Skip to content

docs: apply Snyk writing-style skill to Snyk API & Web pages#1357

Open
TashaTBaker wants to merge 2 commits into
mainfrom
api-and-web-style-review
Open

docs: apply Snyk writing-style skill to Snyk API & Web pages#1357
TashaTBaker wants to merge 2 commits into
mainfrom
api-and-web-style-review

Conversation

@TashaTBaker

Copy link
Copy Markdown
Contributor

Apply the Snyk documentation writing-style rules across the snyk-api-web page and all child pages (114 files updated).

Consistent changes:

  • Passive to active voice, naming the actor
  • Remove weakening modals (may/should/might) and filler
  • Fix capability phrasing ("allows you to" -> "you can"/"lets you")
  • Terminology: after/navigate to/visit/log in/check box/Select vs Click; vulnerability (security) vs issue (licensing)
  • Sentence-case headings; bold UI labels and status values; unbold list lead-ins and emphasis; remove contractions and semicolons
  • Product name "Snyk API & Web" on first reference, then "Snyk"

Frontmatter, GitBook components, links, and technical literals unchanged.

Apply the Snyk documentation writing-style rules across the snyk-api-web
page and all child pages (114 files updated).

Consistent changes:
- Passive to active voice, naming the actor
- Remove weakening modals (may/should/might) and filler
- Fix capability phrasing ("allows you to" -> "you can"/"lets you")
- Terminology: after/navigate to/visit/log in/check box/Select vs Click;
  vulnerability (security) vs issue (licensing)
- Sentence-case headings; bold UI labels and status values; unbold list
  lead-ins and emphasis; remove contractions and semicolons
- Product name "Snyk API & Web" on first reference, then "Snyk"

Frontmatter, GitBook components, links, and technical literals unchanged.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@TashaTBaker TashaTBaker requested a review from a team as a code owner June 17, 2026 11:47
@snyk-io

snyk-io Bot commented Jun 17, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

# Conflicts:
#	scan-fix-and-prevent/scan-with-snyk/snyk-api-web/review-and-fix/review-pending-findings.md
If your target requires requests to be encrypted, configure message level encryption in the Encryption tab.

1. In Snyk API & Web, navigate to the **Targets** page.
1. In Snyk, navigate to the **Targets** page.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would either remove "In Snyk" or specify where in the UI you are e.g. Homepage

3. Click **Add**.

Snyk API & Web performs all necessary conversions, creates the target, and you can scan your RAML API.
Snyk performs all necessary conversions and creates the target, and you can then scan your RAML API.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This sentence is a bit of a mouthful. I would amend to "Snyk performs all necessary conversions, creates the target, then enables you to scan your RAML API."

Configure alternative OTP two-factor authentication for your target before proceeding. Visit [Configure two-factor authentication (2FA)](configure-two-factor-authentication.md) for setup instructions.

You will need the **UNIQUE 2FA CONFIGURATION URL** from your target's Authentication settings.
You need the **UNIQUE 2FA CONFIGURATION URL** from the Authentication settings of your target.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there meant to be a URL here?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be nice if you could provide an example of a UNIQUE 2FA CONFIGURATION URL, and more specific instructions on where to find it. I see that field in the screenshots in the Configure alternative OTP , but not in the TOTP section. Does it only apply when using alternative OTPs? If so it would be good to note that here.

### Configure OTP with Login Sequence

To use the OTP code in a login sequence, record a new login sequence with 2FA and update the target login sequence. Visit [Configure login sequence authentication](configure-login-sequence.md) for instructions. During the recording, take note of the OTP code that you used because you will need it for the configuration.
To use the OTP code in a login sequence, record a new login sequence with 2FA and update the target login sequence. Visit [Configure login sequence authentication](configure-login-sequence.md) for instructions. During the recording, take note of the OTP code that you used because you need it for the configuration.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The convention is "For instructions, visit..."

* **Action** - Select **Allow**.
* **Zone** - From the available options, select **This website** if you want to apply the rule only to the current zone. Alternatively, select **All websites in account** if you want the rule to be created in all zones of your Cloudflare account.
* **Notes** - This is optional, but you can provide text identifying the rule. For example, "Snyk API & Web IP".
* **Zone** - To apply the rule only to the current zone, select **This website**. To create the rule in all zones of your Cloudflare account, select **All websites in account**.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

: instead of - in lists

2. Navigate to the request that gets the user details and add the `user_id` variable as a parameter.

The request to get the user details, should be looking like the following example:
The request to get the user details looks like the following example:

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The request to get the user details looks like the following example:
The following image shows an example of a request to get user details.

Configure alternative OTP two-factor authentication for your target before proceeding. Visit [Configure two-factor authentication (2FA)](configure-two-factor-authentication.md) for setup instructions.

You will need the **UNIQUE 2FA CONFIGURATION URL** from your target's Authentication settings.
You need the **UNIQUE 2FA CONFIGURATION URL** from the Authentication settings of your target.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be nice if you could provide an example of a UNIQUE 2FA CONFIGURATION URL, and more specific instructions on where to find it. I see that field in the screenshots in the Configure alternative OTP , but not in the TOTP section. Does it only apply when using alternative OTPs? If so it would be good to note that here.

<figure><img src="../../../../.gitbook/assets/configure-two-factor-authentication-otp-gmail-create.png" alt="Create Apps Script in Google Script"><figcaption></figcaption></figure>

3. Click on the project name "Untitled Project" at the top and enter a meaningful name (for example, "Extract OTPs from Email").
3. Click the project name "Untitled Project" at the top and enter a meaningful name (for example, "Extract OTPs from Email").

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
3. Click the project name "Untitled Project" at the top and enter a meaningful name (for example, "Extract OTPs from Email").
3. Click **Untitled Project** and enter a meaningful name (for example, "Extract OTPs from Email").

* Access to Power Automate (Premium license required for HTTP POST calls)
* An email account configured in Power Automate that receives OTP emails
* The **UNIQUE 2FA CONFIGURATION URL** from your target's Authentication settings (see [Configure two-factor authentication (2FA)](configure-two-factor-authentication.md))
* The **UNIQUE 2FA CONFIGURATION URL** from the Authentication settings of your target. Visit [Configure two-factor authentication (2FA)](configure-two-factor-authentication.md).

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a better phrasing than we have for the Gmail section.

@@ -250,7 +248,7 @@ Configure an HTTP action to send the extracted OTP to Snyk API & Web:
3. Configure the HTTP action:

* **Method**: Select **POST**

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For both Method and URI, the text after the : is a complete sentence and should end with a period.

* **Secure infrastructure:** we use a combination of proprietary models and secure third-party LLMs. For third-party models, your data is never used for model training and is retained for no more than eight hours.
* **What is sent:** Snyk sends specific components of web communications, such as portions of HTTP requests and responses, to the AI model for real-time analysis.
* **No training on your data:** Snyk does **not** use your proprietary code or sensitive request data to train, optimize, or fine-tune its AI models.
* **Secure infrastructure:** Snyk uses a combination of proprietary models and secure third-party LLMs. For third-party models, Snyk never uses your data for model training and retains it for no more than eight hours.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* **Secure infrastructure:** Snyk uses a combination of proprietary models and secure third-party LLMs. For third-party models, Snyk never uses your data for model training and retains it for no more than eight hours.
* **Secure infrastructure**: Snyk uses a combination of proprietary models and secure third-party LLMs. For third-party models, Snyk never uses your data for model training and retains it for no more than eight hours.

Note:

* If you already use SSO to log in to Snyk, you can log in to Snyk API & Web with your existing Snyk account, using the "Log in with Snyk" button:
* If you already use SSO to log in to Snyk, you can log in to Snyk API & Web with your existing Snyk account, using the **Log in with Snyk** button:

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* If you already use SSO to log in to Snyk, you can log in to Snyk API & Web with your existing Snyk account, using the **Log in with Snyk** button:
* If you already use SSO to log in to Snyk, you can log in to Snyk API & Web with your existing Snyk account, using the **Log in with Snyk** button.

* **Assertion Consumer Service** - The Snyk API & Web endpoint to do the SAML authentication and authorization: `https://sso.plus.probely.app/sso/<organization-id>/complete/`

In the endpoint, replace `<organization-id>` with a string that identifies your organization (with lowercase letters and hyphens only). For example, the company name, but if you need any help, we can suggest it for you.
In the endpoint, replace `<organization-id>` with a string that identifies your organization, using lowercase letters and hyphens only. For example, use the company name. If you need help, Snyk can suggest it for you.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How does the user request that Snyk suggest this for them?

#### Connect your Snyk accounts

1. In Snyk API & Web, navigate to **Settings > Integrations**.
1. In Snyk, navigate to **Settings > Integrations**.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
1. In Snyk, navigate to **Settings > Integrations**.
1. In Snyk, navigate to **Settings** > **Integrations**.

* In the first dropdown, choose the week of the month (First, Second, Third, Fourth, or Last).
* In the second dropdown, choose the day of the week (Monday, Tuesday, and so on).
* **Monthly/Quarterly** - The scan runs every month or quarter on the day (number) defined in the **Start date**. In this case, Snyk displays a **Repeat scans every** check box to configure a different day:
* In the first dropdown, select the week of the month (**First**, **Second**, **Third**, **Fourth**, or **Last**).

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are these dropdowns named in the UI? If so, use their names here instead of first and second.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants