Merge branch 'main' into patch-1

Author: Lucky

.devcontainer/devcontainer.json

@@ -3,20 +3,28 @@
 	"image": "mcr.microsoft.com/devcontainers/javascript-node:20-bullseye",
 	"features": {
 		"ghcr.io/devcontainers/features/github-cli:1": {}
-	}
-
-	// Features to add to the dev container. More info: https://containers.dev/features.
-	// "features": {},
-
-	// Use 'forwardPorts' to make a list of ports inside the container available locally.
-	// "forwardPorts": [],
-
-	// Use 'postCreateCommand' to run commands after the container is created.
-	// "postCreateCommand": "yarn install",
-
-	// Configure tool-specific properties.
-	// "customizations": {},
-
-	// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
-	// "remoteUser": "root"
+	},
+	"customizations": {
+		"vscode": {
+			"settings": {},
+			"extensions": [
+				"dbaeumer.vscode-eslint"
+			]
+		}
+	},
+	"updateContentCommand": "npm install",
+	"remoteUser": "root",
+	"forwardPorts": [
+		3000
+	],
+	"portsAttributes": {
+		"3000": {
+			"label": "Docs Preview",
+			"onAutoForward": "notify",
+			"protocol": "http"
+		}
+	},
+	"runArgs": [
+		"--network=host"
+	]
 }

.github/workflows/create-Issue.yaml

@@ -1,37 +1,38 @@
-name: Create Issue for Pull Request
+# Commeting out for now since we are not actively translating to Japanese
+# name: Create Issue for Pull Request
 
-on:
-  pull_request:
-    types: [opened, reopened]
-    branches:
-      - main
-    paths:
-      - "docs/**/*.md"
-      - "docs/**/*.mdx"
+# on:
+#   pull_request:
+#     types: [opened, reopened]
+#     branches:
+#       - main
+#     paths:
+#       - "docs/**/*.md"
+#       - "docs/**/*.mdx"
 
-jobs:
-  ja:
-    runs-on: ubuntu-latest
-    # Do not run translation on PRs from forks since they don't have access to the SIMPLEEN secret
-    if: ${{ !github.event.pull_request.head.repo.fork }}
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.base.sha }}
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.sha }}
-      - name: Get Changed Files
-        id: files
-        run: |
-          echo "::set-output name=list::$(git diff --name-only ${{ github.event.before }} ${{ github.sha }})"
-      - uses: actions/github-script@v3
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          script: |
-            const issue = await github.issues.create({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              title: `${{ github.event.pull_request.title }} [ja]`,
-              body: `Changed Files:\n${{ github.event.pull_request.html_url }}/files \n cc: @MomentoBigFun @Yoshiitaka`
-            })
+# jobs:
+#   ja:
+#     runs-on: ubuntu-latest
+#     # Do not run translation on PRs from forks since they don't have access to the SIMPLEEN secret
+#     if: ${{ !github.event.pull_request.head.repo.fork }}
+#     steps:
+#       - uses: actions/checkout@v4
+#         with:
+#           ref: ${{ github.event.pull_request.base.sha }}
+#       - uses: actions/checkout@v4
+#         with:
+#           ref: ${{ github.sha }}
+#       - name: Get Changed Files
+#         id: files
+#         run: |
+#           echo "::set-output name=list::$(git diff --name-only ${{ github.event.before }} ${{ github.sha }})"
+#       - uses: actions/github-script@v3
+#         with:
+#           github-token: ${{secrets.GITHUB_TOKEN}}
+#           script: |
+#             const issue = await github.issues.create({
+#               owner: context.repo.owner,
+#               repo: context.repo.repo,
+#               title: `${{ github.event.pull_request.title }} [ja]`,
+#               body: `Changed Files:\n${{ github.event.pull_request.html_url }}/files \n cc: @MomentoBigFun @Yoshiitaka`
+#             })

.gitpod/automations.yaml

@@ -0,0 +1,8 @@
+services:
+  docusaurus:
+    name: Start Docusaurus Locally
+    triggeredBy: [ 'manual', 'postDevcontainerStart']
+    commands:
+      start: |
+        npm install
+        npm start

docs/account-sharing/index.mdx

@@ -0,0 +1,150 @@
+---
+sidebar_position: 1
+sidebar_label: Account Sharing
+title: Account Sharing
+description: Learn how to share your Momento account with other users.
+pagination_next: null
+hide_title: true
+keywords:
+  - account sharing
+  - sharing
+  - collaboration
+  - team
+  - organization
+  - resources
+  - members
+  - accounts
+  - operator
+  - owner
+  - viewer
+  - role
+  - access
+  - permissions
+---
+
+
+# What is Account Sharing?
+Momento's account sharing feature enables you to collaborate and manage access to your resources with ease. By sharing your account, you can grant other users access to your topics, caches, and other resources. You can also control the level of access each user has by assigning them roles.
+
+## Using Roles to Control Access
+The resources an account owner may share include **account** resources (e.g., account membership management and role assignment, billing and payment), **auth** resources (e.g., generating API keys and access tokens), and **data** resources (e.g., creating/deleting caches, manipulating cache data, publishing and subscribing to topics).
+
+You can control the level of access to these categories of resources for each account member you invite using the following roles:
+
+- **Owner**: an owner has full access to view and modify all resources.
+- **Operator**: an operator has full access to view and modify all auth and data resources but has read-only access to account resources.
+- **Viewer**: a viewer has read-only access to all resources.
+
+## **How to Use Account Sharing as an Owner**
+
+Users with the **Owner** role enjoy full access to all of the resources in the account. These are the only users able to modify account resources-- only an **Owner** can invite other users to join an account, change other users' roles, and remove users from the account.
+
+### **Invite a User**
+    - Log in to the [Momento Console](https://console.gomomento.com).
+    - In the upper-right corner, click on your account info dropdown and select **Manage Account**.
+
+        <img src="/img/account-sharing/manage-account.png" width="60%"/>
+    - Click on the **Invite User** button.
+
+        <img src="/img/account-sharing/invite-user.png" width="90%"/>
+    - Enter the email address of the user you wish to invite, choose the role you want to assign to them, and click **Invite**. They will receive an email invitation to join your account.
+
+        <img src="/img/account-sharing/invite-user-modal.png" width="60%"/>
+
+### **View and Revoke Pending Account Invitations**
+    - Log in to the [Momento Console](https://console.gomomento.com).
+    - In the upper-right corner, click on your account info dropdown and select **Manage Account**.
+
+        <img src="/img/account-sharing/manage-account.png" width="60%"/>
+    - Click on the **Pending Invitations** tab to view all outstanding user invitations. You can use the **Revoke** button to cancel a pending invitation.
+
+        <img src="/img/account-sharing/pending-account-invitations.png" width="90%"/>
+
+### **Change a User's Role**
+    - Log in to the [Momento Console](https://console.gomomento.com).
+    - In the upper-right corner, click on your account info dropdown and select **Manage Account**.
+
+        <img src="/img/account-sharing/manage-account.png" width="60%"/>
+    - On the **Account Members** tab, find the user you want to change the role for and click on the edit icon next to their role.
+
+        <img src="/img/account-sharing/change-role-edit-button.png" width="90%"/>
+    - Select the new role you want to assign to the user and click **Save**.
+
+        <img src="/img/account-sharing/role-change-menu.png" width="90%"/>
+
+### **Remove a User**
+    - Log in to the [Momento Console](https://console.gomomento.com).
+    - In the upper-right corner, click on your account info dropdown and select **Manage Account**.
+
+        <img src="/img/account-sharing/manage-account.png" width="60%"/>
+    - Find the user you want to remove and click on the **Remove** button.
+
+        <img src="/img/account-sharing/remove-user.png" width="90%"/>
+    - Confirm the removal by clicking **Remove** in the dialog box.
+
+        <img src="/img/account-sharing/confirm-remove-user.png" width="60%"/>
+
+## **How to Use Account Sharing as an Account Member**
+
+After being invited to join an account, you can accept the invitation and switch between your accounts in the Momento Console. You can also leave an account if you no longer need access to it.
+
+### **Accept an Invitation**
+    - When a Momento account owner invites you to join an account, you will receive an email notification.
+    - Click on the **Join Account** button in the email to navigate to the Momento console.
+    - Log in to the console using the email address that received the invitation.
+    - After logging in, you will be presented with a modal dialog displaying a list of accounts you have been invited to.
+
+        <img src="/img/account-sharing/pending-user-invitations-modal.png" width="60%"/>
+
+    - Follow the link to the invitations page in the dialog or visit it later by clicking on your account info dropdown and selecting **Manage User**.
+
+        <img src="/img/account-sharing/account-menu-manage-user.png"/>
+
+    - Click on the **Pending Invitations** tab to view all of your outstanding invitations to accounts. You can use the **Accept** button to join an account or the **Decline** button to decline and remove the invitation.
+
+        <img src="/img/account-sharing/pending-user-invitations-list.png" width="90%"/>
+
+
+### **Switch Accounts**
+    - If you are added to multiple accounts, you can switch between accounts inside the Momento Console.
+    - Log in to the [Momento Console](https://console.gomomento.com).
+    - In the upper-right corner, click on your account info dropdown and select **Switch Account**.
+
+        <img src="/img/account-sharing/switch-account.png" width="60%"/>
+    - Select the account you want to switch to from the list.
+
+        <img src="/img/account-sharing/select-account.png" width="60%"/>
+
+### **Leave an Account**
+
+    - If you no longer need access to an acount, you can leave it.
+    - Log in to the [Momento Console](https://console.gomomento.com).
+    - In the upper-right corner, click on your account info dropdown and select **Manage Account**.
+
+        <img src="/img/account-sharing/manage-account.png" width="60%"/>
+
+    - Click on the **Account Members** tab to view all members of the account.
+    - Find your user entry and click on the **Leave** button.
+
+        <img src="/img/account-sharing/leave-account.png" width="90%"/>
+
+    - **Note**: users with the **Owner** role may not leave an account. If you are an account owner and wish to leave the account, you must have another **Owner** remove you or change your role so you can leave the account.
+
+## **Roles and the Console Interface**
+
+Depending on your role in an account, different pages and user interface elements may be inaccessible to you. For example, because only users with the **Owner** role are allowed to access account resources, the buttons and links that modify account data on the **Manage Account** page will be disabled for users with the **Operator** or **Viewer** roles. User interface elements highlighted in the image below are disabled for non-**Owner** users.
+
+    <img src="/img/account-sharing/disabled-actions.png" width="90%"/>
+
+Hovering over any of the highlighted elements on that page will display a tooltip explaining that the element is disabled due to insufficient permissions.
+
+    <img src="/img/account-sharing/unauthorized-tooltip.png" width="60%"/>
+
+Users with the **Viewer** role can view account, auth, and data resources but can not modify them. These users will encounter additional disabled elements throughout the console interface, for example the **Create Cache** button on the **Caches** page. Other console pages, such as the one for generating API keys and tokens, are inaccessible to **Viewer** users. Links to these pages are styled to signify that they are not clickable.
+
+    <img src="/img/account-sharing/landing-page-disabled-links.png" width="90%"/>
+
+
+## Important Notes
+- **Member Limit**: You can have up to 10 members in your account. If you reach this limit, you will need to remove an existing user before adding a new one, or you can also request a higher limit by contacting Momento at support@momentohq.com.
+- **Removing Owners**: Any **Owner** can remove any non-**Owner** account member. However, users with the **Owner** role cannot be removed from an account. To remove an account **Owner**, another **Owner** must first change their role.

docs/api/authentication/_category_.json

@@ -0,0 +1,9 @@
+{
+  "label": "Authentication",
+  "position": 2,
+  "collapsible": true,
+  "collapsed": true,
+  "link": {
+    "description": "Discover the authentication and authorization measures of the Momento platform"
+  }
+}

docs/api/authentication/api-keys.md

@@ -0,0 +1,78 @@
+---
+id: api-keys
+title: API keys
+sidebar_label: API keys
+description: Learn what Momento API keys are, how to create them, and how they are used.
+---
+
+# API keys
+
+API keys are *long-lived values intended for programmatic use*. These keys grant integrating applications access to certain caches and topics.
+
+When creating an API key, you are presented with two options via the [Momento console](https://console.gomomento.com/tokens):
+
+1. A "super-user" key that grants access to everything in your account, like creating and deleting caches, setting and getting cache items, and publishing and subscribing to topics.
+2. A fine-grained access control (FGAC) key that is limited to data operations only, like setting and getting cache items or publishing and subscribing to topics.
+
+:::info
+
+It is not possible to create "super-user" API keys via the Momento SDK; these may only be created in the console. However, you *can* use the SDK to create API keys with specific permissions via fine-grain access control.
+
+:::
+
+## Creating an API key
+
+While it is possible to create API keys via the Momento SDK, the simplest way to create them is to use the [Momento console](https://console.gomomento.com/tokens).
+
+### Step 1: Sign up or log into the Momento console
+
+Go to the [Momento console](https://console.gomomento.com/tokens) and follow the instructions to log in with your email address, Google account, or GitHub account.
+
+![Image of Momento console landing page](@site/static/img/getting-started/console.png)
+
+### Step 2: Generate your API key
+
+In the console, select the [API Keys](https://console.gomomento.com/tokens) menu option.
+
+Once on the API key page, select the information that matches where your caches live:
+
+1. Cloud provider
+2. Region
+3. Key Type
+3. (Optional) Expiration date
+
+![Image showing the fields to create a new API key](@site/static/img/getting-started/select-provider-region.png)
+
+Once complete, click on the **Generate** button to create your API Key!
+
+You can copy the value of the key directly and store it in a secure location or you can click on the **Download JSON** button to download the key and expiration date to your machine.
+
+### Step 3: Secure it!
+
+API keys are long-lived and typically grant high levels of access to the holder. With this in mind, be sure to securely store your API key in a location that encrypts the value and prevents plain-text viewing.
+
+If your application is hosted in the cloud, it is best practice to store your keys in and retrieve from services like [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/), [Azure Key Vault](https://learn.microsoft.com/en-us/azure/key-vault/general/overview), or [GCP Secret Manager](https://cloud.google.com/secret-manager).
+
+Storage of an API key is specific to your implementation and standard coding practices, but one thing is consistent across all applications - *keep it safe*!
+
+## Expiration
+
+When creating an API key, you have the option to create one that never expires and one that expires after a certain amount of time. We **do not recommend creating keys that never expire**. This ends up being a security risk if the key were ever to become compromised.
+
+The Momento console offers several pre-configured options for expiration ranges or you can select your own date. Just remember to create a new API key and rotate it in your application before it expires to prevent outages!
+
+Momento provides an example of an automatic API key rotation lambda for your convenience [here](https://github.com/momentohq/auth-token-refresh-lambda).
+
+## Use cases
+
+For shorter-lived authentication use cases, with targeted permission scopes, consider using [Momento tokens](./tokens.mdx).
+
+API keys are a good choice for situations where:
+
+* All usage is programmatic and server-side
+* You are okay with longer-lived keys that must be rotated on a monthly/yearly basis
+* The key needs relatively broad permissions
+
+For more information on managing the permissions on either API Keys or Tokens via fine-grained access control, see the [permissions page](./permissions.mdx).
+
+Ready to get started? Head on over to the [Momento console](https://console.gomomento.com/tokens) and get your API key!