finalised client APIs and authentication method

server/internal/clients/README.md

@@ -3,7 +3,7 @@
 Drop clients need to complete a handshake in order to connect to a Drop server. It also trades certificates for encrypted P2P connections.
 
 ## 1. Client requests a handshake
-Client makes request: `POST /api/v1/client/initiate` with information about the client. 
+Client makes request: `POST /api/v1/client/auth/initiate` with information about the client. 
 
 Server responds with a URL to send the user to. It generates a device ID, which has all the metadata attached. 
 
@@ -13,7 +13,7 @@ Client sends user to the provided URL (in external browser). User signs in using
 Server sends redirect to `drop://handshake/[id]/[token]`, where the token is an authentication token to generate the necessary certificates, and the ID is the client ID as generated by the server. 
 
 ## 3. Client requests certificates
-Client makes request: `POST /api/v1/client/handshake` with the token recieved in the previous step. 
+Client makes request: `POST /api/v1/client/auth/handshake` with the token recieved in the previous step. 
 
 The server uses it's CA to generate a public-private key pair, the CN of the client ID. It then sends that pair, plus the CA's public key, to the client, which stores it all. 
 
@@ -23,4 +23,4 @@ The server uses it's CA to generate a public-private key pair, the CN of the cli
 The client generates a nonce and signs it with their private key. This is then attached to any device-related request.
 
 ## 4.b Client wants a long-lived session
-The client does the same as above, but instead makes the request to `POST /api/v1/client/session`, which generates a session token that lasts for a day. This can then be used in the request to provide authentication. 
+The client does the same as above, but instead makes the request to `POST /api/v1/client/auth/session`, which generates a session token that lasts for a day. This can then be used in the request to provide authentication.