Phillip Pearson - web + electronics notes

tech notes and web hackery from a new zealander who was vaguely useful on the web back in 2002 (see: python community server, the blogging ecosystem, the new zealand coffee review, the internet topic exchange).


Pownce API - it exists, it's just not yet 'open'

Pownce does have an API, it's just not public or official. You can see how it works by snooping on comms from the desktop app to In the grand tradition of reverse engineering on this blog (see: xmlStorageSystem, Salon Blogs hacking), here are the endpoints I can access. Mr Twitterific appears to have figured it out, too. I don't have the time to delve in further, but hopefully this can be a good starting point for someone else to build a proper client, or perhaps an encouragement for Pownce to make the whole thing public.

GET /api/available/

→ returns a 200 OK response with no content.

GET /api/login/
Authorization: Basic base64(login ':' password)

→ returns a Set-Cookie header with a session ID, and a chunk of XML with a <login/> element. The important part here is the 'token' attribute, which will be used as the WSSE password from now on. (You wouldn't believe how much of a pain this was to figure out - a complete needle in the haystack.)

POST /api/notes/for/username/
Content-Type: application/x-www-urlencoded

auth=url-encoded WSSE UsernameToken, with your username in the Username field and the content of the login/@token attribute from the /api/login/ call used as a password

→ returns an Atom feed of recent posts visible by username.

POST /api/notes/
Content-Type: application/x-www-urlencoded

auth=WSSE UsernameToken, as above
note_body=message content

→ posts a new message. Here's an example public message.

... more like this: []