[v4] Configurations & Database rework

docs/.vuepress/config.js

@@ -58,6 +58,7 @@ const sidebar = {
               title: 'Optional configurations',
               collapsable: true,
               children: [
+                ['/developer-docs/latest/setup-deployment-guides/configurations/optional/api-tokens.md', 'API tokens'],
                 ['/developer-docs/latest/setup-deployment-guides/configurations/optional/functions.md', 'Functions'],
                 ['/developer-docs/latest/setup-deployment-guides/configurations/optional/cronjobs.md', 'Cron jobs'],
                 ['/developer-docs/latest/setup-deployment-guides/configurations/optional/api.md', 'API'],

docs/developer-docs/latest/development/backend-customization/policies.md

@@ -65,7 +65,7 @@ To apply policies to a route, add them to its configuration object (see [routes
 Policies are called different ways depending on their scope:
 
 - use `global::policy-name` for [global policies](#global-policies)
-- use `api::api-name.policy-name` for [API policies](#API-policies)
+- use `api::api-name.policy-name` for [API policies](#api-policies)
 - use `plugin::plugin-name.policy-name` for [plugin policies](#plugin-policies)
 
 ::: tip

docs/developer-docs/latest/development/backend-customization/routes.md

@@ -279,7 +279,7 @@ module.exports = {
 
 ### Public routes
 
-By default, routes are protected by Strapi's authentication system, which is based on [API tokens](/developer-docs/latest/setup-deployment-guides/configurations/required/admin-panel.md#api-tokens) or on the use of the [Users & Permissions plugin](/user-docs/latest/plugins/strapi-plugins.md#users-permissions-plugin).
+By default, routes are protected by Strapi's authentication system, which is based on [API tokens](/developer-docs/latest/setup-deployment-guides/configurations/optional/api-tokens.md) or on the use of the [Users & Permissions plugin](/user-docs/latest/plugins/strapi-plugins.md#users-permissions-plugin).
 
 In some scenarios, it can be useful to have a route publicly available and control the access outside of the normal Strapi authentication system. This can be achieved by setting the `auth` configuration parameter of a route to `false`:
 

docs/developer-docs/latest/plugins/graphql.md

@@ -384,7 +384,7 @@ When [extending the GraphQL schema](#extending-the-schema), the `resolversConfig
 
 ##### Authorization configuration
 
-By default, the authorization of a GraphQL request is handled by the registered authorization strategy that can be either [API token](/developer-docs/latest/setup-deployment-guides/configurations/required/admin-panel.md#api-tokens) or through the [Users & Permissions plugin](#usage-with-the-users-permissions-plugin). The Users & Permissions plugin offers a more granular control.
+By default, the authorization of a GraphQL request is handled by the registered authorization strategy that can be either [API token](/developer-docs/latest/setup-deployment-guides/configurations/optional/api-tokens.md) or through the [Users & Permissions plugin](#usage-with-the-users-permissions-plugin). The Users & Permissions plugin offers a more granular control.
 
 ::: details Authorization with the Users & Permissions plugin
 With the Users & Permissions plugin, a GraphQL request is allowed if the appropriate permissions are given.

docs/developer-docs/latest/setup-deployment-guides/configurations.md

@@ -64,6 +64,7 @@ Some parts of Strapi must be configured for the Strapi application to work prope
 
 Strapi also offers the following optional configuration options for specific features:
 
+- [API tokens](/developer-docs/latest/setup-deployment-guides/configurations/optional/api-tokens.md)
 - [functions](/developer-docs/latest/setup-deployment-guides/configurations/optional/functions.md)
 - [cron jobs](/developer-docs/latest/setup-deployment-guides/configurations/optional/cronjobs.md)
 - [API calls](/developer-docs/latest/setup-deployment-guides/configurations/optional/api.md)
@@ -72,4 +73,3 @@ Strapi also offers the following optional configuration options for specific fea
 - [public assets](/developer-docs/latest/setup-deployment-guides/configurations/optional/public-assets.md)
 - [Single Sign-On](/developer-docs/latest/setup-deployment-guides/configurations/optional/sso.md) <GoldBadge link="https://strapi.io/pricing-self-hosted/" withLinkIcon />
 - [Role-Based Access Control](/developer-docs/latest/setup-deployment-guides/configurations/optional/rbac.md) <BronzeBadge link="https://strapi.io/pricing-self-hosted"/> <SilverBadge link="https://strapi.io/pricing-self-hosted"/> <GoldBadge link="https://strapi.io/pricing-self-hosted" withLinkIcon/>
-

docs/developer-docs/latest/setup-deployment-guides/configurations/optional/api-tokens.md

@@ -0,0 +1,31 @@
+---
+title: API tokens - Strapi Developer Docs
+description:
+---
+
+# API tokens
+
+Authentication strategies in Strapi can either be based on the use of the [Users & Permissions plugin](/user-docs/latest/users-roles-permissions/introduction-to-users-roles-permissions.md) or on the built-in API token feature.
+
+Using API tokens allows executing a request on [REST API](/developer-docs/latest/developer-resources/database-apis-reference/rest-api.md) endpoints as an authenticated user. 
+
+## Creation
+
+New API tokens are generated from the [admin panel](/user-docs/latest/settings/managing-global-settings.md#managing-api-tokens).
+
+## Usage
+
+When performing a request to Strapi's [REST API](/developer-docs/latest/developer-resources/database-apis-reference/rest-api.md), the API token should be added to the request's `Authorization` header with the following syntax: `bearer your-api-token`.
+
+## Configuration
+
+New API tokens are generated using a salt. This salt is automatically generated by Strapi and stored in `./config/admin.js` as `apiToken.salt`.
+
+The salt can be customized:
+
+- either by updating the string value for `apiToken.salt` in `./config/admin.js` (see [admin panel configuration documentation](/developer-docs/latest/setup-deployment-guides/configurations/required/admin-panel.md))
+- or by creating an `API_TOKEN_SALT` [environment variable](/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.md#environment-variables) in the `.env` file of the project
+
+::: caution
+Changing the salt invalidates all the existing API tokens.
+:::

docs/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.md

@@ -69,7 +69,7 @@ Some settings can only be modified through environment variables:
 | `BROWSER`                             | Boolean | Open the admin panel in the browser after startup                                                                                                                                                                                                                                                                                   | `true`          |
 | `ENV_PATH`                            | String | Path to the file that contains your environment variables                                                                                                                                                                                                                                                                           | `'./.env'`      |
 | `STRAPI_PLUGIN_I18N_INIT_LOCALE_CODE` <br/><br/>_Optional_| String | Initialization locale for the app, if the [Internationalization (i18n) plugin](/developer-docs/latest/plugins/i18n.md) is installed and enabled on Content-Types (see [Configuration of i18n in production environments](/developer-docs/latest/plugins/i18n.md#configuration-in-production-environments)) | `'en'`          |
-| `API_TOKEN_SALT`<br/><br/>_Optional_   | String | Salt to use to generate [API tokens](/developer-docs/latest/setup-deployment-guides/configurations/required/admin-panel.md#api-tokens) | - |
+| `API_TOKEN_SALT`<br/><br/>_Optional_   | String | Salt to use to generate [API tokens](/developer-docs/latest/setup-deployment-guides/configurations/optional/api-tokens.md) | - |
 
 ### Configuration using environment variables