Neat Apps 29 Jan 2008 04:48 pm

Pownce Unpublished Protocol

Pownce is a neat little app. It let’s you share note, files, etc. with friends. It’s an early adopter of AIR and a great example of web/desktop integration (webtop?). Pownce comes with a REST API, but the documentation left out a big chuck of the API, mostly related to user login and retrieving private data. After sniff its HTTP traffic, here is what I found,

  • Authentication: Pownce currently uses basic HTTP authentication. Just hit http://pownce.com/login and supply a valid user name/password. It will return a ATOM XML document with all the current user information.
  • Presence: Ping http://pownce.com/available every thirty seconds to let Pownce know your client is still active.
  • Private feed: Once the user is authenticated, subscribe an ATOM feed reader to http://pownce.com/notes/for/<username>.
  • Publish content: POST to http://pownce.com/notes with parameters note_type and note_to. There are more parameters depending which type of messages you are sending, but I`m tired of writing.

That`s it for the protocol. One interesting thing I found was that the file upload limit is only enforced on the client side, which means you could upload whatever file size you want until the server craps out. The protocol is very simple and efficient, but the security really sucks.

Need to bring your Flex project up to speed? Zee Yang is a freelance Flex developer with deep understanding of architecture and user experience. You can reach him at zee.yang@gmail.com.

Comments (1)

One Response to “Pownce Unpublished Protocol”

  1. on 29 Jan 2008 at 5:55 pm 1.Leah Culver said …

    The file size limit is enforced by the webserver and the client. The client checks the limit to give a nice error message.

Trackback This Post | Subscribe to the comments through RSS Feed

Leave a Reply