From 6e5ab9e7b3ba642286ac9b19f127a4ac845a5a9a Mon Sep 17 00:00:00 2001 From: Simon Willison Date: Tue, 13 Dec 2022 21:07:03 -0800 Subject: [PATCH] Note in docs about new /-/create-token features, refs #1947 --- docs/authentication.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/authentication.rst b/docs/authentication.rst index 67ea97f8..198c42ba 100644 --- a/docs/authentication.rst +++ b/docs/authentication.rst @@ -405,6 +405,8 @@ Datasette includes a default mechanism for generating API tokens that can be use Authenticated users can create new API tokens using a form on the ``/-/create-token`` page. +Tokens created in this way can be further restricted to only allow access to specific actions, or to limit those actions to specific databases, tables or queries. + Created tokens can then be passed in the ``Authorization: Bearer $token`` header of HTTP requests to Datasette. A token created by a user will include that user's ``"id"`` in the token payload, so any permissions granted to that user based on their ID can be made available to the token as well.