From cf3cf2acf206698b2d034bc22bf65c9693c41a79 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Wed, 5 Jun 2019 18:21:11 -0400
Subject: [PATCH] Clarify VKS upload API

The response for the upload API appears to make it clear that it is
intended to accept only a single OpenPGP certificate, not multiple
keys.

I don't know for sure whether this is the intent of the codebase; if
it is not, then the API is broken, and the response for the upload API
needs to be able to accomodate multiple primary key fingerprints.
---
 dist/templates/about/api.html.hbs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/dist/templates/about/api.html.hbs b/dist/templates/about/api.html.hbs
index bade6cc..500bf9b 100644
--- a/dist/templates/about/api.html.hbs
+++ b/dist/templates/about/api.html.hbs
@@ -47,11 +47,11 @@
     <li>
       <tt>POST /vks/v1/upload</tt>
       <p>
-        Keys may be submitted using a POST request to <tt>/vks/v1/upload</tt>.
+        A single key may be submitted using a POST request to <tt>/vks/v1/upload</tt>.
         The body of the request must be <code>application/json</code>.
         The JSON data must contain a single field <code>keytext</code>,
         which must contain the keys to submit.
-        Key data can be formatted in ASCII Armor, or base64.
+        The value of <code>keytext</code> can be formatted in standard OpenPGP ASCII Armor, or base64.
       </p>
 
       <p>
@@ -61,7 +61,7 @@
         The <code>token</code> field contains an opaque value,
         which can be used to perform <tt>request-verify</tt> requests
         (see below).
-        The <code>key_fpr</code> field contains the uploaded key's fingerprint.
+        The <code>key_fpr</code> field contains the fingerprint of the uploaded primary key.
         The <code>status</code> token contains a map of email addresses
         contained in the key, with one of the values
         <code>unpublished</code>,