Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

GET /v1/signatures/{file_path}

Return the current signature collection status of a file. Authorization is checked against the current global signers file, not the copy frozen at the file’s registration time; this keeps revocation semantics uniform across all authenticated endpoints.

Path parameters

file_path

Mirror-relative path to the file. Slashes are preserved (the route uses a catch-all parameter).

Request headers

Standard Asfaload authentication headers, signed by the caller’s secret key:

  • X-asfld-timestamp — Unix timestamp, seconds.
  • X-asfld-nonce — random nonce.
  • X-asfld-sig — Ed25519 signature over the canonical request string.
  • X-asfld-pk — caller’s public key.

Response

200 OK

{
  "file_path": "https/github.com/443/acme/repo/releases/tag/v1.0/asfaload.index.json",
  "is_complete": false
}

Fields:

  • file_path — normalized mirror-relative path to the file.
  • is_completetrue once the aggregate signature threshold has been met; false while signatures are still being collected.

Errors

  • 400 Bad Request — path is empty.
  • 401 Unauthorized — missing or invalid authentication headers.
  • 403 Forbidden — caller’s public key is not in the file’s current signers file.
  • 404 Not Found — no file exists at the given path, or no signers file could be located for it.
  • 500 Internal Server Error — backend failure (read, parse, or actor error).

Examples

Successful query

curl -sS 'http://127.0.0.1:3000/v1/signatures/https/github.com/443/acme/repo/releases/tag/v1.0/asfaload.index.json' \
  -H 'X-asfld-timestamp: 1712860800' \
  -H 'X-asfld-nonce: <random-nonce>' \
  -H 'X-asfld-sig: <base64-signature>' \
  -H 'X-asfld-pk: <base64-public-key>'

{"file_path":"https/github.com/443/acme/repo/releases/tag/v1.0/asfaload.index.json","is_complete":false}

Caller not an authorized signer

curl -sS -i 'http://127.0.0.1:3000/v1/signatures/https/github.com/443/acme/repo/releases/tag/v1.0/asfaload.index.json' \
  -H 'X-asfld-timestamp: 1712860800' \
  -H 'X-asfld-nonce: <random-nonce>' \
  -H 'X-asfld-sig: <base64-signature>' \
  -H 'X-asfld-pk: <base64-non-signer-public-key>'

HTTP/1.1 403 Forbidden