Remote wipe
This document provides a quick overview of the remote wipe API that should be used by clients to implement the remote wipe functionality. This will allow users to wipe a lost device for example.
Note that wiping only works when clients use the login flow so that a dedicated token is set for this client.
Obtaining wipe status
Once a client recieves a 401 or 403 status response it will do a fetch to <server>/index.php/core/wipe/check
and set the
token parameter to the apptoken.
curl https://cloud.example.com/index.php/core/wipe/check -X POST -d 'token=<TOKEN>'
In case the client gets back a 200 status code and a JSON array with wipe set to true like:
{
"wipe":true
}
then the client should proceed to wipe the device.
Wiping the actual device
- The client must remove all user data linked to the account. This includes:
caches
offline files
the actual account itself
Signalling completion
Once the client has wiped all the required data a POST to <server>/index.php/core/wipe/success
has to be made with the token.
This signals the server the wipe is completed and triggers the final cleanup on the server side.
curl https://cloud.example.com/index.php/core/wipe/success -X POST -d 'token=<TOKEN>'