From 6bde478eadb7661238ce7c13ccd0f74a28ef3369 Mon Sep 17 00:00:00 2001
From: Keiran Price <keiran.price@stfc.ac.uk>
Date: Tue, 15 Oct 2019 10:41:36 +0100
Subject: [PATCH] #87: Add authentication

---
 README.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e9210a8d..b96ed869 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,8 @@ ICAT API to interface with the Data Gateway
       - [Endpoints:](#endpoints)
       - [Mapped classes:](#mapped-classes)
       - [Querying and filtering](#querying-and-filtering)
-      - [Swagger Generation](#generating-the-swagger-spec)
+      - [Swagger Generation](#generating-the-swagger-spec-openapiyaml)
+      - [Authentication](#authentication)
   - [Database Generator](#database-generator)
   - [Running Tests](#running-tests)
 
@@ -145,6 +146,12 @@ query the database are also in this module.
 Class diagram for this module:
 ![image](https://user-images.githubusercontent.com/44777678/66651511-1d401a80-ec2b-11e9-96a4-316e94939a0f.png)
 
+#### Authentication
+Each request requires a valid session ID to be provided in the Authorization header. This header should take the form of `{"Authoirzation":"Bearer <session_id>"}` A session ID can be obtained by
+sending a post request to `/sessions/`  
+All endpoint methods that require a session id are decorated with `@requires_session_id`
+
+
 
 #### Generating the swagger spec: `openapi.yaml`
 The swagger generation script is located in `/src/swagger/swagger_generator.py`. The script will only run when