From 8cbc58ea2febeb83b1f09a19a61058439fe02601 Mon Sep 17 00:00:00 2001
From: reablaz <reablaz@gmail.com>
Date: Sun, 29 Sep 2019 15:12:35 +0300
Subject: [PATCH] updated AppsUpdate view with correct GET request

So user can request invoice data by invoice id from btcpayserver, to verify callback
---
 BTCPayServer/Views/Apps/UpdatePointOfSale.cshtml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/BTCPayServer/Views/Apps/UpdatePointOfSale.cshtml b/BTCPayServer/Views/Apps/UpdatePointOfSale.cshtml
index 615feec5e..174e2a689 100644
--- a/BTCPayServer/Views/Apps/UpdatePointOfSale.cshtml
+++ b/BTCPayServer/Views/Apps/UpdatePointOfSale.cshtml
@@ -208,7 +208,7 @@
                                         <p><strong>Never</strong> trust anything but <code>id</code>, <strong>ignore</strong> the other fields completely, an attacker can spoof those, they are present only for backward compatibility reason:</p>
                                         <p>
                                             <ul>
-                                                <li>Send a <code>GET</code> request to <code>https://btcpay.example.com/invoices/{invoiceId}</code> with <code>Content-Type: application/json</code></li>
+                                                <li>Send a <code>GET</code> request to <code>https://btcpay.example.com/invoices/{invoiceId}</code> with <code>Content-Type: application/json; Authorization: Basic YourLegacyAPIkey"</code>, Legacy API key can be created with Access Tokens in Store settings</li>
                                                 <li>Verify that the <code>orderId</code> is from your backend, that the <code>price</code> is correct and that <code>status</code> is either <code>confirmed</code> or <code>complete</code></li>
                                                 <li>You can then ship your order</li>
                                             </ul>