mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-07-02 14:34:31 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed some typos and grammar issues in documentation

Browse source
This commit is contained in:
Jan Böhmer 2024-02-23 13:56:23 +01:00
parent 20ee16e3c0
commit 5d68922f2e
11 changed files with 142 additions and 153 deletions
Download patch file Download diff file Expand all files Collapse all files

13
docs/api/authentication.md
View file

@ -11,15 +11,14 @@ To use API endpoints, the external application has to authenticate itself, so th
the data and which permissions
the application should have during the access. Authentication is always bound to a specific user, so the external
applications is acting on behalf of a
specific user. This user limits the permissions of the application, so that it can only access data, which the user is
specific user. This user limits the permissions of the application so that it can only access data, which the user is
allowed to access.
The only method currently available for authentication is to use API tokens:
## API tokens
An API token is a long alphanumeric string, which is bound to a specific user and can be used to authenticate as this
user, when accessing the API.
An API token is a long alphanumeric string, which is bound to a specific user and can be used to authenticate as this user when accessing the API.
The API token is passed via the `Authorization` HTTP header during the API request, like the
following: `Authorization: Bearer tcp_sdjfks....`.
@ -36,7 +35,7 @@ not access the API anymore with this token.
### Token permissions and scopes
API tokens are ultimately limited by the permissions of the user, which belongs to the token. That means that the token
can only access data, which the user is allowed to access, no matter the token permissions.
can only access data, that the user is allowed to access, no matter the token permissions.
But you can further limit the permissions of a token by choosing a specific scope for the token. The scope defines which
subset of permissions the token has, which can be less than the permissions of the user. For example, you can have a
@ -50,15 +49,15 @@ change anything in the database.
> Only use the full or admin scope, if you really need it, as they could potentially be used to do a lot of damage to
> your Part-DB instance.
Following token scopes are available:
The following token scopes are available:
* **Read-Only**: The token can only read non-sensitive data (like parts, but no users or groups) from the API and can
not change anything.
* **Edit**: The token can read and write non-sensitive data via the API. This includes creating, updating and deleting
data. This should be enough for most applications.
* **Admin**: The token can read and write all data via the API, including sensitive data like users and groups. This
should only be used for trusted applications, which need to access sensitive data, and perform administrative actions.
* **Full**: The token can do anything the user can do, including changing the users password and create new tokens. This
should only be used for trusted applications, which need to access sensitive data and perform administrative actions.
* **Full**: The token can do anything the user can do, including changing the user's password and creating new tokens. This
should only be used for highly trusted applications!!
Please note, that in early versions of the API, there might be no endpoints yet, to really perform the actions, which