Adding some information on authentication and multilingual support

jamierumbelow · jamierumbelow · commit 7c9a90b160a8 · 2012-07-02T16:08:11.000+01:00
diff --git a/README.md b/README.md
@@ -14,7 +14,7 @@ _Note: for 1.7.x support download v2.2 from Downloads tab_
 
 ## Installation
 
-Drag and drop the **application/libraries/Format.php** and **application/libraries/REST_Controller.php** files into your application's directories. Either autoload the `REST_Controller` class or `require_once` it at the top of your controllers to load it into the scope.
+Drag and drop the **application/libraries/Format.php** and **application/libraries/REST_Controller.php** files into your application's directories. Either autoload the `REST_Controller` class or `require_once` it at the top of your controllers to load it into the scope. Additionally, copy the **rest.php** file from **application/config** in your application's configuration directory.
 
 ## Handling Requests
 
@@ -83,6 +83,42 @@ If you don't specify a response code, and the data you respond with `== FALSE` (
 
 	$this->response(array()); // HTTP 404 Not Found
 
+## Multilingual Support
+
+If your application uses language files to support multiple locales, `REST_Controller` will automatically parse the HTTP `Accept-Language` header and provide the language(s) in your actions. This information can be found in the `$this->request->lang` object:
+
+	public function __construct()
+	{
+		parent::__construct();
+
+		if (is_array($this->request->lang))
+		{
+			$this->load->language('application', $this->request->lang[0]);
+		}
+		else
+		{
+			$this->load->language('application', $this->request->lang);
+		}
+	}
+
+## Authentication
+
+This class also provides rudimentary support for HTTP basic authentication and/or the securer HTTP digest access authentication.
+
+You can enable basic authentication by setting the `$config['rest_auth']` to `'basic'`. The `$config['rest_valid_logins']` directive can then be used to set the usernames and passwords able to log in to your system. The class will automatically send all the correct headers to trigger the authentication dialogue:
+
+	$config['rest_valid_logins'] = array( 'username' => 'password', 'other_person' => 'secure123' );
+
+Enabling digest auth is similarly easy. Configure your desired logins in the config file like above, and set `$config['rest_auth']` to `'digest'`. The class will automatically send out the headers to enable digest auth.
+
+Both methods of authentication can be secured further by using an IP whitelist. If you enable `$config['rest_ip_whitelist_enabled']` in your config file, you can then set a list of allowed IPs.
+
+Any client connecting to your API will be checked against the whitelisted IP array. If they're on the list, they'll be allowed access. If not, sorry, no can do hombre. The whitelist is a comma-separated string:
+
+	$config['rest_ip_whitelist'] = '123.456.789.0, 987.654.32.1';
+
+Your localhost IPs (`127.0.0.1` and `0.0.0.0`) are allowed by default.
+
 ## Other Documentation / Tutorials
 
 * [NetTuts: Working with RESTful Services in CodeIgniter](http://net.tutsplus.com/tutorials/php/working-with-restful-services-in-codeigniter-2/)
