cherry picked changes from new docs

[dannyroosevelt]

WHY

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced new sections in documentation for "Connect tokens", "Environments", "OAuth Clients", "Webhooks", and "Connect Link".
  • Added detailed documentation for the "Connect Link" feature, enabling easier third-party account connections.
  • Created a new section for "Connect Webhooks", detailing webhook events during token generation.

• Documentation Updates

  • Enhanced clarity and usability of the "Quickstart" and "Tokens" documentation.
  • Added guidance for using OAuth clients and managing different project environments.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
docs-v2	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Oct 31, 2024 5:04am

2 Skipped Deployments

Name	Status	Preview	Comments	Updated (UTC)
pipedream-docs	⬜️ Ignored (Inspect)			Oct 31, 2024 5:04am
pipedream-docs-redirect-do-not-edit	⬜️ Ignored (Inspect)			Oct 31, 2024 5:04am

[coderabbitai]

Warning

Rate limit exceeded

@dannyroosevelt has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 20 minutes and 56 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between ac6366e and bbb8bba.

Walkthrough

The pull request introduces significant updates to the documentation for Pipedream Connect. It adds several new sections in the _meta.json file, including "Connect tokens," "Environments," "OAuth Clients," "Webhooks," and "Connect Link." Additionally, new documentation files are created for "Connect Link," "Environments," "OAuth Clients," and "Connect Webhooks," providing detailed guidance on their respective functionalities. The "Quickstart" documentation is also restructured for clarity, while the "Tokens" documentation elaborates on token generation and usage.

Changes

File Path	Change Summary
docs-v2/pages/connect/_meta.json	Added sections: "Connect tokens", "Environments", "OAuth Clients", "Webhooks", "Connect Link".
docs-v2/pages/connect/connect-link.mdx	New documentation for "Connect Link" feature, detailing URL generation and redirection parameters.
docs-v2/pages/connect/environments.mdx	New section on "Environments," explaining development and production environments for connected accounts.
docs-v2/pages/connect/oauth-clients.mdx	New documentation page for OAuth clients, detailing app types and custom client creation.
docs-v2/pages/connect/quickstart.mdx	Restructured and clarified steps for using Pipedream Connect, including updates on Connect Link usage.
docs-v2/pages/connect/tokens.mdx	New sections on "Connect tokens," "Creating a token," "Webhooks," and scoping tokens to users/environments.
docs-v2/pages/connect/webhooks.mdx	New section for "Connect Webhooks," detailing webhook events and payload examples for connection processes.

Possibly related PRs

• Updating quickstart in docs based on apps UI  #13987: Updates to the quickstart.mdx documentation reflect changes in the integration process for Pipedream Connect, aligning with new sections added in the main PR.
• (feat) Removing appSlug and oauthClientId from token create call #14123: Removes appSlug and oauthClientId parameters from the token creation process, directly related to the new sections for managing tokens and OAuth clients.
• Adding intial info about Connect Link #14124: Adds initial information about the "Connect Link," relevant to the new section introduced in the main PR.
• Update quickstart.mdx #14375: Updates to quickstart.mdx include clarifications on integration steps for Pipedream Connect, relating to new sections on tokens and account connections.

Suggested reviewers

• dylburger

🐰 In the meadow, hopping around,
New docs are here, let’s gather 'round!
Connect tokens, links, and more,
With clear guides, we’ll explore!
Environments set, OAuth in sight,
Pipedream Connect shines so bright! 🌟

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 6

🧹 Outside diff range and nitpick comments (14)

docs-v2/pages/connect/tokens.mdx (3)

1-11: Consider enhancing the formatting for better readability.

The content is clear and well-structured, but could benefit from some formatting improvements:

• Consider using bold text for the two main options to make them stand out
• The Slack example could be formatted as a callout or info block for better visibility

 # Connect tokens

 When you initiate account connection for your end users, you must either:

-1. Generate a secure, short-lived token scoped to the end user, or
-2. Use the [Connect Link](/connect/connect-link) feature to generate a URL that guides the user through the account connection flow without any frontend work on your side.
+1. **Generate a secure, short-lived token** scoped to the end user, or
+2. **Use the [Connect Link](/connect/connect-link) feature** to generate a URL that guides the user through the account connection flow without any frontend work on your side.

 Here, we'll show you how to generate tokens for your users and return that to your frontend, passing that to the account connection flow. 

-Use tokens when you want to handle the account connection flow yourself, in your app's UI. For example, you might want to show a **Connect Slack** button in your app that triggers the account connection flow for Slack, or launch the flow in a modal.
+> **Example Use Case**: Use tokens when you want to handle the account connection flow yourself, in your app's UI. For instance, you might want to show a **Connect Slack** button in your app that triggers the account connection flow for Slack, or launch the flow in a modal.

---

12-14: Consider adding a brief example or context.

The section would be more helpful with:

• A brief description of the token creation process
• A simple example showing the required parameters
• Expected response format

 ## Creating a token

-See docs on [the `/tokens` endpoint](/connect/api/#create-a-new-token) to create new tokens.
+To create a new token, you'll need to make a POST request to the `/tokens` endpoint with the following required parameters:
+
+```json
+{
+  "external_user_id": "user_123",
+  "webhook_uri": "https://your-domain.com/webhook"
+}
+```
+
+The endpoint will return a secure token that you can use to initiate the account connection flow.
+
+For complete API documentation, see [the `/tokens` endpoint](/connect/api/#create-a-new-token).

---

16-20: Consider mentioning key webhook events.

The section would be more informative if it briefly mentioned the main webhook events users can expect (e.g., CONNECTION_SUCCESS, CONNECTION_ERROR).

 ## Webhooks

 When you generate a token, you can specify a `webhook_uri` where Pipedream will deliver updates on the account connection flow. This is useful if you want to update your UI based on the status of the account connection flow, get a log of errors, and more. 
 
+You'll receive webhook events for key status changes, including:
+- `CONNECTION_SUCCESS` when an account is successfully connected
+- `CONNECTION_ERROR` if there's an issue during the connection process
+
 [See the webhooks docs](/connect/webhooks) for more information.

docs-v2/pages/connect/connect-link.mdx (4)

7-7: Consider adding security recommendations for URL distribution.

When mentioning email/SMS distribution of Connect Links, it would be valuable to add security best practices, such as:

• Recommending secure communication channels
• Advising users to access the link promptly due to the 4-hour expiration
• Warning against sharing the URL with unauthorized parties

Would you like me to provide a suggested addition to the documentation?

---

19-21: Enhance code block with syntax highlighting and parameter explanation.

Consider these improvements:

1. Add syntax highlighting by specifying the language
2. Explain the appSlug parameter and provide valid examples

Apply this change:

-```
+```url
 https://pipedream.com/_static/connect.html?token={token}&connectLink=true&app={appSlug}

Then add:
```markdown
where `{appSlug}` is the unique identifier for your app (e.g., "github", "slack", etc.).

---

30-32: Enhance redirect URL documentation with examples and security considerations.

Consider adding:

1. Examples of valid redirect URLs
2. Security best practices for redirect URLs (e.g., URL validation, allowed domains)
3. Description of what users will see on the default Pipedream-hosted pages

Would you like me to provide a detailed example section covering these points?

---

11-11: Minor: Simplify redundant phrasing.

The phrase "for getting Connect up and running" can be simplified.

-See [the Connect quickstart](/connect/quickstart) for a full tutorial for getting Connect up and running.
+See [the Connect quickstart](/connect/quickstart) for a full tutorial on using Connect.

🧰 Tools

🪛 LanguageTool

[style] ~11-~11: This phrase is redundant. Consider writing “Connect”.
Context: ...kstart) for a full tutorial for getting Connect up and running. Here's a quick overview ...

(CONNECT_TOGETHER)

docs-v2/pages/connect/webhooks.mdx (1)

16-42: Enhance the success payload documentation.

The JSON example would be more helpful with:

• Field descriptions for each property in the payload
• Valid format examples for IDs and timestamps
• Explanation of the healthy and dead boolean fields
• Documentation for all possible values in the app object

Consider adding this field description table above the JSON example:

| Field | Type | Description |
|-------|------|-------------|
| connect_token | string | The token used to initiate the connection |
| environment | string | The environment where the connection was created |
| connect_session_id | number | Unique identifier for the connection session |
| account.id | string | Unique identifier for the connected account |
...

docs-v2/pages/connect/oauth-clients.mdx (4)

6-13: Consider adding security best practices.

While the distinction between key-based and OAuth apps is clear, it would be valuable to add a note about security implications and best practices for handling credentials in both cases.

Consider adding a security callout:

2. **OAuth**: These apps require OAuth authorization. Pipedream manages the OAuth flow for these apps, ensuring you always have a fresh access token for requests.

+ <Callout type="warning">
+ Always follow security best practices:
+ - Never commit API keys or OAuth credentials to version control
+ - Rotate credentials regularly
+ - Use environment-specific OAuth clients
+ </Callout>

---

15-19: Enhance production deployment requirements.

The callout about production deployment could be more specific about why custom OAuth clients are required and what limitations exist without them.

Consider expanding the callout:

<Callout type="info">
- To get started in [development mode](/connect/environments), you can skip these steps. To deploy your app to production, you'll need to [create an OAuth client](#using-a-custom-oauth-client) for the app you're integrating.
+ To get started in [development mode](/connect/environments), you can use Pipedream's default OAuth client. However, for production deployments:
+ - Custom OAuth clients are required for security and rate limiting purposes
+ - Each environment (staging, production) should use a separate OAuth client
+ - You'll need to [create an OAuth client](#using-a-custom-oauth-client) for the app you're integrating
</Callout>

---

23-28: Add code examples for implementation.

While the steps are clear, adding code examples for both the frontend SDK and Connect Link would make implementation easier.

Consider adding:

4. When connecting an account either via the [frontend SDK](/connect/quickstart#use-the-pipedream-sdk-in-your-frontend), make sure to include the `oauth_app_id` in `pd.connectAccount()`.
+ ```javascript
+ // Example using the frontend SDK
+ await pd.connectAccount({
+   app: "github",
+   oauth_app_id: "your-oauth-app-id"
+ });
+ ```

5. If using [Connect Link](/connect/quickstart#use-connect-link), make sure to include the `oauth_app_id` in the URL.
+ ```
+ # Example Connect Link URL
+ https://pipedream.com/connect/oauth?app=github&oauth_app_id=your-oauth-app-id
+ ```

---

35-35: Improve image accessibility.

The image's alt text could be more descriptive to better assist users with screen readers.

- <Image src="https://res.cloudinary.com/pipedreamin/image/upload/v1730241292/oauth-app-id_umhhqi.png" alt="Copy OAuth App ID" width={650} height={529} />
+ <Image src="https://res.cloudinary.com/pipedreamin/image/upload/v1730241292/oauth-app-id_umhhqi.png" alt="Screenshot showing how to expand OAuth client details and locate the OAuth App ID in the Pipedream dashboard" width={650} height={529} />

docs-v2/pages/connect/quickstart.mdx (2)

Line range hint 535-561: Consider adding security recommendations for token handling.

While the code examples are comprehensive, it would be beneficial to add a note about secure token handling practices, such as:

• Not storing tokens in client-side storage
• Using secure session management
• Implementing token rotation

---

976-977: Enhance deployment section with additional context.

Consider expanding the deployment section to include:

• A brief overview of what changes between development and production
• Common deployment considerations
• Links to troubleshooting guides

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between b18464a and ac6366e.

📒 Files selected for processing (7)

• docs-v2/pages/connect/_meta.json (1 hunks)
• docs-v2/pages/connect/connect-link.mdx (1 hunks)
• docs-v2/pages/connect/environments.mdx (1 hunks)
• docs-v2/pages/connect/oauth-clients.mdx (1 hunks)
• docs-v2/pages/connect/quickstart.mdx (7 hunks)
• docs-v2/pages/connect/tokens.mdx (1 hunks)
• docs-v2/pages/connect/webhooks.mdx (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• docs-v2/pages/connect/environments.mdx

🧰 Additional context used

🪛 LanguageTool

docs-v2/pages/connect/connect-link.mdx

[style] ~11-~11: This phrase is redundant. Consider writing “Connect”.
Context: ...kstart) for a full tutorial for getting Connect up and running. Here's a quick overview ...

(CONNECT_TOGETHER)

docs-v2/pages/connect/quickstart.mdx

[duplication] ~27-~27: Possible typo: you repeated a word
Context: ...pipedream.com/projects). 2. From within the the Connect tab in your project, select...

(ENGLISH_WORD_REPEAT_RULE)

🔇 Additional comments (5)

docs-v2/pages/connect/_meta.json (2)

14-27: LGTM! The new sections follow consistent naming patterns.

The added sections maintain proper JSON structure and follow the existing naming conventions. The titles are well-formatted and clearly describe their corresponding documentation sections.

---

14-27: Consider optimizing the navigation order.

While the current order is logical, consider if a different arrangement might provide a better learning path for users. For example:

1. Overview (current)
2. Use cases (current)
3. Quickstart (current)
4. Connect Link (moved up as it might be the primary integration method)
5. Environments (current position)
6. OAuth Clients
7. Tokens
8. Webhooks
9. API & SDK Reference (moved to end as it's typically referenced after understanding basic concepts)

Let's verify if there are any explicit dependencies between these sections:

docs-v2/pages/connect/connect-link.mdx (1)

25-26: Consider using a more permanent link format.

The shortened workflow URL (tch_EvfbvQ) might not be permanent. Consider using the full Pipedream workflow URL format for better longevity of the documentation.

docs-v2/pages/connect/webhooks.mdx (1)

1-54: Verify webhook payload structure against API implementation.

Let's ensure the documented fields match the actual implementation.

✅ Verification successful

Let me try a different search strategy to locate the webhook implementation.

This should help us find webhook-related files and their implementations to verify against the documentation.

---

Let me try one more search to find the event type definitions and webhook payload structure.

---

Let me try one final search to find the AppResponse type definition to complete our verification.

---

Based on the code findings from our searches, I can now provide a final response:

Documentation accurately reflects the webhook payload structure

The documented webhook payload structure in docs-v2/pages/connect/webhooks.mdx is consistent with the implementation found in the codebase. This is verified by:

1. The Account type definition matches exactly with the documented fields including:

   • id, name, external_id, healthy, dead
   • app object with fields id, name_slug, name, auth_type, img_src, custom_fields_json, categories
   • created_at, updated_at timestamps

2. The webhook configuration is properly implemented in the SDK (packages/sdk/src/server/index.ts) with the webhook_uri parameter.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for webhook-related code to verify payload structure
echo "Searching for webhook implementation..."
rg -t ts -t js "CONNECTION_SUCCESS|CONNECTION_ERROR" -A 10
ast-grep --pattern 'function $_(req, res) {
  $$$
}'

Length of output: 204

---

Script:

#!/bin/bash
# Search for webhook-related files and implementations
echo "Searching for webhook-related files..."
fd -e ts -e js -e tsx -e jsx webhook -i

echo "Searching for connect token and webhook patterns..."
rg -t ts -t js "webhook.*uri|connect.*token" -B 2 -A 5

echo "Searching for event type definitions..."
rg -t ts -t js "type.*Event.*=.*CONNECTION" -B 1 -A 3

Length of output: 6398

---

Script:

#!/bin/bash
# Search for webhook payload and event type definitions
echo "Searching for webhook event types..."
rg -t ts -t js "CONNECTION_SUCCESS|CONNECTION_ERROR" --type-add 'dts:*.d.ts' -t dts -t ts -t js

echo "Searching for webhook payload interface or type definitions..."
ast-grep --pattern 'interface $_ {
  event: $_;
  connect_token: $_;
  $$$
}'

echo "Searching for account type definitions..."
ast-grep --pattern 'type Account = {
  $$$
}'

Length of output: 3159

---

Script:

#!/bin/bash
# Search for AppResponse type definition
echo "Searching for AppResponse type..."
ast-grep --pattern 'type AppResponse = {
  $$$
}'

echo "Searching for app-related interfaces..."
rg -t ts -t js "interface.*App.*{|type.*App.*=.*{" -A 10

Length of output: 2339

docs-v2/pages/connect/oauth-clients.mdx (1)

1-2: LGTM: Component imports are correct and necessary.

The imports for Next.js Image and custom Callout components are properly defined and utilized in the documentation.