Improve provider documentation

* Add description about the api endpoints offered by the provider and why create should only be called once. improves #168
2025-12-22 11:55:40 +01:00 · 2022-08-23 14:50:39 +02:00 · 2022-08-23 14:50:39 +02:00 · 26a8fb0b55
commit 26a8fb0b55
parent 2656312ab1
2 changed files with 23 additions and 1 deletions
--- a/docs/csaf_provider.md
+++ b/docs/csaf_provider.md
@ -1,8 +1,27 @@
-`csaf_provider` implements the CGI interface for webservers
+`csaf_provider` implements a CGI interface for webservers
 and reads its configuration from a [TOML](https://toml.io/en/) file.
 The [setup docs](../README.md#setup-trusted-provider)
 explain how to wire this up with nginx and where the config file lives.

+When installed, two entpoints are offered,
+and you should use the [csaf_uploader](../docs/csaf_uploader)
+to access them:
+
+### /api/create
+
+Must be called once after all configuration values are set.
+It will write the `provider-metadata.json` and may write
+or update the`security.txt`.
+
+Once the files exist, they will **not** be overwriten
+by additional `create` calls, even if the config values have been changed.
+Changes should happen rarely and can be done manually.
+
+
+### /api/upload
+Called for each upload of a document and will update
+the CSAF structure in the file system accordingly.
+

 ## Provider options