Update API documentation to mention rails session cookies

[ci skip]
2016-09-19 12:49:12 +01:00 · 2016-09-19 12:49:12 +01:00 · 5d1b616eba
parent 48d563a3e4
commit 5d1b616eba
1 changed files with 12 additions and 4 deletions
--- a/doc/api/README.md
+++ b/doc/api/README.md
@ -55,11 +55,12 @@ The following documentation is for the [internal CI API](ci/README.md):

 ## Authentication

-All API requests require authentication via a token. There are three types of tokens
-available: private tokens, OAuth 2 tokens, and personal access tokens.
+All API requests require authentication via a session cookie or token. There are
+three types of tokens available: private tokens, OAuth 2 tokens, and personal
+access tokens.

-If a token is invalid or omitted, an error message will be returned with
-status code `401`:
+If authentication information is invalid or omitted, an error message will be
+returned with status code `401`:

 ```json
 {
@ -98,6 +99,13 @@ that needs access to the GitLab API.
 Once you have your token, pass it to the API using either the `private_token`
 parameter or the `PRIVATE-TOKEN` header.

+
+### Session cookie
+
+When signing in to GitLab as an ordinary user, a `_gitlab_session` cookie is
+set. The API will use this cookie for authentication if it is present, but using
+the API to generate a new session cookie is currently not supported.
+
 ## Basic Usage

 API requests should be prefixed with `api` and the API version. The API version