Remove info boxes in endpoint definitions

Signed-off-by: Kévin Commaille <zecakeh@tedomum.fr>

data/api/client-server/cross_signing.yaml

@@ -21,13 +21,17 @@ paths:
       x-addedInMatrixVersion: "1.1"
       x-changedInMatrixVersion:
         "1.11": UIA is not always required for this endpoint.
+        "1.17": |-
+          This endpoint no longer requires User-Interactive Authentication when used by an
+          application service.
       summary: Upload cross-signing keys.
       description: |-
         Publishes cross-signing keys for the user.
 
-        This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api).
+        This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api),
+        except when used by an application service.
 
-        User-Interactive Authentication MUST be performed, except in these cases:
+        User-Interactive Authentication MUST be performed for regular clients, except in these cases:
         - there is no existing cross-signing master key uploaded to the homeserver, OR
         - there is an existing cross-signing master key and it exactly matches the
           cross-signing master key provided in the request body. If there are any additional
@@ -46,12 +50,6 @@ paths:
         authentication type if the access token was obtained
         via the [OAuth 2.0 API](/client-server-api/#oauth-20-api).
         {{% /boxes/note %}}
-
-        {{% boxes/note %}}
-        {{% added-in v="1.17" %}}
-        When this endpoint is used by an application service, the server MUST NOT require
-        User-Interactive Authentication, even if cross-signing keys already exist.
-        {{% /boxes/note %}}
       operationId: uploadCrossSigningKeys
       security:
         - accessTokenQuery: []

data/api/client-server/device_management.yaml

@@ -88,20 +88,20 @@ paths:
         - Device management
     put:
       summary: Create or update a device
+      x-changedInMatrixVersion:
+        "1.17": The ability to create new devices was added.
       description: |-
-        Updates the metadata on the given device.
+        Updates the metadata on the given device, or creates a new device.
 
-        {{% boxes/note %}}
+        The ability to create new devices is only available to application
-        {{% added-in v="1.17" %}}
+        services: regular clients may only update existing devices.
-        This endpoint can be used by application services to create a device.
 
         When a new device was created, the homeserver MUST return a 201 HTTP
-        status code. It MUST still return a 200 HTTP status code if a device was
+        status code. It MUST return a 200 HTTP status code if a device was
         updated.
 
-        This endpoint is rate-limited for device creation. Servers MAY want to
+        This endpoint is rate-limited for device creation. Servers MAY use login
-        use login rate limits.
+        rate limits.
-        {{% /boxes/note %}}
       operationId: updateDevice
       security:
         - accessTokenQuery: []
@@ -156,21 +156,20 @@ paths:
         - Device management
     delete:
       summary: Delete a device
+      x-changedInMatrixVersion:
+        "1.17": |-
+          This endpoint no longer requires User-Interactive Authentication when used by an
+          application service.
       description: |-
-        This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api).
+        This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api),
+        except when used by an application service.
 
         Deletes the given device, and invalidates any access token associated with it.
 
         {{% boxes/warning %}}
-        Since this endpoint uses User-Interactive Authentication, it cannot be used when the access token was obtained
+        When this endpoint requires User-Interactive Authentication, it cannot be used when the access token was obtained
         via the [OAuth 2.0 API](/client-server-api/#oauth-20-api).
         {{% /boxes/warning %}}
-
-        {{% boxes/note %}}
-        {{% added-in v="1.17" %}}
-        When this endpoint is used by an application service, the server MUST NOT
-        require User-Interactive Authentication.
-        {{% /boxes/note %}}
       operationId: deleteDevice
       security:
         - accessTokenQuery: []
@@ -219,21 +218,20 @@ paths:
   /delete_devices:
     post:
       summary: Bulk deletion of devices
+      x-changedInMatrixVersion:
+        "1.17": |-
+          This endpoint no longer requires User-Interactive Authentication when used by an
+          application service.
       description: |-
-        This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api).
+        This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api),
+        except when used by an application service.
 
         Deletes the given devices, and invalidates any access token associated with them.
 
         {{% boxes/warning %}}
-        Since this endpoint uses User-Interactive Authentication, it cannot be used when the access token was obtained
+        When this endpoint requires User-Interactive Authentication, it cannot be used when the access token was obtained
         via the [OAuth 2.0 API](/client-server-api/#oauth-20-api).
         {{% /boxes/warning %}}
-
-        {{% boxes/note %}}
-        {{% added-in v="1.17" %}}
-        When this endpoint is used by an application service, the server MUST NOT
-        require User-Interactive Authentication.
-        {{% /boxes/note %}}
       operationId: deleteDevices
       security:
         - accessTokenQuery: []