Add docs for client-gw mtls support #123
Conversation
WalkthroughAdds comprehensive mTLS documentation and a new MTLS Authenticator policy entry, updates site navigation to expose the guide, and removes the Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes
Poem
Pre-merge checks and finishing touches❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 8
🧹 Nitpick comments (3)
en/docs/develop-api-proxy/policy/secure-client-gateway-communication-with-mtls.md (3)
55-55: Use hyphenated form: "URL-encoded".As per style guidelines, compound adjectives should be hyphenated. "URL encoded" should be "URL-encoded".
🔎 Proposed fix
-5. Paste the URL encoded certificate content you copied to the clipboard in the above section and save. +5. Paste the URL-encoded certificate content you copied to the clipboard in the above section and save.
58-58: Improve phrasing for clarity.The phrase "and add here" is awkward. Consider "and add it here" or "and provide it in this field".
🔎 Proposed fix
- If you need to support multiple client certificates, you can use an intermediate CA certificate and add here. Once that is done, all certificates signed by the intermediate certificate will be allowed to access the resource. + If you need to support multiple client certificates, you can use an intermediate CA certificate and add it here. Once that is done, all certificates signed by the intermediate certificate will be allowed to access the resource.
79-79: Improve phrasing for error scenario.The phrase "For a failed scenario" is awkward. Use "In a failed scenario" or "If the request fails".
🔎 Proposed fix
-For a failed scenario, you will get the following error. +If the request fails, you will get the following error.
📜 Review details
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
en/docs/assets/img/develop-api-proxy/policy/mtls-auth-policy.pngis excluded by!**/*.png
📒 Files selected for processing (3)
en/docs/develop-api-proxy/policy/policies.md(1 hunks)en/docs/develop-api-proxy/policy/secure-client-gateway-communication-with-mtls.md(1 hunks)en/mkdocs.yml(1 hunks)
🧰 Additional context used
🪛 LanguageTool
en/docs/develop-api-proxy/policy/secure-client-gateway-communication-with-mtls.md
[grammar] ~22-~22: Ensure spelling is correct
Context: ...hrough a mediation. Please download the mediation app from [link to the mediation app]. 2...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~22-~22: Ensure spelling is correct
Context: ...oad the mediation app from [link to the mediation app]. 2. Open the Ballerina.toml file...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~55-~55: Use a hyphen to join words.
Context: ...t "MTLS Authenticator". 5. Paste the URL encoded certificate content you copied t...
(QB_NEW_EN_HYPHEN)
[style] ~65-~65: Using many exclamation marks might seem excessive (in this case: 15 exclamation marks for a text that’s 3469 characters long)
Context: ... environment. ## Invoke the API Proxy !!! note If you haven’t removed OAuth2 ...
(EN_EXCESSIVE_EXCLAMATION)
🪛 markdownlint-cli2 (0.18.1)
en/docs/develop-api-proxy/policy/secure-client-gateway-communication-with-mtls.md
9-9: Spaces inside link text
(MD039, no-space-in-links)
93-93: Bare URL used
(MD034, no-bare-urls)
🔇 Additional comments (1)
en/mkdocs.yml (1)
141-141: LGTM!The navigation entry is correctly formatted and properly placed under the Policy section.
| - **Rewrite Resource Path**: Modifies the resource path of an HTTP request by replacing the original path with a new relative path. You can apply this policy multiple times, but only the last instance will take effect. The new path must be static, but you can use placeholders to configure different values for different environments. For example, `${myResourcePath}`. | ||
| - **Log Message**: Logs the payload and headers of a request or response. Attaching this policy multiple times results in duplicate log entries. By default, headers and payloads are not logged. To log them, you can enable `Log Headers` and `Log Payload` parameters. To exclude specific headers when logging, you can use the `Excluded Headers` parameter, which takes a comma-separated list of header names. An error will occur if payload logging is enabled but the payload cannot be read. | ||
| - **Permissions (Scopes)**: Defines fine-grained access control by assigning permissions (scopes) to API resources. Each resource can have one or more scopes, and only users or applications with the required scope in their access token can invoke the resource. | ||
| - **MTLS Authenticator**: Secures the communication between the client application and the gateway through mutual TLS (mTLS). This policy enforces that both the client and the gateway authenticate each other using certificates, ensuring encrypted and authenticated connections. It validates client certificates against configured certificate authorities. Follow the step mentioned in [Secure Client-Gateway Communication with mTLS](../policy/secure-client-gateway-communication-with-mtls.md) to configure the MTLS Authenticator policy. |
There was a problem hiding this comment.
Fix grammatical error: "step" should be "steps".
The phrase "Follow the step mentioned" should be "Follow the steps mentioned" since the referenced guide contains multiple configuration steps.
🔎 Proposed fix
-- **MTLS Authenticator**: Secures the communication between the client application and the gateway through mutual TLS (mTLS). This policy enforces that both the client and the gateway authenticate each other using certificates, ensuring encrypted and authenticated connections. It validates client certificates against configured certificate authorities. Follow the step mentioned in [Secure Client-Gateway Communication with mTLS](../policy/secure-client-gateway-communication-with-mtls.md) to configure the MTLS Authenticator policy.
+- **MTLS Authenticator**: Secures the communication between the client application and the gateway through mutual TLS (mTLS). This policy enforces that both the client and the gateway authenticate each other using certificates, ensuring encrypted and authenticated connections. It validates client certificates against configured certificate authorities. Follow the steps mentioned in [Secure Client-Gateway Communication with mTLS](../policy/secure-client-gateway-communication-with-mtls.md) to configure the MTLS Authenticator policy.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - **MTLS Authenticator**: Secures the communication between the client application and the gateway through mutual TLS (mTLS). This policy enforces that both the client and the gateway authenticate each other using certificates, ensuring encrypted and authenticated connections. It validates client certificates against configured certificate authorities. Follow the step mentioned in [Secure Client-Gateway Communication with mTLS](../policy/secure-client-gateway-communication-with-mtls.md) to configure the MTLS Authenticator policy. | |
| - **MTLS Authenticator**: Secures the communication between the client application and the gateway through mutual TLS (mTLS). This policy enforces that both the client and the gateway authenticate each other using certificates, ensuring encrypted and authenticated connections. It validates client certificates against configured certificate authorities. Follow the steps mentioned in [Secure Client-Gateway Communication with mTLS](../policy/secure-client-gateway-communication-with-mtls.md) to configure the MTLS Authenticator policy. |
🤖 Prompt for AI Agents
In en/docs/develop-api-proxy/policy/policies.md around line 30, the sentence
"Follow the step mentioned in [Secure Client-Gateway Communication with
mTLS](../policy/secure-client-gateway-communication-with-mtls.md) to configure
the MTLS Authenticator policy." contains a grammatical error; change "step" to
"steps" so it reads "Follow the steps mentioned in [Secure Client-Gateway
Communication with
mTLS](../policy/secure-client-gateway-communication-with-mtls.md) to configure
the MTLS Authenticator policy."
| Mutual TLS (mTLS) adds client-side certificate authentication to ensure only trusted clients can call an API. In WSO2 Bijira you enable mTLS at the API proxy level by configuring the MTLS Authenticator mediation policy to validate client certificates or an intermediate CA chain during the TLS handshake. | ||
|
|
||
| This guide walks through the end-to-end steps on configuring mTLS for an API proxy to consume the API Proxy. |
There was a problem hiding this comment.
Improve grammar and clarity.
Several issues affect readability:
- Line 3: Missing comma after "WSO2 Bijira"
- Line 5: "steps on configuring" should be "steps for configuring"
- Line 5: "to consume the API Proxy" is redundant (already mentioned as "for an API proxy")
🔎 Proposed fixes
-Mutual TLS (mTLS) adds client-side certificate authentication to ensure only trusted clients can call an API. In WSO2 Bijira you enable mTLS at the API proxy level by configuring the MTLS Authenticator mediation policy to validate client certificates or an intermediate CA chain during the TLS handshake.
+Mutual TLS (mTLS) adds client-side certificate authentication to ensure only trusted clients can call an API. In WSO2 Bijira, you enable mTLS at the API proxy level by configuring the MTLS Authenticator mediation policy to validate client certificates or an intermediate CA chain during the TLS handshake.
-This guide walks through the end-to-end steps on configuring mTLS for an API proxy to consume the API Proxy.
+This guide walks through the end-to-end steps for configuring mTLS for an API proxy.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| Mutual TLS (mTLS) adds client-side certificate authentication to ensure only trusted clients can call an API. In WSO2 Bijira you enable mTLS at the API proxy level by configuring the MTLS Authenticator mediation policy to validate client certificates or an intermediate CA chain during the TLS handshake. | |
| This guide walks through the end-to-end steps on configuring mTLS for an API proxy to consume the API Proxy. | |
| Mutual TLS (mTLS) adds client-side certificate authentication to ensure only trusted clients can call an API. In WSO2 Bijira, you enable mTLS at the API proxy level by configuring the MTLS Authenticator mediation policy to validate client certificates or an intermediate CA chain during the TLS handshake. | |
| This guide walks through the end-to-end steps for configuring mTLS for an API proxy. |
🤖 Prompt for AI Agents
en/docs/develop-api-proxy/policy/secure-client-gateway-communication-with-mtls.md
around lines 3 to 5: add a comma after "WSO2 Bijira", change "steps on
configuring" to "steps for configuring", and remove the redundant phrase "to
consume the API Proxy" so the final sentence reads succinctly (e.g., "This guide
walks through the end-to-end steps for configuring mTLS for an API proxy.").
|
|
||
| ## Prerequisites | ||
|
|
||
| 1. Set up [ Ballerina 2201.5.5](https://ballerina.io/downloads/swan-lake-release-notes/swan-lake-2201.5.5). |
There was a problem hiding this comment.
Update Ballerina to 2201.12.0 or later.
The documentation references Ballerina 2201.5.5, which was released in 2023. Update to Swan Lake Update 12 (2201.12.0), which includes significant compiler, runtime, and library improvements. mTLS is supported across all recent Ballerina versions.
🧰 Tools
🪛 markdownlint-cli2 (0.18.1)
9-9: Spaces inside link text
(MD039, no-space-in-links)
🤖 Prompt for AI Agents
In
en/docs/develop-api-proxy/policy/secure-client-gateway-communication-with-mtls.md
around line 9, the Ballerina version is pinned to 2201.5.5; update the
documentation to reference Ballerina Swan Lake Update 12 (2201.12.0) or later.
Replace the version string and any linked release notes URL with the appropriate
2201.12.0 (or newer) download/release-note link and, if present, adjust any
version-specific notes to indicate mTLS is supported across recent Ballerina
releases.
en/docs/develop-api-proxy/policy/secure-client-gateway-communication-with-mtls.md
Outdated
Show resolved
Hide resolved
| ## Configure mTLS Policy | ||
|
|
||
| 1. Mutual SSL will be configured through a mediation. Please download the mediation app from [link to the mediation app]. | ||
| 2. Open the `Ballerina.toml` file in your preferred text editor and modify the `org` parameter to match with your current Bijira organization. |
There was a problem hiding this comment.
Fix grammar: remove "with".
The phrase "match with your current" should be "match your current" for proper grammar.
🔎 Proposed fix
-2. Open the `Ballerina.toml` file in your preferred text editor and modify the `org` parameter to match with your current Bijira organization.
+2. Open the `Ballerina.toml` file in your preferred text editor and modify the `org` parameter to match your current Bijira organization.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| 2. Open the `Ballerina.toml` file in your preferred text editor and modify the `org` parameter to match with your current Bijira organization. | |
| 2. Open the `Ballerina.toml` file in your preferred text editor and modify the `org` parameter to match your current Bijira organization. |
🤖 Prompt for AI Agents
en/docs/develop-api-proxy/policy/secure-client-gateway-communication-with-mtls.md
around line 23: the sentence "modify the `org` parameter to match with your
current Bijira organization." uses incorrect grammar; remove the word "with" so
it reads "modify the `org` parameter to match your current Bijira organization."
— update that line accordingly.
| openssl req -x509 -newkey rsa:2048 -keyout mykey.pem -out mycert.pem -days 365 -nodes | ||
| ``` | ||
|
|
||
| 1. Open the certificate via the preferred text editor and get the content in PEM format. Convert the content in to URL encoding and copy the content to the clipboard for future use. |
There was a problem hiding this comment.
Add instructions for URL encoding the certificate.
The documentation instructs users to "Convert the content in to URL encoding" but doesn't explain how to perform this conversion. This is a critical step that may not be obvious to all users.
🔎 Suggested addition
Consider adding specific instructions or a command example for URL encoding, such as:
1. Open the certificate via the preferred text editor and get the content in PEM format. URL-encode the content using one of the following methods:
**Using Python:**
```bash
python3 -c "import urllib.parse; print(urllib.parse.quote(open('mycert.pem').read()))"Using online tools:
Visit a URL encoder tool and paste the certificate content to encode it.
Copy the encoded content to the clipboard for future use.
Also note: "in to" should be "into" (one word).
</details>
<details>
<summary>🤖 Prompt for AI Agents</summary>
In
en/docs/develop-api-proxy/policy/secure-client-gateway-communication-with-mtls.md
around line 43, the step telling users to "Convert the content in to URL
encoding" is vague and has a typo ("in to" → "into"); update the sentence to
"Convert the content into URL encoding" and add concrete examples showing how to
URL-encode a PEM file (e.g., a one-liner using Python's urllib.parse.quote and
mention alternative methods like OpenSSL piping or online URL-encoder tools),
then instruct the user to copy the encoded output to the clipboard for future
use.
</details>
<!-- fingerprinting:phantom:poseidon:puma -->
<!-- This is an auto-generated comment by CodeRabbit -->
en/docs/develop-api-proxy/policy/secure-client-gateway-communication-with-mtls.md
Show resolved
Hide resolved
|
|
||
| ## Configure a Custom Domain | ||
|
|
||
| To configure a custom domain for an API Proxy, follow the steps mentioned in [Configure a Custom Domain for Your Organization](../../../administer/settings/configure-a-custom-domain-for-your-organization/). |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Check if the custom domain configuration file exists
# First, let's see what files exist with "custom-domain" in the name
echo "=== Searching for custom domain configuration files ==="
find . -type f -name "*custom-domain*" 2>/dev/null
echo ""
echo "=== Checking directory structure under en/docs ==="
# Show the structure of en/docs to understand the organization
find en/docs -type d | head -30
echo ""
echo "=== Looking for administer directories ==="
find . -type d -name "administer" 2>/dev/null
echo ""
echo "=== File path resolution check ==="
# From the file location: en/docs/develop-api-proxy/policy/secure-client-gateway-communication-with-mtls.md
# Let's calculate where ../../../ goes
# Starting from: en/docs/develop-api-proxy/policy/
# Up 3 levels would be: en/
# Then: administer/settings/configure-a-custom-domain-for-your-organization/
echo "Resolved path should be: en/administer/settings/configure-a-custom-domain-for-your-organization/"
if [ -d "en/administer/settings/configure-a-custom-domain-for-your-organization" ]; then
echo "Directory EXISTS at calculated location"
ls -la "en/administer/settings/configure-a-custom-domain-for-your-organization/"
else
echo "Directory DOES NOT EXIST at calculated location"
fi
echo ""
echo "=== Checking if docs directory structure has administer section ==="
ls -la en/docs/ 2>/dev/null | head -20Repository: wso2/docs-bijira
Length of output: 2845
Correct the relative path in the link.
The link path has one too many directory levels. Change ../../../administer/settings/configure-a-custom-domain-for-your-organization/ to ../../administer/settings/configure-a-custom-domain-for-your-organization/.
🤖 Prompt for AI Agents
In
en/docs/develop-api-proxy/policy/secure-client-gateway-communication-with-mtls.md
around line 91, the relative link to the custom domain doc uses one extra ../
segment; update the path from
../../../administer/settings/configure-a-custom-domain-for-your-organization/ to
../../administer/settings/configure-a-custom-domain-for-your-organization/ so
the link resolves to the correct location.
There was a problem hiding this comment.
Actionable comments posted: 3
♻️ Duplicate comments (6)
en/docs/develop-api-proxy/policy/secure-client-gateway-communication-with-mtls.md (6)
3-5: Address persisting grammar and clarity issues.These issues remain unresolved from the previous review:
- Line 3: Missing comma after "WSO2 Bijira"
- Line 5: "steps on configuring" should be "steps for configuring"
- Line 5: Remove redundant phrase "to consume the API Proxy"
🔎 Proposed fixes
-Mutual TLS (mTLS) adds client-side certificate authentication to ensure only trusted clients can call an API. In WSO2 Bijira you enable mTLS at the API proxy level by configuring the MTLS Authenticator mediation policy to validate client certificates or an intermediate CA chain during the TLS handshake. +Mutual TLS (mTLS) adds client-side certificate authentication to ensure only trusted clients can call an API. In WSO2 Bijira, you enable mTLS at the API proxy level by configuring the MTLS Authenticator mediation policy to validate client certificates or an intermediate CA chain during the TLS handshake. -This guide walks through the end-to-end steps on configuring mTLS for an API proxy to consume the API Proxy. +This guide walks through the end-to-end steps for configuring mTLS for an API proxy.
9-9: Update Ballerina version and fix link formatting.The documentation references an outdated Ballerina version (2201.5.5 from 2023). Update to Swan Lake Update 12 (2201.12.0) or later, which includes significant improvements. Additionally, remove the space inside the link text to fix the linting error (MD039).
🔎 Proposed fix
-1. Set up [ Ballerina 2201.5.5](https://ballerina.io/downloads/swan-lake-release-notes/swan-lake-2201.5.5). +1. Set up [Ballerina 2201.12.0](https://ballerina.io/downloads/swan-lake-release-notes/swan-lake-2201.12.0).
23-23: Remove unnecessary preposition.The phrase "to match with your current" should be "to match your current" for grammatical correctness.
🔎 Proposed fix
-2. Open the `Ballerina.toml` file in your preferred text editor and modify the `org` parameter to match with your current Bijira organization. +2. Open the `Ballerina.toml` file in your preferred text editor and modify the `org` parameter to match your current Bijira organization.
43-43: Clarify URL encoding steps with concrete examples.The current instruction is vague and contains a typo. Provide concrete methods for URL-encoding the certificate content.
🔎 Proposed fix
-1. Open the certificate via the preferred text editor and get the content in PEM format. Convert the content in to URL encoding and copy the content to the clipboard for future use. +1. Open the certificate via the preferred text editor and get the content in PEM format. Convert the content into URL encoding using one of the following methods: + + **Using Python:** + ```bash + python3 -c "import urllib.parse; print(urllib.parse.quote(open('mycert.pem').read()))" + ``` + + **Using an online URL encoder:** + Visit a URL encoder tool (e.g., https://www.urlencoder.org/) and paste your certificate content. + + Copy the encoded output to the clipboard for future use.
48-48: Replace vague reference with a specific link.The reference "Develop an API Proxy: Step 1" lacks a direct link and forces users to search for the correct documentation page. Provide a clickable link or explicit file path.
🔎 Proposed fix example
-2. In the Proxy Listing pane, click on the API proxy for which you want to enable MTLS. For instructions on how to create an API proxy component, see Develop an API Proxy: Step 1. +2. In the Proxy Listing pane, click on the API proxy for which you want to enable MTLS. For instructions on how to create an API proxy component, see [Develop an API Proxy: Step 1](../../develop-api-proxy/develop-api-proxy.md).(Update the link path to match the actual file location in your documentation structure.)
91-91: Correct the relative path to the custom domain documentation.The relative path uses one too many directory traversals. Update from
../../../administer/...to../../administer/....🔎 Proposed fix
-To configure a custom domain for an API Proxy, follow the steps mentioned in [Configure a Custom Domain for Your Organization](../../../administer/settings/configure-a-custom-domain-for-your-organization/). +To configure a custom domain for an API Proxy, follow the steps mentioned in [Configure a Custom Domain for Your Organization](../../administer/settings/configure-a-custom-domain-for-your-organization/).Please verify that this corrected path resolves to the intended documentation file after the change.
📜 Review details
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
en/docs/assets/files/develop-api-proxy/policy/authenticator-mtls.zipis excluded by!**/*.zip
📒 Files selected for processing (2)
.gitignoreen/docs/develop-api-proxy/policy/secure-client-gateway-communication-with-mtls.md
💤 Files with no reviewable changes (1)
- .gitignore
🧰 Additional context used
🪛 LanguageTool
en/docs/develop-api-proxy/policy/secure-client-gateway-communication-with-mtls.md
[grammar] ~55-~55: Use a hyphen to join words.
Context: ...t "MTLS Authenticator". 5. Paste the URL encoded certificate content you copied t...
(QB_NEW_EN_HYPHEN)
[style] ~65-~65: Using many exclamation marks might seem excessive (in this case: 15 exclamation marks for a text that’s 3516 characters long)
Context: ... environment. ## Invoke the API Proxy !!! note If you haven’t removed OAuth2 ...
(EN_EXCESSIVE_EXCLAMATION)
🪛 markdownlint-cli2 (0.18.1)
en/docs/develop-api-proxy/policy/secure-client-gateway-communication-with-mtls.md
9-9: Spaces inside link text
(MD039, no-space-in-links)
22-22: Link text should be descriptive
(MD059, descriptive-link-text)
93-93: Bare URL used
(MD034, no-bare-urls)
|
|
||
| ## Configure mTLS Policy | ||
|
|
||
| 1. Mutual SSL will be configured through a mediation. Please download the mediation app from [here](../../assets/files/develop-api-proxy/policy/authenticator-mtls.zip). |
There was a problem hiding this comment.
Use a more descriptive link text.
The link text "[here]" is non-descriptive and doesn't convey what the user will download. Update to explicitly indicate the mediation app.
🔎 Proposed fix
-1. Mutual SSL will be configured through a mediation. Please download the mediation app from [here](../../assets/files/develop-api-proxy/policy/authenticator-mtls.zip).
+1. Mutual SSL will be configured through a mediation. Please download the [MTLS Authenticator mediation app](../../assets/files/develop-api-proxy/policy/authenticator-mtls.zip).📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| 1. Mutual SSL will be configured through a mediation. Please download the mediation app from [here](../../assets/files/develop-api-proxy/policy/authenticator-mtls.zip). | |
| 1. Mutual SSL will be configured through a mediation. Please download the [MTLS Authenticator mediation app](../../assets/files/develop-api-proxy/policy/authenticator-mtls.zip). |
🧰 Tools
🪛 markdownlint-cli2 (0.18.1)
22-22: Link text should be descriptive
(MD059, descriptive-link-text)
🤖 Prompt for AI Agents
In
en/docs/develop-api-proxy/policy/secure-client-gateway-communication-with-mtls.md
around line 22, the download link uses non-descriptive anchor text "[here]";
replace it with explicit link text like "download the authenticator-mtls
mediation app" (or similar) so the link clearly indicates the file being
downloaded and its purpose.
| If you don't need OAuth2 to be enabled, remove the "OAuth2" mediation policy. | ||
|
|
||
| 4. Under the policies, select "MTLS Authenticator". | ||
| 5. Paste the URL encoded certificate content you copied to the clipboard in the above section and save. |
There was a problem hiding this comment.
Use hyphen in compound adjective.
Line 55 uses "URL encoded" as a compound adjective before the noun. For proper grammar, use a hyphen: "URL-encoded".
🔎 Proposed fix
-5. Paste the URL encoded certificate content you copied to the clipboard in the above section and save.
+5. Paste the URL-encoded certificate content you copied to the clipboard in the above section and save.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| 5. Paste the URL encoded certificate content you copied to the clipboard in the above section and save. | |
| 5. Paste the URL-encoded certificate content you copied to the clipboard in the above section and save. |
🧰 Tools
🪛 LanguageTool
[grammar] ~55-~55: Use a hyphen to join words.
Context: ...t "MTLS Authenticator". 5. Paste the URL encoded certificate content you copied t...
(QB_NEW_EN_HYPHEN)
🤖 Prompt for AI Agents
In
en/docs/develop-api-proxy/policy/secure-client-gateway-communication-with-mtls.md
around line 55, the phrase "URL encoded certificate content" should use a hyphen
for the compound adjective; change it to "URL-encoded certificate content" so
the compound modifier is grammatically correct before the noun.
|
|
||
| To configure a custom domain for an API Proxy, follow the steps mentioned in [Configure a Custom Domain for Your Organization](../../../administer/settings/configure-a-custom-domain-for-your-organization/). | ||
|
|
||
| Once the above step is completed, contact the Bijira team via [email protected] to enable mTLS for the given custom domain. No newline at end of file |
There was a problem hiding this comment.
Format email address as a proper markdown link.
The email address appears as plain text without markdown formatting. Format it as a mailto link for better readability and compliance with markdown standards.
🔎 Proposed fix
-Once the above step is completed, contact the Bijira team via [email protected] to enable mTLS for the given custom domain.
+Once the above step is completed, contact the Bijira team via [[email protected]](mailto:[email protected]) to enable mTLS for the given custom domain.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| Once the above step is completed, contact the Bijira team via [email protected] to enable mTLS for the given custom domain. | |
| Once the above step is completed, contact the Bijira team via [[email protected]](mailto:[email protected]) to enable mTLS for the given custom domain. |
🧰 Tools
🪛 markdownlint-cli2 (0.18.1)
93-93: Bare URL used
(MD034, no-bare-urls)
🤖 Prompt for AI Agents
In
en/docs/develop-api-proxy/policy/secure-client-gateway-communication-with-mtls.md
around line 93, the Bijira team email is plain text; replace it with a Markdown
mailto link (e.g., use [[email protected]](mailto:[email protected])) so
the address is clickable and conforms to markdown standards.
1 participant
Purpose
This pull request introduces documentation for configuring mutual TLS (mTLS) authentication between client applications and the API gateway in Bijira. The main changes add a new inbuilt mediation policy for mTLS, provide detailed setup instructions, and update the documentation navigation to include this new guide.
Security checks
Summary by CodeRabbit
Documentation
Chores
✏️ Tip: You can customize this high-level summary in your review settings.