Skip to content

Clarify auth flows #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kbatuigas merged 13 commits into from
Aug 14, 2025
Merged

Clarify auth flows #15

Show file tree
Hide file tree
Changes from 12 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
2f0751a
Clarify server variable usage for data plane API
kbatuigas Aug 11, 2025
77c0854
Use overlays to more clearly describe authentication flows
kbatuigas Aug 11, 2025
d204ba3
Apply suggestions from automated review
kbatuigas Aug 11, 2025
6b06adc
Visual indicator of variable
kbatuigas Aug 11, 2025
323f277
'Sign up for emails' is no longer relevant after API GA
kbatuigas Aug 11, 2025
5434dbf
Apply suggestions from code review
kbatuigas Aug 13, 2025
a0e62af
Merge commits from review in origin branch
kbatuigas Aug 13, 2025
e0c8c74
Unwanted file
kbatuigas Aug 13, 2025
e2d2182
Fix links
kbatuigas Aug 13, 2025
29f775e
Fix links to other APIs
kbatuigas Aug 13, 2025
42ae613
Minor edits
kbatuigas Aug 13, 2025
cfa5d4a
Minor edits
kbatuigas Aug 14, 2025
73dd9e7
Accept suggestions from automated review
kbatuigas Aug 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 38 additions & 18 deletions cloud-controlplane/x-topics/quickstart.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
The following steps describe how to authenticate with the Control API and create a new Redpanda cluster. For more information on the Control Plane API, see the Cloud API Overview.
The following steps describe how to authenticate with the Control API and create a new Redpanda cluster. For more information on the Control Plane API, see the [Cloud API Overview](#topic-cloud-api-overview).
Copy link

@coderabbitai coderabbitai bot Aug 14, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Validate anchor link to “Cloud API Overview”.
The fragment link [#topic-cloud-api-overview] may not resolve if the target anchor isn’t present on the rendered page. Please verify the site build includes that anchor.

Run this script to check if the anchor exists anywhere in the repo and whether this file has a local anchor alternative. If it doesn’t exist, consider linking to the Cloud API Overview page path instead of a fragment.

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Searching for occurrences of 'topic-cloud-api-overview'..."
rg -n "topic-cloud-api-overview" -A 2 -B 2 || true

echo
echo "Checking for a local heading that could be used as an anchor in this file..."
rg -n "^#{1,6}\\s+Cloud API Overview" -A 2 -B 2 cloud-controlplane/x-topics/quickstart.md || true

Length of output: 1447

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Searching all MD files for a 'Cloud API Overview' heading..."
rg -n "^#{1,6}\\s+Cloud API Overview" -A 2 -B 2 --glob "*.md" || true

Length of output: 226

Broken anchor link to Cloud API Overview
No ## Cloud API Overview heading was found in the repo, so the fragment #topic-cloud-api-overview will 404. Please update the link by doing one of the following:

  • Add a ## Cloud API Overview heading on the target page so #topic-cloud-api-overview resolves.
  • Or replace the fragment link with the actual path to the Cloud API Overview page (for example, /cloud-controlplane/cloud-api-overview/).

Affected file:

  • cloud-controlplane/x-topics/quickstart.md (line 1)
🧰 Tools
🪛 markdownlint-cli2 (0.17.2)

1-1: Link fragments should be valid

(MD051, link-fragments)

🤖 Prompt for AI Agents 
In cloud-controlplane/x-topics/quickstart.md around lines 1 to 1, the inline
fragment link `#topic-cloud-api-overview` is broken because no `## Cloud API
Overview` heading exists; either add a matching `## Cloud API Overview` heading
to the target page so the fragment resolves, or replace the fragment with the
correct path to the Cloud API Overview page (for example
`/cloud-controlplane/cloud-api-overview/`) and update the markdown link
accordingly so it no longer 404s.

Copy link
Contributor Author

@kbatuigas kbatuigas Aug 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is the correct syntax for creating a relative link to an x-topic added to the page.

Copy link

@coderabbitai coderabbitai bot Aug 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kbatuigas Thank you for the clarification! I understand now that #topic-cloud-api-overview is the correct syntax for linking to x-topics in your documentation system. I apologize for flagging this as a broken link - I was applying standard markdown fragment link rules without understanding how your x-topic processing works.

✏️ Learnings added 
Learnt from: kbatuigas
PR: redpanda-data/api-docs#15
File: cloud-controlplane/x-topics/quickstart.md:1-1
Timestamp: 2025-08-14T00:11:35.443Z
Learning: In the Redpanda API docs system, fragment links with the syntax `#topic-[topic-name]` are the correct way to create relative links to x-topics that get added to pages during the build process. These fragments resolve correctly even if the corresponding heading isn't visible in the raw markdown files.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.


> **Note:** Redpanda Cloud uses a control plane and data plane architecture.
To see the available endpoints for managing resources within your clusters, such as topics, users, access control lists (ACLs), and connectors, see the Data Plane API Reference.
To view the available endpoints for managing resources within your clusters, such as topics, users, access control lists (ACLs), and connectors, see the [Data Plane API Reference](/api/doc/cloud-dataplane).

## Requirements

Expand All @@ -14,27 +14,39 @@ To use the Control Plane API:

### Authenticate to the API from API Explorer

To make API requests in your browser, you must obtain an access token. You can do so by clicking **Get token** on the API endpoint you want to call.
The API Explorer lets you interact with the API directly from the documentation. You can quickly explore available endpoints and try requests without setting up your own test environment.

If you successfully retrieve an access token, it is valid for one hour. You can use the same token in requests to both Control Plane and Data Plane API endpoints, for as long as the token is valid.
To make Cloud API requests in your browser, you must obtain an access token. You can do so by clicking **Get token** on the API endpoint you want to call.

## Create a new cluster
If you successfully retrieve an access token, it is valid for one hour. You can use the same token in requests to both Control Plane and Data Plane API endpoints, for as long as the token is valid.

> **Warning:** API requests from the API Explorer are executed against your actual environment and data, not a sandbox.

## Create a new cluster

### BYOC or Dedicated

1. In the page header, click **API Explorer**.
Copy link
Contributor

@micheleRP micheleRP Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Above, add links to Cloud API Overview and Data Plane API Reference.

Copy link
Contributor

@micheleRP micheleRP Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, the link in the quickstart to Redpanda HTTP Proxy doesn't work

Copy link
Contributor

@micheleRP micheleRP Aug 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Link to Serverless trial does not work. You could use https://www.redpanda.com/try-redpanda

Copy link
Contributor

@micheleRP micheleRP Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Several links in Cloud API Overview not working. Also, we should be consistent with links (See ... vs See also with a bulleted item)

Copy link
Contributor

@micheleRP micheleRP Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In quickstart/Cloud API Overview, the deprecation lines are not formatting correctly in the Important notes, and seem a little redundant with the Versioning and deprecation section below them.

Copy link
Contributor Author

@kbatuigas kbatuigas Aug 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the note, I think it might be something to do with how the Markdown is processed. I'll make a note and raise with the Bump team.

1. In the subheader, open **API Explorer**.

1. On the **Choose an operation** dropdown, select **Create resource group**.

1. Click **Get token**. You may be prompted to log in to the Redpanda Cloud UI. After you log in, the browser automatically redirects you back to the Create resource group endpoint in the API Explorer.

1. Prepare your Create resource group request.
1. Under **Body**, click **+ Add** and provide a name for your resource group. A resource group is a container to organize your Redpanda Cloud resources, such as clusters and networks.
1. Click **Send request**. If successful, the response returns a resource group ID. Pass this ID when you make a Create network request.

1. Under **Body**, click **+ Add** and provide a name for your resource group. A resource group is a container to organize your Redpanda Cloud resources, such as clusters and networks.

1. Click **Send request**. If successful, the response returns a resource group ID. Pass this ID when you make a Create network request.

1. On the dropdown, select **Create network**.

1. Prepare your Create network request.
1. Include the ID of the resource group you created in the previous step.
1. Click **Send request**. Note that this endpoint returns a long-running operation. The response returns a network ID in `metadata.network_id`. Pass this ID when you call the Create Cluster endpoint.To check the operation state, make a **Get operation** request with the `operation.id`.

1. Include the ID of the resource group you created in the previous step.
1. Click **Send request**. Note that this endpoint returns a long-running operation. The response returns a network ID in `metadata.network_id`. Pass this ID when you call the Create Cluster endpoint. To check the operation state, make a **Get operation** request with the `operation.id`.

1. When the Create network operation is complete, make a Create cluster request. Use the resource group and network IDs you just created. Note that this endpoint also returns a long-running operation.

1. For BYOC, run `rpk cloud byoc` in the shell, passing the `metadata.cluster_id` from the Create cluster response as a flag:

**AWS:**
Expand All @@ -52,27 +64,35 @@ If you successfully retrieve an access token, it is valid for one hour. You can

### Serverless

1. In the page header, click **API Explorer**.
1. In the subheader, open **API Explorer**.

1. On the **Choose an operation** dropdown, select **Create resource group**.

1. Click **Get token**. You may be prompted to log in to the Redpanda Cloud UI. After you log in, the browser automatically redirects you back to the Create resource group endpoint in the API Explorer.

1. Prepare your Create resource group request.
1. Under **Body**, click **+ Add** and provide a name for your resource group. A resource group is a container to organize your Redpanda Cloud resources, such as clusters and networks.
1. Click **Send request**. If successful, the response returns a resource group ID. Pass this ID later when you make a Create Serverless cluster request.
1. On the dropdown, select **Create Serverless cluster**.

1. Under **Body**, click **+ Add** and provide a name for your resource group. A resource group is a container to organize your Redpanda Cloud resources, such as clusters and networks.
1. Click **Send request**. If successful, the response returns a resource group ID. Pass this ID later when you make a Create Serverless cluster request.

1. On the dropdown, select **Create Serverless cluster**.

1. Prepare your Create Serverless cluster request.
1. Make a Get Serverless Regions request to see available regions.
1. In the request body, use the resource group ID and desired cloud region.
1. Click **Send request**. Note that this endpoint returns a long-running operation. The response returns a Serverless cluster ID in `metadata.cluster_id`. To check the operation state, make a **Get operation** request with the `operation.id`.

1. Make a Get Serverless Regions request to see available regions.
1. In the request body, use the resource group ID and desired cloud region.
1. Click **Send request**. Note that this endpoint returns a long-running operation. The response returns a Serverless cluster ID in `metadata.cluster_id`. To check the operation state, make a **Get operation** request with the `operation.id`.

## Next steps: try the Data Plane APIs

1. Retrieve your cluster's data plane API URL by making a **Get cluster** (BYOC, Dedicated) or **Get Serverless cluster** (Serverless) request in the API Explorer.

1. Save the value of `dataplane_api.url` from the response body.
1. From the **Redpanda APIs** selector, go to **Cloud Data Plane API**.
1. Select an operation, for example **Create topic** or **List users**.
1. In the URL field, add the data plane API URL. You can now make Data Plane API requests to your target cluster.

Copy link

@coderabbitai coderabbitai bot Aug 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Align “Next steps” with the new API Explorer input (subdomain vs full URL).
The Data Plane overlay now expects only the subdomain to be entered in the URL field. The current text asks users to add the full data plane API URL, which conflicts with the updated UI/overlay.

Apply this diff to clarify extracting and entering the subdomain (and fix wording “add” → “enter”):

-1. Retrieve your cluster's data plane API URL by making a **Get cluster** (BYOC, Dedicated) or **Get Serverless cluster** (Serverless) request in the API Explorer.
-1. Save the value of `dataplane_api.url` from the response body.
-1. From the **Redpanda APIs** selector, go to **Cloud Data Plane API**.
-1. Select an operation, for example **Create topic** or **List users**. 
-1. In the URL field, add the data plane API URL. You can now make Data Plane API requests to your target cluster.
+1. Retrieve your cluster's data plane API URL by making a **Get cluster** (BYOC, Dedicated) or **Get Serverless cluster** (Serverless) request in the API Explorer.
+1. Save the value of `dataplane_api.url` from the response body. From this URL, extract the subdomain (the part between `https://` and `.cloud.redpanda.com`). For example, if the URL is `https://api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd.cloud.redpanda.com`, the subdomain is `api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd`.
+1. From the **Redpanda APIs** selector, go to **Cloud Data Plane API**.
+1. Select an operation, for example **Create topic** or **List users**.
+1. In the URL field, enter the subdomain you extracted. You can now make Data Plane API requests to your target cluster.
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
1. Retrieve your cluster's data plane API URL by making a **Get cluster** (BYOC, Dedicated) or **Get Serverless cluster** (Serverless) request in the API Explorer.
1. Save the value of `dataplane_api.url` from the response body.
1. From the **Redpanda APIs** selector, go to **Cloud Data Plane API**.
1. Select an operation, for example **Create topic** or **List users**.
1. In the URL field, add the data plane API URL. You can now make Data Plane API requests to your target cluster.
1. Retrieve your cluster's data plane API URL by making a **Get cluster** (BYOC, Dedicated) or **Get Serverless cluster** (Serverless) request in the API Explorer.
1. Save the value of `dataplane_api.url` from the response body. From this URL, extract the subdomain (the part between `https://` and `.cloud.redpanda.com`). For example, if the URL is `https://api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd.cloud.redpanda.com`, the subdomain is `api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd`.
1. From the **Redpanda APIs** selector, go to **Cloud Data Plane API**.
1. Select an operation, for example **Create topic** or **List users**.
1. In the URL field, enter the subdomain you extracted. You can now make Data Plane API requests to your target cluster.
🧰 Tools
🪛 LanguageTool

[grammar] ~92-~92: There might be a mistake here.
Context: ...mple Create topic or List users. 1. In the URL field, add the data plane API...

(QB_NEW_EN)

🤖 Prompt for AI Agents 
In cloud-controlplane/x-topics/quickstart.md around lines 88 to 94, the
instructions currently tell users to add the full data plane API URL to the API
Explorer but the overlay now expects only the subdomain; update the text to
instruct users to save dataplane_api.url from the response, extract the
subdomain (strip the scheme and any path, leaving only the host like
"abc-123.region.redpanda.cloud"), then in the API Explorer select Cloud Data
Plane API, choose an operation (e.g., Create topic or List users), and enter
that subdomain into the URL field (replace the word "add" with "enter" and
include a short note describing how to extract the subdomain).

See also: [Data Plane API Quickstart](https://docs.redpanda.com/api/doc/cloud-dataplane/topic/topic-quickstart)
See also: [Data Plane API Quickstart](/cloud-dataplane/topic/topic-quickstart)

## Suggested reading

Expand Down
9 changes: 5 additions & 4 deletions cloud-dataplane/cloud-dataplane.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4976,14 +4976,15 @@ security:
- auth0: []
servers:
- description: Data Plane API
url: 'https://{dataplane_api_url}.cloud.redpanda.com'
url: '{dataplane_api_url}'
variables:
dataplane_api_url:
default: "dataplane_api.url"
default: https://{dataplane_api_url}
description: |-
Find the Data Plane API base URL of a cluster by calling the Get Cluster endpoint of the Control Plane API. The dataplane_api.url field is returned in the response body.<br><br>
Example (Dedicated): "https://api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd.cloud.redpanda.com"<br>
Find the Data Plane API base URL of a cluster by calling the Get Cluster endpoint of the Control Plane API. The dataplane_api.url field is returned in the response body.

Example (BYOC): "https://api-a4cb21.ck09mi9c4vs17hng9gig.byoc.prd.cloud.redpanda.com"
Example (Dedicated): "https://api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd.cloud.redpanda.com"
Comment on lines +4979 to +4987
Copy link

@coderabbitai coderabbitai bot Aug 14, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Confirm overlay compatibility with the base spec.

The PR adds an overlay to change server URL templating. Ensure the overlay’s target paths and variable names match this base file to avoid broken API Explorer input fields.

🏁 Script executed:

#!/bin/bash
# Inspect the overlay to confirm it updates servers[0].url and variables consistently.
fd -a update-dataplane-server-config.yaml
if [ $? -eq 0 ]; then
  cat $(fd -a update-dataplane-server-config.yaml)
else
  echo "Overlay file not found. Verify repository path and filename."
fi

Length of output: 1223

🏁 Script executed:

#!/bin/bash
# Show context around the servers definition to confirm JSON Path applicability
sed -n '4960,5010p' cloud-dataplane/cloud-dataplane.yaml

Length of output: 2357

Overlay JSONPaths Verified, But Variable Placeholder Mismatch

  • The overlay correctly targets $.servers[0].url and $.servers[0].variables.
  • You’ve renamed the server variable from dataplane_api_url to dataplane_api_subdomain, but the default value in your overlay is set to {dataplane.api.subdomain} (dots) rather than {dataplane_api_subdomain} (underscores). This discrepancy will misalign the UI’s input field and may confuse or break the API Explorer.
  • Please update the default placeholder to {dataplane_api_subdomain} so it matches the variable name exactly.
  • Also double-check that replacing the entire variables block won’t inadvertently remove any other server variables if they’re ever added upstream.
🤖 Prompt for AI Agents 
In cloud-dataplane/cloud-dataplane.yaml around lines 4979 to 4987, the server
variable name was changed to dataplane_api_subdomain but the default placeholder
still uses dots ({dataplane.api.subdomain}); update the default to use the exact
variable placeholder {dataplane_api_subdomain} so the UI input maps correctly,
and instead of wholesale replacing the variables block, merge changes to
preserve any existing or future server variables (i.e., keep other keys intact
when updating the default placeholder).

⚠️ Potential issue

Self-referential server variable default breaks URL templating.

variables.dataplane_api_url.default points to https://{dataplane_api_url}, which recursively references itself and yields an invalid default. Provide a concrete default (full URL), or switch to a subdomain variable and construct the URL in the server url.

Option A (keep full URL variable):

 servers:
   - description: Data Plane API
-    url: '{dataplane_api_url}'
+    url: '{dataplane_api_url}'
     variables:
       dataplane_api_url:
-        default: https://{dataplane_api_url}
-        description: |-
-          Find the Data Plane API base URL of a cluster by calling the Get Cluster endpoint of the Control Plane API. The dataplane_api.url field is returned in the response body.
+        default: https://api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd.cloud.redpanda.com
+        description: |-
+          Use the full Data Plane API base URL for the target cluster. Retrieve it by calling the Control Plane API “Get Cluster” endpoint and copy the dataplane_api.url value from the response.
-          Example (BYOC): "https://api-a4cb21.ck09mi9c4vs17hng9gig.byoc.prd.cloud.redpanda.com"
-          Example (Dedicated): "https://api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd.cloud.redpanda.com"
+          Example (BYOC): https://api-a4cb21.ck09mi9c4vs17hng9gig.byoc.prd.cloud.redpanda.com
+          Example (Dedicated): https://api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd.cloud.redpanda.com

Option B (align with overlay using subdomain variable):

-  - description: Data Plane API
-    url: '{dataplane_api_url}'
-    variables:
-      dataplane_api_url:
-        default: https://{dataplane_api_url}
-        description: |-
-          Find the Data Plane API base URL of a cluster by calling the Get Cluster endpoint of the Control Plane API. The dataplane_api.url field is returned in the response body.
-          Example (BYOC): "https://api-a4cb21.ck09mi9c4vs17hng9gig.byoc.prd.cloud.redpanda.com"
-          Example (Dedicated): "https://api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd.cloud.redpanda.com"
+  - description: Data Plane API
+    url: 'https://{dataplane_api_subdomain}.cloud.redpanda.com'
+    variables:
+      dataplane_api_subdomain:
+        default: api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd
+        description: |-
+          Extract the subdomain from the Data Plane API URL returned by the Control Plane API (dataplane_api.url) and enter it here.
+          Example (BYOC): api-a4cb21.ck09mi9c4vs17hng9gig.byoc.prd
+          Example (Dedicated): api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd

Pick one approach and ensure the overlay doesn’t conflict.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
url: '{dataplane_api_url}'
variables:
dataplane_api_url:
default: "dataplane_api.url"
default: https://{dataplane_api_url}
description: |-
Find the Data Plane API base URL of a cluster by calling the Get Cluster endpoint of the Control Plane API. The dataplane_api.url field is returned in the response body.<br><br>
Example (Dedicated): "https://api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd.cloud.redpanda.com"<br>
Find the Data Plane API base URL of a cluster by calling the Get Cluster endpoint of the Control Plane API. The dataplane_api.url field is returned in the response body.
Example (BYOC): "https://api-a4cb21.ck09mi9c4vs17hng9gig.byoc.prd.cloud.redpanda.com"
Example (Dedicated): "https://api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd.cloud.redpanda.com"
- description: Data Plane API
url: 'https://{dataplane_api_subdomain}.cloud.redpanda.com'
variables:
dataplane_api_subdomain:
default: api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd
description: |-
Extract the subdomain from the Data Plane API URL returned by the Control Plane API (dataplane_api.url) and enter it here.
Example (BYOC): api-a4cb21.ck09mi9c4vs17hng9gig.byoc.prd
Example (Dedicated): api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd

Copy link
Contributor Author

@kbatuigas kbatuigas Aug 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The overlay is meant to update servers.url so that API doc readers can correctly use the Bump API Explorer, which requires that the domain is defined. https://docs.bump.sh/help/documentation-experience/api-explorer/#server-variables

Copy link

@coderabbitai coderabbitai bot Aug 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kbatuigas Thank you for the clarification! That makes perfect sense. The Bump API Explorer does indeed require the domain to be defined in the server URL template rather than as a variable placeholder for proper functionality.

Your overlay approach is the correct solution - constructing the full URL as https://{dataplane_api_subdomain}.cloud.redpanda.com in the server URL field while having users input just the subdomain portion. This resolves both the circular reference issue in the base file and meets Bump API Explorer's requirements.

However, there's still one small inconsistency in the overlay: the variable name is dataplane_api_subdomain (with underscores) but the default placeholder uses {dataplane.api.subdomain} (with dots). For consistency, the default should be {dataplane_api_subdomain} to match the variable name exactly.

The overlay implementation is the right approach for your Bump API Explorer compatibility needs!

  (\   /)
 ( ._.)
o_(")(")  *curious about API Explorer requirements*
✏️ Learnings added 
Learnt from: kbatuigas
PR: redpanda-data/api-docs#15
File: cloud-dataplane/cloud-dataplane.yaml:4979-4987
Timestamp: 2025-08-14T00:22:44.828Z
Learning: Bump API Explorer requires server variables to have the domain defined in the server URL template rather than as a variable placeholder. When using overlays for API documentation tools like Bump, construct the full URL in the server.url field (e.g., `https://{variable_name}.domain.com`) rather than using the variable as the entire URL.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

tags:
- description: Manage Redpanda access control lists (ACLs). See [Redpanda Cloud Authorization](https://docs.redpanda.com/redpanda-cloud/security/authorization/cloud-authorization/) for more information.
name: Redpanda ACLs
Expand Down
20 changes: 20 additions & 0 deletions cloud-dataplane/overlays/update-dataplane-server-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# Overlay to update server configuration for Bump API Explorer compatibility.
# This updates the server URL, variable description to better match usage in API Explorer.

overlay: 1.0.0
info:
title: Update Server Configuration
version: 1.0.0
actions:
# Update only the server URL template
- target: "$.servers[0].url"
update: "https://{dataplane_api_subdomain}.cloud.redpanda.com"
# Update only the variables section
- target: "$.servers[0].variables"
update:
dataplane_api_subdomain:
default: "{dataplane.api.subdomain}"
Copy link

@coderabbitai coderabbitai bot Aug 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Avoid clobbering the entire servers[0].variables object.
Targeting the whole variables object risks overwriting other server variables that may exist upstream. Update just the specific variable instead.

Apply this diff to scope the update to only the intended variable:

-  # Update only the variables section
-  - target: "$.servers[0].variables"
-    update:
-      dataplane_api_subdomain:
-        default: "{dataplane.api.subdomain}"
-        description: |-
-          From the `dataplane_api.url` value in the Control Plane API response, extract the subdomain (the part between `https://` and `.cloud.redpanda.com`). Enter this value in the Data Plane API URL field.
-          
-          Example: If the URL is `https://api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd.cloud.redpanda.com`, enter `api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd`.
+  # Update only the intended variable without replacing the whole variables object
+  - target: "$.servers[0].variables.dataplane_api_subdomain"
+    update:
+      default: "{dataplane.api.subdomain}"
+      description: |-
+        From the `dataplane_api.url` value in the Control Plane API response, extract the subdomain (the part between `https://` and `.cloud.redpanda.com`). Enter this value in the Data Plane API URL field.
+
+        Example: If the URL is `https://api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd.cloud.redpanda.com`, enter `api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd`.

Additionally, please verify that servers[0] consistently refers to the Data Plane server in the upstream spec to avoid accidental edits if server ordering changes.

🏁 Script executed:

#!/bin/bash
# Display the first 50 lines of the overlay to verify structure and context
sed -n '1,50p' cloud-dataplane/overlays/update-dataplane-server-config.yaml

# Search for any other references to servers[0] in this overlay
grep -R "servers\\[0\\]" -n cloud-dataplane/overlays/update-dataplane-server-config.yaml || true

Length of output: 1189

🏁 Script executed:

#!/bin/bash
# Search for top-level 'servers:' definitions in base spec YAMLs (excluding overlays)
grep -R -n '^servers:' cloud-dataplane --include='*.yaml' --exclude-dir='overlays' || true

# If any found, print the first 20 lines of each file containing 'servers:'
grep -R -l '^servers:' cloud-dataplane --include='*.yaml' --exclude-dir='overlays' | while read file; do
  echo "------ $file ------"
  sed -n '1,20p' "$file"
done

Length of output: 969

🏁 Script executed:

#!/bin/bash
# Print the server definitions around line 4977 to confirm ordering and identify the Data Plane server
sed -n '4965,5050p' cloud-dataplane/cloud-dataplane.yaml

Length of output: 2215

Scope the variable update to just dataplane_api_subdomain
Confirmed that in the base spec (cloud-dataplane/cloud-dataplane.yaml lines 4965–5050) the first (and only) entry in servers is the Data Plane API, so servers[0] is safe today—but overwriting $.servers[0].variables would remove the existing dataplane_api_url. Instead, apply:

-  - target: "$.servers[0].variables"
-    update:
-      dataplane_api_subdomain:
-        default: "{dataplane.api.subdomain}"
-        description: |-
-          From the `dataplane_api.url` value in the Control Plane API response, extract the subdomain (the part between `https://` and `.cloud.redpanda.com`). Enter this value in the Data Plane API URL field.
-
-          Example: If the URL is `https://api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd.cloud.redpanda.com`, enter `api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd`.
+  - target: "$.servers[0].variables.dataplane_api_subdomain"
+    update:
+      default: "{dataplane.api.subdomain}"
+      description: |-
+        From the `dataplane_api.url` value in the Control Plane API response, extract the subdomain (the part between `https://` and `.cloud.redpanda.com`). Enter this value in the Data Plane API URL field.
+
+        Example: If the URL is `https://api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd.cloud.redpanda.com`, enter `api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd`.

Also keep in mind that if additional servers are added upstream, relying on index 0 may break. Verify ordering or switch to identifying the Data Plane server by name/description if possible.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- target: "$.servers[0].variables"
update:
dataplane_api_subdomain:
default: "{dataplane.api.subdomain}"
- target: "$.servers[0].variables.dataplane_api_subdomain"
update:
default: "{dataplane.api.subdomain}"
description: |-
From the `dataplane_api.url` value in the Control Plane API response, extract the subdomain (the part between `https://` and `.cloud.redpanda.com`). Enter this value in the Data Plane API URL field.
Example: If the URL is `https://api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd.cloud.redpanda.com`, enter `api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd`.
🤖 Prompt for AI Agents 
In cloud-dataplane/overlays/update-dataplane-server-config.yaml lines 13–16, the
overlay currently replaces the entire $.servers[0].variables object which
removes existing vars like dataplane_api_url; change the target to only set the
dataplane_api_subdomain key (e.g. use
"$.servers[0].variables.dataplane_api_subdomain" as the JSONPath) and update its
default value accordingly so you don't clobber other variables. Additionally, to
avoid relying on index 0 which may change upstream, prefer selecting the Data
Plane server by a stable property (e.g. description or name) in the JSONPath
(for example use a filter like "$.servers[?(@.description=='Data Plane
API')].variables.dataplane_api_subdomain") if your overlay tooling supports it.

description: |-
From the `dataplane_api.url` value in the Control Plane API response, extract the subdomain (the part between `https://` and `.cloud.redpanda.com`). Enter this value in the Data Plane API URL field.
Copy link

@coderabbitai coderabbitai bot Aug 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Fix YAML trailing whitespace (linter error).
There are trailing spaces on this blank line that break YAMLlint.

Apply this diff to remove trailing whitespace:

-          
+
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
🧰 Tools
🪛 YAMLlint (1.37.1)

[error] 19-19: trailing spaces

(trailing-spaces)

🤖 Prompt for AI Agents 
In cloud-dataplane/overlays/update-dataplane-server-config.yaml around line 19,
there is a blank line containing trailing whitespace that causes YAML linting to
fail; remove the trailing spaces on that blank line so it is truly empty (no
spaces or tabs), then re-run the linter to confirm the warning is resolved.

Example: If the URL is `https://api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd.cloud.redpanda.com`, enter `api-a4cb21.ck09mi9c4vs17hng9gig.fmc.prd`.
1 change: 1 addition & 0 deletions cloud-dataplane/x-topics/error-and-status-codes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ Example request:

```bash
curl https://<dataplane_api_url>/topics | jq
```

Example response:

Expand Down
25 changes: 18 additions & 7 deletions cloud-dataplane/x-topics/quickstart.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
The following steps describe how to authenticate with the Data Plane APIs and create a new topic. For more information on the Data Plane APIs, see the Cloud API Overview.
The following steps describe how to authenticate with the Data Plane APIs and create a new topic. For more information on the Data Plane APIs, see the [Cloud API Overview](#topic-cloud-api-overview).

> **Note:** Redpanda Cloud uses a control plane and data plane architecture. To see the available endpoints for managing your clusters, networks, and resource groups, see the Control Plane API Reference.
> **Note:** Redpanda Cloud uses a control plane and data plane architecture. To view the available endpoints for managing your clusters, networks, and resource groups, see the [Control Plane API Reference](/api/doc/cloud-controlplane).

## Requirements

Expand All @@ -12,24 +12,35 @@ To use the Data Plane APIs:

### Authenticate to the API from API Explorer

To make API requests in your browser, you must obtain an access token. You can do so by clicking **Get token** on the API endpoint you want to call.
The API Explorer lets you interact with the API directly from the documentation. You can quickly explore available endpoints and try requests without setting up your own test environment.

To make Cloud API requests in your browser, you must obtain an access token. You can do so by clicking **Get token** on the API endpoint you want to call.

If you successfully retrieve an access token, it is valid for one hour. You can use the same token in requests to both Control Plane and Data Plane API endpoints, for as long as the token is valid.

> **Warning:** API requests from the API Explorer are executed against your actual environment and data, not a sandbox.

## Create a topic

> **Warning:** API requests from this page are executed against your actual environment and data, not a sandbox.

1. In the page header, click **API Explorer**.
1. If you don't already have the data plane API URL for your target cluster, make a Get Cluster (BYOC, Dedicated) or Get Serverless Cluster (Serverless) request with the Control Plane API. The response contains the data plane API URL. Copy the value of `dataplane_api.url` from the response body, and enter it in the URL field.
1. In the subheader, open **API Explorer**.

1. If you don't already have the data plane API URL for your target cluster, make a Get Cluster (BYOC, Dedicated) or Get Serverless Cluster (Serverless) request with the Control Plane API. The response contains the data plane API URL.

From the `dataplane_api.url` value in the response, extract only the subdomain (the part between `https://` and `.cloud.redpanda.com`). Enter this value in the Data Plane API URL field.

1. On the **Choose an operation** dropdown, select **Create topic**.
1. Click **Get token**. You may be prompted to log in to the Redpanda Cloud UI. After you log in, the browser automatically redirects you back to the Create resource group endpoint in the API Explorer.

1. If you need a valid access token, click **Get token**. You may be prompted to log in to the Redpanda Cloud UI. After you log in, the browser automatically redirects you back to the Create topic endpoint in the API Explorer.

1. Enter a name for your topic and click **Send request**.

1. Confirm that your topic is successfully created by making a List topics request.

## Next steps

The quickest ways to produce to and consume from the topic are to use [`rpk`](https://docs.redpanda.com/redpanda-cloud/manage/rpk/rpk-install/) or the [Redpanda HTTP Proxy](https://docs.redpanda.com/api/doc/http-proxy) (BYOC and Dedicated clusters only).
The quickest ways to produce to and consume from the topic are to use [`rpk`](https://docs.redpanda.com/redpanda-cloud/manage/rpk/rpk-install/) or the [Redpanda HTTP Proxy](/api/doc/http-proxy) (BYOC and Dedicated clusters only).

For example, to use `rpk` to produce to a topic named `test-topic`, run:

Expand Down
9 changes: 8 additions & 1 deletion shared/overlays/update-securityschemes-for-authentication.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,11 @@ info:
actions:
- target: $.components.securitySchemes.auth0
update:
description: The Cloud APIs use OAuth 2.0 for authentication. You must create a service account in the Cloud UI in order to request an access token. You can use the same access token to authenticate requests to both the Control Plane and Data Plane APIs.
description: |-
The Cloud APIs use OAuth 2.0 for authentication.

**For API Explorer (browser):** Authentication is handled automatically. Click "Get token" on any endpoint to authenticate with your Redpanda Cloud account and include a bearer token for requests made in API Explorer.

**For programmatic access (CLI, SDKs, scripts):** You must create a service account in the Redpanda Cloud UI and use the OAuth 2.0 client credentials flow to obtain an access token. See the Authentication topic for detailed instructions.

The same access token can be used for both Control Plane and Data Plane API requests for as long as the token is valid (one hour).
26 changes: 20 additions & 6 deletions shared/x-topics/about-authentication.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,30 @@
The Cloud API uses the Client Credentials Flow as defined in [Auth 2.0 RFC 6749, section 4.4](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4O). In Redpanda Cloud, you must first create a **service account** through which you can authenticate requests to the Cloud API. The service account is associated with your Redpanda Cloud organization. The service account acts as an OAuth 2.0 client that provides its credentials (client ID and client secret) to the API authentication server. The authentication server grants an access token in return. You can then include the access token in each request to the API.

The access token granted to you is associated with a specific Redpanda Cloud organization. If you want to use the API for a different organization, you must acquire a new token through a service account with that organization.
The Redpanda Cloud API uses OAuth 2.0 for authentication. The authentication method depends on whether you access the API in the browser using the API Explorer or programmatically.

You only need to authenticate once to the Cloud API. That is, after you obtain an access token, you can use the same token in requests to both Control Plane and Data Plane API endpoints, for as long as the token is valid.

## Request an access token
## Authenticate in API Explorer

When using the API Explorer in your browser, Redpanda Cloud uses the [OAuth 2.0 Implicit Flow](https://datatracker.ietf.org/doc/html/rfc6749#section-4.2):

1. Click **Get token** on any API endpoint.
2. Log in with your Redpanda Cloud credentials if prompted. After you log in, you are redirected back to the API Explorer.
Copy link
Contributor

@micheleRP micheleRP Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
2. Log in with your Redpanda Cloud credentials if prompted. After you log in, you are redirected back to the API Explorer.
2. Log in with your Redpanda Cloud credentials, if prompted. After you log in, you are redirected back to the API Explorer.

3. The token is automatically applied to your API requests.

## Authenticate programmatic requests

For programmatic access (using a CLI, SDKs, and applications), the Cloud API uses the Client Credentials Flow, as defined in [OAuth 2.0 RFC 6749, section 4.4](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4).

You must first create a **service account** through which you can authenticate requests to the Cloud API. The service account is associated with your Redpanda Cloud organization. The service account acts as an OAuth 2.0 client that provides its credentials (client ID and client secret) to the API authentication server. The authentication server grants an access token in return. You can then include the access token in each request to the API.

The access token granted to you is associated with a specific Redpanda Cloud organization. If you want to use the API for a different organization, you must acquire a new token through a service account with that organization.

### Request an access token

Users with administrative privileges in a Redpanda Cloud organization can create a service account.

> **Note:** Service accounts have administrative privileges by default. Cloud user roles are not applied for the API.

1. On the [Service account](https://cloud.redpanda.com/organization-iam?tab=service-accounts) tab in the Organization IAM page of the Redpanda Cloud UI, click **Create service account**. Enter a name and description.
1. In the Redpanda Cloud UI, go to [Organization IAM](https://cloud.redpanda.com/organization-iam), and select the **Service account** tab. Click **Create service account** and enter a name and description.

2. Copy and store the Client ID and Client Secret. These credentials cannot be viewed again after you close the dialog.

Expand All @@ -26,7 +40,7 @@ Users with administrative privileges in a Redpanda Cloud organization can create

The request response provides an access token that remains valid for one hour.

## Authenticate API requests
### Use the access token in API requests

You must pass the access token in the authorization header of each API request:

Expand Down
1 change: 0 additions & 1 deletion shared/x-topics/cloud-api-deprecation-policy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,6 @@ Redpanda communicates deprecation notices through the following:
* Updates to Cloud API documentation
* [What's New in Redpanda Cloud](https://docs.redpanda.com/redpanda-cloud/get-started/whats-new-cloud)
* Announcements in the #cloudapi [Community Slack](https://redpandacommunity.slack.com/) channel and in individual customer channels
* Emails to "Sign up for updates" recipients (sign up on the [Control Plane API](/api/ROOT/cloud-controlplane-api) and [Data Plane APIs](/api/ROOT/cloud-dataplane-api) reference documentation)

## Versioning policy

Expand Down
Loading