C2S: Describe the authentication and deprecation requirements

2026-03-23 19:44:09 +01:00 · 2024-06-10 15:44:55 -06:00 · 2024-06-10 15:44:55 -06:00 · 214e38ae40
parent bd0353072f
commit 214e38ae40
1 changed files with 17 additions and 1 deletions
--- a/content/client-server-api/modules/content_repo.md
+++ b/content/client-server-api/modules/content_repo.md
@ -23,6 +23,15 @@ When serving content, the server SHOULD provide a
 interacting with the media repository.
 {{% /boxes/added-in-paragraph %}}

+{{% boxes/added-in-paragraph %}}
+{{< changed-in v="1.11" >}} The unauthenticated download endpoints have been
+deprecated in favour of newer, authenticated, ones. This change included updating
+the pathing of all media endpoints from `/_matrix/media/*` to `/_matrix/client/{version}/media/*`,
+with the exception of the `/upload` and `/create` endpoints. The upload/create
+endpoints are expected to undergo a similar transition in a later version of the
+specification.
+{{% /boxes/added-in-paragraph %}}
+
 #### Matrix Content (`mxc://`) URIs

 Content locations are represented as Matrix Content (`mxc://`) URIs. They
@ -37,7 +46,14 @@ mxc://<server-name>/<media-id>

 #### Client behaviour

-Clients can upload and download content using the following HTTP APIs.
+Clients can access the content repository using the following endpoints.
+
+{{% boxes/added-in-paragraph %}}
+{{< changed-in v="1.11" >}} Clients SHOULD NOT use the deprecated media endpoints
+described below. Instead, they SHOULD use the new endpoints which require authentication.
+{{% /boxes/added-in-paragraph %}}
+
+{{% http-api spec="client-server" api="authed-content-repo" %}}

 {{% http-api spec="client-server" api="content-repo" %}}