commit 554f0f89ae0f421d1deff7a75715de2b25a2435f
parent 65ff207d2a7a856417a1175f1088bea88b555341
Author: Iván Ávalos <avalos@disroot.org>
Date: Fri, 1 Aug 2025 12:42:55 +0200
api-merchant: add Bearer prefix
Diffstat:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/api-merchant.rst b/core/api-merchant.rst
@@ -101,7 +101,7 @@ Currently, the ``/private/auth/`` API supports two main authentication methods i
Instead, a reverse proxy / API gateway must do all authentication/authorization checks.
* ``token`` (**@since v19**): With this method, the client must provide an authorization header
that contains a bearer token when accessing a protected endpoint in the form
- ``Authorization: secret-token:$TOKEN``.
+ ``Authorization: Bearer secret-token:$TOKEN``.
``$TOKEN`` is an authentication token retrieved from the ``/private/token`` endpoint using basic authorization.
The respective username is the instance ``$ID``, and the password the instance password (``$INSTANCE_PASSWORD``).
A login token is commonly only valid for a limited period of time and scoped to specific permissions.
