Merge branch 'master' of https://github.com/fguillot/kanboard

1 files changed, 6 insertions, 6 deletions

diff --git a/doc/api-json-rpc.markdown b/doc/api-json-rpc.markdown
index bb14b008..0f922a7c 100644
--- a/doc/api-json-rpc.markdown
+++ b/doc/api-json-rpc.markdown
@@ -8,25 +8,25 @@ There are two types of API access:
 
 ### Application API
 
-- Access to the API with the user "jsonrpc" and the token available in settings
+- Access to the API with the user "jsonrpc" and the token available on the settings page
 - Access to all procedures
 - No permission checked
 - There is no user session on the server
+- No access to procedures that starts with "My..." (example: "getMe" or "getMyProjects")
 - Example of possible clients: tools to migrate/import data, create tasks from another system, etc...
 
 ### User API
 
 - Access to the API with the user credentials (username and password)
-- Access to a restricted set of procedures
-- The project permissions are checked
+- Application role and project permissions are checked for each procedure
 - A user session is created on the server
-- Example of possible clients: mobile/desktop application, command line utility, etc...
+- Example of possible clients: native mobile/desktop application, command line utility, etc...
 
 Security
 --------
 
-- Always use HTTPS with a valid certificate
-- If you make a mobile application, it's your job to store securely the user credentials on the device
+- Always use HTTPS with a valid certificate (avoid clear text communication)
+- If you make a mobile application, it's your responsability to store securely the user credentials on the device
 - After 3 authentication failure on the user api, the end-user have to unlock his account by using the login form
 - Two factor authentication is not yet available through the API