X-Git-Url: https://dev.renevier.net/gitweb.cgi?p=syp.git;a=blobdiff_plain;f=devdoc%2Fapi.txt;h=590964a2cbaf3f391a702918acee9ef5a870259f;hp=cc1413e78b94de01a3009dff96e418787cc40302;hb=080f837e8fbca48c55f4549df13b9c4772db3613;hpb=e57c166b46cf9c5961bca1b2241783944277cef5

diff --git a/devdoc/api.txt b/devdoc/api.txt
index cc1413e..590964a 100644
--- a/devdoc/api.txt
+++ b/devdoc/api.txt
@@ -11,13 +11,15 @@ Client submits a classic html form to server.
 **note**: In this documentation, php notation is used (`_POST` and `_FILES`),
 but server may be written in any language.
 
+` _POST["password"]` may contains user password. If it is set, access is
+ checked. If it is not set, authentification cookie is checked. If neither are
+ present, or if one of them is wrong, access is denied.
+
 `_POST["request"]` is either:
 
 ## auth
  asks for authentication
 
- * ` _POST["password"]` must contains user password
-
 ## add
  adds a new feature