From: Jonathan Claudius Date: Wed, 11 Sep 2019 16:52:09 +0000 (-0400) Subject: no bug - First pass on truing up API documentation with a sec focus X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0dce7e1668959f9ee6f4bcab98dc342975e79c62;p=thirdparty%2Fbugzilla.git no bug - First pass on truing up API documentation with a sec focus --- diff --git a/docs/en/rst/api/core/v1/general.rst b/docs/en/rst/api/core/v1/general.rst index 61bdeeb60..8e70ace8c 100644 --- a/docs/en/rst/api/core/v1/general.rst +++ b/docs/en/rst/api/core/v1/general.rst @@ -100,13 +100,20 @@ To authenticate yourself, you will need to use API keys: **API Keys** -You can specify ``Bugzilla_api_key`` or simply ``api_key`` as an argument to -any call, and you will be logged in as that user if the key is correct and has -not been revoked. You can set up an API key by using the :ref:`API Keys tab ` in the +You can specify 'X-BUGZILLA-API-KEY' header with the API key as a value to +any request, and you will be authenticated as that user if the key is correct and has not been revoked. + +You can set up an API key by using the :ref:`API Keys tab ` in the Preferences pages. API keys may also be requested via :ref:`Authentication Delegation `. +**WARNING**: It should be noted that additional authentication methods exist, but they are **not recommended** for use and are likely to be deprecated in future versions of BMO, due to security concerns. These additional methods include the following: + + - username and password via ``Bugzilla_login`` and ``Bugzilla_password`` or simply ``login`` and ``password`` respectively in query parameters. + - username and password via ``X-BUGZILLA-LOGIN`` and ``X-BUGZILLA-PASSWORD`` headers respectively. + - api key via ``Bugzilla_api_key`` or simply ``api_key`` in query parameters. + Useful Parameters -----------------