ory · vinckr · May 12, 2025 · May 8, 2025 · May 8, 2025 · May 9, 2025
@@ -76,8 +76,7 @@ To integrate Mailchimp using Ory Actions, you must complete these steps:
    :::
 
 4. Using the API key from the previous step, create an Ory Action for triggering a transactional email whenever a user completes
-   the registration flow. See [Mailchimp integration with Ory Actions](https://www.ory.sh/docs/actions/integrations/mailchimp) in
-   the Ory documentation.
+   the registration flow.
 5. Test the integration by signing up with a test account in your Ory Network project and checking that the corresponding user
    data is updated in Mailchimp.
 

@@ -10,7 +10,7 @@ This document covers browser redirects for Server Side Applications (Node.js, PH
 Set dynamic redirects using the `?return_to=` query parameter on self-service flows. For example: a user opens a sharable link to
 go to `https://myapp.com/posts`. This URL requires the user to have an active session and redirects the user back to the login
 page. To return the user back to the original URL, append `?return_to=https://myapp.com/posts` when starting the
-[self-service login flow](https://www.ory.sh/docs/reference/api#operation/initializeSelfServiceLoginFlowForBrowsers):
+[self-service login flow](../reference/api#operation/initializeSelfServiceLoginFlowForBrowsers):
 
 ```js
 curl -X GET 'http://<your-project>.projects.oryapis.com/self-service/login/browser?return_to=...'

@@ -50,14 +50,14 @@ import CreateProject from '../_common/create-project.mdx'
 
 ## Install Ory CLI
 
-To install Ory CLI follow [this guide](https://www.ory.sh/docs/guides/ory-cli-install-use)
+Follow [this guide](../../guides/cli/01_installation.mdx) to install the Ory CLI on your machine.
 
 ### Why do I need the Ory CLI
 
 ```mdx-code-block
 import OryCLI from '../_common/ory-cli.mdx'
 
-<OryCLI />
+<OryCLI isTunnel={true} />
 ```
 
 ## Create an Entry Page

@@ -46,9 +46,9 @@ Follow these steps:
 
 Ory Network offers different environments for production, staging, and development. These are called Ory Network projects.
 
-Review rate limits in the [Project Rate Limits](https://www.ory.sh/docs/guides/rate-limits) documentation. To match configuration
-between projects use the [Ory CLI](https://www.ory.sh/docs/guides/cli/config-with-cli) For more information what environments are
-included on the Ory Network plans, head over to the [Pricing](https://ory.sh/pricing) page.
+Review rate limits in the [Project Rate Limits](../guides/rate-limits) documentation. To match configuration between projects use
+the [Ory CLI](../guides/cli/config-with-cli). For more information on what environments are included on the Ory Network plans head
+over to the [pricing](https://ory.sh/pricing) page.
 
 :::danger
 

@@ -234,7 +234,7 @@ challenge will always instruct you to show the login UI.
 ## Where can I get documentation on running multiple instances of Hydra?
 
 Hydra scales according to 12 factor principles. Just add another instance with the same config. Please check the
-[documentation section for 12 factor principles](https://www.ory.sh/docs/ecosystem/cloud-native).There is also some information on
+[documentation section for 12 factor principles](../ecosystem/software-architecture-philosophy). There is also some information on
 collecting statistics in the section on [prometheus](https://github.com/prometheus) in the
 [five minute tutorial](self-hosted/quickstart.mdx).
 

@@ -123,8 +123,8 @@ Ory will perform a POST request with a JSON payload towards your endpoint.
 ```
 
 `session` represents the OAuth2 session, along with the data that was passed to the
-[Accept Consent Request](https://www.ory.sh/docs/hydra/reference/api#operation/acceptConsentRequest) in the `id_token` field (only
-applicable to Authorization code flows).
+[Accept Consent Request](../../hydra/reference/api#operation/acceptConsentRequest) in the `id_token` field (only applicable to
+Authorization code flows).
 
 `request` contains information from the OAuth client's request to the token endpoint.
 

@@ -260,8 +260,8 @@ func main() {
 
 ### Fake TLS termination
 
-You can set Ory Hydra to HTTPS mode without actually accepting TLS connections, visit
-[Preparing for Production](https://www.ory.sh/docs/hydra/production#tls-termination) to learn more. The following code example
+You can set Ory Hydra to HTTPS mode without actually accepting TLS connections, visit the
+[Preparing for Production](../../hydra/self-hosted/production#tls-termination) document to learn more. The following code example
 shows how to configure Ory Hydra to fake a TLS termination:
 
 ```go

@@ -34,5 +34,5 @@ Running SQL migrations in Docker is very easy, check out the
 
 ### Configuration
 
-For more information on configuring the DSN (Data-Source-Name), head over to
-[Deployment Fundamentals and Requirements](https://www.ory.sh/docs/ecosystem/deployment).
+For more information on configuring the DSN (Data-Source-Name), head over to the
+[Deployment Fundamentals and Requirements](../../self-hosted/deployment) document.
@@ -8,9 +8,8 @@ import CodeBlock from "@theme/CodeBlock"
 
 This guide explains how to set up and run Ory Hydra in an exemplary production environment. It uses Postgres as database, Nginx as
 reverse proxy, and Digital Ocean as cloud provider. You can use another
-[relational database](https://www.ory.sh/docs/ecosystem/deployment#data-storage-and-persistence), a different reverse proxy,
-deploy on any other cloud host, and
-[spin up a custom user interface in your favorite language](https://www.ory.sh/docs/hydra/sdk/) - this is just an example!
+[relational database](../../self-hosted/deployment#data-storage-and-persistence), a different reverse proxy, deploy on any other
+cloud host, and [spin up a custom user interface in your favorite language](../sdk/overview) - this is just an example!
 
 ## Create a Droplet
 
@@ -228,7 +227,7 @@ Thank you for using Ory Hydra ${useLatestRelease("hydra")}!
    WantedBy=multi-user.target
    ```
 
-[Read more about the administrative and public APIs](https://www.ory.sh/docs/hydra/production#exposing-administrative-and-public-api-endpoints).
+[Read more about the administrative and public APIs](../self-hosted/production/#exposing-administrative-and-public-api-endpoints).
 
 4. To run Ory Hydra using systemd add the systemd service to startup:
 
@@ -323,7 +322,7 @@ instances of Ory Hydra running on the various virtual machines. We need two upst
 - public_api to proxy traffic to the Public API of Ory Hydra
 - admin_api to proxy traffic to the Admin API of Ory Hydra
 
-[Read more about exposing admin and public API endpoints](https://www.ory.sh/docs/hydra/production#exposing-administrative-and-public-api-endpoints).
+[Read more about exposing admin and public API endpoints](../self-hosted/production#exposing-administrative-and-public-api-endpoints).
 
 5. Add the following configuration before the `server` section to the `/etc/nginx/sites-enabled/oauth2.example.com` file:
 

@@ -7,7 +7,7 @@ Read this document to prepare for production when self-hosting Ory Hydra.
 Feel free to [open an issue or pull request](https://github.com/ory/docs/) when you have an idea how to improve this
 documentation.
 
-Read more about [deployment fundamentals and requirements for Ory](https://www.ory.sh/docs/ecosystem/deployment).
+Read more about [deployment fundamentals and requirements for Ory](../../self-hosted/deployment).
 
 ## Ory Hydra behind an API gateway
 

@@ -6,8 +6,8 @@ sidebar_label: Ory Identities
 
 Ory Identities is an API-first identity and user management system built on top of the widely deployed open-source
 [Ory Kratos Identity Server](https://github.com/ory/kratos) following
-[cloud architecture best practices](https://www.ory.sh/docs/ecosystem/software-architecture-philosophy/). It implements mechanisms
-that allow handling core use cases that the majority of modern software applications have to deal with:
+[cloud architecture best practices](ecosystem/software-architecture-philosophy.md). It implements mechanisms that allow handling
+core use cases that the majority of modern software applications have to deal with:
 
 - **Self-service login and registration**: Allow end-users to create and sign in to accounts using username/email and password
   combinations, social sign-in ("Sign in with Google, GitHub"), passwordless flows, and others.

@@ -72,7 +72,7 @@ However, you can use the existing schema as a template to create a new schema. S
 [Creating custom schemas](#creating-custom-schemas) and select the current schema as a template.
 
 It's recommended to manage identity schemas in version control. Learn more about
-[managing Ory Network configuration in git](http://ory.sh/docs/guides/gitops).
+[managing Ory Network configuration in git](../../guides/gitops).
 
 ## Update identities to use a new schema
 
@@ -105,9 +105,8 @@ the steps 4 to 7 or check out the example code for bulk updating identities belo
 
 4. Find the identity to be updated and note down their `id`.
 
-5. To update the identity, you need to use the
-   [Admin API](https://www.ory.sh/docs/reference/api#tag/identity/operation/updateIdentity). The API requires the Ory Network
-   [Project slug](https://console.ory.sh/projects/current/settings),
+5. To update the identity, you need to use the [Admin API](../../reference/api#tag/identity/operation/updateIdentity). The API
+   requires the Ory Network [Project slug](https://console.ory.sh/projects/current/settings),
    [API Key](https://console.ory.sh/projects/current/developers), and identity ID. Set them as environment variables:
 
    ```bash
@@ -124,7 +123,7 @@ the steps 4 to 7 or check out the example code for bulk updating identities belo
 <Tabs>
 <TabItem value="updateidentitypatch" label="cURL and patchIdentity" default>
 
-Using the [patchIdentity API](https://www.ory.sh/docs/reference/api#tag/identity/operation/patchIdentity), you can change the
+Using the [patchIdentity API](../../reference/api#tag/identity/operation/patchIdentity), you can change the
 identity schema and traits directly.
 
 Using patchIdentity is the recommended way to update identities.
@@ -160,7 +159,7 @@ This should return the modified identity as the response.
 
 :::note
 
-This example uses the [Ory Go SDK](https://github.com/ory/client-go). If you wish to use a different programming language for identity schema migration, you can apply the same logic using the [Ory SDK for your programming language](https://www.ory.sh/docs/sdk). Ory can also provide
+This example uses the [Ory Go SDK](https://github.com/ory/client-go). If you wish to use a different programming language for identity schema migration, you can apply the same logic using the [Ory SDK for your programming language](../../sdk). Ory can also provide
 example code in your preferred language. Please contact `support@ory.sh`.
 
 :::
@@ -259,7 +258,7 @@ func migrateSchema(toSchema, identityID string) error {
 
 <TabItem value="updateidentitycurlput" label="cURL and updateIdentity">
 
-Update the identity using the [updateIdentity API](https://www.ory.sh/docs/reference/api#tag/identity/operation/updateIdentity):
+Update the identity using the [updateIdentity API](../../reference/api#tag/identity/operation/updateIdentity):
 
 1. Save the existing identity
 
@@ -289,7 +288,7 @@ Update the identity using the [updateIdentity API](https://www.ory.sh/docs/refer
 
 :::info
 
-The [updateIdentity API](https://www.ory.sh/docs/reference/api#tag/identity/operation/updateIdentity) overwrites the existing identity with the one provided in the request body. Omit any fields that should not be changed, including the `credentials` field.
+The [updateIdentity API](../../reference/api#tag/identity/operation/updateIdentity) overwrites the existing identity with the one provided in the request body. Omit any fields that should not be changed, including the `credentials` field.
 
 :::
 

@@ -107,9 +107,9 @@ ExpressJS, React, or Preact.
 
 ### Ory Actions
 
-[Ory Actions](https://www.ory.sh/docs/kratos/hooks/configure-hooks) provide a flexible way to extend the capabilities of the Ory
-Network by defining custom business logic, automating system behavior in response to events, and integrating with third-party
-services such as CRM platforms, payment gateways, business analytics tools, and integration platforms.
+[Ory Actions](./kratos/hooks/configure-hooks) provide a flexible way to extend the capabilities of the Ory Network by defining
+custom business logic, automating system behavior in response to events, and integrating with third-party services such as CRM
+platforms, payment gateways, business analytics tools, and integration platforms.
 
 ## Ory Open Source
 

@@ -3,10 +3,8 @@ id: migrating-legacy-policies
 title: Migrating policies from 0.5 to 0.6
 ---
 
-0.6 release makes Ory Access Control Policy DSL modeled after AWS IAM Policies obsolete. This guide will help you to rewrite your
-policies in to [relation-tuples](https://www.ory.sh/docs/keto/concepts/relation-tuples). You can read
-[The Evolution of Ory Keto: A Global Scale Authorization System](https://www.ory.sh/keto-zanzibar-evolution/) blogpost to
-understand a benefits of 0.6 release
+The 0.6 release of Ory Keto makes Ory Access Control Policy DSL modeled after AWS IAM Policies obsolete. This guide will help you
+to rewrite your policies in to [relation-tuples](../concepts/relation-tuples).
 
 ## Legacy rules example
 
@@ -24,8 +22,8 @@ The policy below allows `Alice` and `Bob` to create/read/modify/delete `blog_pos
 
 ## Rewriting it to relationships
 
-According to the example above we need to create required [namespace](https://www.ory.sh/docs/keto/concepts/namespaces) and
-[relationship](https://www.ory.sh/docs/keto/concepts/relation-tuples)
+According to the example above we need to create required [namespace](../concepts/namespaces) and
+[relationship](../concepts/relation-tuples).
 
 General mapping from old to new policies
 
@@ -35,7 +33,7 @@ General mapping from old to new policies
 - Effect -> Became obsolete or can be considered as Relations
 
 We need to have `blog_posts` namespace for our example. Let's add the following content to `keto.yml` configuration file. You can
-find a good template [here](https://www.ory.sh/docs/keto/reference/configuration).
+find a template in the configuration overview [here](../reference/configuration).
 
 ```yaml
 namespaces:
@@ -99,17 +97,15 @@ keto relation-tuple parse alice_policies --format json | \
   || echo "Encountered error"
 ```
 
-Bob
-
 ```bash
 keto relation-tuple parse bob_policies --format json | \
   keto relation-tuple create - >/dev/null \
   && echo "Successfully created tuple" \
   || echo "Encountered error"
 ```
 
-Now, we can use the [check-API](https://www.ory.sh/docs/keto/guides/simple-access-check-guide) to verify that `alice` is allowed
-to `read` the `my-first-blog-post`:
+Now we can use the [check-API](../guides/simple-access-check-guide) to verify that `alice` is allowed to `read` the
+`my-first-blog-post`:
 
 ```sh
 keto check alice read blog_posts my-first-blog-post
@@ -132,5 +128,5 @@ Denied
 
 ## Next steps
 
-- [Check whether a User has Access to Something](https://www.ory.sh/docs/keto/guides/simple-access-check-guide)
-- [List API: Display all Objects a User has Access to](https://www.ory.sh/docs/keto/guides/list-api-display-objects)
+- [Check whether a user has access to something](../guides/simple-access-check-guide)
+- [List API: Display all objects a user has access to](../guides/list-api-display-objects)
@@ -7,12 +7,12 @@ Read this document to prepare for production when self-hosting Ory Keto.
 Feel free to [open an issue or pull request](https://github.com/ory/docs/) when you have an idea how to improve this
 documentation.
 
-Read more about [deployment fundamentals and requirements for Ory](https://www.ory.sh/docs/ecosystem/deployment).
+Read more about [deployment fundamentals and requirements for Ory](../../self-hosted/deployment).
 
 ## Database
 
 Ory Keto requires a production-grade database such as PostgreSQL, MySQL, CockroachDB. Don't use SQLite in production! Read more
-about [deployment fundamentals and requirements for Ory](https://www.ory.sh/docs/ecosystem/deployment).
+about [deployment fundamentals and requirements for Ory](../../self-hosted/deployment).
 
 ## Ory Keto API behind an API gateway
 

@@ -49,7 +49,7 @@ to have access only during work hours), or in multi-tenant environments.
 We need to have three groups, `finance`, `marketing`, `community`. Also, we need to have two namespaces: `reports` to manage
 access control and `groups` to add users to this group
 
-Let's add namespaces to Keto config. [here](https://www.ory.sh/docs/keto/reference/configuration)
+Let's add namespaces to Keto config. See the full reference API config [here](../../keto/reference/configuration).
 
 ```yaml
 # ...

@@ -44,8 +44,8 @@ the request subject's read permission on the file should be checked first.
 :::info
 
 Authentication isn't part of the permission check API, but it's a prerequisite for any permission check to be meaningful. One way
-to implement authentication is to use [Ory Identities](https://www.ory.sh/docs/welcome#identities-and-sessions), which provide a
-secure and robust authentication system for your application.
+to implement authentication is to use [Ory Identities](../../intro#identities-and-sessions), which provide a secure and robust
+authentication system for your application.
 
 :::
 

@@ -18,8 +18,8 @@ You can find more examples of SDK usage in the auto-generated documentation
 
 Ory Keto exposes two APIs for integration
 
-- [gRPC](http://ory.sh/docs/keto/reference/proto-api)
-- [REST](http://ory.sh/docs/keto/reference/rest-api)
+- [gRPC](../reference/proto-api)
+- [REST](../reference/rest-api)
 
 ## Installation
 
@@ -58,7 +58,7 @@ class Blog implements Namespace {
 ```
 
 If you want to learn more about creating permission rules read the
-[Create a permission model](https://www.ory.sh/docs/keto/modeling/create-permission-model) guide.
+[Create a permission model](../modeling/create-permission-model) guide.
 
 ### CreateRelationship and CheckPermission
 

@@ -69,7 +69,7 @@ password policy, refer to the [password policy page](../../concepts/password-pol
 ## OAuth 2.0 security
 
 Ory OAuth2 and OpenID Connect is a certified OAuth2 and OpenID Connect provider. You can read more in the
-[OAuth 2.0 security overview](https://www.ory.sh/docs/hydra/security-architecture) documentation.
+[OAuth 2.0 security overview](../../hydra/security-architecture) documentation.
 
 ## CAPTCHAs
 

@@ -4,7 +4,7 @@ title: Configure Ory Kratos
 ---
 
 This document describes _how_ the service can be configured. For a documentation on all configuration values head over to the
-[configuration reference](reference/configuration.mdx).
+[configuration reference](./reference/configuration.mdx).
 
 ## Configuration file
 
@@ -20,4 +20,4 @@ described in the following section.
 Environmental variables take precedence over config file values. Nested paths get mapped to config values by putting an underscore
 `_` between every level, so `selfservice.flows.settings.ui_url` becomes `SELFSERVICE_FLOWS_SETTINGS_UI_URL=<value>`.
 
-Please note that there are some caveats when using env vars [documented here](https://www.ory.sh/docs/ecosystem/configuring).
+Please note that there are some caveats when using env vars [documented here](../ecosystem/configuring).
@@ -9,9 +9,8 @@ import CodeBlock from "@theme/CodeBlock"
 This guide explains how to set up and run Ory Kratos in an exemplary production environment. It uses Postgres as database, Nginx
 as reverse proxy, Digital Ocean as cloud provider, and the
 [Ory Kratos Node.js UI Reference](https://github.com/ory/kratos-selfservice-ui-node) as user interface. You can use another
-[relational database](https://www.ory.sh/docs/ecosystem/deployment#data-storage-and-persistence), a different reverse proxy,
-deploy on any other cloud host, and
-[spin up a custom interface in your favorite language](https://www.ory.sh/docs/kratos/sdk/overview) - this is just an example!
+[relational database](../../self-hosted/deployment#data-storage-and-persistence), a different reverse proxy, deploy on any other
+cloud host, and [spin up a custom interface in your favorite language](../sdk/overview) - this is just an example!
 
 ## Create a Droplet