diff --git a/daia.md b/daia.md index c72f84d..6d14dcd 100644 --- a/daia.md +++ b/daia.md @@ -541,7 +541,7 @@ patron-type : a patron identifier for [patron-specific availability]. access_token - : an [access token] for authentification. + : an [access token] for authentication. A DAIA client MUST use HTTPS when sending access tokens. suppress_response_codes @@ -621,6 +621,7 @@ A DAIA client SHOULD sent the following HTTP request headers: User-Agent : with an appropriate client name and version number. + Accept : with the value `application/json`. @@ -629,16 +630,19 @@ A DAIA client MAY sent the following HTTP request headers: Accept-Language : to indicate preferred languages of human-readable response fields (`content`, `about`, `error_description`). + Authorization - : to provide an OAuth 2 Bearer token for [authentification]. + : to provide an OAuth 2 Bearer token for [authentication]. For OPTIONS preflight requests of Cross-Origin Resource Sharing (CORS) a DAIA client MUST include the following HTTP request headers: Origin : where the cross-origin request originates from. + Access-Control-Request-Method : the HTTP verb `GET`. + Access-Control-Request-Headers : the value `Authorization` if access tokens are sent as HTTP headers. @@ -656,6 +660,9 @@ Content-Language : to indicate the language of human-readable response fields (`content`, `about`, `error_description`). +Access-Control-Allow-Origin + : to allow Cross-Origin Resource Sharing, this header should be set to `*`. + Link : a [request URL](#request-and-response) with unprocessed request identifiers (if given) and [RFC 5988] relation type `next`. @@ -679,10 +686,13 @@ following fields: error : alphanumeric error code. + code : HTTP status code. + error_description : human-readable error description (OPTIONAL). + error_uri : human-readable web page about the error (OPTIONAL). @@ -730,7 +740,7 @@ are given or if given values are unknown or invalid. A DAIA server SHOULD return an [error response] status 501 (not supported) if it does not support patron-specific availability for `patron` or `patron-type` respectively. -Patron-specific availability SHOULD be combined with [authentification]. +Patron-specific availability SHOULD be combined with [authentication].