docs: update typos and formatting
This commit is contained in:
rr-
parent
12b751f066
commit
141abf15c9
1 changed files with 18 additions and 18 deletions
24
API.md
24
API.md
|
|
@ -99,11 +99,11 @@
|
|||
|
||||
Authentication is achieved by means of [basic HTTP
|
||||
auth](https://en.wikipedia.org/wiki/Basic_access_authentication) or through the
|
||||
use of [user token authentication](#user-token-authentication). For this reason,
|
||||
it is recommended to connect through HTTPS. There are no sessions, so every
|
||||
privileged request must be authenticated. Available privileges depend on the
|
||||
user's rank. The way how rank translates to privileges is defined in the server's
|
||||
configuration.
|
||||
use of [user token authentication](#user-token-authentication). For this
|
||||
reason, it is recommended to connect through HTTPS. There are no sessions, so
|
||||
every privileged request must be authenticated. Available privileges depend on
|
||||
the user's rank. The way how rank translates to privileges is defined in the
|
||||
server's configuration.
|
||||
|
||||
It is recommended to add `?bump-login` GET parameter to the first request in a
|
||||
client "session" (where the definition of a session is up to the client), so
|
||||
|
|
@ -114,8 +114,8 @@ that the user's last login time is kept up to date.
|
|||
User token authentication works similarly to [basic HTTP
|
||||
auth](https://en.wikipedia.org/wiki/Basic_access_authentication). Because it
|
||||
operates similarly to ***basic HTTP auth*** it is still recommended to connect
|
||||
through HTTPS. The authorization header uses the type of Token and the username
|
||||
and token are encoded as Base64 and sent as the second parameter.
|
||||
through HTTPS. The authorization header uses the type of `Token` and the
|
||||
username and token are encoded as Base64 and sent as the second parameter.
|
||||
|
||||
Example header for user1:token-is-more-secure
|
||||
```
|
||||
|
|
@ -123,9 +123,9 @@ Authorization: Token dXNlcjE6dG9rZW4taXMtbW9yZS1zZWN1cmU=
|
|||
```
|
||||
|
||||
The benefit of token authentication is that beyond the initial login to acquire
|
||||
the first token, there is no need to transmit the user password in plaintext via
|
||||
basic auth. Additionally tokens can be revoked at anytime allowing a cleaner
|
||||
interface for isolating clients from user credentials.
|
||||
the first token, there is no need to transmit the user password in plaintext
|
||||
via basic auth. Additionally tokens can be revoked at anytime allowing a
|
||||
cleaner interface for isolating clients from user credentials.
|
||||
|
||||
## Basic requests
|
||||
|
||||
|
|
@ -1511,7 +1511,7 @@ data.
|
|||
|
||||
- **Description**
|
||||
|
||||
Searches for users tokens for the currently logged in user.
|
||||
Searches for user tokens for the given user.
|
||||
|
||||
## Creating a user token
|
||||
- **Request**
|
||||
|
|
@ -1538,7 +1538,7 @@ data.
|
|||
|
||||
- **Description**
|
||||
|
||||
Creates a new user token that can be used for authentication of api
|
||||
Creates a new user token that can be used for authentication of API
|
||||
endpoints instead of a password.
|
||||
|
||||
## Updating a user token
|
||||
|
|
|
|||
Reference in a new issue