commit ced82b398c7ce1053f0de27d5e5299970068e3b6
parent 3f86f293ee5dddf8b7de161d306fc02bf688b813
Author: Christian Grothoff <grothoff@gnunet.org>
Date: Tue, 5 Sep 2023 15:49:50 +0200
start docs for #7793
Diffstat:
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/core/api-merchant.rst b/core/api-merchant.rst
@@ -99,12 +99,17 @@ Authentication
Each merchant instance has separate authentication settings for the private API resources
of that instance.
-Currently, the API supports two auth methods:
+Currently, the API supports two main authentication methods:
* ``external``: With this method, no checks are done by the merchant backend.
Instead, a reverse proxy / API gateway must do all authentication/authorization checks.
* ``token``: With this method, the client must provide a ``Authorization: Bearer $TOKEN``
- header, where ``$TOKEN`` is a secret authentication token configured for the instance.
+ header, where ``$TOKEN`` is a secret authentication token configured for the instance which must begin with the RFC 8959 prefix.
+
+Additionally, clients can send a **login token** which they may obtain from
+the ``/private/login`` endpoint. Such a login token is valid only for a
+limited period of time and can be used by clients to avoid storing the
+long-term login secrets from an authentication method.
-----------------
Configuration API
@@ -1004,6 +1009,9 @@ Setting up instances
}
+.. http:post:: [/instances/$INSTANCE]/private/login
+
+
.. http:patch:: /management/instances/$INSTANCE
.. http:patch:: [/instances/$INSTANCE]/private
