feat: rewrite Optimize API auth guide

[pepopowitz]

Description

Part of #4117.

Rewrites the Optimize API authentication guide according to specs defined in #4117.

When should this change go live?

• This is a bug fix, security concern, or something that needs urgent release support.
• This is already available but undocumented and should be released within a week.
• This on a specific schedule and the assignee will coordinate a release with the DevEx team. (apply hold label or convert to draft PR)
• This is part of a scheduled alpha or minor. (apply alpha or minor label)
• There is no urgency with this change and can be released at any time.

PR Checklist

• My changes are for an already released minor and are in /versioned_docs directory.
• My changes are for the next minor and are in /docs directory (aka /next/).

• My changes require an Engineering review, and I've assigned the Engineering DRI or delegate.
• My changes require a technical writer review, and I've assigned @camunda/tech-writers as a reviewer.

[github-actions]

👋 🤖 ✅ Looks like the changes were ported across versions, nice job! 🎉

You can read more about the versioning within our docs in our documentation guidelines.

[pepopowitz]

This is different from other API Auth guides, and I don't feel great about requesting that someone re-configure their environment in order to get an auth token....but as discussed in Slack, the out-of-the-box configuration of a Self-Managed instance doesn't actually work for client_credentials authentication.

[mesellings]

Lgtm, just some suggestions for formatting and styling 👍

[mesellings]

Suggested change

	3. Upon creating the client, capture the following values required to generate a token:
	3. After creating the client, capture the following values required to generate a token:

Suggestion, "upon" doesn't do well in translation here (future proofing).

[pepopowitz]

#4138 (comment)

[pepopowitz]

Resolution from 4138: it should read "Once you have created the client, capture...".

I'll do this in my follow-up.

[mesellings]

Suggested change

	## Generating a token
	## Generate a token

Suggestion to get away from using gerunds and make it more active, I think I suggested this in other reviews so not sure whether this was adopted - ignore if not, to keep consistent.

[pepopowitz]

Ignoring for now for consistency; I'd like to get through all these rewrites (only one more after this!), and we can standardize this later.

[mesellings]

Suggested change

	:::tip
	:::caution

Seeing as this is a crucial step if they don't capture the secret, should we make the admonition a caution?

[pepopowitz]

No preference; I will adjust across all auth guides in a follow-up.

[mesellings]

Not for this PR, but I notice we use "execute" a lot, and I'm not sure if we should be replacing this term with "run" or something similar, perhaps not here but wanted to capture this somewhere for discussion.

[pepopowitz]

No preference; let me know of any specific changes you'd like me to make in a follow-up.

[mesellings]

Not sure if this should be a step, as technically each numbered bullet should be an action, so perhaps this belongs in the next step, or as a sub paragraph or something in the previous step? Without seeing the actual doc, I can't envisage what this looks like, so it might not be better when actually rendered, but jsut something I wanted to note.

[pepopowitz]

This is a good call. Here's what it looks like currently:

That number 5 could definitely be a separate paragraph under number 4. I'll adjust these across all auth guides in a follow-up.

[mesellings]

Should "audience" property here be in code (not sure, just asking)?

[pepopowitz]

I don't know either, but if someone does and gives me specific changes, I'll take care of them in my follow-up.

[mesellings]

Suggested change

	The Optimize API can also be configured in a Self-Managed environment to authenticate with a single shared access token. Refer to [Public API Configuration](/self-managed/optimize-deployment/configuration/system-configuration.md#public-api) for the configuration required to access the public API using a specific token.
	The Optimize API can also be configured in a Self-Managed environment to authenticate using a single shared access token. See [Public API Configuration](/self-managed/optimize-deployment/configuration/system-configuration.md#public-api) for the configuration required to access the public API using a specific token.

[pepopowitz]

I'll adjust this across all auth guides in a follow-up.

[mesellings]

Suggested change

	All Optimize API requests except [the health readiness endpoint](./health-readiness.md) require authentication. To authenticate, generate a [JSON Web Token (JWT)](https://jwt.io/introduction/) and include it in each request.
	All Optimize API requests except the [health readiness](./health-readiness.md) endpoint require authentication. To authenticate, generate a [JSON Web Token (JWT)](https://jwt.io/introduction/) and include it in each request.

Suggestion to just have the endpoint name in the link.

[pepopowitz]

No preference on my end, I'll adjust across all APIs in a follow-up.

[mesellings]

Suggested change

	For example, to send a request to the Optimize API's ["Get dashboard IDs" endpoint](./dashboard/get-dashboard-ids.md):
	For example, to send a request to the Optimize API's ["Get dashboard IDs"](./dashboard/get-dashboard-ids.md) endpoint:

Also, should this endpoint name be in quotes?

[pepopowitz]

I don't know. I can make these changes in a follow-up, if we decide they're needed.

[pepopowitz]

@mesellings Thanks for the review! I'm going to temporarily ignore your suggestions for this PR, and leave all conversations unresolved, but add an item to #4117 to apply them to all the API auth guides. And then I'll take care of them after I finish this PR + one for the Zeebe API.

[pepopowitz]

@RomanJRW can you or someone from your team please review this PR, to confirm that I have not introduced incorrect information or steps for Optimize API authentication?

[akeller]

🏃

[github-actions]

🧹 Preview environment for this PR has been torn down.