X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;ds=sidebyside;f=FS%2FFS%2FAPI.pm;h=1e960c8d18804793f8debc01acf3e495922cbc5f;hb=ab9aa5b5d55eb7330b3435819663ef03538278e2;hp=994f8ba702bbee4ae54bc16c9395791d3ae474c6;hpb=8b307b13a808f9174f781e6300b08a95bdca5dfa;p=freeside.git

diff --git a/FS/FS/API.pm b/FS/FS/API.pm
index 994f8ba70..1e960c8d1 100644
--- a/FS/FS/API.pm
+++ b/FS/FS/API.pm
@@ -23,7 +23,9 @@ This module implements a backend API for advanced back-office integration.
 In contrast to the self-service API, which authenticates an end-user and offers
 functionality to that end user, the backend API performs a simple shared-secret
 authentication and offers full, administrator functionality, enabling
-integration with other back-office systems.
+integration with other back-office systems.  Only access this API from a secure 
+network from other backoffice machines. DON'T use this API to create customer 
+portal functionality.
 
 If accessing this API remotely with XML-RPC or JSON-RPC, be careful to block
 the port by default, only allow access from back-office servers with the same
@@ -593,6 +595,8 @@ sub update_customer {
  my( $class, %opt ) = @_;
 
   my $conf = new FS::Conf;
+  return { 'error' => 'Incorrect shared secret' }
+    unless $opt{secret} eq $conf->config('api_shared_secret');
 
 
   my $custnum = $opt{'custnum'}
@@ -749,8 +753,21 @@ sub location_info {
 Bills a single customer now, in the same fashion as the "Bill now" link in the
 UI.
 
-Returns a hash reference with a single key, 'error'.  If there is an error,
-the value contains the error, otherwise it is empty.
+Returns a hash reference with a single key, 'error'.  If there is an error,   
+the value contains the error, otherwise it is empty. Takes a list of keys and
+values as parameters with the following keys:
+
+=over 4
+
+=item secret
+
+API Secret (required)
+
+=item custnum
+
+Customer number (required)
+
+=back
 
 =cut