Skip to content

docs(self-enterprise): resync docs with current dashboard UI, webhooks, and SDK#22

Merged
kartikmehta8 merged 7 commits into
mainfrom
docs/self-enterprise-ui-resync
Jun 9, 2026
Merged

docs(self-enterprise): resync docs with current dashboard UI, webhooks, and SDK#22
kartikmehta8 merged 7 commits into
mainfrom
docs/self-enterprise-ui-resync

Conversation

@kartikmehta8

@kartikmehta8 kartikmehta8 commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown
Member

Summary

Re-audited the Self Enterprise docs against the current code (dashboard-web, control-plane-api, the webhook-endpoints + dispatcher services, and the Enterprise SDK) and corrected the drift from the recent dashboard, webhook, and SDK changes. Also disambiguates Self Enterprise from the open-source Self Pass SDK so misdirected users land in the right place.

What changed

Self Enterprise — resync with current product

  • Navigation: API keys and Webhooks moved out of Settings into the sidebar Developer section. API keys are generated on Developer → API keys (org-scoped, Test|Live strip, "Generate key", 2-active-keys-per-env cap, owner/admin only); webhooks under Developer → Webhooks. Fixed every "Deploy tab" / "Settings → Webhooks" reference.
  • Product page tabs are Configure / Test / Live / Activity log / settings (old single Deploy tab gone); flowId + SDK snippets live on Test/Live, gated until publish. The product "settings" tab is Archive + a usage snapshot.
  • Security level relabeled Standard / Hi-security in the UI (enum stays biometric); activity log shows "High Security".
  • Webhooks now cover only verification.completed — the storage events are no longer delivered to customer endpoints.
  • Webhook setup flow: saving an endpoint does no reachability probe and reveals the signing secret immediately; reachability is a separate, repeatable Send Test Request. Dropped the "must return 2xx to save" model and the Express 200-stub boilerplate; documented Rotate secret.
  • No vendor webhook headers: docs no longer name the delivery's signature headers. Integrators use the SDK (which reads the headers off the request) and the payload's verification_id; dropped the manual HMAC scheme.
  • Credits: real per-product costs (Pre KYC 25, Age Verification 10, Proof of Human 10) from packages/lib check-costs.ts, replacing the illustrative 1/2/3.
  • SDK reference: removed the contradictory Compatibility/semver section (it's 0.x; pin a version).
  • Billing: removed the non-existent low-balance warning. Refreshed dashboard screenshots.

Self Enterprise ≠ Self Pass

  • Loud banner on the Self Pass quickstart, plus small notes on the Pass overview and frontend/backend API references, pointing Enterprise users to the Enterprise quickstart.
  • Enterprise SDK reference + migration guide: state plainly that you redirect to the hosted verificationUrl and never render your own QR (@selfxyz/qrcode).
  • Dashboard webhooks: require the full URL including the path, with a warning that a bare domain swallows deliveries on the page route.

Commits

  1. Resync with current dashboard UI + remove storage events (b2c7879)
  2. Clarify Enterprise vs Pass, no self-rendered QR, full webhook path (7cec3fd)
  3. Note Enterprise alternative on Pass API references + overview (92f8c4c)
  4. Update images (34f7cda)
  5. Webhook save no longer requires a 2xx test (bca9c0f)
  6. Real per-product credit costs; drop SDK compatibility section (17ac6a5)
  7. Remove vendor webhook headers from docs (821f7e1)

kartikmehta8 and others added 5 commits June 8, 2026 18:07
@kartikmehta8 @claude
docs(self-enterprise): resync with current dashboard UI + remove stor…
b2c7879 
…age events

Re-audited the docs against the current frontend, control-plane, and SDK and
corrected the drift from the recent dashboard changes:

- Navigation: API keys and Webhooks moved out of Settings into the sidebar
  Developer section. API keys are now generated on Developer → API keys
  (org-scoped, Test|Live strip, "Generate key", 2-active-keys-per-env cap,
  owner/admin only). Webhooks are under Developer → Webhooks. Updated every
  "Deploy tab" / "Settings → Webhooks" reference.
- Product page tabs are Configure / Test / Live / Activity log / settings
  (the old single Deploy tab is gone); flowId + SDK snippets live on Test/Live,
  which gate until publish. The product "settings" tab is Archive + a usage
  snapshot.
- Security level relabeled Standard / Hi-security in the UI (enum stays
  biometric); activity log shows "High Security".
- Webhook docs now cover only verification.completed — the storage_committed /
  storage_failed events are no longer delivered to customer endpoints. Trimmed
  events, overview, verify-webhooks, best-practices, api-reference, nodejs.
- Billing: dropped the non-existent low-balance warning.
- Refreshed the api-key-test screenshot.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@kartikmehta8 @claude
docs: clarify Enterprise vs Pass, no self-rendered QR, full webhook path
7cec3fd 
Senior review feedback:

- Self Pass quickstart now opens with a loud banner: Enterprise users are in
  the wrong place, on Enterprise you do NOT install @selfxyz/qrcode or render
  your own QR, with a link to the Enterprise quickstart.
- Enterprise SDK reference: drop the misleading "(or render it as a QR code)"
  and state plainly that you redirect to the hosted verificationUrl.
- Migration guide: stop advising Pass users to keep rendering their own QR;
  redirect to verificationUrl and remove @selfxyz/qrcode.
- Dashboard webhooks: require the full URL including the path, with a warning
  that a bare domain returns 200 from the page route and swallows deliveries.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@kartikmehta8 @claude
docs(self-pass): note Enterprise alternative on API references + over…
92f8c4c 
…view

Add a small info banner pointing Enterprise users to the Enterprise
quickstart on the Self Pass overview and the frontend/backend API
references, so people who land there don't render their own QR or run
the verifier when they meant to use the managed platform.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@kartikmehta8
update images
34f7cda
@kartikmehta8 @claude
docs(self-enterprise): webhook save no longer requires a 2xx test
bca9c0f 
The create flow changed (webhook-endpoints service + "Save" split): saving
an endpoint does no reachability probe and returns the signing secret
immediately; reachability is a separate, repeatable "Send Test Request" on
the saved row.

- dashboard/webhooks: drop "Stand up an endpoint first" + the 200-stub
  boilerplate; new flow is Add webhook -> Save (secret revealed once) ->
  verify signature -> optional Send Test Request; add Rotate secret to managing.
- quickstart step 6: no reachable-first prerequisite; Save and copy the secret,
  Send Test Request once the handler is deployed.
- webhooks overview + SDK verify-webhooks: drop "must return 2xx to be saved".

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@kartikmehta8 kartikmehta8 changed the title docs(self-enterprise): resync with current dashboard UI + remove stor… docs(self-enterprise): resync docs with current dashboard UI, webhooks, and SDK Jun 9, 2026
@kartikmehta8 kartikmehta8 self-assigned this Jun 9, 2026
kartikmehta8 and others added 2 commits June 9, 2026 13:03
@kartikmehta8 @claude
docs(self-enterprise): real per-product credit costs; drop SDK compat…
17ac6a5 
…ibility section

- credits-and-usage: replace the illustrative 1/2/3 with the product-confirmed
  costs (Pre KYC 25, Age Verification 10, Proof of Human 10) from
  packages/lib check-costs.ts (ATOMIC_PRICES, SELF-3046); note the cost is
  fixed at session creation.
- sdk/nodejs: remove the Compatibility section — its semver promise
  contradicted the "0.x may break" line, and the passthrough note already
  lives in the webhook event catalog.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@kartikmehta8 @claude
docs(self-enterprise): remove vendor webhook headers from docs
821f7e1 
The delivery's signature headers are vendor-specific, so stop naming them
in the docs. Integrators use the SDK (which reads the headers off the
request itself) and the payload's verification_id.

- verify-webhooks / api-reference: SDK examples pass the whole request
  headers object instead of naming individual signature headers.
- signature-verification: drop the manual HMAC scheme and the
  other-languages header detail; the SDK is the supported path.
- overview: remove the Headers block; dedupe on verification_id.
- best-practices / troubleshooting: log and correlate by verification_id.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@kartikmehta8 kartikmehta8 merged commit d071ba0 into main Jun 9, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shazarre shazarre shazarre approved these changes

Assignees

@kartikmehta8 kartikmehta8

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kartikmehta8 @shazarre