Skip to content

Commit

Permalink
pkp/pkp-lib#9320 document API authorization header issue
Browse files Browse the repository at this point in the history
  • Loading branch information
@kaitlinnewson @ewhanson
kaitlinnewson authored and ewhanson committed Nov 29, 2024
1 parent df9c9b2 commit 8167efb
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion docs/dev/swagger-source.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@
{
"name": "Authentication",
"x-traitTag": true,
"description": "Only authenticated users can access the REST API endpoints. Authentication can be done with cookies or by using the API token.\n\n## Cookies\n\nCookie-based authentication can be used when you are making a request from the same domain name as the application. When a request is made from the user's browser, the browser will send the cookies to the server.\n\nA CSRF token must be sent with every `POST`, `PUT` or `DELETE` request when using cookie-based authentication. Read more about the [CSRF Token](https://docs.pkp.sfu.ca/dev/ui-library/dev/#/pages/csrf).\n\n## API Token\n\n> The `apiToken` will not validate if the `api_secret_key` setting has not been set in the application's `config.inc.php` file.\n\nYour API token can be found by going to **User Profile > API Key** in the application. Add the API Token in an `Authorization` header with every request made to the API.\n\n```\nAuthorization: Bearer eyJ0e...6vJU\n```\n\n"
"description": "Only authenticated users can access the REST API endpoints. Authentication can be done with cookies or by using the API token.\n\n## Cookies\n\nCookie-based authentication can be used when you are making a request from the same domain name as the application. When a request is made from the user's browser, the browser will send the cookies to the server.\n\nA CSRF token must be sent with every `POST`, `PUT` or `DELETE` request when using cookie-based authentication. Read more about the [CSRF Token](https://docs.pkp.sfu.ca/dev/ui-library/dev/#/pages/api#csrf-token).\n\n## API Token\n\n> The `apiToken` will not validate if the `api_secret_key` setting has not been set in the application's `config.inc.php` file.\n\nYour API token can be found by going to **User Profile > API Key** in the application. Add the API Token in an `Authorization` header with every request made to the API.\n\n```\nAuthorization: Bearer eyJ0e...6vJU\n```\n\n## Connection Issues\n\n In some Apache configurations, [the Authorization Header may be stripped](https://github.com/pkp/pkp-lib/issues/9320). Additional server configuration may be necessary for Apache to pass the `Authorization` header to PHP."
},
{
"name": "Pagination",
Expand Down

0 comments on commit 8167efb

Please sign in to comment.