Improve authorization documentation

Author: jlevers

README.md

@@ -52,6 +52,10 @@ The existing Walmart client libraries for PHP are either incomplete, outdated, o
     * [Configuration](#configuration)
     * [Using API classes](#using-api-classes)
     * [Using model classes](#using-model-classes)
+    * [Authorization](#authorization)
+        * [Basic auth](#basic-auth)
+        * [Access token auth](#access-token-auth)
+        * [Request signature auth](#request-signature-auth)
     * [Debug mode](#debug-mode)
     * [Supported API segments](#supported-api-segments)
         * [Marketplace](#marketplace)
@@ -113,13 +117,14 @@ The `Configuration` class is used to configure the client library. It takes thre
 - `$clientId`: Your Walmart Client ID
 - `$clientSecret`: Your Walmart Client Secret
 - `$options`: An optional associative array of additional configuration parameters. Valid options are:
-    - `consumerId`: Your Walmart Consumer ID. Required if you are a Marketplace Seller selling in Canada, a Drop Ship Vendor, a Content Provider, or a Warehouse Supplier.
-    - `privateKey`: Your Walmart private key. Required if you are a Marketplace Seller selling in Canada, a Drop Ship Vendor, a Content Provider, or a Warehouse Supplier.
     - `country`: The country you are selling in. One of `Country::US`, `Country::CA`, or `Country::MX`. Defaults to `US`.
-    - `accessToken`: An instance of `Walmart\AccessToken`, containing an access token and its expiration time. If provided, this will be used instead of the client ID and secret to authenticate API calls, until the token expires. This is useful if you want to reuse an access token that you've already retrieved from Walmart.
+    - `consumerId`: Your Walmart Consumer ID. Required if you are making requests to endpoints that use signature-based auth (see the [Authorization](#authorization) section)
+    - `privateKey`: Your Walmart private key. Ditto the requirements for the `consumerId` option.
+    - `accessToken`: An instance of `Walmart\AccessToken`, containing an access token and its expiration time. If provided, this will be used instead of the client ID and secret to authenticate API calls, until the token expires. This is useful if you want to reuse an access token that you've already retrieved from Walmart. More details on access token auth [below](#access-token-auth).
 
 If you try to instantiate an instance of an API class that is not supported in the country you've specified, an exception will be thrown.
 
+
 ### Using API classes
 
 The API classes are divided into four categories: Marketplace, Drop Ship Vendor, Content Provider, and Warehouse Supplier. Each category has its own namespace, and each country has its own sub-namespace. For example, the Marketplace APIs for the US are located in the `Walmart\Apis\MP\US` namespace, and the Drop Ship Vendor APIs for Canada are located in the `Walmart\Apis\DSV\CA` namespace.
@@ -172,6 +177,20 @@ API methods often take model classes as parameters, and return them as API respo
 In order to represent the various data structures that the APIs ingest and return, this library uses model classes. Each model class represents a single data structure, and has a constructor that takes an associative array of data. The model class documentation is divided by API category, country, and API class. Documentation for each model class is nested inside the `docs/Models` folder corresponding to the model class's location in the `src/Models` folder. For instance, the response model for the Marketplace Authorization API's `getTokenDetail` method in the US is [`Walmart\Models\MP\US\Authorization\TokenDetailResponse`](https://github.com/highsidelabs/walmart-api-php/blob/main/src/Models/MP/US/Authentication/TokenDetailResponse.php), and the docs are at [`docs/Models/MP/US/Authorization/TokenDetailResponse.md`](https://github.com/highsidelabs/walmart-api-php/blob/main/docs/Models/MP/US/Authentication/TokenDetailResponse.md).
 
 
+### Authorization
+
+Walmart uses three different forms of authentication for its APIs: basic auth, access tokens, and request signatures. This library handles all three automatically, so you shouldn't have to think about them much...but if you're curious about how it works, read on.
+
+#### Basic auth
+This the standard, simplest form of authentication. It uses the Walmart client ID and client secret that are passed to the `Configuration` constructor in order to generate an authorization header value. It's also used to generate an access token if necessary, which is why these are the two required parameters for the `Configuration` constructor.
+
+#### Access token auth
+For a lot of the Marketplace API, Walmart uses access token authentication. The access token is a short-lived token (15min) that is generated by Walmart with the client ID and client secret, and then used to authenticate API calls. This library automatically handles the generation and renewal of access tokens, so you don't have to worry about it. If you want to reuse an access token that you've already retrieved from Walmart, you can pass it to the `Configuration` constructor via the `accessToken` option.
+
+#### Request signature auth
+For most of the rest of the APIs aside from the Marketplace API, Walmart uses request signature auth. This is just another value that is passed as a header, and it is generated using the request method and path, a timestamp, and your consumer ID and private key. If you're making requests that involve signature auth, you need to pass the `privateKey` and `consumerId` options to the `Configuration` constructor's options array.
+
+
 ### Debug mode
 
 To get debugging output when you make an API request, you can call `$config->setDebug()`. By default, debug output goes to `stdout` via `php://output`, but you can redirect it a file with `$config->setDebugFile('log/file/path.log')`.

docs/Apis/CP/US/FeedsApi.md

@@ -27,11 +27,6 @@ use Walmart\Walmart;
 
 require_once __DIR__ . '/vendor/autoload.php';
 
-$config = new Walmart\Configuration('CLIENT_ID', 'CLIENT_SECRET', [
-    'country' => 'US',  // Default US if not set
-    'privateKey' => 'PRIVATE_KEY',
-    'consumerId' => 'CONSUMER_ID',
-]);
 $config = new Walmart\Configuration('CLIENT_ID', 'CLIENT_SECRET', [
     'country' => 'US',  // Default US if not set
     'privateKey' => 'PRIVATE_KEY',
@@ -64,12 +59,15 @@ try {
 
 ### Authorization
 
-[signatureScheme](../../../README.md#signatureScheme), [consumerIdScheme](../../../README.md#consumerIdScheme)
 
-### HTTP request headers
 
-- **Content-Type**: `multipart/form-data`
-- **Accept**: `application/xml`
+This endpoint requires the following authorization methods:
+
+* `signatureScheme`: Request signature authentication. Request signatures are generated using a combination of request info, a timestamp, and your Walmart consumer ID and private key. The signature is passed in the WM_SEC.AUTH_SIGNATURE header. This is always used in tandem with consumer ID authentication (above). When using endpoints that require signature authentication, you must pass the `privateKey` and `consumerId` options to the `Configuration` constructor.
+* `consumerIdScheme`: Header authentication with your Walmart consumer ID, which is passed in the WM_CONSUMER.ID header. This is always used in tandem with signature authentication (below). When using endpoints that require consumer ID authentication, you must pass the `consumerId` option to the `Configuration` constructor.
+
+See the [Authorization](../../../../README.md#authorization) section of the README for more information.
+
 
 [[Back to top]](#) [[Back to API list]](../../../../README.md#supported-apis)
 [[Back to Model list]](../../../Models/CP/US)
@@ -93,11 +91,6 @@ use Walmart\Walmart;
 
 require_once __DIR__ . '/vendor/autoload.php';
 
-$config = new Walmart\Configuration('CLIENT_ID', 'CLIENT_SECRET', [
-    'country' => 'US',  // Default US if not set
-    'privateKey' => 'PRIVATE_KEY',
-    'consumerId' => 'CONSUMER_ID',
-]);
 $config = new Walmart\Configuration('CLIENT_ID', 'CLIENT_SECRET', [
     'country' => 'US',  // Default US if not set
     'privateKey' => 'PRIVATE_KEY',
@@ -132,12 +125,15 @@ try {
 
 ### Authorization
 
-[signatureScheme](../../../README.md#signatureScheme), [consumerIdScheme](../../../README.md#consumerIdScheme)
 
-### HTTP request headers
 
-- **Content-Type**: Not defined
-- **Accept**: `application/xml`
+This endpoint requires the following authorization methods:
+
+* `signatureScheme`: Request signature authentication. Request signatures are generated using a combination of request info, a timestamp, and your Walmart consumer ID and private key. The signature is passed in the WM_SEC.AUTH_SIGNATURE header. This is always used in tandem with consumer ID authentication (above). When using endpoints that require signature authentication, you must pass the `privateKey` and `consumerId` options to the `Configuration` constructor.
+* `consumerIdScheme`: Header authentication with your Walmart consumer ID, which is passed in the WM_CONSUMER.ID header. This is always used in tandem with signature authentication (below). When using endpoints that require consumer ID authentication, you must pass the `consumerId` option to the `Configuration` constructor.
+
+See the [Authorization](../../../../README.md#authorization) section of the README for more information.
+
 
 [[Back to top]](#) [[Back to API list]](../../../../README.md#supported-apis)
 [[Back to Model list]](../../../Models/CP/US)
@@ -161,11 +157,6 @@ use Walmart\Walmart;
 
 require_once __DIR__ . '/vendor/autoload.php';
 
-$config = new Walmart\Configuration('CLIENT_ID', 'CLIENT_SECRET', [
-    'country' => 'US',  // Default US if not set
-    'privateKey' => 'PRIVATE_KEY',
-    'consumerId' => 'CONSUMER_ID',
-]);
 $config = new Walmart\Configuration('CLIENT_ID', 'CLIENT_SECRET', [
     'country' => 'US',  // Default US if not set
     'privateKey' => 'PRIVATE_KEY',
@@ -202,12 +193,15 @@ try {
 
 ### Authorization
 
-[signatureScheme](../../../README.md#signatureScheme), [consumerIdScheme](../../../README.md#consumerIdScheme)
 
-### HTTP request headers
 
-- **Content-Type**: Not defined
-- **Accept**: `application/xml`
+This endpoint requires the following authorization methods:
+
+* `signatureScheme`: Request signature authentication. Request signatures are generated using a combination of request info, a timestamp, and your Walmart consumer ID and private key. The signature is passed in the WM_SEC.AUTH_SIGNATURE header. This is always used in tandem with consumer ID authentication (above). When using endpoints that require signature authentication, you must pass the `privateKey` and `consumerId` options to the `Configuration` constructor.
+* `consumerIdScheme`: Header authentication with your Walmart consumer ID, which is passed in the WM_CONSUMER.ID header. This is always used in tandem with signature authentication (below). When using endpoints that require consumer ID authentication, you must pass the `consumerId` option to the `Configuration` constructor.
+
+See the [Authorization](../../../../README.md#authorization) section of the README for more information.
+
 
 [[Back to top]](#) [[Back to API list]](../../../../README.md#supported-apis)
 [[Back to Model list]](../../../Models/CP/US)
@@ -231,11 +225,6 @@ use Walmart\Walmart;
 
 require_once __DIR__ . '/vendor/autoload.php';
 
-$config = new Walmart\Configuration('CLIENT_ID', 'CLIENT_SECRET', [
-    'country' => 'US',  // Default US if not set
-    'privateKey' => 'PRIVATE_KEY',
-    'consumerId' => 'CONSUMER_ID',
-]);
 $config = new Walmart\Configuration('CLIENT_ID', 'CLIENT_SECRET', [
     'country' => 'US',  // Default US if not set
     'privateKey' => 'PRIVATE_KEY',
@@ -491,12 +480,15 @@ try {
 
 ### Authorization
 
-[signatureScheme](../../../README.md#signatureScheme), [consumerIdScheme](../../../README.md#consumerIdScheme)
 
-### HTTP request headers
 
-- **Content-Type**: `application/xml`
-- **Accept**: `application/xml`
+This endpoint requires the following authorization methods:
+
+* `signatureScheme`: Request signature authentication. Request signatures are generated using a combination of request info, a timestamp, and your Walmart consumer ID and private key. The signature is passed in the WM_SEC.AUTH_SIGNATURE header. This is always used in tandem with consumer ID authentication (above). When using endpoints that require signature authentication, you must pass the `privateKey` and `consumerId` options to the `Configuration` constructor.
+* `consumerIdScheme`: Header authentication with your Walmart consumer ID, which is passed in the WM_CONSUMER.ID header. This is always used in tandem with signature authentication (below). When using endpoints that require consumer ID authentication, you must pass the `consumerId` option to the `Configuration` constructor.
+
+See the [Authorization](../../../../README.md#authorization) section of the README for more information.
+
 
 [[Back to top]](#) [[Back to API list]](../../../../README.md#supported-apis)
 [[Back to Model list]](../../../Models/CP/US)

docs/Apis/DSV/US/CostApi.md

@@ -24,11 +24,6 @@ use Walmart\Walmart;
 
 require_once __DIR__ . '/vendor/autoload.php';
 
-$config = new Walmart\Configuration('CLIENT_ID', 'CLIENT_SECRET', [
-    'country' => 'US',  // Default US if not set
-    'privateKey' => 'PRIVATE_KEY',
-    'consumerId' => 'CONSUMER_ID',
-]);
 $config = new Walmart\Configuration('CLIENT_ID', 'CLIENT_SECRET', [
     'country' => 'US',  // Default US if not set
     'privateKey' => 'PRIVATE_KEY',
@@ -61,12 +56,15 @@ try {
 
 ### Authorization
 
-[signatureScheme](../../../README.md#signatureScheme), [consumerIdScheme](../../../README.md#consumerIdScheme)
 
-### HTTP request headers
 
-- **Content-Type**: `application/json`
-- **Accept**: `application/json`
+This endpoint requires the following authorization methods:
+
+* `signatureScheme`: Request signature authentication. Request signatures are generated using a combination of request info, a timestamp, and your Walmart consumer ID and private key. The signature is passed in the WM_SEC.AUTH_SIGNATURE header. This is always used in tandem with consumer ID authentication (above). When using endpoints that require signature authentication, you must pass the `privateKey` and `consumerId` options to the `Configuration` constructor.
+* `consumerIdScheme`: Header authentication with your Walmart consumer ID, which is passed in the WM_CONSUMER.ID header. This is always used in tandem with signature authentication (below). When using endpoints that require consumer ID authentication, you must pass the `consumerId` option to the `Configuration` constructor.
+
+See the [Authorization](../../../../README.md#authorization) section of the README for more information.
+
 
 [[Back to top]](#) [[Back to API list]](../../../../README.md#supported-apis)
 [[Back to Model list]](../../../Models/DSV/US)

docs/Apis/DSV/US/FeedsApi.md

@@ -25,11 +25,6 @@ use Walmart\Walmart;
 
 require_once __DIR__ . '/vendor/autoload.php';
 
-$config = new Walmart\Configuration('CLIENT_ID', 'CLIENT_SECRET', [
-    'country' => 'US',  // Default US if not set
-    'privateKey' => 'PRIVATE_KEY',
-    'consumerId' => 'CONSUMER_ID',
-]);
 $config = new Walmart\Configuration('CLIENT_ID', 'CLIENT_SECRET', [
     'country' => 'US',  // Default US if not set
     'privateKey' => 'PRIVATE_KEY',
@@ -64,12 +59,15 @@ try {
 
 ### Authorization
 
-[signatureScheme](../../../README.md#signatureScheme), [consumerIdScheme](../../../README.md#consumerIdScheme)
 
-### HTTP request headers
 
-- **Content-Type**: Not defined
-- **Accept**: `application/xml`
+This endpoint requires the following authorization methods:
+
+* `signatureScheme`: Request signature authentication. Request signatures are generated using a combination of request info, a timestamp, and your Walmart consumer ID and private key. The signature is passed in the WM_SEC.AUTH_SIGNATURE header. This is always used in tandem with consumer ID authentication (above). When using endpoints that require signature authentication, you must pass the `privateKey` and `consumerId` options to the `Configuration` constructor.
+* `consumerIdScheme`: Header authentication with your Walmart consumer ID, which is passed in the WM_CONSUMER.ID header. This is always used in tandem with signature authentication (below). When using endpoints that require consumer ID authentication, you must pass the `consumerId` option to the `Configuration` constructor.
+
+See the [Authorization](../../../../README.md#authorization) section of the README for more information.
+
 
 [[Back to top]](#) [[Back to API list]](../../../../README.md#supported-apis)
 [[Back to Model list]](../../../Models/DSV/US)
@@ -93,11 +91,6 @@ use Walmart\Walmart;
 
 require_once __DIR__ . '/vendor/autoload.php';
 
-$config = new Walmart\Configuration('CLIENT_ID', 'CLIENT_SECRET', [
-    'country' => 'US',  // Default US if not set
-    'privateKey' => 'PRIVATE_KEY',
-    'consumerId' => 'CONSUMER_ID',
-]);
 $config = new Walmart\Configuration('CLIENT_ID', 'CLIENT_SECRET', [
     'country' => 'US',  // Default US if not set
     'privateKey' => 'PRIVATE_KEY',
@@ -134,12 +127,15 @@ try {
 
 ### Authorization
 
-[signatureScheme](../../../README.md#signatureScheme), [consumerIdScheme](../../../README.md#consumerIdScheme)
 
-### HTTP request headers
 
-- **Content-Type**: Not defined
-- **Accept**: `application/xml`
+This endpoint requires the following authorization methods:
+
+* `signatureScheme`: Request signature authentication. Request signatures are generated using a combination of request info, a timestamp, and your Walmart consumer ID and private key. The signature is passed in the WM_SEC.AUTH_SIGNATURE header. This is always used in tandem with consumer ID authentication (above). When using endpoints that require signature authentication, you must pass the `privateKey` and `consumerId` options to the `Configuration` constructor.
+* `consumerIdScheme`: Header authentication with your Walmart consumer ID, which is passed in the WM_CONSUMER.ID header. This is always used in tandem with signature authentication (below). When using endpoints that require consumer ID authentication, you must pass the `consumerId` option to the `Configuration` constructor.
+
+See the [Authorization](../../../../README.md#authorization) section of the README for more information.
+
 
 [[Back to top]](#) [[Back to API list]](../../../../README.md#supported-apis)
 [[Back to Model list]](../../../Models/DSV/US)