Documentation Index
Fetch the complete documentation index at: https://omer-914cc1c6.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Authentication requires users to log in before accessing your documentation.
Authentication modes
Choose between full and partial authentication modes based on your access control needs.
Full authentication: All pages are protected. Users must log in before accessing any content.
Partial authentication: Some pages are publicly viewable while others require authentication. Users can browse public content freely and authenticate only when accessing protected pages.
When configuring any handshake method below, you’ll select either Full authentication or Partial authentication in your dashboard settings.
Configuring authentication
Select the handshake method that you want to configure.
Password
Mintlify Dashboard
OAuth 2.0
JWT
Password authentication provides access control only and does not support content personalization.
Prerequisites
- Your security requirements allow sharing passwords among users.
Implementation
Create a password.
- In your dashboard, go to Authentication.
- Select Full Authentication or Partial Authentication.
- Select Password.
- Enter a secure password.
- Select Save changes.
Distribute access.
Securely share the password and documentation URL with authorized users.
Example
Your documentation is hosted at docs.foo.com and you need basic access control without tracking individual users. You want to prevent public access while keeping setup simple.Create a strong password in your dashboard. Share credentials with authorized users. That’s it!Prerequisites
- Your documentation users are also your documentation editors.
Implementation
Enable Mintlify dashboard authentication.
- In your dashboard, go to Authentication.
- Select Full Authentication or Partial Authentication.
- Select Mintlify Auth.
- Select Enable Mintlify Auth.
Add authorized users.
- In your dashboard, go to Members.
- Add each person who should have access to your documentation.
- Assign appropriate roles based on their editing permissions.
Example
Your documentation is hosted at docs.foo.com and your team uses the dashboard to edit your docs. You want to restrict access to team members only.Enable Mintlify authentication in your dashboard settings.Verify team access by checking that all team members are added to your organization.Prerequisites
- An OAuth or OIDC server that supports the Authorization Code Flow.
- Ability to create an API endpoint accessible by OAuth access tokens (optional, to enable personalization features).
Implementation
Configure your OAuth settings.
- In your dashboard, go to Authentication.
- Select Full Authentication or Partial Authentication.
- Select OAuth and configure these fields:
- Authorization URL: Your OAuth endpoint.
- Client ID: Your OAuth 2.0 client identifier.
- Client Secret: Your OAuth 2.0 client secret.
- Scopes: Permissions to request. Copy the entire scope string (for example, for a scope like
provider.users.docs, copy the complete provider.users.docs). Use multiple scopes if you need different access levels.
- Token URL: Your OAuth token exchange endpoint.
- Info API URL (optional): Endpoint to retrieve user info for personalization. If omitted, the OAuth flow will only be used to verify identity and the user info will be empty.
- Logout URL: The native logout URL for your OAuth provider. If your provider has a
returnTo or similar parameter, point it back to your docs URL.
- Select Save changes.
Configure your OAuth server.
- Copy the Redirect URL from your authentication settings.
- Add the redirect URL as an authorized redirect URL for your OAuth server.
Create your user info endpoint (optional).
To enable personalization features, create an API endpoint that:
- Accepts OAuth access tokens for authentication.
- Returns user data in the
User format. See User data format for more information.
Add this endpoint URL to the Info API URL field in your authentication settings. Example
Your documentation is hosted at foo.com/docs and you have an existing OAuth server at auth.foo.com that supports the Authorization Code Flow.Configure your OAuth server details in your dashboard:
- Authorization URL:
https://auth.foo.com/authorization
- Client ID:
ydybo4SD8PR73vzWWd6S0ObH
- Scopes:
['provider.users.docs']
- Token URL:
https://auth.foo.com/exchange
- Info API URL:
https://api.foo.com/docs/user-info
- Logout URL:
https://auth.foo.com/logout?returnTo=https%3A%2F%2Ffoo.com%2Fdocs
Create a user info endpoint at api.foo.com/docs/user-info, which requires an OAuth access token with the provider.users.docs scope, and returns:{
"content": {
"firstName": "Jane",
"lastName": "Doe"
},
"groups": ["engineering", "admin"]
}
Prerequisites
- An authentication system that can generate and sign JWTs.
- A backend service that can create redirect URLs.
Implementation
Generate a private key.
- In your dashboard, go to Authentication.
- Select Full Authentication or Partial Authentication.
- Select JWT.
- Enter the URL of your existing login flow and select Save changes.
- Select Generate new key.
- Store your key securely where it can be accessed by your backend.
Integrate Mintlify authentication into your login flow.
Modify your existing login flow to include these steps after user authentication:
- Create a JWT containing the authenticated user’s info in the
User format. See User data format for more information.
- Sign the JWT with your secret key, using the EdDSA algorithm.
- Create a redirect URL back to the
/login/jwt-callback path of your docs, including the JWT as the hash.
Example
Your documentation is hosted at docs.foo.com with an existing authentication system at foo.com. You want to extend your login flow to grant access to the docs while keeping your docs separate from your dashboard (or you don’t have a dashboard).Create a login endpoint at https://foo.com/docs-login that extends your existing authentication.After verifying user credentials:
- Generate a JWT with user data in Mintlify’s format.
- Sign the JWT and redirect to
https://docs.foo.com/login/jwt-callback#{SIGNED_JWT}.
import * as jose from 'jose';
import { Request, Response } from 'express';
const TWO_WEEKS_IN_MS = 1000 * 60 * 60 * 24 * 7 * 2;
const signingKey = await jose.importPKCS8(process.env.MINTLIFY_PRIVATE_KEY, 'EdDSA');
export async function handleRequest(req: Request, res: Response) {
const user = {
expiresAt: Math.floor((Date.now() + TWO_WEEKS_IN_MS) / 1000), // 2 week session expiration
groups: res.locals.user.groups,
content: {
firstName: res.locals.user.firstName,
lastName: res.locals.user.lastName,
},
};
const jwt = await new jose.SignJWT(user)
.setProtectedHeader({ alg: 'EdDSA' })
.setExpirationTime('10 s') // 10 second JWT expiration
.sign(signingKey);
return res.redirect(`https://docs.foo.com/login/jwt-callback#${jwt}`);
}
Redirecting unauthenticated users
When an unauthenticated user tries to access a protected page, their intended destination is preserved in the redirect to your login URL:
- User attempts to visit a protected page:
https://docs.foo.com/quickstart.
- Redirect to your login URL with a redirect query parameter:
https://foo.com/docs-login?redirect=%2Fquickstart.
- After authentication, redirect to
https://docs.foo.com/login/jwt-callback?redirect=%2Fquickstart#{SIGNED_JWT}.
- User lands in their original destination.
Making pages public
When using partial authentication, all pages are protected by default. You can make specific pages viewable without authentication at the page or group level with the public property.
Page level
To make a page public, add public: true to the page’s frontmatter.
---
title: "Public page"
public: true
---
Group level
To make all pages in a group public, add "public": true beneath the group’s name in the navigation object of your docs.json.
{
"navigation": {
"groups": [
{
"group": "Public group",
"public": true,
"icon": "play",
"pages": [
"quickstart",
"installation",
"settings"
]
},
{
"group": "Private group",
"icon": "pause",
"pages": [
"private-information",
"secret-settings"
]
}
]
}
}
