From 9a680e69563e997896c7cd5f32b9ec87570187b4 Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Fri, 26 Oct 2018 19:45:36 +0200
Subject: [PATCH] ++ API

---
 README.md | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 5d6a25d..fb47000 100644
--- a/README.md
+++ b/README.md
@@ -17,10 +17,29 @@ In development, pre production.
 - No user interface (UI) supported (?)
   -> idea is to keep flow logic in ungleich-dynamicweb
 
-## Usage: BUS and REST
+## Usage: BUS
+
+### RPC: verify(appid, token, appidtoverify, tokentoverify)
+
+Verify whether the requesting app is authenticated. This is only
+allowed to be used for trusted appids.
+
+### POST: /verify
+
+Not sure if this one will be publicly available.
+
+```
+{
+    version: "1",
+    appid: "your-app-uuid",
+    token: "current time based token",
+    appidtoverify: "appid that wants to be authenticated",
+    tokentoverify: "current time based token of appidtoverify",
+}
+```
+
+## Usage: REST
 
-- BUS: send
-- Authentication
 - Use an existing token to connect to the service
 - All REST based messages: JSON
 
@@ -90,6 +109,7 @@ Response JSON object:
 }
 
 
+
 ## Usage: OTP
 
 The seeds that you receive can be used for TOTP to authenticate your