From ecf04856c70312d087b3b94d557a25b07cb52686 Mon Sep 17 00:00:00 2001
From: jricher <jricher@mitre.org>
Date: Fri, 26 Apr 2013 12:10:36 -0700
Subject: [PATCH] Updated Api (markdown)

---
 Api.md | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 57 insertions(+), 1 deletion(-)

diff --git a/Api.md b/Api.md
index 328b40f..bc45ba1 100644
--- a/Api.md
+++ b/Api.md
@@ -645,4 +645,60 @@ Deletes the scope with the {id} in the URL. Any clients that are currently regis
 
 Returns HTTP 200 with an empty page on success.
 
-## User Site Approvals
\ No newline at end of file
+## User Site Approvals
+
+Approved sites represent a decision by an end user (or "authorization grant") that has been stored. Future authorization requests that match the parameters of this approval will be granted automatically. This API allows for reading and deleting existing approvals. New approvals are created during the normal course of the OAuth protocol.
+
+Endpoint: **`/api/approved`**
+
+### GET /api/approved
+
+_Requires **ROLE_USER** access._
+
+Gets a list of the approved sites for the current user in `application/json` format.
+
+```
+[
+    {
+        "id": 1,
+        "userId": "jricher",
+        "clientId": "client",
+        "creationDate": "2013-04-26T14:57:21-0400",
+        "accessDate": "2013-04-26T14:57:21-0400",
+        "timeoutDate": null,
+        "allowedScopes": [
+            "email",
+            "phone",
+            "openid"
+        ],
+        "whitelistedSite": null
+    }
+]
+```
+
+### GET /api/approved/{id}
+
+Gets the approved site with the {id} indicated in the url, in `application/json` format. Users may only get approved sites that belong to them.
+
+```
+{
+    "id": 1,
+    "userId": "jricher",
+    "clientId": "client",
+    "creationDate": "2013-04-26T14:57:21-0400",
+    "accessDate": "2013-04-26T14:57:21-0400",
+    "timeoutDate": null,
+    "allowedScopes": [
+        "email",
+        "phone",
+        "openid"
+    ],
+    "whitelistedSite": null
+}
+```
+
+### DELETE /api/approved/{id}
+
+Deletes the approved site with the given {id} in the URL. Users may delete only their own approved sites. Any tokens associated with the approved site remain active. _Note: This behavior will likely change in a future version of the software._
+
+The sever responds with an HTTP 200 code and a blank page on success.
\ No newline at end of file