Merging to release-5.10: Docs for 5.10 (#7051)

[buger]

User description

Docs for 5.10 (#7051)

• add docs for CertificateExpiringSoon and CertificateExpired events (add docs for CertificateExpiringSoon and CertificateExpired events #6960)

• [DX-2105 / TT-15380] Enhanced JWKS caching ([DX-2105 / TT-15380] Enhanced JWKS caching #7000)

• TT-15401 added external services configuration info ([TT-15401] added external services configuration info #6900)

---

Co-authored-by: Patric Vormstein [email protected]
Co-authored-by: andyo-tyk [email protected]
Co-authored-by: andrei-tyk [email protected]
Co-authored-by: Leonid Bugaev [email protected]

---

PR Type

Documentation, Enhancement

---

Description

• Add certificate expiry events docs

• Detail event-specific metadata fields

• Introduce enhanced JWKS caching docs

• New external services config guide

---

Diagram Walkthrough

flowchart LR
  Events["Gateway events"] -- "add" --> Certs["Certificate expiry types"]
  Events -- "clarify" --> Meta["Common + specific metadata"]
  Auth["JWT/JWKS docs"] -- "enhance" --> Caching["JWKS caching + management"]
  Config["New guide"] -- "add" --> ExtSvc["External Services config"]
  ExtSvc -- "linked in" --> Menu["Docs menu"]

Loading

File Walkthrough

	Relevant files
Documentation	client-authentication.md Minor wording fix for JWT reference link                                  tyk-docs/content/api-management/client-authentication.md Clarify JWT docs link wording. +1/-1      gateway-events.md Certificate events and metadata structure updates                tyk-docs/content/api-management/gateway-events.md Add certificate expiry events section. Define common vs specific event metadata. Add metadata details for certificate events. Normalize note formatting and anchors. +59/-26  external-service.md New External Services configuration guide                                tyk-docs/content/configure/external-service.md New comprehensive External Services configuration guide. Document global proxy and per-service overrides. Detail mTLS options and examples. Include migration, performance, and FAQ. +763/-0
Enhancement	json-web-tokens.md Enhanced JWKS endpoints and caching documentation                tyk-docs/content/basic-config-and-security/security/authentication-authorization/json-web-tokens.md Note Classic field name for jwt source. Split single vs multiple JWKS endpoint guidance. Add JWKS caching, prefetch, and management API docs. Provide compatibility matrix and examples. +78/-4
Configuration changes	menu.yaml Navigation update for External Services guide                        tyk-docs/data/menu.yaml Add menu entry for External Service Config page. +4/-0

---

[github-actions]

⚠️ Deploy preview for PR #7059 did not become live after 3 attempts.
Please check Netlify or try manually: Preview URL

[github-actions]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Use intra-page anchor link This page section’s own ID may differ due to Hugo’s automatic slugging; linking to the current page with a ref and same-page anchor can create circular or broken links. Replace with an intra-page anchor reference without a ref to ensure it jumps correctly. tyk-docs/content/api-management/gateway-events.md [117] -When an event is fired, and an *event handler* is registered for that specific API and event combination, Tyk Gateway provides the handler with a rich set of [metadata]({{< ref "api-management/gateway-events#event-metadata" >}}). The external system (webhook) or custom (JavaScript) code can then use this metadata to decide what action to take. +When an event is fired, and an *event handler* is registered for that specific API and event combination, Tyk Gateway provides the handler with a rich set of [metadata](#event-metadata). The external system (webhook) or custom (JavaScript) code can then use this metadata to decide what action to take. Suggestion importance[1-10]: 6 __ Why: Switching to a local anchor avoids potential ref processing issues and is consistent with other intra-page links in this PR; impact is minor but correct.	Low
	Disambiguate API type support Clarify that multiple JWKS support applies only to OAS APIs; “Tyk OAS APIs” is already stated but consider explicitly excluding Classic to avoid ambiguity with earlier paragraph mentioning Classic. Add a brief parenthetical note. tyk-docs/content/basic-config-and-security/security/authentication-authorization/json-web-tokens.md [313] -From **Tyk 5.9.0** onwards, Tyk OAS APIs can validate against multiple JWKS endpoints, allowing you to use different IdPs to issue JWTs for the same API. Multiple JWKS endpoints can be configured in the `<jwtAuthScheme>.jwksURIs` array. Note that these URIs are not base64 encoded in the API definition and so are human-readable. Tyk will retrieve the JSON Web Key Sets from each of these endpoints and these will be used to attempt validation of the received JWT. +From **Tyk 5.9.0** onwards, Tyk OAS APIs (not Tyk Classic) can validate against multiple JWKS endpoints, allowing you to use different IdPs to issue JWTs for the same API. Multiple JWKS endpoints can be configured in the `<jwtAuthScheme>.jwksURIs` array. Note that these URIs are not base64 encoded in the API definition and so are human-readable. Tyk will retrieve the JSON Web Key Sets from each of these endpoints and these will be used to attempt validation of the received JWT. Suggestion importance[1-10]: 4 __ Why: The clarification is accurate and may reduce ambiguity, but it’s a minor phrasing change since the sentence already specifies “Tyk OAS APIs.”	Low
Possible issue	Fix broken anchor link The link anchor likely doesn't include underscores in the generated slug, which may break navigation. Update the anchor to match the target section's actual ID. Verify the referenced page's heading ID and align the anchor string accordingly. tyk-docs/content/configure/external-service.md [156] -All settings are defined in the `external_services` section of the Gateway `tyk.conf` file (or the equivalent [environment variables]({{< ref "tyk-oss-gateway/configuration#external_services" >}}). +All settings are defined in the `external_services` section of the Gateway `tyk.conf` file (or the equivalent [environment variables]({{< ref "tyk-oss-gateway/configuration#external-services" >}}). Suggestion importance[1-10]: 5 __ Why: Reasonable caution that the anchor may differ, but it’s speculative without evidence; the existing link could be correct given the section name includes an underscore in config keys.	Low

[netlify]

✅ PS. Add to the end of url /docs/nightly

Name	Link
🔨 Latest commit	60a6d5d
🔍 Latest deploy log	https://app.netlify.com/projects/tyk-docs/deploys/68edf2d830eb8000085a7c2f
😎 Deploy Preview	https://deploy-preview-7059--tyk-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ PS. Add to the end of url /docs/nightly

Name	Link
🔨 Latest commit	65c1cd1
🔍 Latest deploy log	https://app.netlify.com/projects/tyk-docs/deploys/68edf8a7777b190008b26617
😎 Deploy Preview	https://deploy-preview-7059--tyk-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.