Skip to content

Add security tip to API Tokens documentation #2846

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Nov 20, 2025
Merged

Add security tip to API Tokens documentation #2846

merged 7 commits into from
Nov 20, 2025

Conversation

@pwizla
Copy link
Collaborator

@pwizla pwizla commented Nov 20, 2025
edited
Loading

This PR recommends least‑privilege scopes, regular rotation, and secret storage for API tokens.

@vercel
Copy link

vercel bot commented Nov 20, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
documentation Ready Ready Preview Comment Nov 20, 2025 5:57pm

@strapi-cla
Copy link

strapi-cla commented Nov 20, 2025
edited
Loading

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ pwizla
❌ web-flow
You have signed the CLA already but the status is still pending? Let us recheck it.

@github-actions github-actions bot added internal PRs created by the Strapi core team pr: updated content PRs updating existing documentation content source: repo PRs/issues not targeting a specific documentation but rather affecting the whole repo labels Nov 20, 2025
@pwizla pwizla changed the title [experimental] Docs api tokens security tip [experimental] Add security tip to API Tokens documentation Nov 20, 2025
@pwizla pwizla self-assigned this Nov 20, 2025
@pwizla pwizla added this to the 6.12.1 milestone Nov 20, 2025
pwizla
pwizla commented Nov 20, 2025
View reviewed changes
@pwizla pwizla added pr: chore and removed internal PRs created by the Strapi core team labels Nov 20, 2025
@pwizla pwizla changed the title [experimental] Add security tip to API Tokens documentation Add security tip to API Tokens documentation Nov 20, 2025
@pwizla pwizla marked this pull request as ready for review November 20, 2025 17:56
@pwizla pwizla merged commit f78a925 into main Nov 20, 2025
5 of 7 checks passed
@pwizla pwizla deleted the repo/docs-api-tokens-security-tip branch November 20, 2025 17:56
pwizla added a commit that referenced this pull request Nov 20, 2025
@pwizla @web-flow @actions-user
Add security tip to API Tokens documentation (#2846)
fb9286e 
* docs(backend): correct TypeScript code fences in TS tabs (controllers, services, middlewares, routes)

* docs(bundlers): clarify webpack config example rename and JS/TS filenames

* docs(routes): add guidance to prefer fully-qualified handler names in custom routers

* docs(api-tokens): add concise security tip (least privilege, rotation, secrets manager)

* Limit PR scope based on title; keep only intended doc(s); revert unrelated files

* API Tokens docs: change security tip to a caution callout with title (PR #2846)

* Apply suggestion from @pwizla

---------

Co-authored-by: GitHub Actions <[email protected]>
pwizla added a commit that referenced this pull request Nov 20, 2025
@pwizla @web-flow
Add security tip to API Tokens documentation (#2846) (#2864)
b811cb0 
* docs(backend): correct TypeScript code fences in TS tabs (controllers, services, middlewares, routes)

* docs(bundlers): clarify webpack config example rename and JS/TS filenames

* docs(routes): add guidance to prefer fully-qualified handler names in custom routers

* docs(api-tokens): add concise security tip (least privilege, rotation, secrets manager)

* Limit PR scope based on title; keep only intended doc(s); revert unrelated files

* API Tokens docs: change security tip to a caution callout with title (PR #2846)

* Apply suggestion from @pwizla

---------

Co-authored-by: GitHub Actions <[email protected]>
@pwizla pwizla removed this from the 6.12.1 milestone Nov 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@meganelacheny meganelacheny Awaiting requested review from meganelacheny meganelacheny is a code owner

Assignees

@pwizla pwizla

Labels

pr: chore pr: updated content PRs updating existing documentation content source: repo PRs/issues not targeting a specific documentation but rather affecting the whole repo

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pwizla @strapi-cla @web-flow