ibexa · adriendupuis · Oct 11, 2024 · Oct 2, 2024 · Oct 2, 2024 · Oct 2, 2024
diff --git a/docs/api/rest_api/rest_api_authentication.md b/docs/api/rest_api/rest_api_authentication.md
@@ -18,6 +18,11 @@ For other security related subjects, see:
 - [Cross-origin requests](rest_responses.md#cross-origin)
 - [`access_control`]([[= symfony_doc =]]/security/access_control.html)
 
+!!! caution "SiteAccess login"
+
+    The anonymous user is used to perform the request even if authentification with the REST server has been established to access the ressource.
+    Anonymous user must have `user/login` policy on the SiteAccess matched by the REST domain or passed through [`X-Siteaccess` header](rest_requests.md#siteaccess).
+
 ## Session-based authentication
 
 This authentication method requires a session cookie to be sent with each request.