From a2457322290eb5273ac4814691c2662ba843cc89 Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <dev@bernhard-posselt.com>
Date: Tue, 10 May 2016 22:03:21 +0200
Subject: More security guidlines

---
 docs/developer/External-Api.md | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'docs')

diff --git a/docs/developer/External-Api.md b/docs/developer/External-Api.md
index 40a548a86..6b1f1e8b0 100644
--- a/docs/developer/External-Api.md
+++ b/docs/developer/External-Api.md
@@ -95,6 +95,8 @@ where $CREDENTIALS is:
 
 This authentication/authorization method will be the recommended default until core provides an easy way to do OAuth
 
+**Note**: Even if login cookies are sent back to your client, they will not be considered for authentication.
+
 ## Request Format
 The required request headers are:
 * **Accept**: application/json
-- 
cgit v1.2.3