FOSSBilling · admdly · May 11, 2026 · May 11, 2026 · May 11, 2026 · May 11, 2026
diff --git a/src/components/starlight/Footer.astro b/src/components/starlight/Footer.astro
@@ -8,7 +8,7 @@ const footerLinks = [
   { label: 'hello@fossbilling.org', href: 'mailto:hello@fossbilling.org' },
   { label: 'Discord', href: 'https://fossbilling.org/discord' },
   { label: 'Mastodon', href: 'https://fosstodon.org/@fossbilling' },
-  { label: 'X (Twitter)', href: 'https://twitter.com/FOSSBilling' },
+  { label: 'X', href: 'https://x.com/FOSSBilling' },
   { label: 'Status page', href: 'https://status.fossbilling.org/' },
 ];
 ---
@@ -34,8 +34,8 @@ const footerLinks = [
 
     <p class="fb-footer__copy">
       &copy; {year}, The FOSSBilling project. Content licensed under the{' '}
-      <a href="https://github.com/FOSSBilling/fossbilling.org/blob/main/LICENSE"
-        >Apache 2.0 license</a
+      <a href="https://github.com/FOSSBilling/docs/blob/main/LICENSE-docs"
+        >Creative Commons Attribution-ShareAlike 4.0 International license</a
       >.
     </p>
   </div>

diff --git a/src/content/docs/customizing-fossbilling/config.mdoc b/src/content/docs/customizing-fossbilling/config.mdoc
@@ -46,13 +46,13 @@ Control security behavior:
 
 ### Maintenance Mode
 
-Temporarily disable public access:
+Temporarily disable public access. Use `allowed_urls` for endpoints that must stay reachable and `allowed_ips` for trusted networks that should bypass maintenance mode.
 
 ```php
 'maintenance_mode' => [
     'enabled' => true,
-    'allowed_urls' => ['/api/guest/*'],  // URLs that stay accessible
-    'allowed_ips' => ['192.168.1.0/24'],   // IPs that bypass maintenance
+    'allowed_urls' => ['/api/guest/*'],
+    'allowed_ips' => ['192.168.1.0/24'],
 ],
 ```
 
@@ -101,18 +101,18 @@ Temporarily disable public access:
 
 ### API Settings
 
-Control API access and rate limiting:
+Control API access and rate limiting. Use `require_referrer_header` to lock browser-originated requests to your install URL, `allowed_ips` for explicit allowlists, and the `rate_*` values to tune throttling.
 
 ```php
 'api' => [
-    'require_referrer_header' => true,  // Must match FOSSBilling URL
-    'allowed_ips' => [],                 // Empty = allow all
-    'rate_span' => 60,                   // Rate limit window (seconds)
-    'rate_limit' => 100,                 // Max requests per window
-    'throttle_delay' => 2,               // Delay when rate limited
-    'rate_span_login' => 60,             // Login rate limit window
-    'rate_limit_login' => 20,            // Max login attempts
-    'CSRFPrevention' => true,            // Enable CSRF protection
+    'require_referrer_header' => true,
+    'allowed_ips' => [],
+    'rate_span' => 60,
+    'rate_limit' => 100,
+    'throttle_delay' => 2,
+    'rate_span_login' => 60,
+    'rate_limit_login' => 20,
+    'CSRFPrevention' => true,
 ],
 ```
 

diff --git a/src/content/docs/developing-fossbilling/event-hooks.mdoc b/src/content/docs/developing-fossbilling/event-hooks.mdoc
@@ -187,13 +187,11 @@ class Service
     public static function onAfterAdminOrderCreate(\Box_Event $event): void
     {
         $order = $event->getSubject();
-        // Do something with the new order
         error_log('New order created: ' . $order->id);
     }
 
     public static function onBeforeAdminCronRun(\Box_Event $event): void
     {
-        // Run before cron executes
     }
 }
 ```

diff --git a/src/content/docs/developing-fossbilling/guides/creating-a-module.mdoc b/src/content/docs/developing-fossbilling/guides/creating-a-module.mdoc
@@ -64,12 +64,14 @@ public function getModulePermissions(): array
             'display_name' => __trans('Delete something'),
             'description' => __trans('Allows the staff member to delete "something"'),
         ],
-        'can_always_access' => true,  // Staff always has basic access
-        'manage_settings' => [],      // Opt-in to settings page restriction
+        'can_always_access' => true,
+        'manage_settings' => [],
     ];
 }
 ```
 
+`can_always_access` grants baseline access to the module, while `manage_settings` limits the settings page to the listed permissions.
+
 ### Checking Permissions
 
 **Quick check:**

diff --git a/src/content/docs/developing-fossbilling/guides/creating-a-payment-gateway.mdoc b/src/content/docs/developing-fossbilling/guides/creating-a-payment-gateway.mdoc
@@ -109,7 +109,6 @@ class Payment_Adapter_MyGateway implements FOSSBilling\InjectionAwareInterface
         $invoiceId = $data['get']['invoice_id'] ?? $data['post']['invoice_id'];
         $invoice = $this->di['db']->getExistingModelById('Invoice', $invoiceId);
 
-        // Verify with your gateway's API
         $paymentId = $data['post']['payment_id'];
         $payment = $this->verifyPaymentWithGateway($paymentId);
 

diff --git a/src/content/docs/developing-fossbilling/guides/creating-a-registrar-integration.mdoc b/src/content/docs/developing-fossbilling/guides/creating-a-registrar-integration.mdoc
@@ -65,14 +65,12 @@ class Registrar_Adapter_YourRegistrar extends Registrar_AdapterAbstract
 
     public function isAvailable($domain): bool
     {
-        // Check if domain is available for registration
         $response = $this->apiRequest('check', ['domain' => $domain]);
         return $response['available'] ?? false;
     }
 
     public function register($domain, array $contact): bool
     {
-        // Register the domain
         $params = [
             'domain' => $domain,
             'period' => $this->getPeriod(),
@@ -85,7 +83,6 @@ class Registrar_Adapter_YourRegistrar extends Registrar_AdapterAbstract
 
     private function apiRequest($action, array $params = []): array
     {
-        // Your API communication logic
         $ch = curl_init($this->config['api_url'] . '/' . $action);
         curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
         curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($params));

diff --git a/src/content/docs/developing-fossbilling/javascript.mdoc b/src/content/docs/developing-fossbilling/javascript.mdoc
@@ -84,12 +84,12 @@ API.admin.post(
   "client/get_list",
   {},
   function(response) {
-    // Handle success
+    console.log(response.list);
   },
   function(error) {
-    // Handle error
+    console.error(error.message);
   },
-  false  // No spinner
+  false
 );
 ```
 
@@ -102,7 +102,7 @@ The wrapper automatically shows a spinner for requests taking longer than 250ms.
 
 ```css
 .spinner-border {
-  /* Your spinner styles */
+  display: inline-block;
   animation: spin 1s linear infinite;
 }
 ```
@@ -119,27 +119,27 @@ Either:
 
 ### Success Response
 
+The success callback receives the decoded API response object:
+
 ```javascript
 function(response) {
-  // response contains the API result
-  // Access data like response.result or response.id
+  console.log(response.result);
 }
 ```
 
 ### Error Response
 
+The error callback receives the API error payload:
+
 ```javascript
 function(error) {
-  // error contains error details
-  // Usually: error.message and error.code
   console.error(error.message);
 }
 ```
 
 ## Complete Example
 
 ```javascript
-// Load client profile
 function loadProfile() {
   API.client.get(
     "client/profile",
@@ -154,7 +154,6 @@ function loadProfile() {
   );
 }
 
-// Call it when the page loads
 document.addEventListener('DOMContentLoaded', loadProfile);
 ```
 

diff --git a/src/content/docs/maintaining-fossbilling/admin-manual-reset.mdoc b/src/content/docs/maintaining-fossbilling/admin-manual-reset.mdoc
@@ -22,7 +22,7 @@ Choose the database you installed FOSSBilling on. If you're not sure which one,
     'type' => 'mysql',
     'host' => 'localhost',
     'port' => '3306',
-    'name' => 'fossbilling',  // This is your database name
+    'name' => 'fossbilling',
     'user' => 'fossbilling_user',
     'password' => 'fossbilling_password',
 ],

diff --git a/src/content/docs/product-types/license.mdoc b/src/content/docs/product-types/license.mdoc
@@ -102,20 +102,16 @@ class License_YourPlugin
 {
     public function generate(array $data): string
     {
-        // Generate and return a license key
         return 'YOUR-KEY-HERE';
     }
 
     public function validate(\Model_ServiceLicense $service, array $data): array
     {
-        // Custom validation logic
-        // Throw LogicException if validation fails
-        if (!$valid) {
-            throw new \LogicException('Validation failed', 1020);
+        if (empty($data['host'])) {
+            throw new \LogicException('Host is required', 1020);
         }
 
-        // Return extra data to include in the API response
-        return ['extraKey' => 'extraValue'];
+        return ['host' => $data['host']];
     }
 }
 ```

diff --git a/src/content/docs/security/securing-fossbilling.mdoc b/src/content/docs/security/securing-fossbilling.mdoc
@@ -18,7 +18,6 @@ These settings live in your `config.php` file and control FOSSBilling's built-in
 | `session_lifespan` | `7200` | `int` | How long sessions remain valid (in seconds). Default is 2 hours. After this, sessions expire and are destroyed. |
 
 ```php
-// Example configuration
 'security' => [
     'mode' => 'strict',
     'force_https' => true,
@@ -33,7 +32,6 @@ These settings live in your `config.php` file and control FOSSBilling's built-in
 | `CSRFPrevention` | `true` | `bool` | Enables CSRF protection. Keep this enabled unless it's causing specific issues. |
 
 ```php
-// Example configuration
 'api' => [
     'CSRFPrevention' => true,
 ],