3 files changed, 20 insertions, 4 deletions
diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm
index 2c21de15e..2fa1bdc28 100644
--- a/Bugzilla/WebService/Constants.pm
+++ b/Bugzilla/WebService/Constants.pm
@@ -142,6 +142,9 @@ use constant WS_ERROR_CODE => {
     extern_id_conflict           => -303,
     auth_failure                 => 304,
     password_current_too_short   => 305,
+    api_key_not_valid            => 306,
+    api_key_revoked              => 306,
+    auth_invalid_token           => 307,
 
     # Except, historically, AUTH_NODATA, which is 410.
     login_required               => 410,
diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm
index f05b2b247..32d6f28ec 100644
--- a/Bugzilla/WebService/User.pm
+++ b/Bugzilla/WebService/User.pm
@@ -432,9 +432,13 @@ where applicable.
 
 =head1 Logging In and Out
 
+These method are now deprecated, and will be removed in the release after
+Bugzilla 5.0. The correct way of use these REST and RPC calls is noted in
+L<Bugzilla::WebService>
+
 =head2 login
 
-B<STABLE>
+B<DEPRECATED>
 
 =over
 
@@ -499,7 +503,9 @@ creates a login cookie.
 
 =item C<restrict_login> was added in Bugzilla B<5.0>.
 
-=item C<token> was added in Bugzilla B<5.0>.
+=item C<token> was added in Bugzilla B<4.4.3>.
+
+=item This function will be removed in the release after Bugzilla 5.0, in favour of API keys.
 
 =back
 
@@ -507,7 +513,7 @@ creates a login cookie.
 
 =head2 logout
 
-B<STABLE>
+B<DEPRECATED>
 
 =over
 
@@ -525,7 +531,7 @@ Log out the user. Does nothing if there is no user logged in.
 
 =head2 valid_login
 
-B<UNSTABLE>
+B<DEPRECATED>
 
 =over
 
@@ -563,6 +569,8 @@ for the provided username.
 
 =item Added in Bugzilla B<5.0>.
 
+=item This function will be removed in the release after Bugzilla 5.0, in favour of API keys.
+
 =back
 
 =back
diff --git a/Bugzilla/WebService/Util.pm b/Bugzilla/WebService/Util.pm
index 26558fc6a..6290139a3 100644
--- a/Bugzilla/WebService/Util.pm
+++ b/Bugzilla/WebService/Util.pm
@@ -268,6 +268,11 @@ sub fix_credentials {
         $params->{'Bugzilla_login'}    = $params->{'login'};
         $params->{'Bugzilla_password'} = $params->{'password'};
     }
+    # Allow user to pass api_key=12345678 as a convenience which becomes
+    # "Bugzilla_api_key" which is what the auth code looks for.
+    if (exists $params->{api_key}) {
+        $params->{Bugzilla_api_key} = delete $params->{api_key};
+    }
     # Allow user to pass token=12345678 as a convenience which becomes
     # "Bugzilla_token" which is what the auth code looks for.
     if (exists $params->{'token'}) {