Merge branch '1.1.0' into gprc-docs

Author: DDH13

en/docs/catalogs/crds/gql_routes_types.md

@@ -349,4 +349,6 @@
 <hr />
 <p><em>
         Generated with <code>gen-crd-api-reference-docs</code>.
-</em></p>
+</em></p>
+
+{!catalogs/samples/gqlroute.md!}

en/docs/catalogs/samples/gqlroute.md

@@ -0,0 +1,47 @@
+# GQLRoute Sample
+
+The following is a sample GQLRoute CR.
+
+```
+apiVersion: dp.wso2.com/v1alpha2
+kind: GQLRoute
+metadata:
+  name: graphql-api-route
+spec:
+  hostnames:
+  - graphql.backend.gw.wso2.com
+  backendRefs:
+    - group: dp.wso2.com
+      kind: Backend
+      name: gql-backend
+  rules:
+  - matches:
+    - path: hero
+      type: QUERY
+    - path: droid
+      type: QUERY
+    - path: reviews
+      type: QUERY
+    - path: search
+      type: QUERY
+    - path: character
+      type: QUERY
+    - path: allHumans
+      type: QUERY
+    - path: allDroids
+      type: QUERY
+    - path: allCharacters
+      type: QUERY
+    - path: starship
+      type: QUERY
+    - path: createReview
+      type: MUTATION
+    - path: human
+      type: QUERY
+  parentRefs:
+  - group: gateway.networking.k8s.io
+    kind: Gateway
+    name: wso2-apk-default
+    namespace: apk
+    sectionName: httpslistener
+```

en/docs/control-plane/apk-as-gateway-in-apim/apk-as-gateway-in-apim-qsg.md

@@ -128,11 +128,11 @@ Now you can verify the deployment by executing the following command. You will s
 
 ### Create Deploy and Publish the API
 
-{!control-plane/api-management/control-plane-create-and-deploy-rest-apis.md!}
+{!control-plane/apk-as-gateway-in-apim/api-management/control-plane-create-and-deploy-rest-apis.md!}
 
 ### Create Application and Subscribe to the API
 
-{!control-plane/api-management/control-plane-create-application-and-subscription.md!}
+{!control-plane/apk-as-gateway-in-apim/api-management/control-plane-create-application-and-subscription.md!}
 
 
 ## Step 3 - Invoke the API

en/docs/create-api/create-and-attach-api-policies/api-policies-overview.md

@@ -6,11 +6,11 @@ API policies are a powerful tool in WSO2 APK for enforcing business logic and mo
 
 There are a few levels where a Policy attachment can happen in APK resources. 
 
-| **Level**              | **Actor**      | **Description**  |
-|------------------------|----------------|------------------|
-| Gateway                | System Admin   | Any policy which is applicable to all the APIs deployed to gateway runtime should be attached to `Gateway` resource. |     
-| API                    | API Owner      |  Attach a policy which is applicable to all the operations of that API.  |   
-| Operation               | API Owner      |  Attach a policy to an operation of a API.   |
+| **Level** | **Actor**    | **Description**                                                                                                      |
+| --------- | ------------ | -------------------------------------------------------------------------------------------------------------------- |
+| Gateway   | System Admin | Any policy which is applicable to all the APIs deployed to gateway runtime should be attached to `Gateway` resource. |
+| API       | API Owner    | Attach a policy which is applicable to all the operations of that API.                                               |
+| Operation | API Owner    | Attach a policy to an operation of a API.                                                                            |
 
 Attaching a policy to a specific level is descibed under each policy.
 
@@ -40,16 +40,16 @@ When you have multiple policies attached in different levels policies, you need
 
 Keep in mind that you cannot attach an API policy at two separate levels simultaneously and that the approach for attaching policies varies depending on the interface that you are using (i.e., CLI or REST API interface) to create the APIs.
 
-| **Create an API from:** | **Attach Policies**                                             |
-|-------------------------|-----------------------------------------------------------------|
-| REST APIs               | Attach a policy at API-level or Operation-level                 |
-| Custom Resources (CRs)  | Attach a policy at Gateway-level, API-level or Operation-level  |  
+| **Create an API from:** | **Attach Policies**                                            |
+| ----------------------- | -------------------------------------------------------------- |
+| REST APIs               | Attach a policy at API-level or Operation-level                |
+| Custom Resources (CRs)  | Attach a policy at Gateway-level, API-level or Operation-level |
 
 When you attach a policy at the API-level, it will be applied globally to all the operations that correspond to the API. However, when you attach a policy at an operation level, it will only be applicable locally to a specific operation.
 
 ## What's Next?
 
-- [Learn to attach API Policies for Interceptor Services](../interceptors/interceptors-overview/)
-- [Learn to attach API Policies for Backend JWT Token Manipulation](../backend-jwt-token-manipulation/backend-jwt-token-manipulation-via-rest-api/)
-- [Learn to attach API Policies for CORS](../cors/enable-cors-via-rest-api/)
+- [Learn to attach API Policies for Interceptor Services](./interceptors/interceptors-overview.md)
+- [Learn to attach API Policies for Backend JWT Token Manipulation](./backend-jwt-token-manipulation/overview.md)
+- [Learn to attach API Policies for CORS](./cors/enable-cors-via-rest-api.md)
 

en/docs/create-api/create-and-attach-api-policies/backend-jwt-token-manipulation/backend-jwt-token-manipulation-via-crs.md

@@ -1,4 +1,4 @@
-# Attach Backend JWT Token manipulation Policy to APIs via CRs
+# Backend JWT Manipulation Policy via CRs
 
 You need to create an `APIPolicy` with referencing to a `BackendJWT` resource under `override` or `default` sections in `APIPolicy.spec`. Then you need to create the `BackendJWT` custom resource with required properties. This policy can be used on both the `SYSTEM_API` and non system APIs separately. To find more information about backend JWT generation, please refer to the [Passing End User Attributes to the Backend](https://apim.docs.wso2.com/en/latest/deploy-and-publish/deploy-on-gateway/choreo-connect/passing-enduser-attributes-to-the-backend-via-choreo-connect/#enabling-the-default-backend-jwt-generator).
 

en/docs/create-api/create-and-attach-api-policies/backend-jwt-token-manipulation/backend-jwt-token-manipulation-via-rest-api.md

@@ -1,73 +1,113 @@
-# Attach Backend JWT Token manipulation Policy to APIs via REST API
+# Backend JWT Manipulation Policy via APK Conf
 
-There can be scenarios where a backend service needs to make different decisions or respond with different data, depending on the application end-user that consumes an API. This can be facilitated by APK by sending the attributes in a JWT via an HTTP header, to the backend service when the API call is being forwarded.
+### Before you begin
 
-To find more information about backend JWT generation, please refer to the [Passing End User Attributes to the Backend](https://apim.docs.wso2.com/en/latest/deploy-and-publish/deploy-on-gateway/choreo-connect/passing-enduser-attributes-to-the-backend-via-choreo-connect/#enabling-the-default-backend-jwt-generator).
+- [Create an API](../../../get-started/quick-start-guide.md)
 
-## Before you begin
+### Step 1 - Retrieve existing API configuration
 
-- [Create an API](../../../get-started/quick-start-guide.md)
+Here, you can use the apk-conf file which is created in [Create an API](../../../get-started/quick-start-guide.md) documentation and save this content into a file named `EmployeeService.apk-conf`.
+
+### Step 2 - Add the API Policy for Backend JWT
+
+A sample API Policy used for sending a JWT to the backend is given below.
+```
+apiPolicies:
+  request:
+   - policyName: "BackendJwt"
+     parameters:
+       encoding: Base64
+       signingAlgorithm: SHA256withRSA
+       header: X-JWT-Assertion
+       tokenTTL: 3600
+       customClaims:
+       - claim: claim1
+         value: value1
+       - claim: claim2
+         value: value2
+```
+
+The configurations that you need when attaching API Policies for Backend JWT manipulation are available in [Backend JWT Configurations section.](#backend-jwt-api-policy-configuration)
+
+The above policy will send the following claims to the backend under the header "X-JWT-Assertion".
+
+```
+{
+  claim1: value1
+  claim2: value2
+}
+```
+
+The sample APK configuration content after the modification is shown below.
+
+```
+name: "test-backend-jwt"
+basePath: "/backend-jwt"
+version: "1.0"
+type: "REST"
+defaultVersion: false
+endpointConfigurations:
+ production:
+   endpoint: "https://httpbin.org/anything"
+operations:
+   - target: "/test"
+     verb: "GET"
+     secured: true
+     scopes: []
+apiPolicies:
+ request:
+   - policyName: "BackendJwt"
+     parameters:
+       encoding: Base64
+       signingAlgorithm: SHA256withRSA
+       header: X-JWT-Assertion
+       tokenTTL: 3600
+       customClaims:
+       - claim: claim1
+         value: value1
+       - claim: claim2
+         value: value2
+```
+### Step 3 - Deploy the API in APK
+
+Refer to the [Deploy the API in APK](../../../get-started/quick-start-guide.md#deploy-the-api-in-apk) to deploy the API using APK configuration.
+
+### Step 4 - Generate an Acess Token
+
+Follow the [Generate Access Token](../../../develop-and-deploy-api/security/generate-access-token.md) documentation to generate an access token.
+
+### Step 5 - Invoke the API
+
+You can invoke the API using the following command.
+
+```
+curl --location 'https://default.gw.wso2.com:9095/backend-jwt/1.0/test' \
+--header 'Host: default.gw.wso2.com' \
+--header 'Authorization: Bearer <accessToken>
+```
+
+Since this guide uses the [httpbin service](https://httpbin.org/anything) which echoes the request and all of its headers, when you invoke the API, you will see a response similar to the following. The header "X-Jwt-Assertion" contains the JWT generated containing the claims.
+
+```
+"headers": {
+        "Accept": "*/*",
+        "Accept-Encoding": "gzip, deflate, br",
+        "Host": "httpbin.org",
+        "X-Jwt-Assertion": "eyJraWQiOiI4.....9UcOovptvkajf6xUqUbIJfMQp9g"
+    }
+```
+
+### Backend JWT API Policy configuration
+
+The configurable fields of the above API policy have been described below.
+
+| Field            | Description                                                                               |
+| ---------------- | ----------------------------------------------------------------------------------------- |
+| encoding         | The encoding mechanism used to encode the Backend JWT.                                    |
+| signingAlgorithm | The signing algorithm used to sign the Backend JWT.                                       |
+| header           | The name of the HTTP header to which the Backend JWT is attached and sent to the backend. |
+| tokenTTL         | The expiry time of the Backend JWT.                                                       |
+| customClaims     | List of custom claims that needs to be added to the Backend JWT.                          |
+| claim            | Name of the claim to send in the BackendJWT.                                              |
+| value            | Value of the claim to send in the BackendJWT.                                             |
 
-### Backend JWT configuration
-
-<table>
-    <tbody>
-        <tr>
-            <th colspan="2">Field</th>
-            <th>Description</th>
-        </tr>
-        <tr>
-            <td colspan="2" class="confluenceTd"><pre>encoding</pre></td>
-            <td class="confluenceTd">The encoding mechanism used to encode the Backend JWT.</td>
-        </tr>
-        <tr>
-            <td colspan="2" class="confluenceTd"><pre>signingAlgorithm</pre></td>
-            <td class="confluenceTd">The signing algorithm used to sign the Backend JWT.</td>
-        </tr>
-        <tr>
-            <td colspan="2" class="confluenceTd"><pre>header</pre></td>
-            <td class="confluenceTd">The name of the HTTP header to which the Backend JWT is attached.</td>
-        </tr>
-        <tr>
-            <td colspan="2" class="confluenceTd"><pre>tokenTTL</pre></td>
-            <td class="confluenceTd">The expiry time of the Backend JWT.</td>
-        </tr>
-        <tr>
-            <td colspan="2" class="confluenceTd"><pre>customClaims</pre></td>
-            <td class="confluenceTd">List of custom claims that needs to be added to the Backend JWT.</td>
-        </tr>
-    </tbody>
-</table>
-
-
-   Sample APK configuration content after the modification is shown below.
-
-   ```
-   name: "test-backend-jwt"
-   basePath: "/backend_jwt"
-   version: "1.0.0"
-   type: "REST"
-   defaultVersion: false
-   endpointConfigurations:
-     production:
-       endpoint: "https://httpbin.org/anything"
-   operations:
-       - target: "/test"
-         verb: "GET"
-         secured: true
-         scopes: []
-   apiPolicies:
-     request:
-       - policyName: "BackendJwt"
-         parameters:
-           encoding: Base64
-           signingAlgorithm: SHA256withRSA
-           header: X-JWT-Assertion
-           tokenTTL: 3600
-           customClaims:
-           - claim: claim1
-             value: value1
-           - claim: claim2
-             value: value2
-
-   ```

en/docs/create-api/create-and-attach-api-policies/backend-jwt-token-manipulation/overview.md

@@ -0,0 +1,16 @@
+# Passing End User Attributes to the Backend
+
+There can be scenarios where a backend service needs to make different decisions or respond with different data, depending on the application end-user that consumes an API. To achieve this, the backend service needs to have access to the respective end-user's data at the time an API call takes place.
+
+This can be facilitated by the Gateway by sending the end user attributes that are defined in the respective user store, in a JWT via an HTTP header, to the backend service when the API call is being forwarded.
+
+The backend JSON Web Token (JWT) contains the claims that are transferred between two parties, such as the end-user and the backend. A claim is an attribute of the user that is mapped to the underlying user store. A set of claims is referred to as a dialect.
+
+If you enable backend JWT generation in the Gateway, each API request will carry a digitally signed JWT, which is in the following format to the backend service.
+
+`{token header}.{claims list}.{signature}`
+
+You can configure backend JWT in two ways.
+
+1. [Using the APK Conf file](./backend-jwt-token-manipulation-via-rest-api.md).
+2. [Using CRs](./backend-jwt-token-manipulation-via-crs.md).

en/docs/create-api/create-and-attach-api-policies/interceptors/interceptors-overview.md

@@ -87,7 +87,7 @@ When you want the policy only to be defined in a single level, then defining the
 
 Configuring an interceptor requires the following two steps.
 
-1. [Implement an interceptor microservice adhering to the Interceptor OpenAPI Definition](https://apim.docs.wso2.com/en/latest/deploy-and-publish/deploy-on-gateway/choreo-connect/message-transformation/interceptor-microservice/interceptor-microservice/)
+1. [Implement an interceptor microservice adhering to the Interceptor OpenAPI Definition](https://apim.docs.wso2.com/en/4.2.0/deploy-and-publish/deploy-on-gateway/choreo-connect/message-transformation/interceptor-microservice/interceptor-microservice/)
 
 2. For reference, a sample interceptor service for data conversion between application/json and application/xml data types with interceptor policy CRs can be found here: [request-response-mediation-interceptors](https://github.com/wso2/apk/tree/main/samples/request-response-mediation-interceptors)
 

en/docs/create-api/manage-service-endpoint/manage-resiliency-circuit-breaker.md

@@ -93,8 +93,11 @@ operations:
     secured: true
     scopes: []
 ```
-You can then deploy this API by following the steps in [Create an API](../../get-started/quick-start-guide.md) documentation.
+
+You can then deploy this API by following the steps in the [Deploy the API in APK](../../get-started/quick-start-guide.md#deploy-the-api-in-apk) documentation.
+
 ## Via CRs
+
 **Step 1 - Define the CRs**
 
 Define the Backend resource for the API as below.

en/docs/create-api/manage-service-endpoint/manage-resiliency-retry-policy.md

@@ -83,7 +83,9 @@ operations:
     secured: true
     scopes: []
 ```
-You can then deploy this API by following the steps in [Create an API](../../get-started/quick-start-guide.md) documentation.
+
+You can then deploy this API by following the steps in the [Deploy the API in APK](../../get-started/quick-start-guide.md#deploy-the-api-in-apk) documentation.
+
 ## Via CRs
 
 **Step 1 - Define the CRs**

en/docs/create-api/manage-service-endpoint/manage-resiliency-timeout.md

@@ -74,7 +74,8 @@ operations:
     scopes: []
 ```
 
-You can then deploy this API by following the steps in [Create an API](../../get-started/quick-start-guide.md) documentation.
+You can then deploy this API by following the steps in the [Deploy the API in APK](../../get-started/quick-start-guide.md#deploy-the-api-in-apk) documentation.
+
 ## Via CRs
 
 **Step 1 - Define the CRs**

en/docs/create-api/manage-service-endpoint/manage-security-via-crs.md

@@ -184,7 +184,7 @@ Create an `HTTPRoute` resource referring to the above `Backend`.
 
 Refer [Step 3](https://apk.docs.wso2.com/en/latest/get-started/quick-start-guide/#step-3-invoke-the-api) in QSG to see how to invoke the API.
 
-In this try out we will use [httpbin service's](https://httpbin.org/)  `/get` resource to test the backend security. It echoes back the request details including all the headers. Therefore if the backend security was correctly configured, you should see the ehader `"Authorization": "Basic YWRtaW4KOmFkbWluCg==",` in the received response. 
+In this try out we will use [httpbin service's](https://httpbin.org/)  `/get` resource to test the backend security. It echoes back the request details including all the headers. Therefore if the backend security was correctly configured, you should see the header `"Authorization": "Basic YWRtaW4KOmFkbWluCg==",` in the received response. 
 
 ```
     {