Merge branch 'main' into docs/ccpa-cpra

Author: alex72508

src/content/docs/build/organizations/self-serve-portal-per-org.mdx

@@ -25,7 +25,7 @@ This is an advanced feature that is only available on the [Kinde Scale plan](htt
 
 </Aside>
 
-If an organization requires a unique setup for the self-service portal, you can do this using an advanced organiztion function. If you set this up, the authorized members of the organization will be able to perform the selected functions. 
+If an organization requires a unique setup for the self-service portal, you can do this using an advanced organization function. If you set this up, the authorized members of the organization will be able to perform the selected functions. 
 
 1. In Kinde, open the organization you want to customize.
 2. In the side menu, select **Self-serve portal**.

src/content/docs/build/set-up-options/about-self-serve-portal.mdx

@@ -0,0 +1,78 @@
+---
+page_id: deb0b4c6-6436-4a19-be57-b482910af2d5
+title: Customer self-serve portal
+description: Intro to concept of self-serve portals in Kinde, including what functions they include, how to use them, and when to set them up.
+sidebar:
+  order: 7
+relatedArticles:
+  - a2668524-5842-4c68-ab50-30b7e8c3e842
+  - f36bce4a-52bb-4785-865b-6b33356f9838
+topics:
+  - self-serve-portal
+  - organizations
+  - users
+  - billing
+sdk: []
+languages: []
+audience: developers
+complexity: beginner
+keywords:
+  - organization portal
+  - self-serve portal
+  - user portal
+  - billing portal
+  - portal permissions
+updated: 2024-08-27
+featured: false
+deprecated: false
+ai_summary: Intro to concept of self-serve portals in Kinde, including what functions they include, how to use them, and when to set them up.
+---
+
+Customer support is one of the higher overheads for a SaaS business. For paying customers, the expectation is that they get help when needed, for example, to manage their account or get assistance with your app.
+
+Kinde lets you configure a self-serve portal so authorized customers can self-manage functions provided by Kinde. A self-serve portal means your customers can make account changes without contacting you for support, saving everyone time and money.
+
+There's two types of portal: one for end users (B2C), and one for organizations (B2B).
+
+## Watch Dave's portal demo in 90 seconds
+
+<YoutubeVideo videoId="Q3HW6Mgj6wA" videoTitle="Customer portal in 90 seconds"/>
+
+## Self-serve portal for organizations
+
+In the organization portal, you can allow org members to manage:
+
+- Account details
+- Payment details (if you have billing set up)
+- API Keys (Paid plans)
+- Members and roles (Paid plans)
+- Multi-factor auth settings (coming soon)
+- SSO enterprise connections (almost here - Kinde Scale plan only)
+
+You can enable all functions or limit them to what you offer. [Set up a self-serve portal for an org](/build/set-up-options/self-serve-portal-for-orgs/)
+
+<Aside>
+  
+If you are on the Kinde Scale plan, you can configure the [portal per organization](/build/organizations/self-serve-portal-per-org/). E.g. allow some functions for some customers and not others.
+
+</Aside>
+
+## Self-serve portal for users
+
+In the user portal, you can allow users to manage:
+
+- Account details
+- Payment details (if you have billing set up)
+- API Keys
+
+[Set up a self-serve portal for users](/build/set-up-options/self-serve-portal-for-users/)
+
+## Self-serve portal settings
+
+These are the self-serve portal settings you can enable.
+
+![Self-serve portal settings in Kinde](https://imagedelivery.net/skPPZTHzSlcslvHjesZQcQ/1fd3505c-883b-4b01-8dff-e028e25b6300/public)
+
+## Current limitations
+
+Currently, we don't support any customer design for the portal appearance. However, you can build your own portal and use the [Kinde API](https://docs.kinde.com/kinde-apis/management/) endpoints to provide the functions.

src/content/docs/build/set-up-options/self-serve-portal-for-orgs.mdx

@@ -3,7 +3,7 @@ page_id: a2668524-5842-4c68-ab50-30b7e8c3e842
 title: Enable self-serve portal for orgs
 description: Guide for enabling self-serve portals for organizations including business details management, billing access, permission controls, and portal link generation methods.
 sidebar:
-  order: 7
+  order: 8
 relatedArticles:
   - f36bce4a-52bb-4785-865b-6b33356f9838
 topics:
@@ -30,9 +30,18 @@ deprecated: false
 ai_summary: Guide for enabling self-serve portals for organizations including business details management, billing access, permission controls, and portal link generation methods.
 ---
 
-You can configure a self-serve portal to enable authorized organization members to be able to self-manage functions provided by Kinde. For example, you can allow them to update their business details, payment details (if you have billing set up), multi-factor auth settings (coming soon), and manage organization members (coming soon).
+You can configure a self-serve portal to enable authorized organization members to be able to self-manage functions provided by Kinde. Authorized org members can update:
 
-A self-serve portal means your customers can make basic account changes without contacting you for support. This can save time and money.
+- [Business details](/manage-your-account/business-information/update-your-details/)
+- [Payment details](/manage-your-account/profile-and-plan/update-kinde-payment/) (if you have billing set up)
+- [API Keys](/manage-your-apis/add-manage-api-keys/self-serve-api-keys/)
+- [Members and roles](/get-started/team-and-account/add-team-members/)
+- Multi-factor auth settings (coming soon)
+- SSO enterprise connections (almost here)
+
+A self-serve portal means your customers can make account changes without contacting you for support. This can save you both time.
+
+If you are on the Kinde Scale plan, you can configure the [portal per organization](/build/organizations/self-serve-portal-per-org/). E.g. allow some functions for some customers and not others.
 
 ## Configure the organization self-serve portal
 

src/content/docs/build/set-up-options/self-serve-portal-for-users.mdx

@@ -3,7 +3,7 @@ page_id: f36bce4a-52bb-4785-865b-6b33356f9838
 title: Enable self-serve portal for users
 description: Guide for enabling and configuring self-serve portals for users including profile management, billing access, and multiple methods for generating portal links with SDK and API examples.
 sidebar:
-  order: 8
+  order: 9
 relatedArticles:
   - beebe908-27f8-4be6-b74c-05fc8ff5dfb5
   - a2668524-5842-4c68-ab50-30b7e8c3e842

src/content/docs/developer-tools/your-apis/access-to-your-api.mdx

@@ -6,6 +6,7 @@ sidebar:
 relatedArticles:
   - 6bf993fc-a195-4836-8eaf-133812be8876
   - cffc17b9-2d10-4f42-8c84-a12b263a6040
+  - 8f7a2b1c-3d4e-4f6a-8b8c-9d0e1f2a3b4c
 topics:
   - developer-tools
   - your-apis
@@ -30,17 +31,19 @@ deprecated: false
 ai_summary: Guide to providing programmatic access to APIs for third parties using M2M applications and tokens
 ---
 
-Although we do not currently have a dedicated feature for it, there is a way to provide your users with programmatic access to your API and applications via Kinde.
+There are a number of ways to provide your users with programmatic access to your API and applications via Kinde.
 
 You need to [register your API with Kinde](/developer-tools/your-apis/register-manage-apis/) before you begin.
 
+## API access via an M2M application
+
 Here’s the process:
 
 - Create a machine to machine (M2M) application
 - Connect the application to your API
 - Provide access to the user via token or app keys
 
-## Create a M2M application
+### Create a M2M application
 
 You will want to create a separate M2M application for each user, system, or business who needs to access your API. It is not secure to share access via the same tokens or app keys.
 
@@ -49,7 +52,7 @@ You will want to create a separate M2M application for each user, system, or bus
 3. In the dialog that opens, give the application a name, and select **Machine to Machine** as the **Application type**.
 4. Select **Save**. App keys - including **Domain** details, **Client ID** and **Client Secret** - are issued for the application.
 
-## Authorize the API to access the application
+### Authorize the API to access the application
 
 1. In the application list, find the M2M app you created and select **View details**.
 2. Select **APIs** in the menu. A list of all available APIs shows.
@@ -58,17 +61,13 @@ You will want to create a separate M2M application for each user, system, or bus
 
 If you need to cut off access to your API for a user, select the three dots menu and select **Revoke authorization**.
 
-## Get a token to test API access
-
-Follow this guide to [quickly generate a test token](/developer-tools/your-apis/test-token-from-kinde/) to test access to your API. 
+## API access via API keys
 
-## Provide access to third parties
+Allow users to manage their own API keys to access your API, including initializing the request, rotating, and deleting keys. Follow this [quickstart guide](/manage-your-apis/about-api-keys/api-keys-quick-start/). This is much more secure and preferable than manually copying the app keys from the M2M application and providing them to the third-party. 
 
-There are two ways you can provide access to your API: via token or app keys.
+## Provide access via a token
 
-### Via token
-
-The third party can request a token using the relevant `audience` in the claim, for example:
+A third party can request a token using the relevant `audience` in the claim, for example:
 
 ```jsx
 POST https://yourbusiness.kinde.com/oauth2/token
@@ -81,6 +80,6 @@ POST https://yourbusiness.kinde.com/oauth2/token
 ```
 Granting access this way means you don't have to share the Client ID and Secret with anyone.
 
-### Via app keys
+## Get a test token to test API access
 
-Copy the app keys: **Domain**, **Client ID**, and **Client secret** from the M2M application and provide them to the third-party. This enables them access to the end point, e.g. `http://api.example.com/api`. Providing app keys authorizes access unless the Client secret is rotated or revoked.
+Follow this guide to [quickly generate a test token](/developer-tools/your-apis/test-token-from-kinde/) to test access to your API. 

src/content/docs/developer-tools/your-apis/api-scopes-m2m-applications.mdx

@@ -5,6 +5,7 @@ sidebar:
   order: 7
 relatedArticles:
   - 815f10b0-7bd2-407a-9ac2-9fb582862a5b
+  - 8f7a2b1c-3d4e-4f6a-8b8c-9d0e1f2a3b4c
   - 51899f7f-3436-46e0-9a1b-6ecc3603a0df
   - 8ace97e7-6c61-4558-babf-ed8435972f75
 topics:

src/content/docs/developer-tools/your-apis/custom-api-scopes.mdx

@@ -7,6 +7,7 @@ relatedArticles:
   - f1ba22b9-b35f-478a-be09-4524d060fe36
   - 51899f7f-3436-46e0-9a1b-6ecc3603a0df
   - 6bf993fc-a195-4836-8eaf-133812be8876
+  - 5d4c3b2a-1e0f-4a9b-8c7d-5e4f3a2b1c0d
 topics:
   - developer-tools
   - your-apis
@@ -106,3 +107,7 @@ curl --request POST \
   --data 'audience=<your_api_audience>\
   --data 'scope=join:competitions update:competitions'
 ```
+
+## API Key scopes
+
+If you manage access to your APIs using API keys, you can [set scopes for the API keys](/manage-your-apis/add-manage-api-keys/scopes-for-api-keys/), giving you more granular control over access, depending who has the keys.

src/content/docs/developer-tools/your-apis/protect-your-api.mdx

@@ -7,6 +7,7 @@ sidebar:
 relatedArticles:
   - 684fc526-a338-4a67-9af6-742a39b66aff
   - 4ed081b0-7853-49be-b5fd-22a84a86bdad
+  - 9e8b7c6d-5f4e-4a2b-8c0d-9e8f7a6b5c4d
 topics:
   - developer-tools
   - your-apis
@@ -79,10 +80,6 @@ Now that the token is being passed from the front end you will need to verify it
 
 We recommend that you use a library to verify your token. If you are using ExpressJS you can use [our library](/developer-tools/sdks/backend/express-sdk/#verify-jwt) or the OpenID Foundation has [a list of libraries for working with JWT tokens](https://openid.net/developers/jwt/).
 
-### **Rolling your own**
-
-We strongly recommend against doing this, but if you have opted to go down this path, this doc provides you all the info about our JWTs.
-
 ### **JSON Web Key**
 
 It’s likely the library you decide to use will require the url for your public JSON Web Key (also known as a jwks file).

src/content/docs/developer-tools/your-apis/register-manage-apis.mdx

@@ -91,6 +91,10 @@ If you are using Postman, you can include the `audience` claim in a token reques
     }
 ```
 
+## Create API keys
+
+If you want, you can also give access to your API via [API keys](/manage-your-apis/add-manage-api-keys/create-an-api-key/). These can be created by you and then managed by your customer via the [self-serve portal](/build/set-up-options/self-serve-portal-for-orgs/) (optional). You can also [scope API keys to an organization](/manage-your-apis/about-api-keys/organization-api-keys/).
+
 ## Authorize or revoke authorization of an app from the API
 
 1. Go to **Settings** > **APIs**.