diff options
author | Pius Loosli <loosp2@bfh.ch> | 2023-10-16 15:49:56 +0200 |
---|---|---|
committer | Pius Loosli <loosp2@bfh.ch> | 2023-10-16 15:49:56 +0200 |
commit | 34beb9b3ffb08a7e68508a6465ba9ef57a785684 (patch) | |
tree | 3f407f924959e12ff494cbd59d3ddc85730fc4b5 | |
parent | b68c6b2843d40f3db6a5176d1aeeef55345463b7 (diff) | |
download | docs-34beb9b3ffb08a7e68508a6465ba9ef57a785684.tar.gz docs-34beb9b3ffb08a7e68508a6465ba9ef57a785684.tar.bz2 docs-34beb9b3ffb08a7e68508a6465ba9ef57a785684.zip |
Donau: Authorization for charity administration
-rw-r--r-- | core/api-donau.rst | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/core/api-donau.rst b/core/api-donau.rst index 02cc77f4..b181fe38 100644 --- a/core/api-donau.rst +++ b/core/api-donau.rst @@ -480,6 +480,8 @@ Inspired by the Taler exchange :ref:`Deposit<deposit-par>`. Charity administration and status information --------------------------------------------- +The administration requests require an authorized bearer token to be set in the HTTP "Authorization" Header. This token can be set by a proxy validating authentication/authorization (using e.g. LDAP). + .. http:GET:: /charities return all charities @@ -543,7 +545,7 @@ Charity administration and status information .. http:POST:: /charities - Add a charity + Add a charity. Only allowed if the request comes with the administrator bearer token. **Request:** `CharityRequest` @@ -554,6 +556,9 @@ Charity administration and status information :http:statuscode:`201 Created`: The request was successful, and the response is a `CharityResponse`. + :http:statuscode: `403 Forbidden`: + The request did not contain an accepted administrator bearer token in it's header. + .. ts:def:: CharityRequest interface CharityRequest{ @@ -571,30 +576,29 @@ Charity administration and status information .. http:PATCH:: /charities/{id} - Modify a charity + Modify a charity. Only allowed if the request comes with the administrator bearer token. **Request:** `CharityRequest` - FIXME: Authentication... - **Response:** :http:statuscode:`200 OK`: The request was successful. + :http:statuscode: `403 Forbidden`: + The request did not contain an accepted administrator bearer token in it's header. .. http:DELETE:: /charities/{id} - Delete (or deactivate) a charity. + Delete (or deactivate) a charity. Only allowed if the request comes with the administrator bearer token. **Request:** - FIXME: Authentication... - **Response:** :http:statuscode:`200 OK`: The request was successful. - + :http:statuscode: `403 Forbidden`: + The request did not contain an accepted administrator bearer token in it's header.
\ No newline at end of file |