, and the SRV
|
|
|
|
5. If the ``/.well-known`` request returned an error response, and the SRV
|
|
|
|
record was not found, an IP address is resolved using AAAA and A records.
|
|
|
|
record was not found, an IP address is resolved using AAAA and A records.
|
|
|
|
Requests are made to the resolved IP address using port 8448 and a ``Host``
|
|
|
|
Requests are made to the resolved IP address using port 8448 and a ``Host``
|
|
|
|
header containing the ``<hostname>``. The target server must present a
|
|
|
|
header containing the ``<hostname>``. The target server must present a
|
|
|
@ -220,12 +223,11 @@ server by querying other servers.
|
|
|
|
Publishing Keys
|
|
|
|
Publishing Keys
|
|
|
|
+++++++++++++++
|
|
|
|
+++++++++++++++
|
|
|
|
|
|
|
|
|
|
|
|
Homeservers publish the allowed TLS fingerprints and signing keys in a JSON
|
|
|
|
Homeservers publish their signing keys in a JSON
|
|
|
|
object at ``/_matrix/key/v2/server/{key_id}``. The response contains a list of
|
|
|
|
object at ``/_matrix/key/v2/server/{key_id}``. The response contains a list of
|
|
|
|
``verify_keys`` that are valid for signing federation requests made by the
|
|
|
|
``verify_keys`` that are valid for signing federation requests made by the
|
|
|
|
homeserver and for signing events. It contains a list of ``old_verify_keys`` which
|
|
|
|
homeserver and for signing events. It contains a list of ``old_verify_keys`` which
|
|
|
|
are only valid for signing events. Finally the response contains a list of TLS
|
|
|
|
are only valid for signing events.
|
|
|
|
certificate fingerprints to validate any connection made to the homeserver.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
{{keys_server_ss_http_api}}
|
|
|
|
{{keys_server_ss_http_api}}
|
|
|
|
|
|
|
|
|
|
|
|