diff --git a/docs/add-ons/security.md b/docs/add-ons/security.md index 4f7a9e14..89d11d4a 100644 --- a/docs/add-ons/security.md +++ b/docs/add-ons/security.md @@ -39,3 +39,13 @@ As a developer, follow the following best practices to make your add-on secure: ## Use Home Assistant User backend Instead of allowing users to set new login credentials in plain text config, use the Home Assistant [Auth backend](/docs/api/supervisor/endpoints#auth). You can enable the access to the API with `auth_api: true`. Now you are able to send the login credentials to the auth backend and validate them in Home Assistant. + +## Authenticating a user when using ingress + +When the addon is accessed via the supervisor's ingress, the authorized user can be identified by its session token. The supervisor then adds some headers identifying the user to every request: + +| Header name | Description | +| -------------------------- | ------------------------------------------- | +| X-Remote-User-Id | ID of the authenticated Home Assistant user | +| X-Remote-User-Name | The username of the authenticated user | +| X-Remote-User-Display-Name | The display name of the authenticated user | diff --git a/docs/api/supervisor/endpoints.md b/docs/api/supervisor/endpoints.md index babb25f8..f10afad9 100644 --- a/docs/api/supervisor/endpoints.md +++ b/docs/api/supervisor/endpoints.md @@ -1624,6 +1624,12 @@ Shutdown the host Create a new session for access to the ingress service. +**Payload:** + +| key | type | optional | description | +| -------- | ------ | -------- | ---------------------------------------------------- | +| user_id | string | True | The ID of the user authenticated for the new session | + **Returned data:** | key | type | optional | description |