commit 7f22691a4a9901d07632e16e50cef606037a0360
parent c71fb99262d0792313092fca2f354e04813b9e76
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 22 Jun 2025 00:05:29 +0200
actual version was v19, not v42
Diffstat:
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/core/api-merchant.rst b/core/api-merchant.rst
@@ -102,7 +102,7 @@ Currently, the ``/private/auth/`` API supports two main authentication methods i
* ``external``: With this method, no checks are done by the merchant backend.
Instead, a reverse proxy / API gateway must do all authentication/authorization checks.
-* ``token`` (**v42**): With this method, the client must provide a ``Authorization: Bearer $TOKEN``
+* ``token`` (**v19**): With this method, the client must provide a ``Authorization: Bearer $TOKEN``
header when accessing a protected endpoint, where ``$TOKEN`` is an authentication token
retrieved from the ``/private/token`` endpoint using basic authorization.
A login token is valid only for a limited period of time and can be used by clients to avoid storing the
@@ -129,13 +129,13 @@ Access tokens can be requested with a (limiting) scope. Available scopes and the
* ``readonly``: ``*-read`` -- Access to APIs using ``GET`` requests is always allowed.
* ``write`` (*deprecated*): See ``admin``.
-* ``admin``: ``*`` -- General access to all APIs and endpoints. (Since **v42**)
-* ``order-simple``: ``orders-read``, ``orders-write`` -- Allows the creation of orders and checking of payment status. (Since **v42**)
-* ``order-pos``: ``orders-read``, ``orders-write``, ``inventory-lock`` -- Same as ``order-simple`` and allows inventory locking. (Since **v42**)
-* ``order-mgmt``: ``orders-read``, ``orders-write``, ``orders-refund`` -- Same as ``order-simple`` and also allows refunding. (Since **v42**)
-* ``order-full``: ``orders-read``, ``orders-write``, ``inventory-lock``, ``orders-refund`` -- Same ``order-pos`` and ``order-mgmt`` combined. (Since **v42**)
+* ``admin``: ``*`` -- General access to all APIs and endpoints. (Since **v19**)
+* ``order-simple``: ``orders-read``, ``orders-write`` -- Allows the creation of orders and checking of payment status. (Since **v19**)
+* ``order-pos``: ``orders-read``, ``orders-write``, ``inventory-lock`` -- Same as ``order-simple`` and allows inventory locking. (Since **v19**)
+* ``order-mgmt``: ``orders-read``, ``orders-write``, ``orders-refund`` -- Same as ``order-simple`` and also allows refunding. (Since **v19**)
+* ``order-full``: ``orders-read``, ``orders-write``, ``inventory-lock``, ``orders-refund`` -- Same ``order-pos`` and ``order-mgmt`` combined. (Since **v19**)
-Since **v42** the scope may be suffixed with ``:refreshable``, e.g. ``order-pos:refreshable``.
+Since **v19** the scope may be suffixed with ``:refreshable``, e.g. ``order-pos:refreshable``.
This allows the token to be refreshed at the token endpoint.
This behaviour replaces the deprecated ``refreshable`` field in the `LoginTokenRequest`.
@@ -1182,7 +1182,7 @@ Setting up instances
// "token": (deprecated) The merchant checks an auth token.
// See "token" for details.
// See "token" for details.
- // Since v42: APIs use login tokens retrieved from the /private/token
+ // Since **v19**: APIs use login tokens retrieved from the /private/token
// endpoint.
// See "password" for details.
method: "external" | "token";
@@ -1194,7 +1194,7 @@ Setting up instances
// header.
token?: string;
- // Since v42: For method "token", this field is mandatory.
+ // Since **v19**: For method "token", this field is mandatory.
// Authentication against the /private/token endpoint
// is done using basic authentication with the configured password
// in the "password" field. Tokens are passed to other endpoints for
@@ -1230,7 +1230,8 @@ Setting up instances
duration?: RelativeTime;
// Can this token be refreshed?
- // Defaults to false. Deprecated since v42. Use ":refreshable" scope prefix instead.
+ // Defaults to false. Deprecated since **v19**.
+ // Use ":refreshable" scope prefix instead.
refreshable?: boolean;
}
