Fix broken backend endpoint in "Passing a Custom Authorization Token to the Backend" tutorial#11585
Fix broken backend endpoint in "Passing a Custom Authorization Token to the Backend" tutorial#11585Irash-Perera wants to merge 1 commit into
Conversation
📝 WalkthroughSummary
WalkthroughThe tutorial now uses a locally running sample backend that expects 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In
`@en/docs/api-gateway/policies/passing-a-custom-authorization-token-to-the-backend.md`:
- Line 88: Replace the non-descriptive “[here]” link text in the application
access token instructions with descriptive text such as “Generate application
keys,” while preserving the existing destination URL.
- Around line 110-112: Update the endpoint description near the API URL
instructions to use the standard “HTTPS” capitalization instead of “HTTPs,”
preserving the existing guidance and formatting.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 533cb5c1-5ad7-4741-882d-085a52e453f4
⛔ Files ignored due to path filters (2)
en/docs/assets/img/learn/api-gateway/message-mediation/custom-header-response.pngis excluded by!**/*.pngen/docs/assets/img/learn/custom-auth-backend-cli-output.pngis excluded by!**/*.png
📒 Files selected for processing (1)
en/docs/api-gateway/policies/passing-a-custom-authorization-token-to-the-backend.md
| 8. Go to the **Developer Portal**, subscribe and obtain a token to invoke the published API. | ||
|
|
||
| !!! tip | ||
| Follow the instructions in [here]({{base_path}}/api-developer-portal/manage-application/generate-keys/generate-api-keys/#generating-application-keys) to generate an application access token. |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Use descriptive link text.
Replace [here] with text describing the destination, such as [Generate application keys], to improve accessibility and link discoverability.
🧰 Tools
🪛 markdownlint-cli2 (0.22.1)
[warning] 88-88: Link text should be descriptive
(MD059, descriptive-link-text)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@en/docs/api-gateway/policies/passing-a-custom-authorization-token-to-the-backend.md`
at line 88, Replace the non-descriptive “[here]” link text in the application
access token instructions with descriptive text such as “Generate application
keys,” while preserving the existing destination URL.
Source: Linters/SAST tools
| - **<access token>** is the token that you got in step 8. | ||
| - **<API URL>** appears on the API's **Overview** page in the API Developer Portal. Copy the HTTP endpoint. | ||
| If you select the HTTPs endpoint, be sure to run the cURL command with the -k option. |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Use the standard HTTPS capitalization.
Change HTTPs to HTTPS for consistent user-facing terminology.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In
`@en/docs/api-gateway/policies/passing-a-custom-authorization-token-to-the-backend.md`
around lines 110 - 112, Update the endpoint description near the API URL
instructions to use the standard “HTTPS” capitalization instead of “HTTPs,”
preserving the existing guidance and formatting.
Addressed Issue: #4949
The tutorial at
en/docs/api-gateway/policies/passing-a-custom-authorization-token-to-the-backend.mdinstructed users to create an API using the following hosted sample backend as the endpoint:
This endpoint is no longer available, so the tutorial could not be completed as written. This PR replaces the dead hosted endpoint with instructions for running the equivalent sample backend locally.
Changes
1. New step: start the sample backend server locally
A new Step 2 guides the user to run the sample validation backend from the WSO2 API Manager Samples repository (
custom-auth-token-backenddirectory):git clone https://github.com/wso2/samples-apim cd samples-apim/custom-auth-token-backend python3 server.pyPR for the sample backend in the
samples-apimrepository: Add sample backend server for validating custom authorization tokens #165The server listens on
http://localhost:8080, accepts any path and method, and authorizes a request only when theAuthorizationheader is exactlyBearer 1234- the same contract the old hosted backend implemented. It also echoes back the headers it received and logs every request to the terminal, so users can verify exactly whatthe gateway forwarded to the backend.
2. Updated API endpoint
The endpoint in the API creation table now points to the local server:
3. Step numbering and cross-reference fixes
The step list previously had broken numbering (…5, 6, then 5, 6, 7, 24). Steps now run sequentially from 1 to 11, and in-text references ("the token that you got in step 8", "the policy that you just created by following Step 4") were updated to match.