TykTechnologies · sharadregoti · Nov 25, 2024 · Oct 30, 2024 · Oct 31, 2024 · Oct 31, 2024
diff --git a/tyk-docs/assets/img/api-management/security/basic-auth-add-key.png b/tyk-docs/assets/img/api-management/security/basic-auth-add-key.png
diff --git a/tyk-docs/assets/img/api-management/security/basic-auth-api-setup.png b/tyk-docs/assets/img/api-management/security/basic-auth-api-setup.png
diff --git a/tyk-docs/assets/img/api-management/security/client-mtls-api-setup.png b/tyk-docs/assets/img/api-management/security/client-mtls-api-setup.png
diff --git a/tyk-docs/assets/img/api-management/security/client-secret-oauth.png b/tyk-docs/assets/img/api-management/security/client-secret-oauth.png
diff --git a/tyk-docs/assets/img/api-management/security/create-oauth-from-api-list.png b/tyk-docs/assets/img/api-management/security/create-oauth-from-api-list.png
diff --git a/tyk-docs/assets/img/api-management/security/fill-out-client-details-oauth.png b/tyk-docs/assets/img/api-management/security/fill-out-client-details-oauth.png
diff --git a/tyk-docs/assets/img/api-management/security/jwt-hmac.png b/tyk-docs/assets/img/api-management/security/jwt-hmac.png
diff --git a/tyk-docs/assets/img/api-management/security/jwt-keycloak-add-policy-cont.png b/tyk-docs/assets/img/api-management/security/jwt-keycloak-add-policy-cont.png
diff --git a/tyk-docs/assets/img/api-management/security/jwt-keycloak-add-policy.png b/tyk-docs/assets/img/api-management/security/jwt-keycloak-add-policy.png
diff --git a/tyk-docs/assets/img/api-management/security/jwt-keycloak-api-create.png b/tyk-docs/assets/img/api-management/security/jwt-keycloak-api-create.png
diff --git a/tyk-docs/assets/img/api-management/security/jwt-keycloak-api-set-policy.png b/tyk-docs/assets/img/api-management/security/jwt-keycloak-api-set-policy.png
diff --git a/tyk-docs/assets/img/api-management/security/jwt-keycloak-get-api-url.png b/tyk-docs/assets/img/api-management/security/jwt-keycloak-get-api-url.png
diff --git a/tyk-docs/assets/img/api-management/security/jwt-keycloak-set-auth.png b/tyk-docs/assets/img/api-management/security/jwt-keycloak-set-auth.png
diff --git a/tyk-docs/assets/img/api-management/security/multiple-auth-choose-auth.png b/tyk-docs/assets/img/api-management/security/multiple-auth-choose-auth.png
diff --git a/tyk-docs/assets/img/api-management/security/multiple-auth-methods.png b/tyk-docs/assets/img/api-management/security/multiple-auth-methods.png
diff --git a/tyk-docs/assets/img/dashboard/system-management/oauth-auth-mode-new.png b/tyk-docs/assets/img/dashboard/system-management/oauth-auth-mode-new.png
diff --git a/tyk-docs/content/advanced-configuration/integrate/sso.md b/tyk-docs/content/advanced-configuration/integrate/sso.md
@@ -13,7 +13,7 @@ weight: 0
 ### SSO - The generic use case
 
 SSO gives users the ability to log in to multiple applications without the need to enter their password more than once.
-[OIDC]({{< ref "basic-config-and-security/security/authentication-authorization/openid-connect" >}}) or SAML enables an application to verify the identity of users from an organization without the need to self store and manage them, and without doing the identification process and exposing their passwords to that application. Their lists of users and passwords are kept safe in one single place, in the IDP that the organization has chosen to use. The Authorization server of the IdP identify the users for a pre-registered and approved application (`client` in OAuth and OIDC terminology).
+[OIDC]({{< ref "/api-management/authentication-authorization#use-openid-connect" >}}) or SAML enables an application to verify the identity of users from an organization without the need to self store and manage them, and without doing the identification process and exposing their passwords to that application. Their lists of users and passwords are kept safe in one single place, in the IDP that the organization has chosen to use. The Authorization server of the IdP identify the users for a pre-registered and approved application (`client` in OAuth and OIDC terminology).
 
 ### SSO in Tyk
 

diff --git a/tyk-docs/content/advanced-configuration/transform-traffic/endpoint-designer.md b/tyk-docs/content/advanced-configuration/transform-traffic/endpoint-designer.md
@@ -25,7 +25,7 @@ The **Core Settings** tab provides access to configure basic settings for the AP
    - [Service Discovery]({{< ref "planning-for-production/ensure-high-availability/service-discovery" >}})
 - [API Ownership]({{< ref "product-stack/tyk-dashboard/advanced-configurations/user-management/api-ownership" >}})
 - [API level rate limiting]({{< ref "basic-config-and-security/control-limit-traffic/rate-limiting#configuring-the-rate-limiter-at-the-api-level" >}})
-- [Authentication]({{< ref "basic-config-and-security/security/authentication-&-authorization" >}})
+- [Authentication]({{< ref "/api-management/authentication-authorization" >}})
 
 ## Versions
 

diff --git a/tyk-docs/content/api-management/authentication-authorization.md b/tyk-docs/content/api-management/authentication-authorization.md
diff --git a/tyk-docs/content/apim-best-practice/api-security-best-practice/authentication.md b/tyk-docs/content/apim-best-practice/api-security-best-practice/authentication.md
@@ -9,7 +9,7 @@ Authentication is the process of identifying API clients. It’s a broad topic,
 
 ### Implement Appropriate Authentication
 
-Choose a suitable authentication approach based on the risk profile of the API. Is it publicly accessible or internal? Does it require user interaction or is it machine to machine? How sensitive is the data and functionality provided by the API? Simplistic approaches, such as [Bearer Tokens]({{< ref "basic-config-and-security/security/authentication-authorization/bearer-tokens" >}}), can work for low risk, basic APIs, but for higher risk or more sophisticated APIs, it may be more appropriate to use a standards-based approach such as [OAuth 2.0]({{< ref "basic-config-and-security/security/authentication-authorization/oauth-2-0" >}}) or [OpenID Connect]({{< ref "basic-config-and-security/security/authentication-authorization/openid-connect" >}}). Furthermore, using an [external identity provider]({{< ref "basic-config-and-security/security/authentication-authorization/ext-oauth-middleware" >}}) can deliver additional benefits, such as [single sign-on]({{< ref "advanced-configuration/integrate/sso" >}}), as well as multi-factor authentication approaches such as [biometric verification](https://www.okta.com/identity-101/biometrics-secure-authentication).
+Choose a suitable authentication approach based on the risk profile of the API. Is it publicly accessible or internal? Does it require user interaction or is it machine to machine? How sensitive is the data and functionality provided by the API? Simplistic approaches, such as [Bearer Tokens]({{< ref "/api-management/authentication-authorization#use-bearer-tokens" >}}), can work for low risk, basic APIs, but for higher risk or more sophisticated APIs, it may be more appropriate to use a standards-based approach such as [OAuth 2.0]({{< ref "/api-management/authentication-authorization#set-up-oauth-20-authorization" >}}) or [OpenID Connect]({{< ref "/api-management/authentication-authorization#use-openid-connect" >}}). Furthermore, using an [external identity provider]({{< ref "/api-management/authentication-authorization#integrate-external-oauth-middleware" >}}) can deliver additional benefits, such as [single sign-on]({{< ref "advanced-configuration/integrate/sso" >}}), as well as multi-factor authentication approaches such as [biometric verification](https://www.okta.com/identity-101/biometrics-secure-authentication).
 
 ### Handle Data Securely
 

diff --git a/tyk-docs/content/apim-best-practice/api-security-best-practice/configuration.md b/tyk-docs/content/apim-best-practice/api-security-best-practice/configuration.md
@@ -9,7 +9,7 @@ Modern APIs are often backed by large technology stacks composed of numerous com
 
 ### Secure Connections
 
-Use [transport layer security]({{< ref "basic-config-and-security/security/tls-and-ssl" >}}) where possible. Most importantly, on inbound connections to the gateway and outbound connection from the gateway to the upstream API and other services. TLS can also be used as a form of authentication, using [Mutual TLS]({{< ref "basic-config-and-security/security/mutual-tls" >}}).
+Use [transport layer security]({{< ref "basic-config-and-security/security/tls-and-ssl" >}}) where possible. Most importantly, on inbound connections to the gateway and outbound connection from the gateway to the upstream API and other services. TLS can also be used as a form of authentication, using [Mutual TLS]({{< ref "/api-management/authentication-authorization#enable-mutual-tls" >}}).
 
 ### Limit Functionality
 

diff --git a/tyk-docs/content/apim-best-practice/api-security-best-practice/governance.md b/tyk-docs/content/apim-best-practice/api-security-best-practice/governance.md
@@ -9,7 +9,7 @@ APIs need to be managed and governed just like any other resource, otherwise org
 
 **Restrict Version Availability**: Enforce the expiry of [API versions]({{< ref "getting-started/key-concepts/versioning" >}}) that are planned for deprecation, by setting a sunset date, beyond which they will not be accessible.
 
-**Enforce Key Expiry**: In many situations it’s best to issue API keys that have a short, finite lifetime, especially when serving anonymous, external consumers. Set [expiry dates]({{< ref "basic-config-and-security/control-limit-traffic/key-expiry" >}}) for API keys, or use ephemeral credentials with complementary authentication techniques that support key renewal, such as [OAuth 2.0 refresh tokens]({{< ref "basic-config-and-security/security/authentication-&-authorization/oauth2-0/refresh-token-grant" >}}) and [dynamic client registration]({{< ref "tyk-stack/tyk-developer-portal/enterprise-developer-portal/api-access/dynamic-client-registration" >}}). Then, should an API key fall into the wrong hands, there’s a chance that it has already expired.
+**Enforce Key Expiry**: In many situations it’s best to issue API keys that have a short, finite lifetime, especially when serving anonymous, external consumers. Set [expiry dates]({{< ref "basic-config-and-security/control-limit-traffic/key-expiry" >}}) for API keys, or use ephemeral credentials with complementary authentication techniques that support key renewal, such as [OAuth 2.0 refresh tokens]({{< ref "/api-management/authentication-authorization#use-refresh-token-grant" >}}) and [dynamic client registration]({{< ref "tyk-stack/tyk-developer-portal/enterprise-developer-portal/api-access/dynamic-client-registration" >}}). Then, should an API key fall into the wrong hands, there’s a chance that it has already expired.
 
 **Use Standardized Specifications**: Use the [OpenAPI Specification](https://en.wikipedia.org/wiki/OpenAPI_Specification) standard to design APIs. These specification documents act as a source of truth that can generate [API configuration]({{< ref "getting-started/using-oas-definitions/import-an-oas-api" >}}) and [portal documentation]({{< ref "tyk-apis/tyk-portal-api/portal-documentation#create-documentation" >}}).
 

diff --git a/tyk-docs/content/basic-config-and-security/control-limit-traffic/rate-limiting.md b/tyk-docs/content/basic-config-and-security/control-limit-traffic/rate-limiting.md
@@ -42,7 +42,7 @@ If you want to restrict an API client to a certain rate of requests to your APIs
 {{< note success >}}
 **Note**  
 
- It is assumed that the APIs being protected with a rate limit are using our [Authentication token]({{< ref "basic-config-and-security/security/authentication-authorization/bearer-tokens" >}}) Authentication mode and have policies already created
+ It is assumed that the APIs being protected with a rate limit are using our [Authentication token]({{< ref "/api-management/authentication-authorization#use-bearer-tokens" >}}) Authentication mode and have policies already created
 {{< /note >}}
 
 You can configure this rate limit from the API Designer in Tyk Dashboard as follows:
@@ -59,7 +59,7 @@ If you want to restrict API clients to a certain rate of requests for a specific
 {{< note success >}}
 **Note**  
 
- It is assumed that the APIs being protected with a rate limit are using our [Authentication token]({{< ref "basic-config-and-security/security/authentication-authorization/bearer-tokens" >}}) Authentication mode and have policies already created
+ It is assumed that the APIs being protected with a rate limit are using our [Authentication token]({{< ref "/api-management/authentication-authorization#use-bearer-tokens" >}}) Authentication mode and have policies already created
 {{< /note >}}
 
 You can configure this rate limit from the API Designer in Tyk Dashboard as follows:

diff --git a/tyk-docs/content/basic-config-and-security/security.md b/tyk-docs/content/basic-config-and-security/security.md
@@ -31,7 +31,7 @@ Tyk supports TLS connections and Mutual TLS. All TLS connections also support HT
 
 ### Trusted Certificates
 
-As part of using Mutual TLS, you can create a list of [trusted certificates]({{< ref "basic-config-and-security/security/mutual-tls/concepts#certificates" >}}).
+As part of using Mutual TLS, you can create a list of [trusted certificates]({{< ref "/api-management/authentication-authorization#how-does-mutual-tls-work" >}}).
 
 ### Certificate Pinning
 
@@ -48,7 +48,7 @@ Tyk supports various ways to secure your APIs, including:
 * OAuth 2.0
 * OpenID Connect
 
-See [Authentication and Authorization]({{< ref "basic-config-and-security/security/authentication-&-authorization" >}}) for more details.
+See [Authentication and Authorization]({{< ref "/api-management/authentication-authorization" >}}) for more details.
 
 ### Security Policies
 

diff --git a/...cs/content/basic-config-and-security/security/authentication-&-authorization.md b/...cs/content/basic-config-and-security/security/authentication-&-authorization.md