You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/api.md
+23
Original file line number
Diff line number
Diff line change
@@ -181,3 +181,26 @@ Example (generated using the body and public key from the previous examples):
181
181
}
182
182
}
183
183
```
184
+
185
+
## Authenticated Media
186
+
187
+
When accessing media from a Synapse homeserver with authenticated media enabled, an
188
+
`Authorization` HTTP header must be passed along with any request to the Matrix Content Scanner.
189
+
If the `Authorization` header is not present, the content scanner assumes the request is not an
190
+
authenticated media request and will use the old Matrix endpoints.
191
+
192
+
This header follows the `Authentication Bearer scheme` as [outlined in the Matrix specification](https://spec.matrix.org/v1.12/client-server-api/#using-access-tokens).
193
+
The `access_token` must be the Matrix access token of the client's user.
194
+
The `Authorization` header method must be used, sending the access token as a query string
195
+
parameter is not supported.
196
+
197
+
Example authorization header:
198
+
199
+
```
200
+
Authorization: Bearer <access_token>
201
+
```
202
+
203
+
If a request is made for authenticated media and the access token is invalid, the content scanner
204
+
will respond with HTTP status 502, errcode `MCS_MEDIA_REQUEST_FAILED`.
205
+
If a request is made for authenticated media and the `Authorization` header is missing, the content
206
+
scanner will respond with HTTP status 404, errcode `M_NOT_FOUND`.
0 commit comments