In my earlier post on this subject, I gave a brief overview of the Known API. I hope people found this useful.

Anyway, it is the nature of development that things change, and recently I pushed a patch that fixed a couple of potential security issues. I won’t bore you with the details, except to say that this might well have an effect on how you use the API.

Sessions are destroyed after page display

In the older instance of the API, once you had authenticated, HMAC validation was short circuited and you were treated as logged in on subsequent requests (provided you remembered to store cookies). This was really a workaround to handle the way that Known would forward you to a created object after creation, and since this was a new URL, you’d need a new HMAC, but the 302 would happen before you could generate one.

Now, you are only logged in for the duration of the page visit, and sessions are destroyed after the page has been sent. Each request must now be individually signed.

Which brings us to the next big change..

No more automatic forwards

Because each page request must be individually signed, it is no longer possible to forward you automatically to the created object. It is also no longer necessary for you to configure CURL to automatically handle 302 responses.

Instead, if you’re making an API request, instead of forwarding, Known will return some JSON containing a location for your next GET request, e.g.:

This also gives room for extension.



The other week, I wrote about introducing SQLite support to Known.

Seemingly, I was on a role, and because a client asked me to look in to Postgres support for a separate project, I thought I’d have a crack at implementing support for Known, which I’m glad has been merged in.

This turns out to have been useful to a bunch of folk, for which I am glad.


Postgres support is still in Beta, and MySQL is still the recommended database engine, so currently installation is a bit of a manual process.

First, you need to make sure you’ve got Postgres support built in to PHP:

Then, you need to modify your config.ini

Once you’ve done that, you need to install the schema, which currently needs to be done from the command line.

Assuming you got no errors, you should now be good to go!