wholetrans/docs-matrix-spec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Clarify that the Authorization header is preferred

Browse source
This commit is contained in:
Travis Ralston 2018-08-15 16:37:52 -06:00
parent b159f21857
commit ca87876f1b
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
specification/client_server_api.rst
View file

@ -207,6 +207,11 @@ support:
1. Via a query string parameter, ``access_token=TheTokenHere``.
#. Via a request header, ``Authorization: Bearer TheTokenHere``.
Clients are encouraged to use the ``Authorization`` header where possible
to prevent the access token being leaked in access/HTTP logs. The query
string should only be used in cases where the ``Authorization`` header is
unaccessible for the client.
When credentials are required but missing or invalid, the HTTP call will
return with a status of 401 and the error code, ``M_MISSING_TOKEN`` or
``M_UNKNOWN_TOKEN`` respectively.