Fix header name and curl command example

[KMKR0910]

Corrected header name from 'MTSL_Header_name' to 'MTLS_Header_name' and fixed a typo in the example curl command.

Purpose

Describe the problems, issues, or needs driving this feature/fix and include links to related issues in the following format: Resolves issue1, issue2, etc.

Goals

Describe the solutions that this feature/fix will introduce to resolve the problems described above

Approach

Describe how you are implementing the solutions. Include an animated GIF or screenshot if the change affects the UI (email [email protected] to review all UI text). Include a link to a Markdown file or Google doc if the feature write-up is too long to paste here.

User stories

Summary of user stories addressed by this change>

Release note

Brief description of the new feature or bug fix as it will appear in the release notes

Documentation

Link(s) to product documentation that addresses the changes of this PR. If no doc impact, enter “N/A” plus brief explanation of why there’s no doc impact

Training

Link to the PR for changes to the training content in https://github.com/wso2/WSO2-Training, if applicable

Certification

Type “Sent” when you have provided new/updated certification questions, plus four answers for each question (correct answer highlighted in bold), based on this change. Certification questions/answers should be sent to [email protected] and NOT pasted in this PR. If there is no impact on certification exams, type “N/A” and explain why.

Marketing

Link to drafts of marketing content that will describe and promote this feature, including product page changes, technical articles, blog posts, videos, etc., if applicable

Automation tests

• Unit tests

  Code coverage information

• Integration tests

  Details about the test cases and coverage

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes/no
• Ran FindSecurityBugs plugin and verified report? yes/no
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes/no

Samples

Provide high-level details about the samples related to this feature

Related PRs

List any other related PRs

Migrations (if applicable)

Describe migration steps and platforms on which migration has been tested

Test environment

List all JDK versions, operating systems, databases, and browser/versions on which this feature/fix was tested

Learning

Describe the research phase and any blog posts, patterns, libraries, or add-ons you used to solve the problem.

Summary by CodeRabbit

• Documentation
  • Corrected MTLS example header name and fixed typos in request header examples for certificate-bound access token guidance.
  • Streamlined REST API creation guide by merging redundant steps and renumbering/rephrasing for clarity.
  • Replaced many internal image links with HTTPS-hosted assets, updated link targets to stable relative/absolute paths, and added descriptive alt text.

[CLAassistant]

All committers have signed the CLA.

[coderabbitai]

Walkthrough

Documentation edits: fixed MTLS header name and an Accept header typo; replaced internal link/image references with HTTPS-hosted assets; merged and reworded steps in the REST API creation guide. No code or runtime behavior changed.

Changes

Cohort / File(s)	Summary
MTLS header correction en/docs/manage-apis/design/api-security/api-authentication/securing-apis-using-certificate-bound-access-tokens.md	Corrected header name from MTSL_Header_name → MTLS_Header_name in Format and Example blocks; fixed Accept header typo applicaition/json → application/json.
REST API doc — links, images, steps en/docs/manage-apis/design/create-api/create-rest-api/create-a-rest-api.md	Replaced internal {{base_path}} anchors and inline image references with external HTTPS-hosted URLs; consolidated/rewrote setup steps (merged selection/start steps, adjusted numbering); updated image markup and alt text; streamlined link targets.

Sequence Diagram(s)

(Changes are documentation-only and do not modify control flow; no sequence diagram provided.)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Focus review on:
  • External image and anchor URLs resolve and use HTTPS.
  • Rendered code/example blocks show corrected MTLS_Header_name and application/json.
  • Step ordering and updated links point to intended targets.

Poem

🐇 I hopped through markdown, sniffed a header bright,
nudged a typo gently, set the images right.
Steps now line up neatly, links leap to the sun,
a tidy trail of docs—my little hop is done. ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description includes only a brief summary of changes and leaves the template sections unfilled with placeholder prompts instead of required implementation details.	Complete the PR description template by filling in required sections: Purpose with issue links, Goals explaining the fix, Approach with implementation details, and at minimum confirming security checks and documentation impact.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main changes in the pull request: fixing a header name typo (MTSL to MTLS) and correcting a curl command example.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ad93a65 and 61d1784.

📒 Files selected for processing (1)

• en/docs/manage-apis/design/create-api/create-rest-api/create-a-rest-api.md (7 hunks)

🔇 Additional comments (3)

en/docs/manage-apis/design/create-api/create-rest-api/create-a-rest-api.md (3)

3-3: Relative path depth correction verified.

Both API Publisher links correctly resolve to ../../../../get-started/apim-architecture/#api-publisher (4-level traversal from file depth en/docs/manage-apis/design/create-api/create-rest-api/). The paths resolve to the correct target.

---

20-21: Step consolidation aligns with WSO2 API Manager UI flow.

The steps correctly consolidate "Select REST API" and "Click Start from Scratch" into a single step 2, matching the actual WSO2 API Manager Publisher workflow as verified in the prior review. Subsequent step numbering (3–8) flows logically.

---

30-30: Image references consistently migrated to HTTPS-hosted assets with alt text.

All image elements have been updated to use https://apim.docs.wso2.com URLs and include descriptive alt attributes (e.g., "Click Basic Info button location", "API configuration toolbar", "Linter error"). This ensures WCAG accessibility compliance (MD045) and stable external asset references.

Also applies to: 36-36, 40-40, 49-49, 91-91, 103-103, 109-109, 113-113, 117-117, 126-126, 130-130, 147-147, 161-162, 170-171

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b5b122a and 4c4881a.

📒 Files selected for processing (1)

• en/docs/manage-apis/design/create-api/create-rest-api/create-a-rest-api.md (9 hunks)

🧰 Additional context used

🪛 markdownlint-cli2 (0.18.1)

en/docs/manage-apis/design/create-api/create-rest-api/create-a-rest-api.md

48-48: Images should have alternate text (alt text)

(MD045, no-alt-text)

🔇 Additional comments (2)

en/docs/manage-apis/design/create-api/create-rest-api/create-a-rest-api.md (2)

3-3: Internal anchor link is correctly formatted and resolvable.

The verification confirms that the relative path ../../../get-started/apim-architecture/#api-publisher correctly resolves to the target file en/docs/get-started/apim-architecture.md and the api-publisher anchor exists within it. No issues found.

---

3-3: All external image URLs are accessible and functioning correctly.

Verification confirms all 15 image URLs migrated to https://apim.docs.wso2.com/en/latest/assets/img/ return HTTP 200 responses. No broken links or inaccessible resources detected.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4c4881a and 01d20e6.

📒 Files selected for processing (1)

• en/docs/manage-apis/design/create-api/create-rest-api/create-a-rest-api.md (8 hunks)

🔇 Additional comments (3)

en/docs/manage-apis/design/create-api/create-rest-api/create-a-rest-api.md (3)

46-47: ✓ Accessibility improvement applied.

The alt attribute has been properly added to the image element, addressing the prior WCAG accessibility requirement. The alt text "Click Basic Info button location" is descriptive and appropriate.

---

1-1: ⚠️ PR objective mismatch—expected file content not found.

The PR description states the objective is to fix a header name from 'MTSL_Header_name' to 'MTLS_Header_name' and correct a curl command typo. However, this file contains no MTLS header references or curl command examples. The AI-generated summary indicates these changes are in "a separate file within this PR." Confirm that the correct files were provided for review, as the MTLS header and curl command fixes appear to be in different documentation.

---

32-32: The original review comment is incorrect—mixed URL reference types are intentional and appropriate.

The file correctly uses:

• Absolute HTTPS URLs for images and assets (lines 46–47, 163–164, 172–173)
• {{base_path}} template syntax for internal documentation links (line 55)

These serve distinct purposes: images require absolute URLs for external static file hosting, while internal navigation links use templates for deployment flexibility. This pattern is standard practice and confirmed by the project's header documentation, which also uses {{base_path}}. No changes are needed.

Likely an incorrect or invalid review comment.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 01d20e6 and ad93a65.

📒 Files selected for processing (1)

• en/docs/manage-apis/design/create-api/create-rest-api/create-a-rest-api.md (7 hunks)

🔇 Additional comments (6)

en/docs/manage-apis/design/create-api/create-rest-api/create-a-rest-api.md (6)

19-20: Step consolidation is correct.

The combined step "Select REST API from the options available and click Start from Scratch" correctly reflects the WSO2 API Manager UI flow as a single step 2, addressing prior review concerns.

---

29-29: Image links successfully normalized to external HTTPS URLs with accessibility fixes.

All image references have been converted to external stable URLs (https://apim.docs.wso2.com/en/latest/assets/img/...), improving portability. Alt text has been properly added to images on lines 44, 161, and 170. This addresses the prior accessibility compliance concern (MD045).

Also applies to: 35-35, 39-39, 43-44, 48-48, 90-90, 102-102, 108-108, 112-112, 116-116, 125-125, 129-129, 146-146, 160-161, 169-170

---

11-11: Sign-in endpoint is correct.

Line 11 correctly shows https://localhost:9443/publisher as the Publisher entry URL, addressing the prior endpoint verification concern.

---

31-31: Step numbering is correct and sequential.

All step numbers (4 through 8) are properly sequenced following the consolidated steps 1–3, maintaining logical flow.

Also applies to: 41-41, 84-84, 96-96, 140-140

---

76-76: Version management guidance is clear.

The rewording on line 76 improves clarity on creating new API versions while keeping previous versions as default, enhancing the instructional value.

---

1-175: File scope note: MTLS and curl command fixes mentioned in PR objectives not present in this file.

The PR description references fixes to MTLS header names and curl command typos; however, this file contains only REST API creation documentation updates (link normalization, image asset hosting, step restructuring). Per the AI summary, these security-related fixes appear to be in en/docs/manage-apis/design/api-security/api-authentication/securing-apis-using-certificate-bound-access-tokens.md, which is not included in the current review.

Confirm whether the security documentation file should also be reviewed as part of this PR.