fix

bryantanderson · bryantanderson · commit 4ae4a834562b · 2025-03-25T18:12:17.000+11:00
diff --git a/fern/customization/jwt-authentication.mdx b/fern/customization/jwt-authentication.mdx
@@ -12,83 +12,65 @@ Before you proceed, ensure you have the following:
 
 - An environment that supports JWT generation and API calls (e.g., a programming language or framework)
 - An account with a service that requires JWT authentication
-- Environment variables set up for the necessary credentials (e.g., organization ID and Vapi API key, both can be found in your Vapi dashboard)
+- Environment variables set up for the necessary credentials (e.g., organization ID and private key, both can be found in your Vapi portal)
 
 ## Generating a JWT Token
 
 The following steps outline how to generate a JWT token:
 
 1. **Define the Payload**: The payload contains the data you want to include in the token. In this case, it includes an `orgId`.
-2. **Get a Vapi API Key**: A Vapi API key is used to sign the token. Ensure it is securely stored, often in environment variables.
+2. **Get the Private Key**: The private key (provided by Vapi) is used to sign the token. Ensure it is securely stored, often in environment variables.
 3. **Set Token Options**: Define options for the token, such as the expiration time (`expiresIn`).
 4. **Generate the Token**: Use a JWT library or built-in functionality to generate the token with the payload, key, and options.
 
-### Creating a Vapi API Key
+### JWT Token Scopes
 
-You can find your API keys in the Vapi dashboard. Head to the `ORG SETTINGS` section on the sidebar and click on the `API Keys` tab.
+A JWT token can have one of two scopes: `private` or `public`. The scope of the token will determine the actions that can be performed using the token. 
 
-By default, Vapi creates a pair of private and public API keys for you. However, you may create new API keys at any time through the dashboard or API.
-
-<Frame>
-  <img src="../static/images/quickstart/dashboard/vapi-api-keys-tab.png" />
-</Frame>
-
-Creating new API keys is straightforward through the Vapi API.
-
-**Example (creating a private API key):**
-
-```bash
-curl -X POST 'https://api.vapi.ai/token' \
--H 'Content-Type: application/json' \
--H 'Authorization: Bearer <YOUR_API_KEY>' \
--d '{
-  "name": "My Private Vapi API Key",
-  "tag": "private"
-}'
-```
-
-**Example (creating a public API key):**
+For example, it can be used to restrict which API endpoints the token can access.
 
 <Note>
-  The **restrictions** field is optional. All fields besides **enabled** are only relevant for **public**  tokens.
+  As of writing, the only publicly scoped API endpoint is https://api.vapi.ai//call/web, which is used for Web Call creation. All other endpoints are privately scoped.
 </Note>
 
-```bash
-curl -X POST 'https://api.vapi.ai/token' \
--H 'Content-Type: application/json' \
--H 'Authorization: Bearer <YOUR_API_KEY>' \
--d '{
-  "name": "My Public Vapi API Key",
-  "tag": "public",
-  "restrictions": {
-    "enabled": true,
-    "allowedOrigins": ["https://example.vapi.ai"],
-    "allowedAssistantIds": ["1cbf8c70-5fd7-4f61-a220-376ab35be1b0"],
-    "allowTransientAssistant": false,
-  }
-}'
-```
+### Example (generating a private JWT token)
 
-### Vapi API Key Scope
+```js
+// Define the payload
+const payload = {
+  orgId: process.env.ORG_ID,
+};
 
-A Vapi API Key can have one of two scopes: Private or Public. The scope of the key will determine the actions that can be performed using the key. 
+const key = {
+  tag: 'private',
+};
 
-For example, it can be used to restrict which API endpoints the key can access.
+// Define token options
+const options = {
+  expiresIn: '1h',
+};
 
-<Note>
-  As of writing, the only publicly scoped API endpoint is https://api.vapi.ai//call/web, which is used for Web Call creation. All other endpoints are privately scoped.
-</Note>
+// Generate the token using a JWT library or built-in functionality
+const token = generateJWT(payload, key, options);
+```
 
-### Example
+### Example (generating a public JWT token)
 
 ```js
 // Define the payload
 const payload = {
   orgId: process.env.ORG_ID,
 };
 
-// Get the private (or public) Vapi API key from environment variables
-const key = process.env.VAPI_API_KEY;
+const key = {
+  tag: 'public',
+  restrictions: {
+    enabled: true,
+    allowedOrigins: ['https://example.vapi.ai'],
+    allowedAssistantIds: ['1cbf8c70-5fd7-4f61-a220-376ab35be1b0'],
+    allowTransientAssistant: false,
+  },
+};
 
 // Define token options
 const options = {
@@ -102,7 +84,7 @@ const token = generateJWT(payload, key, options);
 ### Explanation
 
 - **Payload**: The payload includes the `orgId`, representing the organization ID.
-- **Key**: The Vapi API key is used to sign the token, ensuring its authenticity.
+- **Key**: The private key is used to sign the token, ensuring its authenticity.
 - **Options**: The `expiresIn` option specifies that the token will expire in 1 hour.
 - **Token Generation**: The `generateJWT` function (a placeholder for the actual JWT generation method) creates the token using the provided payload, key, and options.
 
@@ -146,4 +128,4 @@ With the generated token, you can authenticate API requests to any endpoint requ
 
 ## Conclusion
 
-This documentation covered the basics of generating a JWT token and demonstrated how to use the token to make authenticated API requests. Ensure that your environment variables (e.g., `ORG_ID` and ``VAPI_API_KEY``) are correctly set up before running the code.
+This documentation covered the basics of generating a JWT token and demonstrated how to use the token to make authenticated API requests. Ensure that your environment variables (e.g., `ORG_ID`) are correctly set up before running the code.
