Update HTTP REST API

2025-08-13 20:47:55 -05:00
parent 130cfadcd3
commit f34bfdbdce
1 changed files with 23 additions and 2 deletions
--- a/HTTP-REST-API.md
+++ b/HTTP-REST-API.md
@@ -1,4 +1,25 @@
-# HTTP REST API (Repertory)
+# HTTP REST API
+
+## Authentication
+
+The Repertory HTTP REST API uses hashed passwords for authentication.
+
+Before making requests to any protected endpoint, hash your password using **BLAKE2b-384** 
+and provide it according to the API's authentication requirements.
+
+Example in C++:
+```cpp
+auto create_password_hash(std::string_view password) -> std::string {
+    return utils::collection::to_hex_string(
+        utils::hash::create_hash_blake2b_384(password));
+}
+```
+
+Example hash for the password `repertory`:
+```
+55427d3dfdce97ef391db56aaf63a3726266777b46df1fa6dbc492093491e7605bd39cf6a88d6ccf4499b9d0de7f78c6
+```
+ (Repertory)

 This document reflects the API **exactly as implemented** in the server code shown (`server` and `full_server`).

@@ -256,6 +277,6 @@ curl -u USER:PASS -X POST \

 ## Conventions & Notes

- `api_path` is normalized via `utils::path::create_api_path` before use.
+- `api_path` is normalized before use.
 - Pin/unpin also raise events (`file_pinned` / `file_unpinned`) on success.
 - `unmount` raises `unmount_requested` and returns immediately; actual unmount is asynchronous relative to the HTTP request.