docs(user): add how-to guide for obtaining an API access token

[mysekai7]

Adds an English how-to document explaining the 5-step OIDC/OAuth2 Authorization Code Flow for obtaining an ACP platform access token programmatically, including a complete curl-based bash script example.

Summary by CodeRabbit

• Documentation
  • Added comprehensive guide for obtaining API access tokens with step-by-step instructions, practical examples, and operational best practices.
  • Added new HowTo section index page for improved navigation of user guides.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8399538b-2d7f-43a1-acdb-914670e93a9b

📥 Commits

Reviewing files that changed from the base of the PR and between d4f18ea and 4e83db5.

📒 Files selected for processing (2)

• docs/en/security/users_and_roles/user/howto/get_api_token.md
• docs/en/security/users_and_roles/user/howto/index.mdx

---

Walkthrough

This PR adds comprehensive documentation for acquiring ACP platform API tokens through a Dex-based OIDC Authorization Code Flow. It includes a detailed five-step guide, complete working shell script example with cookie management and RSA encryption, and operational guidance for token usage and session handling.

Changes

API Token Acquisition Guide

Layer / File(s)	Summary
Overview and prerequisites docs/en/security/users_and_roles/user/howto/get_api_token.md	Introduction to the Dex-based OIDC flow requiring session-based cookie sharing, and prerequisites defining platform URL, OAuth client id, scopes, redirect URI, and identity provider.
OAuth/Dex authentication flow walkthrough docs/en/security/users_and_roles/user/howto/get_api_token.md	Step-by-step documentation of five sequential API calls: login metadata retrieval, Dex authorization request, RSA public key fetch, encrypted credential submission with code/state extraction, and token exchange callback.
Complete shell script implementation docs/en/security/users_and_roles/user/howto/get_api_token.md	Working bash/curl example demonstrating the full flow with cookie jar handling, RSA public key fetching, PKCS#1 v1.5 encryption, parameter extraction, and JSON response parsing.
Token usage and operational guidance docs/en/security/users_and_roles/user/howto/get_api_token.md, docs/en/security/users_and_roles/user/howto/index.mdx	Instructions for using the access token in Authorization Bearer headers, operational notes on session cookies, timestamp uniqueness, identity provider selection, and TLS verification. Index page entry point with frontmatter and Overview component.

🎯 2 (Simple) | ⏱️ ~8 minutes

🐰 A guide for tokens, step by step so clear,
Five dances with Dex, and the script is right here!
With cookies and keys, and bash doing the deed,
Your API awaits every token you need! 🔑

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a how-to guide documentation for obtaining an API access token, which aligns with the changeset that adds a new documentation page with complete instructions and examples.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/add-get-api-token

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

[cloudflare-workers-and-pages]

Deploying alauda-container-platform with    Cloudflare Pages

Latest commit:	4e83db5
Status:	✅  Deploy successful!
Preview URL:	https://5b0cf0c5.alauda-container-platform.pages.dev
Branch Preview URL:	https://feat-add-get-api-token.alauda-container-platform.pages.dev

View logs