Elaborate a bit on the login and interaction cycle in the README.

2021-02-02 16:20:21 +01:00 · 2021-02-02 16:20:21 +01:00 · df9677efe5
parent ff04edd2b8
commit df9677efe5
1 changed files with 24 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -34,7 +34,7 @@ authentication; all files are public.
 ## GET /login

 Call this endpoint to begin the login cycle. It will redirect you to the SSO
-login page.
+login page: an HTTP 302, with a Location header.

 ## GET /token

@ -47,3 +47,26 @@ header.

 All other calls will be passed through to cloudapi. For these calls to succeed,
 they MUST provide the X-Auth-Token header that the /token endpoint returns.
+
+# Interaction cycle
+
+client --- GET /login --------> this server
+       <-- 302 Location #1 ----
+
+client --- GET <Location #1> --> SSO server
+       <separate SSO cycle>
+       <-- 302 Location #2 ----
+
+client --- GET <Location #2> --> this server
+       <-- 204 X-Auth-Token ----
+
+From now on call this server as if it were a cloudapi server (using [cloudapi
+paths](https://github.com/joyent/sdc-cloudapi/blob/master/docs/index.md#api-introduction)),
+always providing the X-Auth-Token. For example, to retrieve a list of packages:
+
+client --- GET /my/packages --> this server
+       <-- 200 JSON body ------
+
+The most useful cloudapi endpoints to begin with will be ListPackages,
+GetPackage, ListImages, GetImage, ListMachines, GetMachine, CreateMachine and
+DeleteMachine (see cloudapi docs).