From f34bfdbdcefcfc4448e85f4df6b30aed9fe757dd Mon Sep 17 00:00:00 2001
From: "Scott E. Graves" <scott.e.graves@protonmail.com>
Date: Wed, 13 Aug 2025 20:47:55 -0500
Subject: [PATCH] Update HTTP REST API

---
 HTTP-REST-API.md | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/HTTP-REST-API.md b/HTTP-REST-API.md
index 28a4e5b..e558e6a 100644
--- a/HTTP-REST-API.md
+++ b/HTTP-REST-API.md
@@ -1,4 +1,25 @@
-# HTTP REST API (Repertory)
+# HTTP REST API
+
+## Authentication
+
+The Repertory HTTP REST API uses hashed passwords for authentication.
+
+Before making requests to any protected endpoint, hash your password using **BLAKE2b-384** 
+and provide it according to the API's authentication requirements.
+
+Example in C++:
+```cpp
+auto create_password_hash(std::string_view password) -> std::string {
+    return utils::collection::to_hex_string(
+        utils::hash::create_hash_blake2b_384(password));
+}
+```
+
+Example hash for the password `repertory`:
+```
+55427d3dfdce97ef391db56aaf63a3726266777b46df1fa6dbc492093491e7605bd39cf6a88d6ccf4499b9d0de7f78c6
+```
+ (Repertory)
 
 This document reflects the API **exactly as implemented** in the server code shown (`server` and `full_server`).
 
@@ -256,6 +277,6 @@ curl -u USER:PASS -X POST \
 
 ## Conventions & Notes
 
-- `api_path` is normalized via `utils::path::create_api_path` before use.
+- `api_path` is normalized before use.
 - Pin/unpin also raise events (`file_pinned` / `file_unpinned`) on success.
 - `unmount` raises `unmount_requested` and returns immediately; actual unmount is asynchronous relative to the HTTP request.