From 1f5510d206c8c6d8e0fc77f26769cc7c650e984a Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Wed, 2 Sep 2020 15:13:21 -0400
Subject: [PATCH] Authorization docs

---
 docs/source/interface.rst | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/docs/source/interface.rst b/docs/source/interface.rst
index 678d5c4..5231e72 100644
--- a/docs/source/interface.rst
+++ b/docs/source/interface.rst
@@ -7,6 +7,18 @@ Client
 When enabled in a Tahoe-LAFS client node,
 ZKAPAuthorizer publishes an HTTP-based interface inside the main Tahoe-LAFS web interface.
 
+All endpoints in the interface require an authorization token.
+Without the token,
+requests will receive an HTTP UNAUTHORIZED (401) response.
+
+To be authorized to access the resources at the endpoints,
+requests must include the correct secret token in the value for **Authorization** in the request header.
+For example, if the secret token is ``ABCDEF``::
+
+  Authorization: tahoe-lafs ABCDEF
+
+The correct value for the token can be read from the Tahoe-LAFS node's ``private/api_auth_token`` file.
+
 ``GET /storage-plugins/privatestorageio-zkapauthz-v1/version``
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-- 
GitLab