updates

Author: patriciasantaana

src/content/docs/turnstile/get-started/index.mdx

@@ -20,35 +20,35 @@ Before you begin, you must have:
 
 ---
 
-## Implementation
-
-Implementing Turnstile involves two essential components that work together:
+## Process
 
-1. **Client-side**: Embed the widget
+Turnstile widgets are the foundation of your bot protection implementation. 
 
-    Add the Turnstile widget to your webpage to challenge visitors and generate verification tokens.
-
-2. **Server-side**: Validate the response
+Every widget has:
 
-    Verify the tokens on your server using the Siteverify API to ensure they are authentic and have not been tampered with.
+  - **Sitekey**: Public identifier used in your webpage code
+  - **Secret Key**: Private key used for server-side validation
+  - **Configuration**: Mode, hostnames, appearance settings, and other options
 
-Refer to [Implementation path](/turnstile/get-started/#implementation-path) below for guidance on how to implement Turnstile to your website.
+:::note[Important]
+Regardless of how you create and manage your widgets, you will still need to embed them on your webpage and validate tokens on your server.
+:::
 
----
+Implementing Turnstile involves two essential components that work together:
 
-## Key security requirements
+1. **Client-side**: [Embed the widget](/turnstile/get-started/widget-management/client-side-rendering/)
 
-Mandatory server-side validation
+    Add the Turnstile widget to your webpage to challenge visitors and generate verification tokens.
 
-- It is critical to enforce Turnstile tokens with the Siteverify API. The Turnstile token could be invalid, expired, or already redeemed. Not verifying the token will leave major vulnerabilities in your implementation. You must call Siteverify to complete your Turnstile configuration. Otherwise, it is incomplete and will result in zeroes for token validation when viewing your metrics in [Turnstile Analytics](/turnstile/turnstile-analytics/).
+2. **Server-side**: [Validate the response](/turnstile/get-started/widget-management/server-side-validation/)
 
-Token lifecycle
+    Verify the tokens on your server using the Siteverify API to ensure they are authentic and have not been tampered with.
 
-- Tokens expire after 300 seconds (5 minutes). Each token can only be validated once. Expired or used tokens must be replaced with fresh challenges.
+Refer to [Implementation path](/turnstile/get-started/#implementation-path) below for guidance on how to implement Turnstile to your website.
 
 ---
 
-## Implementation path
+## Implementation
 
 Follow the steps below to implement Turnstile.
 
@@ -84,3 +84,26 @@ If you are currently using reCAPTCHA, hCaptcha, or another CAPTCHA service, Turn
 
 Refer to [Migration](/turnstile/migration/) for step-by-step migration guidance from other CAPTCHA services.
 
+---
+
+## Security requirements
+
+<Render file="security-requirements" />
+
+---
+
+## Best practices
+
+### Security
+
+- **Protect secret keys**: Never expose secret keys in client-side code.
+- **Rotate keys regularly**: Use API or dashboard to rotate secret keys periodically.
+- **Restrict hostnames**: Only allow widgets on domains you control.
+**Monitor usage**: Use analytics to detect unusual patterns.
+
+### Operational
+
+- **Use descriptive names**: Name widgets based on their purpose, such as "Login Form" or "Contact Page".
+- **Environment separation**: Use different widgets for development, staging, and production.
+- **Documentation**: Keep track of which widgets are used at which locations.
+- **Backup configuration**: Store widget configurations in version control when using Terraform.

src/content/docs/turnstile/get-started/widget-management/client-side-rendering.mdx

@@ -2,7 +2,7 @@
 title: Embed the widget
 pcx_content_type: get-started
 sidebar:
-  order: 2
+  order: 3
 ---
 
 import { Render, Tabs, TabItem, Steps, Details } from "~/components";
@@ -410,6 +410,4 @@ For a complete list of configuration options, refer to [Widget configurations](/
 
 ## Security requirements
 
-- Server-side validation is critical. The client-side widget alone does not provide security. You must validate tokens on your server using the Siteverify API. The token could be invalid, forged, expired (tokens expire after 5 minutes), or already redeemed (tokens can only be used once).
-
-- Tokens are created when challenges are completed. Tokens expire after 300 seconds (5 minutes). Each token can only be validated once. By default, expired tokens are automatically refreshed. 
+<Render file="security-requirements" />

src/content/docs/turnstile/get-started/widget-management/implementation-methods/index.mdx

@@ -1,8 +1,8 @@
 ---
-title: Implementation methods
+title: Implement the widget
 pcx_content_type: get-started
 sidebar:
-  order: 1
+  order: 2
   label: Overview
   group:
     hideIndex: true

src/content/docs/turnstile/get-started/widget-management/index.mdx

@@ -4,32 +4,12 @@ pcx_content_type: get-started
 sidebar:
   order: 1
   label: Overview
+  group:
+    hideIndex: true
 ---
 
-import { Render, LinkButton } from "~/components"
+import { DirectoryListing } from "~/components"
 
-<Render file="widget-management-overview" />
+Refer to the following pages for more information about managing Turnstile widgets:
 
----
-
-## Implementation methods
-
-<Render file="implementation-methods" />
-
----
-
-## Best practices
-
-### Security
-
-- **Protect secret keys**: Never expose secret keys in client-side code.
-- **Rotate keys regularly**: Use API or dashboard to rotate secret keys periodically.
-- **Restrict hostnames**: Only allow widgets on domains you control.
-**Monitor usage**: Use analytics to detect unusual patterns.
-
-### Operational
-
-- **Use descriptive names**: Name widgets based on their purpose, such as "Login Form" or "Contact Page".
-- **Environment separation**: Use different widgets for development, staging, and production.
-- **Documentation**: Keep track of which widgets are used at which locations.
-- **Backup configuration**: Store widget configurations in version control when using Terraform.
+<DirectoryListing />