summaryrefslogtreecommitdiffstats
path: root/docs/en
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2015-12-21 19:33:08 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2015-12-21 19:33:08 +0100
commitcd52bd09a83c1cdbe6aa58931def80444d30c5c2 (patch)
tree9b8f23c1d54cf12b1b77943f7799c60d0cb3d072 /docs/en
parentc80aed6e1576b31a353c0e32d96f56952ed4b339 (diff)
downloadbugzilla-cd52bd09a83c1cdbe6aa58931def80444d30c5c2.tar.gz
bugzilla-cd52bd09a83c1cdbe6aa58931def80444d30c5c2.tar.xz
Bug 1139755: Allow API authentication with X-Headers
Diffstat (limited to 'docs/en')
-rw-r--r--docs/en/rst/api/core/v1/general.rst15
1 files changed, 12 insertions, 3 deletions
diff --git a/docs/en/rst/api/core/v1/general.rst b/docs/en/rst/api/core/v1/general.rst
index 814592f58..ab6ad05e2 100644
--- a/docs/en/rst/api/core/v1/general.rst
+++ b/docs/en/rst/api/core/v1/general.rst
@@ -104,14 +104,14 @@ Some methods do not require you to log in. An example of this is
:ref:`rest_single_bug`. However, authenticating yourself allows you to see
non-public information, for example, a bug that is not publicly visible.
-There are two ways to authenticate yourself:
+There are several ways to authenticate yourself:
**API Keys**
You can specify ``Bugzilla_api_key`` or simply ``api_key`` as an argument to
any call, and you will be logged in as that user if the key is correct and has
-not been revoked. You can set up an API key by using the :ref:`API Keys tab <api-keys>` in the
-Preferences pages.
+not been revoked. You can set up an API key by using the :ref:`API Keys tab <api-keys>`
+in the Preferences pages.
API keys may also be requested via :ref:`Authentication Delegation <auth-delegation>`.
@@ -159,6 +159,15 @@ to get a new token.
Also starting with Bugzilla 5.0, login cookies are no longer returned by
:ref:`rest_user_login` due to security concerns.
+Alternatively, authentication credentials can be provided via one of the following headers:
+
+* X-BUGZILLA-LOGIN
+* X-BUGZILLA-PASSWORD
+* X-BUGZILLA-API-KEY
+* X-BUGZILLA-TOKEN
+
+Credentials passed as part of the query string take precedence over the header credentials.
+
Useful Parameters
-----------------