docs: more emphasis on req methods [skip release]

nextauthjs · Feb 1, 2021 · 396f5d8 · 396f5d8
1 parent d7e78d5
commit 396f5d8
Showing 1 changed file with 12 additions and 12 deletions.
diff --git a/www/docs/getting-started/rest-api.md b/www/docs/getting-started/rest-api.md
@@ -5,45 +5,45 @@ title: REST API
 
 NextAuth.js exposes a REST API which is used by the NextAuth.js client.
 
-#### GET /api/auth/signin
+#### `GET` /api/auth/signin
 
 Displays the sign in page.
 
-#### POST /api/auth/signin/:provider
+#### `POST` /api/auth/signin/:provider
 
 Starts an OAuth signin flow for the specified provider.
 
 The POST submission requires CSRF token from `/api/auth/csrf`.
 
-#### GET /api/auth/callback/:provider
+#### `GET` /api/auth/callback/:provider
 
 Handles returning requests from OAuth services during sign in.
 
-For OAuth 2.0 providers that support the `state` option, the value of the `state` parameter is checked against the one that was generated when the sign in flow was started - this uses a hash of the CSRF token which MUST match for both the POST and GET calls during sign in.
+For OAuth 2.0 providers that support the `state` option, the value of the `state` parameter is checked against the one that was generated when the sign in flow was started - this uses a hash of the CSRF token which MUST match for both the POST and `GET` calls during sign in.
 
-#### GET /api/auth/signout
+#### `GET` /api/auth/signout
 
 Displays the sign out page.
 
-#### POST /api/auth/signout
+#### `POST` /api/auth/signout
 
-Handles signing out - this is a POST submission to prevent malicious links from triggering signing a user out without their consent.
+Handles signing out - this is a `POST` submission to prevent malicious links from triggering signing a user out without their consent.
 
-The POST submission requires CSRF token from `/api/auth/csrf`.
+The `POST` submission requires CSRF token from `/api/auth/csrf`.
 
-#### GET /api/auth/session
+#### `GET` /api/auth/session
 
 Returns client-safe session object - or an empty object if there is no session.
 
 The contents of the session object that is returned is configurable with the session callback.
 
-#### GET /api/auth/csrf
+#### `GET` /api/auth/csrf
 
 Returns object containing CSRF token. In NextAuth.js, CSRF protection is present on all authentication routes. It uses the "double submit cookie method", which uses a signed HttpOnly, host-only cookie.
 
-The CSRF token returned by this endpoint must be passed as form variable named `csrfToken` in all POST submissions to any API endpoint.
+The CSRF token returned by this endpoint must be passed as form variable named `csrfToken` in all `POST` submissions to any API endpoint.
 
-#### GET /api/auth/providers
+#### `GET` /api/auth/providers
 
 Returns a list of configured OAuth services and details (e.g. sign in and callback URLs) for each service.