Merge pull request #1044 from t3chguy/access_token_header

mention that we can send tokens via headers
2017-10-27 10:01:10 +01:00 · 2017-10-27 10:01:10 +01:00 · c7c08eaf0f
commit c7c08eaf0f
parent cc6b16b63c 9bd3711790
2 changed files with 3 additions and 2 deletions
--- a/changelogs/client_server.rst
+++ b/changelogs/client_server.rst
@ -50,6 +50,7 @@
    (`#894 <https://github.com/matrix-org/matrix-doc/pull/894>`_).
  - Add ``m.room.pinned_events`` state event for rooms.
    (`#1007 <https://github.com/matrix-org/matrix-doc/pull/1007>`_).
+  - Add mention of ability to send Access Token via an Authorization Header.

  - New endpoints:

--- a/specification/client_server_api.rst
+++ b/specification/client_server_api.rst
@ -171,8 +171,8 @@ Client Authentication

 Most API endpoints require the user to identify themselves by presenting
 previously obtained credentials in the form of an ``access_token`` query
-parameter. An access token is typically obtained via the `Login`_ or
-`Registration`_ processes.
+parameter or through an Authorization Header of ``Bearer $access_token``.
+An access token is typically obtained via the `Login`_ or `Registration`_ processes.

 When credentials are required but missing or invalid, the HTTP call will
 return with a status of 401 and the error code, ``M_MISSING_TOKEN`` or