fix: broken links

Author: DaveOrDead

src/content/docs/machine-to-machine-applications/organization-scoped-m2m-apps/m2m-applications-for-organizations.mdx

@@ -67,12 +67,12 @@ These claims can be used by your backend services to authorize access to specifi
 | Tenant data isolation | Manual                             | Enforced                       |
 | Use case              | Admin scripts, internal automation | Per-tenant agents, scoped APIs |
 | Token restrictions    | None                               | Scoped to one org              |
-| Token claims          | Basic                              | Includes `org_code`          |
+| Token claims          | Basic                              | Includes `org_code`            |
 
 ## Best practices
 
 - Use separate M2M apps for different scopes or services.
 - Limit the [scopes](https://docs.kinde.com/developer-tools/your-apis/custom-api-scopes/) assigned to each M2M app to the minimum required for its function.
-- [Rotate client secrets](https://docs.kinde.com/build/applications/rotate-client-secret/) periodically using the UI.
+- [Rotate client secrets](/build/applications/rotate-client-secret/) periodically using the UI.
 - Audit token usage by tracking `client_id` and `org_code` in logs.
 - Avoid including any personally identifiable information (PII) in token claims.

src/content/docs/machine-to-machine-applications/organization-scoped-m2m-apps/using-m2m-apps-for-AI-applications.mdx

@@ -12,6 +12,7 @@ relatedArticles:
 If you're building AI-powered tools or agents that act on behalf of your customers, machine-to-machine (M2M) applications in Kinde offer a simple, secure way to authenticate them.
 
 M2M apps are ideal for:
+
 - Long-running background jobs
 - Headless tools or scheduled workers
 - AI assistants, agents, or orchestration layers
@@ -23,6 +24,7 @@ By scoping M2M apps to specific organizations, you ensure each token can only ac
 You’ve built a support assistant that uses a customer’s internal knowledge base to generate responses. Each org gets their own agent instance.
 
 With Kinde, you can:
+
 - Create one M2M app per organization
 - Assign custom metadata (e.g. model version, language preference)
 - Include feature flags in the token (e.g. `enable_agent_v2`)
@@ -33,6 +35,7 @@ Your backend APIs validate the incoming token and respond accordingly — no nee
 ## Example: Shared agent with dynamic tokens
 
 If you deploy a shared service that rotates between customer workspaces, you can:
+
 - Store the appropriate client credentials per org
 - Request tokens using the client credentials flow
 - Receive a token scoped to a single org, with configuration claims
@@ -41,8 +44,8 @@ This keeps your infrastructure lightweight while maintaining strict org isolatio
 
 ## Best practices
 
-- Use [Properties](/build/applications/m2m-properties/) to define custom configuration like `model_version` or `max_tokens`
-- Use [Token customization](/build/applications/m2m-customize-token/) to inject only the claims your AI service needs
+- Use [Properties](/machine-to-machine-applications/m2m-application-setup/add-metadata-to-an-m2m-application-with-properties/) to define custom configuration like `model_version` or `max_tokens`
+- Use [Token customization](/machine-to-machine-applications/m2m-token-customization/customize-m2m-tokens/) to inject only the claims your AI service needs
 - Enforce `org_code` and `scopes` server-side to prevent token misuse
 - Rotate credentials regularly and assign minimal scopes per app
 - Include feature flags to roll out new AI capabilities safely
@@ -79,4 +82,3 @@ The `t` and `v` are short codes for the type and value of the feature flag.
 - `v` = `value` (true | false, "beta", 1, etc.)
 
 Only the feature flags you explicitly toggle on will be included.
-

src/content/docs/machine-to-machine-applications/troubleshooting-m2m/troubleshoot-m2m-token-errors.mdx

@@ -20,93 +20,93 @@ These errors occur when calling the token endpoint (`/oauth2/token`).
 ### `invalid_client`
 
 **Cause:**
+
 - The `client_id` or `client_secret` is incorrect
 - The app has been deleted or had its secret rotated
 
 **Fix:**
+
 - Double check your credentials in the Kinde dashboard
 - If you recently rotated the secret, make sure you're using the new one
 
-
-
 ### `unauthorized_client`
 
 **Cause:**
+
 - The app hasn’t been authorized to access the requested API (audience)
 
 **Fix:**
+
 - Go to the **APIs** tab on your M2M app in Kinde
 - Make sure the app is authorized to access the audience you're requesting
 
-
-
 ### `invalid_scope`
 
 **Cause:**
+
 - You requested a scope the app isn’t allowed to use
 - The scope wasn’t defined on the API or wasn't assigned to the app
 
 **Fix:**
+
 - Go to the **API** in the Kinde dashboard and verify that the scope exists
 - Go to the **Scopes** tab on your M2M app and assign the correct ones
 
-
-
 ### `invalid_request`
 
 **Cause:**
+
 - Missing or malformed parameters in the request
 - Common issues: missing `audience`, unsupported `grant_type`
 
 **Fix:**
+
 - Make sure your request includes:
   - `grant_type=client_credentials`
   - `client_id`, `client_secret`, and `audience`
 - Check your content type: must be `application/x-www-form-urlencoded`
 
-
-
 ## Token usage errors
 
 These occur when using the token to call Kinde or your own API.
 
 ### `401 Unauthorized`
 
 **Cause:**
+
 - Missing or expired token
 - Malformed `Authorization` header
 
 **Fix:**
+
 - Make sure you're including the token in the request:
   ```http
   Authorization: Bearer <token>
   ```
 - Check that the token hasn’t expired (`exp` claim)
 
-
-
 ### `403 Forbidden`
 
 **Cause:**
+
 - The token is valid, but doesn’t have access to the resource
 - For org-scoped tokens: the `org_code` doesn’t match the route or resource
 - Required scopes are missing
 
 **Fix:**
+
 - Check the token’s `org_code` and compare to the resource being accessed
 - Check the token’s `scopes` and ensure the required permission is present
 
-
-
 ### Token doesn't include `org_code`
 
 **Cause:**
+
 - You’re using a global M2M app instead of an org-scoped one
 
 **Fix:**
-- If you're expecting a token with `org_code`, create an [org-scoped M2M app](/build/applications/m2m-access-scoped-to-organizations/)
-
 
+- If you're expecting a token with `org_code`, create an [org-scoped M2M app](/machine-to-machine-applications/organization-scoped-m2m-apps/m2m-applications-for-organizations/)
 
 ## How to debug