From c007dbdc13e4d54fe24611d4d3b77f031e4eb20b Mon Sep 17 00:00:00 2001
From: KVOJJJin <jzongcode@gmail.com>
Date: Wed, 11 Oct 2023 21:03:36 +0800
Subject: [PATCH] Feat: add document of authorization (#1311)

---
 .../datasets/template/template.en.mdx         | 254 ++++++++++--------
 .../datasets/template/template.zh.mdx         | 254 ++++++++++--------
 .../develop/template/template.en.mdx          |  19 ++
 .../develop/template/template.zh.mdx          |  19 ++
 .../develop/template/template_chat.en.mdx     |  19 ++
 .../develop/template/template_chat.zh.mdx     |  19 ++
 6 files changed, 348 insertions(+), 236 deletions(-)

diff --git a/web/app/(commonLayout)/datasets/template/template.en.mdx b/web/app/(commonLayout)/datasets/template/template.en.mdx
index 7e207d9c35..7e109f897f 100644
--- a/web/app/(commonLayout)/datasets/template/template.en.mdx
+++ b/web/app/(commonLayout)/datasets/template/template.en.mdx
@@ -2,127 +2,23 @@ import { CodeGroup } from '@/app/components/develop/code.tsx'
 import { Row, Col, Properties, Property, Heading, SubProperty, Paragraph } from '@/app/components/develop/md.tsx'
 
 # Dataset API
-<br/>
-<br/>
-<Heading
-  url='/datasets'
-  method='POST'
-  title='Create an empty dataset'
-  name='#create_empty_dataset'
-/>
-<Row>
-  <Col>
-    ### Request Body
-    <Properties>
-      <Property name='name' type='string' key='name'>
-        Dataset name
-      </Property>
-    </Properties>
-  </Col>
-  <Col sticky>
-    <CodeGroup 
-      title="Request" 
-      tag="POST" 
-      label="/datasets"
-      targetCode={`curl --location --request POST '${props.apiBaseUrl}/datasets' \\\n--header 'Authorization: Bearer {api_key}' \\\n--header 'Content-Type: application/json' \\\n--data-raw '{"name": "name"}'`}
-    >
-    ```bash {{ title: 'cURL' }}
-    curl --location --request POST '${apiBaseUrl}/v1/datasets' \
-    --header 'Authorization: Bearer {api_key}' \
-    --header 'Content-Type: application/json' \
-    --data-raw '{
-      "name": "name"
-    }'
-    ```
-    </CodeGroup>
-    <CodeGroup title="Response">
-    ```json {{ title: 'Response' }}
-    {
-      "id": "",
-      "name": "name",
-      "description": null,
-      "provider": "vendor",
-      "permission": "only_me",
-      "data_source_type": null,
-      "indexing_technique": null,
-      "app_count": 0,
-      "document_count": 0,
-      "word_count": 0,
-      "created_by": "",
-      "created_at": 1695636173,
-      "updated_by": "",
-      "updated_at": 1695636173,
-      "embedding_model": null,
-      "embedding_model_provider": null,
-      "embedding_available": null
-    }
-    ```
-    </CodeGroup>
-  </Col>
-</Row>
 
----
+<div>
+  ### Authentication
+
+  Service API of Dify authenticates using an `API-Key`.
+
+  It is suggested that developers store the `API-Key` in the backend instead of sharing or storing it in the client side to avoid the leakage of the `API-Key`, which may lead to property loss.
+
+  All API requests should include your `API-Key` in the **`Authorization`** HTTP Header, as shown below:
+
+  <CodeGroup title="Code">
+    ```javascript
+      Authorization: Bearer {API_KEY}
 
-<Heading
-  url='/datasets'
-  method='GET'
-  title='Dataset list'
-  name='#dataset_list'
-/>
-<Row>
-  <Col>
-    ### Query
-    <Properties>
-      <Property name='page' type='string' key='page'>
-        Page number
-      </Property>
-      <Property name='limit' type='string' key='limit'>
-        Number of items returned, default 20, range 1-100
-      </Property>
-    </Properties>
-  </Col>
-  <Col sticky>
-    <CodeGroup 
-      title="Request" 
-      tag="POST" 
-      label="/datasets"
-      targetCode={`curl --location --request GET '${props.apiBaseUrl}/datasets?page=1&limit=20' \\\n--header 'Authorization: Bearer {api_key}'`}
-    >
-    ```bash {{ title: 'cURL' }}
-    curl --location --request GET '${props.apiBaseUrl}/datasets?page=1&limit=20' \
-    --header 'Authorization: Bearer {api_key}'
     ```
-    </CodeGroup>
-    <CodeGroup title="Response">
-    ```json {{ title: 'Response' }}
-    {
-      "data": [
-        {
-          "id": "",
-          "name": "name",
-          "description": "desc",
-          "permission": "only_me",
-          "data_source_type": "upload_file",
-          "indexing_technique": "",
-          "app_count": 2,
-          "document_count": 10,
-          "word_count": 1200,
-          "created_by": "",
-          "created_at": "",
-          "updated_by": "",
-          "updated_at": ""
-        },
-        ...
-      ],
-      "has_more": true,
-      "limit": 20,
-      "total": 50,
-      "page": 1
-    }
-    ```
-    </CodeGroup>
-  </Col>
-</Row>
+  </CodeGroup>
+</div>
 
 ---
 
@@ -329,6 +225,128 @@ import { Row, Col, Properties, Property, Heading, SubProperty, Paragraph } from
 
 ---
 
+<Heading
+  url='/datasets'
+  method='POST'
+  title='Create an empty dataset'
+  name='#create_empty_dataset'
+/>
+<Row>
+  <Col>
+    ### Request Body
+    <Properties>
+      <Property name='name' type='string' key='name'>
+        Dataset name
+      </Property>
+    </Properties>
+  </Col>
+  <Col sticky>
+    <CodeGroup 
+      title="Request" 
+      tag="POST" 
+      label="/datasets"
+      targetCode={`curl --location --request POST '${props.apiBaseUrl}/datasets' \\\n--header 'Authorization: Bearer {api_key}' \\\n--header 'Content-Type: application/json' \\\n--data-raw '{"name": "name"}'`}
+    >
+    ```bash {{ title: 'cURL' }}
+    curl --location --request POST '${apiBaseUrl}/v1/datasets' \
+    --header 'Authorization: Bearer {api_key}' \
+    --header 'Content-Type: application/json' \
+    --data-raw '{
+      "name": "name"
+    }'
+    ```
+    </CodeGroup>
+    <CodeGroup title="Response">
+    ```json {{ title: 'Response' }}
+    {
+      "id": "",
+      "name": "name",
+      "description": null,
+      "provider": "vendor",
+      "permission": "only_me",
+      "data_source_type": null,
+      "indexing_technique": null,
+      "app_count": 0,
+      "document_count": 0,
+      "word_count": 0,
+      "created_by": "",
+      "created_at": 1695636173,
+      "updated_by": "",
+      "updated_at": 1695636173,
+      "embedding_model": null,
+      "embedding_model_provider": null,
+      "embedding_available": null
+    }
+    ```
+    </CodeGroup>
+  </Col>
+</Row>
+
+---
+
+<Heading
+  url='/datasets'
+  method='GET'
+  title='Dataset list'
+  name='#dataset_list'
+/>
+<Row>
+  <Col>
+    ### Query
+    <Properties>
+      <Property name='page' type='string' key='page'>
+        Page number
+      </Property>
+      <Property name='limit' type='string' key='limit'>
+        Number of items returned, default 20, range 1-100
+      </Property>
+    </Properties>
+  </Col>
+  <Col sticky>
+    <CodeGroup 
+      title="Request" 
+      tag="POST" 
+      label="/datasets"
+      targetCode={`curl --location --request GET '${props.apiBaseUrl}/datasets?page=1&limit=20' \\\n--header 'Authorization: Bearer {api_key}'`}
+    >
+    ```bash {{ title: 'cURL' }}
+    curl --location --request GET '${props.apiBaseUrl}/datasets?page=1&limit=20' \
+    --header 'Authorization: Bearer {api_key}'
+    ```
+    </CodeGroup>
+    <CodeGroup title="Response">
+    ```json {{ title: 'Response' }}
+    {
+      "data": [
+        {
+          "id": "",
+          "name": "name",
+          "description": "desc",
+          "permission": "only_me",
+          "data_source_type": "upload_file",
+          "indexing_technique": "",
+          "app_count": 2,
+          "document_count": 10,
+          "word_count": 1200,
+          "created_by": "",
+          "created_at": "",
+          "updated_by": "",
+          "updated_at": ""
+        },
+        ...
+      ],
+      "has_more": true,
+      "limit": 20,
+      "total": 50,
+      "page": 1
+    }
+    ```
+    </CodeGroup>
+  </Col>
+</Row>
+
+---
+
 <Heading
   url='/datasets/{dataset_id}/documents/{document_id}/update_by_text'
   method='POST'
diff --git a/web/app/(commonLayout)/datasets/template/template.zh.mdx b/web/app/(commonLayout)/datasets/template/template.zh.mdx
index 78fa916299..46297414b8 100644
--- a/web/app/(commonLayout)/datasets/template/template.zh.mdx
+++ b/web/app/(commonLayout)/datasets/template/template.zh.mdx
@@ -2,127 +2,23 @@ import { CodeGroup } from '@/app/components/develop/code.tsx'
 import { Row, Col, Properties, Property, Heading, SubProperty, Paragraph } from '@/app/components/develop/md.tsx'
 
 # 数据集 API
-<br/>
-<br/>
-<Heading
-  url='/datasets'
-  method='POST'
-  title='创建空数据集'
-  name='#create_empty_dataset'
-/>
-<Row>
-  <Col>
-    ### Request Body
-    <Properties>
-      <Property name='name' type='string' key='name'>
-        数据集名称
-      </Property>
-    </Properties>
-  </Col>
-  <Col sticky>
-    <CodeGroup 
-      title="Request" 
-      tag="POST" 
-      label="/datasets"
-      targetCode={`curl --location --request POST '${props.apiBaseUrl}/datasets' \\\n--header 'Authorization: Bearer {api_key}' \\\n--header 'Content-Type: application/json' \\\n--data-raw '{"name": "name"}'`}
-    >
-    ```bash {{ title: 'cURL' }}
-    curl --location --request POST '${props.apiBaseUrl}/datasets' \
-    --header 'Authorization: Bearer {api_key}' \
-    --header 'Content-Type: application/json' \
-    --data-raw '{
-      "name": "name"
-    }'
-    ```
-    </CodeGroup>
-    <CodeGroup title="Response">
-    ```json {{ title: 'Response' }}
-    {
-      "id": "",
-      "name": "name",
-      "description": null,
-      "provider": "vendor",
-      "permission": "only_me",
-      "data_source_type": null,
-      "indexing_technique": null,
-      "app_count": 0,
-      "document_count": 0,
-      "word_count": 0,
-      "created_by": "",
-      "created_at": 1695636173,
-      "updated_by": "",
-      "updated_at": 1695636173,
-      "embedding_model": null,
-      "embedding_model_provider": null,
-      "embedding_available": null
-    }
-    ```
-    </CodeGroup>
-  </Col>
-</Row>
 
----
+<div>
+  ### 鉴权
+
+  Dify Service API 使用 `API-Key` 进行鉴权。
+
+  建议开发者把 `API-Key` 放在后端存储，而非分享或者放在客户端存储，以免 `API-Key` 泄露，导致财产损失。
+
+  所有 API 请求都应在 **`Authorization`** HTTP Header 中包含您的 `API-Key`，如下所示：
+
+  <CodeGroup title="Code">
+    ```javascript
+      Authorization: Bearer {API_KEY}
 
-<Heading
-  url='/datasets'
-  method='GET'
-  title='数据集列表'
-  name='#dataset_list'
-/>
-<Row>
-  <Col>
-    ### Query
-    <Properties>
-      <Property name='page' type='string' key='page'>
-        页码
-      </Property>
-      <Property name='limit' type='string' key='limit'>
-        返回条数，默认 20，范围 1-100
-      </Property>
-    </Properties>
-  </Col>
-  <Col sticky>
-    <CodeGroup
-      title="Request"
-      tag="POST"
-      label="/datasets"
-      targetCode={`curl --location --request GET '${props.apiBaseUrl}/datasets?page=1&limit=20' \\\n--header 'Authorization: Bearer {api_key}'`}
-    >
-    ```bash {{ title: 'cURL' }}
-    curl --location --request GET '${props.apiBaseUrl}/datasets?page=1&limit=20' \
-    --header 'Authorization: Bearer {api_key}'
     ```
-    </CodeGroup>
-    <CodeGroup title="Response">
-    ```json {{ title: 'Response' }}
-    {
-      "data": [
-        {
-          "id": "",
-          "name": "数据集名称",
-          "description": "描述信息",
-          "permission": "only_me",
-          "data_source_type": "upload_file",
-          "indexing_technique": "",
-          "app_count": 2,
-          "document_count": 10,
-          "word_count": 1200,
-          "created_by": "",
-          "created_at": "",
-          "updated_by": "",
-          "updated_at": ""
-        },
-        ...
-      ],
-      "has_more": true,
-      "limit": 20,
-      "total": 50,
-      "page": 1
-    }
-    ```
-    </CodeGroup>
-  </Col>
-</Row>
+  </CodeGroup>
+</div>
 
 ---
 
@@ -329,6 +225,128 @@ import { Row, Col, Properties, Property, Heading, SubProperty, Paragraph } from
 
 ---
 
+<Heading
+  url='/datasets'
+  method='POST'
+  title='创建空数据集'
+  name='#create_empty_dataset'
+/>
+<Row>
+  <Col>
+    ### Request Body
+    <Properties>
+      <Property name='name' type='string' key='name'>
+        数据集名称
+      </Property>
+    </Properties>
+  </Col>
+  <Col sticky>
+    <CodeGroup 
+      title="Request" 
+      tag="POST" 
+      label="/datasets"
+      targetCode={`curl --location --request POST '${props.apiBaseUrl}/datasets' \\\n--header 'Authorization: Bearer {api_key}' \\\n--header 'Content-Type: application/json' \\\n--data-raw '{"name": "name"}'`}
+    >
+    ```bash {{ title: 'cURL' }}
+    curl --location --request POST '${props.apiBaseUrl}/datasets' \
+    --header 'Authorization: Bearer {api_key}' \
+    --header 'Content-Type: application/json' \
+    --data-raw '{
+      "name": "name"
+    }'
+    ```
+    </CodeGroup>
+    <CodeGroup title="Response">
+    ```json {{ title: 'Response' }}
+    {
+      "id": "",
+      "name": "name",
+      "description": null,
+      "provider": "vendor",
+      "permission": "only_me",
+      "data_source_type": null,
+      "indexing_technique": null,
+      "app_count": 0,
+      "document_count": 0,
+      "word_count": 0,
+      "created_by": "",
+      "created_at": 1695636173,
+      "updated_by": "",
+      "updated_at": 1695636173,
+      "embedding_model": null,
+      "embedding_model_provider": null,
+      "embedding_available": null
+    }
+    ```
+    </CodeGroup>
+  </Col>
+</Row>
+
+---
+
+<Heading
+  url='/datasets'
+  method='GET'
+  title='数据集列表'
+  name='#dataset_list'
+/>
+<Row>
+  <Col>
+    ### Query
+    <Properties>
+      <Property name='page' type='string' key='page'>
+        页码
+      </Property>
+      <Property name='limit' type='string' key='limit'>
+        返回条数，默认 20，范围 1-100
+      </Property>
+    </Properties>
+  </Col>
+  <Col sticky>
+    <CodeGroup
+      title="Request"
+      tag="POST"
+      label="/datasets"
+      targetCode={`curl --location --request GET '${props.apiBaseUrl}/datasets?page=1&limit=20' \\\n--header 'Authorization: Bearer {api_key}'`}
+    >
+    ```bash {{ title: 'cURL' }}
+    curl --location --request GET '${props.apiBaseUrl}/datasets?page=1&limit=20' \
+    --header 'Authorization: Bearer {api_key}'
+    ```
+    </CodeGroup>
+    <CodeGroup title="Response">
+    ```json {{ title: 'Response' }}
+    {
+      "data": [
+        {
+          "id": "",
+          "name": "数据集名称",
+          "description": "描述信息",
+          "permission": "only_me",
+          "data_source_type": "upload_file",
+          "indexing_technique": "",
+          "app_count": 2,
+          "document_count": 10,
+          "word_count": 1200,
+          "created_by": "",
+          "created_at": "",
+          "updated_by": "",
+          "updated_at": ""
+        },
+        ...
+      ],
+      "has_more": true,
+      "limit": 20,
+      "total": 50,
+      "page": 1
+    }
+    ```
+    </CodeGroup>
+  </Col>
+</Row>
+
+---
+
 <Heading
   url='/datasets/{dataset_id}/documents/{document_id}/update_by_text'
   method='POST'
diff --git a/web/app/components/develop/template/template.en.mdx b/web/app/components/develop/template/template.en.mdx
index e828667449..644c4e373a 100644
--- a/web/app/components/develop/template/template.en.mdx
+++ b/web/app/components/develop/template/template.en.mdx
@@ -5,6 +5,25 @@ import { Row, Col, Properties, Property, Heading, SubProperty, Paragraph } from
 
 For high-quality text generation, such as articles, summaries, and translations, use the completion-messages API with user input. Text generation relies on the model parameters and prompt templates set in Dify Prompt Engineering.
 
+<div>
+  ### Authentication
+
+  Service API of Dify authenticates using an `API-Key`.
+
+  It is suggested that developers store the `API-Key` in the backend instead of sharing or storing it in the client side to avoid the leakage of the `API-Key`, which may lead to property loss.
+
+  All API requests should include your `API-Key` in the **`Authorization`** HTTP Header, as shown below:
+
+  <CodeGroup title="Code">
+    ```javascript
+      Authorization: Bearer {API_KEY}
+
+    ```
+  </CodeGroup>
+</div>
+
+---
+
 <Heading
   url='/completion-messages'
   method='POST'
diff --git a/web/app/components/develop/template/template.zh.mdx b/web/app/components/develop/template/template.zh.mdx
index 8a542009fb..157cd91bb3 100644
--- a/web/app/components/develop/template/template.zh.mdx
+++ b/web/app/components/develop/template/template.zh.mdx
@@ -5,6 +5,25 @@ import { Row, Col, Properties, Property, Heading, SubProperty } from '../md.tsx'
 
 可用于生成高质量文本的应用，例如生成文章、摘要、翻译等，通过调用 completion-messages 接口，发送用户输入得到生成文本结果。用于生成文本的模型参数和提示词模版取决于开发者在 Dify 提示词编排页的设置。
 
+<div>
+  ### 鉴权
+
+  Dify Service API 使用 `API-Key` 进行鉴权。
+
+  建议开发者把 `API-Key` 放在后端存储，而非分享或者放在客户端存储，以免 `API-Key` 泄露，导致财产损失。
+
+  所有 API 请求都应在 **`Authorization`** HTTP Header 中包含您的 `API-Key`，如下所示：
+
+  <CodeGroup title="Code">
+    ```javascript
+      Authorization: Bearer {API_KEY}
+
+    ```
+  </CodeGroup>
+</div>
+
+---
+
 <Heading
   url='/completion-messages'
   method='POST'
diff --git a/web/app/components/develop/template/template_chat.en.mdx b/web/app/components/develop/template/template_chat.en.mdx
index 739882a4b4..f3ab219741 100644
--- a/web/app/components/develop/template/template_chat.en.mdx
+++ b/web/app/components/develop/template/template_chat.en.mdx
@@ -5,6 +5,25 @@ import { Row, Col, Properties, Property, Heading, SubProperty, Paragraph } from
 
 For versatile conversational apps using a Q&A format, call the chat-messages API to initiate dialogue. Maintain ongoing conversations by passing the returned conversation_id. Response parameters and templates depend on LangGenius Prompt Eng. settings. **[Before you start, READ This !! What is a Bearer Token](https://swagger.io/docs/specification/authentication/bearer-authentication/)**
 
+<div>
+  ### Authentication
+
+  Service API of Dify authenticates using an `API-Key`.
+
+  It is suggested that developers store the `API-Key` in the backend instead of sharing or storing it in the client side to avoid the leakage of the `API-Key`, which may lead to property loss.
+
+  All API requests should include your `API-Key` in the **`Authorization`** HTTP Header, as shown below:
+
+  <CodeGroup title="Code">
+    ```javascript
+      Authorization: Bearer {API_KEY}
+
+    ```
+  </CodeGroup>
+</div>
+
+---
+
 <Heading
   url='/chat-messages'
   method='POST'
diff --git a/web/app/components/develop/template/template_chat.zh.mdx b/web/app/components/develop/template/template_chat.zh.mdx
index c736ff057b..25ce17de52 100644
--- a/web/app/components/develop/template/template_chat.zh.mdx
+++ b/web/app/components/develop/template/template_chat.zh.mdx
@@ -5,6 +5,25 @@ import { Row, Col, Properties, Property, Heading, SubProperty } from '../md.tsx'
 
 可用于大部分场景的对话型应用，采用一问一答模式与用户持续对话。要开始一个对话请调用 chat-messages 接口，通过继续传入返回的 conversation_id 可持续保持该会话。**[开始前请阅读 !! 什么是 Bearer Token ？](https://swagger.io/docs/specification/authentication/bearer-authentication/)**
 
+<div>
+  ### 鉴权
+
+  Dify Service API 使用 `API-Key` 进行鉴权。
+
+  建议开发者把 `API-Key` 放在后端存储，而非分享或者放在客户端存储，以免 `API-Key` 泄露，导致财产损失。
+
+  所有 API 请求都应在 **`Authorization`** HTTP Header 中包含您的 `API-Key`，如下所示：
+
+  <CodeGroup title="Code">
+    ```javascript
+      Authorization: Bearer {API_KEY}
+
+    ```
+  </CodeGroup>
+</div>
+
+---
+
 <Heading
   url='/chat-messages'
   method='POST'