diff --git a/website/docs/docs/dbt-cloud-apis/service-tokens.md b/website/docs/docs/dbt-cloud-apis/service-tokens.md
index 9553f48a013..f1369711d2b 100644
--- a/website/docs/docs/dbt-cloud-apis/service-tokens.md
+++ b/website/docs/docs/dbt-cloud-apis/service-tokens.md
@@ -115,3 +115,5 @@ To rotate your token:
4. Copy the new token and replace the old one in your systems. Store it in a safe place, as it will not be available again once the creation screen is closed.
5. Delete the old token in dbt Cloud by clicking the **trash can icon**. _Only take this action after the new token is in place to avoid service disruptions_.
+## FAQs
+
diff --git a/website/docs/faqs/API/rotate-token.md b/website/docs/faqs/API/rotate-token.md
index a880825ea3f..144c834ea8a 100644
--- a/website/docs/faqs/API/rotate-token.md
+++ b/website/docs/faqs/API/rotate-token.md
@@ -7,6 +7,24 @@ id: rotate-token
For security reasons and best practices, you should aim to rotate API keys every so often.
+You can rotate your API key automatically with the push of a button in your dbt Cloud environment or manually using the command line.
+
+
+
+
+
+To automatically rotate your API key:
+
+1. Navigate to the Account settings by clicking the **gear icon** in the top right of your dbt Cloud account.
+2. Select **API Access** from the lefthand side.
+3. In the **API** pane, click `Rotate`.
+
+
+
+
+
+
+
1. Rotate your [User API token](/docs/dbt-cloud-apis/user-tokens) by replacing `YOUR_USER_ID`, `YOUR_CURRENT_TOKEN`, and `YOUR_ACCESS_URL `with your information in the following request.
```
@@ -41,3 +59,7 @@ For example, if your deployment is Virtual Private dbt:
✅ `http://cloud.customizedurl.getdbt.com/`
❌ `http://cloud.getdbt.com/`
+
+
+
+
\ No newline at end of file
diff --git a/website/docs/faqs/Troubleshooting/ip-restrictions.md b/website/docs/faqs/Troubleshooting/ip-restrictions.md
new file mode 100644
index 00000000000..9f1aa41c574
--- /dev/null
+++ b/website/docs/faqs/Troubleshooting/ip-restrictions.md
@@ -0,0 +1,29 @@
+---
+title: "I'm receiving a 403 error 'Forbidden: Access denied' when using service tokens"
+description: "All service token traffic is now subject to IP restrictions. To resolve 403 errors, add your third-party integration CIDRs (network addresses) to the allowlist."
+sidebar_label: 'Service token 403 error: Forbidden: Access denied'
+---
+
+
+All [service token](/docs/dbt-cloud-apis/service-tokens) traffic is subject to IP restrictions.
+
+When using a service token, the following 403 response error indicates the IP is not on the allowlist. To resolve this, you should add your third-party integration CIDRs (network addresses) to your allowlist.
+
+The following is an example of the 403 response error:
+
+```json
+ {
+ "status": {
+ "code": 403,
+ "is_success": False,
+ "user_message": ("Forbidden: Access denied"),
+ "developer_message": None,
+ },
+ "data": {
+ "account_id": ,
+ "user_id": ,
+ "is_service_token": ,
+ "account_access_denied": True,
+ },
+ }
+```
diff --git a/website/static/img/docs/dbt-cloud/rotate-token.png b/website/static/img/docs/dbt-cloud/rotate-token.png
new file mode 100644
index 00000000000..7bce8f09302
Binary files /dev/null and b/website/static/img/docs/dbt-cloud/rotate-token.png differ