From a1cd37e4f4223e97f3da0ca58bb97e6784a45270 Mon Sep 17 00:00:00 2001 From: miloschwartz Date: Sat, 11 Apr 2026 21:21:55 -0700 Subject: [PATCH] adjustments --- docs.json | 20 ++++++++++---------- manage/access-control/links.mdx | 24 ++++++++++++++---------- 2 files changed, 24 insertions(+), 20 deletions(-) diff --git a/docs.json b/docs.json index c237fcf..64359f4 100644 --- a/docs.json +++ b/docs.json @@ -69,7 +69,6 @@ } ] }, - "manage/access-control/links", { "group": "Clients", "icon": "desktop", @@ -96,18 +95,19 @@ "icon": "user-group", "pages": [ "manage/access-control/create-user", - "manage/access-control/approvals", - "manage/access-control/rules", - "manage/access-control/forwarded-headers", - "manage/access-control/login-page", + "manage/access-control/mfa", + "manage/access-control/security-keys", + "manage/access-control/session-length", + "manage/access-control/password-rotation", + "manage/access-control/change-password", "manage/ssh", + "manage/access-control/rules", "manage/geoblocking", "manage/asnblocking", - "manage/access-control/mfa", - "manage/access-control/password-rotation", - "manage/access-control/session-length", - "manage/access-control/change-password", - "manage/access-control/security-keys" + "manage/access-control/links", + "manage/access-control/approvals", + "manage/access-control/forwarded-headers", + "manage/access-control/login-page" ] }, { diff --git a/manage/access-control/links.mdx b/manage/access-control/links.mdx index 2baec44..c34a79b 100644 --- a/manage/access-control/links.mdx +++ b/manage/access-control/links.mdx @@ -1,6 +1,5 @@ --- -title: "Links" -icon: "link" +title: "Shareable Links" description: "Create Links and use access tokens for browser or programmatic access." --- @@ -8,13 +7,11 @@ import PangolinCloudTocCta from "/snippets/pangolin-cloud-toc-cta.mdx"; -Links in the Pangolin dashboard - -Links are special URLs that grant access to one resource without requiring the recipient to sign in as a Pangolin user. +Links are special URLs that grant access to one resource without requiring the recipient to sign in as a Pangolin user. Anyone with a web browser on the internet can access the resource if they have a valid Link. When you create a Link, Pangolin gives you two ways to use it: -- **Link**: Send this to a person. This is a Pangolin-hosted URL, usually on your Pangolin domain, that validates the Link and then redirects them to the resource. +- **Link**: This is a Pangolin-hosted URL that validates the validity of the Link and then redirects them to the resource. - **Access Token Usage**: Use this only when making direct requests to the resource URL from scripts, tools, or integrations. ## Create a Link @@ -26,7 +23,9 @@ From the resource authentication flow, create a Link by: 3. Setting an expiration, or enabling **Never expire** if the link should stay valid until you revoke it. 4. Copying the generated link or access-token details immediately after creation. -Create a Link modal + + Create a Link modal + Anyone with the Link or access token can use it. Treat both like credentials. @@ -45,11 +44,13 @@ This is why the two URLs often look different: - The **Link** is usually on your Pangolin domain. - The **Access Token Usage** examples use the resource URL directly. -Access Token Usage examples + + + ### Query Parameter -By default, Pangolin accepts the access token in the `p_token` query parameter: +Pangolin accepts the access token in the `p_token` query parameter: ```bash curl "https://resource.example.com/?p_token=." @@ -59,6 +60,8 @@ The query-string value is the token ID and token joined with a `.`. Some deployments may use a different query parameter name. +The query parameter must be sent in every request to the resource, not just the first time. + ### Request Headers By default, Pangolin accepts these headers: @@ -79,6 +82,8 @@ This is the same token data as the query-string form, split into two headers ins Some deployments may use different header names. +The headers must be sent in every request to the resource, not just the first time. + ## Expiration and Revocation - Expiring links stop working automatically when their lifetime ends. @@ -89,4 +94,3 @@ Some deployments may use different header names. - Links are best for targeted sharing and automation, not broad long-term access. - Link-based access does not carry per-user identity headers to the upstream app. For identity-aware upstream integrations, see [Forwarded Headers](/manage/access-control/forwarded-headers). -- For the underlying auth settings on the resource itself, see [Authentication](/manage/resources/public/authentication).