commit 46408ec089e4c4ae1ef5632ed332621ea61e9a04
parent a4500669a7c50c1fb7c853c7ff64381b7f7ba7fd
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Mon, 23 Jun 2025 11:43:31 +0200
more API fixes
Diffstat:
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/core/api-merchant.rst b/core/api-merchant.rst
@@ -1205,7 +1205,15 @@ Setting up instances
.. http:post:: [/instances/$INSTANCE]/private/token
- **Required permission:** ``instances-token-write``
+ Retrieve an access token for the merchant API for instance
+ ``$INSTANCE```.
+ When accessed with a Bearer token for authentication, the token
+ must have scope ```token-refresh`` and the requested scope must be a subset
+ of the scope of the token.
+ When accessed with Basic authentication the instance password must be provided
+ along with ``$INSTANCE`` as username.
+
+ **Required permission:** ``token-refresh`` if accessed using a Bearer token.
**Request:**
@@ -1260,7 +1268,7 @@ Setting up instances
.. http:get:: [/instances/$INSTANCE]/private/tokens
- Retrieve a subset of tokens.
+ Retrieve a list of issued access tokens for ``$INSTANCE``.
@since **vTOKENS**
@@ -1323,9 +1331,11 @@ Setting up instances
serial: Integer;
}
-.. http:delete:: [/instances/$INSTANCE]/private/tokens/$ID
+.. http:delete:: [/instances/$INSTANCE]/private/tokens/$SERIAL
+
+ Delete a token for ``$INSTANCE`` API access by its ```$SERIAL``.
+
- Delete a token by its serial.
@since **vTOKENS**
**Required permission**: ``tokens-write``
@@ -1333,11 +1343,13 @@ Setting up instances
**Response:**
:http:statuscode:`204 No content`:
- The access token used to authorize this request was revoked.
+ Token deleted.
:http:statuscode:`401 Unauthorized`:
Invalid or missing credentials.
:http:statuscode:`403 Forbidden`:
Missing permission.
+ :http:statuscode:`404 Not found`:
+ The token was not found.
.. http:delete:: [/instances/$INSTANCE]/private/token
