Commit 5d1b616e authored by Nick Thomas's avatar Nick Thomas

Update API documentation to mention rails session cookies

[ci skip]
parent 48d563a3
...@@ -55,11 +55,12 @@ The following documentation is for the [internal CI API](ci/README.md): ...@@ -55,11 +55,12 @@ The following documentation is for the [internal CI API](ci/README.md):
## Authentication ## Authentication
All API requests require authentication via a token. There are three types of tokens All API requests require authentication via a session cookie or token. There are
available: private tokens, OAuth 2 tokens, and personal access tokens. three types of tokens available: private tokens, OAuth 2 tokens, and personal
access tokens.
If a token is invalid or omitted, an error message will be returned with If authentication information is invalid or omitted, an error message will be
status code `401`: returned with status code `401`:
```json ```json
{ {
...@@ -98,6 +99,13 @@ that needs access to the GitLab API. ...@@ -98,6 +99,13 @@ that needs access to the GitLab API.
Once you have your token, pass it to the API using either the `private_token` Once you have your token, pass it to the API using either the `private_token`
parameter or the `PRIVATE-TOKEN` header. parameter or the `PRIVATE-TOKEN` header.
### Session cookie
When signing in to GitLab as an ordinary user, a `_gitlab_session` cookie is
set. The API will use this cookie for authentication if it is present, but using
the API to generate a new session cookie is currently not supported.
## Basic Usage ## Basic Usage
API requests should be prefixed with `api` and the API version. The API version API requests should be prefixed with `api` and the API version. The API version
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment