diff --git a/.gitignore b/.gitignore
index da89ab4f2e18..04a085a770c4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 .DS_Store
+.env
 .che
 .vagrant
 .buildpath
diff --git a/.travis.yml b/.travis.yml
index 461ca64dfe08..7ae3ab5f7fe7 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,22 +1,12 @@
-language: node_js
-node_js:
-  - "8"
-
+dist: xenial
 sudo: false
+
+language: generic
 notifications:
   email: false
 
-cache:
-  bundler: true
-  yarn: true
-
 before_install:
-  - rvm install 2.3.3
-  - npm install -g yarn
-install:
-  - bundle install
-  - yarn
-before_script:
-  - npm test
-script:
-  - gulp build
+  - docker-compose build
+  - touch Gemfile.lock
+  - mkdir node_modules
+  - chmod -R 777 .
diff --git a/Dockerfile b/Dockerfile
index 22335c9b2bbc..03a1cde620cb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,18 +1,13 @@
 # This should mirror the jekyll version in the Gemfile
-FROM jekyll/jekyll:3.8.5
-
-WORKDIR /srv/jekyll
+FROM jekyll/jekyll:3.8.6
 
 RUN apk add --update autoconf automake file build-base nasm musl libpng-dev zlib-dev
 
-COPY entrypoint.sh /entrypoint.sh
-
-RUN npm install -g yarn && npm install -g gulp
+WORKDIR /srv/jekyll
+COPY Makefile /srv/jekyll
+RUN make install-prerequisites
 
 RUN chmod -R 777 /usr/lib/node_modules \
-  && chmod 777 /entrypoint.sh \
   && usermod -a -G root jekyll
 
-ENTRYPOINT ["/entrypoint.sh"]
-
 EXPOSE 3000 3001
diff --git a/Gemfile b/Gemfile
index c493bddede24..f750b48692d8 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,5 +1,5 @@
 source 'https://rubygems.org'
-gem 'jekyll', '~> 3.8.5'
+gem 'jekyll', '~> 3.8.6'
 gem 'jekyll-redirect-from'
-gem 'redcarpet', '3.4.0'
-gem 'rouge', '3.4.1'
+gem 'redcarpet', '3.5.0'
+gem 'rouge', '3.10.0'
diff --git a/Makefile b/Makefile
index c26d3f99b1ff..acebd16d0ba0 100644
--- a/Makefile
+++ b/Makefile
@@ -1,2 +1,26 @@
+install-prerequisites:
+	npm install -g yarn
+	npm install -g gulp
+
+install:
+	npm install
+	bundle install
+	yarn --ignore-engines
+	yarn upgrade
+
+run: install
+	gulp
+
 develop:
-	docker-compose up --build
+	docker-compose up
+
+test: install
+	npm test
+
+docker-test:
+	COMMAND="make test" docker-compose up
+
+check-links:
+	docker-compose up -d
+	while [ `curl -s -o /dev/null -w ''%{http_code}'' localhost:3000` != 200 ]; do echo "waiting"; docker-compose logs --tail=2 jekyll; sleep 20; done
+	docker-compose exec jekyll yarn blc http://localhost:3000 -efr --exclude careers --exclude hub
diff --git a/README.md b/README.md
index e71cb0e354be..8b2f5162fc30 100644
--- a/README.md
+++ b/README.md
@@ -9,12 +9,19 @@ This repository is the source code for [Kong](https://github.com/Kong/kong)'s do
 make develop
 ```
 
+### Testing Links With Docker
+
+>
+```
+make check-links
+```
+
 ## Develop Locally Without Docker
 
 ### Prerequisites
 
 - [npm](https://www.npmjs.com/)
-- [Bundler](https://bundler.io/)
+- [Bundler](https://bundler.io/) (< 2.0.0) 
 - [Ruby](https://www.ruby-lang.org) (>= 2.0, < 2.3)
 - [Python](https://www.python.org) (>= 2.7.X, < 3)
 
@@ -35,7 +42,7 @@ npm start
 
 ## Deploying
 
-The repository must be manually deploy to GitHub pages:
+The repository must be manually deployed to GitHub pages:
 
 >
 ```bash
@@ -46,8 +53,8 @@ npm run deploy
 
 ## Search
 
-We are using Algolia [docsearch](https://www.algolia.com/docsearch) for our CE
-documentation search. The algolia index is maintained by Algolia through their
+We are using Algolia [docsearch](https://www.algolia.com/docsearch) for our
+documentation search. The algolia index for Kong is maintained by Algolia through their
 docsearch service. Their [scraper](https://github.com/algolia/docsearch-scraper)
 runs every 24 hours. The config used by the scraper is open source for
 docs.konghq.com and can be found [here](https://github.com/algolia/docsearch-configs/blob/master/configs/getkong.json).
diff --git a/algolia/config.json b/algolia/config.json
new file mode 100644
index 000000000000..fc3ae28bce78
--- /dev/null
+++ b/algolia/config.json
@@ -0,0 +1,41 @@
+{
+  "index_name": "prod_EE",
+  "start_urls": [
+    {
+      "url": "https://docs.konghq.com/enterprise/(?P<version>.*?)/",
+      "variables": {
+        "version": {
+          "url": "https://docs.konghq.com/enterprise/",
+          "js": "var versions = $('ul[aria-labelledby=version-dropdown] a, button#version-dropdown').map(function(i, e) { return $(e).text().replace(/\\s+/g, '').replace(/Version/g, '').replace(/\\(latest\\)/g, ''); }).toArray(); return JSON.stringify(versions);"
+        }
+      }
+    }
+  ],
+  "sitemap_urls": [
+    "https://docs.konghq.com/sitemap.xml"
+  ],
+  "stop_urls": [
+
+  ],
+  "selectors": {
+    "lvl0": {
+      "selector": ".docs-navigation > a.active",
+      "global": true,
+      "default_value": "Kong"
+    },
+    "lvl1": ".content h1",
+    "lvl2": ".content h2",
+    "lvl3": ".content h3",
+    "lvl4": ".content h4",
+    "text": ".content p, .content li"
+  },
+  "selectors_exclude": [
+    "#next-steps",
+    "#next-steps ~ p"
+  ],
+  "only_content_level": true,
+  "conversation_id": [
+    "534091583"
+  ],
+  "nb_hits": 18645
+}
diff --git a/app/.jekyll-metadata b/app/.jekyll-metadata
new file mode 100644
index 000000000000..831baf1b581a
Binary files /dev/null and b/app/.jekyll-metadata differ
diff --git a/app/0.10.x/configuration-reference.md b/app/0.10.x/configuration-reference.md
new file mode 100644
index 000000000000..0d9cd75e8026
--- /dev/null
+++ b/app/0.10.x/configuration-reference.md
@@ -0,0 +1,3 @@
+---
+redirect_to: ../0.10.x/configuration/
+---
diff --git a/app/0.10.x/lua-reference/modules/kong.tools.responses/send.md b/app/0.10.x/lua-reference/modules/kong.tools.responses/send.md
new file mode 100644
index 000000000000..97be5ba41546
--- /dev/null
+++ b/app/0.10.x/lua-reference/modules/kong.tools.responses/send.md
@@ -0,0 +1,3 @@
+---
+redirect_to: https://docs.konghq.com/0.10.x/lua-reference/modules/kong.tools.responses/#send
+---
diff --git a/app/0.10.x/lua-reference/modules/modules/kong.tools.utils.html.md b/app/0.10.x/lua-reference/modules/modules/kong.tools.utils.html.md
new file mode 100644
index 000000000000..1dcc02748d0d
--- /dev/null
+++ b/app/0.10.x/lua-reference/modules/modules/kong.tools.utils.html.md
@@ -0,0 +1,3 @@
+---
+redirect_to: ../0.10.x/lua-reference/modules/kong.tools.utils/
+---
diff --git a/app/0.10.x/lua-reference/modules/modules/spec.helpers.html.md b/app/0.10.x/lua-reference/modules/modules/spec.helpers.html.md
new file mode 100644
index 000000000000..03df5f095cbc
--- /dev/null
+++ b/app/0.10.x/lua-reference/modules/modules/spec.helpers.html.md
@@ -0,0 +1,3 @@
+---
+redirect_to: ../0.10.x/lua-reference/modules/spec.helpers/
+---
diff --git a/app/0.11.x/configuration.md b/app/0.11.x/configuration.md
index 63879e836496..6080729cb1fe 100644
--- a/app/0.11.x/configuration.md
+++ b/app/0.11.x/configuration.md
@@ -1,5 +1,6 @@
 ---
 title: Configuration Reference
+redirect_from: "/0.11.x/configuration-reference"
 ---
 
 ## Configuration loading
diff --git a/app/0.11.x/lua-reference/modules/kong.tools.responses.html b/app/0.11.x/lua-reference/modules/kong.tools.responses.html
index 27fbf15e7afc..c68ca7c086cd 100644
--- a/app/0.11.x/lua-reference/modules/kong.tools.responses.html
+++ b/app/0.11.x/lua-reference/modules/kong.tools.responses.html
@@ -3,22 +3,20 @@
 layout: default
 ---
 
-
 <header class="page-header">
   <div class="container">
     <div class="page-header-icon">
-      <img src="/assets/images/icons/icn-documentation.svg" alt="Documentation" />
+      <img
+        src="/assets/images/icons/icn-documentation.svg"
+        alt="Documentation"
+      />
     </div>
     <div class="page-header-title">
       <h1>Public Lua API Reference</h1>
       <p>For plugins developers and core contributors</p>
     </div>
-    {% if site.data.kong_versions.size > 1 %}
-      {% include lua-reference-dropdown.html
-        page=page
-        site=site
-      %}
-    {% endif %}
+    {% if site.data.kong_versions.size > 1 %} {% include
+    lua-reference-dropdown.html page=page site=site %} {% endif %}
   </div>
 </header>
 
@@ -27,22 +25,44 @@ <h1>Public Lua API Reference</h1>
     <nav>
       <ul>
         <li>
-          <a href="/{{page.kong_version}}"><h5>Back to docs</h5></a>
+          <a href="/{{ page.kong_version }}"><h5>Back to docs</h5></a>
         </li>
         <li>
-          <a href="/{{page.kong_version}}/lua-reference/"><h5>Index</h5></a>
+          <a href="/{{ page.kong_version }}/lua-reference/"><h5>Index</h5></a>
         </li>
         <li>
           <h5>Modules</h5>
           <ul>
             <li><a href="../../modules/kong.dao">kong.dao</a></li>
-            <li><a href="../../modules/kong.plugins.basic-auth.crypto">kong.plugins.basic-auth.crypto</a></li>
-            <li><a href="../../modules/kong.plugins.galileo.alf">kong.plugins.galileo.alf</a></li>
-            <li><a href="../../modules/kong.plugins.galileo.buffer">kong.plugins.galileo.buffer</a></li>
-            <li><a href="../../modules/kong.plugins.jwt.jwt_parser">kong.plugins.jwt.jwt_parser</a></li>
+            <li>
+              <a href="../../modules/kong.plugins.basic-auth.crypto"
+                >kong.plugins.basic-auth.crypto</a
+              >
+            </li>
+            <li>
+              <a href="../../modules/kong.plugins.galileo.alf"
+                >kong.plugins.galileo.alf</a
+              >
+            </li>
+            <li>
+              <a href="../../modules/kong.plugins.galileo.buffer"
+                >kong.plugins.galileo.buffer</a
+              >
+            </li>
+            <li>
+              <a href="../../modules/kong.plugins.jwt.jwt_parser"
+                >kong.plugins.jwt.jwt_parser</a
+              >
+            </li>
             <li>kong.tools.responses</li>
-            <li><a href="../../modules/kong.tools.timestamp">kong.tools.timestamp</a></li>
-            <li><a href="../../modules/kong.tools.utils">kong.tools.utils</a></li>
+            <li>
+              <a href="../../modules/kong.tools.timestamp"
+                >kong.tools.timestamp</a
+              >
+            </li>
+            <li>
+              <a href="../../modules/kong.tools.utils">kong.tools.utils</a>
+            </li>
             <li><a href="../../modules/spec.helpers">spec.helpers</a></li>
           </ul>
         </li>
@@ -51,16 +71,21 @@ <h5>Modules</h5>
   </aside>
 
   <div class="page-content-container">
-  <div class="page-content">
-    <div class="content">
-<h1><code>kong.tools.responses</code></h1>
-<p>Kong helper methods to send HTTP responses to clients.</p>
-<p>Can be used in the proxy (core/resolver), plugins or Admin API.
- Most used HTTP status codes and responses are implemented as helper methods.</p>
-
-<h3>Usage:</h3>
-<ul>
-  <li><pre>local responses = require &quot;kong.tools.responses&quot;
+    <div class="page-content">
+      <div class="content">
+        <h1><code>kong.tools.responses</code></h1>
+        <p>Kong helper methods to send HTTP responses to clients.</p>
+        <p>
+          Can be used in the proxy (core/resolver), plugins or Admin API. Most
+          used HTTP status codes and responses are implemented as helper
+          methods.
+        </p>
+
+        <h3>Usage:</h3>
+        <ul>
+          <li>
+            <pre>
+local responses = require &quot;kong.tools.responses&quot;
 
 -- In an Admin API endpoint handler, or in one of the plugins&apos; phases.
 -- the `return` keyword is optional since the execution will be stopped
@@ -72,166 +97,198 @@ <h3>Usage:</h3>
 
 -- Raw send() helper:
 return responses.send(418, &quot;This is a teapot&quot;)
-</pre></li>
-</ul>
-
-<h3>Info:</h3>
-<ul>
-</ul>
-
-<h2><a href="#Functions">Functions</a></h2>
-<table class="function_list">
-  <tr>
-    <td class="name"><a href="#send">send (status_code, body, headers)</a></td>
-    <td class="summary">Send a response with any status code or body,
- Not all status codes are available as sugar methods, this function can be
- used to send any response.</td>
-  </tr>
-</table>
-<h2><a href="#Tables">Tables</a></h2>
-<table class="function_list">
-  <tr>
-    <td class="name"><a href="#status_codes">status_codes</a></td>
-    <td class="summary">Define the most common HTTP status codes for sugar methods.</td>
-  </tr>
-</table>
-
-
-<h2 class="section-header "><a name="Functions">Functions</a></h2>
-
-
-<dl class="function">
-  <hr />
-  <dt>
-    <h4><a name="#send">send</a></h4>
-  </dt>
-  <dd>
-    Send a response with any status code or body,
- Not all status codes are available as sugar methods, this function can be
- used to send any response.
- For <code>status_code=5xx</code> the <code>content</code> parameter should be the description of the error that occurred.
- For <code>status_code=500</code> the content will be logged by ngx.log as an ERR.
- Will call <a href="https://github.com/openresty/lua-nginx-module#ngxsay">ngx.say</a> and <a href="https://github.com/openresty/lua-nginx-module#ngxexit">ngx.exit</a>, terminating the current context.
-
-    <h5>Parameters:</h5>
-    <ul>
-        <li>
-          <code class="parameter">status_code</code>
-          <span class="types"><span class="type">number</span></span>
-          HTTP status code to send
-        </li>
-        <li>
-          <code class="parameter">body</code>
-          A string or table which will be the body of the sent response. If table, the response will be encoded as a JSON object. If string, the response will be a JSON object and the string will be contained in the <code>message</code> property.
-        </li>
-        <li>
-          <code class="parameter">headers</code>
-          <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
-          Response headers to send.
-        </li>
-    </ul>
-
-    <h5>Returns:</h5>
-    <ul>
-      <li>
-        ngx.exit (Exit current context)
-      </li>
-    </ul>
-
-
-    <h5>See also:</h5>
-    <ul>
-      <li><a href="https://github.com/openresty/lua-nginx-module#ngxsay">ngx.say</a></li>
-      <li><a href="https://github.com/openresty/lua-nginx-module#ngxexit">ngx.exit</a></li>
-    </ul>
-
-
-
-  </dd>
-</dl>
-
-<h2 class="section-header "><a name="Tables">Tables</a></h2>
-
-
-<dl class="function">
-  <hr />
-  <dt>
-    <h4><a name="status_codes">status_codes</a></h4>
-  </dt>
-  <dd>
-    Define the most common HTTP status codes for sugar methods.
- Each of those status will generate a helper method (sugar)
- attached to this exported module prefixed with <code>send_</code>.
- Final signature of those methods will be <code>send_&lt;status_code_key&gt;(message, headers)</code>. See <a href="#send">send</a> for more details on those parameters.
-
-    <h5>Fields:</h5>
-    <ul>
-        <li>
-          <code class="parameter">HTTP_OK</code>
-          200 OK
-        </li>
-        <li>
-          <code class="parameter">HTTP_CREATED</code>
-          201 Created
-        </li>
-        <li>
-          <code class="parameter">HTTP_NO_CONTENT</code>
-          204 No Content
-        </li>
-        <li>
-          <code class="parameter">HTTP_BAD_REQUEST</code>
-          400 Bad Request
-        </li>
-        <li>
-          <code class="parameter">HTTP_UNAUTHORIZED</code>
-          401 Unauthorized
-        </li>
-        <li>
-          <code class="parameter">HTTP_FORBIDDEN</code>
-          403 Forbidden
-        </li>
-        <li>
-          <code class="parameter">HTTP_NOT_FOUND</code>
-          404 Not Found
-        </li>
-        <li>
-          <code class="parameter">HTTP_METHOD_NOT_ALLOWED</code>
-          405 Method Not Allowed
-        </li>
-        <li>
-          <code class="parameter">HTTP_CONFLICT</code>
-          409 Conflict
-        </li>
-        <li>
-          <code class="parameter">HTTP_UNSUPPORTED_MEDIA_TYPE</code>
-          415 Unsupported Media Type
-        </li>
-        <li>
-          <code class="parameter">HTTP_INTERNAL_SERVER_ERROR</code>
-          Internal Server Error
-        </li>
-        <li>
-          <code class="parameter">HTTP_SERVICE_UNAVAILABLE</code>
-          503 Service Unavailable
-        </li>
-    </ul>
-
-
-
-
-    <h5>Usage:</h5>
-    <ul>
-      <li><pre class="example"><span class="keyword">return</span> responses.send_HTTP_OK()</pre></li>
-      <li><pre class="example"><span class="keyword">return</span> responses.HTTP_CREATED(<span class="string">"Entity created"</span>)</pre></li>
-      <li><pre class="example"><span class="keyword">return</span> responses.HTTP_INTERNAL_SERVER_ERROR()</pre></li>
-    </ul>
-
-
-  </dd>
-</dl>
-
-
+</pre
+            >
+          </li>
+        </ul>
+
+        <h3>Info:</h3>
+        <ul></ul>
+
+        <h2><a href="#Functions">Functions</a></h2>
+        <table class="function_list">
+          <tr>
+            <td class="name">
+              <a href="#send">send (status_code, body, headers)</a>
+            </td>
+            <td class="summary">
+              Send a response with any status code or body, Not all status codes
+              are available as sugar methods, this function can be used to send
+              any response.
+            </td>
+          </tr>
+        </table>
+
+        <h2><a href="#Tables">Tables</a></h2>
+        <table class="function_list">
+          <tr>
+            <td class="name"><a href="#status_codes">status_codes</a></td>
+            <td class="summary">
+              Define the most common HTTP status codes for sugar methods.
+            </td>
+          </tr>
+        </table>
+
+        <h2 class="section-header "><a name="Functions">Functions</a></h2>
+
+        <dl class="function">
+          <hr />
+          <dt>
+            <h4><a name="#send">send</a></h4>
+          </dt>
+          <dd>
+            Send a response with any status code or body, Not all status codes
+            are available as sugar methods, this function can be used to send
+            any response. For <code>status_code=5xx</code> the
+            <code>content</code> parameter should be the description of the
+            error that occurred. For <code>status_code=500</code> the content
+            will be logged by ngx.log as an ERR. Will call
+            <a href="https://github.com/openresty/lua-nginx-module#ngxsay"
+              >ngx.say</a
+            >
+            and
+            <a href="https://github.com/openresty/lua-nginx-module#ngxexit"
+              >ngx.exit</a
+            >, terminating the current context.
+
+            <h5>Parameters:</h5>
+            <ul>
+              <li>
+                <code class="parameter">status_code</code>
+                <span class="types"><span class="type">number</span></span>
+                HTTP status code to send
+              </li>
+              <li>
+                <code class="parameter">body</code>
+                A string or table which will be the body of the sent response.
+                If table, the response will be encoded as a JSON object. If
+                string, the response will be a JSON object and the string will
+                be contained in the <code>message</code> property.
+              </li>
+              <li>
+                <code class="parameter">headers</code>
+                <span class="types"
+                  ><a
+                    class="type"
+                    href="https://www.lua.org/manual/5.1/manual.html#5.5"
+                    >table</a
+                  ></span
+                >
+                Response headers to send.
+              </li>
+            </ul>
+
+            <h5>Returns:</h5>
+            <ul>
+              <li>
+                ngx.exit (Exit current context)
+              </li>
+            </ul>
+
+            <h5>See also:</h5>
+            <ul>
+              <li>
+                <a href="https://github.com/openresty/lua-nginx-module#ngxsay"
+                  >ngx.say</a
+                >
+              </li>
+              <li>
+                <a href="https://github.com/openresty/lua-nginx-module#ngxexit"
+                  >ngx.exit</a
+                >
+              </li>
+            </ul>
+          </dd>
+        </dl>
+
+        <h2 class="section-header "><a name="Tables">Tables</a></h2>
+
+        <dl class="function">
+          <hr />
+          <dt>
+            <h4><a name="status_codes">status_codes</a></h4>
+          </dt>
+          <dd>
+            Define the most common HTTP status codes for sugar methods. Each of
+            those status will generate a helper method (sugar) attached to this
+            exported module prefixed with <code>send_</code>. Final signature of
+            those methods will be
+            <code>send_&lt;status_code_key&gt;(message, headers)</code>. See
+            <a href="#send">send</a> for more details on those parameters.
+
+            <h5>Fields:</h5>
+            <ul>
+              <li>
+                <code class="parameter">HTTP_OK</code>
+                200 OK
+              </li>
+              <li>
+                <code class="parameter">HTTP_CREATED</code>
+                201 Created
+              </li>
+              <li>
+                <code class="parameter">HTTP_NO_CONTENT</code>
+                204 No Content
+              </li>
+              <li>
+                <code class="parameter">HTTP_BAD_REQUEST</code>
+                400 Bad Request
+              </li>
+              <li>
+                <code class="parameter">HTTP_UNAUTHORIZED</code>
+                401 Unauthorized
+              </li>
+              <li>
+                <code class="parameter">HTTP_FORBIDDEN</code>
+                403 Forbidden
+              </li>
+              <li>
+                <code class="parameter">HTTP_NOT_FOUND</code>
+                404 Not Found
+              </li>
+              <li>
+                <code class="parameter">HTTP_METHOD_NOT_ALLOWED</code>
+                405 Method Not Allowed
+              </li>
+              <li>
+                <code class="parameter">HTTP_CONFLICT</code>
+                409 Conflict
+              </li>
+              <li>
+                <code class="parameter">HTTP_UNSUPPORTED_MEDIA_TYPE</code>
+                415 Unsupported Media Type
+              </li>
+              <li>
+                <code class="parameter">HTTP_INTERNAL_SERVER_ERROR</code>
+                Internal Server Error
+              </li>
+              <li>
+                <code class="parameter">HTTP_SERVICE_UNAVAILABLE</code>
+                503 Service Unavailable
+              </li>
+            </ul>
+
+            <h5>Usage:</h5>
+            <ul>
+              <li>
+                <pre
+                  class="example"
+                ><span class="keyword">return</span> responses.send_HTTP_OK()</pre>
+              </li>
+              <li>
+                <pre
+                  class="example"
+                ><span class="keyword">return</span> responses.HTTP_CREATED(<span class="string">"Entity created"</span>)</pre>
+              </li>
+              <li>
+                <pre
+                  class="example"
+                ><span class="keyword">return</span> responses.HTTP_INTERNAL_SERVER_ERROR()</pre>
+              </li>
+            </ul>
+          </dd>
+        </dl>
+      </div>
     </div>
   </div>
 </div>
-</div>
diff --git a/app/0.11.x/lua-reference/modules/kong.tools.utils.html b/app/0.11.x/lua-reference/modules/kong.tools.utils.html
index 27db691e1da4..16b8590fe539 100644
--- a/app/0.11.x/lua-reference/modules/kong.tools.utils.html
+++ b/app/0.11.x/lua-reference/modules/kong.tools.utils.html
@@ -1,5 +1,6 @@
 ---
 title: Lua Reference - kong.tools.utils
+redirect_from: "/0.11.x/lua-reference/modules/modules/kong.tools.utils.html"
 layout: default
 ---
 
diff --git a/app/0.11.x/lua-reference/modules/modules/kong.utils.tools.html.md b/app/0.11.x/lua-reference/modules/modules/kong.utils.tools.html.md
new file mode 100644
index 000000000000..21fc1238e609
--- /dev/null
+++ b/app/0.11.x/lua-reference/modules/modules/kong.utils.tools.html.md
@@ -0,0 +1,3 @@
+---
+redirect_to: ../0.11.x/lua-reference/modules/kong.tools.utils/
+---
diff --git a/app/0.12.x/configuration.md b/app/0.12.x/configuration.md
index 60c31aa8c4af..a488bafdd2b1 100644
--- a/app/0.12.x/configuration.md
+++ b/app/0.12.x/configuration.md
@@ -1,5 +1,6 @@
 ---
 title: Configuration Reference
+redirect_from: '/0.12.x/configuration-reference'
 ---
 
 ## Configuration loading
@@ -95,7 +96,7 @@ infrastructure, or embed Kong in an already running OpenResty instance.
 
 Kong can be started, reloaded and restarted with an `--nginx-conf` argument,
 which must specify an Nginx configuration template. Such a template uses the
-[Penlight][Penlight] [templating engine][pl.template], which is compiled using
+[Penlight][penlight] [templating engine][pl.template], which is compiled using
 the given Kong configuration, before being dumped in your Kong prefix
 directory, moments before starting Nginx.
 
@@ -611,7 +612,7 @@ This property also sets the `set_real_ip_from` directive(s) in the Nginx
 configuration. It accepts the same type of values (CIDR blocks) but as a
 comma-separated list.
 
-To trust *all* /!\ IPs, set this value to `0.0.0.0/0,::/0`.
+To trust _all_ /!\ IPs, set this value to `0.0.0.0/0,::/0`.
 
 If the special value `unix:` is specified, all UNIX-domain sockets will be
 trusted.
@@ -725,38 +726,38 @@ Default: `postgres`
 
 #### Postgres settings
 
-name                  |  description
-----------------------|-------------------
-**pg_host**           | Host of the Postgres server
-**pg_port**           | Port of the Postgres server
-**pg_user**           | Postgres user
-**pg_password**       | Postgres user's password
-**pg_database**       | Database to connect to. **must exist**
-**pg_ssl**            | Enable SSL connections to the server
-**pg_ssl_verify**     | If `pg_ssl` is enabled, toggle server certificate verification. See `lua_ssl_trusted_certificate` setting.
+| name              | description                                                                                                |
+| ----------------- | ---------------------------------------------------------------------------------------------------------- |
+| **pg_host**       | Host of the Postgres server                                                                                |
+| **pg_port**       | Port of the Postgres server                                                                                |
+| **pg_user**       | Postgres user                                                                                              |
+| **pg_password**   | Postgres user's password                                                                                   |
+| **pg_database**   | Database to connect to. **must exist**                                                                     |
+| **pg_ssl**        | Enable SSL connections to the server                                                                       |
+| **pg_ssl_verify** | If `pg_ssl` is enabled, toggle server certificate verification. See `lua_ssl_trusted_certificate` setting. |
 
 ---
 
 #### Cassandra settings
 
-name                            | description
---------------------------------|------------------
-**cassandra_contact_points**    | Comma-separated list of contacts points to your Cassandra cluster.
-**cassandra_port**              | Port on which your nodes are listening.
-**cassandra_keyspace**          | Keyspace to use in your cluster. Will be created if doesn't exist.
-**cassandra_consistency**       | Consistency setting to use when reading/writing.
-**cassandra_timeout**           | Timeout (in ms) for reading/writing.
-**cassandra_ssl**               | Enable SSL connections to the nodes.
-**cassandra_ssl_verify**        | If `cassandra_ssl` is enabled, toggle server certificate verification. See `lua_ssl_trusted_certificate` setting.
-**cassandra_username**          | Username when using the PasswordAuthenticator scheme.
-**cassandra_password**          | Password when using the PasswordAuthenticator scheme.
-**cassandra_consistency**       | Consistency setting to use when reading/writing to the Cassandra cluster.
-**cassandra_lb_policy**         | Load balancing policy to use when distributing queries across your Cassandra cluster. Accepted values are `RoundRobin` and `DCAwareRoundRobin`. Prefer the later if and only if you are using a multi-datacenter cluster, and set the `cassandra_local_datacenter` if so.
-**cassandra_local_datacenter**  | When using the `DCAwareRoundRobin` policy, you must specify the name of the cluster local (closest) to this Kong node.
-**cassandra_repl_strategy**     | If creating the keyspace for the first time, specify a replication strategy.
-**cassandra_repl_factor**       | Specify a replication factor for the `SimpleStrategy`.
-**cassandra_data_centers**      | Specify data centers for the `NetworkTopologyStrategy`.
-**cassandra_schema_consensus_timeout** | Define the timeout (in ms) for the waiting period to each a schema consensus between your Cassandra nodes. This value is only used during migrations.
+| name                                   | description                                                                                                                                                                                                                                                               |
+| -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| **cassandra_contact_points**           | Comma-separated list of contacts points to your Cassandra cluster.                                                                                                                                                                                                        |
+| **cassandra_port**                     | Port on which your nodes are listening.                                                                                                                                                                                                                                   |
+| **cassandra_keyspace**                 | Keyspace to use in your cluster. Will be created if doesn't exist.                                                                                                                                                                                                        |
+| **cassandra_consistency**              | Consistency setting to use when reading/writing.                                                                                                                                                                                                                          |
+| **cassandra_timeout**                  | Timeout (in ms) for reading/writing.                                                                                                                                                                                                                                      |
+| **cassandra_ssl**                      | Enable SSL connections to the nodes.                                                                                                                                                                                                                                      |
+| **cassandra_ssl_verify**               | If `cassandra_ssl` is enabled, toggle server certificate verification. See `lua_ssl_trusted_certificate` setting.                                                                                                                                                         |
+| **cassandra_username**                 | Username when using the PasswordAuthenticator scheme.                                                                                                                                                                                                                     |
+| **cassandra_password**                 | Password when using the PasswordAuthenticator scheme.                                                                                                                                                                                                                     |
+| **cassandra_consistency**              | Consistency setting to use when reading/writing to the Cassandra cluster.                                                                                                                                                                                                 |
+| **cassandra_lb_policy**                | Load balancing policy to use when distributing queries across your Cassandra cluster. Accepted values are `RoundRobin` and `DCAwareRoundRobin`. Prefer the later if and only if you are using a multi-datacenter cluster, and set the `cassandra_local_datacenter` if so. |
+| **cassandra_local_datacenter**         | When using the `DCAwareRoundRobin` policy, you must specify the name of the cluster local (closest) to this Kong node.                                                                                                                                                    |
+| **cassandra_repl_strategy**            | If creating the keyspace for the first time, specify a replication strategy.                                                                                                                                                                                              |
+| **cassandra_repl_factor**              | Specify a replication factor for the `SimpleStrategy`.                                                                                                                                                                                                                    |
+| **cassandra_data_centers**             | Specify data centers for the `NetworkTopologyStrategy`.                                                                                                                                                                                                                   |
+| **cassandra_schema_consensus_timeout** | Define the timeout (in ms) for the waiting period to each a schema consensus between your Cassandra nodes. This value is only used during migrations.                                                                                                                     |
 
 [Back to TOC](#table-of-contents)
 
@@ -990,6 +991,5 @@ Default: `30`
 [Back to TOC](#table-of-contents)
 
 [ngx_http_realip_module]: http://nginx.org/en/docs/http/ngx_http_realip_module.html
-
-[Penlight]: http://stevedonovan.github.io/Penlight/api/index.html
+[penlight]: http://stevedonovan.github.io/Penlight/api/index.html
 [pl.template]: http://stevedonovan.github.io/Penlight/api/libraries/pl.template.html
diff --git a/app/0.12.x/lua-reference/modules/kong.tools.responses.html b/app/0.12.x/lua-reference/modules/kong.tools.responses.html
index bb089bd88038..f4dafad308ae 100644
--- a/app/0.12.x/lua-reference/modules/kong.tools.responses.html
+++ b/app/0.12.x/lua-reference/modules/kong.tools.responses.html
@@ -3,22 +3,20 @@
 layout: default
 ---
 
-
 <header class="page-header">
   <div class="container">
     <div class="page-header-icon">
-      <img src="/assets/images/icons/icn-documentation.svg" alt="Documentation" />
+      <img
+        src="/assets/images/icons/icn-documentation.svg"
+        alt="Documentation"
+      />
     </div>
     <div class="page-header-title">
       <h1>Public Lua API Reference</h1>
       <p>For plugins developers and core contributors</p>
     </div>
-    {% if site.data.kong_versions.size > 1 %}
-      {% include lua-reference-dropdown.html
-        page=page
-        site=site
-      %}
-    {% endif %}
+    {% if site.data.kong_versions.size > 1 %} {% include
+    lua-reference-dropdown.html page=page site=site %} {% endif %}
   </div>
 </header>
 
@@ -27,22 +25,44 @@ <h1>Public Lua API Reference</h1>
     <nav>
       <ul>
         <li>
-          <a href="/{{page.kong_version}}"><h5>Back to docs</h5></a>
+          <a href="/{{ page.kong_version }}"><h5>Back to docs</h5></a>
         </li>
         <li>
-          <a href="/{{page.kong_version}}/lua-reference/"><h5>Index</h5></a>
+          <a href="/{{ page.kong_version }}/lua-reference/"><h5>Index</h5></a>
         </li>
         <li>
           <h5>Modules</h5>
           <ul>
             <li><a href="../../modules/kong.dao">kong.dao</a></li>
-            <li><a href="../../modules/kong.plugins.basic-auth.crypto">kong.plugins.basic-auth.crypto</a></li>
-            <li><a href="../../modules/kong.plugins.galileo.alf">kong.plugins.galileo.alf</a></li>
-            <li><a href="../../modules/kong.plugins.galileo.buffer">kong.plugins.galileo.buffer</a></li>
-            <li><a href="../../modules/kong.plugins.jwt.jwt_parser">kong.plugins.jwt.jwt_parser</a></li>
+            <li>
+              <a href="../../modules/kong.plugins.basic-auth.crypto"
+                >kong.plugins.basic-auth.crypto</a
+              >
+            </li>
+            <li>
+              <a href="../../modules/kong.plugins.galileo.alf"
+                >kong.plugins.galileo.alf</a
+              >
+            </li>
+            <li>
+              <a href="../../modules/kong.plugins.galileo.buffer"
+                >kong.plugins.galileo.buffer</a
+              >
+            </li>
+            <li>
+              <a href="../../modules/kong.plugins.jwt.jwt_parser"
+                >kong.plugins.jwt.jwt_parser</a
+              >
+            </li>
             <li>kong.tools.responses</li>
-            <li><a href="../../modules/kong.tools.timestamp">kong.tools.timestamp</a></li>
-            <li><a href="../../modules/kong.tools.utils">kong.tools.utils</a></li>
+            <li>
+              <a href="../../modules/kong.tools.timestamp"
+                >kong.tools.timestamp</a
+              >
+            </li>
+            <li>
+              <a href="../../modules/kong.tools.utils">kong.tools.utils</a>
+            </li>
             <li><a href="../../modules/spec.helpers">spec.helpers</a></li>
           </ul>
         </li>
@@ -51,16 +71,21 @@ <h5>Modules</h5>
   </aside>
 
   <div class="page-content-container">
-  <div class="page-content">
-    <div class="content">
-<h1><code>kong.tools.responses</code></h1>
-<p>Kong helper methods to send HTTP responses to clients.</p>
-<p>Can be used in the proxy (core/resolver), plugins or Admin API.
- Most used HTTP status codes and responses are implemented as helper methods.</p>
-
-<h3>Usage:</h3>
-<ul>
-  <li><pre>local responses = require &quot;kong.tools.responses&quot;
+    <div class="page-content">
+      <div class="content">
+        <h1><code>kong.tools.responses</code></h1>
+        <p>Kong helper methods to send HTTP responses to clients.</p>
+        <p>
+          Can be used in the proxy (core/resolver), plugins or Admin API. Most
+          used HTTP status codes and responses are implemented as helper
+          methods.
+        </p>
+
+        <h3>Usage:</h3>
+        <ul>
+          <li>
+            <pre>
+local responses = require &quot;kong.tools.responses&quot;
 
 -- In an Admin API endpoint handler, or in one of the plugins&apos; phases.
 -- the `return` keyword is optional since the execution will be stopped
@@ -72,166 +97,198 @@ <h3>Usage:</h3>
 
 -- Raw send() helper:
 return responses.send(418, &quot;This is a teapot&quot;)
-</pre></li>
-</ul>
-
-<h3>Info:</h3>
-<ul>
-</ul>
-
-<h2><a href="#Functions">Functions</a></h2>
-<table class="function_list">
-  <tr>
-    <td class="name"><a href="#send">send (status_code, body, headers)</a></td>
-    <td class="summary">Send a response with any status code or body,
- Not all status codes are available as sugar methods, this function can be
- used to send any response.</td>
-  </tr>
-</table>
-<h2><a href="#Tables">Tables</a></h2>
-<table class="function_list">
-  <tr>
-    <td class="name"><a href="#status_codes">status_codes</a></td>
-    <td class="summary">Define the most common HTTP status codes for sugar methods.</td>
-  </tr>
-</table>
-
-
-<h2 class="section-header "><a name="Functions">Functions</a></h2>
-
-
-<dl class="function">
-  <hr />
-  <dt>
-    <h4><a name="send">send</a></h4>
-  </dt>
-  <dd>
-    Send a response with any status code or body,
- Not all status codes are available as sugar methods, this function can be
- used to send any response.
- For <code>status_code=5xx</code> the <code>content</code> parameter should be the description of the error that occurred.
- For <code>status_code=500</code> the content will be logged by ngx.log as an ERR.
- Will call <a href="https://github.com/openresty/lua-nginx-module#ngxsay">ngx.say</a> and <a href="https://github.com/openresty/lua-nginx-module#ngxexit">ngx.exit</a>, terminating the current context.
-
-    <h5>Parameters:</h5>
-    <ul>
-        <li>
-          <code class="parameter">status_code</code>
-          <span class="types"><span class="type">number</span></span>
-          HTTP status code to send
-        </li>
-        <li>
-          <code class="parameter">body</code>
-          A string or table which will be the body of the sent response. If table, the response will be encoded as a JSON object. If string, the response will be a JSON object and the string will be contained in the <code>message</code> property.
-        </li>
-        <li>
-          <code class="parameter">headers</code>
-          <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
-          Response headers to send.
-        </li>
-    </ul>
-
-    <h5>Returns:</h5>
-    <ul>
-      <li>
-        ngx.exit (Exit current context)
-      </li>
-    </ul>
-
-
-    <h5>See also:</h5>
-    <ul>
-      <li><a href="https://github.com/openresty/lua-nginx-module#ngxsay">ngx.say</a></li>
-      <li><a href="https://github.com/openresty/lua-nginx-module#ngxexit">ngx.exit</a></li>
-    </ul>
-
-
-
-  </dd>
-</dl>
-
-<h2 class="section-header "><a name="Tables">Tables</a></h2>
-
-
-<dl class="function">
-  <hr />
-  <dt>
-    <h4><a name="status_codes">status_codes</a></h4>
-  </dt>
-  <dd>
-    Define the most common HTTP status codes for sugar methods.
- Each of those status will generate a helper method (sugar)
- attached to this exported module prefixed with <code>send_</code>.
- Final signature of those methods will be <code>send_&lt;status_code_key&gt;(message, headers)</code>. See <a href="send">send</a> for more details on those parameters.
-
-    <h5>Fields:</h5>
-    <ul>
-        <li>
-          <code class="parameter">HTTP_OK</code>
-          200 OK
-        </li>
-        <li>
-          <code class="parameter">HTTP_CREATED</code>
-          201 Created
-        </li>
-        <li>
-          <code class="parameter">HTTP_NO_CONTENT</code>
-          204 No Content
-        </li>
-        <li>
-          <code class="parameter">HTTP_BAD_REQUEST</code>
-          400 Bad Request
-        </li>
-        <li>
-          <code class="parameter">HTTP_UNAUTHORIZED</code>
-          401 Unauthorized
-        </li>
-        <li>
-          <code class="parameter">HTTP_FORBIDDEN</code>
-          403 Forbidden
-        </li>
-        <li>
-          <code class="parameter">HTTP_NOT_FOUND</code>
-          404 Not Found
-        </li>
-        <li>
-          <code class="parameter">HTTP_METHOD_NOT_ALLOWED</code>
-          405 Method Not Allowed
-        </li>
-        <li>
-          <code class="parameter">HTTP_CONFLICT</code>
-          409 Conflict
-        </li>
-        <li>
-          <code class="parameter">HTTP_UNSUPPORTED_MEDIA_TYPE</code>
-          415 Unsupported Media Type
-        </li>
-        <li>
-          <code class="parameter">HTTP_INTERNAL_SERVER_ERROR</code>
-          Internal Server Error
-        </li>
-        <li>
-          <code class="parameter">HTTP_SERVICE_UNAVAILABLE</code>
-          503 Service Unavailable
-        </li>
-    </ul>
-
-
-
-
-    <h5>Usage:</h5>
-    <ul>
-      <li><pre class="example"><span class="keyword">return</span> responses.send_HTTP_OK()</pre></li>
-      <li><pre class="example"><span class="keyword">return</span> responses.HTTP_CREATED(<span class="string">"Entity created"</span>)</pre></li>
-      <li><pre class="example"><span class="keyword">return</span> responses.HTTP_INTERNAL_SERVER_ERROR()</pre></li>
-    </ul>
-
-
-  </dd>
-</dl>
-
-
+</pre
+            >
+          </li>
+        </ul>
+
+        <h3>Info:</h3>
+        <ul></ul>
+
+        <h2><a href="#Functions">Functions</a></h2>
+        <table class="function_list">
+          <tr>
+            <td class="name">
+              <a href="#send">send (status_code, body, headers)</a>
+            </td>
+            <td class="summary">
+              Send a response with any status code or body, Not all status codes
+              are available as sugar methods, this function can be used to send
+              any response.
+            </td>
+          </tr>
+        </table>
+
+        <h2><a href="#Tables">Tables</a></h2>
+        <table class="function_list">
+          <tr>
+            <td class="name"><a href="#status_codes">status_codes</a></td>
+            <td class="summary">
+              Define the most common HTTP status codes for sugar methods.
+            </td>
+          </tr>
+        </table>
+
+        <h2 class="section-header "><a name="Functions">Functions</a></h2>
+
+        <dl class="function">
+          <hr />
+          <dt>
+            <h4><a name="send">send</a></h4>
+          </dt>
+          <dd>
+            Send a response with any status code or body, Not all status codes
+            are available as sugar methods, this function can be used to send
+            any response. For <code>status_code=5xx</code> the
+            <code>content</code> parameter should be the description of the
+            error that occurred. For <code>status_code=500</code> the content
+            will be logged by ngx.log as an ERR. Will call
+            <a href="https://github.com/openresty/lua-nginx-module#ngxsay"
+              >ngx.say</a
+            >
+            and
+            <a href="https://github.com/openresty/lua-nginx-module#ngxexit"
+              >ngx.exit</a
+            >, terminating the current context.
+
+            <h5>Parameters:</h5>
+            <ul>
+              <li>
+                <code class="parameter">status_code</code>
+                <span class="types"><span class="type">number</span></span>
+                HTTP status code to send
+              </li>
+              <li>
+                <code class="parameter">body</code>
+                A string or table which will be the body of the sent response.
+                If table, the response will be encoded as a JSON object. If
+                string, the response will be a JSON object and the string will
+                be contained in the <code>message</code> property.
+              </li>
+              <li>
+                <code class="parameter">headers</code>
+                <span class="types"
+                  ><a
+                    class="type"
+                    href="https://www.lua.org/manual/5.1/manual.html#5.5"
+                    >table</a
+                  ></span
+                >
+                Response headers to send.
+              </li>
+            </ul>
+
+            <h5>Returns:</h5>
+            <ul>
+              <li>
+                ngx.exit (Exit current context)
+              </li>
+            </ul>
+
+            <h5>See also:</h5>
+            <ul>
+              <li>
+                <a href="https://github.com/openresty/lua-nginx-module#ngxsay"
+                  >ngx.say</a
+                >
+              </li>
+              <li>
+                <a href="https://github.com/openresty/lua-nginx-module#ngxexit"
+                  >ngx.exit</a
+                >
+              </li>
+            </ul>
+          </dd>
+        </dl>
+
+        <h2 class="section-header "><a name="Tables">Tables</a></h2>
+
+        <dl class="function">
+          <hr />
+          <dt>
+            <h4><a name="status_codes">status_codes</a></h4>
+          </dt>
+          <dd>
+            Define the most common HTTP status codes for sugar methods. Each of
+            those status will generate a helper method (sugar) attached to this
+            exported module prefixed with <code>send_</code>. Final signature of
+            those methods will be
+            <code>send_&lt;status_code_key&gt;(message, headers)</code>. See
+            <a href="send">send</a> for more details on those parameters.
+
+            <h5>Fields:</h5>
+            <ul>
+              <li>
+                <code class="parameter">HTTP_OK</code>
+                200 OK
+              </li>
+              <li>
+                <code class="parameter">HTTP_CREATED</code>
+                201 Created
+              </li>
+              <li>
+                <code class="parameter">HTTP_NO_CONTENT</code>
+                204 No Content
+              </li>
+              <li>
+                <code class="parameter">HTTP_BAD_REQUEST</code>
+                400 Bad Request
+              </li>
+              <li>
+                <code class="parameter">HTTP_UNAUTHORIZED</code>
+                401 Unauthorized
+              </li>
+              <li>
+                <code class="parameter">HTTP_FORBIDDEN</code>
+                403 Forbidden
+              </li>
+              <li>
+                <code class="parameter">HTTP_NOT_FOUND</code>
+                404 Not Found
+              </li>
+              <li>
+                <code class="parameter">HTTP_METHOD_NOT_ALLOWED</code>
+                405 Method Not Allowed
+              </li>
+              <li>
+                <code class="parameter">HTTP_CONFLICT</code>
+                409 Conflict
+              </li>
+              <li>
+                <code class="parameter">HTTP_UNSUPPORTED_MEDIA_TYPE</code>
+                415 Unsupported Media Type
+              </li>
+              <li>
+                <code class="parameter">HTTP_INTERNAL_SERVER_ERROR</code>
+                Internal Server Error
+              </li>
+              <li>
+                <code class="parameter">HTTP_SERVICE_UNAVAILABLE</code>
+                503 Service Unavailable
+              </li>
+            </ul>
+
+            <h5>Usage:</h5>
+            <ul>
+              <li>
+                <pre
+                  class="example"
+                ><span class="keyword">return</span> responses.send_HTTP_OK()</pre>
+              </li>
+              <li>
+                <pre
+                  class="example"
+                ><span class="keyword">return</span> responses.HTTP_CREATED(<span class="string">"Entity created"</span>)</pre>
+              </li>
+              <li>
+                <pre
+                  class="example"
+                ><span class="keyword">return</span> responses.HTTP_INTERNAL_SERVER_ERROR()</pre>
+              </li>
+            </ul>
+          </dd>
+        </dl>
+      </div>
     </div>
   </div>
 </div>
-</div>
diff --git a/app/0.12.x/lua-reference/modules/kong.tools.responses/send.md b/app/0.12.x/lua-reference/modules/kong.tools.responses/send.md
new file mode 100644
index 000000000000..888a98b0af8a
--- /dev/null
+++ b/app/0.12.x/lua-reference/modules/kong.tools.responses/send.md
@@ -0,0 +1,3 @@
+---
+redirect_to: ../0.12.x/lua-reference/modules/kong.tools.responses/#send
+---
diff --git a/app/0.12.x/lua-reference/modules/modules/kong.tools.utils.html.md b/app/0.12.x/lua-reference/modules/modules/kong.tools.utils.html.md
new file mode 100644
index 000000000000..3c49d1609b64
--- /dev/null
+++ b/app/0.12.x/lua-reference/modules/modules/kong.tools.utils.html.md
@@ -0,0 +1,3 @@
+---
+redirect_to: ../0.12.x/lua-reference/modules/kong.tools.utils/
+---
diff --git a/app/0.13.x/configuration.md b/app/0.13.x/configuration.md
index 265266bda8a0..ebef5eaaa30d 100644
--- a/app/0.13.x/configuration.md
+++ b/app/0.13.x/configuration.md
@@ -1,5 +1,6 @@
 ---
 title: Configuration Reference
+redirect_from: '/0.13.x/configuration-reference/'
 ---
 
 ## Configuration loading
@@ -95,7 +96,7 @@ infrastructure, or embed Kong in an already running OpenResty instance.
 
 Kong can be started, reloaded and restarted with an `--nginx-conf` argument,
 which must specify an Nginx configuration template. Such a template uses the
-[Penlight][Penlight] [templating engine][pl.template], which is compiled using
+[Penlight][penlight] [templating engine][pl.template], which is compiled using
 the given Kong configuration, before being dumped in your Kong prefix
 directory, moments before starting Nginx.
 
@@ -392,8 +393,8 @@ Example: `0.0.0.0:80, 0.0.0.0:81 http2, 0.0.0.0:443 ssl, 0.0.0.0:444 http2 ssl`
 
 Comma-separated list of addresses and ports on which the Admin interface
 should listen. The Admin interface is the API allowing you to configure and
-manage Kong. Access to this interface should be *restricted* to Kong
-administrators *only*. This value accepts IPv4, IPv6, and hostnames. Some
+manage Kong. Access to this interface should be _restricted_ to Kong
+administrators _only_. This value accepts IPv4, IPv6, and hostnames. Some
 suffixes can be specified for each pair:
 
 - `ssl` will require that all connections made through a particular
@@ -575,7 +576,7 @@ This property also sets the `set_real_ip_from` directive(s) in the Nginx
 configuration. It accepts the same type of values (CIDR blocks) but as a
 comma-separated list.
 
-To trust *all* /!\ IPs, set this value to `0.0.0.0/0,::/0`.
+To trust _all_ /!\ IPs, set this value to `0.0.0.0/0,::/0`.
 
 If the special value `unix:` is specified, all UNIX-domain sockets will be
 trusted.
@@ -689,38 +690,38 @@ Default: `postgres`
 
 #### Postgres settings
 
-name                  |  description
-----------------------|-------------------
-**pg_host**           | Host of the Postgres server
-**pg_port**           | Port of the Postgres server
-**pg_user**           | Postgres user
-**pg_password**       | Postgres user's password
-**pg_database**       | Database to connect to. **must exist**
-**pg_ssl**            | Enable SSL connections to the server
-**pg_ssl_verify**     | If `pg_ssl` is enabled, toggle server certificate verification. See `lua_ssl_trusted_certificate` setting.
+| name              | description                                                                                                |
+| ----------------- | ---------------------------------------------------------------------------------------------------------- |
+| **pg_host**       | Host of the Postgres server                                                                                |
+| **pg_port**       | Port of the Postgres server                                                                                |
+| **pg_user**       | Postgres user                                                                                              |
+| **pg_password**   | Postgres user's password                                                                                   |
+| **pg_database**   | Database to connect to. **must exist**                                                                     |
+| **pg_ssl**        | Enable SSL connections to the server                                                                       |
+| **pg_ssl_verify** | If `pg_ssl` is enabled, toggle server certificate verification. See `lua_ssl_trusted_certificate` setting. |
 
 ---
 
 #### Cassandra settings
 
-name                            | description
---------------------------------|------------------
-**cassandra_contact_points**    | Comma-separated list of contacts points to your Cassandra cluster.
-**cassandra_port**              | Port on which your nodes are listening.
-**cassandra_keyspace**          | Keyspace to use in your cluster. Will be created if doesn't exist.
-**cassandra_consistency**       | Consistency setting to use when reading/writing.
-**cassandra_timeout**           | Timeout (in ms) for reading/writing.
-**cassandra_ssl**               | Enable SSL connections to the nodes.
-**cassandra_ssl_verify**        | If `cassandra_ssl` is enabled, toggle server certificate verification. See `lua_ssl_trusted_certificate` setting.
-**cassandra_username**          | Username when using the PasswordAuthenticator scheme.
-**cassandra_password**          | Password when using the PasswordAuthenticator scheme.
-**cassandra_consistency**       | Consistency setting to use when reading/writing to the Cassandra cluster.
-**cassandra_lb_policy**         | Load balancing policy to use when distributing queries across your Cassandra cluster. Accepted values are `RoundRobin` and `DCAwareRoundRobin`. Prefer the later if and only if you are using a multi-datacenter cluster, and set the `cassandra_local_datacenter` if so.
-**cassandra_local_datacenter**  | When using the `DCAwareRoundRobin` policy, you must specify the name of the cluster local (closest) to this Kong node.
-**cassandra_repl_strategy**     | If creating the keyspace for the first time, specify a replication strategy.
-**cassandra_repl_factor**       | Specify a replication factor for the `SimpleStrategy`.
-**cassandra_data_centers**      | Specify data centers for the `NetworkTopologyStrategy`.
-**cassandra_schema_consensus_timeout** | Define the timeout (in ms) for the waiting period to each a schema consensus between your Cassandra nodes. This value is only used during migrations.
+| name                                   | description                                                                                                                                                                                                                                                               |
+| -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| **cassandra_contact_points**           | Comma-separated list of contacts points to your Cassandra cluster.                                                                                                                                                                                                        |
+| **cassandra_port**                     | Port on which your nodes are listening.                                                                                                                                                                                                                                   |
+| **cassandra_keyspace**                 | Keyspace to use in your cluster. Will be created if doesn't exist.                                                                                                                                                                                                        |
+| **cassandra_consistency**              | Consistency setting to use when reading/writing.                                                                                                                                                                                                                          |
+| **cassandra_timeout**                  | Timeout (in ms) for reading/writing.                                                                                                                                                                                                                                      |
+| **cassandra_ssl**                      | Enable SSL connections to the nodes.                                                                                                                                                                                                                                      |
+| **cassandra_ssl_verify**               | If `cassandra_ssl` is enabled, toggle server certificate verification. See `lua_ssl_trusted_certificate` setting.                                                                                                                                                         |
+| **cassandra_username**                 | Username when using the PasswordAuthenticator scheme.                                                                                                                                                                                                                     |
+| **cassandra_password**                 | Password when using the PasswordAuthenticator scheme.                                                                                                                                                                                                                     |
+| **cassandra_consistency**              | Consistency setting to use when reading/writing to the Cassandra cluster.                                                                                                                                                                                                 |
+| **cassandra_lb_policy**                | Load balancing policy to use when distributing queries across your Cassandra cluster. Accepted values are `RoundRobin` and `DCAwareRoundRobin`. Prefer the later if and only if you are using a multi-datacenter cluster, and set the `cassandra_local_datacenter` if so. |
+| **cassandra_local_datacenter**         | When using the `DCAwareRoundRobin` policy, you must specify the name of the cluster local (closest) to this Kong node.                                                                                                                                                    |
+| **cassandra_repl_strategy**            | If creating the keyspace for the first time, specify a replication strategy.                                                                                                                                                                                              |
+| **cassandra_repl_factor**              | Specify a replication factor for the `SimpleStrategy`.                                                                                                                                                                                                                    |
+| **cassandra_data_centers**             | Specify data centers for the `NetworkTopologyStrategy`.                                                                                                                                                                                                                   |
+| **cassandra_schema_consensus_timeout** | Define the timeout (in ms) for the waiting period to each a schema consensus between your Cassandra nodes. This value is only used during migrations.                                                                                                                     |
 
 [Back to TOC](#table-of-contents)
 
@@ -954,6 +955,5 @@ Default: `30`
 [Back to TOC](#table-of-contents)
 
 [ngx_http_realip_module]: http://nginx.org/en/docs/http/ngx_http_realip_module.html
-
-[Penlight]: http://stevedonovan.github.io/Penlight/api/index.html
+[penlight]: http://stevedonovan.github.io/Penlight/api/index.html
 [pl.template]: http://stevedonovan.github.io/Penlight/api/libraries/pl.template.html
diff --git a/app/0.13.x/lua-reference/modules/kong.tools.responses.html b/app/0.13.x/lua-reference/modules/kong.tools.responses.html
index bb089bd88038..f4dafad308ae 100644
--- a/app/0.13.x/lua-reference/modules/kong.tools.responses.html
+++ b/app/0.13.x/lua-reference/modules/kong.tools.responses.html
@@ -3,22 +3,20 @@
 layout: default
 ---
 
-
 <header class="page-header">
   <div class="container">
     <div class="page-header-icon">
-      <img src="/assets/images/icons/icn-documentation.svg" alt="Documentation" />
+      <img
+        src="/assets/images/icons/icn-documentation.svg"
+        alt="Documentation"
+      />
     </div>
     <div class="page-header-title">
       <h1>Public Lua API Reference</h1>
       <p>For plugins developers and core contributors</p>
     </div>
-    {% if site.data.kong_versions.size > 1 %}
-      {% include lua-reference-dropdown.html
-        page=page
-        site=site
-      %}
-    {% endif %}
+    {% if site.data.kong_versions.size > 1 %} {% include
+    lua-reference-dropdown.html page=page site=site %} {% endif %}
   </div>
 </header>
 
@@ -27,22 +25,44 @@ <h1>Public Lua API Reference</h1>
     <nav>
       <ul>
         <li>
-          <a href="/{{page.kong_version}}"><h5>Back to docs</h5></a>
+          <a href="/{{ page.kong_version }}"><h5>Back to docs</h5></a>
         </li>
         <li>
-          <a href="/{{page.kong_version}}/lua-reference/"><h5>Index</h5></a>
+          <a href="/{{ page.kong_version }}/lua-reference/"><h5>Index</h5></a>
         </li>
         <li>
           <h5>Modules</h5>
           <ul>
             <li><a href="../../modules/kong.dao">kong.dao</a></li>
-            <li><a href="../../modules/kong.plugins.basic-auth.crypto">kong.plugins.basic-auth.crypto</a></li>
-            <li><a href="../../modules/kong.plugins.galileo.alf">kong.plugins.galileo.alf</a></li>
-            <li><a href="../../modules/kong.plugins.galileo.buffer">kong.plugins.galileo.buffer</a></li>
-            <li><a href="../../modules/kong.plugins.jwt.jwt_parser">kong.plugins.jwt.jwt_parser</a></li>
+            <li>
+              <a href="../../modules/kong.plugins.basic-auth.crypto"
+                >kong.plugins.basic-auth.crypto</a
+              >
+            </li>
+            <li>
+              <a href="../../modules/kong.plugins.galileo.alf"
+                >kong.plugins.galileo.alf</a
+              >
+            </li>
+            <li>
+              <a href="../../modules/kong.plugins.galileo.buffer"
+                >kong.plugins.galileo.buffer</a
+              >
+            </li>
+            <li>
+              <a href="../../modules/kong.plugins.jwt.jwt_parser"
+                >kong.plugins.jwt.jwt_parser</a
+              >
+            </li>
             <li>kong.tools.responses</li>
-            <li><a href="../../modules/kong.tools.timestamp">kong.tools.timestamp</a></li>
-            <li><a href="../../modules/kong.tools.utils">kong.tools.utils</a></li>
+            <li>
+              <a href="../../modules/kong.tools.timestamp"
+                >kong.tools.timestamp</a
+              >
+            </li>
+            <li>
+              <a href="../../modules/kong.tools.utils">kong.tools.utils</a>
+            </li>
             <li><a href="../../modules/spec.helpers">spec.helpers</a></li>
           </ul>
         </li>
@@ -51,16 +71,21 @@ <h5>Modules</h5>
   </aside>
 
   <div class="page-content-container">
-  <div class="page-content">
-    <div class="content">
-<h1><code>kong.tools.responses</code></h1>
-<p>Kong helper methods to send HTTP responses to clients.</p>
-<p>Can be used in the proxy (core/resolver), plugins or Admin API.
- Most used HTTP status codes and responses are implemented as helper methods.</p>
-
-<h3>Usage:</h3>
-<ul>
-  <li><pre>local responses = require &quot;kong.tools.responses&quot;
+    <div class="page-content">
+      <div class="content">
+        <h1><code>kong.tools.responses</code></h1>
+        <p>Kong helper methods to send HTTP responses to clients.</p>
+        <p>
+          Can be used in the proxy (core/resolver), plugins or Admin API. Most
+          used HTTP status codes and responses are implemented as helper
+          methods.
+        </p>
+
+        <h3>Usage:</h3>
+        <ul>
+          <li>
+            <pre>
+local responses = require &quot;kong.tools.responses&quot;
 
 -- In an Admin API endpoint handler, or in one of the plugins&apos; phases.
 -- the `return` keyword is optional since the execution will be stopped
@@ -72,166 +97,198 @@ <h3>Usage:</h3>
 
 -- Raw send() helper:
 return responses.send(418, &quot;This is a teapot&quot;)
-</pre></li>
-</ul>
-
-<h3>Info:</h3>
-<ul>
-</ul>
-
-<h2><a href="#Functions">Functions</a></h2>
-<table class="function_list">
-  <tr>
-    <td class="name"><a href="#send">send (status_code, body, headers)</a></td>
-    <td class="summary">Send a response with any status code or body,
- Not all status codes are available as sugar methods, this function can be
- used to send any response.</td>
-  </tr>
-</table>
-<h2><a href="#Tables">Tables</a></h2>
-<table class="function_list">
-  <tr>
-    <td class="name"><a href="#status_codes">status_codes</a></td>
-    <td class="summary">Define the most common HTTP status codes for sugar methods.</td>
-  </tr>
-</table>
-
-
-<h2 class="section-header "><a name="Functions">Functions</a></h2>
-
-
-<dl class="function">
-  <hr />
-  <dt>
-    <h4><a name="send">send</a></h4>
-  </dt>
-  <dd>
-    Send a response with any status code or body,
- Not all status codes are available as sugar methods, this function can be
- used to send any response.
- For <code>status_code=5xx</code> the <code>content</code> parameter should be the description of the error that occurred.
- For <code>status_code=500</code> the content will be logged by ngx.log as an ERR.
- Will call <a href="https://github.com/openresty/lua-nginx-module#ngxsay">ngx.say</a> and <a href="https://github.com/openresty/lua-nginx-module#ngxexit">ngx.exit</a>, terminating the current context.
-
-    <h5>Parameters:</h5>
-    <ul>
-        <li>
-          <code class="parameter">status_code</code>
-          <span class="types"><span class="type">number</span></span>
-          HTTP status code to send
-        </li>
-        <li>
-          <code class="parameter">body</code>
-          A string or table which will be the body of the sent response. If table, the response will be encoded as a JSON object. If string, the response will be a JSON object and the string will be contained in the <code>message</code> property.
-        </li>
-        <li>
-          <code class="parameter">headers</code>
-          <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
-          Response headers to send.
-        </li>
-    </ul>
-
-    <h5>Returns:</h5>
-    <ul>
-      <li>
-        ngx.exit (Exit current context)
-      </li>
-    </ul>
-
-
-    <h5>See also:</h5>
-    <ul>
-      <li><a href="https://github.com/openresty/lua-nginx-module#ngxsay">ngx.say</a></li>
-      <li><a href="https://github.com/openresty/lua-nginx-module#ngxexit">ngx.exit</a></li>
-    </ul>
-
-
-
-  </dd>
-</dl>
-
-<h2 class="section-header "><a name="Tables">Tables</a></h2>
-
-
-<dl class="function">
-  <hr />
-  <dt>
-    <h4><a name="status_codes">status_codes</a></h4>
-  </dt>
-  <dd>
-    Define the most common HTTP status codes for sugar methods.
- Each of those status will generate a helper method (sugar)
- attached to this exported module prefixed with <code>send_</code>.
- Final signature of those methods will be <code>send_&lt;status_code_key&gt;(message, headers)</code>. See <a href="send">send</a> for more details on those parameters.
-
-    <h5>Fields:</h5>
-    <ul>
-        <li>
-          <code class="parameter">HTTP_OK</code>
-          200 OK
-        </li>
-        <li>
-          <code class="parameter">HTTP_CREATED</code>
-          201 Created
-        </li>
-        <li>
-          <code class="parameter">HTTP_NO_CONTENT</code>
-          204 No Content
-        </li>
-        <li>
-          <code class="parameter">HTTP_BAD_REQUEST</code>
-          400 Bad Request
-        </li>
-        <li>
-          <code class="parameter">HTTP_UNAUTHORIZED</code>
-          401 Unauthorized
-        </li>
-        <li>
-          <code class="parameter">HTTP_FORBIDDEN</code>
-          403 Forbidden
-        </li>
-        <li>
-          <code class="parameter">HTTP_NOT_FOUND</code>
-          404 Not Found
-        </li>
-        <li>
-          <code class="parameter">HTTP_METHOD_NOT_ALLOWED</code>
-          405 Method Not Allowed
-        </li>
-        <li>
-          <code class="parameter">HTTP_CONFLICT</code>
-          409 Conflict
-        </li>
-        <li>
-          <code class="parameter">HTTP_UNSUPPORTED_MEDIA_TYPE</code>
-          415 Unsupported Media Type
-        </li>
-        <li>
-          <code class="parameter">HTTP_INTERNAL_SERVER_ERROR</code>
-          Internal Server Error
-        </li>
-        <li>
-          <code class="parameter">HTTP_SERVICE_UNAVAILABLE</code>
-          503 Service Unavailable
-        </li>
-    </ul>
-
-
-
-
-    <h5>Usage:</h5>
-    <ul>
-      <li><pre class="example"><span class="keyword">return</span> responses.send_HTTP_OK()</pre></li>
-      <li><pre class="example"><span class="keyword">return</span> responses.HTTP_CREATED(<span class="string">"Entity created"</span>)</pre></li>
-      <li><pre class="example"><span class="keyword">return</span> responses.HTTP_INTERNAL_SERVER_ERROR()</pre></li>
-    </ul>
-
-
-  </dd>
-</dl>
-
-
+</pre
+            >
+          </li>
+        </ul>
+
+        <h3>Info:</h3>
+        <ul></ul>
+
+        <h2><a href="#Functions">Functions</a></h2>
+        <table class="function_list">
+          <tr>
+            <td class="name">
+              <a href="#send">send (status_code, body, headers)</a>
+            </td>
+            <td class="summary">
+              Send a response with any status code or body, Not all status codes
+              are available as sugar methods, this function can be used to send
+              any response.
+            </td>
+          </tr>
+        </table>
+
+        <h2><a href="#Tables">Tables</a></h2>
+        <table class="function_list">
+          <tr>
+            <td class="name"><a href="#status_codes">status_codes</a></td>
+            <td class="summary">
+              Define the most common HTTP status codes for sugar methods.
+            </td>
+          </tr>
+        </table>
+
+        <h2 class="section-header "><a name="Functions">Functions</a></h2>
+
+        <dl class="function">
+          <hr />
+          <dt>
+            <h4><a name="send">send</a></h4>
+          </dt>
+          <dd>
+            Send a response with any status code or body, Not all status codes
+            are available as sugar methods, this function can be used to send
+            any response. For <code>status_code=5xx</code> the
+            <code>content</code> parameter should be the description of the
+            error that occurred. For <code>status_code=500</code> the content
+            will be logged by ngx.log as an ERR. Will call
+            <a href="https://github.com/openresty/lua-nginx-module#ngxsay"
+              >ngx.say</a
+            >
+            and
+            <a href="https://github.com/openresty/lua-nginx-module#ngxexit"
+              >ngx.exit</a
+            >, terminating the current context.
+
+            <h5>Parameters:</h5>
+            <ul>
+              <li>
+                <code class="parameter">status_code</code>
+                <span class="types"><span class="type">number</span></span>
+                HTTP status code to send
+              </li>
+              <li>
+                <code class="parameter">body</code>
+                A string or table which will be the body of the sent response.
+                If table, the response will be encoded as a JSON object. If
+                string, the response will be a JSON object and the string will
+                be contained in the <code>message</code> property.
+              </li>
+              <li>
+                <code class="parameter">headers</code>
+                <span class="types"
+                  ><a
+                    class="type"
+                    href="https://www.lua.org/manual/5.1/manual.html#5.5"
+                    >table</a
+                  ></span
+                >
+                Response headers to send.
+              </li>
+            </ul>
+
+            <h5>Returns:</h5>
+            <ul>
+              <li>
+                ngx.exit (Exit current context)
+              </li>
+            </ul>
+
+            <h5>See also:</h5>
+            <ul>
+              <li>
+                <a href="https://github.com/openresty/lua-nginx-module#ngxsay"
+                  >ngx.say</a
+                >
+              </li>
+              <li>
+                <a href="https://github.com/openresty/lua-nginx-module#ngxexit"
+                  >ngx.exit</a
+                >
+              </li>
+            </ul>
+          </dd>
+        </dl>
+
+        <h2 class="section-header "><a name="Tables">Tables</a></h2>
+
+        <dl class="function">
+          <hr />
+          <dt>
+            <h4><a name="status_codes">status_codes</a></h4>
+          </dt>
+          <dd>
+            Define the most common HTTP status codes for sugar methods. Each of
+            those status will generate a helper method (sugar) attached to this
+            exported module prefixed with <code>send_</code>. Final signature of
+            those methods will be
+            <code>send_&lt;status_code_key&gt;(message, headers)</code>. See
+            <a href="send">send</a> for more details on those parameters.
+
+            <h5>Fields:</h5>
+            <ul>
+              <li>
+                <code class="parameter">HTTP_OK</code>
+                200 OK
+              </li>
+              <li>
+                <code class="parameter">HTTP_CREATED</code>
+                201 Created
+              </li>
+              <li>
+                <code class="parameter">HTTP_NO_CONTENT</code>
+                204 No Content
+              </li>
+              <li>
+                <code class="parameter">HTTP_BAD_REQUEST</code>
+                400 Bad Request
+              </li>
+              <li>
+                <code class="parameter">HTTP_UNAUTHORIZED</code>
+                401 Unauthorized
+              </li>
+              <li>
+                <code class="parameter">HTTP_FORBIDDEN</code>
+                403 Forbidden
+              </li>
+              <li>
+                <code class="parameter">HTTP_NOT_FOUND</code>
+                404 Not Found
+              </li>
+              <li>
+                <code class="parameter">HTTP_METHOD_NOT_ALLOWED</code>
+                405 Method Not Allowed
+              </li>
+              <li>
+                <code class="parameter">HTTP_CONFLICT</code>
+                409 Conflict
+              </li>
+              <li>
+                <code class="parameter">HTTP_UNSUPPORTED_MEDIA_TYPE</code>
+                415 Unsupported Media Type
+              </li>
+              <li>
+                <code class="parameter">HTTP_INTERNAL_SERVER_ERROR</code>
+                Internal Server Error
+              </li>
+              <li>
+                <code class="parameter">HTTP_SERVICE_UNAVAILABLE</code>
+                503 Service Unavailable
+              </li>
+            </ul>
+
+            <h5>Usage:</h5>
+            <ul>
+              <li>
+                <pre
+                  class="example"
+                ><span class="keyword">return</span> responses.send_HTTP_OK()</pre>
+              </li>
+              <li>
+                <pre
+                  class="example"
+                ><span class="keyword">return</span> responses.HTTP_CREATED(<span class="string">"Entity created"</span>)</pre>
+              </li>
+              <li>
+                <pre
+                  class="example"
+                ><span class="keyword">return</span> responses.HTTP_INTERNAL_SERVER_ERROR()</pre>
+              </li>
+            </ul>
+          </dd>
+        </dl>
+      </div>
     </div>
   </div>
 </div>
-</div>
diff --git a/app/0.13.x/lua-reference/modules/kong.tools.responses/send.md b/app/0.13.x/lua-reference/modules/kong.tools.responses/send.md
new file mode 100644
index 000000000000..55143f6d8ddb
--- /dev/null
+++ b/app/0.13.x/lua-reference/modules/kong.tools.responses/send.md
@@ -0,0 +1,3 @@
+---
+redirect_to: ../0.13.x/lua-reference/modules/kong.tools.responses/#send
+---
diff --git a/app/0.14.x/configuration.md b/app/0.14.x/configuration.md
index 20056ff07b15..ac275e6f1c59 100644
--- a/app/0.14.x/configuration.md
+++ b/app/0.14.x/configuration.md
@@ -1,5 +1,7 @@
 ---
 title: Configuration Reference
+redirect_from:
+  - /0.14.x/configuration-reference/
 ---
 
 ## Introduction
@@ -100,14 +102,14 @@ Any entry added to your `kong.conf` file that is prefixed by `nginx_http_`,
 directive by removing the prefix and added to the appropriate section of the
 Nginx configuration:
 
-* Entries prefixed with `nginx_http_` will be injected to the overall `http`
-block directive.
+- Entries prefixed with `nginx_http_` will be injected to the overall `http`
+  block directive.
 
-* Entries prefixed with `nginx_proxy_` will be injected to the `server` block
-directive handling Kong's proxy ports.
+- Entries prefixed with `nginx_proxy_` will be injected to the `server` block
+  directive handling Kong's proxy ports.
 
-* Entries prefixed with `nginx_admin_` will be injected to the `server` block
-directive handling Kong's Admin API ports.
+- Entries prefixed with `nginx_admin_` will be injected to the `server` block
+  directive handling Kong's Admin API ports.
 
 For example, if you add the following line to your `kong.conf` file:
 
@@ -211,14 +213,14 @@ files), without having to deal with custom Nginx configuration templates.
 There are two scenarios in which you may want to make use of custom Nginx
 configuration templates directly:
 
-* In the rare occasion that you may need to modify some of Kong's default
-Nginx configuration that are not adjustable via its standard `kong.conf`
-properties, you can still modify the template used by Kong for producing its
-Nginx configuration and launch Kong using your customized template.
+- In the rare occasion that you may need to modify some of Kong's default
+  Nginx configuration that are not adjustable via its standard `kong.conf`
+  properties, you can still modify the template used by Kong for producing its
+  Nginx configuration and launch Kong using your customized template.
 
-* If you need to embed Kong in an already running OpenResty instance, you
-can reuse Kong's generated configuration and include it in your existing
-configuration.
+- If you need to embed Kong in an already running OpenResty instance, you
+  can reuse Kong's generated configuration and include it in your existing
+  configuration.
 
 [Back to TOC](#table-of-contents)
 
@@ -226,7 +228,7 @@ configuration.
 
 Kong can be started, reloaded and restarted with an `--nginx-conf` argument,
 which must specify an Nginx configuration template. Such a template uses the
-[Penlight][Penlight] [templating engine][pl.template], which is compiled using
+[Penlight][penlight] [templating engine][pl.template], which is compiled using
 the given Kong configuration, before being dumped in your Kong prefix
 directory, moments before starting Nginx.
 
@@ -450,11 +452,11 @@ Comma-separated list of names of plugins this node should load.
 
 Each item in the list can be:
 
-* A plugin name. Both bundled plugins (e.g. `key-auth`), and custom plugins
+- A plugin name. Both bundled plugins (e.g. `key-auth`), and custom plugins
   (e.g. `custom-rate-limting`) are accepted here.
-* The keyword `bundled`. This has the same meaning as including all the plugins
+- The keyword `bundled`. This has the same meaning as including all the plugins
   that are bundled with Kong (from the `kong.plugins.{name}.*` namespace).
-* The keyword `off`. When specified, Kong will not load any plugin, and none
+- The keyword `off`. When specified, Kong will not load any plugin, and none
   will be configurable via the Admin API.
 
 Note that Kong will not start if some plugins were previously configured (i.e.
@@ -465,11 +467,11 @@ Default: `bundled`
 
 Examples:
 
-* `plugins=bundled,custom-auth,custom-log` will include the bundled plugins
+- `plugins=bundled,custom-auth,custom-log` will include the bundled plugins
   plus two custom ones
-* `plugins=custom-auth,custom-log` will *only* include the `custom-auth` and
+- `plugins=custom-auth,custom-log` will _only_ include the `custom-auth` and
   `custom-log` plugins.
-* `plugins=off` will not include any plugins
+- `plugins=off` will not include any plugins
 
 **Note:** Limiting the amount of available plugins can improve P99 latency when
 experiencing LRU churning in the database cache (i.e. when the configured
@@ -522,8 +524,8 @@ Example: `0.0.0.0:80, 0.0.0.0:81 http2, 0.0.0.0:443 ssl, 0.0.0.0:444 http2 ssl`
 
 Comma-separated list of addresses and ports on which the Admin interface
 should listen. The Admin interface is the API allowing you to configure and
-manage Kong. Access to this interface should be *restricted* to Kong
-administrators *only*. This value accepts IPv4, IPv6, and hostnames. Some
+manage Kong. Access to this interface should be _restricted_ to Kong
+administrators _only_. This value accepts IPv4, IPv6, and hostnames. Some
 suffixes can be specified for each pair:
 
 - `ssl` will require that all connections made through a particular
@@ -724,20 +726,20 @@ Comma-separated list of headers Kong should inject in client responses.
 
 Accepted values are:
 
-* `Server`: Injects `Server: kong/x.y.z` on Kong-produced response (e.g. Admin
+- `Server`: Injects `Server: kong/x.y.z` on Kong-produced response (e.g. Admin
   API, rejected requests from auth plugin, etc...).
-* `Via`: Injects `Via: kong/x.y.z` for successfully proxied requests.
-* `X-Kong-Proxy-Latency`: Time taken (in milliseconds) by Kong to process
+- `Via`: Injects `Via: kong/x.y.z` for successfully proxied requests.
+- `X-Kong-Proxy-Latency`: Time taken (in milliseconds) by Kong to process
   a request and run all plugins before proxying the request upstream.
-* `X-Kong-Upstream-Latency`: Time taken (in milliseconds) by the upstream
+- `X-Kong-Upstream-Latency`: Time taken (in milliseconds) by the upstream
   service to send response headers.
-* `X-Kong-Upstream-Status`: The HTTP status code returned by the upstream
+- `X-Kong-Upstream-Status`: The HTTP status code returned by the upstream
   service. This is particularly useful for clients to distinguish upstream
   statuses if the response is rewritten by a plugin.
-* `server_tokens`: Same as specifying both `Server` and `Via`.
-* `latency_tokens`: Same as specifying both `X-Kong-Proxy-Latency` and
+- `server_tokens`: Same as specifying both `Server` and `Via`.
+- `latency_tokens`: Same as specifying both `X-Kong-Proxy-Latency` and
   `X-Kong-Upstream-Latency`.
-* `off`: Prevents Kong from injecting any of the above headers. Note that
+- `off`: Prevents Kong from injecting any of the above headers. Note that
   this does not prevent plugins from injecting headers of their own.
 
 Default: `server_tokens, latency_tokens`
@@ -755,7 +757,7 @@ This property also sets the `set_real_ip_from` directive(s) in the Nginx
 configuration. It accepts the same type of values (CIDR blocks) but as a
 comma-separated list.
 
-To trust *all* /!\ IPs, set this value to `0.0.0.0/0,::/0`.
+To trust _all_ /!\ IPs, set this value to `0.0.0.0/0,::/0`.
 
 If the special value `unix:` is specified, all UNIX-domain sockets will be
 trusted.
@@ -864,38 +866,38 @@ Default: `postgres`
 
 #### Postgres settings
 
-name                  |  description
-----------------------|-------------------
-**pg_host**           | Host of the Postgres server
-**pg_port**           | Port of the Postgres server
-**pg_user**           | Postgres user
-**pg_password**       | Postgres user's password
-**pg_database**       | Database to connect to. **must exist**
-**pg_ssl**            | Enable SSL connections to the server
-**pg_ssl_verify**     | If `pg_ssl` is enabled, toggle server certificate verification. See `lua_ssl_trusted_certificate` setting.
+| name              | description                                                                                                |
+| ----------------- | ---------------------------------------------------------------------------------------------------------- |
+| **pg_host**       | Host of the Postgres server                                                                                |
+| **pg_port**       | Port of the Postgres server                                                                                |
+| **pg_user**       | Postgres user                                                                                              |
+| **pg_password**   | Postgres user's password                                                                                   |
+| **pg_database**   | Database to connect to. **must exist**                                                                     |
+| **pg_ssl**        | Enable SSL connections to the server                                                                       |
+| **pg_ssl_verify** | If `pg_ssl` is enabled, toggle server certificate verification. See `lua_ssl_trusted_certificate` setting. |
 
 ---
 
 #### Cassandra settings
 
-name                            | description
---------------------------------|------------------
-**cassandra_contact_points**    | Comma-separated list of contacts points to your Cassandra cluster.
-**cassandra_port**              | Port on which your nodes are listening.
-**cassandra_keyspace**          | Keyspace to use in your cluster. Will be created if doesn't exist.
-**cassandra_consistency**       | Consistency setting to use when reading/writing.
-**cassandra_timeout**           | Timeout (in ms) for reading/writing.
-**cassandra_ssl**               | Enable SSL connections to the nodes.
-**cassandra_ssl_verify**        | If `cassandra_ssl` is enabled, toggle server certificate verification. See `lua_ssl_trusted_certificate` setting.
-**cassandra_username**          | Username when using the PasswordAuthenticator scheme.
-**cassandra_password**          | Password when using the PasswordAuthenticator scheme.
-**cassandra_consistency**       | Consistency setting to use when reading/writing to the Cassandra cluster.
-**cassandra_lb_policy**         | Load balancing policy to use when distributing queries across your Cassandra cluster. Accepted values are `RoundRobin` and `DCAwareRoundRobin` and `RequestDCAwareRoundRobin`. Prefer the later two if and only if you are using a multi-datacenter cluster, and set the `cassandra_local_datacenter` if so.
-**cassandra_local_datacenter**  | When using the `DCAwareRoundRobin` or `RequestDCAwareRoundRobin` policy, you must specify the name of the cluster local (closest) to this Kong node.
-**cassandra_repl_strategy**     | If creating the keyspace for the first time, specify a replication strategy.
-**cassandra_repl_factor**       | Specify a replication factor for the `SimpleStrategy`.
-**cassandra_data_centers**      | Specify data centers for the `NetworkTopologyStrategy`.
-**cassandra_schema_consensus_timeout** | Define the timeout (in ms) for the waiting period to each a schema consensus between your Cassandra nodes. This value is only used during migrations.
+| name                                   | description                                                                                                                                                                                                                                                                                                  |
+| -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| **cassandra_contact_points**           | Comma-separated list of contacts points to your Cassandra cluster.                                                                                                                                                                                                                                           |
+| **cassandra_port**                     | Port on which your nodes are listening.                                                                                                                                                                                                                                                                      |
+| **cassandra_keyspace**                 | Keyspace to use in your cluster. Will be created if doesn't exist.                                                                                                                                                                                                                                           |
+| **cassandra_consistency**              | Consistency setting to use when reading/writing.                                                                                                                                                                                                                                                             |
+| **cassandra_timeout**                  | Timeout (in ms) for reading/writing.                                                                                                                                                                                                                                                                         |
+| **cassandra_ssl**                      | Enable SSL connections to the nodes.                                                                                                                                                                                                                                                                         |
+| **cassandra_ssl_verify**               | If `cassandra_ssl` is enabled, toggle server certificate verification. See `lua_ssl_trusted_certificate` setting.                                                                                                                                                                                            |
+| **cassandra_username**                 | Username when using the PasswordAuthenticator scheme.                                                                                                                                                                                                                                                        |
+| **cassandra_password**                 | Password when using the PasswordAuthenticator scheme.                                                                                                                                                                                                                                                        |
+| **cassandra_consistency**              | Consistency setting to use when reading/writing to the Cassandra cluster.                                                                                                                                                                                                                                    |
+| **cassandra_lb_policy**                | Load balancing policy to use when distributing queries across your Cassandra cluster. Accepted values are `RoundRobin` and `DCAwareRoundRobin` and `RequestDCAwareRoundRobin`. Prefer the later two if and only if you are using a multi-datacenter cluster, and set the `cassandra_local_datacenter` if so. |
+| **cassandra_local_datacenter**         | When using the `DCAwareRoundRobin` or `RequestDCAwareRoundRobin` policy, you must specify the name of the cluster local (closest) to this Kong node.                                                                                                                                                         |
+| **cassandra_repl_strategy**            | If creating the keyspace for the first time, specify a replication strategy.                                                                                                                                                                                                                                 |
+| **cassandra_repl_factor**              | Specify a replication factor for the `SimpleStrategy`.                                                                                                                                                                                                                                                       |
+| **cassandra_data_centers**             | Specify data centers for the `NetworkTopologyStrategy`.                                                                                                                                                                                                                                                      |
+| **cassandra_schema_consensus_timeout** | Define the timeout (in ms) for the waiting period to each a schema consensus between your Cassandra nodes. This value is only used during migrations.                                                                                                                                                        |
 
 [Back to TOC](#table-of-contents)
 
@@ -1140,6 +1142,5 @@ Default: `30`
 [Back to TOC](#table-of-contents)
 
 [ngx_http_realip_module]: http://nginx.org/en/docs/http/ngx_http_realip_module.html
-
-[Penlight]: http://stevedonovan.github.io/Penlight/api/index.html
+[penlight]: http://stevedonovan.github.io/Penlight/api/index.html
 [pl.template]: http://stevedonovan.github.io/Penlight/api/libraries/pl.template.html
diff --git a/app/0.3.x/configuration.md b/app/0.3.x/configuration.md
index bedf0406a436..e8a8b4fdd049 100644
--- a/app/0.3.x/configuration.md
+++ b/app/0.3.x/configuration.md
@@ -1,5 +1,6 @@
 ---
 title: Configuration Reference
+redirect_from: '/0.31-x/configuration/'
 ---
 
 ## Introduction
@@ -88,8 +89,6 @@ nginx_working_dir: /usr/local/kong/
 
 ### `plugins_available`
 
-
-
 A list of plugins installed on this node that Kong will load and try to execute during the lifetime of a request. Kong will look for a [`plugin configuration`](/{{page.kong_version}}/admin-api/#plugin-object) entry for each plugin in this list during each request to determine whether the plugin should be executed. Removing plugins from this list will reduce load on your Kong instance.
 
 **Default:**
@@ -134,66 +133,66 @@ Currently, Kong only supports [Cassandra v{{site.data.kong_latest.dependencies.c
 databases_available:
   cassandra:
     properties:
-      hosts: "localhost"
+      hosts: 'localhost'
       port: 9042
       timeout: 1000
       keyspace: kong
       keepalive: 60000
 ```
 
-  **`databases_available.*.properties`**
+**`databases_available.*.properties`**
 
-  A dictionary of properties needed for Kong to connect to a given database (where `.*` is the name of the database).
+A dictionary of properties needed for Kong to connect to a given database (where `.*` is the name of the database).
 
-  **`databases_available.*.properties.hosts`**
+**`databases_available.*.properties.hosts`**
 
-  The hosts(s) on which Kong should connect to for accessing your Cassandra cluster. Can either be a string or a list. If Kong must connect to another port than the one specified in `properties` for one of your nodes, you can override it for that particular node.
+The hosts(s) on which Kong should connect to for accessing your Cassandra cluster. Can either be a string or a list. If Kong must connect to another port than the one specified in `properties` for one of your nodes, you can override it for that particular node.
 
-  **Example:**
+**Example:**
 
 ```yaml
 properties:
   port: 9042
   hosts:
-    - "52.5.149.55"      # will connect on port 9042
-    - "52.5.149.56:9000" # will connect on port 9000
+    - '52.5.149.55' # will connect on port 9042
+    - '52.5.149.56:9000' # will connect on port 9000
 ```
 
-  **`databases_available.*.properties.port`**
+**`databases_available.*.properties.port`**
 
-  The default port on which Kong should connect on your hosts.
+The default port on which Kong should connect on your hosts.
 
-  **Default:**
+**Default:**
 
 ```yaml
 port: 9042
 ```
 
-  **`databases_available.*.properties.timeout`**
+**`databases_available.*.properties.timeout`**
 
-  Sets the timeout (in milliseconds) for sockets performing operations between Kong and Cassandra.
+Sets the timeout (in milliseconds) for sockets performing operations between Kong and Cassandra.
 
-  **Default:**
+**Default:**
 
 ```yaml
 timeout: 1000
 ```
 
-  **`databases_available.*.properties.keyspace`**
+**`databases_available.*.properties.keyspace`**
 
-  The keyspace in which Kong operates on your cluster.
+The keyspace in which Kong operates on your cluster.
 
-  **Default:**
+**Default:**
 
 ```yaml
 keyspace: kong
 ```
 
-  **`databases_available.*.properties.keepalive`**
+**`databases_available.*.properties.keepalive`**
 
-  The time (in milliseconds) during which Cassandra sockets can be reused by Kong before being closed.
+The time (in milliseconds) during which Cassandra sockets can be reused by Kong before being closed.
 
-  **Default:**
+**Default:**
 
 ```yaml
 keepalive: 60000
diff --git a/app/0.3.x/getting-started/enabling-plugins.md b/app/0.3.x/getting-started/enabling-plugins.md
index e063a589dfdd..bcd7fe44e071 100644
--- a/app/0.3.x/getting-started/enabling-plugins.md
+++ b/app/0.3.x/getting-started/enabling-plugins.md
@@ -1,5 +1,6 @@
 ---
 title: Enabling Plugins
+redirect_from: '/0.31-x/getting-started/enabling-plugins'
 ---
 
 ## Introduction
@@ -77,8 +78,8 @@ Now that you've enabled the **keyauth** plugin lets learn how to add consumers t
 
 Go to [Adding Consumers &rsaquo;][adding-consumers]
 
-[CLI]: /{{page.kong_version}}/cli
-[API]: /{{page.kong_version}}/admin-api
+[cli]: /{{page.kong_version}}/cli
+[api]: /{{page.kong_version}}/admin-api
 [keyauth]: /plugins/key-authentication
 [plugins]: /plugins
 [configuration]: /{{page.kong_version}}/configuration
diff --git a/app/0.6.x/lua-reference/modules/kong.tools.responses/send.md b/app/0.6.x/lua-reference/modules/kong.tools.responses/send.md
new file mode 100644
index 000000000000..bb3b3ee6b1cc
--- /dev/null
+++ b/app/0.6.x/lua-reference/modules/kong.tools.responses/send.md
@@ -0,0 +1,3 @@
+---
+redirect_to: ../0.6.x/lua-reference/modules/kong.tools.responses/#send
+---
diff --git a/app/0.7.x/lua-reference/modules/kong.tools.responses/send.md b/app/0.7.x/lua-reference/modules/kong.tools.responses/send.md
new file mode 100644
index 000000000000..5c247e7c7ee8
--- /dev/null
+++ b/app/0.7.x/lua-reference/modules/kong.tools.responses/send.md
@@ -0,0 +1,3 @@
+---
+redirect_to: ../0.7.x/lua-reference/modules/kong.tools.responses/#send
+---
diff --git a/app/0.8.x/lua-reference/modules/kong.dao.cassandra.base_dao.md b/app/0.8.x/lua-reference/modules/kong.dao.cassandra.base_dao.md
new file mode 100644
index 000000000000..89b779f391c0
--- /dev/null
+++ b/app/0.8.x/lua-reference/modules/kong.dao.cassandra.base_dao.md
@@ -0,0 +1,3 @@
+---
+redirect_to: ../0.8.x/lua-reference/
+---
diff --git a/app/0.8.x/lua-reference/modules/kong.tools.responses/send.md b/app/0.8.x/lua-reference/modules/kong.tools.responses/send.md
new file mode 100644
index 000000000000..38801021326b
--- /dev/null
+++ b/app/0.8.x/lua-reference/modules/kong.tools.responses/send.md
@@ -0,0 +1,3 @@
+---
+redirect_to: ../0.8.x/lua-reference/modules/kong.tools.responses/#send
+---
diff --git a/app/0.9.x/lua-reference/modules/kong.tools.responses/send.md b/app/0.9.x/lua-reference/modules/kong.tools.responses/send.md
new file mode 100644
index 000000000000..013e1adab56a
--- /dev/null
+++ b/app/0.9.x/lua-reference/modules/kong.tools.responses/send.md
@@ -0,0 +1,3 @@
+---
+redirect_to: ../0.9.x/lua-reference/modules/kong.tools.responses/#send
+---
diff --git a/app/1.0.x/configuration.md b/app/1.0.x/configuration.md
index 399244a84255..b4f927fc8599 100644
--- a/app/1.0.x/configuration.md
+++ b/app/1.0.x/configuration.md
@@ -1,5 +1,6 @@
 ---
 title: Configuration Reference
+redirect_from: '/1.0.x/configuration-reference'
 ---
 
 ## Configuration loading
diff --git a/app/1.1.x/configuration.md b/app/1.1.x/configuration.md
index 2d59b3ef2b43..1e5f6228ef4b 100644
--- a/app/1.1.x/configuration.md
+++ b/app/1.1.x/configuration.md
@@ -1,5 +1,6 @@
 ---
 title: Configuration Reference
+redirect_from: '/1.1.x/configuration-reference'
 ---
 
 ## Configuration loading
diff --git a/app/1.1.x/upgrading.md b/app/1.1.x/upgrading.md
index a019d846f832..1db9c78a2913 100644
--- a/app/1.1.x/upgrading.md
+++ b/app/1.1.x/upgrading.md
@@ -3,7 +3,7 @@ title: Upgrade guide
 ---
 
 <div class="alert alert-warning">
-  <strong>Note:</strong> What follows is the upgrade guide for 1.0.x.
+  <strong>Note:</strong> What follows is the upgrade guide for 1.1.x.
   If you are trying to upgrade to an earlier version of Kong, please read
   <a href="https://github.com/Kong/kong/blob/master/UPGRADE.md">UPGRADE.md file in the Kong repo</a>
 </div>
@@ -13,253 +13,91 @@ when upgrading, as well as take you through the correct sequence of steps
 in order to obtain a **no-downtime** migration in different upgrade
 scenarios.
 
-## Upgrade to `1.0.0`
+## Upgrade to `1.1`
 
-This is a major release of Kong, and includes a number of new features
-as well as breaking changes.
+Kong adheres to [semantic versioning](https://semver.org/), which makes a
+distinction between "major", "minor" and "patch" versions. The upgrade path
+will be different on which previous version from which you are migrating.
+If you are upgrading from 0.x, this is a major upgrade. If you are
+upgrading from 1.0.x, this is a minor upgrade. Both scenarios are
+explained below.
 
-This version introduces **a new schema format for plugins**, **changes in
-Admin API endpoints**, **database migrations**, **Nginx configuration
-changes**, and **removed configuration properties**.
+## 1. Dependencies
 
-In this release, the **API entity is removed**, along with its related
-Admin API endpoints.
-
-This section will highlight breaking changes that you need to be aware of
-before upgrading and will describe the recommended upgrade path. We recommend
-that you consult the full [1.0.0
-Changelog](https://github.com/Kong/kong/blob/master/CHANGELOG.md) for a
-complete list of changes and new features.
-
-## 1. Breaking Changes
-
-### Dependencies
+If you are using the provided binary packages, all necessary dependencies
+are bundled. If you are building your dependencies by hand, you should
+be aware of the following changes:
 
 - The required OpenResty version is 1.13.6.2, but for a full feature set,
   including stream routing and service mesh abilities with mutual TLS, you need
   Kong's [openresty-patches](https://github.com/kong/openresty-patches).
+  Note that the set of patches was updated from 1.0 to 1.1.
 - The minimum required OpenSSL version is 1.1.1. If you are building by hand,
   make sure all dependencies, including LuaRocks modules, are compiled using
   the same OpenSSL version. If you are installing Kong from one of our
   distribution packages, you are not affected by this change.
 
-### Configuration
-
-- The `custom_plugins` directive is removed (deprecated since 0.14.0).
-  Use `plugins` instead, which you can use not only to enable
-  custom plugins, but also to disable bundled plugins.
-- The default value for `cassandra_lb_policy` changed from `RoundRobin`
-  to `RequestRoundRobin`.
-- Kong generates a new template file for stream routing,
-  `nginx-kong-stream.conf`, included in the `stream` block
-  of its top-level Nginx configuration file. If you use
-  a custom Nginx configuration and wish to use stream
-  routing, you can generate this file using `kong prepare`.
-- The Nginx configuration file has changed, which means that you need to update
-  it if you are using a custom template. The changes are detailed in the following diff:
-
-``` diff
-diff --git a/kong/templates/nginx_kong.lua b/kong/templates/nginx_kong.lua
-index d4e416bc..8f268ffd 100644
---- a/kong/templates/nginx_kong.lua
-+++ b/kong/templates/nginx_kong.lua
-@@ -66,7 +66,9 @@ upstream kong_upstream {
-     balancer_by_lua_block {
-         Kong.balancer()
-     }
-+> if upstream_keepalive > 0 then
-     keepalive ${{UPSTREAM_KEEPALIVE}};
-+> end
- }
-
- server {
-@@ -85,7 +87,7 @@ server {
- > if proxy_ssl_enabled then
-     ssl_certificate ${{SSL_CERT}};
-     ssl_certificate_key ${{SSL_CERT_KEY}};
--    ssl_protocols TLSv1.1 TLSv1.2;
-+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
-     ssl_certificate_by_lua_block {
-         Kong.ssl_certificate()
-     }
-@@ -200,7 +202,7 @@ server {
- > if admin_ssl_enabled then
-     ssl_certificate ${{ADMIN_SSL_CERT}};
-     ssl_certificate_key ${{ADMIN_SSL_CERT_KEY}};
--    ssl_protocols TLSv1.1 TLSv1.2;
-+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
-
-     ssl_session_cache shared:SSL:10m;
-     ssl_session_timeout 10m;
-```
-
-### Core
-
-- The **API** entity and related concepts such as the
-  `/apis` endpoint, are removed. These were deprecated since
-  0.13.0. Instead, use **Routes** to configure your
-  endpoints and **Services** to configure your upstream
-  services.
-- The old DAO implementation (`kong.dao`) is removed,
-  which includes the old schema validation library. This
-  has implications to plugin developers, listed below.
-  - The last remaining entities that were converted to
-    the new DAO implementation were Plugins, Upstreams
-    and Targets. This has implications to the Admin API,
-    listed below.
-
-### Plugins
-
-Kong 1.0.0 marks the introduction of version 1.0.0 of
-the Plugin Development Kit (PDK). No major changes are
-made to the PDK compared to release 0.14, but some older
-non-PDK functionality which was possibly used by custom
-plugins is now removed.
-
-- Plugins now use the new schema format introduced by the
-  new DAO implementation, for both plugin schemas
-  (in `schema.lua`) and custom DAO entities (`daos.lua`).
-  To ease the transition of plugins, the plugin loader
-  in 1.0 includes a *best-effort* schema auto-translator
-  for `schema.lua`, which should be sufficient for many
-  plugins (in 1.0.0rc1, our bundled plugins used the
-  auto-translator; they now use the new format).
-  - If your plugin using the old format in `schema.lua`
-    fails to load, check the error logs for messages
-    produced by the auto-translator. If a field cannot
-    be auto-translated, you can make a gradual conversion
-    of the schema file by adding a `new_type` entry to
-    the field table translation of the format. See,
-    for example, the [key-auth schema in 1.0.0rc1](https://github.com/Kong/kong/blob/1.0.0rc1/kong/plugins/key-auth/schema.lua#L39-L54).
-    The `new_type` annotation is ignored by Kong 0.x.
-  - If your custom plugin uses custom DAO objects (i.e.
-    if it includes a `daos.lua` file), it needs to be
-    converted to the new format. Their code also needs
-    to be adjusted accordingly, replacing uses of
-    `singletons.dao` or `kong.dao` by `kong.db` (note
-    that this module exposes a different API from the
-    old DAO implementation).
-- Some Kong modules that had their functionality replaced
-  by the PDK in 0.14.0 are now removed:
-  - `kong.tools.ip`: use `kong.ip` from the PDK instead.
-  - `kong.tools.public`: replaced by various functionalities
-    of the PDK.
-  - `kong.tools.responses`: use `kong.response.exit` from the PDK instead. You
-    might want to use `kong.log.err` to log internal server errors as well.
-- The `kong.api.crud_helpers` module was removed.
-  Use `kong.api.endpoints` instead if you need to customize
-  the auto-generated endpoints.
-
-### Admin API
+## 2. Breaking Changes
 
-- With the removal of the API entity, the `/apis` endpoint
-  is removed; accordingly, other endpoints that accepted
-  `api_id` no longer do so. Use Routes and Services instead.
-- All entity endpoints now use the new Admin API implementaion.
-  This means their requests and responses now use the same
-  syntax, which was already in use in endpoints such as
-  `/routes` and `/services`.
-  - All endpoints now use the same syntax for
-    referencing other entities as `/routes`
-    (for example, `"service":{"id":"..."}` instead of
-    `"service_id":"..."`), both in requests and responses.
-    - This change affects `/plugins` as well as
-      plugin-specific endpoints.
-  - Array-typed values are not specified as a
-    comma-separated list anymore. It must be specified as a
-    JSON array or using the various formats supported by
-    the url-formencoded array notation of the new Admin API
-    implementation (`a[1]=x&a[2]=y`, `a[]=x&a[]=y`,
-    `a=x&a=y`).
-    - This change affects attributes of the `/upstreams` endpoint.
-  - Error responses for the updated endpoints use
-    the new standardized format.
-  - As a result of being moved to the new Admin API implementation,
-    all endpoints supporting `PUT` do so with proper semantics.
-  - See the [Admin API
-    reference](https://docs.konghq.com/1.0.x/admin-api)
-    for more details.
-
-## 2. Deprecation Notices
-
-There are no deprecation notices in this release.
+Kong 1.1 does not include any breaking changes over Kong 1.0, but Kong 1.0
+included a number of breaking changes over Kong 0.x. If you are upgrading
+from 0.14,x, please read the section on
+[Kong 1.0 Breaking Changes](#kong-1-0-breaking-changes) carefully before
+proceeding.
 
 ## 3. Suggested Upgrade Path
 
-### Preliminary Checks
-
-If your cluster is running a version lower than 0.14, you need to
-upgrade to 0.14.1 first instead. Upgrading from a pre-0.14 cluster
-straight to Kong 1.0 is **not** supported.
-
-If you still use the deprecated API entity to configure your endpoints and
-upstream services (via `/apis`) instead of using Routes for endpoints (via
-`/routes`) and Services for upstream services (via `/services`), now is the
-time to do so. Kong 1.0 will refuse to run migrations if you have any entity
-configured using `/apis` in your datastore. Create equivalent Routes and
-Services and delete your APIs. (Note that Kong does not do this automatically
-because the naive option of creating a Route and Service pair for each API
-would miss the point of the improvements brought by Routes and Services;
-the ideal mapping of Routes and Services depends on your microservice
-architecture.)
-
-If you use additional plugins other than the ones bundled with Kong,
-make sure they are compatible with Kong 1.0 prior to upgrading.
-See the section above on Plugins for information on plugin compatibility.
-
-### Migration Steps from 0.14
-
-Kong 1.0 introduces a new, improved migrations framework.
-It supports a no-downtime, Blue/Green migration model for upgrading
-from 0.14.x. The full migration is now split into two steps,
-which are performed via commands `kong migrations up` and
-`kong migrations finish`.
-
-For a no-downtime migration from a 0.14 cluster to a 1.0 cluster,
-we recommend the following sequence of steps:
-
-1. Download 1.0, and configure it to point to the same datastore
-   as your 0.14 cluster. Run `kong migrations up`.
-2. Both 0.14 and 1.0 nodes can now run simultaneously on the same
-   datastore. Start provisioning 1.0 nodes, but do not use their
-   Admin API yet. Prefer making Admin API requests to your 0.14 nodes
-   instead.
-3. Gradually divert traffic away from your 0.14 nodes, and into
-   your 1.0 cluster. Monitor your traffic to make sure everything
+### Upgrade from `0.x` to `1.1`
+
+The lowest version that Kong 1.1 supports migrating from is 0.14.1. if you
+are migrating from a previous 0.x release, please migrate to 0.14.1 first.
+
+For upgrading from 0.14.1 to Kong 1.1, the steps for upgrading are the same as
+upgrading from 0.14.1 to Kong 1.0. Please follow the steps described in the
+"Migration Steps from 0.14" in the [Suggested Upgrade Path for Kong
+1.0](#kong-1-0-upgrade-path).
+
+### Upgrade from `1.0.x` to `1.1`
+
+Kong 1.1 supports a no-downtime migration model. This means that while the
+migration is ongoing, you will have two Kong clusters running, sharing the
+same database. (This is sometimes called the Blue/Green migration model.)
+
+The migrations are designed so that there is no need to fully copy
+the data, but this also means that they are designed in such a way so that
+the new version of Kong is able to use the data as it is migrated, and to do
+it in a way so that the old Kong cluster keeps working until it is finally
+time to decomission it. For this reason, the full migration is now split into
+two steps, which are performed via commands `kong migrations up` (which does
+only non-destructive operations) and `kong migrations finish` (which puts the
+database in the final expected state for Kong 1.1).
+
+1. Download 1.1, and configure it to point to the same datastore
+   as your 1.0 cluster. Run `kong migrations up`.
+2. Once that finishes running, both 1.0 and 1.1 clusters can now
+   run simultaneously on the same datastore. Start provisioning
+   1.1 nodes, but do not use their Admin API yet. If you need to
+   perform Admin API requests, these should be made to your 1.0 nodes.
+   The reason is to prevent the new cluster from generating data
+   that is not understood by the old cluster.
+3. Gradually divert traffic away from your 1.0 nodes, and into
+   your 1.1 cluster. Monitor your traffic to make sure everything
    is going smoothly.
-4. When your traffic is fully migrated to the 1.0 cluster,
-   decommission your 0.14 nodes.
-5. From your 1.0 cluster, run: `kong migrations finish`.
-   From this point on, it will not be possible to start 0.14
+4. When your traffic is fully migrated to the 1.1 cluster,
+   decommission your 1.0 nodes.
+5. From your 1.1 cluster, run: `kong migrations finish`.
+   From this point on, it will not be possible to start 1.0
    nodes pointing to the same datastore anymore. Only run
    this command when you are confident that your migration
    was successful. From now on, you can safely make Admin API
-   requests to your 1.0 nodes.
-
-At any step of the way, you may run `kong migrations list` to get
-a report of the state of migrations. It will list whether there
-are missing migrations, if there are pending migrations (which have
-already started in the `kong migrations up` step and later need to
-finish in the `kong migrations finish` step) or if there
-are new migrations available. The status code of the process will
-also change accordingly:
+   requests to your 1.1 nodes.
 
-* `0` - migrations are up-to-date
-* `1` - failed inspecting the state of migrations (e.g. database is down)
-* `3` - database needs bootstrapping:
-  you should run `kong migrations bootstrap` to install on
-  a fresh datastore.
-* `4` - there are pending migrations: once your old cluster is
-  decomissioned you should run `kong migrations finish` (step 5 above).
-* `5` - there are new migrations: you should start a migration
-  sequence (beginning from step 1 above).
+### Upgrade Path from 1.1 Release Candidates
 
-### Migration Steps from 1.0 Release Candidates
-
-The process is the same as for upgrading for 0.14 listed above, but on step 1
+The process is the same as for upgrading from 1.0 listed above, but on step 1
 you should run `kong migrations up --force` instead.
 
-## Upgrade Path for Patch Releases
+### Upgrade Path for Patch Releases
 
 There are no migrations in upgrades between current or
 future patch releases of the same minor release of Kong
@@ -293,15 +131,13 @@ starts new workers, which take over from old workers before those old workers
 are terminated. In this way, Kong will serve new requests via the new
 configuration, without dropping existing in-flight connections.
 
-## Installing 1.0 on a Fresh Datastore
+### Installing 1.1 on a Fresh Datastore
 
-For installing on a fresh datastore, Kong 1.0 introduces the `kong migrations
-bootstrap` command. The following commands can be run to prepare a new 1.0
+For installing on a fresh datastore, Kong 1.1 has the `kong migrations
+bootstrap` command. The following commands can be run to prepare a new 1.1
 cluster from a fresh datastore:
 
 ```
 $ kong migrations bootstrap [-c config]
 $ kong start [-c config]
 ```
-
-
diff --git a/app/1.2.x/auth.md b/app/1.2.x/auth.md
index f190620128e8..821a3e2947e7 100644
--- a/app/1.2.x/auth.md
+++ b/app/1.2.x/auth.md
@@ -19,8 +19,8 @@ works as follows:
 2. Create a `consumer` entity
 3. Provide the consumer with authentication credentials for the specific authentication method
 4. Now whenever a request comes in Kong will check the provided credentials (depends on the auth type) and
-it will either block the request if it cannot validate, or add consumer and credential details
-in the headers and forward the request
+   it will either block the request if it cannot validate, or add consumer and credential details
+   in the headers and forward the request
 
 The generic flow above does not always apply, for example when using external authentication like LDAP,
 then there is no consumer to be identified, and only the credentials will be added in the forwarded headers.
@@ -49,134 +49,134 @@ the corresponding route:
 
 1. ### Create an example Service and a Route
 
-    Issue the following cURL request to create `example-service` pointing to mockbin.org, which will echo
-    the request:
+   Issue the following cURL request to create `example-service` pointing to mockbin.org, which will echo
+   the request:
 
-    ```bash
-    $ curl -i -X POST \
-      --url http://localhost:8001/services/ \
-      --data 'name=example-service' \
-      --data 'url=http://mockbin.org/request'
-    ```
+   ```bash
+   $ curl -i -X POST \
+     --url http://localhost:8001/services/ \
+     --data 'name=example-service' \
+     --data 'url=http://mockbin.org/request'
+   ```
 
-    Add a route to the Service:
+   Add a route to the Service:
 
-    ```bash
-    $ curl -i -X POST \
-      --url http://localhost:8001/services/example-service/routes \
-      --data 'paths[]=/auth-sample'
-    ```
+   ```bash
+   $ curl -i -X POST \
+     --url http://localhost:8001/services/example-service/routes \
+     --data 'paths[]=/auth-sample'
+   ```
 
-    The url `http://localhost:8000/auth-sample` will now echo whatever is being requested.
+   The url `http://localhost:8000/auth-sample` will now echo whatever is being requested.
 
 2. ### Configure the key-auth Plugin for your Service
 
-    Issue the following cURL request to add a plugin to a Service:
+   Issue the following cURL request to add a plugin to a Service:
 
-    ```bash
-    $ curl -i -X POST \
-      --url http://localhost:8001/services/example-service/plugins/ \
-      --data 'name=key-auth'
-    ```
+   ```bash
+   $ curl -i -X POST \
+     --url http://localhost:8001/services/example-service/plugins/ \
+     --data 'name=key-auth'
+   ```
 
-    Be sure to note the created Plugin `id` - you'll need it in step 5.
+   Be sure to note the created Plugin `id` - you'll need it in step 5.
 
 3. ### Verify that the key-auth plugin is properly configured
 
-    Issue the following cURL request to verify that the [key-auth][key-auth]
-    plugin was properly configured on the Service:
+   Issue the following cURL request to verify that the [key-auth][key-auth]
+   plugin was properly configured on the Service:
 
-    ```bash
-    $ curl -i -X GET \
-      --url http://localhost:8000/auth-sample
-    ```
+   ```bash
+   $ curl -i -X GET \
+     --url http://localhost:8000/auth-sample
+   ```
 
-    Since you did not specify the required `apikey` header or parameter, and you have not yet
-    enabled anonymous access, the response should be `403 Forbidden`:
+   Since you did not specify the required `apikey` header or parameter, and you have not yet
+   enabled anonymous access, the response should be `403 Forbidden`:
 
-    ```http
-    HTTP/1.1 403 Forbidden
-    ...
+   ```http
+   HTTP/1.1 403 Forbidden
+   ...
 
-    {
-      "message": "No API key found in headers or querystring"
-    }
-    ```
+   {
+     "message": "No API key found in headers or querystring"
+   }
+   ```
 
 4. ### Create an anonymous Consumer
 
-    Every request proxied by Kong must be associated with a Consumer. You'll now create a Consumer
-    named `anonymous_users` (that Kong will utilize when proxying anonymous access) by issuing the
-    following request:
+   Every request proxied by Kong must be associated with a Consumer. You'll now create a Consumer
+   named `anonymous_users` (that Kong will utilize when proxying anonymous access) by issuing the
+   following request:
 
-    ```bash
-    $ curl -i -X POST \
-      --url http://localhost:8001/consumers/ \
-      --data "username=anonymous_users"
-    ```
+   ```bash
+   $ curl -i -X POST \
+     --url http://localhost:8001/consumers/ \
+     --data "username=anonymous_users"
+   ```
 
-    You should see a response similar to the one below:
+   You should see a response similar to the one below:
 
-    ```http
-    HTTP/1.1 201 Created
-    Content-Type: application/json
-    Connection: keep-alive
+   ```http
+   HTTP/1.1 201 Created
+   Content-Type: application/json
+   Connection: keep-alive
 
-    {
-      "username": "anonymous_users",
-      "created_at": 1428555626000,
-      "id": "bbdf1c48-19dc-4ab7-cae0-ff4f59d87dc9"
-    }
-    ```
+   {
+     "username": "anonymous_users",
+     "created_at": 1428555626000,
+     "id": "bbdf1c48-19dc-4ab7-cae0-ff4f59d87dc9"
+   }
+   ```
 
-    Be sure to note the Consumer `id` - you'll need it in the next step.
+   Be sure to note the Consumer `id` - you'll need it in the next step.
 
 5. ### Enable anonymous access
 
-    You'll now re-configure the key-auth plugin to permit anonymous access by issuing the following
-    request (**replace the sample uuids below by the `id` values from step 2 and 4**):
+   You'll now re-configure the key-auth plugin to permit anonymous access by issuing the following
+   request (**replace the sample uuids below by the `id` values from step 2 and 4**):
 
-    ```bash
-    $ curl -i -X PATCH \
-      --url http://localhost:8001/plugins/<your-plugin-id> \
-      --data "config.anonymous=<your-consumer-id>"
-    ```
+   ```bash
+   $ curl -i -X PATCH \
+     --url http://localhost:8001/plugins/<your-plugin-id> \
+     --data "config.anonymous=<your-consumer-id>"
+   ```
 
-    The `config.anonymous=<your-consumer-id>` parameter instructs the key-auth plugin on this Service to permit
-    anonymous access, and to associate such access with the Consumer `id` we received in the previous step. It is
-    required that you provide a valid and pre-existing Consumer `id` in this step - validity of the Consumer `id`
-    is not currently checked when configuring anonymous access, and provisioning of a Consumer `id` that doesn't already
-    exist will result in an incorrect configuration.
+   The `config.anonymous=<your-consumer-id>` parameter instructs the key-auth plugin on this Service to permit
+   anonymous access, and to associate such access with the Consumer `id` we received in the previous step. It is
+   required that you provide a valid and pre-existing Consumer `id` in this step - validity of the Consumer `id`
+   is not currently checked when configuring anonymous access, and provisioning of a Consumer `id` that doesn't already
+   exist will result in an incorrect configuration.
 
 6. ### Check anonymous access
 
-    Confirm that your Service now permits anonymous access by issuing the following request:
-
-    ```bash
-    $ curl -i -X GET \
-      --url http://localhost:8000/auth-sample
-    ```
-
-    This is the same request you made in step #3, however this time the request should succeed, because you
-    enabled anonymous access in step #5.
-
-    The response (which is the request as Mockbin received it) should have these elements:
-
-    ```json
-    {
-      ...
-      "headers": {
-        ...
-        "x-consumer-id": "713c592c-38b8-4f5b-976f-1bd2b8069494",
-        "x-consumer-username": "anonymous_users",
-        "x-anonymous-consumer": "true",
-        ...
-      },
-      ...
-    }
-    ```
-
-    It shows the request was successful, but anonymous.
+   Confirm that your Service now permits anonymous access by issuing the following request:
+
+   ```bash
+   $ curl -i -X GET \
+     --url http://localhost:8000/auth-sample
+   ```
+
+   This is the same request you made in step #3, however this time the request should succeed, because you
+   enabled anonymous access in step #5.
+
+   The response (which is the request as Mockbin received it) should have these elements:
+
+   ```json
+   {
+     ...
+     "headers": {
+       ...
+       "x-consumer-id": "713c592c-38b8-4f5b-976f-1bd2b8069494",
+       "x-consumer-username": "anonymous_users",
+       "x-anonymous-consumer": "true",
+       ...
+     },
+     ...
+   }
+   ```
+
+   It shows the request was successful, but anonymous.
 
 ## Multiple Authentication
 
diff --git a/app/1.2.x/configuration.md b/app/1.2.x/configuration.md
index 06ade17114c9..737c8c34a2c6 100644
--- a/app/1.2.x/configuration.md
+++ b/app/1.2.x/configuration.md
@@ -1,5 +1,7 @@
 ---
 title: Configuration Reference
+redirect_from: 
+  - '/1.2.x/configuration-reference'
 ---
 
 ## Configuration loading
diff --git a/app/1.2.x/db-less-and-declarative-config.md b/app/1.2.x/db-less-and-declarative-config.md
index 09d8ddad4f44..3a30dc8cc48e 100644
--- a/app/1.2.x/db-less-and-declarative-config.md
+++ b/app/1.2.x/db-less-and-declarative-config.md
@@ -1,8 +1,9 @@
 ---
 title: DB-less and Declarative Configuration
+redirect_from:
+  - /Users/cat/docs.konghq.com/dist/1.2.x/db-less-and-declarative-config/
 ---
 
-
 ## Introduction
 
 Traditionally, Kong has always required a database, which could be either
@@ -18,12 +19,12 @@ file, in YAML or JSON, using **declarative configuration**.
 The combination of DB-less mode and declarative configuration has a number
 of benefits:
 
-* Reduced number of dependencies: no need to manage a database installation
+- Reduced number of dependencies: no need to manage a database installation
   if the entire setup for your use-cases fits in memory
-* it is a good fit for automation in CI/CD scenarios: configuration for
+- it is a good fit for automation in CI/CD scenarios: configuration for
   entities can be kept in a single source of truth managed via a Git
   repository
-* It enables more deployment options for Kong: for example, DB-less Kong
+- It enables more deployment options for Kong: for example, DB-less Kong
   is a natural fit for a lightweight sidecar in a Service Mesh scenario
 
 ## What Is Declarative Configuration
@@ -32,7 +33,7 @@ of benefits:
 may skip this section.</i>
 
 The key idea in declarative configuration is, as its name shows, the notion
-that it is *declarative*, as opposed to an *imperative* style of
+that it is _declarative_, as opposed to an _imperative_ style of
 configuration. "Imperative" means that a configuration is given as a series of
 orders: "do this, then to that". "Declative" means that the configuration is
 given all at once: "I declare this to be the state of the world".
@@ -43,7 +44,7 @@ one call to create a Service, another call to create a Route, another call to
 add a Plugin, and so on.
 
 Performing the configuration incrementally like this has the undesirable
-side-effect that *intermediate states* happen. In the above example, there is
+side-effect that _intermediate states_ happen. In the above example, there is
 a window of time in between creating a Route and adding the Plugin in which
 the Route did not have the Plugin applied.
 
@@ -91,7 +92,7 @@ Server: kong/1.1.0
 }
 ```
 
-Kong is running, but no declarative configuration was loaded yet. This 
+Kong is running, but no declarative configuration was loaded yet. This
 means that the configuration of this node is empty. There are no Routes,
 Services or entities of any kind:
 
@@ -107,7 +108,7 @@ Date: Wed, 27 Mar 2019 15:30:02 GMT
 Server: kong/1.1.0
 
 {
-    "data": [], 
+    "data": [],
     "next": null
 }
 ```
@@ -135,22 +136,22 @@ entities and their attributes. This is a small, yet, complete
 example, which illustrates a number of features:
 
 ```yaml
-_format_version: "1.1"
+_format_version: '1.1'
 
 services:
-- name: my-service
-  url: https://example.com
-  plugins:
-  - name: key-auth
-  routes:
-  - name: my-route
-    paths:
-    - /
+  - name: my-service
+    url: https://example.com
+    plugins:
+      - name: key-auth
+    routes:
+      - name: my-route
+        paths:
+          - /
 
 consumers:
-- username: my-user
-  keyauth_credentials:
-  - key: my-key
+  - username: my-user
+    keyauth_credentials:
+      - key: my-key
 ```
 
 The only mandatory piece of metadata is `_format_version: "1.1"`, which
@@ -160,8 +161,7 @@ This also matches the minimum version of Kong required to parse the file.
 At the top level, you can specify any Kong entity, be it a core entity such as
 `services` and `consumers` as in the above example, or custom entities created
 by Plugins, such as `keyauth_credentials`. (This makes the declarative
-configuration format inherently extensible, and it is the reason why `kong
-config` commands that process declarative configuration require `kong.conf` to
+configuration format inherently extensible, and it is the reason why `kong config` commands that process declarative configuration require `kong.conf` to
 be available, so that the `plugins` directive is taken into account.)
 
 When entities have a relationship, such as a Route which points to a Service,
@@ -178,9 +178,9 @@ a Consumer:
 
 ```yml
 plugins:
-- name: syslog
-  consumer: my-user
-  service: my-service
+  - name: syslog
+    consumer: my-user
+    service: my-service
 ```
 
 ## Checking The Declarative Configuration File
@@ -210,7 +210,7 @@ $ kong start -c kong.conf
 ```
 
 Alternatively, you can load a declarative configuration into a running
-Kong node via its Admin API, using the `/config` endpoint. The 
+Kong node via its Admin API, using the `/config` endpoint. The
 following example loads `kong.yml` using HTTPie:
 
 ```
@@ -265,38 +265,38 @@ entities.
 The following plugins only read from the database (most of them just to read
 their initial config) so they are fully compatible with DB-less:
 
-* `aws-lambda`
-* `azure-functions`
-* `bot-detection`
-* `correlation-id`
-* `cors`
-* `datadog`
-* `file-log`
-* `http-log`
-* `tcp-log`
-* `udp-log`
-* `syslog`
-* `ip-restriction`
-* `prometheus`
-* `zipkin`
-* `request-transformer`
-* `response-transformer`
-* `request-termination`
-* `kubernetes-sidecar-injector`
+- `aws-lambda`
+- `azure-functions`
+- `bot-detection`
+- `correlation-id`
+- `cors`
+- `datadog`
+- `file-log`
+- `http-log`
+- `tcp-log`
+- `udp-log`
+- `syslog`
+- `ip-restriction`
+- `prometheus`
+- `zipkin`
+- `request-transformer`
+- `response-transformer`
+- `request-termination`
+- `kubernetes-sidecar-injector`
 
 ##### Partial Compatibility
 
 Authentication plugins can be used insofar as the set of credentials
 used is static and specified as part of the declarative configuration.
 Admin API endpoints to dynamically create, update or delete credentials
-are not available in DB-less mode. Plugins that fall into this 
+are not available in DB-less mode. Plugins that fall into this
 category are:
 
-* `acl`
-* `basic-auth`
-* `hmac-auth`
-* `jwt`
-* `key-auth`
+- `acl`
+- `basic-auth`
+- `hmac-auth`
+- `jwt`
+- `key-auth`
 
 Rate limiting plugins bundled with Kong offer different policies for
 storing and coordinating counters: a `local` policy which stores counters
@@ -307,8 +307,8 @@ as a central coordination point for cluster-wide limits. In DB-less mode
 the `local` and `redis` policies are available, and `cluster` cannot be
 used. Plugins that fall into this category are:
 
-* `rate-limiting`
-* `response-ratelimiting`
+- `rate-limiting`
+- `response-ratelimiting`
 
 The `pre-function` and `post-function` plugins for serverless can be used
 in DB-less mode, with the caveat that if any configured functions attempt to
@@ -316,6 +316,6 @@ write to the database, the writes will fail.
 
 ##### Not Compatible
 
-* `oauth2` - For its regular work, the plugin needs to both generate and delete
+- `oauth2` - For its regular work, the plugin needs to both generate and delete
   tokens, and commit those changes to the database, which is not compatible with
   DB-less.
diff --git a/app/1.2.x/getting-started/configuring-a-service.md b/app/1.2.x/getting-started/configuring-a-service.md
index 6c1f819c0068..cefbec99d43d 100644
--- a/app/1.2.x/getting-started/configuring-a-service.md
+++ b/app/1.2.x/getting-started/configuring-a-service.md
@@ -24,7 +24,7 @@ Service can have many Routes.
 
 After configuring the Service and the Route, you'll be able to make requests through Kong using them.
 
-Kong exposes a [RESTful Admin API][API] on port `:8001`. Kong's configuration, including adding Services and
+Kong exposes a [RESTful Admin API][api] on port `:8001`. Kong's configuration, including adding Services and
 Routes, is made via requests on that API.
 
 ## 1. Add your Service using the Admin API
@@ -62,7 +62,6 @@ Connection: keep-alive
 }
 ```
 
-
 ## 2. Add a Route for the Service
 
 ```bash
@@ -131,7 +130,7 @@ Now that you've added your Service to Kong, let's learn how to enable plugins.
 
 Go to [Enabling Plugins &rsaquo;][enabling-plugins]
 
-[API]: /{{page.kong_version}}/admin-api
+[api]: /{{page.kong_version}}/admin-api
 [enabling-plugins]: /{{page.kong_version}}/getting-started/enabling-plugins
 [proxy-port]: /{{page.kong_version}}/configuration/#nginx-section
 [mockbin]: https://mockbin.com/
diff --git a/app/1.2.x/getting-started/introduction.md b/app/1.2.x/getting-started/introduction.md
index 4a333b9d9414..f421add138e9 100644
--- a/app/1.2.x/getting-started/introduction.md
+++ b/app/1.2.x/getting-started/introduction.md
@@ -16,9 +16,9 @@ Before going further into Kong, make sure you understand its [purpose and philos
 
 You’ve probably heard that Kong is built on Nginx, leveraging its stability and efficiency. But how is this possible exactly?
 
-To be more precise, Kong is a Lua application running in Nginx and made possible by the [lua-nginx-module](https://github.com/openresty/lua-nginx-module). Instead of compiling Nginx with this module, Kong is distributed along with [OpenResty](https://openresty.org/), which already includes lua-nginx-module. OpenResty is *not* a fork of Nginx, but a bundle of modules extending its capabilities.
+To be more precise, Kong is a Lua application running in Nginx and made possible by the [lua-nginx-module](https://github.com/openresty/lua-nginx-module). Instead of compiling Nginx with this module, Kong is distributed along with [OpenResty](https://openresty.org/), which already includes lua-nginx-module. OpenResty is _not_ a fork of Nginx, but a bundle of modules extending its capabilities.
 
-This sets the foundations for a pluggable architecture, where Lua scripts (referred to as *”plugins”*) can be enabled and executed at runtime. Because of this, we like to think of Kong as **a paragon of microservice architecture**: at its core, it implements database abstraction, routing and plugin management. Plugins can live in separate code bases and be injected anywhere into the request lifecycle, all in a few lines of code.
+This sets the foundations for a pluggable architecture, where Lua scripts (referred to as _”plugins”_) can be enabled and executed at runtime. Because of this, we like to think of Kong as **a paragon of microservice architecture**: at its core, it implements database abstraction, routing and plugin management. Plugins can live in separate code bases and be injected anywhere into the request lifecycle, all in a few lines of code.
 
 ## Next Steps
 
diff --git a/app/1.2.x/getting-started/quickstart.md b/app/1.2.x/getting-started/quickstart.md
index 2112771250fc..1f147a8e2dc9 100644
--- a/app/1.2.x/getting-started/quickstart.md
+++ b/app/1.2.x/getting-started/quickstart.md
@@ -26,7 +26,7 @@ You should see a message that tells you Kong has successfully migrated your
 database. If not, you probably incorrectly configured your database
 connection settings in your configuration file.
 
-Now let's [start][CLI] Kong:
+Now let's [start][cli] Kong:
 
 ```bash
 $ kong start [-c /path/to/kong.conf]
@@ -47,13 +47,13 @@ By default Kong listens on the following ports:
 - `:8443` on which Kong listens for incoming HTTPS traffic. This port has a
   similar behavior as the `:8000` port, except that it expects HTTPS
   traffic only. This port can be disabled via the configuration file.
-- `:8001` on which the [Admin API][API] used to configure Kong listens.
+- `:8001` on which the [Admin API][api] used to configure Kong listens.
 - `:8444` on which the Admin API listens for HTTPS traffic.
 
 ## 3. Stop Kong
 
 As needed you can stop the Kong process by issuing the following
-[command][CLI]:
+[command][cli]:
 
 ```bash
 $ kong stop
@@ -61,7 +61,7 @@ $ kong stop
 
 ## 4. Reload Kong
 
-Issue the following command to [reload][CLI] Kong without downtime:
+Issue the following command to [reload][cli] Kong without downtime:
 
 ```bash
 $ kong reload
@@ -74,7 +74,7 @@ Now that you have Kong running you can interact with the Admin API.
 To begin, go to [Configuring a Service &rsaquo;][configuring-a-service]
 
 [configuration-loading]: /{{page.kong_version}}/configuration/#configuration-loading
-[CLI]: /{{page.kong_version}}/cli
-[API]: /{{page.kong_version}}/admin-api
+[cli]: /{{page.kong_version}}/cli
+[api]: /{{page.kong_version}}/admin-api
 [datastore-section]: /{{page.kong_version}}/configuration/#datastore-section
 [configuring-a-service]: /{{page.kong_version}}/getting-started/configuring-a-service
diff --git a/app/1.2.x/pdk/index.md b/app/1.2.x/pdk/index.md
index 2f951970b6c4..2fdc314b75b1 100644
--- a/app/1.2.x/pdk/index.md
+++ b/app/1.2.x/pdk/index.md
@@ -7,44 +7,40 @@ toc: true
 ## Plugin Development Kit
 
 The Plugin Development Kit (or "PDK") is set of Lua functions and variables
- that can be used by plugins to implement their own logic.  The PDK is a
- [Semantically Versioned](https://semver.org/) component, originally
- released in Kong 0.14.0. The PDK will be guaranteed to be forward-compatible
- from its 1.0.0 release and on.
-
- As of this release, the PDK has not yet reached 1.0.0, but plugin authors
- can already depend on it for a safe and reliable way of interacting with the
- request, response, or the core components.
-
- The Plugin Development Kit is accessible from the `kong` global variable,
- and various functionalities are namespaced under this table, such as
- `kong.request`, `kong.log`, etc...
-
+that can be used by plugins to implement their own logic. The PDK is a
+[Semantically Versioned](https://semver.org/) component, originally
+released in Kong 0.14.0. The PDK will be guaranteed to be forward-compatible
+from its 1.0.0 release and on.
 
+As of this release, the PDK has not yet reached 1.0.0, but plugin authors
+can already depend on it for a safe and reliable way of interacting with the
+request, response, or the core components.
 
+The Plugin Development Kit is accessible from the `kong` global variable,
+and various functionalities are namespaced under this table, such as
+`kong.request`, `kong.log`, etc...
 
 ### kong.version
 
 A human-readable string containing the version number of the currently
- running node.
+running node.
 
 **Usage**
 
-``` lua
+```lua
 print(kong.version) -- "0.14.0"
 ```
 
 [Back to TOC](#table-of-contents)
 
-
 ### kong.version_num
 
 An integral number representing the version number of the currently running
- node, useful for comparison and feature-existence checks.
+node, useful for comparison and feature-existence checks.
 
 **Usage**
 
-``` lua
+```lua
 if kong.version_num < 13000 then -- 000.130.00 -> 0.13.0
   -- no support for Routes & Services
 end
@@ -52,17 +48,15 @@ end
 
 [Back to TOC](#table-of-contents)
 
-
 ### kong.pdk_major_version
 
 A number representing the major version of the current PDK (e.g.
- `1`). Useful for feature-existence checks or backwards-compatible behavior
- as users of the PDK.
-
+`1`). Useful for feature-existence checks or backwards-compatible behavior
+as users of the PDK.
 
 **Usage**
 
-``` lua
+```lua
 if kong.pdk_version_num < 2 then
   -- PDK is below version 2
 end
@@ -70,35 +64,32 @@ end
 
 [Back to TOC](#table-of-contents)
 
-
 ### kong.pdk_version
 
 A human-readable string containing the version number of the current PDK.
 
 **Usage**
 
-``` lua
+```lua
 print(kong.pdk_version) -- "1.0.0"
 ```
 
 [Back to TOC](#table-of-contents)
 
-
 ### kong.configuration
 
 A read-only table containing the configuration of the current Kong node,
- based on the configuration file and environment variables.
-
- See [kong.conf.default](https://github.com/Kong/kong/blob/master/kong.conf.default)
- for details.
+based on the configuration file and environment variables.
 
- Comma-separated lists in that file get promoted to arrays of strings in this
- table.
+See [kong.conf.default](https://github.com/Kong/kong/blob/master/kong.conf.default)
+for details.
 
+Comma-separated lists in that file get promoted to arrays of strings in this
+table.
 
 **Usage**
 
-``` lua
+```lua
 print(kong.configuration.prefix) -- "/usr/local/kong"
 -- this table is read-only; the following throws an error:
 kong.configuration.prefix = "foo"
@@ -106,71 +97,58 @@ kong.configuration.prefix = "foo"
 
 [Back to TOC](#table-of-contents)
 
-
-
-
 ### kong.db
 
-Instance of Kong's DAO (the `kong.db` module).  Contains accessor objects
- to various entities.
-
- A more thorough documentation of this DAO and new schema definitions is to
- be made available in the future.
+Instance of Kong's DAO (the `kong.db` module). Contains accessor objects
+to various entities.
 
+A more thorough documentation of this DAO and new schema definitions is to
+be made available in the future.
 
 **Usage**
 
-``` lua
+```lua
 kong.db.services:insert()
 kong.db.routes:select()
 ```
 
 [Back to TOC](#table-of-contents)
 
-
 ### kong.dns
 
 Instance of Kong's DNS resolver, a client object from the
- [lua-resty-dns-client](https://github.com/kong/lua-resty-dns-client) module.
-
- **Note:** usage of this module is currently reserved to the core or to
- advanced users.
+[lua-resty-dns-client](https://github.com/kong/lua-resty-dns-client) module.
 
+**Note:** usage of this module is currently reserved to the core or to
+advanced users.
 
 [Back to TOC](#table-of-contents)
 
-
 ### kong.worker_events
 
 Instance of Kong's IPC module for inter-workers communication from the
- [lua-resty-worker-events](https://github.com/Kong/lua-resty-worker-events)
- module.
-
- **Note:** usage of this module is currently reserved to the core or to
- advanced users.
+[lua-resty-worker-events](https://github.com/Kong/lua-resty-worker-events)
+module.
 
+**Note:** usage of this module is currently reserved to the core or to
+advanced users.
 
 [Back to TOC](#table-of-contents)
 
-
 ### kong.cluster_events
 
 Instance of Kong's cluster events module for inter-nodes communication.
 
- **Note:** usage of this module is currently reserved to the core or to
- advanced users.
-
+**Note:** usage of this module is currently reserved to the core or to
+advanced users.
 
 [Back to TOC](#table-of-contents)
 
-
 ### kong.cache
 
 Instance of Kong's database caching object, from the `kong.cache` module.
 
- **Note:** usage of this module is currently reserved to the core or to
- advanced users.
-
+**Note:** usage of this module is currently reserved to the core or to
+advanced users.
 
 [Back to TOC](#table-of-contents)
-
diff --git a/app/1.2.x/plugin-development/custom-entities.md b/app/1.2.x/plugin-development/custom-entities.md
index ecde4cd79626..0565be7a6707 100644
--- a/app/1.2.x/plugin-development/custom-entities.md
+++ b/app/1.2.x/plugin-development/custom-entities.md
@@ -90,7 +90,7 @@ A migration file is a Lua file which returns a table with the following structur
 ``` lua
 -- `<plugin_name>/migrations/000_base_my_plugin.lua`
 return {
-  postgresql = {
+  postgres = {
     up = [[
       CREATE TABLE IF NOT EXISTS "my_plugin_table" (
         "id"           UUID                         PRIMARY KEY,
@@ -548,10 +548,10 @@ The returned entity will be the entity after the update takes place, or `nil` +
 The following example modifies the `key` field of an existing credential given the credential's id:
 
 ``` lua
-local entity, err = kong.db.keyauth_credentials:update({
+local entity, err = kong.db.keyauth_credentials:update(
   { id = "2b6a2022-770a-49df-874d-11e2bf2634f5" },
-  { key = "updated_secret" },
-})
+  { key = "updated_secret" }
+)
 
 if not entity then
   kong.log.err("Error when updating keyauth credential: " .. err)
@@ -575,10 +575,10 @@ local entity, err, err_t = kong.db.<name>:upsert(primary_key, <values>)
 Given this code:
 
 ``` lua
-local entity, err = kong.db.keyauth_credentials:upsert({
+local entity, err = kong.db.keyauth_credentials:upsert(
   { id = "2b6a2022-770a-49df-874d-11e2bf2634f5" },
-  { consumer = { id = "a96145fb-d71e-4c88-8a5a-2c8b1947534c" } },
-})
+  { consumer = { id = "a96145fb-d71e-4c88-8a5a-2c8b1947534c" } }
+)
 
 if not entity then
   kong.log.err("Error when upserting keyauth credential: " .. err)
@@ -611,9 +611,9 @@ must do it manually, by checking with `select` before invoking `delete`.
 Example:
 
 ``` lua
-local ok, err = kong.db.keyauth_credentials:delete({
+local ok, err = kong.db.keyauth_credentials:delete(
   { id = "2b6a2022-770a-49df-874d-11e2bf2634f5" }
-})
+)
 
 if not ok then
   kong.log.err("Error when deleting keyauth credential: " .. err)
diff --git a/app/1.2.x/plugin-development/custom-logic.md b/app/1.2.x/plugin-development/custom-logic.md
index 5e1e573be08e..dc9884c95394 100644
--- a/app/1.2.x/plugin-development/custom-logic.md
+++ b/app/1.2.x/plugin-development/custom-logic.md
@@ -30,25 +30,25 @@ The plugins interface allows you to override any of the following methods in
 your `handler.lua` file to implement custom logic at various entry-points
 of the execution life-cycle of Kong:
 
-- **[HTTP Module]** *is used for plugins written for HTTP/HTTPS requests*
-
-| Function name      | Phase             | Description
-|--------------------|-------------------|------------
-| `:init_worker()`   | [init_worker]     | Executed upon every Nginx worker process's startup.
-| `:certificate()`   | [ssl_certificate] | Executed during the SSL certificate serving phase of the SSL handshake.
-| `:rewrite()`       | [rewrite]         | Executed for every request upon its reception from a client as a rewrite phase handler. *NOTE* in this phase neither the `Service` nor the `Consumer` have been identified, hence this handler will only be executed if the plugin was configured as a global plugin!
-| `:access()`        | [access]          | Executed for every request from a client and before it is being proxied to the upstream service.
-| `:header_filter()` | [header_filter]   | Executed when all response headers bytes have been received from the upstream service.
-| `:body_filter()`   | [body_filter]     | Executed for each chunk of the response body received from the upstream service. Since the response is streamed back to the client, it can exceed the buffer size and be streamed chunk by chunk. hence this method can be called multiple times if the response is large. See the [lua-nginx-module] documentation for more details.
-| `:log()`           | [log]             | Executed when the last response byte has been sent to the client.
-
-- **[Stream Module]** *is used for plugins written for TCP stream connections*
-
-| Function name      | Phase                                                                        | Description
-|--------------------|------------------------------------------------------------------------------|------------
-| `:init_worker()`   | [init_worker]                                                                | Executed upon every Nginx worker process's startup.
-| `:preread()`       | [preread]                                                                    | Executed once for every connection.
-| `:log()`           | [log](https://github.com/openresty/stream-lua-nginx-module#log_by_lua_block) | Executed once for each connection after it has been closed.
+- **[HTTP Module]** _is used for plugins written for HTTP/HTTPS requests_
+
+| Function name      | Phase             | Description                                                                                                                                                                                                                                                                                                                           |
+| ------------------ | ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `:init_worker()`   | [init_worker]     | Executed upon every Nginx worker process's startup.                                                                                                                                                                                                                                                                                   |
+| `:certificate()`   | [ssl_certificate] | Executed during the SSL certificate serving phase of the SSL handshake.                                                                                                                                                                                                                                                               |
+| `:rewrite()`       | [rewrite]         | Executed for every request upon its reception from a client as a rewrite phase handler. _NOTE_ in this phase neither the `Service` nor the `Consumer` have been identified, hence this handler will only be executed if the plugin was configured as a global plugin!                                                                 |
+| `:access()`        | [access]          | Executed for every request from a client and before it is being proxied to the upstream service.                                                                                                                                                                                                                                      |
+| `:header_filter()` | [header_filter]   | Executed when all response headers bytes have been received from the upstream service.                                                                                                                                                                                                                                                |
+| `:body_filter()`   | [body_filter]     | Executed for each chunk of the response body received from the upstream service. Since the response is streamed back to the client, it can exceed the buffer size and be streamed chunk by chunk. hence this method can be called multiple times if the response is large. See the [lua-nginx-module] documentation for more details. |
+| `:log()`           | [log]             | Executed when the last response byte has been sent to the client.                                                                                                                                                                                                                                                                     |
+
+- **[Stream Module]** _is used for plugins written for TCP stream connections_
+
+| Function name    | Phase                                                                        | Description                                                 |
+| ---------------- | ---------------------------------------------------------------------------- | ----------------------------------------------------------- |
+| `:init_worker()` | [init_worker]                                                                | Executed upon every Nginx worker process's startup.         |
+| `:preread()`     | [preread]                                                                    | Executed once for every connection.                         |
+| `:log()`         | [log](https://github.com/openresty/stream-lua-nginx-module#log_by_lua_block) | Executed once for each connection after it has been closed. |
 
 All of those functions, except `init_worker`, take one parameter which is given
 by Kong upon its invocation: the configuration of your plugin. This parameter
@@ -56,8 +56,8 @@ is a Lua table, and contains values defined by your users, according to your
 plugin's schema (described in the `schema.lua` module). More on plugins schemas
 in the [next chapter]({{page.book.next}}).
 
-[HTTP Module]: https://github.com/openresty/lua-nginx-module
-[Stream Module]: https://github.com/openresty/stream-lua-nginx-module
+[http module]: https://github.com/openresty/lua-nginx-module
+[stream module]: https://github.com/openresty/stream-lua-nginx-module
 [init_worker]: https://github.com/openresty/lua-nginx-module#init_worker_by_lua_by_lua_block
 [ssl_certificate]: https://github.com/openresty/lua-nginx-module#ssl_certificate_by_lua_block
 [rewrite]: https://github.com/openresty/lua-nginx-module#rewrite_by_lua_block
@@ -192,7 +192,7 @@ local CustomHandler = BasePlugin:extend()
 
 
 CustomHandler.VERSION  = "1.0.0"
-CustomHandler.PRIORITY = 10 
+CustomHandler.PRIORITY = 10
 
 
 function CustomHandler:new()
@@ -259,41 +259,41 @@ regard to other plugins' phases (such as `:access()`, `:log()`, etc.).
 
 The current order of execution for the bundled plugins is:
 
-Plugin                      | Priority
-----------------------------|----------
-pre-function                | `+inf`
-zipkin                      | 100000
-ip-restriction              | 3000
-bot-detection               | 2500
-cors                        | 2000
-session                     | 1900
-kubernetes-sidecar-injector | 1006
-jwt                         | 1005
-oauth2                      | 1004
-key-auth                    | 1003
-ldap-auth                   | 1002
-basic-auth                  | 1001
-hmac-auth                   | 1000
-request-size-limiting       | 951
-acl                         | 950
-rate-limiting               | 901
-response-ratelimiting       | 900
-request-transformer         | 801
-response-transformer        | 800
-aws-lambda                  | 750
-azure-functions             | 749
-prometheus                  | 13
-http-log                    | 12
-statsd                      | 11
-datadog                     | 10
-file-log                    | 9
-udp-log                     | 8
-tcp-log                     | 7
-loggly                      | 6
-syslog                      | 4
-request-termination         | 2
-correlation-id              | 1
-post-function               | -1000
+| Plugin                      | Priority |
+| --------------------------- | -------- |
+| pre-function                | `+inf`   |
+| zipkin                      | 100000   |
+| ip-restriction              | 3000     |
+| bot-detection               | 2500     |
+| cors                        | 2000     |
+| session                     | 1900     |
+| kubernetes-sidecar-injector | 1006     |
+| jwt                         | 1005     |
+| oauth2                      | 1004     |
+| key-auth                    | 1003     |
+| ldap-auth                   | 1002     |
+| basic-auth                  | 1001     |
+| hmac-auth                   | 1000     |
+| request-size-limiting       | 951      |
+| acl                         | 950      |
+| rate-limiting               | 901      |
+| response-ratelimiting       | 900      |
+| request-transformer         | 801      |
+| response-transformer        | 800      |
+| aws-lambda                  | 750      |
+| azure-functions             | 749      |
+| prometheus                  | 13       |
+| http-log                    | 12       |
+| statsd                      | 11       |
+| datadog                     | 10       |
+| file-log                    | 9        |
+| udp-log                     | 8        |
+| tcp-log                     | 7        |
+| loggly                      | 6        |
+| syslog                      | 4        |
+| request-termination         | 2        |
+| correlation-id              | 1        |
+| post-function               | -1000    |
 
 ---
 
diff --git a/app/1.2.x/plugin-development/distribution.md b/app/1.2.x/plugin-development/distribution.md
index 3b1d6bf66a9c..9cdeca532643 100644
--- a/app/1.2.x/plugin-development/distribution.md
+++ b/app/1.2.x/plugin-development/distribution.md
@@ -69,7 +69,7 @@ For a Kong node to be able to use the custom plugin, the custom plugin's Lua
 sources must be installed on your host's file system. There are multiple ways
 of doing so: via LuaRocks, or manually. Choose one, and jump to section 3.
 
-1. Via LuaRocks from the created 'rock'
+1.  Via LuaRocks from the created 'rock'
 
     The `.rock` file is a self contained package that can be installed locally
     or from a remote server.
@@ -86,7 +86,7 @@ of doing so: via LuaRocks, or manually. Choose one, and jump to section 3.
     The filename can be a local name, or any of the supported methods, eg.
     `http://myrepository.lan/rocks/my-plugin-0.1.0-1.all.rock`
 
-2. Via LuaRocks from the source archive
+2.  Via LuaRocks from the source archive
 
     If the `luarocks` utility is installed in your system (this is likely the
     case if you used one of the official installation packages), you can
@@ -105,7 +105,7 @@ of doing so: via LuaRocks, or manually. Choose one, and jump to section 3.
     This will install the Lua sources in `kong/plugins/<plugin-name>` in your
     system's LuaRocks tree, where all the Kong sources are already present.
 
-3. Manually
+3.  Manually
 
     A more conservative way of installing your plugin's sources is
     to avoid "polluting" the LuaRocks tree, and instead, point Kong
@@ -123,13 +123,13 @@ of doing so: via LuaRocks, or manually. Choose one, and jump to section 3.
 
     Where:
 
-    * `/<path-to-plugin-location>` is the path to the directory containing the
+    - `/<path-to-plugin-location>` is the path to the directory containing the
       extracted archive. It should be the location of the `kong` directory
       from the archive.
-    * `?` is a placeholder that will be replaced by
+    - `?` is a placeholder that will be replaced by
       `kong.plugins.<plugin-name>` when Kong will try to load your plugin. Do
       not change it.
-    * `;;` a placeholder for the "the default Lua path". Do not change it.
+    - `;;` a placeholder for the "the default Lua path". Do not change it.
 
     Example:
 
@@ -150,8 +150,8 @@ of doing so: via LuaRocks, or manually. Choose one, and jump to section 3.
 
         lua_package_path = /path/to/plugin1/?.lua;/path/to/plugin2/?.lua;;
 
-    * `;` is the separator between directories.
-    * `;;` still means "the default Lua path".
+    - `;` is the separator between directories.
+    - `;;` still means "the default Lua path".
 
     Note: you can also set this property via its environment variable
     equivalent: `KONG_LUA_PACKAGE_PATH`.
@@ -174,7 +174,6 @@ Or, if you don't want to include the bundled plugins:
 
     plugins = <plugin-name>
 
-
 If you are using two or more custom plugins, insert commas in between, like so:
 
     plugins = bundled,plugin1,plugin2
@@ -190,14 +189,13 @@ Reminder: don't forget to update the `plugins` directive for each node
 in your Kong cluster.
 
 Reminder: the plugin will take effect after restart kong:
-    
-    kong restart
+  
+ kong restart
 
 But, if you want to apply plugin while kong never stop, you can use this:
 
     kong prepare
     kong reload
-    
 
 [Back to TOC](#table-of-contents)
 
@@ -222,7 +220,6 @@ Then, you should see the following log for each plugin being loaded:
 
     [debug] Loading plugin <plugin-name>
 
-
 [Back to TOC](#table-of-contents)
 
 ---
@@ -234,7 +231,7 @@ There are three steps to completely remove a plugin.
 1. Remove the plugin from your Kong Service or Route configuration. Make sure
    that it is no longer applied globally nor for any Service, Route, or
    consumer. This has to be done only once for the entire Kong cluster, no
-   restart/reload required.  This step in itself will make that the plugin is
+   restart/reload required. This step in itself will make that the plugin is
    no longer in use. But it remains available and it is still possible to
    re-apply the plugin.
 
@@ -268,7 +265,6 @@ also upload your module on LuaRocks and make it available to everyone!
 Here is an example rockspec which would use the "builtin" build type to define
 modules in Lua notation and their corresponding file:
 
-
 For an example see the [Kong plugin template][plugin-template], for more info
 about the format see the LuaRocks [documentation on rockspecs][rockspec].
 
@@ -281,19 +277,19 @@ about the format see the LuaRocks [documentation on rockspecs][rockspec].
 Kong can fail to start because of a misconfigured custom plugin for several
 reasons:
 
-* "plugin is in use but not enabled" -> You configured a custom plugin from
+- "plugin is in use but not enabled" -> You configured a custom plugin from
   another node, and that the plugin configuration is in the database, but the
   current node you are trying to start does not have it in its `plugins`
   directive. To resolve, add the plugin's name to the node's `plugins`
   directive.
 
-* "plugin is enabled but not installed" -> The plugin's name is present in the
+- "plugin is enabled but not installed" -> The plugin's name is present in the
   `plugins` directive, but that Kong is unable to load the `handler.lua`
   source file from the file system. To resolve, make sure that the
   [lua_package_path](/{{page.kong_version}}/configuration/#development-miscellaneous-section)
   directive is properly set to load this plugin's Lua sources.
 
-* "no configuration schema found for plugin" -> The plugin is installed,
+- "no configuration schema found for plugin" -> The plugin is installed,
   enabled in the `plugins` directive, but Kong is unable to load the
   `schema.lua` source file from the file system. To resolve, make sure that
   the `schema.lua` file is present alongside the plugin's `handler.lua` file.
diff --git a/app/1.2.x/plugin-development/index.md b/app/1.2.x/plugin-development/index.md
index a317d734fffd..33cc1213fa96 100644
--- a/app/1.2.x/plugin-development/index.md
+++ b/app/1.2.x/plugin-development/index.md
@@ -12,11 +12,11 @@ especially how it integrates with Nginx and what Lua has to do with it.
 [lua-nginx-module] enables Lua scripting capabilities in Nginx. Instead of
 compiling Nginx with this module, Kong is distributed along with
 [OpenResty](https://openresty.org/), which already includes lua-nginx-module.
-OpenResty is *not* a fork of Nginx, but a bundle of modules extending its
+OpenResty is _not_ a fork of Nginx, but a bundle of modules extending its
 capabilities.
 
 Hence, Kong is a Lua application designed to load and execute Lua modules
-(which we more commonly refer to as "*plugins*") and provides an entire
+(which we more commonly refer to as "_plugins_") and provides an entire
 development environment for them, including an SDK, database abstractions,
 migrations, and more.
 
@@ -34,4 +34,4 @@ PDK, see the [Plugin Development Kit] reference.
 Next: [File structure of a plugin &rsaquo;]({{page.book.next}})
 
 [lua-nginx-module]: https://github.com/openresty/lua-nginx-module
-[Plugin Development Kit]: /{{page.kong_version}}/pdk
+[plugin development kit]: /{{page.kong_version}}/pdk
diff --git a/app/1.2.x/proxy.md b/app/1.2.x/proxy.md
index 03b37b962692..cc6a41ae4455 100644
--- a/app/1.2.x/proxy.md
+++ b/app/1.2.x/proxy.md
@@ -4,7 +4,7 @@ title: Proxy Reference
 
 ## Introduction
 
-In this document we will cover Kong's **proxying capabilities**  by explaining
+In this document we will cover Kong's **proxying capabilities** by explaining
 its routing capabilities and internal workings in details.
 
 Kong exposes several interfaces which can be tweaked by two configuration
@@ -27,7 +27,7 @@ below.</p>
 
 ## Terminology
 
-- `client`: Refers to the *downstream* client making requests to Kong's
+- `client`: Refers to the _downstream_ client making requests to Kong's
   proxy port.
 - `upstream service`: Refers to your own API/service sitting behind Kong, to
   which client requests are forwarded.
@@ -75,7 +75,7 @@ Server: kong/<x.x.x>
 ## Reminder: How to configure a Service
 
 The [Configuring a Service][configuring-a-service] quickstart guide explains
-how Kong is configured via the [Admin API][API].
+how Kong is configured via the [Admin API][api].
 
 Adding a Service to Kong is done by sending an HTTP request to the Admin API:
 
@@ -170,9 +170,9 @@ Let's go through a few examples. Consider a Route configured like this:
 
 ```json
 {
-    "hosts": ["example.com", "foo-service.com"],
-    "paths": ["/foo", "/bar"],
-    "methods": ["GET"]
+  "hosts": ["example.com", "foo-service.com"],
+  "paths": ["/foo", "/bar"],
+  "methods": ["GET"]
 }
 ```
 
@@ -287,7 +287,7 @@ A complete example would look like this:
 
 ```json
 {
-    "hosts": ["*.example.com", "service.com"]
+  "hosts": ["*.example.com", "service.com"]
 }
 ```
 
@@ -316,10 +316,10 @@ configured like so:
 
 ```json
 {
-    "hosts": ["service.com"],
-    "service": {
-        "id": "..."
-    }
+  "hosts": ["service.com"],
+  "service": {
+    "id": "..."
+  }
 }
 ```
 
@@ -342,11 +342,11 @@ However, by explicitly configuring a Route with `preserve_host=true`:
 
 ```json
 {
-    "hosts": ["service.com"],
-    "preserve_host": true,
-    "service": {
-        "id": "..."
-    }
+  "hosts": ["service.com"],
+  "preserve_host": true,
+  "service": {
+    "id": "..."
+  }
 }
 ```
 
@@ -377,7 +377,7 @@ For example, with a Route configured like so:
 
 ```json
 {
-    "paths": ["/service", "/hello/world"]
+  "paths": ["/service", "/hello/world"]
 }
 ```
 
@@ -418,7 +418,7 @@ For example, if we consider the following Route:
 
 ```json
 {
-    "paths": ["/users/\d+/profile", "/following"]
+  "paths": ["/users/d+/profile", "/following"]
 }
 ```
 
@@ -445,40 +445,47 @@ in the path (the root `/` character).
 As previously mentioned, Kong evaluates prefix paths by length: the longest
 prefix paths are evaluated first. However, Kong will evaluate regex paths based
 on the `regex_priority` attribute of Routes from highest priority to lowest.
-This means that considering the following Routes:
+Regex paths are furthermore evaluated before prefix paths.
+
+Consider the following Routes:
 
 ```json
 [
-    {
-        "paths": ["/status/\d+"],
-        "regex_priority": 0
-    },
-    {
-        "paths": ["/version/\d+/status/\d+"],
-        "regex_priority": 6
-    },
-    {
-        "paths": ["/version"],
-    },
-    {
-        "paths": ["/version/any/"],
-    }
+  {
+    "paths": ["/status/\d+"],
+    "regex_priority": 0
+  },
+  {
+    "paths": ["/version/\d+/status/\d+"],
+    "regex_priority": 6
+  },
+  {
+    "paths": ["/version"],
+  },
+  {
+    "paths": ["/version/any/"],
+  }
 ]
 ```
 
 In this scenario, Kong will evaluate incoming requests against the following
 defined URIs, in this order:
 
-1. `/version/any/`
-2. `/version`
-3. `/version/\d+/status/\d+`
-4. `/status/\d+`
+1. `/version/\d+/status/\d+`
+2. `/status/\d+`
+3. `/version/any/`
+4. `/version`
 
-Prefix paths are always evaluated before regex paths.
+Take care to avoid writing regex rules that are overly broad and may consume
+traffic intended for a prefix rule. Adding a rule with the path `/version/.*` to
+the ruleset above would likely consume some traffic intended for the `/version`
+prefix path. If you see unexpected behavior, sending `X-Kong-Debug: 1` in your
+request headers will indicate the matched Route ID in the response headers for
+troubleshooting purposes.
 
 As usual, a request must still match a Route's `hosts` and `methods` properties
-as well, and Kong will traverse your Routes until it finds one that matches
-the most rules (see [Routing priorities][proxy-routing-priorities]).
+as well, and Kong will traverse your Routes until it finds one that [matches
+the most rules](#matching-priorities).
 
 [Back to TOC](#table-of-contents)
 
@@ -529,7 +536,7 @@ HTTP/1.1 201 Created
 
 Note that `curl` does not automatically URL encode your payload, and note the
 usage of `--data-urlencode`, which prevents the `+` character to be URL decoded
-and interpreted as a space ` ` by Kong's Admin API.
+and interpreted as a space `` by Kong's Admin API.
 
 [Back to TOC](#table-of-contents)
 
@@ -541,11 +548,11 @@ property by configuring a Route like so:
 
 ```json
 {
-    "paths": ["/service"],
-    "strip_path": true,
-    "service": {
-        "id": "..."
-    }
+  "paths": ["/service"],
+  "strip_path": true,
+  "service": {
+    "id": "..."
+  }
 }
 ```
 
@@ -572,11 +579,11 @@ Example:
 
 ```json
 {
-    "paths": ["/version/\d+/service"],
-    "strip_path": true,
-    "service": {
-        "id": "..."
-    }
+  "paths": ["/version/d+/service"],
+  "strip_path": true,
+  "service": {
+    "id": "..."
+  }
 }
 ```
 
@@ -599,17 +606,17 @@ Host: ...
 ### Request HTTP method
 
 The `methods` field allows matching the requests depending on their HTTP
-method.  It accepts multiple values. Its default value is empty (the HTTP
+method. It accepts multiple values. Its default value is empty (the HTTP
 method is not used for routing).
 
 The following Route allows routing via `GET` and `HEAD`:
 
 ```json
 {
-    "methods": ["GET", "HEAD"],
-    "service": {
-        "id": "..."
-    }
+  "methods": ["GET", "HEAD"],
+  "service": {
+    "id": "..."
+  }
 }
 ```
 
@@ -648,19 +655,19 @@ Routes with the most rules**.
 For example, if two Routes are configured like so:
 
 ```json
-{
-    "hosts": ["example.com"],
-    "service": {
-        "id": "..."
-    }
+({
+  "hosts": ["example.com"],
+  "service": {
+    "id": "..."
+  }
 },
 {
-    "hosts": ["example.com"],
-    "methods": ["POST"],
-    "service": {
-        "id": "..."
-    }
-}
+  "hosts": ["example.com"],
+  "methods": ["POST"],
+  "service": {
+    "id": "..."
+  }
+})
 ```
 
 The second Route has a `hosts` field **and** a `methods` field, so it will be
@@ -691,8 +698,8 @@ Kong.
 
 The proxying rules above detail how Kong forwards incoming requests to your
 upstream services. Below, we detail what happens internally between the time
-Kong *matches* an HTTP request with a registered Route, and the actual
-*forwarding* of the request.
+Kong _matches_ an HTTP request with a registered Route, and the actual
+_forwarding_ of the request.
 
 [Back to TOC](#table-of-contents)
 
@@ -738,10 +745,10 @@ properties of a Service:
   establishing a connection to your upstream service. Defaults to `60000`.
 - `upstream_send_timeout`: defines in milliseconds a timeout between two
   successive write operations for transmitting a request to your upstream
-  service.  Defaults to `60000`.
+  service. Defaults to `60000`.
 - `upstream_read_timeout`: defines in milliseconds a timeout between two
   successive read operations for receiving a request from your upstream
-  service.  Defaults to `60000`.
+  service. Defaults to `60000`.
 
 Kong will send the request over HTTP/1.1, and set the following headers:
 
@@ -795,7 +802,7 @@ the next upstream.
 There are two configurable elements here:
 
 1. The number of retries: this can be configured per Service using the
-   `retries` property. See the [Admin API][API] for more details on this.
+   `retries` property. See the [Admin API][api] for more details on this.
 
 2. What exactly constitutes an error: here Kong uses the Nginx defaults, which
    means an error or timeout occurring while establishing a connection with the
@@ -851,10 +858,10 @@ Here is an example of such a fallback Route:
 
 ```json
 {
-    "paths": ["/"],
-    "service": {
-        "id": "..."
-    }
+  "paths": ["/"],
+  "service": {
+    "id": "..."
+  }
 }
 ```
 
@@ -873,7 +880,7 @@ wish on this Route.
 Kong provides a way to dynamically serve SSL certificates on a per-connection
 basis. SSL certificates are directly handled by the core, and configurable via
 the Admin API. Clients connecting to Kong over TLS must support the [Server
-Name Indication][SNI] extension to make use of this feature.
+Name Indication][sni] extension to make use of this feature.
 
 SSL certificates are handled by two resources in the Kong Admin API:
 
@@ -882,7 +889,7 @@ SSL certificates are handled by two resources in the Kong Admin API:
   Indication.
 
 You can find the documentation for those two resources in the
-[Admin API Reference][API].
+[Admin API Reference][api].
 
 Here is how to configure an SSL certificate on a given Route: first, upload
 your SSL certificate and key via the Admin API:
@@ -902,16 +909,16 @@ associating the uploaded certificate to it.
 Note that one of the SNI names defined in `snis` above contains a wildcard
 (`*.ssl-example.com`). An SNI may contain a single wildcard in the leftmost (prefix) or
 rightmost (suffix) postion. This can be useful when maintaining multiple subdomains. A
-single `sni` configured with a wildcard name can be used to match multiple 
-subdomains, instead of creating an SNI for each. 
+single `sni` configured with a wildcard name can be used to match multiple
+subdomains, instead of creating an SNI for each.
 
 Valid wildcard positions are `mydomain.*`, `*.mydomain.com`, and `*.www.mydomain.com`.
 
 Matching of `snis` respects the following priority:
 
- 1. plain (no wildcard)
- 2. prefix
- 3. suffix
+1.  plain (no wildcard)
+2.  prefix
+3.  suffix
 
 You must now register the following Route within Kong. We will match requests
 to this Route using only the Host header for convenience:
@@ -949,20 +956,20 @@ A Route with `http` and `https` will accept traffic in both protocols.
 
 ```json
 {
-    "hosts": ["..."],
-    "paths": ["..."],
-    "methods": ["..."],
-    "protocols": ["http", "https"],
-    "service": {
-        "id": "..."
-    }
+  "hosts": ["..."],
+  "paths": ["..."],
+  "methods": ["..."],
+  "protocols": ["http", "https"],
+  "service": {
+    "id": "..."
+  }
 }
 ```
 
 Not specifying any protocol has the same effect, since routes default to
 `["http", "https"]`.
 
-However, a Route with *only* `https` would _only_ accept traffic over HTTPS. It
+However, a Route with _only_ `https` would _only_ accept traffic over HTTPS. It
 would _also_ accept unencrypted traffic _if_ SSL termination previously
 occurred from a trusted IP. SSL termination is considered valid when the
 request comes from one of the configured IPs in
@@ -971,13 +978,13 @@ header is set:
 
 ```json
 {
-    "hosts": ["..."],
-    "paths": ["..."],
-    "methods": ["..."],
-    "protocols": ["https"],
-    "service": {
-        "id": "..."
-    }
+  "hosts": ["..."],
+  "paths": ["..."],
+  "methods": ["..."],
+  "protocols": ["https"],
+  "service": {
+    "id": "..."
+  }
 }
 ```
 
@@ -1000,13 +1007,13 @@ connections by using `"tcp"` in the `protocols` attribute:
 
 ```json
 {
-    "hosts": ["..."],
-    "paths": ["..."],
-    "methods": ["..."],
-    "protocols": ["tcp"],
-    "service": {
-        "id": "..."
-    }
+  "hosts": ["..."],
+  "paths": ["..."],
+  "methods": ["..."],
+  "protocols": ["tcp"],
+  "service": {
+    "id": "..."
+  }
 }
 ```
 
@@ -1015,17 +1022,17 @@ the `"tls"` value:
 
 ```json
 {
-    "hosts": ["..."],
-    "paths": ["..."],
-    "methods": ["..."],
-    "protocols": ["tls"],
-    "service": {
-        "id": "..."
-    }
+  "hosts": ["..."],
+  "paths": ["..."],
+  "methods": ["..."],
+  "protocols": ["tls"],
+  "service": {
+    "id": "..."
+  }
 }
 ```
 
-A Route with *only* `TLS` would _only_ accept traffic over TLS.
+A Route with _only_ `TLS` would _only_ accept traffic over TLS.
 
 It is also possible to accept both TCP and TLS simultaneously:
 
@@ -1042,14 +1049,13 @@ It is also possible to accept both TCP and TLS simultaneously:
 
 ```
 
-
 [Back to TOC](#table-of-contents)
 
 ## Proxy WebSocket traffic
 
 Kong supports WebSocket traffic thanks to the underlying Nginx implementation.
 When you wish to establish a WebSocket connection between a client and your
-upstream services *through* Kong, you must establish a WebSocket handshake.
+upstream services _through_ Kong, you must establish a WebSocket handshake.
 This is done via the HTTP Upgrade mechanism. This is what your client request
 made to Kong would look like:
 
@@ -1109,10 +1115,9 @@ just covered.
 [configuration-reference]: /{{page.kong_version}}/configuration-reference
 [configuration-trusted-ips]: /{{page.kong_version}}/configuration/#trusted_ips
 [configuring-a-service]: /{{page.kong_version}}/getting-started/configuring-a-service
-[API]: /{{page.kong_version}}/admin-api
+[api]: /{{page.kong_version}}/admin-api
 [service-entity]: /{{page.kong_version}}/admin-api/#add-service
 [route-entity]: /{{page.kong_version}}/admin-api/#add-route
-
 [ngx-http-proxy-module]: http://nginx.org/en/docs/http/ngx_http_proxy_module.html
 [ngx-http-realip-module]: http://nginx.org/en/docs/http/ngx_http_realip_module.html
 [ngx-remote-addr-variable]: http://nginx.org/en/docs/http/ngx_http_core_module.html#var_remote_addr
@@ -1120,4 +1125,4 @@ just covered.
 [ngx-host-variable]: http://nginx.org/en/docs/http/ngx_http_core_module.html#var_host
 [ngx-server-port-variable]: http://nginx.org/en/docs/http/ngx_http_core_module.html#var_server_port
 [ngx-http-proxy-retries]: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream_tries
-[SNI]: https://en.wikipedia.org/wiki/Server_Name_Indication
+[sni]: https://en.wikipedia.org/wiki/Server_Name_Indication
diff --git a/app/1.2.x/secure-admin-api.md b/app/1.2.x/secure-admin-api.md
index dcdb40f3e7fb..a616c5061c9a 100644
--- a/app/1.2.x/secure-admin-api.md
+++ b/app/1.2.x/secure-admin-api.md
@@ -38,7 +38,6 @@ network interface, but should only be accessed by a small subset of an IP range.
 In such a case, host-based firewalls (e.g. iptables) are useful in limiting
 input traffic ranges. For example:
 
-
 ```bash
 # assume that Kong is listening on the address defined below, as defined as a
 # /24 CIDR block, and only a select few hosts in this range should have access
@@ -131,7 +130,7 @@ For more information on integrating Kong into custom Nginx configurations, see
 
 [Back to TOC](#table-of-contents)
 
-## Role Based Access Control ##
+## Role Based Access Control
 
 <div class="alert alert-warning">
   <strong>Enterprise-Only</strong> This feature is only available with an
@@ -151,7 +150,6 @@ Enterprise offering by [contacting us](/enterprise).
 
 [Back to TOC](#table-of-contents)
 
-
 [acl]: /plugins/acl
 [basic-auth]: /plugins/basic-authentication/
 [custom-configuration]: /{{page.kong_version}}/configuration/#custom-nginx-configuration
diff --git a/app/1.2.x/upgrading.md b/app/1.2.x/upgrading.md
index a019d846f832..1049e4d86db3 100644
--- a/app/1.2.x/upgrading.md
+++ b/app/1.2.x/upgrading.md
@@ -3,7 +3,7 @@ title: Upgrade guide
 ---
 
 <div class="alert alert-warning">
-  <strong>Note:</strong> What follows is the upgrade guide for 1.0.x.
+  <strong>Note:</strong> What follows is the upgrade guide for 1.2.x.
   If you are trying to upgrade to an earlier version of Kong, please read
   <a href="https://github.com/Kong/kong/blob/master/UPGRADE.md">UPGRADE.md file in the Kong repo</a>
 </div>
@@ -13,253 +13,92 @@ when upgrading, as well as take you through the correct sequence of steps
 in order to obtain a **no-downtime** migration in different upgrade
 scenarios.
 
-## Upgrade to `1.0.0`
+## Upgrade to `1.2`
 
-This is a major release of Kong, and includes a number of new features
-as well as breaking changes.
+Kong adheres to [semantic versioning](https://semver.org/), which makes a
+distinction between "major", "minor" and "patch" versions. The upgrade path
+will be different on which previous version from which you are migrating.
+If you are upgrading from 0.x, this is a major upgrade. If you are
+upgrading from 1.0.x or 1.1.x, this is a minor upgrade. Both scenarios are
+explained below.
 
-This version introduces **a new schema format for plugins**, **changes in
-Admin API endpoints**, **database migrations**, **Nginx configuration
-changes**, and **removed configuration properties**.
 
-In this release, the **API entity is removed**, along with its related
-Admin API endpoints.
+## 1. Dependencies
 
-This section will highlight breaking changes that you need to be aware of
-before upgrading and will describe the recommended upgrade path. We recommend
-that you consult the full [1.0.0
-Changelog](https://github.com/Kong/kong/blob/master/CHANGELOG.md) for a
-complete list of changes and new features.
-
-## 1. Breaking Changes
-
-### Dependencies
+If you are using the provided binary packages, all necessary dependencies
+are bundled. If you are building your dependencies by hand, you should
+be aware of the following changes:
 
 - The required OpenResty version is 1.13.6.2, but for a full feature set,
   including stream routing and service mesh abilities with mutual TLS, you need
   Kong's [openresty-patches](https://github.com/kong/openresty-patches).
+  Note that the set of patches was updated from 1.0 to 1.2.
 - The minimum required OpenSSL version is 1.1.1. If you are building by hand,
   make sure all dependencies, including LuaRocks modules, are compiled using
   the same OpenSSL version. If you are installing Kong from one of our
   distribution packages, you are not affected by this change.
 
-### Configuration
-
-- The `custom_plugins` directive is removed (deprecated since 0.14.0).
-  Use `plugins` instead, which you can use not only to enable
-  custom plugins, but also to disable bundled plugins.
-- The default value for `cassandra_lb_policy` changed from `RoundRobin`
-  to `RequestRoundRobin`.
-- Kong generates a new template file for stream routing,
-  `nginx-kong-stream.conf`, included in the `stream` block
-  of its top-level Nginx configuration file. If you use
-  a custom Nginx configuration and wish to use stream
-  routing, you can generate this file using `kong prepare`.
-- The Nginx configuration file has changed, which means that you need to update
-  it if you are using a custom template. The changes are detailed in the following diff:
-
-``` diff
-diff --git a/kong/templates/nginx_kong.lua b/kong/templates/nginx_kong.lua
-index d4e416bc..8f268ffd 100644
---- a/kong/templates/nginx_kong.lua
-+++ b/kong/templates/nginx_kong.lua
-@@ -66,7 +66,9 @@ upstream kong_upstream {
-     balancer_by_lua_block {
-         Kong.balancer()
-     }
-+> if upstream_keepalive > 0 then
-     keepalive ${{UPSTREAM_KEEPALIVE}};
-+> end
- }
-
- server {
-@@ -85,7 +87,7 @@ server {
- > if proxy_ssl_enabled then
-     ssl_certificate ${{SSL_CERT}};
-     ssl_certificate_key ${{SSL_CERT_KEY}};
--    ssl_protocols TLSv1.1 TLSv1.2;
-+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
-     ssl_certificate_by_lua_block {
-         Kong.ssl_certificate()
-     }
-@@ -200,7 +202,7 @@ server {
- > if admin_ssl_enabled then
-     ssl_certificate ${{ADMIN_SSL_CERT}};
-     ssl_certificate_key ${{ADMIN_SSL_CERT_KEY}};
--    ssl_protocols TLSv1.1 TLSv1.2;
-+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
-
-     ssl_session_cache shared:SSL:10m;
-     ssl_session_timeout 10m;
-```
+## 2. Breaking Changes
 
-### Core
-
-- The **API** entity and related concepts such as the
-  `/apis` endpoint, are removed. These were deprecated since
-  0.13.0. Instead, use **Routes** to configure your
-  endpoints and **Services** to configure your upstream
-  services.
-- The old DAO implementation (`kong.dao`) is removed,
-  which includes the old schema validation library. This
-  has implications to plugin developers, listed below.
-  - The last remaining entities that were converted to
-    the new DAO implementation were Plugins, Upstreams
-    and Targets. This has implications to the Admin API,
-    listed below.
-
-### Plugins
-
-Kong 1.0.0 marks the introduction of version 1.0.0 of
-the Plugin Development Kit (PDK). No major changes are
-made to the PDK compared to release 0.14, but some older
-non-PDK functionality which was possibly used by custom
-plugins is now removed.
-
-- Plugins now use the new schema format introduced by the
-  new DAO implementation, for both plugin schemas
-  (in `schema.lua`) and custom DAO entities (`daos.lua`).
-  To ease the transition of plugins, the plugin loader
-  in 1.0 includes a *best-effort* schema auto-translator
-  for `schema.lua`, which should be sufficient for many
-  plugins (in 1.0.0rc1, our bundled plugins used the
-  auto-translator; they now use the new format).
-  - If your plugin using the old format in `schema.lua`
-    fails to load, check the error logs for messages
-    produced by the auto-translator. If a field cannot
-    be auto-translated, you can make a gradual conversion
-    of the schema file by adding a `new_type` entry to
-    the field table translation of the format. See,
-    for example, the [key-auth schema in 1.0.0rc1](https://github.com/Kong/kong/blob/1.0.0rc1/kong/plugins/key-auth/schema.lua#L39-L54).
-    The `new_type` annotation is ignored by Kong 0.x.
-  - If your custom plugin uses custom DAO objects (i.e.
-    if it includes a `daos.lua` file), it needs to be
-    converted to the new format. Their code also needs
-    to be adjusted accordingly, replacing uses of
-    `singletons.dao` or `kong.dao` by `kong.db` (note
-    that this module exposes a different API from the
-    old DAO implementation).
-- Some Kong modules that had their functionality replaced
-  by the PDK in 0.14.0 are now removed:
-  - `kong.tools.ip`: use `kong.ip` from the PDK instead.
-  - `kong.tools.public`: replaced by various functionalities
-    of the PDK.
-  - `kong.tools.responses`: use `kong.response.exit` from the PDK instead. You
-    might want to use `kong.log.err` to log internal server errors as well.
-- The `kong.api.crud_helpers` module was removed.
-  Use `kong.api.endpoints` instead if you need to customize
-  the auto-generated endpoints.
-
-### Admin API
-
-- With the removal of the API entity, the `/apis` endpoint
-  is removed; accordingly, other endpoints that accepted
-  `api_id` no longer do so. Use Routes and Services instead.
-- All entity endpoints now use the new Admin API implementaion.
-  This means their requests and responses now use the same
-  syntax, which was already in use in endpoints such as
-  `/routes` and `/services`.
-  - All endpoints now use the same syntax for
-    referencing other entities as `/routes`
-    (for example, `"service":{"id":"..."}` instead of
-    `"service_id":"..."`), both in requests and responses.
-    - This change affects `/plugins` as well as
-      plugin-specific endpoints.
-  - Array-typed values are not specified as a
-    comma-separated list anymore. It must be specified as a
-    JSON array or using the various formats supported by
-    the url-formencoded array notation of the new Admin API
-    implementation (`a[1]=x&a[2]=y`, `a[]=x&a[]=y`,
-    `a=x&a=y`).
-    - This change affects attributes of the `/upstreams` endpoint.
-  - Error responses for the updated endpoints use
-    the new standardized format.
-  - As a result of being moved to the new Admin API implementation,
-    all endpoints supporting `PUT` do so with proper semantics.
-  - See the [Admin API
-    reference](https://docs.konghq.com/1.0.x/admin-api)
-    for more details.
-
-## 2. Deprecation Notices
-
-There are no deprecation notices in this release.
+Kong 1.2 does not include any breaking changes over Kong 1.0 or 1.1, but Kong 1.0
+included a number of breaking changes over Kong 0.x. If you are upgrading
+from 0.14,x, please read the section on
+[Kong 1.0 Breaking Changes](#kong-1-0-breaking-changes) carefully before
+proceeding.
 
 ## 3. Suggested Upgrade Path
 
-### Preliminary Checks
-
-If your cluster is running a version lower than 0.14, you need to
-upgrade to 0.14.1 first instead. Upgrading from a pre-0.14 cluster
-straight to Kong 1.0 is **not** supported.
-
-If you still use the deprecated API entity to configure your endpoints and
-upstream services (via `/apis`) instead of using Routes for endpoints (via
-`/routes`) and Services for upstream services (via `/services`), now is the
-time to do so. Kong 1.0 will refuse to run migrations if you have any entity
-configured using `/apis` in your datastore. Create equivalent Routes and
-Services and delete your APIs. (Note that Kong does not do this automatically
-because the naive option of creating a Route and Service pair for each API
-would miss the point of the improvements brought by Routes and Services;
-the ideal mapping of Routes and Services depends on your microservice
-architecture.)
-
-If you use additional plugins other than the ones bundled with Kong,
-make sure they are compatible with Kong 1.0 prior to upgrading.
-See the section above on Plugins for information on plugin compatibility.
-
-### Migration Steps from 0.14
-
-Kong 1.0 introduces a new, improved migrations framework.
-It supports a no-downtime, Blue/Green migration model for upgrading
-from 0.14.x. The full migration is now split into two steps,
-which are performed via commands `kong migrations up` and
-`kong migrations finish`.
-
-For a no-downtime migration from a 0.14 cluster to a 1.0 cluster,
-we recommend the following sequence of steps:
-
-1. Download 1.0, and configure it to point to the same datastore
-   as your 0.14 cluster. Run `kong migrations up`.
-2. Both 0.14 and 1.0 nodes can now run simultaneously on the same
-   datastore. Start provisioning 1.0 nodes, but do not use their
-   Admin API yet. Prefer making Admin API requests to your 0.14 nodes
-   instead.
-3. Gradually divert traffic away from your 0.14 nodes, and into
-   your 1.0 cluster. Monitor your traffic to make sure everything
+### Upgrade from `0.x` to `1.2`
+
+The lowest version that Kong 1.2 supports migrating from is 0.14.1. if you
+are migrating from a previous 0.x release, please migrate to 0.14.1 first.
+
+For upgrading from 0.14.1 to Kong 1.2, the steps for upgrading are the same as
+upgrading from 0.14.1 to Kong 1.0. Please follow the steps described in the
+"Migration Steps from 0.14" in the [Suggested Upgrade Path for Kong
+1.0](#kong-1-0-upgrade-path).
+
+### Upgrade from `1.0.x` or `1.1.x` to `1.2`
+
+Kong 1.2 supports a no-downtime migration model. This means that while the
+migration is ongoing, you will have two Kong clusters running, sharing the
+same database. (This is sometimes called the Blue/Green migration model.)
+
+The migrations are designed so that there is no need to fully copy
+the data, but this also means that they are designed in such a way so that
+the new version of Kong is able to use the data as it is migrated, and to do
+it in a way so that the old Kong cluster keeps working until it is finally
+time to decomission it. For this reason, the full migration is now split into
+two steps, which are performed via commands `kong migrations up` (which does
+only non-destructive operations) and `kong migrations finish` (which puts the
+database in the final expected state for Kong 1.2).
+
+1. Download 1.2, and configure it to point to the same datastore
+   as your old (1.0 or 1.1) cluster. Run `kong migrations up`.
+2. Once that finishes running, both the old and new (1.2) clusters can now
+   run simultaneously on the same datastore. Start provisioning
+   1.2 nodes, but do not use their Admin API yet. If you need to
+   perform Admin API requests, these should be made to the old cluster's nodes.
+   The reason is to prevent the new cluster from generating data
+   that is not understood by the old cluster.
+3. Gradually divert traffic away from your old nodes, and into
+   your 1.2 cluster. Monitor your traffic to make sure everything
    is going smoothly.
-4. When your traffic is fully migrated to the 1.0 cluster,
-   decommission your 0.14 nodes.
-5. From your 1.0 cluster, run: `kong migrations finish`.
-   From this point on, it will not be possible to start 0.14
-   nodes pointing to the same datastore anymore. Only run
+4. When your traffic is fully migrated to the 1.2 cluster,
+   decommission your old nodes.
+5. From your 1.2 cluster, run: `kong migrations finish`.
+   From this point on, it will not be possible to start
+   nodes in the old cluster pointing to the same datastore anymore. Only run
    this command when you are confident that your migration
    was successful. From now on, you can safely make Admin API
-   requests to your 1.0 nodes.
-
-At any step of the way, you may run `kong migrations list` to get
-a report of the state of migrations. It will list whether there
-are missing migrations, if there are pending migrations (which have
-already started in the `kong migrations up` step and later need to
-finish in the `kong migrations finish` step) or if there
-are new migrations available. The status code of the process will
-also change accordingly:
-
-* `0` - migrations are up-to-date
-* `1` - failed inspecting the state of migrations (e.g. database is down)
-* `3` - database needs bootstrapping:
-  you should run `kong migrations bootstrap` to install on
-  a fresh datastore.
-* `4` - there are pending migrations: once your old cluster is
-  decomissioned you should run `kong migrations finish` (step 5 above).
-* `5` - there are new migrations: you should start a migration
-  sequence (beginning from step 1 above).
-
-### Migration Steps from 1.0 Release Candidates
-
-The process is the same as for upgrading for 0.14 listed above, but on step 1
+   requests to your 1.2 nodes.
+
+### Upgrade Path from 1.2 Release Candidates
+
+The process is the same as for upgrading from 1.0 listed above, but on step 1
 you should run `kong migrations up --force` instead.
 
-## Upgrade Path for Patch Releases
+### Upgrade Path for Patch Releases
 
 There are no migrations in upgrades between current or
 future patch releases of the same minor release of Kong
@@ -293,15 +132,13 @@ starts new workers, which take over from old workers before those old workers
 are terminated. In this way, Kong will serve new requests via the new
 configuration, without dropping existing in-flight connections.
 
-## Installing 1.0 on a Fresh Datastore
+### Installing 1.2 on a Fresh Datastore
 
-For installing on a fresh datastore, Kong 1.0 introduces the `kong migrations
-bootstrap` command. The following commands can be run to prepare a new 1.0
+For installing on a fresh datastore, Kong 1.2 have the `kong migrations
+bootstrap` command. The following commands can be run to prepare a new 1.2
 cluster from a fresh datastore:
 
 ```
 $ kong migrations bootstrap [-c config]
 $ kong start [-c config]
 ```
-
-
diff --git a/app/1.3.x/admin-api.md b/app/1.3.x/admin-api.md
new file mode 100644
index 000000000000..635aa93326e0
--- /dev/null
+++ b/app/1.3.x/admin-api.md
@@ -0,0 +1,3071 @@
+---
+title: Admin API
+
+service_body: |
+    Attributes | Description
+    ---:| ---
+    `name`<br>*optional* | The Service name.
+    `retries`<br>*optional* | The number of retries to execute upon failure to proxy. Defaults to `5`.
+    `protocol` |  The protocol used to communicate with the upstream. It can be one of `http` or `https`.  Defaults to `"http"`.
+    `host` | The host of the upstream server.
+    `port` | The upstream server port. Defaults to `80`.
+    `path`<br>*optional* | The path to be used in requests to the upstream server.
+    `connect_timeout`<br>*optional* |  The timeout in milliseconds for establishing a connection to the upstream server.  Defaults to `60000`.
+    `write_timeout`<br>*optional* |  The timeout in milliseconds between two successive write operations for transmitting a request to the upstream server.  Defaults to `60000`.
+    `read_timeout`<br>*optional* |  The timeout in milliseconds between two successive read operations for transmitting a request to the upstream server.  Defaults to `60000`.
+    `tags`<br>*optional* |  An optional set of strings associated with the Service, for grouping and filtering. 
+    `client_certificate`<br>*optional* |  Certificate to be used as client certificate while TLS handshaking to the upstream server.  With form-encoded, the notation is `client_certificate.id=<client_certificate_id>`. With JSON, use `"client_certificate":{"id":"<client_certificate_id>"}`.
+    `url`<br>*shorthand-attribute* |  Shorthand attribute to set `protocol`, `host`, `port` and `path` at once. This attribute is write-only (the Admin API never "returns" the url). 
+
+service_json: |
+    {
+        "id": "9748f662-7711-4a90-8186-dc02f10eb0f5",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-service",
+        "retries": 5,
+        "protocol": "http",
+        "host": "example.com",
+        "port": 80,
+        "path": "/some_api",
+        "connect_timeout": 60000,
+        "write_timeout": 60000,
+        "read_timeout": 60000,
+        "tags": ["user-level", "low-priority"],
+        "client_certificate": {"id":"4e3ad2e4-0bc4-4638-8e34-c84a417ba39b"}
+    }
+
+service_data: |
+    "data": [{
+        "id": "a5fb8d9b-a99d-40e9-9d35-72d42a62d83a",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-service",
+        "retries": 5,
+        "protocol": "http",
+        "host": "example.com",
+        "port": 80,
+        "path": "/some_api",
+        "connect_timeout": 60000,
+        "write_timeout": 60000,
+        "read_timeout": 60000,
+        "tags": ["user-level", "low-priority"],
+        "client_certificate": {"id":"51e77dc2-8f3e-4afa-9d0e-0e3bbbcfd515"}
+    }, {
+        "id": "fc73f2af-890d-4f9b-8363-af8945001f7f",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-service",
+        "retries": 5,
+        "protocol": "http",
+        "host": "example.com",
+        "port": 80,
+        "path": "/another_api",
+        "connect_timeout": 60000,
+        "write_timeout": 60000,
+        "read_timeout": 60000,
+        "tags": ["admin", "high-priority", "critical"],
+        "client_certificate": {"id":"4506673d-c825-444c-a25b-602e3c2ec16e"}
+    }],
+
+route_body: |
+    Attributes | Description
+    ---:| ---
+    `name`<br>*optional* | The name of the Route.
+    `protocols` |  A list of the protocols this Route should allow. When set to `["https"]`, HTTP requests are answered with a request to upgrade to HTTPS.  Defaults to `["http", "https"]`.
+    `methods`<br>*semi-optional* |  A list of HTTP methods that match this Route. 
+    `hosts`<br>*semi-optional* |  A list of domain names that match this Route.  With form-encoded, the notation is `hosts[]=example.com&hosts[]=foo.test`. With JSON, use an Array.
+    `paths`<br>*semi-optional* |  A list of paths that match this Route.  With form-encoded, the notation is `paths[]=/foo&paths[]=/bar`. With JSON, use an Array.
+    `headers`<br>*semi-optional* |  One or more lists of values indexed by header name that will cause this Route to match if present in the request. The `Host` header cannot be used with this attribute: hosts should be specified using the `hosts` attribute. 
+    `https_redirect_status_code` |  The status code Kong responds with when all properties of a Route match except the protocol i.e. if the protocol of the request is `HTTP` instead of `HTTPS`. `Location` header is injected by Kong if the field is set to 301, 302, 307 or 308.  Defaults to `426`.
+    `regex_priority`<br>*optional* |  A number used to choose which route resolves a given request when several routes match it using regexes simultaneously. When two routes match the path and have the same `regex_priority`, the older one (lowest `created_at`) is used. Note that the priority for non-regex routes is different (longer non-regex routes are matched before shorter ones).  Defaults to `0`.
+    `strip_path`<br>*optional* |  When matching a Route via one of the `paths`, strip the matching prefix from the upstream request URL.  Defaults to `true`.
+    `preserve_host`<br>*optional* |  When matching a Route via one of the `hosts` domain names, use the request `Host` header in the upstream request headers. If set to `false`, the upstream `Host` header will be that of the Service's `host`. 
+    `snis`<br>*semi-optional* |  A list of SNIs that match this Route when using stream routing. 
+    `sources`<br>*semi-optional* |  A list of IP sources of incoming connections that match this Route when using stream routing. Each entry is an object with fields "ip" (optionally in CIDR range notation) and/or "port". 
+    `destinations`<br>*semi-optional* |  A list of IP destinations of incoming connections that match this Route when using stream routing. Each entry is an object with fields "ip" (optionally in CIDR range notation) and/or "port". 
+    `tags`<br>*optional* |  An optional set of strings associated with the Route, for grouping and filtering. 
+    `service`<br>*optional* |  The Service this Route is associated to. This is where the Route proxies traffic to.  With form-encoded, the notation is `service.id=<service_id>`. With JSON, use `"service":{"id":"<service_id>"}`.
+
+route_json: |
+    {
+        "id": "d35165e2-d03e-461a-bdeb-dad0a112abfe",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-route",
+        "protocols": ["http", "https"],
+        "methods": ["GET", "POST"],
+        "hosts": ["example.com", "foo.test"],
+        "paths": ["/foo", "/bar"],
+        "headers": {"x-another-header":["bla"], "x-my-header":["foo", "bar"]},
+        "https_redirect_status_code": 426,
+        "regex_priority": 0,
+        "strip_path": true,
+        "preserve_host": false,
+        "tags": ["user-level", "low-priority"],
+        "service": {"id":"af8330d3-dbdc-48bd-b1be-55b98608834b"}
+    }
+
+route_data: |
+    "data": [{
+        "id": "a9daa3ba-8186-4a0d-96e8-00d80ce7240b",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-route",
+        "protocols": ["http", "https"],
+        "methods": ["GET", "POST"],
+        "hosts": ["example.com", "foo.test"],
+        "paths": ["/foo", "/bar"],
+        "headers": {"x-another-header":["bla"], "x-my-header":["foo", "bar"]},
+        "https_redirect_status_code": 426,
+        "regex_priority": 0,
+        "strip_path": true,
+        "preserve_host": false,
+        "tags": ["user-level", "low-priority"],
+        "service": {"id":"127dfc88-ed57-45bf-b77a-a9d3a152ad31"}
+    }, {
+        "id": "9aa116fd-ef4a-4efa-89bf-a0b17c4be982",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-route",
+        "protocols": ["tcp", "tls"],
+        "https_redirect_status_code": 426,
+        "regex_priority": 0,
+        "strip_path": true,
+        "preserve_host": false,
+        "snis": ["foo.test", "example.com"],
+        "sources": [{"ip":"10.1.0.0/16", "port":1234}, {"ip":"10.2.2.2"}, {"port":9123}],
+        "destinations": [{"ip":"10.1.0.0/16", "port":1234}, {"ip":"10.2.2.2"}, {"port":9123}],
+        "tags": ["admin", "high-priority", "critical"],
+        "service": {"id":"ba641b07-e74a-430a-ab46-94b61e5ea66b"}
+    }],
+
+consumer_body: |
+    Attributes | Description
+    ---:| ---
+    `username`<br>*semi-optional* |  The unique username of the consumer. You must send either this field or `custom_id` with the request. 
+    `custom_id`<br>*semi-optional* |  Field for storing an existing unique ID for the consumer - useful for mapping Kong with users in your existing database. You must send either this field or `username` with the request. 
+    `tags`<br>*optional* |  An optional set of strings associated with the Consumer, for grouping and filtering. 
+
+consumer_json: |
+    {
+        "id": "ec1a1f6f-2aa4-4e58-93ff-b56368f19b27",
+        "created_at": 1422386534,
+        "username": "my-username",
+        "custom_id": "my-custom-id",
+        "tags": ["user-level", "low-priority"]
+    }
+
+consumer_data: |
+    "data": [{
+        "id": "a4407883-c166-43fd-80ca-3ca035b0cdb7",
+        "created_at": 1422386534,
+        "username": "my-username",
+        "custom_id": "my-custom-id",
+        "tags": ["user-level", "low-priority"]
+    }, {
+        "id": "01c23299-839c-49a5-a6d5-8864c09184af",
+        "created_at": 1422386534,
+        "username": "my-username",
+        "custom_id": "my-custom-id",
+        "tags": ["admin", "high-priority", "critical"]
+    }],
+
+plugin_body: |
+    Attributes | Description
+    ---:| ---
+    `name` |  The name of the Plugin that's going to be added. Currently the Plugin must be installed in every Kong instance separately. 
+    `route`<br>*optional* |  If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the Route being used.  Defaults to `null`. With form-encoded, the notation is `route.id=<route_id>`. With JSON, use `"route":{"id":"<route_id>"}`.
+    `service`<br>*optional* |  If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.  Defaults to `null`. With form-encoded, the notation is `service.id=<service_id>`. With JSON, use `"service":{"id":"<service_id>"}`.
+    `consumer`<br>*optional* |  If set, the plugin will activate only for requests where the specified has been authenticated. (Note that some plugins can not be restricted to consumers this way.). Leave unset for the plugin to activate regardless of the authenticated consumer.  Defaults to `null`. With form-encoded, the notation is `consumer.id=<consumer_id>`. With JSON, use `"consumer":{"id":"<consumer_id>"}`.
+    `config`<br>*optional* |  The configuration properties for the Plugin which can be found on the plugins documentation page in the [Kong Hub](https://docs.konghq.com/hub/). 
+    `run_on` |  Control on which Kong nodes this plugin will run, given a Service Mesh scenario. Accepted values are: * `first`, meaning "run on the first Kong node that is encountered by the request". On an API Getaway scenario, this is the usual operation, since there is only one Kong node in between source and destination. In a sidecar-to-sidecar Service Mesh scenario, this means running the plugin only on the Kong sidecar of the outbound connection. * `second`, meaning "run on the second node that is encountered by the request". This option is only relevant for sidecar-to-sidecar Service Mesh scenarios: this means running the plugin only on the Kong sidecar of the inbound connection. * `all` means "run on all nodes", meaning both sidecars in a sidecar-to-sidecar scenario. This is useful for tracing/logging plugins.  Defaults to `"first"`.
+    `protocols` |  A list of the request protocols that will trigger this plugin. Possible values are `"http"`, `"https"`, `"tcp"`, and `"tls"`. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will may only support `"tcp"` and `"tls"`.  Defaults to `["grpc", "grpcs", "http", "https"]`.
+    `enabled`<br>*optional* | Whether the plugin is applied. Defaults to `true`.
+    `tags`<br>*optional* |  An optional set of strings associated with the Plugin, for grouping and filtering. 
+
+plugin_json: |
+    {
+        "id": "ce44eef5-41ed-47f6-baab-f725cecf98c7",
+        "name": "rate-limiting",
+        "created_at": 1422386534,
+        "route": null,
+        "service": null,
+        "consumer": null,
+        "config": {"hour":500, "minute":20},
+        "run_on": "first",
+        "protocols": ["http", "https"],
+        "enabled": true,
+        "tags": ["user-level", "low-priority"]
+    }
+
+plugin_data: |
+    "data": [{
+        "id": "02621eee-8309-4bf6-b36b-a82017a5393e",
+        "name": "rate-limiting",
+        "created_at": 1422386534,
+        "route": null,
+        "service": null,
+        "consumer": null,
+        "config": {"hour":500, "minute":20},
+        "run_on": "first",
+        "protocols": ["http", "https"],
+        "enabled": true,
+        "tags": ["user-level", "low-priority"]
+    }, {
+        "id": "66c7b5c4-4aaf-4119-af1e-ee3ad75d0af4",
+        "name": "rate-limiting",
+        "created_at": 1422386534,
+        "route": null,
+        "service": null,
+        "consumer": null,
+        "config": {"hour":500, "minute":20},
+        "run_on": "first",
+        "protocols": ["tcp", "tls"],
+        "enabled": true,
+        "tags": ["admin", "high-priority", "critical"]
+    }],
+
+certificate_body: |
+    Attributes | Description
+    ---:| ---
+    `cert` | PEM-encoded public certificate chain of the SSL key pair.
+    `key` | PEM-encoded private key of the SSL key pair.
+    `tags`<br>*optional* |  An optional set of strings associated with the Certificate, for grouping and filtering. 
+    `snis`<br>*shorthand-attribute* |  An array of zero or more hostnames to associate with this certificate as SNIs. This is a sugar parameter that will, under the hood, create an SNI object and associate it with this certificate for your convenience. To set this attribute this certificate must have a valid private key associated with it. 
+
+certificate_json: |
+    {
+        "id": "7fca84d6-7d37-4a74-a7b0-93e576089a41",
+        "created_at": 1422386534,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+        "key": "-----BEGIN RSA PRIVATE KEY-----...",
+        "tags": ["user-level", "low-priority"]
+    }
+
+certificate_data: |
+    "data": [{
+        "id": "d044b7d4-3dc2-4bbc-8e9f-6b7a69416df6",
+        "created_at": 1422386534,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+        "key": "-----BEGIN RSA PRIVATE KEY-----...",
+        "tags": ["user-level", "low-priority"]
+    }, {
+        "id": "a9b2107f-a214-47b3-add4-46b942187924",
+        "created_at": 1422386534,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+        "key": "-----BEGIN RSA PRIVATE KEY-----...",
+        "tags": ["admin", "high-priority", "critical"]
+    }],
+
+ca_certificate_body: |
+    Attributes | Description
+    ---:| ---
+    `cert` | PEM-encoded public certificate of the CA.
+    `tags`<br>*optional* |  An optional set of strings associated with the Certificate, for grouping and filtering. 
+
+ca_certificate_json: |
+    {
+        "id": "04fbeacf-a9f1-4a5d-ae4a-b0407445db3f",
+        "created_at": 1422386534,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+        "tags": ["user-level", "low-priority"]
+    }
+
+ca_certificate_data: |
+    "data": [{
+        "id": "43429efd-b3a5-4048-94cb-5cc4029909bb",
+        "created_at": 1422386534,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+        "tags": ["user-level", "low-priority"]
+    }, {
+        "id": "d26761d5-83a4-4f24-ac6c-cff276f2b79c",
+        "created_at": 1422386534,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+        "tags": ["admin", "high-priority", "critical"]
+    }],
+
+sni_body: |
+    Attributes | Description
+    ---:| ---
+    `name` | The SNI name to associate with the given certificate.
+    `tags`<br>*optional* |  An optional set of strings associated with the SNIs, for grouping and filtering. 
+    `certificate` |  The id (a UUID) of the certificate with which to associate the SNI hostname. The Certificate must have a valid private key associated with it to be used by the SNI object.  With form-encoded, the notation is `certificate.id=<certificate_id>`. With JSON, use `"certificate":{"id":"<certificate_id>"}`.
+
+sni_json: |
+    {
+        "id": "91020192-062d-416f-a275-9addeeaffaf2",
+        "name": "my-sni",
+        "created_at": 1422386534,
+        "tags": ["user-level", "low-priority"],
+        "certificate": {"id":"a2e013e8-7623-4494-a347-6d29108ff68b"}
+    }
+
+sni_data: |
+    "data": [{
+        "id": "147f5ef0-1ed6-4711-b77f-489262f8bff7",
+        "name": "my-sni",
+        "created_at": 1422386534,
+        "tags": ["user-level", "low-priority"],
+        "certificate": {"id":"a3ad71a8-6685-4b03-a101-980a953544f6"}
+    }, {
+        "id": "b87eb55d-69a1-41d2-8653-8d706eecefc0",
+        "name": "my-sni",
+        "created_at": 1422386534,
+        "tags": ["admin", "high-priority", "critical"],
+        "certificate": {"id":"4e8d95d4-40f2-4818-adcb-30e00c349618"}
+    }],
+
+upstream_body: |
+    Attributes | Description
+    ---:| ---
+    `name` | This is a hostname, which must be equal to the `host` of a Service.
+    `algorithm`<br>*optional* | Which load balancing algorithm to use. One of: `round-robin`, `consistent-hashing`, or `least-connections`. Defaults to `"round-robin"`.
+    `hash_on`<br>*optional* | What to use as hashing input: `none` (resulting in a weighted-round-robin scheme with no hashing), `consumer`, `ip`, `header`, or `cookie`. Defaults to `"none"`.
+    `hash_fallback`<br>*optional* | What to use as hashing input if the primary `hash_on` does not return a hash (eg. header is missing, or no consumer identified). One of: `none`, `consumer`, `ip`, `header`, or `cookie`. Not available if `hash_on` is set to `cookie`. Defaults to `"none"`.
+    `hash_on_header`<br>*semi-optional* | The header name to take the value from as hash input. Only required when `hash_on` is set to `header`.
+    `hash_fallback_header`<br>*semi-optional* | The header name to take the value from as hash input. Only required when `hash_fallback` is set to `header`.
+    `hash_on_cookie`<br>*semi-optional* | The cookie name to take the value from as hash input. Only required when `hash_on` or `hash_fallback` is set to `cookie`. If the specified cookie is not in the request, Kong will generate a value and set the cookie in the response.
+    `hash_on_cookie_path`<br>*semi-optional* | The cookie path to set in the response headers. Only required when `hash_on` or `hash_fallback` is set to `cookie`. Defaults to `"/"`.
+    `slots`<br>*optional* | The number of slots in the loadbalancer algorithm (`10`-`65536`). Defaults to `10000`.
+    `healthchecks.active.https_verify_certificate`<br>*optional* | Whether to check the validity of the SSL certificate of the remote host when performing active health checks using HTTPS. Defaults to `true`.
+    `healthchecks.active.unhealthy.http_statuses`<br>*optional* | An array of HTTP statuses to consider a failure, indicating unhealthiness, when returned by a probe in active health checks. Defaults to `[429, 404, 500, 501, 502, 503, 504, 505]`. With form-encoded, the notation is `http_statuses[]=429&http_statuses[]=404`. With JSON, use an Array.
+    `healthchecks.active.unhealthy.tcp_failures`<br>*optional* | Number of TCP failures in active probes to consider a target unhealthy. Defaults to `0`.
+    `healthchecks.active.unhealthy.timeouts`<br>*optional* | Number of timeouts in active probes to consider a target unhealthy. Defaults to `0`.
+    `healthchecks.active.unhealthy.http_failures`<br>*optional* | Number of HTTP failures in active probes (as defined by `healthchecks.active.unhealthy.http_statuses`) to consider a target unhealthy. Defaults to `0`.
+    `healthchecks.active.unhealthy.interval`<br>*optional* | Interval between active health checks for unhealthy targets (in seconds). A value of zero indicates that active probes for unhealthy targets should not be performed. Defaults to `0`.
+    `healthchecks.active.http_path`<br>*optional* | Path to use in GET HTTP request to run as a probe on active health checks. Defaults to `"/"`.
+    `healthchecks.active.timeout`<br>*optional* | Socket timeout for active health checks (in seconds). Defaults to `1`.
+    `healthchecks.active.healthy.http_statuses`<br>*optional* | An array of HTTP statuses to consider a success, indicating healthiness, when returned by a probe in active health checks. Defaults to `[200, 302]`. With form-encoded, the notation is `http_statuses[]=200&http_statuses[]=302`. With JSON, use an Array.
+    `healthchecks.active.healthy.interval`<br>*optional* | Interval between active health checks for healthy targets (in seconds). A value of zero indicates that active probes for healthy targets should not be performed. Defaults to `0`.
+    `healthchecks.active.healthy.successes`<br>*optional* | Number of successes in active probes (as defined by `healthchecks.active.healthy.http_statuses`) to consider a target healthy. Defaults to `0`.
+    `healthchecks.active.https_sni`<br>*optional* | The hostname to use as an SNI (Server Name Identification) when performing active health checks using HTTPS. This is particularly useful when Targets are configured using IPs, so that the target host's certificate can be verified with the proper SNI.
+    `healthchecks.active.concurrency`<br>*optional* | Number of targets to check concurrently in active health checks. Defaults to `10`.
+    `healthchecks.active.type`<br>*optional* | Whether to perform active health checks using HTTP or HTTPS, or just attempt a TCP connection. Possible values are `tcp`, `http` or `https`. Defaults to `"http"`.
+    `healthchecks.passive.unhealthy.http_failures`<br>*optional* | Number of HTTP failures in proxied traffic (as defined by `healthchecks.passive.unhealthy.http_statuses`) to consider a target unhealthy, as observed by passive health checks. Defaults to `0`.
+    `healthchecks.passive.unhealthy.http_statuses`<br>*optional* | An array of HTTP statuses which represent unhealthiness when produced by proxied traffic, as observed by passive health checks. Defaults to `[429, 500, 503]`. With form-encoded, the notation is `http_statuses[]=429&http_statuses[]=500`. With JSON, use an Array.
+    `healthchecks.passive.unhealthy.tcp_failures`<br>*optional* | Number of TCP failures in proxied traffic to consider a target unhealthy, as observed by passive health checks. Defaults to `0`.
+    `healthchecks.passive.unhealthy.timeouts`<br>*optional* | Number of timeouts in proxied traffic to consider a target unhealthy, as observed by passive health checks. Defaults to `0`.
+    `healthchecks.passive.type`<br>*optional* | Whether to perform passive health checks interpreting HTTP/HTTPS statuses, or just check for TCP connection success. Possible values are `tcp`, `http` or `https` (in passive checks, `http` and `https` options are equivalent.). Defaults to `"http"`.
+    `healthchecks.passive.healthy.successes`<br>*optional* | Number of successes in proxied traffic (as defined by `healthchecks.passive.healthy.http_statuses`) to consider a target healthy, as observed by passive health checks. Defaults to `0`.
+    `healthchecks.passive.healthy.http_statuses`<br>*optional* | An array of HTTP statuses which represent healthiness when produced by proxied traffic, as observed by passive health checks. Defaults to `[200, 201, 202, 203, 204, 205, 206, 207, 208, 226, 300, 301, 302, 303, 304, 305, 306, 307, 308]`. With form-encoded, the notation is `http_statuses[]=200&http_statuses[]=201`. With JSON, use an Array.
+    `tags`<br>*optional* |  An optional set of strings associated with the Upstream, for grouping and filtering. 
+
+upstream_json: |
+    {
+        "id": "58c8ccbb-eafb-4566-991f-2ed4f678fa70",
+        "created_at": 1422386534,
+        "name": "my-upstream",
+        "algorithm": "round-robin",
+        "hash_on": "none",
+        "hash_fallback": "none",
+        "hash_on_cookie_path": "/",
+        "slots": 10000,
+        "healthchecks": {
+            "active": {
+                "https_verify_certificate": true,
+                "unhealthy": {
+                    "http_statuses": [429, 404, 500, 501, 502, 503, 504, 505],
+                    "tcp_failures": 0,
+                    "timeouts": 0,
+                    "http_failures": 0,
+                    "interval": 0
+                },
+                "http_path": "/",
+                "timeout": 1,
+                "healthy": {
+                    "http_statuses": [200, 302],
+                    "interval": 0,
+                    "successes": 0
+                },
+                "https_sni": "example.com",
+                "concurrency": 10,
+                "type": "http"
+            },
+            "passive": {
+                "unhealthy": {
+                    "http_failures": 0,
+                    "http_statuses": [429, 500, 503],
+                    "tcp_failures": 0,
+                    "timeouts": 0
+                },
+                "type": "http",
+                "healthy": {
+                    "successes": 0,
+                    "http_statuses": [200, 201, 202, 203, 204, 205, 206, 207, 208, 226, 300, 301, 302, 303, 304, 305, 306, 307, 308]
+                }
+            }
+        },
+        "tags": ["user-level", "low-priority"]
+    }
+
+upstream_data: |
+    "data": [{
+        "id": "ea29aaa3-3b2d-488c-b90c-56df8e0dd8c6",
+        "created_at": 1422386534,
+        "name": "my-upstream",
+        "algorithm": "round-robin",
+        "hash_on": "none",
+        "hash_fallback": "none",
+        "hash_on_cookie_path": "/",
+        "slots": 10000,
+        "healthchecks": {
+            "active": {
+                "https_verify_certificate": true,
+                "unhealthy": {
+                    "http_statuses": [429, 404, 500, 501, 502, 503, 504, 505],
+                    "tcp_failures": 0,
+                    "timeouts": 0,
+                    "http_failures": 0,
+                    "interval": 0
+                },
+                "http_path": "/",
+                "timeout": 1,
+                "healthy": {
+                    "http_statuses": [200, 302],
+                    "interval": 0,
+                    "successes": 0
+                },
+                "https_sni": "example.com",
+                "concurrency": 10,
+                "type": "http"
+            },
+            "passive": {
+                "unhealthy": {
+                    "http_failures": 0,
+                    "http_statuses": [429, 500, 503],
+                    "tcp_failures": 0,
+                    "timeouts": 0
+                },
+                "type": "http",
+                "healthy": {
+                    "successes": 0,
+                    "http_statuses": [200, 201, 202, 203, 204, 205, 206, 207, 208, 226, 300, 301, 302, 303, 304, 305, 306, 307, 308]
+                }
+            }
+        },
+        "tags": ["user-level", "low-priority"]
+    }, {
+        "id": "4fe14415-73d5-4f00-9fbc-c72a0fccfcb2",
+        "created_at": 1422386534,
+        "name": "my-upstream",
+        "algorithm": "round-robin",
+        "hash_on": "none",
+        "hash_fallback": "none",
+        "hash_on_cookie_path": "/",
+        "slots": 10000,
+        "healthchecks": {
+            "active": {
+                "https_verify_certificate": true,
+                "unhealthy": {
+                    "http_statuses": [429, 404, 500, 501, 502, 503, 504, 505],
+                    "tcp_failures": 0,
+                    "timeouts": 0,
+                    "http_failures": 0,
+                    "interval": 0
+                },
+                "http_path": "/",
+                "timeout": 1,
+                "healthy": {
+                    "http_statuses": [200, 302],
+                    "interval": 0,
+                    "successes": 0
+                },
+                "https_sni": "example.com",
+                "concurrency": 10,
+                "type": "http"
+            },
+            "passive": {
+                "unhealthy": {
+                    "http_failures": 0,
+                    "http_statuses": [429, 500, 503],
+                    "tcp_failures": 0,
+                    "timeouts": 0
+                },
+                "type": "http",
+                "healthy": {
+                    "successes": 0,
+                    "http_statuses": [200, 201, 202, 203, 204, 205, 206, 207, 208, 226, 300, 301, 302, 303, 304, 305, 306, 307, 308]
+                }
+            }
+        },
+        "tags": ["admin", "high-priority", "critical"]
+    }],
+
+target_body: |
+    Attributes | Description
+    ---:| ---
+    `target` |  The target address (ip or hostname) and port. If the hostname resolves to an SRV record, the `port` value will be overridden by the value from the DNS record. 
+    `weight`<br>*optional* |  The weight this target gets within the upstream loadbalancer (`0`-`1000`). If the hostname resolves to an SRV record, the `weight` value will be overridden by the value from the DNS record.  Defaults to `100`.
+    `tags`<br>*optional* |  An optional set of strings associated with the Target, for grouping and filtering. 
+
+target_json: |
+    {
+        "id": "a3395f66-2af6-4c79-bea2-1b6933764f80",
+        "created_at": 1422386534,
+        "upstream": {"id":"885a0392-ef1b-4de3-aacf-af3f1697ce2c"},
+        "target": "example.com:8000",
+        "weight": 100,
+        "tags": ["user-level", "low-priority"]
+    }
+
+target_data: |
+    "data": [{
+        "id": "f5a9c0ca-bdbb-490f-8928-2ca95836239a",
+        "created_at": 1422386534,
+        "upstream": {"id":"173a6cee-90d1-40a7-89cf-0329eca780a6"},
+        "target": "example.com:8000",
+        "weight": 100,
+        "tags": ["user-level", "low-priority"]
+    }, {
+        "id": "bdab0e47-4e37-4f0b-8fd0-87d95cc4addc",
+        "created_at": 1422386534,
+        "upstream": {"id":"f00c6da4-3679-4b44-b9fb-36a19bd3ae83"},
+        "target": "example.com:8000",
+        "weight": 100,
+        "tags": ["admin", "high-priority", "critical"]
+    }],
+
+
+---
+
+<div class="alert alert-info.blue" role="alert">
+  This page refers to the Admin API for running Kong configured with a
+  database (Postgres or Cassandra). For using the Admin API for Kong
+  in DB-less mode, please refer to the
+  <a href="/{{page.kong_version}}/db-less-admin-api">Admin API for DB-less Mode</a>
+  page.
+</div>
+
+Kong comes with an **internal** RESTful Admin API for administration purposes.
+Requests to the Admin API can be sent to any node in the cluster, and Kong will
+keep the configuration consistent across all nodes.
+
+- `8001` is the default port on which the Admin API listens.
+- `8444` is the default port for HTTPS traffic to the Admin API.
+
+This API is designed for internal use and provides full control over Kong, so
+care should be taken when setting up Kong environments to avoid undue public
+exposure of this API. See [this document][secure-admin-api] for a discussion
+of methods to secure the Admin API.
+
+## Supported Content Types
+
+The Admin API accepts 2 content types on every endpoint:
+
+- **application/x-www-form-urlencoded**
+
+Simple enough for basic request bodies, you will probably use it most of the time.
+Note that when sending nested values, Kong expects nested objects to be referenced
+with dotted keys. Example:
+
+```
+config.limit=10&config.period=seconds
+```
+
+- **application/json**
+
+Handy for complex bodies (ex: complex plugin configuration), in that case simply send
+a JSON representation of the data you want to send. Example:
+
+```json
+{
+    "config": {
+        "limit": 10,
+        "period": "seconds"
+    }
+}
+```
+
+---
+
+## Information Routes
+
+
+
+### Retrieve Node Information
+
+Retrieve generic details about a node.
+
+<div class="endpoint get">/</div>
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "hostname": "",
+    "node_id": "6a72192c-a3a1-4c8d-95c6-efabae9fb969",
+    "lua_version": "LuaJIT 2.1.0-beta3",
+    "plugins": {
+        "available_on_server": [
+            ...
+        ],
+        "enabled_in_cluster": [
+            ...
+        ]
+    },
+    "configuration" : {
+        ...
+    },
+    "tagline": "Welcome to Kong",
+    "version": "0.14.0"
+}
+```
+
+* `node_id`: A UUID representing the running Kong node. This UUID
+  is randomly generated when Kong starts, so the node will have a
+  different `node_id` each time it is restarted.
+* `available_on_server`: Names of plugins that are installed on the node.
+* `enabled_in_cluster`: Names of plugins that are enabled/configured.
+  That is, the plugins configurations currently in the datastore shared
+  by all Kong nodes.
+
+
+---
+
+### Retrieve Node Status
+
+Retrieve usage information about a node, with some basic information
+about the connections being processed by the underlying nginx process,
+the status of the database connection, and node's memory usage.
+
+If you want to monitor the Kong process, since Kong is built on top
+of nginx, every existing nginx monitoring tool or agent can be used.
+
+
+<div class="endpoint get">/status</div>
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "database": {
+      "reachable": true
+    },
+    "memory": {
+        "workers_lua_vms": [{
+            "http_allocated_gc": "0.02 MiB",
+            "pid": 18477
+          }, {
+            "http_allocated_gc": "0.02 MiB",
+            "pid": 18478
+        }],
+        "lua_shared_dicts": {
+            "kong": {
+                "allocated_slabs": "0.04 MiB",
+                "capacity": "5.00 MiB"
+            },
+            "kong_db_cache": {
+                "allocated_slabs": "0.80 MiB",
+                "capacity": "128.00 MiB"
+            },
+        }
+    },
+    "server": {
+        "total_requests": 3,
+        "connections_active": 1,
+        "connections_accepted": 1,
+        "connections_handled": 1,
+        "connections_reading": 0,
+        "connections_writing": 1,
+        "connections_waiting": 0
+    }
+}
+```
+
+* `memory`: Metrics about the memory usage.
+    * `workers_lua_vms`: An array with all workers of the Kong node, where each
+      entry contains:
+    * `http_allocated_gc`: HTTP submodule's Lua virtual machine's memory
+      usage information, as reported by `collectgarbage("count")`, for every
+      active worker, i.e. a worker that received a proxy call in the last 10
+      seconds.
+    * `pid`: worker's process identification number.
+    * `lua_shared_dicts`: An array of information about dictionaries that are
+      shared with all workers in a Kong node, where each array node contains how
+      much memory is dedicated for the specific shared dictionary (`capacity`)
+      and how much of said memory is in use (`allocated_slabs`).
+      These shared dictionaries have least recent used (LRU) eviction
+      capabilities, so a full dictionary, where `allocated_slabs == capacity`,
+      will work properly. However for some dictionaries, e.g. cache HIT/MISS
+      shared dictionaries, increasing their size can be beneficial for the
+      overall performance of a Kong node.
+  * The memory usage unit and precision can be changed using the querystring
+    arguments `unit` and `scale`:
+      * `unit`: one of `b/B`, `k/K`, `m/M`, `g/G`, which will return results
+        in bytes, kibibytes, mebibytes, or gibibytes, respectively. When
+        "bytes" are requested, the memory values in the response will have a
+        number type instead of string. Defaults to `m`.
+      * `scale`: the number of digits to the right of the decimal points when
+        values are given in human-readable memory strings (unit other than
+        "bytes"). Defaults to `2`.
+      You can get the shared dictionaries memory usage in kibibytes with 4
+      digits of precision by doing: `GET /status?unit=k&scale=4`
+* `server`: Metrics about the nginx HTTP/S server.
+    * `total_requests`: The total number of client requests.
+    * `connections_active`: The current number of active client
+      connections including Waiting connections.
+    * `connections_accepted`: The total number of accepted client
+      connections.
+    * `connections_handled`: The total number of handled connections.
+      Generally, the parameter value is the same as accepts unless
+      some resource limits have been reached.
+    * `connections_reading`: The current number of connections
+      where Kong is reading the request header.
+    * `connections_writing`: The current number of connections
+      where nginx is writing the response back to the client.
+    * `connections_waiting`: The current number of idle client
+      connections waiting for a request.
+* `database`: Metrics about the database.
+    * `reachable`: A boolean value reflecting the state of the
+      database connection. Please note that this flag **does not**
+      reflect the health of the database itself.
+
+
+---
+
+## Tags
+
+Tags are strings associated to entities in Kong. Each tag must be composed of one or more
+alphanumeric characters, `_`, `-`, `.` or `~`.
+
+Most core entities can be *tagged* via their `tags` attribute, upon creation or edition.
+
+Tags can be used to filter core entities as well, via the `?tags` querystring parameter.
+
+For example: if you normally get a list of all the Services by doing:
+
+```
+GET /services
+```
+
+You can get the list of all the Services tagged `example` by doing:
+
+```
+GET /services?tags=example
+```
+
+Similarly, if you want to filter Services so that you only get the ones tagged `example` *and*
+`admin`, you can do that like so:
+
+```
+GET /services?tags=example,admin
+```
+
+Finally, if you wanted to filter the Services tagged `example` *or* `admin`, you could use:
+
+```
+GET /services?tags=example/admin
+```
+
+Some notes:
+
+* A maximum of 5 tags can be queried simultaneously in a single request with `,` or `/`
+* Mixing operators is not supported: if you try to mix `,` with `/` in the same querystring,
+  you will receive an error.
+* You may need to quote and/or escape some characters when using them from the
+  command line.
+* Filtering by `tags` is not supported in foreign key relationship endpoints. For example,
+  the `tags` parameter will be ignored in a request such as `GET /services/foo/routes?tags=a,b`
+* `offset` parameters are not guaranteed to work if the `tags` parameter is altered or removed
+
+
+### List All Tags
+
+Returns a paginated list of all the tags in the system.
+
+The list of entities will not be restricted to a single entity type: all the
+entities tagged with tags will be present on this list.
+
+If an entity is tagged with more than one tag, the `entity_id` for that entity
+will appear more than once in the resulting list. Similarly, if several entities
+have been tagged with the same tag, the tag will appear in several items of this list.
+
+
+<div class="endpoint get">/tags</div>
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+``` json
+{
+    {
+      "data": [
+        { "entity_name": "services",
+          "entity_id": "acf60b10-125c-4c1a-bffe-6ed55daefba4",
+          "tag": "s1",
+        },
+        { "entity_name": "services",
+          "entity_id": "acf60b10-125c-4c1a-bffe-6ed55daefba4",
+          "tag": "s2",
+        },
+        { "entity_name": "routes",
+          "entity_id": "60631e85-ba6d-4c59-bd28-e36dd90f6000",
+          "tag": "s1",
+        },
+        ...
+      ],
+      "offset" = "c47139f3-d780-483d-8a97-17e9adc5a7ab",
+      "next" = "/tags?offset=c47139f3-d780-483d-8a97-17e9adc5a7ab",
+    }
+}
+```
+
+
+---
+
+### List Entity Ids by Tag
+
+Returns the entities that have been tagged with the specified tag.
+
+The list of entities will not be restricted to a single entity type: all the
+entities tagged with tags will be present on this list.
+
+
+<div class="endpoint get">/tags/:tags</div>
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+``` json
+{
+    {
+      "data": [
+        { "entity_name": "services",
+          "entity_id": "c87440e1-0496-420b-b06f-dac59544bb6c",
+          "tag": "example",
+        },
+        { "entity_name": "routes",
+          "entity_id": "8a99e4b1-d268-446b-ab8b-cd25cff129b1",
+          "tag": "example",
+        },
+        ...
+      ],
+      "offset" = "1fb491c4-f4a7-4bca-aeba-7f3bcee4d2f9",
+      "next" = "/tags/example?offset=1fb491c4-f4a7-4bca-aeba-7f3bcee4d2f9",
+    }
+}
+```
+
+
+---
+
+## Service Object
+
+Service entities, as the name implies, are abstractions of each of your own
+upstream services. Examples of Services would be a data transformation
+microservice, a billing API, etc.
+
+The main attribute of a Service is its URL (where Kong should proxy traffic
+to), which can be set as a single string or by specifying its `protocol`,
+`host`, `port` and `path` individually.
+
+Services are associated to Routes (a Service can have many Routes associated
+with it). Routes are entry-points in Kong and define rules to match client
+requests. Once a Route is matched, Kong proxies the request to its associated
+Service. See the [Proxy Reference][proxy-reference] for a detailed explanation
+of how Kong proxies traffic.
+
+Services can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.service_json }}
+```
+
+### Add Service
+
+##### Create Service
+
+<div class="endpoint post">/services</div>
+
+
+##### Create Service Associated to a Specific Certificate
+
+<div class="endpoint post">/certificates/{certificate name or id}/services</div>
+
+Attributes | Description
+---:| ---
+`certificate name or id`<br>**required** | The unique identifier or the `name` attribute of the Certificate that should be associated to the newly-created Service.
+
+
+*Request Body*
+
+{{ page.service_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.service_json }}
+```
+
+
+---
+
+### List Services
+
+##### List All Services
+
+<div class="endpoint get">/services</div>
+
+
+##### List Services Associated to a Specific Certificate
+
+<div class="endpoint get">/certificates/{certificate name or id}/services</div>
+
+Attributes | Description
+---:| ---
+`certificate name or id`<br>**required** | The unique identifier or the `name` attribute of the Certificate whose Services are to be retrieved. When using this endpoint, only Services associated to the specified Certificate will be listed.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.service_data }}
+    "next": "http://localhost:8001/services?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Service
+
+##### Retrieve Service
+
+<div class="endpoint get">/services/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Service to retrieve.
+
+
+##### Retrieve Service Associated to a Specific Route
+
+<div class="endpoint get">/routes/{route name or id}/service</div>
+
+Attributes | Description
+---:| ---
+`route name or id`<br>**required** | The unique identifier **or** the name of the Route associated to the Service to be retrieved.
+
+
+##### Retrieve Service Associated to a Specific Plugin
+
+<div class="endpoint get">/plugins/{plugin id}/service</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Service to be retrieved.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.service_json }}
+```
+
+
+---
+
+### Update Service
+
+##### Update Service
+
+<div class="endpoint patch">/services/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Service to update.
+
+
+##### Update Service Associated to a Specific Route
+
+<div class="endpoint patch">/routes/{route name or id}/service</div>
+
+Attributes | Description
+---:| ---
+`route name or id`<br>**required** | The unique identifier **or** the name of the Route associated to the Service to be updated.
+
+
+##### Update Service Associated to a Specific Plugin
+
+<div class="endpoint patch">/plugins/{plugin id}/service</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Service to be updated.
+
+
+*Request Body*
+
+{{ page.service_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.service_json }}
+```
+
+
+---
+
+### Update Or Create Service
+
+##### Create Or Update Service
+
+<div class="endpoint put">/services/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Service to create or update.
+
+
+##### Create Or Update Service Associated to a Specific Route
+
+<div class="endpoint put">/routes/{route name or id}/service</div>
+
+Attributes | Description
+---:| ---
+`route name or id`<br>**required** | The unique identifier **or** the name of the Route associated to the Service to be created or updated.
+
+
+##### Create Or Update Service Associated to a Specific Plugin
+
+<div class="endpoint put">/plugins/{plugin id}/service</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Service to be created or updated.
+
+
+*Request Body*
+
+{{ page.service_body }}
+
+
+Inserts (or replaces) the Service under the requested resource with the
+definition specified in the body. The Service will be identified via the `name
+or id` attribute.
+
+When the `name or id` attribute has the structure of a UUID, the Service being
+inserted/replaced will be identified by its `id`. Otherwise it will be
+identified by its `name`.
+
+When creating a new Service without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+Notice that specifying a `name` in the URL and a different one in the request
+body is not allowed.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete Service
+
+##### Delete Service
+
+<div class="endpoint delete">/services/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Service to delete.
+
+
+##### Delete Service Associated to a Specific Route
+
+<div class="endpoint delete">/routes/{route name or id}/service</div>
+
+Attributes | Description
+---:| ---
+`route name or id`<br>**required** | The unique identifier **or** the name of the Route associated to the Service to be deleted.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+## Route Object
+
+Route entities define rules to match client requests. Each Route is
+associated with a Service, and a Service may have multiple Routes associated to
+it. Every request matching a given Route will be proxied to its associated
+Service.
+
+The combination of Routes and Services (and the separation of concerns between
+them) offers a powerful routing mechanism with which it is possible to define
+fine-grained entry-points in Kong leading to different upstream services of
+your infrastructure.
+
+You need at least one matching rule that applies to the protocol being matched
+by the Route. Depending on the protocols configured to be matched by the Route
+(as defined with the `protocols` field), this means that at least one of the
+following attributes must be set:
+
+* For `http`, at least one of `methods`, `hosts`, `headers` or `paths`;
+* For `https`, at least one of `methods`, `hosts`, `headers`, `paths` or `snis`;
+* For `tcp`, at least one of `sources` or `destinations`;
+* For `tls`, at least one of `sources`, `destinations` or `snis`;
+* For `grpc`, at least one of `hosts`, `headers` or `paths`;
+* For `grpcs`, at least one of `hosts`, `headers`, `paths` or `snis`.
+
+Routes can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.route_json }}
+```
+
+### Add Route
+
+##### Create Route
+
+<div class="endpoint post">/routes</div>
+
+
+##### Create Route Associated to a Specific Service
+
+<div class="endpoint post">/services/{service name or id}/routes</div>
+
+Attributes | Description
+---:| ---
+`service name or id`<br>**required** | The unique identifier or the `name` attribute of the Service that should be associated to the newly-created Route.
+
+
+*Request Body*
+
+{{ page.route_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.route_json }}
+```
+
+
+---
+
+### List Routes
+
+##### List All Routes
+
+<div class="endpoint get">/routes</div>
+
+
+##### List Routes Associated to a Specific Service
+
+<div class="endpoint get">/services/{service name or id}/routes</div>
+
+Attributes | Description
+---:| ---
+`service name or id`<br>**required** | The unique identifier or the `name` attribute of the Service whose Routes are to be retrieved. When using this endpoint, only Routes associated to the specified Service will be listed.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.route_data }}
+    "next": "http://localhost:8001/routes?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Route
+
+##### Retrieve Route
+
+<div class="endpoint get">/routes/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Route to retrieve.
+
+
+##### Retrieve Route Associated to a Specific Plugin
+
+<div class="endpoint get">/plugins/{plugin id}/route</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Route to be retrieved.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.route_json }}
+```
+
+
+---
+
+### Update Route
+
+##### Update Route
+
+<div class="endpoint patch">/routes/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Route to update.
+
+
+##### Update Route Associated to a Specific Plugin
+
+<div class="endpoint patch">/plugins/{plugin id}/route</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Route to be updated.
+
+
+*Request Body*
+
+{{ page.route_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.route_json }}
+```
+
+
+---
+
+### Update Or Create Route
+
+##### Create Or Update Route
+
+<div class="endpoint put">/routes/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Route to create or update.
+
+
+##### Create Or Update Route Associated to a Specific Plugin
+
+<div class="endpoint put">/plugins/{plugin id}/route</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Route to be created or updated.
+
+
+*Request Body*
+
+{{ page.route_body }}
+
+
+Inserts (or replaces) the Route under the requested resource with the
+definition specified in the body. The Route will be identified via the `name
+or id` attribute.
+
+When the `name or id` attribute has the structure of a UUID, the Route being
+inserted/replaced will be identified by its `id`. Otherwise it will be
+identified by its `name`.
+
+When creating a new Route without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+Notice that specifying a `name` in the URL and a different one in the request
+body is not allowed.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete Route
+
+##### Delete Route
+
+<div class="endpoint delete">/routes/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Route to delete.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+## Consumer Object
+
+The Consumer object represents a consumer - or a user - of a Service. You can
+either rely on Kong as the primary datastore, or you can map the consumer list
+with your database to keep consistency between Kong and your existing primary
+datastore.
+
+Consumers can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.consumer_json }}
+```
+
+### Add Consumer
+
+##### Create Consumer
+
+<div class="endpoint post">/consumers</div>
+
+
+*Request Body*
+
+{{ page.consumer_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.consumer_json }}
+```
+
+
+---
+
+### List Consumers
+
+##### List All Consumers
+
+<div class="endpoint get">/consumers</div>
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.consumer_data }}
+    "next": "http://localhost:8001/consumers?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Consumer
+
+##### Retrieve Consumer
+
+<div class="endpoint get">/consumers/{username or id}</div>
+
+Attributes | Description
+---:| ---
+`username or id`<br>**required** | The unique identifier **or** the username of the Consumer to retrieve.
+
+
+##### Retrieve Consumer Associated to a Specific Plugin
+
+<div class="endpoint get">/plugins/{plugin id}/consumer</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Consumer to be retrieved.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.consumer_json }}
+```
+
+
+---
+
+### Update Consumer
+
+##### Update Consumer
+
+<div class="endpoint patch">/consumers/{username or id}</div>
+
+Attributes | Description
+---:| ---
+`username or id`<br>**required** | The unique identifier **or** the username of the Consumer to update.
+
+
+##### Update Consumer Associated to a Specific Plugin
+
+<div class="endpoint patch">/plugins/{plugin id}/consumer</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Consumer to be updated.
+
+
+*Request Body*
+
+{{ page.consumer_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.consumer_json }}
+```
+
+
+---
+
+### Update Or Create Consumer
+
+##### Create Or Update Consumer
+
+<div class="endpoint put">/consumers/{username or id}</div>
+
+Attributes | Description
+---:| ---
+`username or id`<br>**required** | The unique identifier **or** the username of the Consumer to create or update.
+
+
+##### Create Or Update Consumer Associated to a Specific Plugin
+
+<div class="endpoint put">/plugins/{plugin id}/consumer</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Consumer to be created or updated.
+
+
+*Request Body*
+
+{{ page.consumer_body }}
+
+
+Inserts (or replaces) the Consumer under the requested resource with the
+definition specified in the body. The Consumer will be identified via the `username
+or id` attribute.
+
+When the `username or id` attribute has the structure of a UUID, the Consumer being
+inserted/replaced will be identified by its `id`. Otherwise it will be
+identified by its `username`.
+
+When creating a new Consumer without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+Notice that specifying a `username` in the URL and a different one in the request
+body is not allowed.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete Consumer
+
+##### Delete Consumer
+
+<div class="endpoint delete">/consumers/{username or id}</div>
+
+Attributes | Description
+---:| ---
+`username or id`<br>**required** | The unique identifier **or** the username of the Consumer to delete.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+## Plugin Object
+
+A Plugin entity represents a plugin configuration that will be executed during
+the HTTP request/response lifecycle. It is how you can add functionalities
+to Services that run behind Kong, like Authentication or Rate Limiting for
+example. You can find more information about how to install and what values
+each plugin takes by visiting the [Kong Hub](https://docs.konghq.com/hub/).
+
+When adding a Plugin Configuration to a Service, every request made by a client to
+that Service will run said Plugin. If a Plugin needs to be tuned to different
+values for some specific Consumers, you can do so by creating a separate
+plugin instance that specifies both the Service and the Consumer, through the
+`service` and `consumer` fields.
+
+Plugins can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.plugin_json }}
+```
+
+See the [Precedence](#precedence) section below for more details.
+
+#### Precedence
+
+A plugin will always be run once and only once per request. But the
+configuration with which it will run depends on the entities it has been
+configured for.
+
+Plugins can be configured for various entities, combination of entities, or
+even globally. This is useful, for example, when you wish to configure a plugin
+a certain way for most requests, but make _authenticated requests_ behave
+slightly differently.
+
+Therefore, there exists an order of precedence for running a plugin when it has
+been applied to different entities with different configurations. The rule of
+thumb is: the more specific a plugin is with regards to how many entities it
+has been configured on, the higher its priority.
+
+The complete order of precedence when a plugin has been configured multiple
+times is:
+
+1. Plugins configured on a combination of: a Route, a Service, and a Consumer.
+    (Consumer means the request must be authenticated).
+2. Plugins configured on a combination of a Route and a Consumer.
+    (Consumer means the request must be authenticated).
+3. Plugins configured on a combination of a Service and a Consumer.
+    (Consumer means the request must be authenticated).
+4. Plugins configured on a combination of a Route and a Service.
+5. Plugins configured on a Consumer.
+    (Consumer means the request must be authenticated).
+6. Plugins configured on a Route.
+7. Plugins configured on a Service.
+8. Plugins configured to run globally.
+
+**Example**: if the `rate-limiting` plugin is applied twice (with different
+configurations): for a Service (Plugin config A), and for a Consumer (Plugin
+config B), then requests authenticating this Consumer will run Plugin config B
+and ignore A. However, requests that do not authenticate this Consumer will
+fallback to running Plugin config A. Note that if config B is disabled
+(its `enabled` flag is set to `false`), config A will apply to requests that
+would have otherwise matched config B.
+
+
+### Add Plugin
+
+##### Create Plugin
+
+<div class="endpoint post">/plugins</div>
+
+
+##### Create Plugin Associated to a Specific Route
+
+<div class="endpoint post">/routes/{route id}/plugins</div>
+
+Attributes | Description
+---:| ---
+`route id`<br>**required** | The unique identifier of the Route that should be associated to the newly-created Plugin.
+
+
+##### Create Plugin Associated to a Specific Service
+
+<div class="endpoint post">/services/{service id}/plugins</div>
+
+Attributes | Description
+---:| ---
+`service id`<br>**required** | The unique identifier of the Service that should be associated to the newly-created Plugin.
+
+
+##### Create Plugin Associated to a Specific Consumer
+
+<div class="endpoint post">/consumers/{consumer id}/plugins</div>
+
+Attributes | Description
+---:| ---
+`consumer id`<br>**required** | The unique identifier of the Consumer that should be associated to the newly-created Plugin.
+
+
+*Request Body*
+
+{{ page.plugin_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.plugin_json }}
+```
+
+
+---
+
+### List Plugins
+
+##### List All Plugins
+
+<div class="endpoint get">/plugins</div>
+
+
+##### List Plugins Associated to a Specific Route
+
+<div class="endpoint get">/routes/{route id}/plugins</div>
+
+Attributes | Description
+---:| ---
+`route id`<br>**required** | The unique identifier of the Route whose Plugins are to be retrieved. When using this endpoint, only Plugins associated to the specified Route will be listed.
+
+
+##### List Plugins Associated to a Specific Service
+
+<div class="endpoint get">/services/{service id}/plugins</div>
+
+Attributes | Description
+---:| ---
+`service id`<br>**required** | The unique identifier of the Service whose Plugins are to be retrieved. When using this endpoint, only Plugins associated to the specified Service will be listed.
+
+
+##### List Plugins Associated to a Specific Consumer
+
+<div class="endpoint get">/consumers/{consumer id}/plugins</div>
+
+Attributes | Description
+---:| ---
+`consumer id`<br>**required** | The unique identifier of the Consumer whose Plugins are to be retrieved. When using this endpoint, only Plugins associated to the specified Consumer will be listed.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.plugin_data }}
+    "next": "http://localhost:8001/plugins?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Plugin
+
+##### Retrieve Plugin
+
+<div class="endpoint get">/plugins/{plugin id}</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin to retrieve.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.plugin_json }}
+```
+
+
+---
+
+### Update Plugin
+
+##### Update Plugin
+
+<div class="endpoint patch">/plugins/{plugin id}</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin to update.
+
+
+*Request Body*
+
+{{ page.plugin_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.plugin_json }}
+```
+
+
+---
+
+### Update Or Create Plugin
+
+##### Create Or Update Plugin
+
+<div class="endpoint put">/plugins/{plugin id}</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin to create or update.
+
+
+*Request Body*
+
+{{ page.plugin_body }}
+
+
+Inserts (or replaces) the Plugin under the requested resource with the
+definition specified in the body. The Plugin will be identified via the `name
+or id` attribute.
+
+When the `name or id` attribute has the structure of a UUID, the Plugin being
+inserted/replaced will be identified by its `id`. Otherwise it will be
+identified by its `name`.
+
+When creating a new Plugin without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+Notice that specifying a `name` in the URL and a different one in the request
+body is not allowed.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete Plugin
+
+##### Delete Plugin
+
+<div class="endpoint delete">/plugins/{plugin id}</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin to delete.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+### Retrieve Enabled Plugins
+
+Retrieve a list of all installed plugins on the Kong node.
+
+<div class="endpoint get">/plugins/enabled</div>
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "enabled_plugins": [
+        "jwt",
+        "acl",
+        "cors",
+        "oauth2",
+        "tcp-log",
+        "udp-log",
+        "file-log",
+        "http-log",
+        "key-auth",
+        "hmac-auth",
+        "basic-auth",
+        "ip-restriction",
+        "request-transformer",
+        "response-transformer",
+        "request-size-limiting",
+        "rate-limiting",
+        "response-ratelimiting",
+        "aws-lambda",
+        "bot-detection",
+        "correlation-id",
+        "datadog",
+        "galileo",
+        "ldap-auth",
+        "loggly",
+        "statsd",
+        "syslog"
+    ]
+}
+```
+
+
+---
+
+### Retrieve Plugin Schema
+
+Retrieve the schema of a plugin's configuration. This is useful to
+understand what fields a plugin accepts, and can be used for building
+third-party integrations to the Kong's plugin system.
+
+
+<div class="endpoint get">/plugins/schema/{plugin name}</div>
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "fields": {
+        "hide_credentials": {
+            "default": false,
+            "type": "boolean"
+        },
+        "key_names": {
+            "default": "function",
+            "required": true,
+            "type": "array"
+        }
+    }
+}
+```
+
+
+---
+
+## Certificate Object
+
+A certificate object represents a public certificate, and can be optionally paired with the
+corresponding private key. These objects are used by Kong to handle SSL/TLS termination for
+encrypted requests, or for use as a trusted CA store when validating peer certificate of
+client/service. Certificates are optionally associated with SNI objects to
+tie a cert/key pair to one or more hostnames.
+
+If intermediate certificates are required in addition to the main
+certificate, they should be concatenated together into one string according to
+the following order: main certificate on the top, followed by any intermediates.
+
+Certificates can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.certificate_json }}
+```
+
+### Add Certificate
+
+##### Create Certificate
+
+<div class="endpoint post">/certificates</div>
+
+
+*Request Body*
+
+{{ page.certificate_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.certificate_json }}
+```
+
+
+---
+
+### List Certificates
+
+##### List All Certificates
+
+<div class="endpoint get">/certificates</div>
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.certificate_data }}
+    "next": "http://localhost:8001/certificates?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Certificate
+
+##### Retrieve Certificate
+
+<div class="endpoint get">/certificates/{certificate id}</div>
+
+Attributes | Description
+---:| ---
+`certificate id`<br>**required** | The unique identifier of the Certificate to retrieve.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.certificate_json }}
+```
+
+
+---
+
+### Update Certificate
+
+##### Update Certificate
+
+<div class="endpoint patch">/certificates/{certificate id}</div>
+
+Attributes | Description
+---:| ---
+`certificate id`<br>**required** | The unique identifier of the Certificate to update.
+
+
+*Request Body*
+
+{{ page.certificate_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.certificate_json }}
+```
+
+
+---
+
+### Update Or Create Certificate
+
+##### Create Or Update Certificate
+
+<div class="endpoint put">/certificates/{certificate id}</div>
+
+Attributes | Description
+---:| ---
+`certificate id`<br>**required** | The unique identifier of the Certificate to create or update.
+
+
+*Request Body*
+
+{{ page.certificate_body }}
+
+
+Inserts (or replaces) the Certificate under the requested resource with the
+definition specified in the body. The Certificate will be identified via the `name
+or id` attribute.
+
+When the `name or id` attribute has the structure of a UUID, the Certificate being
+inserted/replaced will be identified by its `id`. Otherwise it will be
+identified by its `name`.
+
+When creating a new Certificate without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+Notice that specifying a `name` in the URL and a different one in the request
+body is not allowed.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete Certificate
+
+##### Delete Certificate
+
+<div class="endpoint delete">/certificates/{certificate id}</div>
+
+Attributes | Description
+---:| ---
+`certificate id`<br>**required** | The unique identifier of the Certificate to delete.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+## CA Certificate Object
+
+A CA certificate object represents a trusted CA. These objects are used by Kong to
+verify the validity of a client or server certificate.
+
+CA Certificates can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.ca_certificate_json }}
+```
+
+### Add CA Certificate
+
+##### Create CA Certificate
+
+<div class="endpoint post">/ca_certificates</div>
+
+
+*Request Body*
+
+{{ page.ca_certificate_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.ca_certificate_json }}
+```
+
+
+---
+
+### List CA Certificates
+
+##### List All CA Certificates
+
+<div class="endpoint get">/ca_certificates</div>
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.ca_certificate_data }}
+    "next": "http://localhost:8001/ca_certificates?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve CA Certificate
+
+##### Retrieve CA Certificate
+
+<div class="endpoint get">/ca_certificates/{ca_certificate id}</div>
+
+Attributes | Description
+---:| ---
+`ca_certificate id`<br>**required** | The unique identifier of the CA Certificate to retrieve.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.ca_certificate_json }}
+```
+
+
+---
+
+### Update CA Certificate
+
+##### Update CA Certificate
+
+<div class="endpoint patch">/ca_certificates/{ca_certificate id}</div>
+
+Attributes | Description
+---:| ---
+`ca_certificate id`<br>**required** | The unique identifier of the CA Certificate to update.
+
+
+*Request Body*
+
+{{ page.ca_certificate_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.ca_certificate_json }}
+```
+
+
+---
+
+### Update Or Create CA Certificate
+
+##### Create Or Update CA Certificate
+
+<div class="endpoint put">/ca_certificates/{ca_certificate id}</div>
+
+Attributes | Description
+---:| ---
+`ca_certificate id`<br>**required** | The unique identifier of the CA Certificate to create or update.
+
+
+*Request Body*
+
+{{ page.ca_certificate_body }}
+
+
+Inserts (or replaces) the CA Certificate under the requested resource with the
+definition specified in the body. The CA Certificate will be identified via the `name
+or id` attribute.
+
+When the `name or id` attribute has the structure of a UUID, the CA Certificate being
+inserted/replaced will be identified by its `id`. Otherwise it will be
+identified by its `name`.
+
+When creating a new CA Certificate without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+Notice that specifying a `name` in the URL and a different one in the request
+body is not allowed.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete CA Certificate
+
+##### Delete CA Certificate
+
+<div class="endpoint delete">/ca_certificates/{ca_certificate id}</div>
+
+Attributes | Description
+---:| ---
+`ca_certificate id`<br>**required** | The unique identifier of the CA Certificate to delete.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+## SNI Object
+
+An SNI object represents a many-to-one mapping of hostnames to a certificate.
+That is, a certificate object can have many hostnames associated with it; when
+Kong receives an SSL request, it uses the SNI field in the Client Hello to
+lookup the certificate object based on the SNI associated with the certificate.
+
+SNIs can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.sni_json }}
+```
+
+### Add SNI
+
+##### Create SNI
+
+<div class="endpoint post">/snis</div>
+
+
+##### Create SNI Associated to a Specific Certificate
+
+<div class="endpoint post">/certificates/{certificate name or id}/snis</div>
+
+Attributes | Description
+---:| ---
+`certificate name or id`<br>**required** | The unique identifier or the `name` attribute of the Certificate that should be associated to the newly-created SNI.
+
+
+*Request Body*
+
+{{ page.sni_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.sni_json }}
+```
+
+
+---
+
+### List SNIs
+
+##### List All SNIs
+
+<div class="endpoint get">/snis</div>
+
+
+##### List SNIs Associated to a Specific Certificate
+
+<div class="endpoint get">/certificates/{certificate name or id}/snis</div>
+
+Attributes | Description
+---:| ---
+`certificate name or id`<br>**required** | The unique identifier or the `name` attribute of the Certificate whose SNIs are to be retrieved. When using this endpoint, only SNIs associated to the specified Certificate will be listed.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.sni_data }}
+    "next": "http://localhost:8001/snis?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve SNI
+
+##### Retrieve SNI
+
+<div class="endpoint get">/snis/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the SNI to retrieve.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.sni_json }}
+```
+
+
+---
+
+### Update SNI
+
+##### Update SNI
+
+<div class="endpoint patch">/snis/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the SNI to update.
+
+
+*Request Body*
+
+{{ page.sni_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.sni_json }}
+```
+
+
+---
+
+### Update Or Create SNI
+
+##### Create Or Update SNI
+
+<div class="endpoint put">/snis/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the SNI to create or update.
+
+
+*Request Body*
+
+{{ page.sni_body }}
+
+
+Inserts (or replaces) the SNI under the requested resource with the
+definition specified in the body. The SNI will be identified via the `name
+or id` attribute.
+
+When the `name or id` attribute has the structure of a UUID, the SNI being
+inserted/replaced will be identified by its `id`. Otherwise it will be
+identified by its `name`.
+
+When creating a new SNI without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+Notice that specifying a `name` in the URL and a different one in the request
+body is not allowed.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete SNI
+
+##### Delete SNI
+
+<div class="endpoint delete">/snis/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the SNI to delete.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+## Upstream Object
+
+The upstream object represents a virtual hostname and can be used to loadbalance
+incoming requests over multiple services (targets). So for example an upstream
+named `service.v1.xyz` for a Service object whose `host` is `service.v1.xyz`.
+Requests for this Service would be proxied to the targets defined within the upstream.
+
+An upstream also includes a [health checker][healthchecks], which is able to
+enable and disable targets based on their ability or inability to serve
+requests. The configuration for the health checker is stored in the upstream
+object, and applies to all of its targets.
+
+Upstreams can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.upstream_json }}
+```
+
+### Add Upstream
+
+##### Create Upstream
+
+<div class="endpoint post">/upstreams</div>
+
+
+*Request Body*
+
+{{ page.upstream_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.upstream_json }}
+```
+
+
+---
+
+### List Upstreams
+
+##### List All Upstreams
+
+<div class="endpoint get">/upstreams</div>
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.upstream_data }}
+    "next": "http://localhost:8001/upstreams?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Upstream
+
+##### Retrieve Upstream
+
+<div class="endpoint get">/upstreams/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Upstream to retrieve.
+
+
+##### Retrieve Upstream Associated to a Specific Target
+
+<div class="endpoint get">/targets/{target host:port or id}/upstream</div>
+
+Attributes | Description
+---:| ---
+`target host:port or id`<br>**required** | The unique identifier **or** the host:port of the Target associated to the Upstream to be retrieved.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.upstream_json }}
+```
+
+
+---
+
+### Update Upstream
+
+##### Update Upstream
+
+<div class="endpoint patch">/upstreams/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Upstream to update.
+
+
+##### Update Upstream Associated to a Specific Target
+
+<div class="endpoint patch">/targets/{target host:port or id}/upstream</div>
+
+Attributes | Description
+---:| ---
+`target host:port or id`<br>**required** | The unique identifier **or** the host:port of the Target associated to the Upstream to be updated.
+
+
+*Request Body*
+
+{{ page.upstream_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.upstream_json }}
+```
+
+
+---
+
+### Update Or Create Upstream
+
+##### Create Or Update Upstream
+
+<div class="endpoint put">/upstreams/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Upstream to create or update.
+
+
+##### Create Or Update Upstream Associated to a Specific Target
+
+<div class="endpoint put">/targets/{target host:port or id}/upstream</div>
+
+Attributes | Description
+---:| ---
+`target host:port or id`<br>**required** | The unique identifier **or** the host:port of the Target associated to the Upstream to be created or updated.
+
+
+*Request Body*
+
+{{ page.upstream_body }}
+
+
+Inserts (or replaces) the Upstream under the requested resource with the
+definition specified in the body. The Upstream will be identified via the `name
+or id` attribute.
+
+When the `name or id` attribute has the structure of a UUID, the Upstream being
+inserted/replaced will be identified by its `id`. Otherwise it will be
+identified by its `name`.
+
+When creating a new Upstream without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+Notice that specifying a `name` in the URL and a different one in the request
+body is not allowed.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete Upstream
+
+##### Delete Upstream
+
+<div class="endpoint delete">/upstreams/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Upstream to delete.
+
+
+##### Delete Upstream Associated to a Specific Target
+
+<div class="endpoint delete">/targets/{target host:port or id}/upstream</div>
+
+Attributes | Description
+---:| ---
+`target host:port or id`<br>**required** | The unique identifier **or** the host:port of the Target associated to the Upstream to be deleted.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+### Show Upstream Health for Node
+
+Displays the health status for all Targets of a given Upstream, according to
+the perspective of a specific Kong node. Note that, being node-specific
+information, making this same request to different nodes of the Kong cluster
+may produce different results. For example, one specific node of the Kong
+cluster may be experiencing network issues, causing it to fail to connect to
+some Targets: these Targets will be marked as unhealthy by that node
+(directing traffic from this node to other Targets that it can successfully
+reach), but healthy to all others Kong nodes (which have no problems using that
+Target).
+
+The `data` field of the response contains an array of Target objects.
+The health for each Target is returned in its `health` field:
+
+* If a Target fails to be activated in the balancer due to DNS issues,
+  its status displays as `DNS_ERROR`.
+* When [health checks][healthchecks] are not enabled in the Upstream
+  configuration, the health status for active Targets is displayed as
+  `HEALTHCHECKS_OFF`.
+* When health checks are enabled and the Target is determined to be healthy,
+  either automatically or [manually](#set-target-as-healthy),
+  its status is displayed as `HEALTHY`. This means that this Target is
+  currently included in this Upstream's load balancer execution.
+* When a Target has been disabled by either active or passive health checks
+  (circuit breakers) or [manually](#set-target-as-unhealthy),
+  its status is displayed as `UNHEALTHY`. The load balancer is not directing
+  any traffic to this Target via this Upstream.
+
+
+<div class="endpoint get">/upstreams/{name or id}/health/</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Upstream for which to display Target health.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "total": 2,
+    "node_id": "cbb297c0-14a9-46bc-ad91-1d0ef9b42df9",
+    "data": [
+        {
+            "created_at": 1485524883980,
+            "id": "18c0ad90-f942-4098-88db-bbee3e43b27f",
+            "health": "HEALTHY",
+            "target": "127.0.0.1:20000",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 100
+        },
+        {
+            "created_at": 1485524914883,
+            "id": "6c6f34eb-e6c3-4c1f-ac58-4060e5bca890",
+            "health": "UNHEALTHY",
+            "target": "127.0.0.1:20002",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 200
+        }
+    ]
+}
+```
+
+
+---
+
+## Target Object
+
+A target is an ip address/hostname with a port that identifies an instance of a backend
+service. Every upstream can have many targets, and the targets can be
+dynamically added. Changes are effectuated on the fly.
+
+Because the upstream maintains a history of target changes, the targets cannot
+be deleted or modified. To disable a target, post a new one with `weight=0`;
+alternatively, use the `DELETE` convenience method to accomplish the same.
+
+The current target object definition is the one with the latest `created_at`.
+
+Targets can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.target_json }}
+```
+
+### Add Target
+
+##### Create Target Associated to a Specific Upstream
+
+<div class="endpoint post">/upstreams/{upstream host:port or id}/targets</div>
+
+Attributes | Description
+---:| ---
+`upstream host:port or id`<br>**required** | The unique identifier or the `host:port` attribute of the Upstream that should be associated to the newly-created Target.
+
+
+*Request Body*
+
+{{ page.target_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.target_json }}
+```
+
+
+---
+
+### List Targets
+
+##### List Targets Associated to a Specific Upstream
+
+<div class="endpoint get">/upstreams/{upstream host:port or id}/targets</div>
+
+Attributes | Description
+---:| ---
+`upstream host:port or id`<br>**required** | The unique identifier or the `host:port` attribute of the Upstream whose Targets are to be retrieved. When using this endpoint, only Targets associated to the specified Upstream will be listed.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.target_data }}
+    "next": "http://localhost:8001/targets?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Delete Target
+
+Disable a target in the load balancer. Under the hood, this method creates
+a new entry for the given target definition with a `weight` of 0.
+
+
+<div class="endpoint delete">/upstreams/{upstream name or id}/targets/{host:port or id}</div>
+
+Attributes | Description
+---:| ---
+`upstream name or id`<br>**required** | The unique identifier **or** the name of the upstream for which to delete the target.
+`host:port or id`<br>**required** | The host:port combination element of the target to remove, or the `id` of an existing target entry.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+### Set Target Address As Healthy
+
+Set the current health status of an individual address resolved by a target
+in the load balancer to "healthy" in the entire Kong cluster.
+
+This endpoint can be used to manually re-enable an address resolved by a
+target that was previously disabled by the upstream's [health checker][healthchecks].
+Upstreams only forward requests to healthy nodes, so this call tells Kong
+to start using this address again.
+
+This resets the health counters of the health checkers running in all workers
+of the Kong node, and broadcasts a cluster-wide message so that the "healthy"
+status is propagated to the whole Kong cluster.
+
+
+<div class="endpoint post">/upstreams/{upstream name or id}/targets/{target or id}/{address}/healthy</div>
+
+Attributes | Description
+---:| ---
+`upstream name or id`<br>**required** | The unique identifier **or** the name of the upstream.
+`target or id`<br>**required** | The host/port combination element of the target to set as healthy, or the `id` of an existing target entry.
+`address`<br>**required** | The host/port combination element of the address to set as healthy.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+### Set Target Address As Unhealthy
+
+Set the current health status of an individual address resolved by a target
+in the load balancer to "unhealthy" in the entire Kong cluster.
+
+This endpoint can be used to manually disable an address and have it stop
+responding to requests. Upstreams only forward requests to healthy nodes, so
+this call tells Kong to start skipping this address.
+
+This call resets the health counters of the health checkers running in all
+workers of the Kong node, and broadcasts a cluster-wide message so that the
+"unhealthy" status is propagated to the whole Kong cluster.
+
+[Active health checks][active] continue to execute for unhealthy
+addresses. Note that if active health checks are enabled and the probe detects
+that the address is actually healthy, it will automatically re-enable it again.
+To permanently remove a target from the balancer, you should [delete a
+target](#delete-target) instead.
+
+
+<div class="endpoint post">/upstreams/{upstream name or id}/targets/{target or id}/unhealthy</div>
+
+Attributes | Description
+---:| ---
+`upstream name or id`<br>**required** | The unique identifier **or** the name of the upstream.
+`target or id`<br>**required** | The host/port combination element of the target to set as unhealthy, or the `id` of an existing target entry.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+### Set Target As Healthy
+
+Set the current health status of a target in the load balancer to "healthy"
+in the entire Kong cluster. This sets the "healthy" status to all addresses
+resolved by this target.
+
+This endpoint can be used to manually re-enable a target that was previously
+disabled by the upstream's [health checker][healthchecks]. Upstreams only
+forward requests to healthy nodes, so this call tells Kong to start using this
+target again.
+
+This resets the health counters of the health checkers running in all workers
+of the Kong node, and broadcasts a cluster-wide message so that the "healthy"
+status is propagated to the whole Kong cluster.
+
+
+<div class="endpoint post">/upstreams/{upstream name or id}/targets/{target or id}/healthy</div>
+
+Attributes | Description
+---:| ---
+`upstream name or id`<br>**required** | The unique identifier **or** the name of the upstream.
+`target or id`<br>**required** | The host/port combination element of the target to set as healthy, or the `id` of an existing target entry.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+### Set Target As Unhealthy
+
+Set the current health status of a target in the load balancer to "unhealthy"
+in the entire Kong cluster. This sets the "unhealthy" status to all addresses
+resolved by this target.
+
+This endpoint can be used to manually disable a target and have it stop
+responding to requests. Upstreams only forward requests to healthy nodes, so
+this call tells Kong to start skipping this target.
+
+This call resets the health counters of the health checkers running in all
+workers of the Kong node, and broadcasts a cluster-wide message so that the
+"unhealthy" status is propagated to the whole Kong cluster.
+
+[Active health checks][active] continue to execute for unhealthy
+targets. Note that if active health checks are enabled and the probe detects
+that the target is actually healthy, it will automatically re-enable it again.
+To permanently remove a target from the balancer, you should [delete a
+target](#delete-target) instead.
+
+
+<div class="endpoint post">/upstreams/{upstream name or id}/targets/{target or id}/unhealthy</div>
+
+Attributes | Description
+---:| ---
+`upstream name or id`<br>**required** | The unique identifier **or** the name of the upstream.
+`target or id`<br>**required** | The host/port combination element of the target to set as unhealthy, or the `id` of an existing target entry.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+### List All Targets
+
+Lists all targets of the upstream. Multiple target objects for the same
+target may be returned, showing the history of changes for a specific target.
+The target object with the latest `created_at` is the current definition.
+
+
+<div class="endpoint get">/upstreams/{name or id}/targets/all/</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the upstream for which to list the targets.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "total": 2,
+    "data": [
+        {
+            "created_at": 1485524883980,
+            "id": "18c0ad90-f942-4098-88db-bbee3e43b27f",
+            "target": "127.0.0.1:20000",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 100
+        },
+        {
+            "created_at": 1485524914883,
+            "id": "6c6f34eb-e6c3-4c1f-ac58-4060e5bca890",
+            "target": "127.0.0.1:20002",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 200
+        }
+    ]
+}
+```
+
+
+---
+
+[clustering]: /{{page.kong_version}}/clustering
+[cli]: /{{page.kong_version}}/cli
+[active]: /{{page.kong_version}}/health-checks-circuit-breakers/#active-health-checks
+[healthchecks]: /{{page.kong_version}}/health-checks-circuit-breakers
+[secure-admin-api]: /{{page.kong_version}}/secure-admin-api
+[proxy-reference]: /{{page.kong_version}}/proxy
+[db-less-admin-api]: /{{page.kong_version}}/db-less-admin-api
diff --git a/app/1.3.x/auth.md b/app/1.3.x/auth.md
new file mode 100644
index 000000000000..f190620128e8
--- /dev/null
+++ b/app/1.3.x/auth.md
@@ -0,0 +1,215 @@
+---
+title: Authentication Reference
+---
+
+## Introduction
+
+Traffic to your upstream services (APIs or microservices) is typically controlled by the application and
+configuration of various Kong [authentication plugins][plugins]. Since Kong's Service entity represents
+a 1-to-1 mapping of your own upstream services, the simplest scenario is to configure authentication
+plugins on the Services of your choosing.
+
+## Generic authentication
+
+The most common scenario is to require authentication and to not allow access for any unauthenticated request.
+To achieve this any of the authentication plugins can be used. The generic scheme/flow of those plugins
+works as follows:
+
+1. Apply an auth plugin to a Service, or globally (you cannot apply one on consumers)
+2. Create a `consumer` entity
+3. Provide the consumer with authentication credentials for the specific authentication method
+4. Now whenever a request comes in Kong will check the provided credentials (depends on the auth type) and
+it will either block the request if it cannot validate, or add consumer and credential details
+in the headers and forward the request
+
+The generic flow above does not always apply, for example when using external authentication like LDAP,
+then there is no consumer to be identified, and only the credentials will be added in the forwarded headers.
+
+The authentication method specific elements and examples can be found in each [plugin's documentation][plugins].
+
+## Consumers
+
+The easiest way to think about consumers is to map them one-on-one to users. Yet, to Kong this does not matter.
+The core principle for consumers is that you can attach plugins to them, and hence customize request behaviour.
+So you might have mobile apps, and define one consumer for each app, or version of it. Or have a consumer per
+platform, e.g. an android consumer, an iOS consumer, etc.
+
+It is an opaque concept to Kong and hence they are called "consumers" and not "users".
+
+## Anonymous Access
+
+Kong has the ability to configure a given Service to allow **both** authenticated **and** anonymous access.
+You might use this configuration to grant access to anonymous users with a low rate-limit, and grant access
+to authenticated users with a higher rate limit.
+
+To configure a Service like this, you first apply your selected authentication plugin, then create a new
+consumer to represent anonymous users, then configure your authentication plugin to allow anonymous
+access. Here is an example, which assumes you have already configured a Service named `example-service` and
+the corresponding route:
+
+1. ### Create an example Service and a Route
+
+    Issue the following cURL request to create `example-service` pointing to mockbin.org, which will echo
+    the request:
+
+    ```bash
+    $ curl -i -X POST \
+      --url http://localhost:8001/services/ \
+      --data 'name=example-service' \
+      --data 'url=http://mockbin.org/request'
+    ```
+
+    Add a route to the Service:
+
+    ```bash
+    $ curl -i -X POST \
+      --url http://localhost:8001/services/example-service/routes \
+      --data 'paths[]=/auth-sample'
+    ```
+
+    The url `http://localhost:8000/auth-sample` will now echo whatever is being requested.
+
+2. ### Configure the key-auth Plugin for your Service
+
+    Issue the following cURL request to add a plugin to a Service:
+
+    ```bash
+    $ curl -i -X POST \
+      --url http://localhost:8001/services/example-service/plugins/ \
+      --data 'name=key-auth'
+    ```
+
+    Be sure to note the created Plugin `id` - you'll need it in step 5.
+
+3. ### Verify that the key-auth plugin is properly configured
+
+    Issue the following cURL request to verify that the [key-auth][key-auth]
+    plugin was properly configured on the Service:
+
+    ```bash
+    $ curl -i -X GET \
+      --url http://localhost:8000/auth-sample
+    ```
+
+    Since you did not specify the required `apikey` header or parameter, and you have not yet
+    enabled anonymous access, the response should be `403 Forbidden`:
+
+    ```http
+    HTTP/1.1 403 Forbidden
+    ...
+
+    {
+      "message": "No API key found in headers or querystring"
+    }
+    ```
+
+4. ### Create an anonymous Consumer
+
+    Every request proxied by Kong must be associated with a Consumer. You'll now create a Consumer
+    named `anonymous_users` (that Kong will utilize when proxying anonymous access) by issuing the
+    following request:
+
+    ```bash
+    $ curl -i -X POST \
+      --url http://localhost:8001/consumers/ \
+      --data "username=anonymous_users"
+    ```
+
+    You should see a response similar to the one below:
+
+    ```http
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+    Connection: keep-alive
+
+    {
+      "username": "anonymous_users",
+      "created_at": 1428555626000,
+      "id": "bbdf1c48-19dc-4ab7-cae0-ff4f59d87dc9"
+    }
+    ```
+
+    Be sure to note the Consumer `id` - you'll need it in the next step.
+
+5. ### Enable anonymous access
+
+    You'll now re-configure the key-auth plugin to permit anonymous access by issuing the following
+    request (**replace the sample uuids below by the `id` values from step 2 and 4**):
+
+    ```bash
+    $ curl -i -X PATCH \
+      --url http://localhost:8001/plugins/<your-plugin-id> \
+      --data "config.anonymous=<your-consumer-id>"
+    ```
+
+    The `config.anonymous=<your-consumer-id>` parameter instructs the key-auth plugin on this Service to permit
+    anonymous access, and to associate such access with the Consumer `id` we received in the previous step. It is
+    required that you provide a valid and pre-existing Consumer `id` in this step - validity of the Consumer `id`
+    is not currently checked when configuring anonymous access, and provisioning of a Consumer `id` that doesn't already
+    exist will result in an incorrect configuration.
+
+6. ### Check anonymous access
+
+    Confirm that your Service now permits anonymous access by issuing the following request:
+
+    ```bash
+    $ curl -i -X GET \
+      --url http://localhost:8000/auth-sample
+    ```
+
+    This is the same request you made in step #3, however this time the request should succeed, because you
+    enabled anonymous access in step #5.
+
+    The response (which is the request as Mockbin received it) should have these elements:
+
+    ```json
+    {
+      ...
+      "headers": {
+        ...
+        "x-consumer-id": "713c592c-38b8-4f5b-976f-1bd2b8069494",
+        "x-consumer-username": "anonymous_users",
+        "x-anonymous-consumer": "true",
+        ...
+      },
+      ...
+    }
+    ```
+
+    It shows the request was successful, but anonymous.
+
+## Multiple Authentication
+
+Kong supports multiple authentication plugins for a given Service, allowing
+different clients to utilize different authentication methods to access a given Service or Route.
+
+The behaviour of the auth plugins can be set to do either a logical `AND`, or a logical `OR` when evaluating
+multiple authentication credentials. The key to the behaviour is the `config.anonymous` property.
+
+- `config.anonymous` not set <br/>
+  If this property is not set (empty) then the auth plugins will always perform authentication and return
+  a `40x` response if not validated. This results in a logical `AND` when multiple auth plugins are being
+  invoked.
+- `config.anonymous` set to a valid consumer id <br/>
+  In this case the auth plugin will only perform authentication if it was not already authenticated. When
+  authentication fails, it will not return a `40x` response, but set the anonymous consumer as the consumer. This
+  results in a logical `OR` + 'anonymous access' when multiple auth plugins are being invoked.
+
+**NOTE 1**: Either all or none of the auth plugins must be configured for anonymous access. The behaviour is
+undefined if they are mixed.
+
+**NOTE 2**: When using the `AND` method, the last plugin executed will be the one setting the credentials
+passed to the upstream service. With the `OR` method, it will be the first plugin that successfully authenticates
+the consumer, or the last plugin that will set its configured anonymous consumer.
+
+**NOTE 3**: When using the OAuth2 plugin in an `AND` fashion, then also the OAuth2 endpoints for requesting
+tokens etc. will require authentication by the other configured auth plugins.
+
+<div class="alert alert-warning">
+  When multiple authentication plugins are enabled in an <tt>OR</tt> fashion on a given Service, and it is desired that
+  anonymous access be forbidden, then the <a href="/plugins/request-termination"><tt>request-termination</tt> plugin</a> should be
+  configured on the anonymous consumer. Failure to do so will allow unauthorized requests.
+</div>
+
+[plugins]: https://konghq.com/plugins/
+[key-auth]: /plugins/key-authentication
diff --git a/app/1.3.x/cli.md b/app/1.3.x/cli.md
new file mode 100644
index 000000000000..47544ee9491c
--- /dev/null
+++ b/app/1.3.x/cli.md
@@ -0,0 +1,311 @@
+---
+title: CLI Reference
+---
+
+## Introduction
+
+The provided CLI (*Command Line Interface*) allows you to start, stop, and
+manage your Kong instances. The CLI manages your local node (as in, on the
+current machine).
+
+If you haven't yet, we recommend you read the [configuration reference][configuration-reference].
+
+## Global flags
+
+All commands take a set of special, optional flags as arguments:
+
+* `--help`: print the command's help message
+* `--v`: enable verbose mode
+* `--vv`: enable debug mode (noisy)
+
+[Back to TOC](#table-of-contents)
+
+## Available commands
+
+
+### kong check
+
+```
+Usage: kong check <conf>
+
+Check the validity of a given Kong configuration file.
+
+<conf> (default /etc/kong/kong.conf) configuration file
+
+```
+
+[Back to TOC](#table-of-contents)
+
+---
+
+
+### kong config
+
+```
+Usage: kong config COMMAND [OPTIONS]
+
+Use declarative configuration files with Kong.
+
+The available commands are:
+  init                                Generate an example config file to
+                                      get you started.
+
+  db_import <file>                    Import a declarative config file into
+                                      the Kong database.
+
+  db_export <file>                    Export the Kong database into a
+                                      declarative config file.
+
+  parse <file>                        Parse a declarative config file (check
+                                      its syntax) but do not load it into Kong.
+
+Options:
+ -c,--conf        (optional string)   Configuration file.
+ -p,--prefix      (optional string)   Override prefix directory.
+
+```
+
+[Back to TOC](#table-of-contents)
+
+---
+
+
+### kong health
+
+```
+Usage: kong health [OPTIONS]
+
+Check if the necessary services are running for this node.
+
+Options:
+ -p,--prefix      (optional string) prefix at which Kong should be running
+
+```
+
+[Back to TOC](#table-of-contents)
+
+---
+
+
+### kong migrations
+
+```
+Usage: kong migrations COMMAND [OPTIONS]
+
+Manage database schema migrations.
+
+The available commands are:
+  bootstrap                         Bootstrap the database and run all
+                                    migrations.
+
+  up                                Run any new migrations.
+
+  finish                            Finish running any pending migrations after
+                                    'up'.
+
+  list                              List executed migrations.
+
+  reset                             Reset the database.
+
+Options:
+ -y,--yes                           Assume "yes" to prompts and run
+                                    non-interactively.
+
+ -q,--quiet                         Suppress all output.
+
+ -f,--force                         Run migrations even if database reports
+                                    as already executed.
+
+ --db-timeout     (default 60)      Timeout, in seconds, for all database
+                                    operations (including schema consensus for
+                                    Cassandra).
+
+ --lock-timeout   (default 60)      Timeout, in seconds, for nodes waiting on
+                                    the leader node to finish running
+                                    migrations.
+
+ -c,--conf        (optional string) Configuration file.
+
+
+```
+
+[Back to TOC](#table-of-contents)
+
+---
+
+
+### kong prepare
+
+This command prepares the Kong prefix folder, with its sub-folders and files.
+
+```
+Usage: kong prepare [OPTIONS]
+
+Prepare the Kong prefix in the configured prefix directory. This command can
+be used to start Kong from the nginx binary without using the 'kong start'
+command.
+
+Example usage:
+ kong migrations up
+ kong prepare -p /usr/local/kong -c kong.conf
+ nginx -p /usr/local/kong -c /usr/local/kong/nginx.conf
+
+Options:
+ -c,--conf       (optional string) configuration file
+ -p,--prefix     (optional string) override prefix directory
+ --nginx-conf    (optional string) custom Nginx configuration template
+
+```
+
+[Back to TOC](#table-of-contents)
+
+---
+
+
+### kong quit
+
+```
+Usage: kong quit [OPTIONS]
+
+Gracefully quit a running Kong node (Nginx and other
+configured services) in given prefix directory.
+
+This command sends a SIGQUIT signal to Nginx, meaning all
+requests will finish processing before shutting down.
+If the timeout delay is reached, the node will be forcefully
+stopped (SIGTERM).
+
+Options:
+ -p,--prefix      (optional string) prefix Kong is running at
+ -t,--timeout     (default 10) timeout before forced shutdown
+ -w,--wait        (default 0) wait time before initiating the shutdown
+
+```
+
+[Back to TOC](#table-of-contents)
+
+---
+
+
+### kong reload
+
+```
+Usage: kong reload [OPTIONS]
+
+Reload a Kong node (and start other configured services
+if necessary) in given prefix directory.
+
+This command sends a HUP signal to Nginx, which will spawn
+new workers (taking configuration changes into account),
+and stop the old ones when they have finished processing
+current requests.
+
+Options:
+ -c,--conf        (optional string) configuration file
+ -p,--prefix      (optional string) prefix Kong is running at
+ --nginx-conf     (optional string) custom Nginx configuration template
+
+```
+
+[Back to TOC](#table-of-contents)
+
+---
+
+
+### kong restart
+
+```
+Usage: kong restart [OPTIONS]
+
+Restart a Kong node (and other configured services like Serf)
+in the given prefix directory.
+
+This command is equivalent to doing both 'kong stop' and
+'kong start'.
+
+Options:
+ -c,--conf        (optional string)   configuration file
+ -p,--prefix      (optional string)   prefix at which Kong should be running
+ --nginx-conf     (optional string)   custom Nginx configuration template
+ --run-migrations (optional boolean)  optionally run migrations on the DB
+ --db-timeout     (default 60)
+ --lock-timeout   (default 60)
+
+```
+
+[Back to TOC](#table-of-contents)
+
+---
+
+
+### kong start
+
+```
+Usage: kong start [OPTIONS]
+
+Start Kong (Nginx and other configured services) in the configured
+prefix directory.
+
+Options:
+ -c,--conf        (optional string)   Configuration file.
+
+ -p,--prefix      (optional string)   Override prefix directory.
+
+ --nginx-conf     (optional string)   Custom Nginx configuration template.
+
+ --run-migrations (optional boolean)  Run migrations before starting.
+
+ --db-timeout     (default 60)        Timeout, in seconds, for all database
+                                      operations (including schema consensus for
+                                      Cassandra).
+
+ --lock-timeout   (default 60)        When --run-migrations is enabled, timeout,
+                                      in seconds, for nodes waiting on the
+                                      leader node to finish running migrations.
+
+```
+
+[Back to TOC](#table-of-contents)
+
+---
+
+
+### kong stop
+
+```
+Usage: kong stop [OPTIONS]
+
+Stop a running Kong node (Nginx and other configured services) in given
+prefix directory.
+
+This command sends a SIGTERM signal to Nginx.
+
+Options:
+ -p,--prefix      (optional string) prefix Kong is running at
+
+```
+
+[Back to TOC](#table-of-contents)
+
+---
+
+
+### kong version
+
+```
+Usage: kong version [OPTIONS]
+
+Print Kong's version. With the -a option, will print
+the version of all underlying dependencies.
+
+Options:
+ -a,--all         get version of all dependencies
+
+```
+
+[Back to TOC](#table-of-contents)
+
+---
+
+
+[configuration-reference]: /{{page.kong_version}}/configuration
diff --git a/app/1.3.x/clustering.md b/app/1.3.x/clustering.md
new file mode 100644
index 000000000000..429b41c229af
--- /dev/null
+++ b/app/1.3.x/clustering.md
@@ -0,0 +1,297 @@
+---
+title: Clustering Reference
+---
+
+## Introduction
+
+A Kong cluster allows you to scale the system horizontally by adding more
+machines to handle more incoming requests. They will all share the same
+configuration since they point to the same database. Kong nodes pointing to the
+**same datastore** will be part of the same Kong cluster.
+
+You need a load-balancer in front of your Kong cluster to distribute traffic
+across your available nodes.
+
+## What a Kong cluster does and doesn't do
+
+**Having a Kong cluster does not mean that your clients traffic will be
+load-balanced across your Kong nodes out of the box.** You still need a
+load-balancer in front of your Kong nodes to distribute your traffic. Instead,
+a Kong cluster means that those nodes will share the same configuration.
+
+For performance reasons, Kong avoids database connections when proxying
+requests, and caches the contents of your database in memory. The cached
+entities include Services, Routes, Consumers, Plugins, Credentials, etc... Since those
+values are in memory, any change made via the Admin API of one of the nodes
+needs to be propagated to the other nodes.
+
+This document describes how those cached entities are being invalidated and how
+to configure your Kong nodes for your use case, which lies somewhere between
+performance and consistency.
+
+[Back to TOC](#table-of-contents)
+
+## Single node Kong clusters
+
+A single Kong node connected to a database (Cassandra or PostgreSQL) creates a
+Kong cluster of one node. Any changes applied via the Admin API of this node
+will instantly take effect. Example:
+
+Consider a single Kong node `A`. If we delete a previously registered Service:
+
+```bash
+$ curl -X DELETE http://127.0.0.1:8001/services/test-service
+```
+
+Then any subsequent request to `A` would instantly return `404 Not Found`, as
+the node purged it from its local cache:
+
+```bash
+$ curl -i http://127.0.0.1:8000/test-service
+```
+
+[Back to TOC](#table-of-contents)
+
+## Multiple nodes Kong clusters
+
+In a cluster of multiple Kong nodes, other nodes connected to the same database
+would not instantly be notified that the Service was deleted by node `A`.  While
+the Service is **not** in the database anymore (it was deleted by node `A`), it is
+**still** in node `B`'s memory.
+
+All nodes perform a periodic background job to synchronize with changes that
+may have been triggered by other nodes. The frequency of this job can be
+configured via:
+
+* [db_update_frequency][db_update_frequency] (default: 5 seconds)
+
+Every `db_update_frequency` seconds, all running Kong nodes will poll the
+database for any update, and will purge the relevant entities from their cache
+if necessary.
+
+If we delete a Service from node `A`, this change will not be effective in node
+`B` until node `B`s next database poll, which will occur up to
+`db_update_frequency` seconds later (though it could happen sooner).
+
+This makes Kong clusters **eventually consistent**.
+
+[Back to TOC](#table-of-contents)
+
+## What is being cached?
+
+All of the core entities such as Services, Routes, Plugins, Consumers, Credentials are
+cached in memory by Kong and depend on their invalidation via the polling
+mechanism to be updated.
+
+Additionally, Kong also caches **database misses**. This means that if you
+configure a Service with no plugin, Kong will cache this information. Example:
+
+On node `A`, we add a Service and a Route:
+
+```bash
+# node A
+$ curl -X POST http://127.0.0.1:8001/services \
+    --data "name=example-service" \
+    --data "url=http://example.com"
+
+$ curl -X POST http://127.0.0.1:8001/services/example-service/routes \
+    --data "paths[]=/example"
+```
+
+(Note that we used `/services/example-service/routes` as a shortcut: we
+could have used the `/routes` endpoint instead, but then we would need to
+pass `service_id` as an argument, with the UUID of the new Service.)
+
+A request to the Proxy port of both node `A` and `B` will cache this Service, and
+the fact that no plugin is configured on it:
+
+```bash
+# node A
+$ curl http://127.0.0.1:8000/example
+HTTP 200 OK
+...
+```
+
+```bash
+# node B
+$ curl http://127.0.0.2:8000/example
+HTTP 200 OK
+...
+```
+
+Now, say we add a plugin to this Service via node `A`'s Admin API:
+
+```bash
+# node A
+$ curl -X POST http://127.0.0.1:8001/services/example-service/plugins \
+    --data "name=example-plugin"
+```
+
+Because this request was issued via node `A`'s Admin API, node `A` will locally
+invalidate its cache and on subsequent requests, it will detect that this API
+has a plugin configured.
+
+However, node `B` hasn't run a database poll yet, and still caches that this
+API has no plugin to run. It will be so until node `B` runs its database
+polling job.
+
+**Conclusion**: all CRUD operations trigger cache invalidations. Creation
+(`POST`, `PUT`) will invalidate cached database misses, and update/deletion
+(`PATCH`, `DELETE`) will invalidate cached database hits.
+
+[Back to TOC](#table-of-contents)
+
+## How to configure database caching?
+
+You can configure 3 properties in the Kong configuration file, the most
+important one being `db_update_frequency`, which determine where your Kong
+nodes stand on the performance vs consistency trade off.
+
+Kong comes with default values tuned for consistency, in order to let you
+experiment with its clustering capabilities while avoiding "surprises". As you
+prepare a production setup, you should consider tuning those values to ensure
+that your performance constraints are respected.
+
+### 1. [db_update_frequency][db_update_frequency] (default: 5s)
+
+This value determines the frequency at which your Kong nodes will be polling
+the database for invalidation events. A lower value will mean that the polling
+job will be executed more frequently, but that your Kong nodes will keep up
+with changes you apply. A higher value will mean that your Kong nodes will
+spend less time running the polling jobs, and will focus on proxying your
+traffic.
+
+**Note**: changes propagate through the cluster in up to `db_update_frequency`
+seconds.
+
+[Back to TOC](#table-of-contents)
+
+### 2. [db_update_propagation][db_update_propagation] (default: 0s)
+
+If your database itself is eventually consistent (ie: Cassandra), you **must**
+configure this value. It is to ensure that the change has time to propagate
+across your database nodes. When set, Kong nodes receiving invalidation events
+from their polling jobs will delay the purging of their cache for
+`db_update_propagation` seconds.
+
+If a Kong node connected to an eventual consistent database was not delaying
+the event handling, it could purge its cache, only to cache the non-updated
+value again (because the change hasn't propagated through the database yet)!
+
+You should set this value to an estimate of the amount of time your database
+cluster takes to propagate changes.
+
+**Note**: when this value is set, changes propagate through the cluster in
+up to `db_update_frequency + db_update_propagation` seconds.
+
+[Back to TOC](#table-of-contents)
+
+### 3. [db_cache_ttl][db_cache_ttl] (default: 0s)
+
+The time (in seconds) for which Kong will cache database entities (both hits
+and misses). This Time-To-Live value acts as a safeguard in case a Kong node
+misses an invalidation event, to avoid it from running on stale data for too
+long. When the TTL is reached, the value will be purged from its cache, and the
+next database result will be cached again.
+
+By default no data is invalidated based on this TTL (the default value is `0`).
+This is usually fine: Kong nodes rely on invalidation events, which are handled
+at the db store level (Cassandra/PosgreSQL). If you are concerned that a Kong
+node might miss invalidation event for any reason, you should set a TTL. Otherwise
+the node might run with a stale value in its cache for an undefined amount of time,
+until the cache is manually purged, or the node is restarted.
+
+[Back to TOC](#table-of-contents)
+
+### 4. When using Cassandra
+
+If you use Cassandra as your Kong database, you **must** set
+[db_update_propagation][db_update_propagation] to a non-zero value. Since
+Cassandra is eventually consistent by nature, this will ensure that Kong nodes
+do not prematurely invalidate their cache, only to fetch and catch a
+not up-to-date entity again. Kong will present you a warning logs if you did
+not configure this value when using Cassandra.
+
+Additionally, you might want to configure `cassandra_consistency` to a value
+like `QUORUM` or `LOCAL_QUORUM`, to ensure that values being cached by your
+Kong nodes are up-to-date values from your database.
+
+[Back to TOC](#table-of-contents)
+
+## Interacting with the cache via the Admin API
+
+If for some reason, you wish to investigate the cached values, or manually
+invalidate a value cached by Kong (a cached hit or miss), you can do so via the
+Admin API `/cache` endpoint.
+
+### Inspect a cached value
+
+**Endpoint**
+
+<div class="endpoint get">/cache/{cache_key}</div>
+
+**Response**
+
+If a value with that key is cached:
+
+```
+HTTP 200 OK
+...
+{
+    ...
+}
+```
+
+Else:
+
+```
+HTTP 404 Not Found
+```
+
+**Note**: retrieving the `cache_key` for each entity being cached by Kong is
+currently an undocumented process. Future versions of the Admin API will make
+this process easier.
+
+[Back to TOC](#table-of-contents)
+
+### Purge a cached value
+
+**Endpoint**
+
+<div class="endpoint delete">/cache/{cache_key}</div>
+
+**Response**
+
+```
+HTTP 204 No Content
+...
+```
+
+**Note**: retrieving the `cache_key` for each entity being cached by Kong is
+currently an undocumented process. Future versions of the Admin API will make
+this process easier.
+
+[Back to TOC](#table-of-contents)
+
+### Purge a node's cache
+
+**Endpoint**
+
+<div class="endpoint delete">/cache</div>
+
+**Response**
+
+```
+HTTP 204 No Content
+```
+
+**Note**: be wary of using this endpoint on a warm, production running node.
+If the node is receiving a lot of traffic, purging its cache at the same time
+will trigger many requests to your database, and could cause a
+[dog-pile effect](https://en.wikipedia.org/wiki/Cache_stampede).
+
+[Back to TOC](#table-of-contents)
+
+[db_update_frequency]: /{{page.kong_version}}/configuration/#db_update_frequency
+[db_update_propagation]: /{{page.kong_version}}/configuration/#db_update_propagation
+[db_cache_ttl]: /{{page.kong_version}}/configuration/#db_cache_ttl
diff --git a/app/1.3.x/configuration.md b/app/1.3.x/configuration.md
new file mode 100644
index 000000000000..440f6250c4da
--- /dev/null
+++ b/app/1.3.x/configuration.md
@@ -0,0 +1,1446 @@
+---
+title: Configuration Reference
+---
+
+## Configuration loading
+
+Kong comes with a default configuration file that can be found at
+`/etc/kong/kong.conf.default` if you installed Kong via one of the official
+packages. To start configuring Kong, you can copy this file:
+
+```bash
+$ cp /etc/kong/kong.conf.default /etc/kong/kong.conf
+```
+
+Kong will operate with default settings should all the values in your
+configuration be commented out. Upon starting, Kong looks for several
+default locations that might contain a configuration file:
+
+```
+/etc/kong/kong.conf
+/etc/kong.conf
+```
+
+You can override this behavior by specifying a custom path for your
+configuration file using the `-c / --conf` argument in the CLI:
+
+```bash
+$ kong start --conf /path/to/kong.conf
+```
+
+The configuration format is straightforward: simply uncomment any property
+(comments are defined by the `#` character) and modify it to your needs.
+Boolean values can be specified as `on`/`off` or `true`/`false` for convenience.
+
+## Verifying your configuration
+
+You can verify the integrity of your settings with the `check` command:
+
+```bash
+$ kong check <path/to/kong.conf>
+configuration at <path/to/kong.conf> is valid
+```
+
+This command will take into account the environment variables you have
+currently set, and will error out in case your settings are invalid.
+
+Additionally, you can also use the CLI in debug mode to have more insight
+as to what properties Kong is being started with:
+
+```bash
+$ kong start -c <kong.conf> --vv
+2016/08/11 14:53:36 [verbose] no config file found at /etc/kong.conf
+2016/08/11 14:53:36 [verbose] no config file found at /etc/kong/kong.conf
+2016/08/11 14:53:36 [debug] admin_listen = "0.0.0.0:8001"
+2016/08/11 14:53:36 [debug] database = "postgres"
+2016/08/11 14:53:36 [debug] log_level = "notice"
+[...]
+```
+
+## Environment variables
+
+When loading properties out of a configuration file, Kong will also look for
+environment variables of the same name. This allows you to fully configure Kong
+via environment variables, which is very convenient for container-based
+infrastructures, for example.
+
+To override a setting using an environment variable, declare an environment
+variable with the name of the setting, prefixed with `KONG_` and capitalized.
+
+For example:
+
+```
+log_level = debug # in kong.conf
+```
+
+can be overridden with:
+
+```bash
+$ export KONG_LOG_LEVEL=error
+```
+
+## Injecting Nginx directives
+
+Tweaking the Nginx configuration of your Kong instances allows you to optimize
+its performance for your infrastructure.
+
+When Kong starts, it builds an Nginx configuration file. You can inject custom
+Nginx directives to this file directly via your Kong configuration.
+
+### Injecting individual Nginx directives
+
+Any entry added to your `kong.conf` file that is prefixed by `nginx_http_`,
+`nginx_proxy_` or `nginx_admin_` will be converted into an equivalent Nginx
+directive by removing the prefix and added to the appropriate section of the
+Nginx configuration:
+
+- Entries prefixed with `nginx_http_` will be injected to the overall `http`
+block directive.
+
+- Entries prefixed with `nginx_proxy_` will be injected to the `server` block
+directive handling Kong's proxy ports.
+
+- Entries prefixed with `nginx_admin_` will be injected to the `server` block
+directive handling Kong's Admin API ports.
+
+For example, if you add the following line to your `kong.conf` file:
+
+```
+nginx_proxy_large_client_header_buffers=16 128k
+```
+
+it will add the following directive to the proxy `server` block of Kong's
+Nginx configuration:
+
+```
+    large_client_header_buffers 16 128k;
+```
+
+Like any other entry in `kong.conf`, these directives can also be specified
+using [environment variables](#environment-variables) as shown above. For
+example, if you declare an environment variable like this:
+
+```bash
+$ export KONG_NGINX_HTTP_OUTPUT_BUFFERS="4 64k"
+```
+
+This will result in the following Nginx directive being added to the `http`
+block:
+
+```
+    output_buffers 4 64k;
+```
+
+As always, be mindful of your shell's quoting rules specifying values
+containing spaces.
+
+For more details on the Nginx configuration file structure and block
+directives, see https://nginx.org/en/docs/beginners_guide.html#conf_structure.
+
+For a list of Nginx directives, see https://nginx.org/en/docs/dirindex.html.
+Note however that some directives are dependent of specific Nginx modules,
+some of which may not be included with the official builds of Kong.
+
+### Including files via injected Nginx directives
+
+For more complex configuration scenarios, such as adding entire new
+`server` blocks, you can use the method described above to inject an
+`include` directive to the Nginx configuration, pointing to a file
+containing your additional Nginx settings.
+
+For example, if you create a file called `my-server.kong.conf` with
+the following contents:
+
+```
+# custom server
+server {
+  listen 2112;
+  location / {
+    # ...more settings...
+    return 200;
+  }
+}
+```
+
+You can make the Kong node serve this port by adding the following
+entry to your `kong.conf` file:
+
+```
+nginx_http_include = /path/to/your/my-server.kong.conf
+```
+
+or, alternatively, by configuring it via an environment variable:
+
+```bash
+$ export KONG_NGINX_HTTP_INCLUDE="/path/to/your/my-server.kong.conf"
+```
+
+Now, when you start Kong, the `server` section from that file will be added to
+that file, meaning that the custom server defined in it will be responding,
+alongside the regular Kong ports:
+
+```bash
+$ curl -I http://127.0.0.1:2112
+HTTP/1.1 200 OK
+...
+```
+
+Note that if you use a relative path in an `nginx_http_include` property, that
+path will be interpreted relative to the value of the `prefix` property of
+your `kong.conf` file (or the value of the `-p` flag of `kong start` if you
+used it to override the prefix when starting Kong).
+
+## Custom Nginx templates & embedding Kong
+
+For the vast majority of use-cases, using the Nginx directive injection system
+explained above should be sufficient for customizing the behavior of Kong's
+Nginx instance. This way, you can manage the configuration and tuning of your
+Kong node from a single `kong.conf` file (and optionally your own included
+files), without having to deal with custom Nginx configuration templates.
+
+There are two scenarios in which you may want to make use of custom Nginx
+configuration templates directly:
+
+- In the rare occasion that you may need to modify some of Kong's default
+Nginx configuration that are not adjustable via its standard `kong.conf`
+properties, you can still modify the template used by Kong for producing its
+Nginx configuration and launch Kong using your customized template.
+
+- If you need to embed Kong in an already running OpenResty instance, you
+can reuse Kong's generated configuration and include it in your existing
+configuration.
+
+### Custom Nginx templates
+
+Kong can be started, reloaded and restarted with an `--nginx-conf` argument,
+which must specify an Nginx configuration template. Such a template uses the
+[Penlight][Penlight] [templating engine][pl.template], which is compiled using
+the given Kong configuration, before being dumped in your Kong prefix
+directory, moments before starting Nginx.
+
+The default template can be found at:
+https://github.com/kong/kong/tree/master/kong/templates. It is split in two
+Nginx configuration files: `nginx.lua` and `nginx_kong.lua`. The former is
+minimalistic and includes the latter, which contains everything Kong requires
+to run. When `kong start` runs, right before starting Nginx, it copies these
+two files into the prefix directory, which looks like so:
+
+```
+/usr/local/kong
+├── nginx-kong.conf
+└── nginx.conf
+```
+
+If you must tweak global settings that are defined by Kong but not adjustable
+via the Kong configuration in `kong.conf`, you can inline the contents of the
+`nginx_kong.lua` configuration template into a custom template file (in this
+example called `custom_nginx.template`) like this:
+
+```
+# ---------------------
+# custom_nginx.template
+# ---------------------
+
+worker_processes ${{ "{{NGINX_WORKER_PROCESSES" }}}}; # can be set by kong.conf
+daemon ${{ "{{NGINX_DAEMON" }}}};                     # can be set by kong.conf
+
+pid pids/nginx.pid;                      # this setting is mandatory
+error_log logs/error.log ${{ "{{LOG_LEVEL" }}}}; # can be set by kong.conf
+
+events {
+    use epoll;          # a custom setting
+    multi_accept on;
+}
+
+http {
+
+  # contents of the nginx_kong.lua template follow:
+
+  resolver ${{ "{{DNS_RESOLVER" }}}} ipv6=off;
+  charset UTF-8;
+  error_log logs/error.log ${{ "{{LOG_LEVEL" }}}};
+  access_log logs/access.log;
+
+  ... # etc
+}
+```
+
+You can then start Kong with:
+
+```bash
+$ kong start -c kong.conf --nginx-conf custom_nginx.template
+```
+
+## Embedding Kong in OpenResty
+
+If you are running your own OpenResty servers, you can also easily embed Kong
+by including the Kong Nginx sub-configuration using the `include` directive.
+If you have an existing Nginx configuration, you can simply include the
+Kong-specific portion of the configuration which is output by Kong in a separate
+`nginx-kong.conf` file:
+
+```
+# my_nginx.conf
+
+# ...your nginx settings...
+
+http {
+    include 'nginx-kong.conf';
+
+    # ...your nginx settings...
+}
+```
+
+You can then start your Nginx instance like so:
+
+```bash
+$ nginx -p /usr/local/openresty -c my_nginx.conf
+```
+
+and Kong will be running in that instance (as configured in `nginx-kong.conf`).
+
+## Serving both a website and your APIs from Kong
+
+A common use case for API providers is to make Kong serve both a website
+and the APIs themselves over the Proxy port &mdash; `80` or `443` in
+production. For example, `https://example.net` (Website) and
+`https://example.net/api/v1` (API).
+
+To achieve this, we cannot simply declare a new virtual server block,
+like we did in the previous section. A good solution is to use a custom
+Nginx configuration template which inlines `nginx_kong.lua` and adds a new
+`location` block serving the website alongside the Kong Proxy `location`
+block:
+
+```
+# ---------------------
+# custom_nginx.template
+# ---------------------
+
+worker_processes ${{ "{{NGINX_WORKER_PROCESSES" }}}}; # can be set by kong.conf
+daemon ${{ "{{NGINX_DAEMON" }}}};                     # can be set by kong.conf
+
+pid pids/nginx.pid;                      # this setting is mandatory
+error_log logs/error.log ${{ "{{LOG_LEVEL" }}}}; # can be set by kong.conf
+events {}
+
+http {
+  # here, we inline the contents of nginx_kong.lua
+  charset UTF-8;
+
+  # any contents until Kong's Proxy server block
+  ...
+
+  # Kong's Proxy server block
+  server {
+    server_name kong;
+
+    # any contents until the location / block
+    ...
+
+    # here, we declare our custom location serving our website
+    # (or API portal) which we can optimize for serving static assets
+    location / {
+      root /var/www/example.net;
+      index index.htm index.html;
+      ...
+    }
+
+    # Kong's Proxy location / has been changed to /api/v1
+    location /api/v1 {
+      set $upstream_host nil;
+      set $upstream_scheme nil;
+      set $upstream_uri nil;
+
+      # Any remaining configuration for the Proxy location
+      ...
+    }
+  }
+
+  # Kong's Admin server block goes below
+  # ...
+}
+```
+
+## Properties reference
+
+### General section
+
+#### prefix
+
+Working directory. Equivalent to Nginx's prefix path, containing temporary
+files and logs.
+
+Each Kong process must have a separate working directory.
+
+Default: `/usr/local/kong/`
+
+---
+
+#### log_level
+
+Log level of the Nginx server. Logs are found at `<prefix>/logs/error.log`.
+
+See http://nginx.org/en/docs/ngx_core_module.html#error_log for a list of
+accepted values.
+
+Default: `notice`
+
+---
+
+#### proxy_access_log
+
+Path for proxy port request access logs. Set this value to `off` to disable
+logging proxy requests.
+
+If this value is a relative path, it will be placed under the `prefix`
+location.
+
+Default: `logs/access.log`
+
+---
+
+#### proxy_error_log
+
+Path for proxy port request error logs. The granularity of these logs is
+adjusted by the `log_level` property.
+
+Default: `logs/error.log`
+
+---
+
+#### admin_access_log
+
+Path for Admin API request access logs. Set this value to `off` to disable
+logging Admin API requests.
+
+If this value is a relative path, it will be placed under the `prefix`
+location.
+
+Default: `logs/admin_access.log`
+
+---
+
+#### admin_error_log
+
+Path for Admin API request error logs. The granularity of these logs is
+adjusted by the `log_level` property.
+
+Default: `logs/error.log`
+
+---
+
+#### plugins
+
+Comma-separated list of plugins this node should load. By default, only plugins
+bundled in official distributions are loaded via the `bundled` keyword.
+
+Loading a plugin does not enable it by default, but only instructs Kong to load
+its source code, and allows to configure the plugin via the various related
+Admin API endpoints.
+
+The specified name(s) will be substituted as such in the Lua namespace:
+`kong.plugins.{name}.*`.
+
+When the `off` keyword is specified as the only value, no plugins will be
+loaded.
+
+`bundled` and plugin names can be mixed together, as the following examples
+suggest:
+
+- `plugins = bundled,custom-auth,custom-log` will include the bundled plugins
+  plus two custom ones
+- `plugins = custom-auth,custom-log` will *only* include the `custom-auth` and
+  `custom-log` plugins.
+- `plugins = off` will not include any plugins
+
+**Note:** Kong will not start if some plugins were previously configured (i.e.
+
+have rows in the database) and are not specified in this list. Before disabling
+a plugin, ensure all instances of it are removed before restarting Kong.
+
+**Note:** Limiting the amount of available plugins can improve P99 latency when
+experiencing LRU churning in the database cache (i.e. when the configured
+`mem_cache_size`) is full.
+
+Default: `bundled`
+
+---
+
+#### anonymous_reports
+
+Send anonymous usage data such as error stack traces to help improve Kong.
+
+Default: `on`
+
+---
+
+
+### NGINX section
+
+#### proxy_listen
+
+Comma-separated list of addresses and ports on which the proxy server should
+listen for HTTP/HTTPS traffic.
+
+The proxy server is the public entry point of Kong, which proxies traffic from
+your consumers to your backend services. This value accepts IPv4, IPv6, and
+hostnames.
+
+Some suffixes can be specified for each pair:
+
+- `ssl` will require that all connections made through a particular
+  address/port be made with TLS enabled.
+- `http2` will allow for clients to open HTTP/2 connections to Kong's proxy
+  server.
+- `proxy_protocol` will enable usage of the PROXY protocol for a given
+  address/port.
+- `transparent` will cause kong to listen to, and respond from, any and all IP
+  addresses and ports you configure in iptables.
+- `deferred` instructs to use a deferred accept on Linux (the TCP_DEFER_ACCEPT
+  socket option).
+- `bind` instructs to make a separate bind() call for a given address:port
+  pair.
+- `reuseport` instructs to create an individual listening socket for each
+  worker process allowing a kernel to distribute incoming connections between
+  worker processes
+
+This value can be set to `off`, thus disabling the HTTP/HTTPS proxy port for
+this node.
+
+If stream_listen is also set to `off`, this enables 'control-plane' mode for
+this node (in which all traffic proxying capabilities are disabled). This node
+can then be used only to configure a cluster of Kong nodes connected to the same
+datastore.
+
+Example: `proxy_listen = 0.0.0.0:443 ssl, 0.0.0.0:444 http2 ssl`
+
+See http://nginx.org/en/docs/http/ngx_http_core_module.html#listen for a
+description of the accepted formats for this and other `*_listen` values.
+
+See https://www.nginx.com/resources/admin-guide/proxy-protocol/ for more
+details about the `proxy_protocol` parameter.
+
+Not all `*_listen` values accept all formats specified in nginx's
+documentation.
+
+Default: `0.0.0.0:8000, 0.0.0.0:8443 ssl`
+
+---
+
+#### stream_listen
+
+Comma-separated list of addresses and ports on which the stream mode should
+listen.
+
+This value accepts IPv4, IPv6, and hostnames.
+
+Some suffixes can be specified for each pair:
+
+- `proxy_protocol` will enable usage of the PROXY protocol for a given
+  address/port.
+- `transparent` will cause kong to listen to, and respond from, any and all IP
+  addresses and ports you configure in iptables.
+- `bind` instructs to make a separate bind() call for a given address:port
+  pair.
+- `reuseport` instructs to create an individual listening socket for each
+  worker process allowing a kernel to distribute incoming connections between
+  worker processes
+
+**Note:** The `ssl` suffix is not supported, and each address/port will accept
+TCP with or without TLS enabled.
+
+Examples:
+
+```
+stream_listen = 127.0.0.1:7000
+stream_listen = 0.0.0.0:989, 0.0.0.0:20
+stream_listen = [::1]:1234
+```
+
+By default this value is set to `off`, thus disabling the stream proxy port for
+this node.
+
+See http://nginx.org/en/docs/stream/ngx_stream_core_module.html#listen for a
+description of the formats that Kong might accept in stream_listen.
+
+Default: `off`
+
+---
+
+#### admin_listen
+
+Comma-separated list of addresses and ports on which the Admin interface should
+listen.
+
+The Admin interface is the API allowing you to configure and manage Kong.
+
+Access to this interface should be *restricted* to Kong administrators *only*.
+This value accepts IPv4, IPv6, and hostnames.
+
+Some suffixes can be specified for each pair:
+
+- `ssl` will require that all connections made through a particular
+  address/port be made with TLS enabled.
+- `http2` will allow for clients to open HTTP/2 connections to Kong's proxy
+  server.
+- `proxy_protocol` will enable usage of the PROXY protocol for a given
+  address/port.
+- `transparent` will cause kong to listen to, and respond from, any and all IP
+  addresses and ports you configure in iptables.
+- `deferred` instructs to use a deferred accept on Linux (the TCP_DEFER_ACCEPT
+  socket option).
+- `bind` instructs to make a separate bind() call for a given address:port
+  pair.
+- `reuseport` instructs to create an individual listening socket for each
+  worker process allowing a kernel to distribute incoming connections between
+  worker processes
+
+This value can be set to `off`, thus disabling the Admin interface for this
+node, enabling a 'data-plane' mode (without configuration capabilities) pulling
+its configuration changes from the database.
+
+Example: `stream_listen = 127.0.0.1:8444 http2 ssl`
+
+Default: `127.0.0.1:8001, 127.0.0.1:8444 ssl`
+
+---
+
+#### nginx_user
+
+Defines user and group credentials used by worker processes. If group is
+omitted, a group whose name equals that of user is used.
+
+Example: `nginx_user = nginx www`
+
+Default: `nobody nobody`
+
+---
+
+#### nginx_worker_processes
+
+Determines the number of worker processes spawned by Nginx.
+
+See http://nginx.org/en/docs/ngx_core_module.html#worker_processes for detailed
+usage of the equivalent Nginx directive and a description of accepted values.
+
+Default: `auto`
+
+---
+
+#### nginx_daemon
+
+Determines whether Nginx will run as a daemon or as a foreground process.
+Mainly useful for development or when running Kong inside a Docker environment.
+
+See http://nginx.org/en/docs/ngx_core_module.html#daemon.
+
+Default: `on`
+
+---
+
+#### mem_cache_size
+
+Size of the in-memory cache for database entities. The accepted units are `k`
+and `m`, with a minimum recommended value of a few MBs.
+
+Default: `128m`
+
+---
+
+#### ssl_cipher_suite
+
+Defines the TLS ciphers served by Nginx.
+
+Accepted values are `modern`, `intermediate`, `old`, or `custom`.
+
+See https://wiki.mozilla.org/Security/Server_Side_TLS for detailed descriptions
+of each cipher suite.
+
+Default: `modern`
+
+---
+
+#### ssl_ciphers
+
+Defines a custom list of TLS ciphers to be served by Nginx. This list must
+conform to the pattern defined by `openssl ciphers`.
+
+This value is ignored if `ssl_cipher_suite` is not `custom`.
+
+Default: none
+
+---
+
+#### ssl_cert
+
+The absolute path to the SSL certificate for `proxy_listen` values with SSL
+enabled.
+
+Default: none
+
+---
+
+#### ssl_cert_key
+
+The absolute path to the SSL key for `proxy_listen` values with SSL enabled.
+
+Default: none
+
+---
+
+#### client_ssl
+
+Determines if Nginx should send client-side SSL certificates when proxying
+requests.
+
+Default: `off`
+
+---
+
+#### client_ssl_cert
+
+If `client_ssl` is enabled, the absolute path to the client SSL certificate for
+the `proxy_ssl_certificate` directive. Note that this value is statically
+defined on the node, and currently cannot be configured on a per-API basis.
+
+Default: none
+
+---
+
+#### client_ssl_cert_key
+
+If `client_ssl` is enabled, the absolute path to the client SSL key for the
+`proxy_ssl_certificate_key` address. Note this value is statically defined on
+the node, and currently cannot be configured on a per-API basis.
+
+Default: none
+
+---
+
+#### admin_ssl_cert
+
+The absolute path to the SSL certificate for `admin_listen` values with SSL
+enabled.
+
+Default: none
+
+---
+
+#### admin_ssl_cert_key
+
+The absolute path to the SSL key for `admin_listen` values with SSL enabled.
+
+Default: none
+
+---
+
+#### headers
+
+Comma-separated list of headers Kong should inject in client responses.
+
+Accepted values are:
+
+- `Server`: Injects `Server: kong/x.y.z` on Kong-produced response (e.g. Admin
+  API, rejected requests from auth plugin, etc...).
+- `Via`: Injects `Via: kong/x.y.z` for successfully proxied requests.
+- `X-Kong-Proxy-Latency`: Time taken (in milliseconds) by Kong to process a
+  request and run all plugins before proxying the request upstream.
+- `X-Kong-Upstream-Latency`: Time taken (in milliseconds) by the upstream
+  service to send response headers.
+- `X-Kong-Upstream-Status`: The HTTP status code returned by the upstream
+  service. This is particularly useful for clients to distinguish upstream
+  statuses if the response is rewritten by a plugin.
+- `server_tokens`: Same as specifying both `Server` and `Via`.
+- `latency_tokens`: Same as specifying both `X-Kong-Proxy-Latency` and
+  `X-Kong-Upstream-Latency`.
+
+In addition to those, this value can be set to `off`, which prevents Kong from
+injecting any of the above headers. Note that this does not prevent plugins from
+injecting headers of their own.
+
+Example: `headers = via, latency_tokens`
+
+Default: `server_tokens, latency_tokens`
+
+---
+
+#### trusted_ips
+
+Defines trusted IP addresses blocks that are known to send correct
+`X-Forwarded-*` headers.
+
+Requests from trusted IPs make Kong forward their `X-Forwarded-*` headers
+upstream.
+
+Non-trusted requests make Kong insert its own `X-Forwarded-*` headers.
+
+This property also sets the `set_real_ip_from` directive(s) in the Nginx
+configuration. It accepts the same type of values (CIDR blocks) but as a
+comma-separated list.
+
+To trust *all* /!\ IPs, set this value to `0.0.0.0/0,::/0`.
+
+If the special value `unix:` is specified, all UNIX-domain sockets will be
+trusted.
+
+See http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from
+for examples of accepted values.
+
+Default: none
+
+---
+
+#### real_ip_header
+
+Defines the request header field whose value will be used to replace the client
+address.
+
+This value sets the `ngx_http_realip_module` directive of the same name in the
+Nginx configuration.
+
+If this value receives `proxy_protocol`:
+
+- at least one of the `proxy_listen` entries must have the `proxy_protocol`
+  flag enabled.
+- the `proxy_protocol` parameter will be appended to the `listen` directive of
+  the Nginx template.
+
+See http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header
+for a description of this directive.
+
+Default: `X-Real-IP`
+
+---
+
+#### real_ip_recursive
+
+This value sets the `ngx_http_realip_module` directive of the same name in the
+Nginx configuration.
+
+See http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive
+for a description of this directive.
+
+Default: `off`
+
+---
+
+#### client_max_body_size
+
+Defines the maximum request body size allowed by requests proxied by Kong,
+specified in the Content-Length request header. If a request exceeds this limit,
+Kong will respond with a 413 (Request Entity Too Large). Setting this value to 0
+disables checking the request body size.
+
+See
+http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size for
+further description of this parameter. Numeric values may be suffixed with `k`
+or `m` to denote limits in terms of kilobytes or megabytes.
+
+Default: `0`
+
+---
+
+#### client_body_buffer_size
+
+Defines the buffer size for reading the request body. If the client request
+body is larger than this value, the body will be buffered to disk. Note that
+when the body is buffered to disk Kong plugins that access or manipulate the
+request body may not work, so it is advisable to set this value as high as
+possible (e.g., set it as high as `client_max_body_size` to force request bodies
+to be kept in memory). Do note that high-concurrency environments will require
+significant memory allocations to process many concurrent large request bodies.
+
+See
+http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size
+for further description of this parameter. Numeric values may be suffixed with
+`k` or `m` to denote limits in terms of kilobytes or megabytes.
+
+Default: `8k`
+
+---
+
+#### error_default_type
+
+Default MIME type to use when the request `Accept` header is missing and Nginx
+is returning an error for the request.
+
+Accepted values are `text/plain`, `text/html`, `application/json`, and
+`application/xml`.
+
+Default: `text/plain`
+
+---
+
+
+### NGINX Injected Directives section
+
+Nginx directives can be dynamically injected in the runtime nginx.conf file
+without requiring a custom Nginx configuration template.
+
+All configuration properties respecting the naming scheme
+`nginx_<namespace>_<directive>` will result in `<directive>` being injected in
+the Nginx configuration block corresponding to the property's `<namespace>`.
+
+Example: `nginx_proxy_large_client_header_buffers = 8 24k`
+
+Will inject the following directive in Kong's proxy `server {}` block:
+
+`large_client_header_buffers 8 24k;`
+
+The following namespaces are supported:
+
+- `nginx_http_<directive>`: Injects `<directive>` in Kong's `http {}` block.
+- `nginx_proxy_<directive>`: Injects `<directive>` in Kong's proxy `server {}`
+  block.
+- `nginx_http_upstream_<directive>`: Injects `<directive>` in Kong's proxy
+  `upstream {}` block.
+- `nginx_admin_<directive>`: Injects `<directive>` in Kong's Admin API `server
+  {}` block.
+- `nginx_stream_<directive>`: Injects `<directive>` in Kong's stream module
+  `stream {}` block (only effective if `stream_listen` is enabled).
+- `nginx_sproxy_<directive>`: Injects `<directive>` in Kong's stream module
+  `server {}` block (only effective if `stream_listen` is enabled).
+
+As with other configuration properties, Nginx directives can be injected via
+environment variables when capitalized and prefixed with `KONG_`.
+
+Example: `KONG_NGINX_HTTP_SSL_PROTOCOLS` -> `nginx_http_ssl_protocols`
+
+Will inject the following directive in Kong's `http {}` block:
+
+`ssl_protocols <value>;`
+
+If different sets of protocols are desired between the proxy and Admin API
+server, you may specify `nginx_proxy_ssl_protocols` and/or
+`nginx_admin_ssl_protocols`, both of which taking precedence over the `http {}`
+block.
+
+---
+
+#### nginx_http_ssl_protocols
+
+Enables the specified protocols for client-side connections. The set of
+supported protocol versions also depends on the version of OpenSSL Kong was
+built with.
+
+See http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols
+
+Default: `TLSv1.1 TLSv1.2 TLSv1.3`
+
+---
+
+#### nginx_http_upstream_keepalive
+
+Sets the maximum number of idle keepalive connections to upstream servers that
+are preserved in the cache of each worker process. When this number is exceeded,
+the least recently used connections are closed.
+
+A value of `NONE` will disable this behavior altogether, forcing each upstream
+request to open a new connection.
+
+See http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive
+
+Default: `60`
+
+---
+
+#### nginx_http_upstream_keepalive_requests
+
+Sets the maximum number of requests that can be served through one keepalive
+connection.
+
+After the maximum number of requests is made, the connection is closed.
+
+See
+http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_requests
+
+Default: `100`
+
+---
+
+#### nginx_http_upstream_keepalive_timeout
+
+Sets a timeout during which an idle keepalive connection to an upstream server
+will stay open.
+
+See
+http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive_timeout
+
+Default: `60s`
+
+---
+
+
+### Datastore section
+
+Kong can run with a database to store coordinated data between Kong nodes in a
+cluster, or without a database, where each node stores its information
+independently in memory.
+
+When using a database, Kong will store data for all its entities (such as
+Routes, Services, Consumers, and Plugins) in either Cassandra or PostgreSQL, and
+all Kong nodes belonging to the same cluster must connect themselves to the same
+database.
+
+Kong supports the following database versions:
+
+- **PostgreSQL**: 9.5 and above.
+- **Cassandra**: 2.2 and above.
+
+When not using a database, Kong is said to be in "DB-less mode": it will keep
+its entities in memory, and each node needs to have this data entered via a
+declarative configuration file, which can be specified through the
+`declarative_config` property, or via the Admin API using the `/config`
+endpoint.
+
+---
+
+#### database
+
+Determines which of PostgreSQL or Cassandra this node will use as its
+datastore.
+
+Accepted values are `postgres`, `cassandra`, and `off`.
+
+Default: `postgres`
+
+---
+
+
+#### Postgres settings
+
+name   | description  | default
+-------|--------------|----------
+**pg_host** | Host of the Postgres server. | `127.0.0.1`
+**pg_port** | Port of the Postgres server. | `5432`
+**pg_timeout** | Defines the timeout (in ms), for connecting, reading and writing. | `5000`
+**pg_user** | Postgres user. | `kong`
+**pg_password** | Postgres user's password. | none
+**pg_database** | The database name to connect to. | `kong`
+**pg_schema** | The database schema to use. If unspecified, Kong will respect the `search_path` value of your PostgreSQL instance. | none
+**pg_ssl** | Toggles client-server TLS connections between Kong and PostgreSQL. | `off`
+**pg_ssl_verify** | Toggles server certificate verification if `pg_ssl` is enabled. See the `lua_ssl_trusted_certificate` setting to specify a certificate authority. | `off`
+**pg_max_concurrent_queries** | Sets the maximum number of concurrent queries that can be executing at any given time. This limit is enforced per worker process; the total number of concurrent queries for this node will be will be: `pg_max_concurrent_queries * nginx_worker_processes`. The default value of 0 removes this concurrency limitation. | `0`
+**pg_semaphore_timeout** | Defines the timeout (in ms) after which PostgreSQL query semaphore resource acquisition attempts will fail. Such failures will generally result in the associated proxy or Admin API request failing with an HTTP 500 status code. Detailed discussion of this behavior is available in the online documentation. | `60000`
+
+#### Cassandra settings
+
+name   | description  | default
+-------|--------------|----------
+**cassandra_contact_points** | A comma-separated list of contact points to your cluster. You may specify IP addresses or hostnames. Note that the port component of SRV records will be ignored in favor of `cassandra_port`. When connecting to a multi-DC cluster, ensure that contact points from the local datacenter are specified first in this list. | `127.0.0.1`
+**cassandra_port** | The port on which your nodes are listening on. All your nodes and contact points must listen on the same port. Will be created if it doesn't exist. | `9042`
+**cassandra_keyspace** | The keyspace to use in your cluster. | `kong`
+**cassandra_consistency** | Consistency setting to use when reading/ writing to the Cassandra cluster. | `ONE`
+**cassandra_timeout** | Defines the timeout (in ms) for reading and writing. | `5000`
+**cassandra_ssl** | Toggles client-to-node TLS connections between Kong and Cassandra. | `off`
+**cassandra_ssl_verify** | Toggles server certificate verification if `cassandra_ssl` is enabled. See the `lua_ssl_trusted_certificate` setting to specify a certificate authority. | `off`
+**cassandra_username** | Username when using the `PasswordAuthenticator` scheme. | `kong`
+**cassandra_password** | Password when using the `PasswordAuthenticator` scheme. | none
+**cassandra_lb_policy** | Load balancing policy to use when distributing queries across your Cassandra cluster. Accepted values are: `RoundRobin`, `RequestRoundRobin`, `DCAwareRoundRobin`, and `RequestDCAwareRoundRobin`. Policies prefixed with "Request" make efficient use of established connections throughout the same request. Prefer "DCAware" policies if and only if you are using a multi-datacenter cluster. | `RequestRoundRobin`
+**cassandra_local_datacenter** | When using the `DCAwareRoundRobin` or `RequestDCAwareRoundRobin` load balancing policy, you must specify the name of the local (closest) datacenter for this Kong node. | none
+**cassandra_repl_strategy** | When migrating for the first time, Kong will use this setting to create your keyspace. Accepted values are `SimpleStrategy` and `NetworkTopologyStrategy`. | `SimpleStrategy`
+**cassandra_repl_factor** | When migrating for the first time, Kong will create the keyspace with this replication factor when using the `SimpleStrategy`. | `1`
+**cassandra_data_centers** | When migrating for the first time, will use this setting when using the `NetworkTopologyStrategy`. The format is a comma-separated list made of `<dc_name>:<repl_factor>`. | `dc1:2,dc2:3`
+**cassandra_schema_consensus_timeout** | Defines the timeout (in ms) for the waiting period to reach a schema consensus between your Cassandra nodes. This value is only used during migrations. | `10000`
+
+#### declarative_config
+
+The path to the declarative configuration file which holds the specification of
+all entities (Routes, Services, Consumers, etc.) to be used when the `database`
+is set to `off`.
+
+Entities are stored in Kong's in-memory cache, so you must ensure that enough
+memory is allocated to it via the `mem_cache_size` property. You must also
+ensure that items in the cache never expire, which means that `db_cache_ttl`
+should preserve its default value of 0.
+
+Default: none
+
+---
+
+
+### Datastore Cache section
+
+In order to avoid unnecessary communication with the datastore, Kong caches
+entities (such as APIs, Consumers, Credentials...) for a configurable period of
+time. It also handles invalidations if such an entity is updated.
+
+This section allows for configuring the behavior of Kong regarding the caching
+of such configuration entities.
+
+---
+
+#### db_update_frequency
+
+Frequency (in seconds) at which to check for updated entities with the
+datastore.
+
+When a node creates, updates, or deletes an entity via the Admin API, other
+nodes need to wait for the next poll (configured by this value) to eventually
+purge the old cached entity and start using the new one.
+
+Default: `5`
+
+---
+
+#### db_update_propagation
+
+Time (in seconds) taken for an entity in the datastore to be propagated to
+replica nodes of another datacenter.
+
+When in a distributed environment such as a multi-datacenter Cassandra cluster,
+this value should be the maximum number of seconds taken by Cassandra to
+propagate a row to other datacenters.
+
+When set, this property will increase the time taken by Kong to propagate the
+change of an entity.
+
+Single-datacenter setups or PostgreSQL servers should suffer no such delays,
+and this value can be safely set to 0.
+
+Default: `0`
+
+---
+
+#### db_cache_ttl
+
+Time-to-live (in seconds) of an entity from the datastore when cached by this
+node.
+
+Database misses (no entity) are also cached according to this setting.
+
+If set to 0 (default), such cached entities or misses never expire.
+
+Default: `0`
+
+---
+
+#### db_resurrect_ttl
+
+Time (in seconds) for which stale entities from the datastore should be
+resurrected for when they cannot be refreshed (e.g., the datastore is
+unreachable). When this TTL expires, a new attempt to refresh the stale entities
+will be made.
+
+Default: `30`
+
+---
+
+#### db_cache_warmup_entities
+
+Entities to be pre-loaded from the datastore into the in-memory cache at Kong
+start-up.
+
+This speeds up the first access of endpoints that use the given entities.
+
+When the `services` entity is configured for warmup, the DNS entries for values
+in its `host` attribute are pre-resolved asynchronously as well.
+
+Cache size set in `mem_cache_size` should be set to a value large enough to
+hold all instances of the specified entities.
+
+If the size is insufficient, Kong will log a warning.
+
+Default: `services, plugins`
+
+---
+
+
+### DNS Resolver section
+
+By default the DNS resolver will use the standard configuration files
+`/etc/hosts` and `/etc/resolv.conf`. The settings in the latter file will be
+overridden by the environment variables `LOCALDOMAIN` and `RES_OPTIONS` if they
+have been set.
+
+Kong will resolve hostnames as either `SRV` or `A` records (in that order, and
+`CNAME` records will be dereferenced in the process).
+
+In case a name was resolved as an `SRV` record it will also override any given
+port number by the `port` field contents received from the DNS server.
+
+The DNS options `SEARCH` and `NDOTS` (from the `/etc/resolv.conf` file) will be
+used to expand short names to fully qualified ones. So it will first try the
+entire `SEARCH` list for the `SRV` type, if that fails it will try the `SEARCH`
+list for `A`, etc.
+
+For the duration of the `ttl`, the internal DNS resolver will loadbalance each
+request it gets over the entries in the DNS record. For `SRV` records the
+`weight` fields will be honored, but it will only use the lowest `priority`
+field entries in the record.
+
+---
+
+#### dns_resolver
+
+Comma separated list of nameservers, each entry in `ip[:port]` format to be
+used by Kong. If not specified the nameservers in the local `resolv.conf` file
+will be used.
+
+Port defaults to 53 if omitted. Accepts both IPv4 and IPv6 addresses.
+
+Default: none
+
+---
+
+#### dns_hostsfile
+
+The hosts file to use. This file is read once and its content is static in
+memory.
+
+To read the file again after modifying it, Kong must be reloaded.
+
+Default: `/etc/hosts`
+
+---
+
+#### dns_order
+
+The order in which to resolve different record types. The `LAST` type means the
+type of the last successful lookup (for the specified name). The format is a
+(case insensitive) comma separated list.
+
+Default: `LAST,SRV,A,CNAME`
+
+---
+
+#### dns_valid_ttl
+
+By default, DNS records are cached using the TTL value of a response. If this
+property receives a value (in seconds), it will override the TTL for all
+records.
+
+Default: none
+
+---
+
+#### dns_stale_ttl
+
+Defines, in seconds, how long a record will remain in cache past its TTL. This
+value will be used while the new DNS record is fetched in the background.
+
+Stale data will be used from expiry of a record until either the refresh query
+completes, or the `dns_stale_ttl` number of seconds have passed.
+
+Default: `4`
+
+---
+
+#### dns_not_found_ttl
+
+TTL in seconds for empty DNS responses and "(3) name error" responses.
+
+Default: `30`
+
+---
+
+#### dns_error_ttl
+
+TTL in seconds for error responses.
+
+Default: `1`
+
+---
+
+#### dns_no_sync
+
+If enabled, then upon a cache-miss every request will trigger its own dns
+query.
+
+When disabled multiple requests for the same name/type will be synchronised to
+a single query.
+
+Default: `off`
+
+---
+
+
+### Tuning & Behavior section
+
+#### router_consistency
+
+Defines whether this node should rebuild its router synchronously or
+asynchronously (the router is rebuilt every time a Route or a Service is updated
+via the Admin API or loading a declarative configuration file).
+
+Accepted values are:
+
+- `strict`: the router will be rebuilt synchronously, causing incoming requests
+  to be delayed until the rebuild is finished.
+- `eventual`: the router will be rebuilt asynchronously via a recurring
+  background job running every second inside of each worker.
+
+Note that `strict` ensures that all workers of a given node will always proxy
+requests with an identical router, but that increased long tail latency can be
+observed if frequent Routes and Services updates are expected.
+
+Using `eventual` will help preventing long tail latency issues in such cases,
+but may cause workers to route requests differently for a short period of time
+after Routes and Services updates.
+
+Default: `strict`
+
+---
+
+
+### Development & Miscellaneous section
+
+Additional settings inherited from lua-nginx-module allowing for more
+flexibility and advanced usage.
+
+See the lua-nginx-module documentation for more information:
+https://github.com/openresty/lua-nginx-module
+
+---
+
+#### lua_ssl_trusted_certificate
+
+Absolute path to the certificate authority file for Lua cosockets in PEM
+format. This certificate will be the one used for verifying Kong's database
+connections, when `pg_ssl_verify` or `cassandra_ssl_verify` are enabled.
+
+See https://github.com/openresty/lua-nginx-module#lua_ssl_trusted_certificate
+
+Default: none
+
+---
+
+#### lua_ssl_verify_depth
+
+Sets the verification depth in the server certificates chain used by Lua
+cosockets, set by `lua_ssl_trusted_certificate`.
+
+This includes the certificates configured for Kong's database connections.
+
+See https://github.com/openresty/lua-nginx-module#lua_ssl_verify_depth
+
+Default: `1`
+
+---
+
+#### lua_package_path
+
+Sets the Lua module search path (LUA_PATH). Useful when developing or using
+custom plugins not stored in the default search path.
+
+See https://github.com/openresty/lua-nginx-module#lua_package_path
+
+Default: `./?.lua;./?/init.lua;`
+
+---
+
+#### lua_package_cpath
+
+Sets the Lua C module search path (LUA_CPATH).
+
+See https://github.com/openresty/lua-nginx-module#lua_package_cpath
+
+Default: none
+
+---
+
+#### lua_socket_pool_size
+
+Specifies the size limit for every cosocket connection pool associated with
+every remote server.
+
+See https://github.com/openresty/lua-nginx-module#lua_socket_pool_size
+
+Default: `30`
+
+---
+
+
+### Additional Configuration
+
+#### origins
+
+The origins configuration can be useful in complex networking configurations,
+and is typically required when Kong is used in a service mesh.
+
+`origins` is a comma-separated list of pairs of origins, with each half of the
+pair separated by an `=` symbol. The origin on the left of each pair is
+overridden by the origin on the right. This override occurs after the access
+phase, and before upstream resolution. It has the effect of causing Kong to
+send traffic that would have gone to the left origin to the right origin instead.
+
+The term origin (singular) refers to a particular scheme/host or IP address/port
+triple, as described in RFC 6454 (https://tools.ietf.org/html/rfc6454#section-3.2).
+In Kong's `origins` configuration, the scheme *must* be one of `http`, `https`,
+`tcp`, or `tls`. In each pair of origins, the scheme *must* be of similar type -
+thus `http` can pair with `https`, and `tcp` can pair with `tls`, but `http` and
+`https` cannot pair with `tcp` and `tls`.
+
+When an encrypted scheme like `tls` or `https` in the left origin is paired with
+an unencrypted scheme like `tcp` or `http` in the right origin, Kong will
+terminate TLS on incoming connections matching the left origin, and will then
+route traffic unencrypted to the specified right origin. This is useful when
+connections will be made to the Kong node over TLS, but the local service (for
+which Kong is proxying traffic) doesn't or can't terminate TLS. Similarly, if
+the left origin is `tcp` or `http` and the right origin is `tls` or `https`,
+Kong will accept unencrypted incoming traffic, and will then wrap that traffic
+in TLS as it is routed outbound. This capability is an important enabler of Kong Mesh.
+
+Like all Kong configuration settings, the `origins` setting *can* be declared in
+the `Kong.conf` file - however **it is recommended that Kong administrators
+avoid doing so**. Instead, `origins` should be set on a per-node basis using
+[environment variables](https://docs.konghq.com/{{page.kong_version}}/configuration/#environment-variables).
+As such, `origins` is not present in [`kong.conf.default`](https://github.com/Kong/kong/blob/0.15.0/kong.conf.default).
+
+In Kubernetes deployments, it is recommended that `origins` not be configured
+and maintained "by hand" - instead, `origins` for each Kong node should be
+managed by the Kubernetes Identity Module (KIM).
+
+Default: none
+
+##### Examples
+
+If a given Kong node has the following configuration for `origins`:
+
+```
+http://upstream-foo-bar:1234=http://localhost:5678
+```
+
+That Kong node will not attempt to resolve `upstream-foo-bar` - instead, that
+Kong node will route traffic to `localhost:5678`. In a service mesh deployment
+of Kong, this override would be necessary to cause a Kong sidecar adjacent to
+an instance of the `upstream-foo-bar` application to route traffic to that
+local instance, rather than trying to route traffic back across the network to
+a non-local instance of `upstream-foo-bar`.
+
+---
+
+In another typical sidecar deployment, in which the Kong node is deployed on
+the same host, virtual machine, or Kubernetes Pod as one instance of a service
+for which Kong is acting as a proxy, `origins` would be configured like:
+
+```
+https://service-b:9876=http://localhost:5432
+```
+
+This arrangement would cause this Kong node to accept _only_ HTTPS connections
+on port 9876, terminate TLS, then forward the now-unencrypted traffic to
+localhost port 5432.
+
+---
+
+Following is an example consisting of two pairs, demonstrating the correct use
+of the `,` separator with no space:
+
+```
+https://foo.bar.com:443=http://localhost:80,tls://dog.cat.org:9999=tcp://localhost:8888
+```
+
+This configuration would result in Kong accepting _only_ HTTPS traffic on port
+443, and _only_ TLS traffic on port 9999, terminating TLS in both cases, then
+forwarding the traffic to localhost ports 80 and 8888 respectively. Assuming
+that the localhost ports 80 and 8888 are each associated with a separate
+service, this configuration could occur when Kong is acting as a node proxy,
+which is a local proxy that is acting on behalf of multiple services (which
+differs from a sidecar proxy, in which a local proxy acts on behalf of only a
+_single_ local service).
+
+
+[Penlight]: http://stevedonovan.github.io/Penlight/api/index.html
+[pl.template]: http://stevedonovan.github.io/Penlight/api/libraries/pl.template.html
diff --git a/app/1.3.x/db-less-admin-api.md b/app/1.3.x/db-less-admin-api.md
new file mode 100644
index 000000000000..4c4a5029735f
--- /dev/null
+++ b/app/1.3.x/db-less-admin-api.md
@@ -0,0 +1,1898 @@
+---
+title: Admin API for DB-less Mode
+
+service_body: |
+    Attributes | Description
+    ---:| ---
+    `name`<br>*optional* | The Service name.
+    `retries`<br>*optional* | The number of retries to execute upon failure to proxy. Defaults to `5`.
+    `protocol` |  The protocol used to communicate with the upstream. It can be one of `http` or `https`.  Defaults to `"http"`.
+    `host` | The host of the upstream server.
+    `port` | The upstream server port. Defaults to `80`.
+    `path`<br>*optional* | The path to be used in requests to the upstream server.
+    `connect_timeout`<br>*optional* |  The timeout in milliseconds for establishing a connection to the upstream server.  Defaults to `60000`.
+    `write_timeout`<br>*optional* |  The timeout in milliseconds between two successive write operations for transmitting a request to the upstream server.  Defaults to `60000`.
+    `read_timeout`<br>*optional* |  The timeout in milliseconds between two successive read operations for transmitting a request to the upstream server.  Defaults to `60000`.
+    `tags`<br>*optional* |  An optional set of strings associated with the Service, for grouping and filtering. 
+    `client_certificate`<br>*optional* |  Certificate to be used as client certificate while TLS handshaking to the upstream server.  With form-encoded, the notation is `client_certificate.id=<client_certificate_id>`. With JSON, use `"client_certificate":{"id":"<client_certificate_id>"}`.
+    `url`<br>*shorthand-attribute* |  Shorthand attribute to set `protocol`, `host`, `port` and `path` at once. This attribute is write-only (the Admin API never "returns" the url). 
+
+service_json: |
+    {
+        "id": "9748f662-7711-4a90-8186-dc02f10eb0f5",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-service",
+        "retries": 5,
+        "protocol": "http",
+        "host": "example.com",
+        "port": 80,
+        "path": "/some_api",
+        "connect_timeout": 60000,
+        "write_timeout": 60000,
+        "read_timeout": 60000,
+        "tags": ["user-level", "low-priority"],
+        "client_certificate": {"id":"4e3ad2e4-0bc4-4638-8e34-c84a417ba39b"}
+    }
+
+service_data: |
+    "data": [{
+        "id": "a5fb8d9b-a99d-40e9-9d35-72d42a62d83a",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-service",
+        "retries": 5,
+        "protocol": "http",
+        "host": "example.com",
+        "port": 80,
+        "path": "/some_api",
+        "connect_timeout": 60000,
+        "write_timeout": 60000,
+        "read_timeout": 60000,
+        "tags": ["user-level", "low-priority"],
+        "client_certificate": {"id":"51e77dc2-8f3e-4afa-9d0e-0e3bbbcfd515"}
+    }, {
+        "id": "fc73f2af-890d-4f9b-8363-af8945001f7f",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-service",
+        "retries": 5,
+        "protocol": "http",
+        "host": "example.com",
+        "port": 80,
+        "path": "/another_api",
+        "connect_timeout": 60000,
+        "write_timeout": 60000,
+        "read_timeout": 60000,
+        "tags": ["admin", "high-priority", "critical"],
+        "client_certificate": {"id":"4506673d-c825-444c-a25b-602e3c2ec16e"}
+    }],
+
+route_body: |
+    Attributes | Description
+    ---:| ---
+    `name`<br>*optional* | The name of the Route.
+    `protocols` |  A list of the protocols this Route should allow. When set to `["https"]`, HTTP requests are answered with a request to upgrade to HTTPS.  Defaults to `["http", "https"]`.
+    `methods`<br>*semi-optional* |  A list of HTTP methods that match this Route. 
+    `hosts`<br>*semi-optional* |  A list of domain names that match this Route.  With form-encoded, the notation is `hosts[]=example.com&hosts[]=foo.test`. With JSON, use an Array.
+    `paths`<br>*semi-optional* |  A list of paths that match this Route.  With form-encoded, the notation is `paths[]=/foo&paths[]=/bar`. With JSON, use an Array.
+    `headers`<br>*semi-optional* |  One or more lists of values indexed by header name that will cause this Route to match if present in the request. The `Host` header cannot be used with this attribute: hosts should be specified using the `hosts` attribute. 
+    `https_redirect_status_code` |  The status code Kong responds with when all properties of a Route match except the protocol i.e. if the protocol of the request is `HTTP` instead of `HTTPS`. `Location` header is injected by Kong if the field is set to 301, 302, 307 or 308.  Defaults to `426`.
+    `regex_priority`<br>*optional* |  A number used to choose which route resolves a given request when several routes match it using regexes simultaneously. When two routes match the path and have the same `regex_priority`, the older one (lowest `created_at`) is used. Note that the priority for non-regex routes is different (longer non-regex routes are matched before shorter ones).  Defaults to `0`.
+    `strip_path`<br>*optional* |  When matching a Route via one of the `paths`, strip the matching prefix from the upstream request URL.  Defaults to `true`.
+    `preserve_host`<br>*optional* |  When matching a Route via one of the `hosts` domain names, use the request `Host` header in the upstream request headers. If set to `false`, the upstream `Host` header will be that of the Service's `host`. 
+    `snis`<br>*semi-optional* |  A list of SNIs that match this Route when using stream routing. 
+    `sources`<br>*semi-optional* |  A list of IP sources of incoming connections that match this Route when using stream routing. Each entry is an object with fields "ip" (optionally in CIDR range notation) and/or "port". 
+    `destinations`<br>*semi-optional* |  A list of IP destinations of incoming connections that match this Route when using stream routing. Each entry is an object with fields "ip" (optionally in CIDR range notation) and/or "port". 
+    `tags`<br>*optional* |  An optional set of strings associated with the Route, for grouping and filtering. 
+    `service`<br>*optional* |  The Service this Route is associated to. This is where the Route proxies traffic to.  With form-encoded, the notation is `service.id=<service_id>`. With JSON, use `"service":{"id":"<service_id>"}`.
+
+route_json: |
+    {
+        "id": "d35165e2-d03e-461a-bdeb-dad0a112abfe",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-route",
+        "protocols": ["http", "https"],
+        "methods": ["GET", "POST"],
+        "hosts": ["example.com", "foo.test"],
+        "paths": ["/foo", "/bar"],
+        "headers": {"x-another-header":["bla"], "x-my-header":["foo", "bar"]},
+        "https_redirect_status_code": 426,
+        "regex_priority": 0,
+        "strip_path": true,
+        "preserve_host": false,
+        "tags": ["user-level", "low-priority"],
+        "service": {"id":"af8330d3-dbdc-48bd-b1be-55b98608834b"}
+    }
+
+route_data: |
+    "data": [{
+        "id": "a9daa3ba-8186-4a0d-96e8-00d80ce7240b",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-route",
+        "protocols": ["http", "https"],
+        "methods": ["GET", "POST"],
+        "hosts": ["example.com", "foo.test"],
+        "paths": ["/foo", "/bar"],
+        "headers": {"x-another-header":["bla"], "x-my-header":["foo", "bar"]},
+        "https_redirect_status_code": 426,
+        "regex_priority": 0,
+        "strip_path": true,
+        "preserve_host": false,
+        "tags": ["user-level", "low-priority"],
+        "service": {"id":"127dfc88-ed57-45bf-b77a-a9d3a152ad31"}
+    }, {
+        "id": "9aa116fd-ef4a-4efa-89bf-a0b17c4be982",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-route",
+        "protocols": ["tcp", "tls"],
+        "https_redirect_status_code": 426,
+        "regex_priority": 0,
+        "strip_path": true,
+        "preserve_host": false,
+        "snis": ["foo.test", "example.com"],
+        "sources": [{"ip":"10.1.0.0/16", "port":1234}, {"ip":"10.2.2.2"}, {"port":9123}],
+        "destinations": [{"ip":"10.1.0.0/16", "port":1234}, {"ip":"10.2.2.2"}, {"port":9123}],
+        "tags": ["admin", "high-priority", "critical"],
+        "service": {"id":"ba641b07-e74a-430a-ab46-94b61e5ea66b"}
+    }],
+
+consumer_body: |
+    Attributes | Description
+    ---:| ---
+    `username`<br>*semi-optional* |  The unique username of the consumer. You must send either this field or `custom_id` with the request. 
+    `custom_id`<br>*semi-optional* |  Field for storing an existing unique ID for the consumer - useful for mapping Kong with users in your existing database. You must send either this field or `username` with the request. 
+    `tags`<br>*optional* |  An optional set of strings associated with the Consumer, for grouping and filtering. 
+
+consumer_json: |
+    {
+        "id": "ec1a1f6f-2aa4-4e58-93ff-b56368f19b27",
+        "created_at": 1422386534,
+        "username": "my-username",
+        "custom_id": "my-custom-id",
+        "tags": ["user-level", "low-priority"]
+    }
+
+consumer_data: |
+    "data": [{
+        "id": "a4407883-c166-43fd-80ca-3ca035b0cdb7",
+        "created_at": 1422386534,
+        "username": "my-username",
+        "custom_id": "my-custom-id",
+        "tags": ["user-level", "low-priority"]
+    }, {
+        "id": "01c23299-839c-49a5-a6d5-8864c09184af",
+        "created_at": 1422386534,
+        "username": "my-username",
+        "custom_id": "my-custom-id",
+        "tags": ["admin", "high-priority", "critical"]
+    }],
+
+plugin_body: |
+    Attributes | Description
+    ---:| ---
+    `name` |  The name of the Plugin that's going to be added. Currently the Plugin must be installed in every Kong instance separately. 
+    `route`<br>*optional* |  If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the Route being used.  Defaults to `null`. With form-encoded, the notation is `route.id=<route_id>`. With JSON, use `"route":{"id":"<route_id>"}`.
+    `service`<br>*optional* |  If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.  Defaults to `null`. With form-encoded, the notation is `service.id=<service_id>`. With JSON, use `"service":{"id":"<service_id>"}`.
+    `consumer`<br>*optional* |  If set, the plugin will activate only for requests where the specified has been authenticated. (Note that some plugins can not be restricted to consumers this way.). Leave unset for the plugin to activate regardless of the authenticated consumer.  Defaults to `null`. With form-encoded, the notation is `consumer.id=<consumer_id>`. With JSON, use `"consumer":{"id":"<consumer_id>"}`.
+    `config`<br>*optional* |  The configuration properties for the Plugin which can be found on the plugins documentation page in the [Kong Hub](https://docs.konghq.com/hub/). 
+    `run_on` |  Control on which Kong nodes this plugin will run, given a Service Mesh scenario. Accepted values are: * `first`, meaning "run on the first Kong node that is encountered by the request". On an API Getaway scenario, this is the usual operation, since there is only one Kong node in between source and destination. In a sidecar-to-sidecar Service Mesh scenario, this means running the plugin only on the Kong sidecar of the outbound connection. * `second`, meaning "run on the second node that is encountered by the request". This option is only relevant for sidecar-to-sidecar Service Mesh scenarios: this means running the plugin only on the Kong sidecar of the inbound connection. * `all` means "run on all nodes", meaning both sidecars in a sidecar-to-sidecar scenario. This is useful for tracing/logging plugins.  Defaults to `"first"`.
+    `protocols` |  A list of the request protocols that will trigger this plugin. Possible values are `"http"`, `"https"`, `"tcp"`, and `"tls"`. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will may only support `"tcp"` and `"tls"`.  Defaults to `["grpc", "grpcs", "http", "https"]`.
+    `enabled`<br>*optional* | Whether the plugin is applied. Defaults to `true`.
+    `tags`<br>*optional* |  An optional set of strings associated with the Plugin, for grouping and filtering. 
+
+plugin_json: |
+    {
+        "id": "ce44eef5-41ed-47f6-baab-f725cecf98c7",
+        "name": "rate-limiting",
+        "created_at": 1422386534,
+        "route": null,
+        "service": null,
+        "consumer": null,
+        "config": {"minute":20, "hour":500},
+        "run_on": "first",
+        "protocols": ["http", "https"],
+        "enabled": true,
+        "tags": ["user-level", "low-priority"]
+    }
+
+plugin_data: |
+    "data": [{
+        "id": "02621eee-8309-4bf6-b36b-a82017a5393e",
+        "name": "rate-limiting",
+        "created_at": 1422386534,
+        "route": null,
+        "service": null,
+        "consumer": null,
+        "config": {"minute":20, "hour":500},
+        "run_on": "first",
+        "protocols": ["http", "https"],
+        "enabled": true,
+        "tags": ["user-level", "low-priority"]
+    }, {
+        "id": "66c7b5c4-4aaf-4119-af1e-ee3ad75d0af4",
+        "name": "rate-limiting",
+        "created_at": 1422386534,
+        "route": null,
+        "service": null,
+        "consumer": null,
+        "config": {"minute":20, "hour":500},
+        "run_on": "first",
+        "protocols": ["tcp", "tls"],
+        "enabled": true,
+        "tags": ["admin", "high-priority", "critical"]
+    }],
+
+certificate_body: |
+    Attributes | Description
+    ---:| ---
+    `cert` | PEM-encoded public certificate chain of the SSL key pair.
+    `key` | PEM-encoded private key of the SSL key pair.
+    `tags`<br>*optional* |  An optional set of strings associated with the Certificate, for grouping and filtering. 
+    `snis`<br>*shorthand-attribute* |  An array of zero or more hostnames to associate with this certificate as SNIs. This is a sugar parameter that will, under the hood, create an SNI object and associate it with this certificate for your convenience. To set this attribute this certificate must have a valid private key associated with it. 
+
+certificate_json: |
+    {
+        "id": "7fca84d6-7d37-4a74-a7b0-93e576089a41",
+        "created_at": 1422386534,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+        "key": "-----BEGIN RSA PRIVATE KEY-----...",
+        "tags": ["user-level", "low-priority"]
+    }
+
+certificate_data: |
+    "data": [{
+        "id": "d044b7d4-3dc2-4bbc-8e9f-6b7a69416df6",
+        "created_at": 1422386534,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+        "key": "-----BEGIN RSA PRIVATE KEY-----...",
+        "tags": ["user-level", "low-priority"]
+    }, {
+        "id": "a9b2107f-a214-47b3-add4-46b942187924",
+        "created_at": 1422386534,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+        "key": "-----BEGIN RSA PRIVATE KEY-----...",
+        "tags": ["admin", "high-priority", "critical"]
+    }],
+
+ca_certificate_body: |
+    Attributes | Description
+    ---:| ---
+    `cert` | PEM-encoded public certificate of the CA.
+    `tags`<br>*optional* |  An optional set of strings associated with the Certificate, for grouping and filtering. 
+
+ca_certificate_json: |
+    {
+        "id": "04fbeacf-a9f1-4a5d-ae4a-b0407445db3f",
+        "created_at": 1422386534,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+        "tags": ["user-level", "low-priority"]
+    }
+
+ca_certificate_data: |
+    "data": [{
+        "id": "43429efd-b3a5-4048-94cb-5cc4029909bb",
+        "created_at": 1422386534,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+        "tags": ["user-level", "low-priority"]
+    }, {
+        "id": "d26761d5-83a4-4f24-ac6c-cff276f2b79c",
+        "created_at": 1422386534,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+        "tags": ["admin", "high-priority", "critical"]
+    }],
+
+sni_body: |
+    Attributes | Description
+    ---:| ---
+    `name` | The SNI name to associate with the given certificate.
+    `tags`<br>*optional* |  An optional set of strings associated with the SNIs, for grouping and filtering. 
+    `certificate` |  The id (a UUID) of the certificate with which to associate the SNI hostname. The Certificate must have a valid private key associated with it to be used by the SNI object.  With form-encoded, the notation is `certificate.id=<certificate_id>`. With JSON, use `"certificate":{"id":"<certificate_id>"}`.
+
+sni_json: |
+    {
+        "id": "91020192-062d-416f-a275-9addeeaffaf2",
+        "name": "my-sni",
+        "created_at": 1422386534,
+        "tags": ["user-level", "low-priority"],
+        "certificate": {"id":"a2e013e8-7623-4494-a347-6d29108ff68b"}
+    }
+
+sni_data: |
+    "data": [{
+        "id": "147f5ef0-1ed6-4711-b77f-489262f8bff7",
+        "name": "my-sni",
+        "created_at": 1422386534,
+        "tags": ["user-level", "low-priority"],
+        "certificate": {"id":"a3ad71a8-6685-4b03-a101-980a953544f6"}
+    }, {
+        "id": "b87eb55d-69a1-41d2-8653-8d706eecefc0",
+        "name": "my-sni",
+        "created_at": 1422386534,
+        "tags": ["admin", "high-priority", "critical"],
+        "certificate": {"id":"4e8d95d4-40f2-4818-adcb-30e00c349618"}
+    }],
+
+upstream_body: |
+    Attributes | Description
+    ---:| ---
+    `name` | This is a hostname, which must be equal to the `host` of a Service.
+    `algorithm`<br>*optional* | Which load balancing algorithm to use. One of: `round-robin`, `consistent-hashing`, or `least-connections`. Defaults to `"round-robin"`.
+    `hash_on`<br>*optional* | What to use as hashing input: `none` (resulting in a weighted-round-robin scheme with no hashing), `consumer`, `ip`, `header`, or `cookie`. Defaults to `"none"`.
+    `hash_fallback`<br>*optional* | What to use as hashing input if the primary `hash_on` does not return a hash (eg. header is missing, or no consumer identified). One of: `none`, `consumer`, `ip`, `header`, or `cookie`. Not available if `hash_on` is set to `cookie`. Defaults to `"none"`.
+    `hash_on_header`<br>*semi-optional* | The header name to take the value from as hash input. Only required when `hash_on` is set to `header`.
+    `hash_fallback_header`<br>*semi-optional* | The header name to take the value from as hash input. Only required when `hash_fallback` is set to `header`.
+    `hash_on_cookie`<br>*semi-optional* | The cookie name to take the value from as hash input. Only required when `hash_on` or `hash_fallback` is set to `cookie`. If the specified cookie is not in the request, Kong will generate a value and set the cookie in the response.
+    `hash_on_cookie_path`<br>*semi-optional* | The cookie path to set in the response headers. Only required when `hash_on` or `hash_fallback` is set to `cookie`. Defaults to `"/"`.
+    `slots`<br>*optional* | The number of slots in the loadbalancer algorithm (`10`-`65536`). Defaults to `10000`.
+    `healthchecks.active.https_verify_certificate`<br>*optional* | Whether to check the validity of the SSL certificate of the remote host when performing active health checks using HTTPS. Defaults to `true`.
+    `healthchecks.active.unhealthy.http_statuses`<br>*optional* | An array of HTTP statuses to consider a failure, indicating unhealthiness, when returned by a probe in active health checks. Defaults to `[429, 404, 500, 501, 502, 503, 504, 505]`. With form-encoded, the notation is `http_statuses[]=429&http_statuses[]=404`. With JSON, use an Array.
+    `healthchecks.active.unhealthy.tcp_failures`<br>*optional* | Number of TCP failures in active probes to consider a target unhealthy. Defaults to `0`.
+    `healthchecks.active.unhealthy.timeouts`<br>*optional* | Number of timeouts in active probes to consider a target unhealthy. Defaults to `0`.
+    `healthchecks.active.unhealthy.http_failures`<br>*optional* | Number of HTTP failures in active probes (as defined by `healthchecks.active.unhealthy.http_statuses`) to consider a target unhealthy. Defaults to `0`.
+    `healthchecks.active.unhealthy.interval`<br>*optional* | Interval between active health checks for unhealthy targets (in seconds). A value of zero indicates that active probes for unhealthy targets should not be performed. Defaults to `0`.
+    `healthchecks.active.http_path`<br>*optional* | Path to use in GET HTTP request to run as a probe on active health checks. Defaults to `"/"`.
+    `healthchecks.active.timeout`<br>*optional* | Socket timeout for active health checks (in seconds). Defaults to `1`.
+    `healthchecks.active.healthy.http_statuses`<br>*optional* | An array of HTTP statuses to consider a success, indicating healthiness, when returned by a probe in active health checks. Defaults to `[200, 302]`. With form-encoded, the notation is `http_statuses[]=200&http_statuses[]=302`. With JSON, use an Array.
+    `healthchecks.active.healthy.interval`<br>*optional* | Interval between active health checks for healthy targets (in seconds). A value of zero indicates that active probes for healthy targets should not be performed. Defaults to `0`.
+    `healthchecks.active.healthy.successes`<br>*optional* | Number of successes in active probes (as defined by `healthchecks.active.healthy.http_statuses`) to consider a target healthy. Defaults to `0`.
+    `healthchecks.active.https_sni`<br>*optional* | The hostname to use as an SNI (Server Name Identification) when performing active health checks using HTTPS. This is particularly useful when Targets are configured using IPs, so that the target host's certificate can be verified with the proper SNI.
+    `healthchecks.active.concurrency`<br>*optional* | Number of targets to check concurrently in active health checks. Defaults to `10`.
+    `healthchecks.active.type`<br>*optional* | Whether to perform active health checks using HTTP or HTTPS, or just attempt a TCP connection. Possible values are `tcp`, `http` or `https`. Defaults to `"http"`.
+    `healthchecks.passive.unhealthy.http_failures`<br>*optional* | Number of HTTP failures in proxied traffic (as defined by `healthchecks.passive.unhealthy.http_statuses`) to consider a target unhealthy, as observed by passive health checks. Defaults to `0`.
+    `healthchecks.passive.unhealthy.http_statuses`<br>*optional* | An array of HTTP statuses which represent unhealthiness when produced by proxied traffic, as observed by passive health checks. Defaults to `[429, 500, 503]`. With form-encoded, the notation is `http_statuses[]=429&http_statuses[]=500`. With JSON, use an Array.
+    `healthchecks.passive.unhealthy.tcp_failures`<br>*optional* | Number of TCP failures in proxied traffic to consider a target unhealthy, as observed by passive health checks. Defaults to `0`.
+    `healthchecks.passive.unhealthy.timeouts`<br>*optional* | Number of timeouts in proxied traffic to consider a target unhealthy, as observed by passive health checks. Defaults to `0`.
+    `healthchecks.passive.type`<br>*optional* | Whether to perform passive health checks interpreting HTTP/HTTPS statuses, or just check for TCP connection success. Possible values are `tcp`, `http` or `https` (in passive checks, `http` and `https` options are equivalent.). Defaults to `"http"`.
+    `healthchecks.passive.healthy.successes`<br>*optional* | Number of successes in proxied traffic (as defined by `healthchecks.passive.healthy.http_statuses`) to consider a target healthy, as observed by passive health checks. Defaults to `0`.
+    `healthchecks.passive.healthy.http_statuses`<br>*optional* | An array of HTTP statuses which represent healthiness when produced by proxied traffic, as observed by passive health checks. Defaults to `[200, 201, 202, 203, 204, 205, 206, 207, 208, 226, 300, 301, 302, 303, 304, 305, 306, 307, 308]`. With form-encoded, the notation is `http_statuses[]=200&http_statuses[]=201`. With JSON, use an Array.
+    `tags`<br>*optional* |  An optional set of strings associated with the Upstream, for grouping and filtering. 
+
+upstream_json: |
+    {
+        "id": "58c8ccbb-eafb-4566-991f-2ed4f678fa70",
+        "created_at": 1422386534,
+        "name": "my-upstream",
+        "algorithm": "round-robin",
+        "hash_on": "none",
+        "hash_fallback": "none",
+        "hash_on_cookie_path": "/",
+        "slots": 10000,
+        "healthchecks": {
+            "active": {
+                "https_verify_certificate": true,
+                "unhealthy": {
+                    "http_statuses": [429, 404, 500, 501, 502, 503, 504, 505],
+                    "tcp_failures": 0,
+                    "timeouts": 0,
+                    "http_failures": 0,
+                    "interval": 0
+                },
+                "http_path": "/",
+                "timeout": 1,
+                "healthy": {
+                    "http_statuses": [200, 302],
+                    "interval": 0,
+                    "successes": 0
+                },
+                "https_sni": "example.com",
+                "concurrency": 10,
+                "type": "http"
+            },
+            "passive": {
+                "unhealthy": {
+                    "http_failures": 0,
+                    "http_statuses": [429, 500, 503],
+                    "tcp_failures": 0,
+                    "timeouts": 0
+                },
+                "type": "http",
+                "healthy": {
+                    "successes": 0,
+                    "http_statuses": [200, 201, 202, 203, 204, 205, 206, 207, 208, 226, 300, 301, 302, 303, 304, 305, 306, 307, 308]
+                }
+            }
+        },
+        "tags": ["user-level", "low-priority"]
+    }
+
+upstream_data: |
+    "data": [{
+        "id": "ea29aaa3-3b2d-488c-b90c-56df8e0dd8c6",
+        "created_at": 1422386534,
+        "name": "my-upstream",
+        "algorithm": "round-robin",
+        "hash_on": "none",
+        "hash_fallback": "none",
+        "hash_on_cookie_path": "/",
+        "slots": 10000,
+        "healthchecks": {
+            "active": {
+                "https_verify_certificate": true,
+                "unhealthy": {
+                    "http_statuses": [429, 404, 500, 501, 502, 503, 504, 505],
+                    "tcp_failures": 0,
+                    "timeouts": 0,
+                    "http_failures": 0,
+                    "interval": 0
+                },
+                "http_path": "/",
+                "timeout": 1,
+                "healthy": {
+                    "http_statuses": [200, 302],
+                    "interval": 0,
+                    "successes": 0
+                },
+                "https_sni": "example.com",
+                "concurrency": 10,
+                "type": "http"
+            },
+            "passive": {
+                "unhealthy": {
+                    "http_failures": 0,
+                    "http_statuses": [429, 500, 503],
+                    "tcp_failures": 0,
+                    "timeouts": 0
+                },
+                "type": "http",
+                "healthy": {
+                    "successes": 0,
+                    "http_statuses": [200, 201, 202, 203, 204, 205, 206, 207, 208, 226, 300, 301, 302, 303, 304, 305, 306, 307, 308]
+                }
+            }
+        },
+        "tags": ["user-level", "low-priority"]
+    }, {
+        "id": "4fe14415-73d5-4f00-9fbc-c72a0fccfcb2",
+        "created_at": 1422386534,
+        "name": "my-upstream",
+        "algorithm": "round-robin",
+        "hash_on": "none",
+        "hash_fallback": "none",
+        "hash_on_cookie_path": "/",
+        "slots": 10000,
+        "healthchecks": {
+            "active": {
+                "https_verify_certificate": true,
+                "unhealthy": {
+                    "http_statuses": [429, 404, 500, 501, 502, 503, 504, 505],
+                    "tcp_failures": 0,
+                    "timeouts": 0,
+                    "http_failures": 0,
+                    "interval": 0
+                },
+                "http_path": "/",
+                "timeout": 1,
+                "healthy": {
+                    "http_statuses": [200, 302],
+                    "interval": 0,
+                    "successes": 0
+                },
+                "https_sni": "example.com",
+                "concurrency": 10,
+                "type": "http"
+            },
+            "passive": {
+                "unhealthy": {
+                    "http_failures": 0,
+                    "http_statuses": [429, 500, 503],
+                    "tcp_failures": 0,
+                    "timeouts": 0
+                },
+                "type": "http",
+                "healthy": {
+                    "successes": 0,
+                    "http_statuses": [200, 201, 202, 203, 204, 205, 206, 207, 208, 226, 300, 301, 302, 303, 304, 305, 306, 307, 308]
+                }
+            }
+        },
+        "tags": ["admin", "high-priority", "critical"]
+    }],
+
+target_body: |
+    Attributes | Description
+    ---:| ---
+    `target` |  The target address (ip or hostname) and port. If the hostname resolves to an SRV record, the `port` value will be overridden by the value from the DNS record. 
+    `weight`<br>*optional* |  The weight this target gets within the upstream loadbalancer (`0`-`1000`). If the hostname resolves to an SRV record, the `weight` value will be overridden by the value from the DNS record.  Defaults to `100`.
+    `tags`<br>*optional* |  An optional set of strings associated with the Target, for grouping and filtering. 
+
+target_json: |
+    {
+        "id": "a3395f66-2af6-4c79-bea2-1b6933764f80",
+        "created_at": 1422386534,
+        "upstream": {"id":"885a0392-ef1b-4de3-aacf-af3f1697ce2c"},
+        "target": "example.com:8000",
+        "weight": 100,
+        "tags": ["user-level", "low-priority"]
+    }
+
+target_data: |
+    "data": [{
+        "id": "f5a9c0ca-bdbb-490f-8928-2ca95836239a",
+        "created_at": 1422386534,
+        "upstream": {"id":"173a6cee-90d1-40a7-89cf-0329eca780a6"},
+        "target": "example.com:8000",
+        "weight": 100,
+        "tags": ["user-level", "low-priority"]
+    }, {
+        "id": "bdab0e47-4e37-4f0b-8fd0-87d95cc4addc",
+        "created_at": 1422386534,
+        "upstream": {"id":"f00c6da4-3679-4b44-b9fb-36a19bd3ae83"},
+        "target": "example.com:8000",
+        "weight": 100,
+        "tags": ["admin", "high-priority", "critical"]
+    }],
+
+
+---
+
+<div class="alert alert-info.blue" role="alert">
+  This page refers to the Admin API for running Kong configured without a
+  database, managing in-memory entities via declarative config.
+  For using the Admin API for Kong with a database, please refer to the
+  <a href="/{{page.kong_version}}/admin-api">Admin API for Database Mode</a> page.
+</div>
+
+Kong comes with an **internal** RESTful Admin API for administration purposes.
+In [DB-less mode][db-less], this Admin API can be used to load a new declarative
+configuration, and for inspecting the current configuration. In DB-less mode,
+the Admin API for each Kong node functions independently, reflecting the memory state
+of that particular Kong node. This is the case because there is no database
+coordination between Kong nodes.
+
+- `8001` is the default port on which the Admin API listens.
+- `8444` is the default port for HTTPS traffic to the Admin API.
+
+This API provides full control over Kong, so care should be taken when setting
+up Kong environments to avoid undue public exposure of this API.
+See [this document][secure-admin-api] for a discussion
+of methods to secure the Admin API.
+
+## Supported Content Types
+
+The Admin API accepts 2 content types on every endpoint:
+
+- **application/x-www-form-urlencoded**
+- **application/json**
+
+---
+
+## Information Routes
+
+
+
+### Retrieve Node Information
+
+Retrieve generic details about a node.
+
+<div class="endpoint get">/</div>
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "hostname": "",
+    "node_id": "6a72192c-a3a1-4c8d-95c6-efabae9fb969",
+    "lua_version": "LuaJIT 2.1.0-beta3",
+    "plugins": {
+        "available_on_server": [
+            ...
+        ],
+        "enabled_in_cluster": [
+            ...
+        ]
+    },
+    "configuration" : {
+        ...
+    },
+    "tagline": "Welcome to Kong",
+    "version": "0.14.0"
+}
+```
+
+* `node_id`: A UUID representing the running Kong node. This UUID
+  is randomly generated when Kong starts, so the node will have a
+  different `node_id` each time it is restarted.
+* `available_on_server`: Names of plugins that are installed on the node.
+* `enabled_in_cluster`: Names of plugins that are enabled/configured.
+  That is, the plugins configurations currently in the datastore shared
+  by all Kong nodes.
+
+
+---
+
+### Retrieve Node Status
+
+Retrieve usage information about a node, with some basic information
+about the connections being processed by the underlying nginx process,
+the status of the database connection, and node's memory usage.
+
+If you want to monitor the Kong process, since Kong is built on top
+of nginx, every existing nginx monitoring tool or agent can be used.
+
+
+<div class="endpoint get">/status</div>
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "database": {
+      "reachable": true
+    },
+    "memory": {
+        "workers_lua_vms": [{
+            "http_allocated_gc": "0.02 MiB",
+            "pid": 18477
+          }, {
+            "http_allocated_gc": "0.02 MiB",
+            "pid": 18478
+        }],
+        "lua_shared_dicts": {
+            "kong": {
+                "allocated_slabs": "0.04 MiB",
+                "capacity": "5.00 MiB"
+            },
+            "kong_db_cache": {
+                "allocated_slabs": "0.80 MiB",
+                "capacity": "128.00 MiB"
+            },
+        }
+    },
+    "server": {
+        "total_requests": 3,
+        "connections_active": 1,
+        "connections_accepted": 1,
+        "connections_handled": 1,
+        "connections_reading": 0,
+        "connections_writing": 1,
+        "connections_waiting": 0
+    }
+}
+```
+
+* `memory`: Metrics about the memory usage.
+    * `workers_lua_vms`: An array with all workers of the Kong node, where each
+      entry contains:
+    * `http_allocated_gc`: HTTP submodule's Lua virtual machine's memory
+      usage information, as reported by `collectgarbage("count")`, for every
+      active worker, i.e. a worker that received a proxy call in the last 10
+      seconds.
+    * `pid`: worker's process identification number.
+    * `lua_shared_dicts`: An array of information about dictionaries that are
+      shared with all workers in a Kong node, where each array node contains how
+      much memory is dedicated for the specific shared dictionary (`capacity`)
+      and how much of said memory is in use (`allocated_slabs`).
+      These shared dictionaries have least recent used (LRU) eviction
+      capabilities, so a full dictionary, where `allocated_slabs == capacity`,
+      will work properly. However for some dictionaries, e.g. cache HIT/MISS
+      shared dictionaries, increasing their size can be beneficial for the
+      overall performance of a Kong node.
+  * The memory usage unit and precision can be changed using the querystring
+    arguments `unit` and `scale`:
+      * `unit`: one of `b/B`, `k/K`, `m/M`, `g/G`, which will return results
+        in bytes, kibibytes, mebibytes, or gibibytes, respectively. When
+        "bytes" are requested, the memory values in the response will have a
+        number type instead of string. Defaults to `m`.
+      * `scale`: the number of digits to the right of the decimal points when
+        values are given in human-readable memory strings (unit other than
+        "bytes"). Defaults to `2`.
+      You can get the shared dictionaries memory usage in kibibytes with 4
+      digits of precision by doing: `GET /status?unit=k&scale=4`
+* `server`: Metrics about the nginx HTTP/S server.
+    * `total_requests`: The total number of client requests.
+    * `connections_active`: The current number of active client
+      connections including Waiting connections.
+    * `connections_accepted`: The total number of accepted client
+      connections.
+    * `connections_handled`: The total number of handled connections.
+      Generally, the parameter value is the same as accepts unless
+      some resource limits have been reached.
+    * `connections_reading`: The current number of connections
+      where Kong is reading the request header.
+    * `connections_writing`: The current number of connections
+      where nginx is writing the response back to the client.
+    * `connections_waiting`: The current number of idle client
+      connections waiting for a request.
+* `database`: Metrics about the database.
+    * `reachable`: A boolean value reflecting the state of the
+      database connection. Please note that this flag **does not**
+      reflect the health of the database itself.
+
+
+---
+
+## Declarative Configuration
+
+Loading the declarative configuration of entities into Kong
+can be done in two ways: at start-up, through the `declarative_config`
+property, or at run-time, through the Admin API using the `/config`
+endpoint.
+
+To get started using declarative configuration, you need a file
+(in YAML or JSON format) containing entity definitions. You can
+generate a sample declarative configuration with the command:
+
+```
+kong config init
+```
+
+It generates a file named `kong.yml` in the current directory,
+containing the appropriate structure and examples.
+
+
+### Reload Declarative Configuration
+
+This endpoint allows resetting a DB-less Kong with a new
+declarative configuration data file. All previous contents
+are erased from memory, and the entities specified in the
+given file take their place.
+
+To learn more about the file format, please read the
+[declarative configuration][db-less] documentation.
+
+
+<div class="endpoint post">/config</div>
+
+Attributes | Description
+---:| ---
+`config`<br>**required** | The config data (in YAML or JSON format) to be loaded.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+``` json
+{
+    { "services": [],
+      "routes": []
+    }
+}
+```
+
+The response contains a list of all the entities that were parsed from the
+input file.
+
+
+---
+
+## Tags
+
+Tags are strings associated to entities in Kong. Each tag must be composed of one or more
+alphanumeric characters, `_`, `-`, `.` or `~`.
+
+Most core entities can be *tagged* via their `tags` attribute, upon creation or edition.
+
+Tags can be used to filter core entities as well, via the `?tags` querystring parameter.
+
+For example: if you normally get a list of all the Services by doing:
+
+```
+GET /services
+```
+
+You can get the list of all the Services tagged `example` by doing:
+
+```
+GET /services?tags=example
+```
+
+Similarly, if you want to filter Services so that you only get the ones tagged `example` *and*
+`admin`, you can do that like so:
+
+```
+GET /services?tags=example,admin
+```
+
+Finally, if you wanted to filter the Services tagged `example` *or* `admin`, you could use:
+
+```
+GET /services?tags=example/admin
+```
+
+Some notes:
+
+* A maximum of 5 tags can be queried simultaneously in a single request with `,` or `/`
+* Mixing operators is not supported: if you try to mix `,` with `/` in the same querystring,
+  you will receive an error.
+* You may need to quote and/or escape some characters when using them from the
+  command line.
+* Filtering by `tags` is not supported in foreign key relationship endpoints. For example,
+  the `tags` parameter will be ignored in a request such as `GET /services/foo/routes?tags=a,b`
+* `offset` parameters are not guaranteed to work if the `tags` parameter is altered or removed
+
+
+### List All Tags
+
+Returns a paginated list of all the tags in the system.
+
+The list of entities will not be restricted to a single entity type: all the
+entities tagged with tags will be present on this list.
+
+If an entity is tagged with more than one tag, the `entity_id` for that entity
+will appear more than once in the resulting list. Similarly, if several entities
+have been tagged with the same tag, the tag will appear in several items of this list.
+
+
+<div class="endpoint get">/tags</div>
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+``` json
+{
+    {
+      "data": [
+        { "entity_name": "services",
+          "entity_id": "acf60b10-125c-4c1a-bffe-6ed55daefba4",
+          "tag": "s1",
+        },
+        { "entity_name": "services",
+          "entity_id": "acf60b10-125c-4c1a-bffe-6ed55daefba4",
+          "tag": "s2",
+        },
+        { "entity_name": "routes",
+          "entity_id": "60631e85-ba6d-4c59-bd28-e36dd90f6000",
+          "tag": "s1",
+        },
+        ...
+      ],
+      "offset" = "c47139f3-d780-483d-8a97-17e9adc5a7ab",
+      "next" = "/tags?offset=c47139f3-d780-483d-8a97-17e9adc5a7ab",
+    }
+}
+```
+
+
+---
+
+### List Entity Ids by Tag
+
+Returns the entities that have been tagged with the specified tag.
+
+The list of entities will not be restricted to a single entity type: all the
+entities tagged with tags will be present on this list.
+
+
+<div class="endpoint get">/tags/:tags</div>
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+``` json
+{
+    {
+      "data": [
+        { "entity_name": "services",
+          "entity_id": "c87440e1-0496-420b-b06f-dac59544bb6c",
+          "tag": "example",
+        },
+        { "entity_name": "routes",
+          "entity_id": "8a99e4b1-d268-446b-ab8b-cd25cff129b1",
+          "tag": "example",
+        },
+        ...
+      ],
+      "offset" = "1fb491c4-f4a7-4bca-aeba-7f3bcee4d2f9",
+      "next" = "/tags/example?offset=1fb491c4-f4a7-4bca-aeba-7f3bcee4d2f9",
+    }
+}
+```
+
+
+---
+
+## Service Object
+
+Service entities, as the name implies, are abstractions of each of your own
+upstream services. Examples of Services would be a data transformation
+microservice, a billing API, etc.
+
+The main attribute of a Service is its URL (where Kong should proxy traffic
+to), which can be set as a single string or by specifying its `protocol`,
+`host`, `port` and `path` individually.
+
+Services are associated to Routes (a Service can have many Routes associated
+with it). Routes are entry-points in Kong and define rules to match client
+requests. Once a Route is matched, Kong proxies the request to its associated
+Service. See the [Proxy Reference][proxy-reference] for a detailed explanation
+of how Kong proxies traffic.
+
+Services can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.service_json }}
+```
+
+### List Services
+
+##### List All Services
+
+<div class="endpoint get">/services</div>
+
+
+##### List Services Associated to a Specific Certificate
+
+<div class="endpoint get">/certificates/{certificate name or id}/services</div>
+
+Attributes | Description
+---:| ---
+`certificate name or id`<br>**required** | The unique identifier or the `name` attribute of the Certificate whose Services are to be retrieved. When using this endpoint, only Services associated to the specified Certificate will be listed.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.service_data }}
+    "next": "http://localhost:8001/services?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Service
+
+##### Retrieve Service
+
+<div class="endpoint get">/services/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Service to retrieve.
+
+
+##### Retrieve Service Associated to a Specific Route
+
+<div class="endpoint get">/routes/{route name or id}/service</div>
+
+Attributes | Description
+---:| ---
+`route name or id`<br>**required** | The unique identifier **or** the name of the Route associated to the Service to be retrieved.
+
+
+##### Retrieve Service Associated to a Specific Plugin
+
+<div class="endpoint get">/plugins/{plugin id}/service</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Service to be retrieved.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.service_json }}
+```
+
+
+---
+
+## Route Object
+
+Route entities define rules to match client requests. Each Route is
+associated with a Service, and a Service may have multiple Routes associated to
+it. Every request matching a given Route will be proxied to its associated
+Service.
+
+The combination of Routes and Services (and the separation of concerns between
+them) offers a powerful routing mechanism with which it is possible to define
+fine-grained entry-points in Kong leading to different upstream services of
+your infrastructure.
+
+You need at least one matching rule that applies to the protocol being matched
+by the Route. Depending on the protocols configured to be matched by the Route
+(as defined with the `protocols` field), this means that at least one of the
+following attributes must be set:
+
+* For `http`, at least one of `methods`, `hosts`, `headers` or `paths`;
+* For `https`, at least one of `methods`, `hosts`, `headers`, `paths` or `snis`;
+* For `tcp`, at least one of `sources` or `destinations`;
+* For `tls`, at least one of `sources`, `destinations` or `snis`;
+* For `grpc`, at least one of `hosts`, `headers` or `paths`;
+* For `grpcs`, at least one of `hosts`, `headers`, `paths` or `snis`.
+
+Routes can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.route_json }}
+```
+
+### List Routes
+
+##### List All Routes
+
+<div class="endpoint get">/routes</div>
+
+
+##### List Routes Associated to a Specific Service
+
+<div class="endpoint get">/services/{service name or id}/routes</div>
+
+Attributes | Description
+---:| ---
+`service name or id`<br>**required** | The unique identifier or the `name` attribute of the Service whose Routes are to be retrieved. When using this endpoint, only Routes associated to the specified Service will be listed.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.route_data }}
+    "next": "http://localhost:8001/routes?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Route
+
+##### Retrieve Route
+
+<div class="endpoint get">/routes/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Route to retrieve.
+
+
+##### Retrieve Route Associated to a Specific Plugin
+
+<div class="endpoint get">/plugins/{plugin id}/route</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Route to be retrieved.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.route_json }}
+```
+
+
+---
+
+## Consumer Object
+
+The Consumer object represents a consumer - or a user - of a Service. You can
+either rely on Kong as the primary datastore, or you can map the consumer list
+with your database to keep consistency between Kong and your existing primary
+datastore.
+
+Consumers can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.consumer_json }}
+```
+
+### List Consumers
+
+##### List All Consumers
+
+<div class="endpoint get">/consumers</div>
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.consumer_data }}
+    "next": "http://localhost:8001/consumers?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Consumer
+
+##### Retrieve Consumer
+
+<div class="endpoint get">/consumers/{username or id}</div>
+
+Attributes | Description
+---:| ---
+`username or id`<br>**required** | The unique identifier **or** the username of the Consumer to retrieve.
+
+
+##### Retrieve Consumer Associated to a Specific Plugin
+
+<div class="endpoint get">/plugins/{plugin id}/consumer</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Consumer to be retrieved.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.consumer_json }}
+```
+
+
+---
+
+## Plugin Object
+
+A Plugin entity represents a plugin configuration that will be executed during
+the HTTP request/response lifecycle. It is how you can add functionalities
+to Services that run behind Kong, like Authentication or Rate Limiting for
+example. You can find more information about how to install and what values
+each plugin takes by visiting the [Kong Hub](https://docs.konghq.com/hub/).
+
+When adding a Plugin Configuration to a Service, every request made by a client to
+that Service will run said Plugin. If a Plugin needs to be tuned to different
+values for some specific Consumers, you can do so by creating a separate
+plugin instance that specifies both the Service and the Consumer, through the
+`service` and `consumer` fields.
+
+Plugins can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.plugin_json }}
+```
+
+See the [Precedence](#precedence) section below for more details.
+
+#### Precedence
+
+A plugin will always be run once and only once per request. But the
+configuration with which it will run depends on the entities it has been
+configured for.
+
+Plugins can be configured for various entities, combination of entities, or
+even globally. This is useful, for example, when you wish to configure a plugin
+a certain way for most requests, but make _authenticated requests_ behave
+slightly differently.
+
+Therefore, there exists an order of precedence for running a plugin when it has
+been applied to different entities with different configurations. The rule of
+thumb is: the more specific a plugin is with regards to how many entities it
+has been configured on, the higher its priority.
+
+The complete order of precedence when a plugin has been configured multiple
+times is:
+
+1. Plugins configured on a combination of: a Route, a Service, and a Consumer.
+    (Consumer means the request must be authenticated).
+2. Plugins configured on a combination of a Route and a Consumer.
+    (Consumer means the request must be authenticated).
+3. Plugins configured on a combination of a Service and a Consumer.
+    (Consumer means the request must be authenticated).
+4. Plugins configured on a combination of a Route and a Service.
+5. Plugins configured on a Consumer.
+    (Consumer means the request must be authenticated).
+6. Plugins configured on a Route.
+7. Plugins configured on a Service.
+8. Plugins configured to run globally.
+
+**Example**: if the `rate-limiting` plugin is applied twice (with different
+configurations): for a Service (Plugin config A), and for a Consumer (Plugin
+config B), then requests authenticating this Consumer will run Plugin config B
+and ignore A. However, requests that do not authenticate this Consumer will
+fallback to running Plugin config A. Note that if config B is disabled
+(its `enabled` flag is set to `false`), config A will apply to requests that
+would have otherwise matched config B.
+
+
+### List Plugins
+
+##### List All Plugins
+
+<div class="endpoint get">/plugins</div>
+
+
+##### List Plugins Associated to a Specific Route
+
+<div class="endpoint get">/routes/{route id}/plugins</div>
+
+Attributes | Description
+---:| ---
+`route id`<br>**required** | The unique identifier of the Route whose Plugins are to be retrieved. When using this endpoint, only Plugins associated to the specified Route will be listed.
+
+
+##### List Plugins Associated to a Specific Service
+
+<div class="endpoint get">/services/{service id}/plugins</div>
+
+Attributes | Description
+---:| ---
+`service id`<br>**required** | The unique identifier of the Service whose Plugins are to be retrieved. When using this endpoint, only Plugins associated to the specified Service will be listed.
+
+
+##### List Plugins Associated to a Specific Consumer
+
+<div class="endpoint get">/consumers/{consumer id}/plugins</div>
+
+Attributes | Description
+---:| ---
+`consumer id`<br>**required** | The unique identifier of the Consumer whose Plugins are to be retrieved. When using this endpoint, only Plugins associated to the specified Consumer will be listed.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.plugin_data }}
+    "next": "http://localhost:8001/plugins?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Plugin
+
+##### Retrieve Plugin
+
+<div class="endpoint get">/plugins/{plugin id}</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin to retrieve.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.plugin_json }}
+```
+
+
+---
+
+### Retrieve Enabled Plugins
+
+Retrieve a list of all installed plugins on the Kong node.
+
+<div class="endpoint get">/plugins/enabled</div>
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "enabled_plugins": [
+        "jwt",
+        "acl",
+        "cors",
+        "oauth2",
+        "tcp-log",
+        "udp-log",
+        "file-log",
+        "http-log",
+        "key-auth",
+        "hmac-auth",
+        "basic-auth",
+        "ip-restriction",
+        "request-transformer",
+        "response-transformer",
+        "request-size-limiting",
+        "rate-limiting",
+        "response-ratelimiting",
+        "aws-lambda",
+        "bot-detection",
+        "correlation-id",
+        "datadog",
+        "galileo",
+        "ldap-auth",
+        "loggly",
+        "statsd",
+        "syslog"
+    ]
+}
+```
+
+
+---
+
+### Retrieve Plugin Schema
+
+Retrieve the schema of a plugin's configuration. This is useful to
+understand what fields a plugin accepts, and can be used for building
+third-party integrations to the Kong's plugin system.
+
+
+<div class="endpoint get">/plugins/schema/{plugin name}</div>
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "fields": {
+        "hide_credentials": {
+            "default": false,
+            "type": "boolean"
+        },
+        "key_names": {
+            "default": "function",
+            "required": true,
+            "type": "array"
+        }
+    }
+}
+```
+
+
+---
+
+## Certificate Object
+
+A certificate object represents a public certificate, and can be optionally paired with the
+corresponding private key. These objects are used by Kong to handle SSL/TLS termination for
+encrypted requests, or for use as a trusted CA store when validating peer certificate of
+client/service. Certificates are optionally associated with SNI objects to
+tie a cert/key pair to one or more hostnames.
+
+If intermediate certificates are required in addition to the main
+certificate, they should be concatenated together into one string according to
+the following order: main certificate on the top, followed by any intermediates.
+
+Certificates can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.certificate_json }}
+```
+
+### List Certificates
+
+##### List All Certificates
+
+<div class="endpoint get">/certificates</div>
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.certificate_data }}
+    "next": "http://localhost:8001/certificates?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Certificate
+
+##### Retrieve Certificate
+
+<div class="endpoint get">/certificates/{certificate id}</div>
+
+Attributes | Description
+---:| ---
+`certificate id`<br>**required** | The unique identifier of the Certificate to retrieve.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.certificate_json }}
+```
+
+
+---
+
+## CA Certificate Object
+
+A CA certificate object represents a trusted CA. These objects are used by Kong to
+verify the validity of a client or server certificate.
+
+CA Certificates can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.ca_certificate_json }}
+```
+
+### List CA Certificates
+
+##### List All CA Certificates
+
+<div class="endpoint get">/ca_certificates</div>
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.ca_certificate_data }}
+    "next": "http://localhost:8001/ca_certificates?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve CA Certificate
+
+##### Retrieve CA Certificate
+
+<div class="endpoint get">/ca_certificates/{ca_certificate id}</div>
+
+Attributes | Description
+---:| ---
+`ca_certificate id`<br>**required** | The unique identifier of the CA Certificate to retrieve.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.ca_certificate_json }}
+```
+
+
+---
+
+## SNI Object
+
+An SNI object represents a many-to-one mapping of hostnames to a certificate.
+That is, a certificate object can have many hostnames associated with it; when
+Kong receives an SSL request, it uses the SNI field in the Client Hello to
+lookup the certificate object based on the SNI associated with the certificate.
+
+SNIs can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.sni_json }}
+```
+
+### List SNIs
+
+##### List All SNIs
+
+<div class="endpoint get">/snis</div>
+
+
+##### List SNIs Associated to a Specific Certificate
+
+<div class="endpoint get">/certificates/{certificate name or id}/snis</div>
+
+Attributes | Description
+---:| ---
+`certificate name or id`<br>**required** | The unique identifier or the `name` attribute of the Certificate whose SNIs are to be retrieved. When using this endpoint, only SNIs associated to the specified Certificate will be listed.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.sni_data }}
+    "next": "http://localhost:8001/snis?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve SNI
+
+##### Retrieve SNI
+
+<div class="endpoint get">/snis/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the SNI to retrieve.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.sni_json }}
+```
+
+
+---
+
+## Upstream Object
+
+The upstream object represents a virtual hostname and can be used to loadbalance
+incoming requests over multiple services (targets). So for example an upstream
+named `service.v1.xyz` for a Service object whose `host` is `service.v1.xyz`.
+Requests for this Service would be proxied to the targets defined within the upstream.
+
+An upstream also includes a [health checker][healthchecks], which is able to
+enable and disable targets based on their ability or inability to serve
+requests. The configuration for the health checker is stored in the upstream
+object, and applies to all of its targets.
+
+Upstreams can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.upstream_json }}
+```
+
+### List Upstreams
+
+##### List All Upstreams
+
+<div class="endpoint get">/upstreams</div>
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.upstream_data }}
+    "next": "http://localhost:8001/upstreams?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Upstream
+
+##### Retrieve Upstream
+
+<div class="endpoint get">/upstreams/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Upstream to retrieve.
+
+
+##### Retrieve Upstream Associated to a Specific Target
+
+<div class="endpoint get">/targets/{target host:port or id}/upstream</div>
+
+Attributes | Description
+---:| ---
+`target host:port or id`<br>**required** | The unique identifier **or** the host:port of the Target associated to the Upstream to be retrieved.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.upstream_json }}
+```
+
+
+---
+
+### Show Upstream Health for Node
+
+Displays the health status for all Targets of a given Upstream, according to
+the perspective of a specific Kong node. Note that, being node-specific
+information, making this same request to different nodes of the Kong cluster
+may produce different results. For example, one specific node of the Kong
+cluster may be experiencing network issues, causing it to fail to connect to
+some Targets: these Targets will be marked as unhealthy by that node
+(directing traffic from this node to other Targets that it can successfully
+reach), but healthy to all others Kong nodes (which have no problems using that
+Target).
+
+The `data` field of the response contains an array of Target objects.
+The health for each Target is returned in its `health` field:
+
+* If a Target fails to be activated in the balancer due to DNS issues,
+  its status displays as `DNS_ERROR`.
+* When [health checks][healthchecks] are not enabled in the Upstream
+  configuration, the health status for active Targets is displayed as
+  `HEALTHCHECKS_OFF`.
+* When health checks are enabled and the Target is determined to be healthy,
+  either automatically or [manually](#set-target-as-healthy),
+  its status is displayed as `HEALTHY`. This means that this Target is
+  currently included in this Upstream's load balancer execution.
+* When a Target has been disabled by either active or passive health checks
+  (circuit breakers) or [manually](#set-target-as-unhealthy),
+  its status is displayed as `UNHEALTHY`. The load balancer is not directing
+  any traffic to this Target via this Upstream.
+
+
+<div class="endpoint get">/upstreams/{name or id}/health/</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Upstream for which to display Target health.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "total": 2,
+    "node_id": "cbb297c0-14a9-46bc-ad91-1d0ef9b42df9",
+    "data": [
+        {
+            "created_at": 1485524883980,
+            "id": "18c0ad90-f942-4098-88db-bbee3e43b27f",
+            "health": "HEALTHY",
+            "target": "127.0.0.1:20000",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 100
+        },
+        {
+            "created_at": 1485524914883,
+            "id": "6c6f34eb-e6c3-4c1f-ac58-4060e5bca890",
+            "health": "UNHEALTHY",
+            "target": "127.0.0.1:20002",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 200
+        }
+    ]
+}
+```
+
+
+---
+
+## Target Object
+
+A target is an ip address/hostname with a port that identifies an instance of a backend
+service. Every upstream can have many targets, and the targets can be
+dynamically added. Changes are effectuated on the fly.
+
+Because the upstream maintains a history of target changes, the targets cannot
+be deleted or modified. To disable a target, post a new one with `weight=0`;
+alternatively, use the `DELETE` convenience method to accomplish the same.
+
+The current target object definition is the one with the latest `created_at`.
+
+Targets can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.target_json }}
+```
+
+### List Targets
+
+##### List Targets Associated to a Specific Upstream
+
+<div class="endpoint get">/upstreams/{upstream host:port or id}/targets</div>
+
+Attributes | Description
+---:| ---
+`upstream host:port or id`<br>**required** | The unique identifier or the `host:port` attribute of the Upstream whose Targets are to be retrieved. When using this endpoint, only Targets associated to the specified Upstream will be listed.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.target_data }}
+    "next": "http://localhost:8001/targets?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Set Target As Healthy
+
+Set the current health status of a target in the load balancer to "healthy"
+in the entire Kong cluster. This sets the "healthy" status to all addresses
+resolved by this target.
+
+This endpoint can be used to manually re-enable a target that was previously
+disabled by the upstream's [health checker][healthchecks]. Upstreams only
+forward requests to healthy nodes, so this call tells Kong to start using this
+target again.
+
+This resets the health counters of the health checkers running in all workers
+of the Kong node, and broadcasts a cluster-wide message so that the "healthy"
+status is propagated to the whole Kong cluster.
+
+
+<div class="endpoint post">/upstreams/{upstream name or id}/targets/{target or id}/healthy</div>
+
+Attributes | Description
+---:| ---
+`upstream name or id`<br>**required** | The unique identifier **or** the name of the upstream.
+`target or id`<br>**required** | The host/port combination element of the target to set as healthy, or the `id` of an existing target entry.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+### Set Target As Unhealthy
+
+Set the current health status of a target in the load balancer to "unhealthy"
+in the entire Kong cluster. This sets the "unhealthy" status to all addresses
+resolved by this target.
+
+This endpoint can be used to manually disable a target and have it stop
+responding to requests. Upstreams only forward requests to healthy nodes, so
+this call tells Kong to start skipping this target.
+
+This call resets the health counters of the health checkers running in all
+workers of the Kong node, and broadcasts a cluster-wide message so that the
+"unhealthy" status is propagated to the whole Kong cluster.
+
+[Active health checks][active] continue to execute for unhealthy
+targets. Note that if active health checks are enabled and the probe detects
+that the target is actually healthy, it will automatically re-enable it again.
+To permanently remove a target from the balancer, you should [delete a
+target](#delete-target) instead.
+
+
+<div class="endpoint post">/upstreams/{upstream name or id}/targets/{target or id}/unhealthy</div>
+
+Attributes | Description
+---:| ---
+`upstream name or id`<br>**required** | The unique identifier **or** the name of the upstream.
+`target or id`<br>**required** | The host/port combination element of the target to set as unhealthy, or the `id` of an existing target entry.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+### List All Targets
+
+Lists all targets of the upstream. Multiple target objects for the same
+target may be returned, showing the history of changes for a specific target.
+The target object with the latest `created_at` is the current definition.
+
+
+<div class="endpoint get">/upstreams/{name or id}/targets/all/</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the upstream for which to list the targets.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "total": 2,
+    "data": [
+        {
+            "created_at": 1485524883980,
+            "id": "18c0ad90-f942-4098-88db-bbee3e43b27f",
+            "target": "127.0.0.1:20000",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 100
+        },
+        {
+            "created_at": 1485524914883,
+            "id": "6c6f34eb-e6c3-4c1f-ac58-4060e5bca890",
+            "target": "127.0.0.1:20002",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 200
+        }
+    ]
+}
+```
+
+
+---
+
+[clustering]: /{{page.kong_version}}/clustering
+[cli]: /{{page.kong_version}}/cli
+[active]: /{{page.kong_version}}/health-checks-circuit-breakers/#active-health-checks
+[healthchecks]: /{{page.kong_version}}/health-checks-circuit-breakers
+[secure-admin-api]: /{{page.kong_version}}/secure-admin-api
+[proxy-reference]: /{{page.kong_version}}/proxy
+[db-less]: /{{page.kong_version}}/db-less-and-declarative-config
+[admin-api]: /{{page.kong_version}}/admin-api
diff --git a/app/1.3.x/db-less-and-declarative-config.md b/app/1.3.x/db-less-and-declarative-config.md
new file mode 100644
index 000000000000..09d8ddad4f44
--- /dev/null
+++ b/app/1.3.x/db-less-and-declarative-config.md
@@ -0,0 +1,321 @@
+---
+title: DB-less and Declarative Configuration
+---
+
+
+## Introduction
+
+Traditionally, Kong has always required a database, which could be either
+Postgres or Cassandra, to store its configured entities such as Routes,
+Services and Plugins. Kong uses its configuration file, `kong.conf`, to
+specify the use of Postgres and Cassandra and its various settings.
+
+Kong 1.1 added the capability to run Kong without a database, using only
+in-memory storage for entities: we call this **DB-less mode**. When running
+Kong DB-less, the configuration of entities is done in a second configuration
+file, in YAML or JSON, using **declarative configuration**.
+
+The combination of DB-less mode and declarative configuration has a number
+of benefits:
+
+* Reduced number of dependencies: no need to manage a database installation
+  if the entire setup for your use-cases fits in memory
+* it is a good fit for automation in CI/CD scenarios: configuration for
+  entities can be kept in a single source of truth managed via a Git
+  repository
+* It enables more deployment options for Kong: for example, DB-less Kong
+  is a natural fit for a lightweight sidecar in a Service Mesh scenario
+
+## What Is Declarative Configuration
+
+<i>If you are already familiar with the concept of declarative configuration you
+may skip this section.</i>
+
+The key idea in declarative configuration is, as its name shows, the notion
+that it is *declarative*, as opposed to an *imperative* style of
+configuration. "Imperative" means that a configuration is given as a series of
+orders: "do this, then to that". "Declative" means that the configuration is
+given all at once: "I declare this to be the state of the world".
+
+The Kong Admin API is an example of an imperative configuration tool: the
+final state of the configuration is obtain through a sequence of API calls:
+one call to create a Service, another call to create a Route, another call to
+add a Plugin, and so on.
+
+Performing the configuration incrementally like this has the undesirable
+side-effect that *intermediate states* happen. In the above example, there is
+a window of time in between creating a Route and adding the Plugin in which
+the Route did not have the Plugin applied.
+
+A declarative configuration file, on the other hand, will contain the settings
+for all desired entities in a single file, and once that file is loaded into
+Kong, it replaces the entire configuration. When incremental changes are
+desired, they are made to the declarative configuration file, which is then
+reloaded in its entirety. At all times, the configuration described in the
+file loaded into Kong is the configured state of the system.
+
+## Setting Up Kong in DB-less mode
+
+To use Kong in DB-less mode, set the `database` directive of `kong.conf`
+to `off`. As usual, you can do this by editing `kong.conf` and setting
+`database=off` or via environment variables. You can then start Kong
+as usual:
+
+```
+$ export KONG_DATABASE=off
+$ kong start -c kong.conf
+```
+
+Once Kong starts, access the `/` endpoint of the Admin API to verify that it
+is running without a database. It will return the entire Kong configuration;
+verify that `database` is set to `off`:
+
+```
+$ http :8001/
+
+HTTP/1.1 200 OK
+Access-Control-Allow-Origin: *
+Connection: keep-alive
+Content-Length: 6342
+Content-Type: application/json; charset=utf-8
+Date: Wed, 27 Mar 2019 15:24:58 GMT
+Server: kong/1.1.0
+{
+    "configuration:" {
+       ...
+       "database": "off",
+       ...
+    },
+    ...
+    "version": "1.1.0"
+}
+```
+
+Kong is running, but no declarative configuration was loaded yet. This 
+means that the configuration of this node is empty. There are no Routes,
+Services or entities of any kind:
+
+```
+$ http :8001/routes
+
+HTTP/1.1 200 OK
+Access-Control-Allow-Origin: *
+Connection: keep-alive
+Content-Length: 23
+Content-Type: application/json; charset=utf-8
+Date: Wed, 27 Mar 2019 15:30:02 GMT
+Server: kong/1.1.0
+
+{
+    "data": [], 
+    "next": null
+}
+```
+
+## Creating a Declarative Configuration File
+
+To load entities into DB-less Kong, we need a declarative configuration
+file. The following command will create a skeleton file to get you
+started:
+
+```
+$ kong config -c kong.conf init
+```
+
+This command creates a `kong.yml` file in the current directory,
+containing examples of the syntax for declaring entities and their
+relationships. All examples in the generated file are commented-out
+by default. You can experiment by uncommenting the examples
+(removing the `#` markers) and modifying their values.
+
+## The Declarative Configuration Format
+
+The Kong declarative configuration format consists of lists of
+entities and their attributes. This is a small, yet, complete
+example, which illustrates a number of features:
+
+```yaml
+_format_version: "1.1"
+
+services:
+- name: my-service
+  url: https://example.com
+  plugins:
+  - name: key-auth
+  routes:
+  - name: my-route
+    paths:
+    - /
+
+consumers:
+- username: my-user
+  keyauth_credentials:
+  - key: my-key
+```
+
+The only mandatory piece of metadata is `_format_version: "1.1"`, which
+specifies the version number of the declarative configuration syntax format.
+This also matches the minimum version of Kong required to parse the file.
+
+At the top level, you can specify any Kong entity, be it a core entity such as
+`services` and `consumers` as in the above example, or custom entities created
+by Plugins, such as `keyauth_credentials`. (This makes the declarative
+configuration format inherently extensible, and it is the reason why `kong
+config` commands that process declarative configuration require `kong.conf` to
+be available, so that the `plugins` directive is taken into account.)
+
+When entities have a relationship, such as a Route which points to a Service,
+this relationship can be specified via nesting.
+
+Only one-to-one relationships can be specified by nesting: a Plugin that is
+applied to a Service can have its relationship depicted via nesting, as in the
+example above. Relationships involving more than two entities, such as a
+Plugin that is applied to both a Service and a Consumer must be done via a
+top-level entry, where the entities can be identified by their primary keys
+or identifying names (the same identifiers that can be used to refer to them
+in the Admin API). This is an example of a plugin applied to a Service and
+a Consumer:
+
+```yml
+plugins:
+- name: syslog
+  consumer: my-user
+  service: my-service
+```
+
+## Checking The Declarative Configuration File
+
+Once you are done editing the file, it is possible to check the syntax
+for any errors before attempting to load it into Kong:
+
+```
+$ kong config -c kong.conf parse kong.yml
+
+parse successful
+```
+
+## Loading The Declarative Configuration File
+
+There are two ways to load a declarative configuration into Kong: via
+`kong.conf` and via the Admin API.
+
+To load a declarative configuration at Kong start-up, use the
+`declarative_config` directive in `kong.conf` (or, as usual to all `kong.conf`
+entries, the equivalent `KONG_DECLARATIVE_CONFIG` environment variable).
+
+```
+$ export KONG_DATABASE=off
+$ export KONG_DECLARATIVE_CONFIG=kong.yml
+$ kong start -c kong.conf
+```
+
+Alternatively, you can load a declarative configuration into a running
+Kong node via its Admin API, using the `/config` endpoint. The 
+following example loads `kong.yml` using HTTPie:
+
+```
+$ http :8001/config config=@kong.yml
+```
+
+The `/config` endpoint replaces the entire set of entities in memory
+with the ones specified in the given file.
+
+## Using Kong in DB-less Mode
+
+There are a number of things to be aware of when using Kong in DB-less
+mode.
+
+#### Memory Cache Requirements
+
+The entire configuration of entities must fit inside the Kong
+cache. Make sure that the in-memory cache is configured appropriately:
+see the `mem_cache_size` directive in `kong.conf`.
+
+#### No Central Database Coordination
+
+Since there is no central database, multiple Kong nodes have no
+central coordination point and no cluster propagation of data:
+nodes are completely independent of each other.
+
+This means that the declarative configuration should be loaded into each node
+independently. Using the `/config` endpoint does not affect other Kong
+nodes, since they have no knowledge of each other.
+
+#### Read-Only Admin API
+
+Since the only way to configure entities is via declarative configuration,
+the endpoints for CRUD operations on entities are effectively read-only
+in the Admin API when running Kong in DB-less mode. `GET` operations
+for inspecting entities work as usual, but attempts to `POST`, `PATCH`
+`PUT` or `DELETE` in endpoints such as `/services` or `/plugins` will return
+`HTTP 405 Not Allowed`.
+
+This restriction is limited to what would be otherwise database operations. In
+particular, using `POST` to set the health state of Targets is still enabled,
+since this is a node-specific in-memory operation.
+
+#### Plugin Compatibility
+
+Not all Kong plugins are compatible with DB-less mode, since some of them
+by design require a central database coordination and/or dynamic creation of
+entities.
+
+##### Fully Compatible
+
+The following plugins only read from the database (most of them just to read
+their initial config) so they are fully compatible with DB-less:
+
+* `aws-lambda`
+* `azure-functions`
+* `bot-detection`
+* `correlation-id`
+* `cors`
+* `datadog`
+* `file-log`
+* `http-log`
+* `tcp-log`
+* `udp-log`
+* `syslog`
+* `ip-restriction`
+* `prometheus`
+* `zipkin`
+* `request-transformer`
+* `response-transformer`
+* `request-termination`
+* `kubernetes-sidecar-injector`
+
+##### Partial Compatibility
+
+Authentication plugins can be used insofar as the set of credentials
+used is static and specified as part of the declarative configuration.
+Admin API endpoints to dynamically create, update or delete credentials
+are not available in DB-less mode. Plugins that fall into this 
+category are:
+
+* `acl`
+* `basic-auth`
+* `hmac-auth`
+* `jwt`
+* `key-auth`
+
+Rate limiting plugins bundled with Kong offer different policies for
+storing and coordinating counters: a `local` policy which stores counters
+the Nodes's memory, applying limits in a per-node fashion; a `redis`
+policy which uses Redis as an external key-value store for coordinating
+counters across nodes; and a `cluster` policy which uses the Kong database
+as a central coordination point for cluster-wide limits. In DB-less mode
+the `local` and `redis` policies are available, and `cluster` cannot be
+used. Plugins that fall into this category are:
+
+* `rate-limiting`
+* `response-ratelimiting`
+
+The `pre-function` and `post-function` plugins for serverless can be used
+in DB-less mode, with the caveat that if any configured functions attempt to
+write to the database, the writes will fail.
+
+##### Not Compatible
+
+* `oauth2` - For its regular work, the plugin needs to both generate and delete
+  tokens, and commit those changes to the database, which is not compatible with
+  DB-less.
diff --git a/app/1.3.x/getting-started/adding-consumers.md b/app/1.3.x/getting-started/adding-consumers.md
new file mode 100644
index 000000000000..4b3488cbe3b6
--- /dev/null
+++ b/app/1.3.x/getting-started/adding-consumers.md
@@ -0,0 +1,97 @@
+---
+title: Adding Consumers
+---
+
+<div class="alert alert-warning">
+  <strong>Before you start:</strong>
+  <ol>
+    <li>Make sure you've <a href="https://konghq.com/install/">installed Kong</a> &mdash; It should only take a minute!</li>
+    <li>Make sure you've <a href="/{{page.kong_version}}/getting-started/quickstart">started Kong</a>.</li>
+    <li>Also, make sure you've <a href="/{{page.kong_version}}/getting-started/configuring-a-service">configured your Service in Kong</a>.</li>
+  </ol>
+</div>
+
+In the last section, we learned how to add plugins to Kong, in this section
+we're going to learn how to add consumers to your Kong instances. Consumers are
+associated to individuals using your Service, and can be used for tracking, access
+management, and more.
+
+**Note:** This section assumes you have [enabled][enabling-plugins] the
+[key-auth][key-auth] plugin. If you haven't, you can either [enable the
+plugin][enabling-plugins] or skip steps two and three.
+
+## 1. Create a Consumer through the RESTful API
+
+Lets create a user named `Jason` by issuing the following request:
+
+```bash
+$ curl -i -X POST \
+  --url http://localhost:8001/consumers/ \
+  --data "username=Jason"
+```
+
+You should see a response similar to the one below:
+
+```http
+HTTP/1.1 201 Created
+Content-Type: application/json
+Connection: keep-alive
+
+{
+  "username": "Jason",
+  "created_at": 1428555626000,
+  "id": "bbdf1c48-19dc-4ab7-cae0-ff4f59d87dc9"
+}
+```
+
+Congratulations! You've just added your first consumer to Kong.
+
+**Note:** Kong also accepts a `custom_id` parameter when [creating
+consumers][API-consumers] to associate a consumer with your existing user
+database.
+
+## 2. Provision key credentials for your Consumer
+
+Now, we can create a key for our recently created consumer `Jason` by
+issuing the following request:
+
+```bash
+$ curl -i -X POST \
+  --url http://localhost:8001/consumers/Jason/key-auth/ \
+  --data 'key=ENTER_KEY_HERE'
+```
+
+## 3. Verify that your Consumer credentials are valid
+
+We can now issue the following request to verify that the credentials of
+our `Jason` Consumer is valid:
+
+```bash
+$ curl -i -X GET \
+  --url http://localhost:8000 \
+  --header "Host: example.com" \
+  --header "apikey: ENTER_KEY_HERE"
+```
+
+## Next Steps
+
+Now that we've covered the basics of adding Services, Routes, Consumers and enabling
+Plugins, feel free to read more on Kong in one of the following documents:
+
+- [Configuration file Reference][configuration]
+- [CLI Reference][CLI]
+- [Proxy Reference][proxy]
+- [Admin API Reference][API]
+- [Clustering Reference][cluster]
+
+Questions? Issues? Contact us on one of the [Community Channels](/community)
+for help!
+
+[key-auth]: /plugins/key-authentication
+[API-consumers]: /{{page.kong_version}}/admin-api#create-consumer
+[enabling-plugins]: /{{page.kong_version}}/getting-started/enabling-plugins
+[configuration]: /{{page.kong_version}}/configuration
+[CLI]: /{{page.kong_version}}/cli
+[proxy]: /{{page.kong_version}}/proxy
+[API]: /{{page.kong_version}}/admin-api
+[cluster]: /{{page.kong_version}}/clustering
diff --git a/app/1.3.x/getting-started/configuring-a-grpc-service.md b/app/1.3.x/getting-started/configuring-a-grpc-service.md
new file mode 100644
index 000000000000..67515bc8aafc
--- /dev/null
+++ b/app/1.3.x/getting-started/configuring-a-grpc-service.md
@@ -0,0 +1,283 @@
+---
+title: Configuring a gRPC Service
+---
+
+<div class="alert alert-warning">
+  <strong>Before you start:</strong>
+  <ol>
+    <li>Make sure you've <a href="https://konghq.com/install/">installed Kong</a> &mdash; It should only take a minute!</li>
+    <li>Make sure you've <a href="/{{page.kong_version}}/getting-started/quickstart">started Kong</a>.</li>
+  </ol>
+</div>
+
+Note: this guide assumes familiarity with gRPC; for learning how to set up
+Kong with an upstream REST API, check out the [Configuring a Service guide][conf-service].
+
+Starting with version 1.3, gRPC proxying is natively supported in Kong. In this
+section, you'll learn how to configure Kong to manage your gRPC services. For the
+purpose of this guide, we'll use [grpcurl][grpcurl] and [grpcbin][grpcbin] - they
+provide a gRPC client and gRPC services, respectively.
+
+We will describe two setups: Single gRPC Service and Route and single gRPC Service
+with multiple Routes. In the former, a single catch-all Route is configured, which
+proxies all matching gRPC traffic to an upstream gRPC service; the latter demonstrates
+how to use a Route per gRPC method.
+
+In Kong 1.3, gRPC support assumes gRPC over HTTP/2 framing. As such, make sure
+you have at least one HTTP/2 proxy listener (check out the [Configuration Reference][configuration-rerefence]
+for how to). In this guide, we will assume Kong is listening for HTTP/2 proxy
+requests on port 9080.
+
+## 1. Single gRPC Service and Route
+
+Issue the following request to create a gRPC Service (assuming your gRPC
+server is listening in localhost, port 15002):
+
+```bash
+$ curl -XPOST localhost:8001/services \
+  --data name=grpc \
+  --data protocol=grpc \
+  --data host=localhost \
+  --data port=15002
+```
+
+Issue the following request to create a gRPC route:
+
+```bash
+$ curl -XPOST localhost:8001/services/grpc/routes \
+  --data protocols=grpc \
+  --data name=catch-all \
+  --data paths=/
+```
+
+Using the [grpcurl][grpcurl] command line client, issue the following gRPC
+request:
+
+```bash
+$ grpcurl -v -d '{"greeting": "Kong 1.3!"}' \
+  -plaintext localhost:9080 hello.HelloService.SayHello
+```
+
+The response should resemble the following:
+
+```
+Resolved method descriptor:
+rpc SayHello ( .hello.HelloRequest ) returns ( .hello.HelloResponse );
+
+Request metadata to send:
+(empty)
+
+Response headers received:
+content-type: application/grpc
+date: Tue, 16 Jul 2019 21:37:36 GMT
+server: openresty/1.15.8.1
+via: kong/1.2.1
+x-kong-proxy-latency: 0
+x-kong-upstream-latency: 0
+
+Response contents:
+{
+  "reply": "hello Kong 1.3!"
+}
+
+Response trailers received:
+(empty)
+Sent 1 request and received 1 response
+```
+
+Notice that Kong response headers, such as `via` and `x-kong-proxy-latency`, were
+inserted in the response.
+
+## 2. Single gRPC Service with Multiple Routes
+
+Building on top of the previous example, let's create a few more routes, for
+individual gRPC methods.
+
+The gRPC "HelloService" service being used in this example exposes a few different
+methods, as can be seen in [its protobuf file][protobuf]. We will create individual
+routes for its "SayHello" and LotsOfReplies methods.
+
+Create a Route for "SayHello":
+
+```bash
+$ curl -XPOST localhost:8001/services/grpc/routes \
+  --data protocols=grpc \
+  --data paths=/hello.HelloService/SayHello \
+  --data name=say-hello
+```
+
+Create a Route for "LotsOfReplies":
+
+```bash
+$ curl -XPOST localhost:8001/services/grpc/routes \
+  --data protocols=grpc \
+  --data paths=/hello.HelloService/LotsOfReplies \
+  --data name=lots-of-replies
+```
+
+With this setup, gRPC requests to the "SayHello" method will match the first
+Route, while requests to "LotsOfReplies" will be routed to the latter.
+
+Issue a gRPC request to the "SayHello" method:
+
+```bash
+$ grpcurl -v -d '{"greeting": "Kong 1.3!"}' \
+  -H 'kong-debug: 1' -plaintext \
+  localhost:9080 hello.HelloService.SayHello
+```
+
+(Notice we are sending a header `kong-debug`, which causes Kong to insert
+debugging information in response headers.)
+
+The response should look like:
+
+```
+Resolved method descriptor:
+rpc SayHello ( .hello.HelloRequest ) returns ( .hello.HelloResponse );
+
+Request metadata to send:
+kong-debug: 1
+
+Response headers received:
+content-type: application/grpc
+date: Tue, 16 Jul 2019 21:57:00 GMT
+kong-route-id: 390ef3d1-d092-4401-99ca-0b4e42453d97
+kong-service-id: d82736b7-a4fd-4530-b575-c68d94c3493a
+kong-service-name: s1
+server: openresty/1.15.8.1
+via: kong/1.2.1
+x-kong-proxy-latency: 0
+x-kong-upstream-latency: 0
+
+Response contents:
+{
+  "reply": "hello Kong 1.3!"
+}
+
+Response trailers received:
+(empty)
+Sent 1 request and received 1 response
+```
+
+Notice the Route ID should refer to the first route we created.
+
+Similarly, let's issue a request to the "LotsOfReplies" gRPC method:
+
+```bash
+$ grpcurl -v -d '{"greeting": "Kong 1.3!"}' \
+  -H 'kong-debug: 1' -plaintext \
+  localhost:9080 hello.HelloService.LotsOfReplies
+```
+
+The response should look like the following:
+
+```
+Resolved method descriptor:
+rpc LotsOfReplies ( .hello.HelloRequest ) returns ( stream .hello.HelloResponse );
+
+Request metadata to send:
+kong-debug: 1
+
+Response headers received:
+content-type: application/grpc
+date: Tue, 30 Jul 2019 22:21:40 GMT
+kong-route-id: 133659bb-7e88-4ac5-b177-bc04b3974c87
+kong-service-id: 31a87674-f984-4f75-8abc-85da478e204f
+kong-service-name: grpc
+server: openresty/1.15.8.1
+via: kong/1.2.1
+x-kong-proxy-latency: 14
+x-kong-upstream-latency: 0
+
+Response contents:
+{
+  "reply": "hello Kong 1.3!"
+}
+
+Response contents:
+{
+  "reply": "hello Kong 1.3!"
+}
+
+Response contents:
+{
+  "reply": "hello Kong 1.3!"
+}
+
+Response contents:
+{
+  "reply": "hello Kong 1.3!"
+}
+
+Response contents:
+{
+  "reply": "hello Kong 1.3!"
+}
+
+Response contents:
+{
+  "reply": "hello Kong 1.3!"
+}
+
+Response contents:
+{
+  "reply": "hello Kong 1.3!"
+}
+
+Response contents:
+{
+  "reply": "hello Kong 1.3!"
+}
+
+Response contents:
+{
+  "reply": "hello Kong 1.3!"
+}
+
+Response contents:
+{
+  "reply": "hello Kong 1.3!"
+}
+
+Response trailers received:
+(empty)
+Sent 1 request and received 10 responses
+```
+
+Notice that the `kong-route-id` response header now carries a different value
+and refers to the second Route created in this page.
+
+**Note:**
+[gRPC reflection requests](https://github.com/grpc/grpc/blob/master/doc/server_reflection_tutorial.md)
+will still be routed to the first route we created (the "catch-all" route), since
+the request matches neither `SayHello` nor `LotsOfReplies` routes.
+
+## 3. Enabling Plugins
+
+Kong 1.3 gRPC support is compatible with Logging and Observability plugins; for
+example, let's try out the [File Log][file-log] plugin with gRPC.
+
+Issue the following request to enable File Log on the "SayHello" route:
+
+```bash
+$ curl -X POST localhost:8001/routes/say-hello/plugins \
+  --data name=file-log \
+  --data config.path=grpc-say-hello.log
+```
+
+Follow the output of the log as gRPC requests are made to "SayHello":
+
+```
+$ tail -f grpc-say-hello.log
+{"latencies":{"request":8,"kong":5,"proxy":3},"service":{"host":"localhost","created_at":1564527408,"connect_timeout":60000,"id":"74a95d95-fbe4-4ddb-a448-b8faf07ece4c","protocol":"grpc","name":"grpc","read_timeout":60000,"port":15002,"updated_at":1564527408,"write_timeout":60000,"retries":5},"request":{"querystring":{},"size":"46","uri":"\/hello.HelloService\/SayHello","url":"http:\/\/localhost:9080\/hello.HelloService\/SayHello","headers":{"host":"localhost:9080","content-type":"application\/grpc","kong-debug":"1","user-agent":"grpc-go\/1.20.0-dev","te":"trailers"},"method":"POST"},"client_ip":"127.0.0.1","tries":[{"balancer_latency":0,"port":15002,"balancer_start":1564527732522,"ip":"127.0.0.1"}],"response":{"headers":{"kong-route-id":"e49f2df9-3e8e-4bdb-8ce6-2c505eac4ab6","content-type":"application\/grpc","connection":"close","kong-service-name":"grpc","kong-service-id":"74a95d95-fbe4-4ddb-a448-b8faf07ece4c","kong-route-name":"say-hello","via":"kong\/1.2.1","x-kong-proxy-latency":"5","x-kong-upstream-latency":"3"},"status":200,"size":"298"},"route":{"id":"e49f2df9-3e8e-4bdb-8ce6-2c505eac4ab6","updated_at":1564527431,"protocols":["grpc"],"created_at":1564527431,"service":{"id":"74a95d95-fbe4-4ddb-a448-b8faf07ece4c"},"name":"say-hello","preserve_host":false,"regex_priority":0,"strip_path":false,"paths":["\/hello.HelloService\/SayHello"],"https_redirect_status_code":426},"started_at":1564527732516}
+{"latencies":{"request":3,"kong":1,"proxy":1},"service":{"host":"localhost","created_at":1564527408,"connect_timeout":60000,"id":"74a95d95-fbe4-4ddb-a448-b8faf07ece4c","protocol":"grpc","name":"grpc","read_timeout":60000,"port":15002,"updated_at":1564527408,"write_timeout":60000,"retries":5},"request":{"querystring":{},"size":"46","uri":"\/hello.HelloService\/SayHello","url":"http:\/\/localhost:9080\/hello.HelloService\/SayHello","headers":{"host":"localhost:9080","content-type":"application\/grpc","kong-debug":"1","user-agent":"grpc-go\/1.20.0-dev","te":"trailers"},"method":"POST"},"client_ip":"127.0.0.1","tries":[{"balancer_latency":0,"port":15002,"balancer_start":1564527733555,"ip":"127.0.0.1"}],"response":{"headers":{"kong-route-id":"e49f2df9-3e8e-4bdb-8ce6-2c505eac4ab6","content-type":"application\/grpc","connection":"close","kong-service-name":"grpc","kong-service-id":"74a95d95-fbe4-4ddb-a448-b8faf07ece4c","kong-route-name":"say-hello","via":"kong\/1.2.1","x-kong-proxy-latency":"1","x-kong-upstream-latency":"1"},"status":200,"size":"298"},"route":{"id":"e49f2df9-3e8e-4bdb-8ce6-2c505eac4ab6","updated_at":1564527431,"protocols":["grpc"],"created_at":1564527431,"service":{"id":"74a95d95-fbe4-4ddb-a448-b8faf07ece4c"},"name":"say-hello","preserve_host":false,"regex_priority":0,"strip_path":false,"paths":["\/hello.HelloService\/SayHello"],"https_redirect_status_code":426},"started_at":1564527733554}
+```
+
+[enabling-plugins]: /{{page.kong_version}}/getting-started/enabling-plugins
+[conf-service]: /{{page.kong_version}}/getting-started/configuring-a-service
+[configuration-reference]: /{{page.kong_version}}/configuration-reference
+[grpcbin]: https://github.com/moul/grpcbin
+[grpcurl]: https://github.com/fullstorydev/grpcurl
+[protobuf]: https://raw.githubusercontent.com/moul/pb/master/hello/hello.proto
+[file-log]: /plugins/file-log
+[zipkin]: /plugins/zipkin
diff --git a/app/1.3.x/getting-started/configuring-a-service.md b/app/1.3.x/getting-started/configuring-a-service.md
new file mode 100644
index 000000000000..6c1f819c0068
--- /dev/null
+++ b/app/1.3.x/getting-started/configuring-a-service.md
@@ -0,0 +1,137 @@
+---
+title: Configuring a Service
+---
+
+<div class="alert alert-warning">
+  <strong>Before you start:</strong>
+  <ol>
+    <li>Make sure you've <a href="https://konghq.com/install/">installed Kong</a> &mdash; It should only take a minute!</li>
+    <li>Make sure you've <a href="/{{page.kong_version}}/getting-started/quickstart">started Kong</a>.</li>
+  </ol>
+</div>
+
+In this section, you'll be adding an API to Kong. In order to do this, you'll
+first need to add a _Service_; that is the name Kong uses to refer to the upstream APIs and microservices
+it manages.
+
+For the purpose of this guide, we'll create a Service pointing to the [Mockbin API][mockbin]. Mockbin is
+an "echo" type public website which returns the requests it gets back to the requester, as responses. This
+makes it helpful for learning how Kong proxies your API requests.
+
+Before you can start making requests against the Service, you will need to add a _Route_ to it.
+Routes specify how (and _if_) requests are sent to their Services after they reach Kong. A single
+Service can have many Routes.
+
+After configuring the Service and the Route, you'll be able to make requests through Kong using them.
+
+Kong exposes a [RESTful Admin API][API] on port `:8001`. Kong's configuration, including adding Services and
+Routes, is made via requests on that API.
+
+## 1. Add your Service using the Admin API
+
+Issue the following cURL request to add your first Service (pointing to the [Mockbin API][mockbin])
+to Kong:
+
+```bash
+$ curl -i -X POST \
+  --url http://localhost:8001/services/ \
+  --data 'name=example-service' \
+  --data 'url=http://mockbin.org'
+```
+
+You should receive a response similar to:
+
+```http
+HTTP/1.1 201 Created
+Content-Type: application/json
+Connection: keep-alive
+
+{
+   "host":"mockbin.org",
+   "created_at":1519130509,
+   "connect_timeout":60000,
+   "id":"92956672-f5ea-4e9a-b096-667bf55bc40c",
+   "protocol":"http",
+   "name":"example-service",
+   "read_timeout":60000,
+   "port":80,
+   "path":null,
+   "updated_at":1519130509,
+   "retries":5,
+   "write_timeout":60000
+}
+```
+
+
+## 2. Add a Route for the Service
+
+```bash
+$ curl -i -X POST \
+  --url http://localhost:8001/services/example-service/routes \
+  --data 'hosts[]=example.com'
+```
+
+The answer should be similar to:
+
+```http
+HTTP/1.1 201 Created
+Content-Type: application/json
+Connection: keep-alive
+
+{
+   "created_at":1519131139,
+   "strip_path":true,
+   "hosts":[
+      "example.com"
+   ],
+   "preserve_host":false,
+   "regex_priority":0,
+   "updated_at":1519131139,
+   "paths":null,
+   "service":{
+      "id":"79d7ee6e-9fc7-4b95-aa3b-61d2e17e7516"
+   },
+   "methods":null,
+   "protocols":[
+      "http",
+      "https"
+   ],
+   "id":"f9ce2ed7-c06e-4e16-bd5d-3a82daef3f9d"
+}
+```
+
+Kong is now aware of your Service and ready to proxy requests.
+
+## 3. Forward your requests through Kong
+
+Issue the following cURL request to verify that Kong is properly forwarding
+requests to your Service. Note that [by default][proxy-port] Kong handles proxy
+requests on port `:8000`:
+
+```bash
+$ curl -i -X GET \
+  --url http://localhost:8000/ \
+  --header 'Host: example.com'
+```
+
+A successful response means Kong is now forwarding requests made to
+`http://localhost:8000` to the `url` we configured in step #1,
+and is forwarding the response back to us. Kong knows to do this through
+the header defined in the above cURL request:
+
+<ul>
+  <li><strong>Host: &lt;given host></strong></li>
+</ul>
+
+<hr>
+
+## Next Steps
+
+Now that you've added your Service to Kong, let's learn how to enable plugins.
+
+Go to [Enabling Plugins &rsaquo;][enabling-plugins]
+
+[API]: /{{page.kong_version}}/admin-api
+[enabling-plugins]: /{{page.kong_version}}/getting-started/enabling-plugins
+[proxy-port]: /{{page.kong_version}}/configuration/#nginx-section
+[mockbin]: https://mockbin.com/
diff --git a/app/1.3.x/getting-started/enabling-plugins.md b/app/1.3.x/getting-started/enabling-plugins.md
new file mode 100644
index 000000000000..36210428c350
--- /dev/null
+++ b/app/1.3.x/getting-started/enabling-plugins.md
@@ -0,0 +1,74 @@
+---
+title: Enabling Plugins
+---
+
+<div class="alert alert-warning">
+  <strong>Before you start:</strong>
+  <ol>
+    <li>Make sure you've <a href="https://konghq.com/install/">installed Kong</a> - It should only take a minute!</li>
+    <li>Make sure you've <a href="/{{page.kong_version}}/getting-started/quickstart">started Kong</a>.</li>
+    <li>Also, make sure you've <a href="/{{page.kong_version}}/getting-started/configuring-a-service">configured your Service in Kong</a>.</li>
+  </ol>
+</div>
+
+In this section, you'll learn how to configure Kong plugins. One of the core
+principles of Kong is its extensibility through [plugins][plugins]. Plugins
+allow you to easily add new features to your Service or make it easier to
+manage.
+
+In the steps below you will configure the [key-auth][key-auth] plugin to add
+authentication to your Service. Prior to the addition of this plugin, **all**
+requests to your Service would be proxied upstream. Once you add and configure this
+plugin, **only** requests with the correct key(s) will be proxied - all
+other requests will be rejected by Kong, thus protecting your upstream service
+from unauthorized use.
+
+
+## 1. Configure the key-auth plugin
+
+To configure the key-auth plugin for the Service you <a href="/{{page.kong_version}}/getting-started/configuring-a-service">configured in Kong</a>,
+issue the following cURL request:
+
+```bash
+$ curl -i -X POST \
+  --url http://localhost:8001/services/example-service/plugins/ \
+  --data 'name=key-auth'
+```
+
+**Note:** This plugin also accepts a `config.key_names` parameter, which
+defaults to `['apikey']`. It is a list of headers and parameters names (both
+are supported) that are supposed to contain the apikey during a request.
+
+## 2. Verify that the plugin is properly configured
+
+Issue the following cURL request to verify that the [key-auth][key-auth]
+plugin was properly configured on the Service:
+
+```bash
+$ curl -i -X GET \
+  --url http://localhost:8000/ \
+  --header 'Host: example.com'
+```
+
+Since you did not specify the required `apikey` header or parameter, the
+response should be `401 Unauthorized`:
+
+```http
+HTTP/1.1 401 Unauthorized
+...
+
+{
+  "message": "No API key found in request"
+}
+```
+
+## Next Steps
+
+Now that you've configured the **key-auth** plugin lets learn how to add
+consumers to your Service so we can continue proxying requests through Kong.
+
+Go to [Adding Consumers &rsaquo;][adding-consumers]
+
+[key-auth]: /plugins/key-authentication
+[plugins]: /plugins
+[adding-consumers]: /{{page.kong_version}}/getting-started/adding-consumers
diff --git a/app/1.3.x/getting-started/introduction.md b/app/1.3.x/getting-started/introduction.md
new file mode 100644
index 000000000000..4a333b9d9414
--- /dev/null
+++ b/app/1.3.x/getting-started/introduction.md
@@ -0,0 +1,31 @@
+---
+title: Welcome to Kong
+---
+
+<div class="alert alert-warning">
+  <strong>Before you start:</strong> Make sure you've <a href="https://konghq.com/install/">installed Kong</a> &mdash; It should only take a minute!
+</div>
+
+Before going further into Kong, make sure you understand its [purpose and philosophy](/about). Once you are confident with the concept of API Gateways, this guide is going to take you through a quick introduction on how to use Kong and perform basic operations such as:
+
+- [Running your own Kong instance][quickstart]
+- [Adding and consuming Services][configuring-a-service]
+- [Installing plugins on Kong][enabling-plugins]
+
+## What is Kong, technically?
+
+You’ve probably heard that Kong is built on Nginx, leveraging its stability and efficiency. But how is this possible exactly?
+
+To be more precise, Kong is a Lua application running in Nginx and made possible by the [lua-nginx-module](https://github.com/openresty/lua-nginx-module). Instead of compiling Nginx with this module, Kong is distributed along with [OpenResty](https://openresty.org/), which already includes lua-nginx-module. OpenResty is *not* a fork of Nginx, but a bundle of modules extending its capabilities.
+
+This sets the foundations for a pluggable architecture, where Lua scripts (referred to as *”plugins”*) can be enabled and executed at runtime. Because of this, we like to think of Kong as **a paragon of microservice architecture**: at its core, it implements database abstraction, routing and plugin management. Plugins can live in separate code bases and be injected anywhere into the request lifecycle, all in a few lines of code.
+
+## Next Steps
+
+Now, lets get familiar with learning how to "start" and "stop" Kong.
+
+Go to [5-minute quickstart with Kong &rsaquo;][quickstart]
+
+[quickstart]: /{{page.kong_version}}/getting-started/quickstart
+[configuring-a-service]: /{{page.kong_version}}/getting-started/configuring-a-service
+[enabling-plugins]: /{{page.kong_version}}/getting-started/enabling-plugins
diff --git a/app/1.3.x/getting-started/quickstart.md b/app/1.3.x/getting-started/quickstart.md
new file mode 100644
index 000000000000..2112771250fc
--- /dev/null
+++ b/app/1.3.x/getting-started/quickstart.md
@@ -0,0 +1,80 @@
+---
+title: 5-minute Quickstart
+---
+
+<div class="alert alert-warning">
+  <strong>Before you start:</strong> Make sure you've
+  <a href="https://konghq.com/install/">installed Kong</a> &mdash; It should only take a minute!
+</div>
+
+In this section, you'll learn how to manage your Kong instance. First, we'll
+have you start Kong in order to give you access to the RESTful Admin
+interface, through which you manage your Services, Routes, Consumers, and more. Data sent
+through the Admin API is stored in Kong's [datastore][datastore-section] (Kong
+supports PostgreSQL and Cassandra).
+
+## 1. Start Kong
+
+Issue the following command to prepare your datastore by running the Kong
+migrations:
+
+```bash
+$ kong migrations bootstrap [-c /path/to/kong.conf]
+```
+
+You should see a message that tells you Kong has successfully migrated your
+database. If not, you probably incorrectly configured your database
+connection settings in your configuration file.
+
+Now let's [start][CLI] Kong:
+
+```bash
+$ kong start [-c /path/to/kong.conf]
+```
+
+**Note:** the CLI accepts a configuration option (`-c /path/to/kong.conf`)
+allowing you to point to [your own configuration][configuration-loading].
+
+## 2. Verify that Kong has started successfully
+
+If everything went well, you should see a message (`Kong started`)
+informing you that Kong is running.
+
+By default Kong listens on the following ports:
+
+- `:8000` on which Kong listens for incoming HTTP traffic from your
+  clients, and forwards it to your upstream services.
+- `:8443` on which Kong listens for incoming HTTPS traffic. This port has a
+  similar behavior as the `:8000` port, except that it expects HTTPS
+  traffic only. This port can be disabled via the configuration file.
+- `:8001` on which the [Admin API][API] used to configure Kong listens.
+- `:8444` on which the Admin API listens for HTTPS traffic.
+
+## 3. Stop Kong
+
+As needed you can stop the Kong process by issuing the following
+[command][CLI]:
+
+```bash
+$ kong stop
+```
+
+## 4. Reload Kong
+
+Issue the following command to [reload][CLI] Kong without downtime:
+
+```bash
+$ kong reload
+```
+
+## Next Steps
+
+Now that you have Kong running you can interact with the Admin API.
+
+To begin, go to [Configuring a Service &rsaquo;][configuring-a-service]
+
+[configuration-loading]: /{{page.kong_version}}/configuration/#configuration-loading
+[CLI]: /{{page.kong_version}}/cli
+[API]: /{{page.kong_version}}/admin-api
+[datastore-section]: /{{page.kong_version}}/configuration/#datastore-section
+[configuring-a-service]: /{{page.kong_version}}/getting-started/configuring-a-service
diff --git a/app/1.3.x/health-checks-circuit-breakers.md b/app/1.3.x/health-checks-circuit-breakers.md
new file mode 100644
index 000000000000..18a6f0784aaf
--- /dev/null
+++ b/app/1.3.x/health-checks-circuit-breakers.md
@@ -0,0 +1,321 @@
+---
+title: Health Checks and Circuit Breakers Reference
+---
+
+## Introduction
+
+You can make an API proxied by Kong use a [ring-balancer][ringbalancer], configured
+by adding an [upstream][upstream] entity that contains one or more [target][ringtarget]
+entities, each target pointing to a different IP address (or hostname) and
+port. The ring-balancer will balance load among the various targets, and based
+on the [upstream][upstream] configuration, will perform health checks on the targets,
+making them as healthy or unhealthy whether they are responsive or not. The
+ring-balancer will then only route traffic to healthy targets.
+
+Kong supports two kinds of health checks, which can be used separately or in
+conjunction:
+
+* **active checks**, where a specific HTTP or HTTPS endpoint in the target is
+periodically requested and the health of the target is determined based on its
+response;
+
+* **passive checks** (also known as **circuit breakers**), where Kong analyzes
+the ongoing traffic being proxied and determines the health of targets based
+on their behavior responding requests.
+
+## Healthy and unhealthy targets
+
+The objective of the health checks functionality is to dynamically mark
+targets as healthy or unhealthy, **for a given Kong node**. There is
+no cluster-wide synchronization of health information: each Kong node
+determines the health of its targets separately. This is desirable since at a
+given point one Kong node may be able to connect to a target successfully
+while another node is failing to reach it: the first node will consider
+it healthy, while the second will mark it as unhealthy and start routing
+traffic to other targets of the upstream.
+
+Either an active probe (on active health checks) or a proxied request
+(on passive health checks) produces data which is used to determine
+whether a target is healthy or unhealthy. A request may produce a TCP
+error, timeout, or produce an HTTP status code. Based on this
+information, the health checker updates a series of internal counters:
+
+* If the returned status code is one configured as "healthy", it will
+increment the "Successes" counter for the target and clear all its other
+counters;
+* If it fails to connect, it will increment the "TCP failures" counter
+for the target and clear the "Successes" counter;
+* If it times out, it will increment the "timeouts" counter
+for the target and clear the "Successes" counter;
+* If the returned status code is one configured as "unhealthy", it will
+increment the "HTTP failures" counter for the target and clear the "Successes" counter.
+
+If any of the "TCP failures", "HTTP failures" or "timeouts" counters reaches
+their configured threshold, the target will be marked as unhealthy.
+
+If the "Successes" counter reaches its configured threshold, the target will be
+marked as healthy.
+
+The list of which HTTP status codes are "healthy" or "unhealthy", and the
+individual thresholds for each of these counters are configurable on a
+per-upstream basis. Below, we have an example of a configuration for an
+Upstream entity, showcasing the default values of the various fields
+available for configuring health checks. A description of each
+field is included in the [Admin API][addupstream] reference documentation.
+
+```json
+{
+    "name": "service.v1.xyz",
+    "healthchecks": {
+        "active": {
+            "concurrency": 10,
+            "healthy": {
+                "http_statuses": [ 200, 302 ],
+                "interval": 0,
+                "successes": 0
+            },
+            "http_path": "/",
+            "timeout": 1,
+            "unhealthy": {
+                "http_failures": 0,
+                "http_statuses": [ 429, 404, 500, 501,
+                                   502, 503, 504, 505 ],
+                "interval": 0,
+                "tcp_failures": 0,
+                "timeouts": 0
+            }
+        },
+        "passive": {
+            "healthy": {
+                "http_statuses": [ 200, 201, 202, 203,
+                                   204, 205, 206, 207,
+                                   208, 226, 300, 301,
+                                   302, 303, 304, 305,
+                                   306, 307, 308 ],
+                "successes": 0
+            },
+            "unhealthy": {
+                "http_failures": 0,
+                "http_statuses": [ 429, 500, 503 ],
+                "tcp_failures": 0,
+                "timeouts": 0
+            }
+        }
+    },
+    "slots": 10
+}
+```
+
+If all targets of an upstream are unhealthy, Kong will respond to requests
+to the upstream with `503 Service Unavailable`.
+
+Note:
+
+1. health checks operate only on [*active* targets][targetobject] and do not
+   modify the *active* status of a target in the Kong database.
+2. unhealthy targets will not be removed from the loadbalancer, and hence will
+   not have any impact on the balancer layout when using the hashing algorithm
+   (they will just be skipped).
+3. The [DNS caveats][dnscaveats] and [balancer caveats][balancercaveats]
+   also apply to health checks. If using hostnames for the targets, then make
+   sure the DNS server always returns the full set of IP addresses for a name,
+   and does not limit the response. *Failing to do so might lead to health
+   checks not being executed.*
+
+## Types of health checks
+
+### Active health checks
+
+Active health checks, as the name implies, actively probe targets for
+their health. When active health checks are enabled in an upstream entity,
+Kong will periodically issue HTTP or HTTPS requests to a configured path at each target
+of the upstream. This allows Kong to automatically enable and disable targets
+in the balancer based on the [probe results](#healthy-and-unhealthy-targets).
+
+The periodicity of active health checks can be configured separately for
+when a target is healthy or unhealthy. If the `interval` value for either
+is set to zero, the checking is disabled at the corresponding scenario.
+When both are zero, active health checks are disabled altogether.
+
+<div class="alert alert-warning">
+<strong>Note:</strong> Active health checks currently only support HTTP/HTTPS targets. They
+do not apply to Upstreams assigned to Services with the protocol attribute set to "tcp" or "tls".
+</div>
+
+[Back to TOC](#table-of-contents)
+
+### Passive health checks (circuit breakers)
+
+Passive health checks, also known as circuit breakers, are
+checks performed based on the requests being proxied by Kong (HTTP/HTTPS/TCP),
+with no additional traffic being generated. When a target becomes
+unresponsive, the passive health checker will detect that and mark
+the target as unhealthy. The ring-balancer will start skipping this
+target, so no more traffic will be routed to it.
+
+Once the problem with a target is solved and it is ready to receive
+traffic again, the Kong administrator can manually inform the
+health checker that the target should be enabled again, via an
+Admin API endpoint:
+
+```bash
+$ curl -i -X POST http://localhost:8001/upstreams/my_upstream/targets/10.1.2.3:1234/healthy
+HTTP/1.1 204 No Content
+```
+
+This command will broadcast a cluster-wide message so that the "healthy"
+status is propagated to the whole [Kong cluster][clustering]. This will cause Kong nodes to
+reset the health counters of the health checkers running in all workers of the
+Kong node, allowing the ring-balancer to route traffic to the target again.
+
+Passive health checks have the advantage of not producing extra
+traffic, but they are unable to automatically mark a target as
+healthy again: the "circuit is broken", and the target needs to
+be re-enabled again by the system administrator.
+
+
+[Back to TOC](#table-of-contents)
+
+## Summary of pros and cons
+
+* Active health checks can automatically re-enable a target in the
+ring balancer as soon as it is healthy again. Passive health checks cannot.
+* Passive health checks do not produce additional traffic to the
+target. Active health checks do.
+* An active health checker demands a known URL with a reliable status response
+in the target to be configured as a probe endpoint (which may be as
+simple as `"/"`). Passive health checks do not demand such configuration.
+* By providing a custom probe endpoint for an active health checker,
+an application may determine its own health metrics and produce a status
+code to be consumed by Kong. Even though a target continues to serve
+traffic which looks healthy to the passive health checker,
+it would be able to respond to the active probe with a failure
+status, essentially requesting to be relieved from taking new traffic.
+
+It is possible to combine the two modes. For example, one can enable
+passive health checks to monitor the target health based solely on its
+traffic, and only use active health checks while the target is unhealthy,
+in order to re-enable it automatically.
+
+## Enabling and disabling health checks
+
+### Enabling active health checks
+
+To enable active health checks, you need to specify the configuration items
+under `healthchecks.active` in the [Upstream object][upstreamobjects] configuration. You
+need to specify the necessary information so that Kong can perform periodic
+probing on the target, and how to interpret the resulting information.
+
+You can use the `healthchecks.active.type` field to specify whether to perform
+HTTP or HTTPS probes (setting it to `"http"` or `"https"`), or by simply
+testing if the connection to a given host and port is successful
+(setting it to `"tcp"`).
+
+For configuring the probe, you need to specify:
+
+* `healthchecks.active.http_path` - The path that should be used when
+issuing the HTTP GET request to the target. The default value is `"/"`.
+* `healthchecks.active.timeout` - The connection timeout limit for the
+HTTP GET request of the probe. The default value is 1 second.
+* `healthchecks.active.concurrency` - Number of targets to check concurrently
+in active health checks.
+
+You also need to specify positive values for intervals, for running
+probes:
+
+* `healthchecks.active.healthy.interval` - Interval between active health
+checks for healthy targets (in seconds). A value of zero indicates that active
+probes for healthy targets should not be performed.
+* `healthchecks.active.unhealthy.interval` - Interval between active health
+checks for unhealthy targets (in seconds). A value of zero indicates that active
+probes for unhealthy targets should not be performed.
+
+This allows you to tune the behavior of the active health checks, whether you
+want probes for healthy and unhealthy targets to run at the same interval, or
+one to be more frequent than the other.
+
+If you are using HTTPS healthchecks, you can also specify the following
+fields:
+
+* `healthchecks.active.https_verify_certificate` - Whether to check the
+validity of the SSL certificate of the remote host when performing active
+health checks using HTTPS.
+* `healthchecks.active.https_sni` - The hostname to use as an SNI
+(Server Name Identification) when performing active health checks
+using HTTPS. This is particularly useful when Targets are configured
+using IPs, so that the target host's certificate can be verified
+with the proper SNI.
+
+Note that failed TLS verifications will increment the "TCP failures" counter;
+the "HTTP failures" refer only to HTTP status codes, whether probes are done
+through HTTP or HTTPS.
+
+Finally, you need to configure how Kong should interpret the probe, by setting
+the various thresholds on the [health
+counters](#healthy-and-unhealthy-targets), which, once reached will trigger a
+status change. The counter threshold fields are:
+
+* `healthchecks.active.healthy.successes` - Number of successes in active
+probes (as defined by `healthchecks.active.healthy.http_statuses`) to consider
+a target healthy.
+* `healthchecks.active.unhealthy.tcp_failures` - Number of TCP failures
+or TLS verification failures in active probes to consider a target unhealthy.
+* `healthchecks.active.unhealthy.timeouts` - Number of timeouts in active
+probes to consider a target unhealthy.
+* `healthchecks.active.unhealthy.http_failures` - Number of HTTP failures in
+active probes (as defined by `healthchecks.active.unhealthy.http_statuses`) to
+consider a target unhealthy.
+
+### Enabling passive health checks
+
+Passive health checks do not feature a probe, as they work by interpreting
+the ongoing traffic that flows from a target. This means that to enable
+passive checks you only need to configure its counter thresholds:
+
+* `healthchecks.passive.healthy.successes` - Number of successes in proxied
+traffic (as defined by `healthchecks.passive.healthy.http_statuses`) to
+consider a target healthy, as observed by passive health checks. This needs to
+be positive when passive checks are enabled so that healthy traffic resets the
+unhealthy counters.
+* `healthchecks.passive.unhealthy.tcp_failures` - Number of TCP failures in
+proxied traffic to consider a target unhealthy, as observed by passive health
+checks.
+* `healthchecks.passive.unhealthy.timeouts` - Number of timeouts in proxied
+traffic to consider a target unhealthy, as observed by passive health checks.
+* `healthchecks.passive.unhealthy.http_failures` - Number of HTTP failures in
+proxied traffic (as defined by `healthchecks.passive.unhealthy.http_statuses`)
+to consider a target unhealthy, as observed by passive health checks.
+
+### Disabling health checks
+
+In all counter thresholds and intervals specified in the `healthchecks`
+configuration, setting a value to zero means that the functionality the field
+represents is disabled. Setting a probe interval to zero disables a probe.
+Likewise, you can disable certain types of checks by setting their counter
+thresholds to zero. For example, to not consider timeouts when performing
+healthchecks, you can set both `timeouts` fields (for active and passive
+checks) to zero. This gives you a fine-grained control of the behavior of the
+health checker.
+
+In summary, to completely disable active health checks for an upstream, you
+need to set both `healthchecks.active.healthy.interval` and
+`healthchecks.active.unhealthy.interval` to `0`.
+
+To completely disable passive health checks, you need to set all counter
+thresholds under `healthchecks.passive` for its various counters to zero.
+
+All counter thresholds and intervals in `healthchecks` are zero by default,
+meaning that health checks are completely disabled by default in newly created
+upstreams.
+
+[Back to TOC](#table-of-contents)
+
+[ringbalancer]: /{{page.kong_version}}/loadbalancing#ring-balancer
+[ringtarget]: /{{page.kong_version}}/loadbalancing#target
+[upstream]: /{{page.kong_version}}/loadbalancing#upstream
+[targetobject]: /{{page.kong_version}}/admin-api#target-object
+[addupstream]: /{{page.kong_version}}/admin-api#add-upstream
+[clustering]: /{{page.kong_version}}/clustering
+[upstreamobjects]: /{{page.kong_version}}/admin-api#upstream-objects
+[balancercaveats]: /{{page.kong_version}}/loadbalancing#balancing-caveats
+[dnscaveats]: /{{page.kong_version}}/loadbalancing#dns-caveats
diff --git a/app/1.3.x/index.md b/app/1.3.x/index.md
new file mode 100644
index 000000000000..657916c5e6c6
--- /dev/null
+++ b/app/1.3.x/index.md
@@ -0,0 +1,84 @@
+---
+title: Documentation for Kong
+---
+
+<div class="docs-grid">
+  <div class="docs-grid-block">
+    <h3><img src="/assets/images/icons/documentation/icn-window.svg" /><a href="https://konghq.com/install/">Installation</a></h3>
+    <p>You can install Kong on most Linux distributions and macOS. We even provide the source so you can compile yourself.</p>
+    <a href="https://konghq.com/install/">Install Kong &rarr;</a>
+  </div>
+
+  <div class="docs-grid-block">
+    <h3><img src="/assets/images/icons/documentation/icn-quickstart.svg" /><a href="/{{page.kong_version}}/getting-started/quickstart">5-minute Quickstart</a></h3>
+    <p>Learn how to start Kong, add a Service, enable plugins, and add consumers in under thirty seconds.</p>
+    <a href="/{{page.kong_version}}/getting-started/quickstart">Start using Kong &rarr;</a>
+  </div>
+
+  <div class="docs-grid-block">
+    <h3><img src="/assets/images/icons/documentation/icn-doc-reference.svg" /><a href="/{{page.kong_version}}/db-less-and-declarative-config">DB-less &amp; Declarative Configuration</a></h3>
+    <p>Learn how to leverage the declarative configuration format for using Kong without a database, using in-memory storage only.</p>
+    <a href="/{{page.kong_version}}/db-less-and-declarative-config">Read the tutorial &rarr;</a>
+  </div>
+
+  <div class="docs-grid-block">
+    <h3><img src="/assets/images/icons/documentation/icn-doc-reference.svg" /><a href="/hub/kong-inc/kubernetes-sidecar-injector/">Kubernetes &amp; Service Mesh</a></h3>
+    <p>Use our sidecar injector plugin to run Kong as a service mesh on Kubernetes</p>
+    <a href="/hub/kong-inc/kubernetes-sidecar-injector/">Read the plugin guide &rarr;</a>
+  </div>
+
+  <div class="docs-grid-block">
+    <h3><img src="/assets/images/icons/documentation/icn-doc-reference.svg" /><a href="/{{page.kong_version}}/upgrading">Upgrade guide</a></h3>
+    <p>Already using Kong, and wanting to upgrade? Here's the step-by-step guide.</p>
+    <a href="/{{page.kong_version}}/upgrading">Read the upgrade guide &rarr;</a>
+  </div>
+
+  <div class="docs-grid-block">
+    <h3><img src="/assets/images/icons/documentation/icn-doc-reference.svg" /><a href="/{{page.kong_version}}/configuration">Configuration file</a></h3>
+    <p>Want to further optimize your Kong cluster, database, or configure NGINX? Dive into the configuration.</p>
+    <a href="/{{page.kong_version}}/configuration">Start configuring Kong &rarr;</a>
+  </div>
+
+  <div class="docs-grid-block">
+    <h3><img src="/assets/images/icons/documentation/icn-doc-reference.svg" /><a href="/{{page.kong_version}}/cli">CLI reference</a></h3>
+    <p>Want a better understanding of the CLI tool and its options? Browse the detailed command reference.</p>
+    <a href="/{{page.kong_version}}/cli">Use the CLI &rarr;</a>
+  </div>
+
+  <div class="docs-grid-block">
+    <h3><img src="/assets/images/icons/documentation/icn-doc-reference.svg" /><a href="/{{page.kong_version}}/admin-api">Admin API reference</a></h3>
+    <p>Ready to learn the underlying interface? Browse the Admin API reference to learn how to start making requests.</p>
+    <a href="/{{page.kong_version}}/admin-api">Explore the interface &rarr;</a>
+  </div>
+
+  <div class="docs-grid-block">
+    <h3><img src="/assets/images/icons/documentation/icn-doc-reference.svg" /><a href="/{{page.kong_version}}/proxy">Proxy reference</a></h3>
+    <p>Learn every way to configure Kong to proxy your Services, serve them over SSL or use WebSockets.</p>
+    <a href="/{{page.kong_version}}/proxy">Read the Proxy Reference &rarr;</a>
+  </div>
+
+  <div class="docs-grid-block">
+    <h3><img src="/assets/images/icons/documentation/icn-doc-reference.svg" /><a href="/{{page.kong_version}}/loadbalancing">Load balancing reference</a></h3>
+    <p>Learn how to setup Kong to load balance traffic through replicas of your upstream services.</p>
+    <a href="/{{page.kong_version}}/loadbalancing">Read the Load balancing Reference &rarr;</a>
+  </div>
+
+  <div class="docs-grid-block">
+    <h3><img src="/assets/images/icons/documentation/icn-doc-reference.svg" /><a href="/{{page.kong_version}}/health-checks-circuit-breakers">Health checks &amp; circuit breakers</a></h3>
+    <p>Let Kong monitor the availability of your services and adjust its load balancing accordingly.</p>
+    <a href="/{{page.kong_version}}/health-checks-circuit-breakers">Learn about health checks and circuit breakers &rarr;</a>
+  </div>
+
+  <div class="docs-grid-block">
+    <h3><img src="/assets/images/icons/documentation/icn-clustering.svg" /><a href="/{{page.kong_version}}/clustering">Clustering</a></h3>
+    <p>If you are starting more than one node, you must use clustering to make sure all the nodes belong to the same Kong cluster.</p>
+    <a href="/{{page.kong_version}}/clustering">Read the clustering reference &rarr;</a>
+  </div>
+
+  <div class="docs-grid-block">
+    <h3><img src="/assets/images/icons/documentation/icn-window.svg" /><a href="/{{page.kong_version}}/plugin-development">Write your own plugins</a></h3>
+    <p>Looking for something Kong does not do for you? Easy: write it as a plugin. Learn how to write your own plugins for Kong.</p>
+    <a href="/{{page.kong_version}}/plugin-development">Read the plugin development guide &rarr;</a>
+  </div>
+
+</div>
diff --git a/app/1.3.x/loadbalancing.md b/app/1.3.x/loadbalancing.md
new file mode 100644
index 000000000000..bee0dac7f2c1
--- /dev/null
+++ b/app/1.3.x/loadbalancing.md
@@ -0,0 +1,374 @@
+---
+title: Loadbalancing reference
+---
+
+## Introduction
+
+Kong provides multiple ways of load balancing requests to multiple backend
+services: a straightforward DNS-based method, and a more dynamic ring-balancer
+that also allows for service registry without needing a DNS server.
+
+## DNS-based loadbalancing
+
+When using DNS-based load balancing, the registration of the backend services
+is done outside of Kong, and Kong only receives updates from the DNS server.
+
+Every Service that has been defined with a `host` containing a hostname
+(instead of an IP address) will automatically use DNS-based load balancing
+if the name resolves to multiple IP addresses, provided the hostname does not
+resolve to an `upstream` name or a name in your DNS hostsfile.
+
+The DNS record `ttl` setting (time to live) determines how often the information
+is refreshed. When using a `ttl` of 0, every request will be resolved using its
+own DNS query. Obviously this will have a performance penalty, but the latency of
+updates/changes will be very low.
+
+[Back to TOC](#table-of-contents)
+
+### A records
+
+An A record contains one or more IP addresses. Hence, when a hostname
+resolves to an A record, each backend service must have its own IP address.
+
+Because there is no `weight` information, all entries will be treated as equally
+weighted in the load balancer, and the balancer will do a straight forward
+round-robin.
+
+[Back to TOC](#table-of-contents)
+
+### SRV records
+
+An SRV record contains weight and port information for all of its IP addresses.
+A backend service can be identified by a unique combination of IP address
+and port number. Hence, a single IP address can host multiple instances of the
+same service on different ports.
+
+Because the `weight` information is available, each entry will get its own
+weight in the load balancer and it will perform a weighted round-robin.
+
+Similarly, any given port information will be overridden by the port information from
+the DNS server. If a Service has attributes `host=myhost.com` and `port=123`,
+and `myhost.com` resolves to an SRV record with `127.0.0.1:456`, then the request
+will be proxied to `http://127.0.0.1:456/somepath`, as port `123` will be
+overridden by `456`.
+
+[Back to TOC](#table-of-contents)
+
+### DNS priorities
+
+The DNS resolver will start resolving the following record types in order:
+
+  1. The last successful type previously resolved
+  2. SRV record
+  3. A record
+  4. CNAME record
+
+This order is configurable through the [`dns_order` configuration property][dns-order-config].
+
+[Back to TOC](#table-of-contents)
+
+### DNS caveats
+
+- Whenever the DNS record is refreshed a list is generated to handle the
+weighting properly. Try to keep the weights as multiples of each other to keep
+the algorithm performant, e.g., 2 weights of 17 and 31 would result in a structure
+with 527 entries, whereas weights 16 and 32 (or their smallest relative
+counterparts 1 and 2) would result in a structure with merely 3 entries,
+especially with a very small (or even 0) `ttl` value.
+
+- Some nameservers do not return all entries (due to UDP packet size) in those
+cases (for example Consul returns a maximum of 3) a given Kong node will only
+use the few upstream service instances provided by the nameserver. In this
+scenario, it is possible that the pool of upstream instances will be loaded
+inconsistently, because the Kong node is effectively unaware of some of the
+instances, due to the limited information provided by the nameserver.
+To mitigate this use a different nameserver, use IP
+addresses instead of names, or make sure you use enough Kong nodes to still
+have all upstream services being used.
+
+- When the nameserver returns a `3 name error`, then that is a valid response
+for Kong. If this is unexpected, first validate the correct name is being
+queried for, and second check your nameserver configuration.
+
+- The initial pick of an IP address from a DNS record (A or SRV) is not
+randomized. So when using records with a `ttl` of 0, the nameserver is
+expected to randomize the record entries.
+
+[Back to TOC](#table-of-contents)
+
+## Ring-balancer
+
+When using the ring-balancer, the adding and removing of backend services will
+be handled by Kong, and no DNS updates will be necessary. Kong will act as the
+service registry. Nodes can be added/deleted with a single HTTP request and
+will instantly start/stop receiving traffic.
+
+Configuring the ring-balancer is done through the `upstream` and `target`
+entities.
+
+  - `target`: an IP address or hostname with a port number where a backend
+    service resides, eg. "192.168.100.12:80". Each target gets an additional
+    `weight` to indicate the relative load it gets. IP addresses can be
+    in both IPv4 and IPv6 format.
+  - `upstream`: a 'virtual hostname' which can be used in a Route `host`
+    field, e.g., an upstream named `weather.v2.service` would get all requests
+    from a Service with `host=weather.v2.service`.
+
+[Back to TOC](#table-of-contents)
+
+### Upstream
+
+Each upstream gets its own ring-balancer. Each `upstream` can have many
+`target` entries attached to it, and requests proxied to the 'virtual hostname'
+will be load balanced over the targets. A ring-balancer has a pre-defined
+number of slots, and based on the target weights the slots get assigned to the
+targets of the upstream.
+
+Adding and removing targets can be done with a simple HTTP request on the
+Admin API. This operation is relatively cheap. Changing the upstream
+itself is more expensive as the balancer will need to be rebuilt when the
+number of slots change for example.
+
+The only occurrence where the balancer will be rebuilt automatically is when
+the target history is cleaned; other than that, it will only rebuild upon changes.
+
+Within the balancer there are the positions (from 1 to `slots`),
+which are __randomly distributed__ on the ring.
+The randomness is required to make invoking the ring-balancer cheap at
+runtime. A simple round-robin over the wheel (the positions) will do to
+provide a well distributed weighted round-robin over the `targets`, whilst
+also having cheap operations when inserting/deleting targets.
+
+The number of slots to use per target should (at least) be around 100 to make
+sure the slots are properly distributed. Eg. for an expected maximum of 8
+targets, the `upstream` should be defined with at least `slots=800`, even if
+the initial setup only features 2 targets.
+
+The tradeoff here is that the higher the number of slots, the better the random
+distribution, but the more expensive the changes are (add/removing targets)
+
+Detailed information on adding and manipulating
+upstreams is available in the `upstream` section of the
+[Admin API reference][upstream-object-reference].
+
+[Back to TOC](#table-of-contents)
+
+### Target
+
+Because the `upstream` maintains a history of changes, targets can only be
+added, not modified nor deleted. To change a target, just add a new entry for
+the target, and change the `weight` value. The last entry is the one that will
+be used. As such setting `weight=0` will disable a target, effectively
+deleting it from the balancer. Detailed information on adding and manipulating
+targets is available in the `target` section of the
+[Admin API reference][target-object-reference].
+
+The targets will be automatically cleaned when there are 10x more inactive
+entries than active ones. Cleaning will involve rebuilding the balancer, and
+hence is more expensive than just adding a target entry.
+
+A `target` can also have a hostname instead of an IP address. In that case
+the name will be resolved and all entries found will individually be added to
+the ring balancer, e.g., adding `api.host.com:123` with `weight=100`. The
+name 'api.host.com' resolves to an A record with 2 IP addresses. Then both
+ip addresses will be added as target, each getting `weight=100` and port 123.
+__NOTE__: the weight is used for the individual entries, not for the whole!
+
+Would it resolve to an SRV record, then also the `port` and `weight` fields
+from the DNS record would be picked up, and would overrule the given port `123`
+and `weight=100`.
+
+The balancer will honor the DNS record's `ttl` setting and requery and update
+the balancer when it expires.
+
+__Exception__: When a DNS record has `ttl=0`, the hostname will be added
+as a single target, with the specified weight. Upon every proxied request
+to this target it will query the nameserver again.
+
+[Back to TOC](#table-of-contents)
+
+### Balancing algorithms
+
+By default a ring-balancer will use a weighted-round-robin scheme. The alternative
+would be to use the hash-based algorithm. The input for the hash can be either
+`none`, `consumer`, `ip`, `header`, or `cookie`. When set to `none` the
+weighted-round-robin scheme will be used, and hashing will be disabled.
+
+There are two options, a primary and a fallback in case the primary fails
+(e.g., if the primary is set to `consumer`, but no consumer is authenticated)
+
+The different hashing options:
+
+- `none`: Do not use hashing, but use weighted-round-robin instead (default).
+
+- `consumer`: Use the consumer id as the hash input. This option will fallback
+  on the credential id if no consumer id is available (in case of external auth
+  like ldap).
+
+- `ip`: The remote (originating) IP address will be used as input. Review the
+  configuration settings for [determining the real IP][real-ip-config] when
+  using this.
+
+- `header`: Use a specified header (in either `hash_on_header` or `hash_fallback_header`
+  field) as input for the hash.
+
+- `cookie`: Use a specified cookie name (in the `hash_on_cookie` field) with a
+  specified path (in the `hash_on_cookie_path` field, default `"/"`) as input for
+  the hash. If the cookie is not present in the request, it will be set by the
+  response. Hence, the `hash_fallback` setting is invalid if `cookie` is the primary
+  hashing mechanism.
+
+The hashing algorithm is based on 'consistent-hashing' (or the 'ketama principle')
+which makes sure that when the balancer gets modified by changing the targets
+(adding, removing, failing, or changing weights) only the minimum number of
+hashing losses occur. This will maximize upstream cache hits.
+
+For more information on the exact settings see the `upstream` section of the
+[Admin API reference][upstream-object-reference].
+
+[Back to TOC](#table-of-contents)
+
+### Balancing caveats
+
+The ring-balancer is designed to work both with a single node as well as in a cluster.
+For the weighted-round-robin algorithm there isn't much difference, but when using
+the hash based algorithm it is important that all nodes build the exact same
+ring-balancer to make sure they all work identical. To do this the balancer
+must be build in a deterministic way.
+
+- Do not use hostnames in the balancer as the
+balancers might/will slowly diverge because the DNS ttl has only second precision
+and renewal is determined by when a name is actually requested. On top of this is
+the issue with some nameservers not returning all entries, which exacerbates
+this problem. So when using the hashing approach in a Kong cluster, add `target`
+entities only by their IP address, and never by name.
+
+- When picking your hash input make sure the input has enough variance to get
+to a well distributed hash. Hashes will be calculated using the CRC-32 digest.
+So for example, if your system has thousands of users, but only a few consumers, defined
+per platform (eg. 3 consumers: Web, iOS and Android) then picking the `consumer`
+hash input will not suffice, using the remote IP address by setting the hash to
+`ip` would provide more variance in the input and hence a better distribution
+in the hash output. However, if many clients will be behind the same NAT gateway (e.g. in
+call center), `cookie` will provide a better distribution than `ip`.
+
+[Back to TOC](#table-of-contents)
+
+# Blue-Green Deployments
+
+Using the ring-balancer a [blue-green deployment][blue-green-canary] can be easily orchestrated for
+a Service. Switching target infrastructure only requires a `PATCH` request on a
+Service, to change its `host` value.
+
+Set up the "Blue" environment, running version 1 of the address service:
+
+```bash
+# create an upstream
+$ curl -X POST http://kong:8001/upstreams \
+    --data "name=address.v1.service"
+
+# add two targets to the upstream
+$ curl -X POST http://kong:8001/upstreams/address.v1.service/targets \
+    --data "target=192.168.34.15:80"
+    --data "weight=100"
+$ curl -X POST http://kong:8001/upstreams/address.v1.service/targets \
+    --data "target=192.168.34.16:80"
+    --data "weight=50"
+
+# create a Service targeting the Blue upstream
+$ curl -X POST http://kong:8001/services/ \
+    --data "name=address-service" \
+    --data "host=address.v1.service" \
+    --data "path=/address"
+
+# finally, add a Route as an entry-point into the Service
+$ curl -X POST http://kong:8001/services/address-service/routes/ \
+    --data "hosts[]=address.mydomain.com"
+```
+
+Requests with host header set to `address.mydomain.com` will now be proxied
+by Kong to the two defined targets; 2/3 of the requests will go to
+`http://192.168.34.15:80/address` (`weight=100`), and 1/3 will go to
+`http://192.168.34.16:80/address` (`weight=50`).
+
+Before deploying version 2 of the address service, set up the "Green"
+environment:
+
+```bash
+# create a new Green upstream for address service v2
+$ curl -X POST http://kong:8001/upstreams \
+    --data "name=address.v2.service"
+
+# add targets to the upstream
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.17:80"
+    --data "weight=100"
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.18:80"
+    --data "weight=100"
+```
+
+To activate the Blue/Green switch, we now only need to update the Service:
+
+```bash
+# Switch the Service from Blue to Green upstream, v1 -> v2
+$ curl -X PATCH http://kong:8001/services/address-service \
+    --data "host=address.v2.service"
+```
+
+Incoming requests with host header set to `address.mydomain.com` will now be
+proxied by Kong to the new targets; 1/2 of the requests will go to
+`http://192.168.34.17:80/address` (`weight=100`), and the other 1/2 will go to
+`http://192.168.34.18:80/address` (`weight=100`).
+
+As always, the changes through the Kong Admin API are dynamic and will take
+effect immediately. No reload or restart is required, and no in progress
+requests will be dropped.
+
+[Back to TOC](#table-of-contents)
+
+# Canary Releases
+
+Using the ring-balancer, target weights can be adjusted granularly, allowing
+for a smooth, controlled [canary release][blue-green-canary].
+
+Using a very simple 2 target example:
+
+```bash
+# first target at 1000
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.17:80"
+    --data "weight=1000"
+
+# second target at 0
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.18:80"
+    --data "weight=0"
+```
+
+By repeating the requests, but altering the weights each time, traffic will
+slowly be routed towards the other target. For example, set it at 10%:
+
+```bash
+# first target at 900
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.17:80"
+    --data "weight=900"
+
+# second target at 100
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.18:80"
+    --data "weight=100"
+```
+
+The changes through the Kong Admin API are dynamic and will take
+effect immediately. No reload or restart is required, and no in progress
+requests will be dropped.
+
+[Back to TOC](#table-of-contents)
+
+[upstream-object-reference]: /{{page.kong_version}}/admin-api#upstream-object
+[target-object-reference]: /{{page.kong_version}}/admin-api#target-object
+[dns-order-config]: /{{page.kong_version}}/configuration/#dns_order
+[real-ip-config]: /{{page.kong_version}}/configuration/#real_ip_header
+[blue-green-canary]: http://blog.christianposta.com/deploy/blue-green-deployments-a-b-testing-and-canary-releases/
diff --git a/app/1.3.x/logging.md b/app/1.3.x/logging.md
new file mode 100644
index 000000000000..33008a60099c
--- /dev/null
+++ b/app/1.3.x/logging.md
@@ -0,0 +1,151 @@
+---
+title: Logging Reference
+toc: false
+---
+
+## Removing Certain Elements From Your Kong Logs
+
+With new regulations surrounding protecting private data like GDPR, there is a chance you may need to change your logging habits. If you use Kong as your API Gateway, this can be done in a single location to take effect on all of your APIs. This guide will walk you through one approach to accomplishing this, but there are always different approaches for different needs. Please note, these changes will effect the output of the NGINX access logs. This will not have any effect on Kong's logging plugins.
+
+For this example, let’s say you want to remove any instances of an email address from your kong logs. The emails addresses may come through in different ways, for example something like `/apiname/v2/verify/alice@example.com` or `/v3/verify?alice@example.com`. In order to keep these from being added to the logs, we will need to use a custom NGINX template.
+
+## Log Levels
+
+Log levels are set in [Kong's configuration](/{{page.kong_version}}/configuration/#log_level). Following are the log levels in increasing order of their severity, `debug`, `info`,
+`notice`, `warn`, `error` and `crit`.
+
+- *`debug`:* It provides debug information about the plugin's runloop and each individual plugin or other components. Only to be used during debugging since it is too chatty.
+- *`info`/`notice`:* Kong does not make a big difference between both these levels. Provides information about normal behavior most of which can be ignored.
+- *`warn`:* To log any abnormal behavior that doesn't result in dropped transactions but requires further investigation, `warn` level should be used.
+- *`error`:* Used for logging errors that result in a request being dropped (for example getting  an HTTP 500 error). The rate of such logs need to be monitored.
+- *`crit`:* This level is used when Kong is working under critical conditions and not working properly thereby affecting several clients. Nginx also provides `alert` and `emerg` levels but currently Kong doesn't make use of these levels making `crit` the highest severity log level.
+
+By default `notice` is the log level that used and also recommended. However if the logs turn out to be too chatty they can be bumped up to a higher level like `warn`.
+
+## Removing Certain Elements From Your Kong Logs
+
+With new regulations surrounding protecting private data like GDPR, there is a chance you may need to change your logging habits. If you use Kong as your API Gateway, this can be done in a single location to take effect on all of your Services. This guide will walk you through one approach to accomplishing this, but there are always different approaches for different needs. Please note, these changes will effect the output of the NGINX access logs. This will not have any effect on Kong's logging plugins.
+
+For this example, let’s say you want to remove any instances of an email address from your kong logs. The emails addresses may come through in different ways, for example something like `/servicename/v2/verify/alice@example.com` or `/v3/verify?alice@example.com`. In order to keep these from being added to the logs, we will need to use a custom NGINX template.
+
+To start using a custom NGINX template, first get a copy of our template. This can be found [https://docs.konghq.com/latest/configuration/#custom-nginx-templates-embedding-kong](https://docs.konghq.com/latest/configuration/#custom-nginx-templates-embedding-kong) or copied from below
+
+```
+# ---------------------
+# custom_nginx.template
+# ---------------------
+
+worker_processes ${{NGINX_WORKER_PROCESSES}}; # can be set by kong.conf
+daemon ${{NGINX_DAEMON}};                     # can be set by kong.conf
+
+pid pids/nginx.pid;                      # this setting is mandatory
+error_log logs/error.log ${{LOG_LEVEL}}; # can be set by kong.conf
+
+events {
+    use epoll; # custom setting
+    multi_accept on;
+}
+
+http {
+    # include default Kong Nginx config
+    include 'nginx-kong.conf';
+
+    # custom server
+    server {
+        listen 8888;
+        server_name custom_server;
+
+        location / {
+          ... # etc
+        }
+    }
+}
+```
+
+In order to control what is placed in the logs, we will be using the NGINX map module in our template. For more detailed information abut using the map directive, please see [this guide](http://nginx.org/en/docs/http/ngx_http_map_module.html). This will create a new variable whose value depends on values of one or more of the source variables specified in the first parameter. The format is:
+
+```
+
+map $paramater_to_look_at $variable_name {
+    pattern_to_look_for 0;
+    second_pattern_to_look_for 0;
+
+    default 1;
+}
+```
+
+For this example, we will be mapping a new variable called `keeplog` which is dependent on certain values appearing in the `$request_uri`. We will be placing our map directive right at the start of the http block, this must be before `include 'nginx-kong.conf';`. So, for our example, we will add something along the lines of:
+
+```
+map $request_uri $keeplog {
+    ~.+\@.+\..+ 0;
+    ~/servicename/v2/verify 0;
+    ~/v3/verify 0;
+
+    default 1;
+}
+```
+
+You’ll probably notice that each of those lines start with a tilde. This is what tells NGINX to use RegEx when evaluating the line. We have three things to look for in this example:
+- The first line uses regex to look for any email address in the x@y.z format
+- The second line looks for any part of the URI which is /servicename/v2/verify
+- The third line looks at any part of the URI which contains /v3/verify
+
+Because all of those have a value of something other than 0, if a request has one of those elements, it will not be added to the log.
+
+Now, we need to set the log format for what we will keep in the logs. We will use the `log_format` module and assign our new logs a name of show_everything. The contents of the log can be customized for you needs, but for this example, I will simply change everything back to the Kong standards. To see the full list of options you can use, please refer to [this guide](https://nginx.org/en/docs/http/ngx_http_core_module.html#variables).
+
+```
+log_format show_everything '$remote_addr - $remote_user [$time_local] '
+    '$request_uri $status $body_bytes_sent '
+    '"$http_referer" "$http_user_agent"';
+```
+
+Now, our custom NGINX template is all ready to be used. If you have been following along, your file should now be look like this:
+
+```
+# ---------------------
+# custom_nginx.template
+# ---------------------
+
+worker_processes ${{NGINX_WORKER_PROCESSES}}; # can be set by kong.conf
+daemon ${{NGINX_DAEMON}};                     # can be set by kong.conf
+
+pid pids/nginx.pid;                      # this setting is mandatory
+error_log stderr ${{LOG_LEVEL}}; # can be set by kong.conf
+
+
+
+events {
+    use epoll; # custom setting
+    multi_accept on;
+}
+
+http {
+
+
+    map $request_uri $keeplog {
+        ~.+\@.+\..+ 0;
+        ~/v1/invitation/ 0;
+        ~/reset/v1/customer/password/token 0;
+        ~/v2/verify 0;
+
+        default 1;
+    }
+    log_format show_everything '$remote_addr - $remote_user [$time_local] '
+        '$request_uri $status $body_bytes_sent '
+        '"$http_referer" "$http_user_agent"';
+
+    include 'nginx-kong.conf';
+}
+```
+
+The last thing we need to do is tell Kong to use the newly created log, `show_everything`. To do this, we will be altering the Kong variable `prpxy_access_log`. Either by opening and editing `etc/kong/kong.conf` or by using an environmental variable `KONG_PROXY_ACCESS_LOG=` you will want to mend the default location to show
+
+```
+proxy_access_log=logs/access.log show_everything if=$keeplog
+```
+
+The final step in the process to make all the changes take effect is to restart kong. you can use the `kong restart` command to do so.
+
+Now, any requests made with an email address in it will no longer be logged. Of course, we can use this logic to remove anything we want from the logs on a conditional manner.
diff --git a/app/1.3.x/network.md b/app/1.3.x/network.md
new file mode 100644
index 000000000000..0875cfe153d2
--- /dev/null
+++ b/app/1.3.x/network.md
@@ -0,0 +1,70 @@
+---
+title: Network & Firewall
+---
+
+## Introduction
+
+In this section you will find a summary about the recommended network and firewall settings for Kong.
+
+## Ports
+
+Kong uses multiple connections for different purposes.
+
+* proxy
+* admin api
+
+### Proxy
+
+The proxy ports is where Kong receives its incoming traffic. There are two ports with the following defaults:
+
+* `8000` for proxying HTTP traffic, and
+* `8443` for proxying HTTPS traffic
+
+See [proxy_listen] for more details on HTTP/HTTPS proxy listen options. For production environment it is common
+to change HTTP and HTTPS listen ports to `80` and `443`.
+
+Kong can also proxy TCP/TLS streams. The stream proxying is disabled by default. See [stream_listen] for
+additional details on stream proxy listen options, and how to enable it (if you plan to proxy anything other than
+HTTP/HTTPS traffic).
+
+In general the proxy ports are the **only ports** that should be made available to your clients.
+
+### Admin API
+
+This is the port where Kong exposes its management API. Hence in production this port should be firewalled to protect
+it from unauthorized access.
+
+* `8001` provides Kong's **Admin API** that you can use to operate Kong with HTTP. See [admin_listen].
+* `8444` provides the same Kong **Admin API** but using HTTPS. See [admin_listen] and the `ssl` suffix.
+
+## Firewall
+
+Below are the recommended firewall settings:
+
+* The upstream Services behind Kong will be available via the [proxy_listen] interface/port values.
+  Configure these values according to the access level you wish to grant to the upstream Services.
+* If you are binding the Admin API to a public-facing interface (via [admin_listen]), then **protect** it to only
+  allow trusted clients to access the Admin API. See also [Securing the Admin API][secure_admin_api].
+* Your proxy will need have rules added for any HTTP/HTTPS and TCP/TLS stream listeners that you configure.
+  For example, if you want Kong to manage traffic on port `4242`, your firewall will need to allow traffic
+  on said port.
+
+#### Transparent Proxying
+
+It is worth mentioning that the `transparent` listen option may be applied to [proxy_listen]
+and [stream_listen] configuration. With packet filtering such as `iptables` (Linux) or `pf` (macOS/BSDs)
+or with hardware routers/switches, you can specify pre-routing or redirection rules for TCP packets that
+allow you to mangle the original destination address and port. For example a HTTP request with a destination
+address of `10.0.0.1`, and a destination port of `80` can be redirected to `127.0.0.1` at port `8000`.
+To make this work, you need (with Linux) to add the `transparent` listen option to Kong proxy,
+`proxy_listen=8000 transparent`. This allows Kong to see the original destination for the request
+(`10.0.0.1:80`) even when Kong didn't actually listen to it directly. With this information,
+Kong can route the request correctly. The `transparent` listen option should only be used with Linux.
+macOS/BSDs allow transparent proxying without `transparent` listen option. With Linux you may also need
+to start Kong as a `root` user or set the needed capabilities for the executable.
+
+
+[proxy_listen]: /{{page.kong_version}}/configuration/#proxy_listen
+[stream_listen]: /{{page.kong_version}}/configuration/#stream_listen
+[admin_listen]: /{{page.kong_version}}/configuration/#admin_listen
+[secure_admin_api]: /{{page.kong_version}}/secure-admin-api
diff --git a/app/1.3.x/pdk/index.md b/app/1.3.x/pdk/index.md
new file mode 100644
index 000000000000..2f951970b6c4
--- /dev/null
+++ b/app/1.3.x/pdk/index.md
@@ -0,0 +1,176 @@
+---
+title: PDK
+pdk: true
+toc: true
+---
+
+## Plugin Development Kit
+
+The Plugin Development Kit (or "PDK") is set of Lua functions and variables
+ that can be used by plugins to implement their own logic.  The PDK is a
+ [Semantically Versioned](https://semver.org/) component, originally
+ released in Kong 0.14.0. The PDK will be guaranteed to be forward-compatible
+ from its 1.0.0 release and on.
+
+ As of this release, the PDK has not yet reached 1.0.0, but plugin authors
+ can already depend on it for a safe and reliable way of interacting with the
+ request, response, or the core components.
+
+ The Plugin Development Kit is accessible from the `kong` global variable,
+ and various functionalities are namespaced under this table, such as
+ `kong.request`, `kong.log`, etc...
+
+
+
+
+### kong.version
+
+A human-readable string containing the version number of the currently
+ running node.
+
+**Usage**
+
+``` lua
+print(kong.version) -- "0.14.0"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.version_num
+
+An integral number representing the version number of the currently running
+ node, useful for comparison and feature-existence checks.
+
+**Usage**
+
+``` lua
+if kong.version_num < 13000 then -- 000.130.00 -> 0.13.0
+  -- no support for Routes & Services
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.pdk_major_version
+
+A number representing the major version of the current PDK (e.g.
+ `1`). Useful for feature-existence checks or backwards-compatible behavior
+ as users of the PDK.
+
+
+**Usage**
+
+``` lua
+if kong.pdk_version_num < 2 then
+  -- PDK is below version 2
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.pdk_version
+
+A human-readable string containing the version number of the current PDK.
+
+**Usage**
+
+``` lua
+print(kong.pdk_version) -- "1.0.0"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.configuration
+
+A read-only table containing the configuration of the current Kong node,
+ based on the configuration file and environment variables.
+
+ See [kong.conf.default](https://github.com/Kong/kong/blob/master/kong.conf.default)
+ for details.
+
+ Comma-separated lists in that file get promoted to arrays of strings in this
+ table.
+
+
+**Usage**
+
+``` lua
+print(kong.configuration.prefix) -- "/usr/local/kong"
+-- this table is read-only; the following throws an error:
+kong.configuration.prefix = "foo"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+
+
+### kong.db
+
+Instance of Kong's DAO (the `kong.db` module).  Contains accessor objects
+ to various entities.
+
+ A more thorough documentation of this DAO and new schema definitions is to
+ be made available in the future.
+
+
+**Usage**
+
+``` lua
+kong.db.services:insert()
+kong.db.routes:select()
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.dns
+
+Instance of Kong's DNS resolver, a client object from the
+ [lua-resty-dns-client](https://github.com/kong/lua-resty-dns-client) module.
+
+ **Note:** usage of this module is currently reserved to the core or to
+ advanced users.
+
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.worker_events
+
+Instance of Kong's IPC module for inter-workers communication from the
+ [lua-resty-worker-events](https://github.com/Kong/lua-resty-worker-events)
+ module.
+
+ **Note:** usage of this module is currently reserved to the core or to
+ advanced users.
+
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.cluster_events
+
+Instance of Kong's cluster events module for inter-nodes communication.
+
+ **Note:** usage of this module is currently reserved to the core or to
+ advanced users.
+
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.cache
+
+Instance of Kong's database caching object, from the `kong.cache` module.
+
+ **Note:** usage of this module is currently reserved to the core or to
+ advanced users.
+
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/1.3.x/pdk/kong.client.md b/app/1.3.x/pdk/kong.client.md
new file mode 100644
index 000000000000..38fa202ccd5e
--- /dev/null
+++ b/app/1.3.x/pdk/kong.client.md
@@ -0,0 +1,262 @@
+---
+title: kong.client
+pdk: true
+toc: true
+---
+
+## kong.client
+
+Client information module
+ A set of functions to retrieve information about the client connecting to
+ Kong in the context of a given request.
+
+ See also:
+ [nginx.org/en/docs/http/ngx_http_realip_module.html](http://nginx.org/en/docs/http/ngx_http_realip_module.html)
+
+
+
+### kong.client.get_ip()
+
+Returns the remote address of the client making the request.  This will
+ **always** return the address of the client directly connecting to Kong.
+ That is, in cases when a load balancer is in front of Kong, this function
+ will return the load balancer's address, and **not** that of the
+ downstream client.
+
+
+**Phases**
+
+* certificate, rewrite, access, header_filter, body_filter, log
+
+**Returns**
+
+* `string` ip The remote address of the client making the request
+
+
+**Usage**
+
+``` lua
+-- Given a client with IP 127.0.0.1 making connection through
+-- a load balancer with IP 10.0.0.1 to Kong answering the request for
+-- https://example.com:1234/v1/movies
+kong.client.get_ip() -- "10.0.0.1"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.client.get_forwarded_ip()
+
+Returns the remote address of the client making the request.  Unlike
+ `kong.client.get_ip`, this function will consider forwarded addresses in
+ cases when a load balancer is in front of Kong. Whether this function
+ returns a forwarded address or not depends on several Kong configuration
+ parameters:
+
+ * [trusted\_ips](https://getkong.org/docs/latest/configuration/#trusted_ips)
+ * [real\_ip\_header](https://getkong.org/docs/latest/configuration/#real_ip_header)
+ * [real\_ip\_recursive](https://getkong.org/docs/latest/configuration/#real_ip_recursive)
+
+
+**Phases**
+
+* certificate, rewrite, access, header_filter, body_filter, log
+
+**Returns**
+
+* `string`  ip The remote address of the client making the request,
+ considering forwarded addresses
+
+
+
+**Usage**
+
+``` lua
+-- Given a client with IP 127.0.0.1 making connection through
+-- a load balancer with IP 10.0.0.1 to Kong answering the request for
+-- https://username:password@example.com:1234/v1/movies
+
+kong.request.get_forwarded_ip() -- "127.0.0.1"
+
+-- Note: assuming that 10.0.0.1 is one of the trusted IPs, and that
+-- the load balancer adds the right headers matching with the configuration
+-- of `real_ip_header`, e.g. `proxy_protocol`.
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.client.get_port()
+
+Returns the remote port of the client making the request.  This will
+ **always** return the port of the client directly connecting to Kong. That
+ is, in cases when a load balancer is in front of Kong, this function will
+ return load balancer's port, and **not** that of the downstream client.
+
+**Phases**
+
+* certificate, rewrite, access, header_filter, body_filter, log
+
+**Returns**
+
+* `number` The remote client port
+
+
+**Usage**
+
+``` lua
+-- [client]:40000 <-> 80:[balancer]:30000 <-> 80:[kong]:20000 <-> 80:[service]
+kong.client.get_port() -- 30000
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.client.get_forwarded_port()
+
+Returns the remote port of the client making the request.  Unlike
+ `kong.client.get_port`, this function will consider forwarded ports in cases
+ when a load balancer is in front of Kong. Whether this function returns a
+ forwarded port or not depends on several Kong configuration parameters:
+
+ * [trusted\_ips](https://getkong.org/docs/latest/configuration/#trusted_ips)
+ * [real\_ip\_header](https://getkong.org/docs/latest/configuration/#real_ip_header)
+ * [real\_ip\_recursive](https://getkong.org/docs/latest/configuration/#real_ip_recursive)
+
+**Phases**
+
+* certificate, rewrite, access, header_filter, body_filter, log
+
+**Returns**
+
+* `number` The remote client port, considering forwarded ports
+
+
+**Usage**
+
+``` lua
+-- [client]:40000 <-> 80:[balancer]:30000 <-> 80:[kong]:20000 <-> 80:[service]
+kong.client.get_forwarded_port() -- 40000
+
+-- Note: assuming that [balancer] is one of the trusted IPs, and that
+-- the load balancer adds the right headers matching with the configuration
+-- of `real_ip_header`, e.g. `proxy_protocol`.
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.client.get_credential()
+
+Returns the credentials of the currently authenticated consumer.
+ If not set yet, it returns `nil`.
+
+**Phases**
+
+* access, header_filter, body_filter, log
+
+**Returns**
+
+*  the authenticated credential
+
+
+**Usage**
+
+``` lua
+local credential = kong.client.get_credential()
+if credential then
+  consumer_id = credential.consumer_id
+else
+  -- request not authenticated yet
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.client.get_consumer()
+
+Returns the `consumer` entity of the currently authenticated consumer.
+ If not set yet, it returns `nil`.
+
+**Phases**
+
+* access, header_filter, body_filter, log
+
+**Returns**
+
+* `table` the authenticated consumer entity
+
+
+**Usage**
+
+``` lua
+local consumer = kong.client.get_consumer()
+if consumer then
+  consumer_id = consumer.id
+else
+  -- request not authenticated yet, or a credential
+  -- without a consumer (external auth)
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.client.authenticate(consumer, credential)
+
+Sets the authenticated consumer and/or credential for the current request.
+ While both `consumer` and `credential` can be `nil`, it is required
+ that at least one of them exists. Otherwise this function will throw an
+ error.
+
+**Phases**
+
+* access
+
+**Parameters**
+
+* **consumer** (table|nil):  The consumer to set. Note: if no
+ value is provided, then any existing value will be cleared!
+* **credential** (table|nil):  The credential to set. Note: if
+ no value is provided, then any existing value will be cleared!
+
+**Usage**
+
+``` lua
+-- assuming `credential` and `consumer` have been set by some authentication code
+kong.client.authenticate(consumer, credentials)
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.client.get_protocol(allow_terminated)
+
+Returns the protocol matched by the current route (`"http"`, `"https"`, `"tcp"` or
+ `"tls"`), or `nil`, if no route has been matched, which can happen when dealing with
+ erroneous requests.
+
+**Phases**
+
+* access, header_filter, body_filter, log
+
+**Parameters**
+
+* **allow_terminated** ([opt]):  boolean. If set, the `X-Forwarded-Proto` header will be checked when checking for https
+
+**Returns**
+
+1.  `string|nil` `"http"`, `"https"`, `"tcp"`, `"tls"` or `nil`
+
+1.  `nil|err` nil if success, or error message if failure
+
+
+**Usage**
+
+``` lua
+kong.client.get_protocol() -- "http"
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/1.3.x/pdk/kong.ctx.md b/app/1.3.x/pdk/kong.ctx.md
new file mode 100644
index 000000000000..c44dc7e8a776
--- /dev/null
+++ b/app/1.3.x/pdk/kong.ctx.md
@@ -0,0 +1,106 @@
+---
+title: kong.ctx
+pdk: true
+toc: true
+---
+
+## kong.ctx
+
+Current request context data
+
+
+
+### kong.ctx.shared
+
+A table that has the lifetime of the current request and is shared between
+ all plugins.  It can be used to share data between several plugins in a given
+ request.
+
+ Since only relevant in the context of a request, this table cannot be
+ accessed from the top-level chunk of Lua modules. Instead, it can only be
+ accessed in request phases, which are represented by the `rewrite`,
+ `access`, `header_filter`, `body_filter`, and `log` phases of the plugin
+ interfaces.  Accessing this table in those functions (and their callees) is
+ fine.
+
+ Values inserted in this table by a plugin will be visible by all other
+ plugins.  One must use caution when interacting with its values, as a naming
+ conflict could result in the overwrite of data.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log
+
+**Usage**
+
+``` lua
+-- Two plugins A and B, and if plugin A has a higher priority than B's
+-- (it executes before B):
+
+-- plugin A handler.lua
+function plugin_a_handler:access(conf)
+  kong.ctx.shared.foo = "hello world"
+
+  kong.ctx.shared.tab = {
+    bar = "baz"
+  }
+end
+
+-- plugin B handler.lua
+function plugin_b_handler:access(conf)
+  kong.log(kong.ctx.shared.foo) -- "hello world"
+  kong.log(kong.ctx.shared.tab.bar) -- "baz"
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.ctx.plugin
+
+A table that has the lifetime of the current request - Unlike
+ `kong.ctx.shared`, this table is **not** shared between plugins.   Instead,
+ it is only visible for the current plugin _instance_. That is, if several
+ instances of the rate-limiting plugin are configured (e.g. on different
+ Services), each instance has its own table, for every request.
+
+ Because of its namespaced nature, this table is safer for a plugin to use
+ than `kong.ctx.shared` since it avoids potential naming conflicts, which
+ could lead to several plugins unknowingly overwrite each other's data.
+
+ Since only relevant in the context of a request, this table cannot be
+ accessed from the top-level chunk of Lua modules. Instead, it can only be
+ accessed in request phases, which are represented by the `rewrite`,
+ `access`, `header_filter`, `body_filter`, and `log` phases of the plugin
+ interfaces.  Accessing this table in those functions (and their callees) is
+ fine.
+
+ Values inserted in this table by a plugin will be visible in successful
+ phases of this plugin's instance only. For example, if a plugin wants to
+ save some value for post-processing during the `log` phase:
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log
+
+**Usage**
+
+``` lua
+-- plugin handler.lua
+
+function plugin_handler:access(conf)
+  kong.ctx.plugin.val_1 = "hello"
+  kong.ctx.plugin.val_2 = "world"
+end
+
+function plugin_handler:log(conf)
+  local value = kong.ctx.plugin.val_1 .. " " .. kong.ctx.plugin.val_2
+
+  kong.log(value) -- "hello world"
+end
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/1.3.x/pdk/kong.ip.md b/app/1.3.x/pdk/kong.ip.md
new file mode 100644
index 000000000000..86c74d21942e
--- /dev/null
+++ b/app/1.3.x/pdk/kong.ip.md
@@ -0,0 +1,51 @@
+---
+title: kong.ip
+pdk: true
+toc: true
+---
+
+## kong.ip
+
+Trusted IPs module
+
+ This module can be used to determine whether or not a given IP address is
+ in the range of trusted IP addresses defined by the `trusted_ips` configuration
+ property.
+
+ Trusted IP addresses are those that are known to send correct replacement
+ addresses for clients (as per the chosen header field, e.g. X-Forwarded-*).
+
+ See [docs.konghq.com/latest/configuration/#trusted_ips](https://docs.konghq.com/latest/configuration/#trusted_ips)
+
+
+
+
+### kong.ip.is_trusted(address)
+
+Depending on the `trusted_ips` configuration property,
+ this function will return whether a given ip is trusted or not  Both ipv4 and ipv6 are supported.
+
+
+**Phases**
+
+* init_worker, certificate, rewrite, access, header_filter, body_filter, log
+
+**Parameters**
+
+* **address** (string):  A string representing an IP address
+
+**Returns**
+
+* `boolean` `true` if the IP is trusted, `false` otherwise
+
+
+**Usage**
+
+``` lua
+if kong.ip.is_trusted("1.1.1.1") then
+  kong.log("The IP is trusted")
+end
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/1.3.x/pdk/kong.log.md b/app/1.3.x/pdk/kong.log.md
new file mode 100644
index 000000000000..1914b5d02f3c
--- /dev/null
+++ b/app/1.3.x/pdk/kong.log.md
@@ -0,0 +1,261 @@
+---
+title: kong.log
+pdk: true
+toc: true
+---
+
+## kong.log
+
+This namespace contains an instance of a "logging facility", which is a
+ table containing all of the methods described below.
+
+ This instance is namespaced per plugin, and Kong will make sure that before
+ executing a plugin, it will swap this instance with a logging facility
+ dedicated to the plugin. This allows the logs to be prefixed with the
+ plugin's name for debugging purposes.
+
+
+
+
+### kong.log(...)
+
+Write a log line to the location specified by the current Nginx
+ configuration block's `error_log` directive, with the `notice` level (similar
+ to `print()`).
+
+ The Nginx `error_log` directive is set via the `log_level`, `proxy_error_log`
+ and `admin_error_log` Kong configuration properties.
+
+ Arguments given to this function will be concatenated similarly to
+ `ngx.log()`, and the log line will report the Lua file and line number from
+ which it was invoked. Unlike `ngx.log()`, this function will prefix error
+ messages with `[kong]` instead of `[lua]`.
+
+ Arguments given to this function can be of any type, but table arguments
+ will be converted to strings via `tostring` (thus potentially calling a
+ table's `__tostring` metamethod if set). This behavior differs from
+ `ngx.log()` (which only accepts table arguments if they define the
+ `__tostring` metamethod) with the intent to simplify its usage and be more
+ forgiving and intuitive.
+
+ Produced log lines have the following format when logging is invoked from
+ within the core:
+
+ ``` plain
+ [kong] %file_src:%line_src %message
+ ```
+
+ In comparison, log lines produced by plugins have the following format:
+
+ ``` plain
+ [kong] %file_src:%line_src [%namespace] %message
+ ```
+
+ Where:
+
+ * `%namespace`: is the configured namespace (the plugin name in this case).
+ * `%file_src`: is the file name from where the log was called from.
+ * `%line_src`: is the line number from where the log was called from.
+ * `%message`: is the message, made of concatenated arguments given by the caller.
+
+ For example, the following call:
+
+ ``` lua
+ kong.log("hello ", "world")
+ ```
+
+ would, within the core, produce a log line similar to:
+
+ ``` plain
+ 2017/07/09 19:36:25 [notice] 25932#0: *1 [kong] some_file.lua:54 hello world, client: 127.0.0.1, server: localhost, request: "GET /log HTTP/1.1", host: "localhost"
+ ```
+
+ If invoked from within a plugin (e.g. `key-auth`) it would include the
+ namespace prefix, like so:
+
+ ``` plain
+ 2017/07/09 19:36:25 [notice] 25932#0: *1 [kong] some_file.lua:54 [key-auth] hello world, client: 127.0.0.1, server: localhost, request: "GET /log HTTP/1.1", host: "localhost"
+ ```
+
+
+**Phases**
+
+* init_worker, certificate, rewrite, access, header_filter, body_filter, log
+
+**Parameters**
+
+* **...** :  all params will be concatenated and stringified before being sent to the log
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.log("hello ", "world") -- alias to kong.log.notice()
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.log.LEVEL(...)
+
+Similar to `kong.log()`, but the produced log will have the severity given by
+ `<level>`, instead of `notice`.  The supported levels are:
+
+ * `kong.log.alert()`
+ * `kong.log.crit()`
+ * `kong.log.err()`
+ * `kong.log.warn()`
+ * `kong.log.notice()`
+ * `kong.log.info()`
+ * `kong.log.debug()`
+
+ Logs have the same format as that of `kong.log()`. For
+ example, the following call:
+
+ ``` lua
+  kong.log.err("hello ", "world")
+ ```
+
+ would, within the core, produce a log line similar to:
+
+ ``` plain
+ 2017/07/09 19:36:25 [error] 25932#0: *1 [kong] some_file.lua:54 hello world, client: 127.0.0.1, server: localhost, request: "GET /log HTTP/1.1", host: "localhost"
+ ```
+
+ If invoked from within a plugin (e.g. `key-auth`) it would include the
+ namespace prefix, like so:
+
+ ``` plain
+ 2017/07/09 19:36:25 [error] 25932#0: *1 [kong] some_file.lua:54 [key-auth] hello world, client: 127.0.0.1, server: localhost, request: "GET /log HTTP/1.1", host: "localhost"
+ ```
+
+
+**Phases**
+
+* init_worker, certificate, rewrite, access, header_filter, body_filter, log
+
+**Parameters**
+
+* **...** :  all params will be concatenated and stringified before being sent to the log
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.log.warn("something require attention")
+kong.log.err("something failed: ", err)
+kong.log.alert("something requires immediate action")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.log.inspect(...)
+
+Like `kong.log()`, this function will produce a log with the `notice` level,
+ and accepts any number of arguments as well.  If inspect logging is disabled
+ via `kong.log.inspect.off()`, then this function prints nothing, and is
+ aliased to a "NOP" function in order to save CPU cycles.
+
+ ``` lua
+ kong.log.inspect("...")
+ ```
+
+ This function differs from `kong.log()` in the sense that arguments will be
+ concatenated with a space(`" "`), and each argument will be
+ "pretty-printed":
+
+ * numbers will printed (e.g. `5` -> `"5"`)
+ * strings will be quoted (e.g. `"hi"` -> `'"hi"'`)
+ * array-like tables will be rendered (e.g. `{1,2,3}` -> `"{1, 2, 3}"`)
+ * dictionary-like tables will be rendered on multiple lines
+
+ This function is intended for use with debugging purposes in mind, and usage
+ in production code paths should be avoided due to the expensive formatting
+ operations it can perform. Existing statements can be left in production code
+ but nopped by calling `kong.log.inspect.off()`.
+
+ When writing logs, `kong.log.inspect()` always uses its own format, defined
+ as:
+
+ ``` plain
+ %file_src:%func_name:%line_src %message
+ ```
+
+ Where:
+
+ * `%file_src`: is the file name from where the log was called from.
+ * `%func_name`: is the name of the function from where the log was called
+   from.
+ * `%line_src`: is the line number from where the log was called from.
+ * `%message`: is the message, made of concatenated, pretty-printed arguments
+   given by the caller.
+
+ This function uses the [inspect.lua](https://github.com/kikito/inspect.lua)
+ library to pretty-print its arguments.
+
+
+**Phases**
+
+* init_worker, certificate, rewrite, access, header_filter, body_filter, log
+
+**Parameters**
+
+* **...** :  Parameters will be concatenated with spaces between them and
+ rendered as described
+
+**Usage**
+
+``` lua
+kong.log.inspect("some value", a_variable)
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.log.inspect.on()
+
+Enables inspect logs for this logging facility.  Calls to
+ `kong.log.inspect` will be writing log lines with the appropriate
+ formatting of arguments.
+
+
+**Phases**
+
+* init_worker, certificate, rewrite, access, header_filter, body_filter, log
+
+**Usage**
+
+``` lua
+kong.log.inspect.on()
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.log.inspect.off()
+
+Disables inspect logs for this logging facility.  All calls to
+ `kong.log.inspect()` will be nopped.
+
+
+**Phases**
+
+* init_worker, certificate, rewrite, access, header_filter, body_filter, log
+
+**Usage**
+
+``` lua
+kong.log.inspect.off()
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/1.3.x/pdk/kong.nginx.md b/app/1.3.x/pdk/kong.nginx.md
new file mode 100644
index 000000000000..b67b70d93ac9
--- /dev/null
+++ b/app/1.3.x/pdk/kong.nginx.md
@@ -0,0 +1,36 @@
+---
+title: kong.nginx
+pdk: true
+toc: true
+---
+
+## kong.nginx
+
+Nginx information module
+ A set of functions allowing to retrieve Nginx-specific implementation
+ details and meta information.
+
+
+
+### kong.nginx.get_subsystem()
+
+Returns the current Nginx subsystem this function is called from: "http"
+ or "stream".
+
+**Phases**
+
+* any
+
+**Returns**
+
+* `string` subsystem Either `"http"` or `"stream"`
+
+
+**Usage**
+
+``` lua
+kong.nginx.get_subsystem() -- "http"
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/1.3.x/pdk/kong.node.md b/app/1.3.x/pdk/kong.node.md
new file mode 100644
index 000000000000..42f2b95506cc
--- /dev/null
+++ b/app/1.3.x/pdk/kong.node.md
@@ -0,0 +1,105 @@
+---
+title: kong.node
+pdk: true
+toc: true
+---
+
+## kong.node
+
+Node-level utilities
+
+
+
+### kong.node.get_id()
+
+Returns the id used by this node to describe itself.
+
+**Returns**
+
+* `string` The v4 UUID used by this node as its id
+
+
+**Usage**
+
+``` lua
+local id = kong.node.get_id()
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.node.get_memory_stats([unit[, scale]])
+
+Returns memory usage statistics about this node.
+
+**Parameters**
+
+* **unit** (string, _optional_):  The unit memory should be reported in. Can be
+ either of `b/B`, `k/K`, `m/M`, or `g/G` for bytes, kibibytes, mebibytes,
+ or gibibytes, respectively. Defaults to `b` (bytes).
+* **scale** (number, _optional_):  The number of digits to the right of the decimal
+ point. Defaults to 2.
+
+**Returns**
+
+* `table`  A table containing memory usage statistics for this node.
+ If `unit` is `b/B` (the default) reported values will be Lua numbers.
+ Otherwise, reported values will be a string with the unit as a suffix.
+
+
+**Usage**
+
+``` lua
+local res = kong.node.get_memory_stats()
+-- res will have the following structure:
+{
+  lua_shared_dicts = {
+    kong = {
+      allocated_slabs = 12288,
+      capacity = 24576
+    },
+    kong_db_cache = {
+      allocated_slabs = 12288,
+      capacity = 12288
+    }
+  },
+  workers_lua_vms = {
+    {
+      http_allocated_gc = 1102,
+      pid = 18004
+    },
+    {
+      http_allocated_gc = 1102,
+      pid = 18005
+    }
+  }
+}
+
+local res = kong.node.get_memory_stats("k", 1)
+-- res will have the following structure:
+{
+  lua_shared_dicts = {
+    kong = {
+      allocated_slabs = "12.0 KiB",
+      capacity = "24.0 KiB",
+    },
+    kong_db_cache = {
+      allocated_slabs = "12.0 KiB",
+      capacity = "12.0 KiB",
+    }
+  },
+  workers_lua_vms = {
+    {
+      http_allocated_gc = "1.1 KiB",
+      pid = 18004
+    },
+    {
+      http_allocated_gc = "1.1 KiB",
+      pid = 18005
+    }
+  }
+}
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/1.3.x/pdk/kong.request.md b/app/1.3.x/pdk/kong.request.md
new file mode 100644
index 000000000000..6dff1299e3fb
--- /dev/null
+++ b/app/1.3.x/pdk/kong.request.md
@@ -0,0 +1,599 @@
+---
+title: kong.request
+pdk: true
+toc: true
+---
+
+## kong.request
+
+Client request module
+ A set of functions to retrieve information about the incoming requests made
+ by clients.
+
+
+
+### kong.request.get_scheme()
+
+Returns the scheme component of the request's URL.  The returned value is
+ normalized to lower-case form.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` a string like `"http"` or `"https"`
+
+
+**Usage**
+
+``` lua
+-- Given a request to https://example.com:1234/v1/movies
+
+kong.request.get_scheme() -- "https"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_host()
+
+Returns the host component of the request's URL, or the value of the
+ "Host" header.  The returned value is normalized to lower-case form.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` the host
+
+
+**Usage**
+
+``` lua
+-- Given a request to https://example.com:1234/v1/movies
+
+kong.request.get_host() -- "example.com"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_port()
+
+Returns the port component of the request's URL.  The value is returned
+ as a Lua number.
+
+
+**Phases**
+
+* certificate, rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `number` the port
+
+
+**Usage**
+
+``` lua
+-- Given a request to https://example.com:1234/v1/movies
+
+kong.request.get_port() -- 1234
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_forwarded_scheme()
+
+Returns the scheme component of the request's URL, but also considers
+ `X-Forwarded-Proto` if it comes from a trusted source.  The returned
+ value is normalized to lower-case.
+
+ Whether this function considers `X-Forwarded-Proto` or not depends on
+ several Kong configuration parameters:
+
+ * [trusted\_ips](https://getkong.org/docs/latest/configuration/#trusted_ips)
+ * [real\_ip\_header](https://getkong.org/docs/latest/configuration/#real_ip_header)
+ * [real\_ip\_recursive](https://getkong.org/docs/latest/configuration/#real_ip_recursive)
+
+ **Note**: support for the Forwarded HTTP Extension (RFC 7239) is not
+ offered yet since it is not supported by ngx\_http\_realip\_module.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` the forwarded scheme
+
+
+**Usage**
+
+``` lua
+kong.request.get_forwarded_scheme() -- "https"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_forwarded_host()
+
+Returns the host component of the request's URL or the value of the "host"
+ header.  Unlike `kong.request.get_host()`, this function will also consider
+ `X-Forwarded-Host` if it comes from a trusted source. The returned value
+ is normalized to lower-case.
+
+ Whether this function considers `X-Forwarded-Proto` or not depends on
+ several Kong configuration parameters:
+
+ * [trusted\_ips](https://getkong.org/docs/latest/configuration/#trusted_ips)
+ * [real\_ip\_header](https://getkong.org/docs/latest/configuration/#real_ip_header)
+ * [real\_ip\_recursive](https://getkong.org/docs/latest/configuration/#real_ip_recursive)
+
+ **Note**: we do not currently offer support for Forwarded HTTP Extension
+ (RFC 7239) since it is not supported by ngx_http_realip_module.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` the forwarded host
+
+
+**Usage**
+
+``` lua
+kong.request.get_forwarded_host() -- "example.com"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_forwareded_port()
+
+Returns the port component of the request's URL, but also considers
+ `X-Forwarded-Host` if it comes from a trusted source.  The value
+ is returned as a Lua number.
+
+ Whether this function considers `X-Forwarded-Proto` or not depends on
+ several Kong configuration parameters:
+
+ * [trusted\_ips](https://getkong.org/docs/latest/configuration/#trusted_ips)
+ * [real\_ip\_header](https://getkong.org/docs/latest/configuration/#real_ip_header)
+ * [real\_ip\_recursive](https://getkong.org/docs/latest/configuration/#real_ip_recursive)
+
+ **Note**: we do not currently offer support for Forwarded HTTP Extension
+ (RFC 7239) since it is not supported by ngx_http_realip_module.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `number` the forwared port
+
+
+**Usage**
+
+``` lua
+kong.request.get_forwarded_port() -- 1234
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_http_version()
+
+Returns the HTTP version used by the client in the request as a Lua
+ number, returning values such as `"1.1"` and `"2.0."`, or `nil` for
+ unrecognized values.
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string|nil` the http version
+
+
+**Usage**
+
+``` lua
+kong.request.get_http_version() -- "1.1"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_method()
+
+Returns the HTTP method of the request.  The value is normalized to
+ upper-case.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` the request method
+
+
+**Usage**
+
+``` lua
+kong.request.get_method() -- "GET"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_path()
+
+Returns the path component of the request's URL.  It is not normalized in
+ any way and does not include the querystring.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` the path
+
+
+**Usage**
+
+``` lua
+-- Given a request to https://example.com:1234/v1/movies?movie=foo
+
+kong.request.get_path() -- "/v1/movies"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_path_with_query()
+
+Returns the path, including the querystring if any.  No
+ transformations/normalizations are done.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` the path with the querystring
+
+
+**Usage**
+
+``` lua
+-- Given a request to https://example.com:1234/v1/movies?movie=foo
+
+kong.request.get_path_with_query() -- "/v1/movies?movie=foo"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_raw_query()
+
+Returns the query component of the request's URL.  It is not normalized in
+ any way (not even URL-decoding of special characters) and does not
+ include the leading `?` character.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+*  string the query component of the request's URL
+
+
+**Usage**
+
+``` lua
+-- Given a request to https://example.com/foo?msg=hello%20world&bla=&bar
+
+kong.request.get_raw_query() -- "msg=hello%20world&bla=&bar"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_query_arg()
+
+Returns the value of the specified argument, obtained from the query
+ arguments of the current request.
+
+ The returned value is either a `string`, a boolean `true` if an
+ argument was not given a value, or `nil` if no argument with `name` was
+ found.
+
+ If an argument with the same name is present multiple times in the
+ querystring, this function will return the value of the first occurrence.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string|boolean|nil` the value of the argument
+
+
+**Usage**
+
+``` lua
+-- Given a request GET /test?foo=hello%20world&bar=baz&zzz&blo=&bar=bla&bar
+
+kong.request.get_query_arg("foo") -- "hello world"
+kong.request.get_query_arg("bar") -- "baz"
+kong.request.get_query_arg("zzz") -- true
+kong.request.get_query_arg("blo") -- ""
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_query([max_args])
+
+Returns the table of query arguments obtained from the querystring.  Keys
+ are query argument names. Values are either a string with the argument
+ value, a boolean `true` if an argument was not given a value, or an array
+ if an argument was given in the query string multiple times. Keys and
+ values are unescaped according to URL-encoded escaping rules.
+
+ Note that a query string `?foo&bar` translates to two boolean `true`
+ arguments, and `?foo=&bar=` translates to two string arguments containing
+ empty strings.
+
+ By default, this function returns up to **100** arguments. The optional
+ `max_args` argument can be specified to customize this limit, but must be
+ greater than **1** and not greater than **1000**.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Parameters**
+
+* **max_args** (number, _optional_):  set a limit on the maximum number of parsed
+ arguments
+
+**Returns**
+
+* `table` A table representation of the query string
+
+
+**Usage**
+
+``` lua
+-- Given a request GET /test?foo=hello%20world&bar=baz&zzz&blo=&bar=bla&bar
+
+for k, v in pairs(kong.request.get_query()) do
+  kong.log.inspect(k, v)
+end
+
+-- Will print
+-- "foo" "hello world"
+-- "bar" {"baz", "bla", true}
+-- "zzz" true
+-- "blo" ""
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_header(name)
+
+Returns the value of the specified request header.
+
+ The returned value is either a `string`, or can be `nil` if a header with
+ `name` was not found in the request. If a header with the same name is
+ present multiple times in the request, this function will return the value
+ of the first occurrence of this header.
+
+ Header names in are case-insensitive and are normalized to lowercase, and
+ dashes (`-`) can be written as underscores (`_`); that is, the header
+ `X-Custom-Header` can also be retrieved as `x_custom_header`.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Parameters**
+
+* **name** (string):  the name of the header to be returned
+
+**Returns**
+
+* `string|nil` the value of the header or nil if not present
+
+
+**Usage**
+
+``` lua
+-- Given a request with the following headers:
+
+-- Host: foo.com
+-- X-Custom-Header: bla
+-- X-Another: foo bar
+-- X-Another: baz
+
+kong.request.get_header("Host")            -- "foo.com"
+kong.request.get_header("x-custom-header") -- "bla"
+kong.request.get_header("X-Another")       -- "foo bar"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_headers([max_headers])
+
+Returns a Lua table holding the request headers.  Keys are header names.
+ Values are either a string with the header value, or an array of strings
+ if a header was sent multiple times. Header names in this table are
+ case-insensitive and are normalized to lowercase, and dashes (`-`) can be
+ written as underscores (`_`); that is, the header `X-Custom-Header` can
+ also be retrieved as `x_custom_header`.
+
+ By default, this function returns up to **100** headers. The optional
+ `max_headers` argument can be specified to customize this limit, but must
+ be greater than **1** and not greater than **1000**.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Parameters**
+
+* **max_headers** (number, _optional_):  set a limit on the maximum number of
+ parsed headers
+
+**Returns**
+
+* `table` the request headers in table form
+
+
+**Usage**
+
+``` lua
+-- Given a request with the following headers:
+
+-- Host: foo.com
+-- X-Custom-Header: bla
+-- X-Another: foo bar
+-- X-Another: baz
+local headers = kong.request.get_headers()
+
+headers.host            -- "foo.com"
+headers.x_custom_header -- "bla"
+headers.x_another[1]    -- "foo bar"
+headers["X-Another"][2] -- "baz"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_raw_body()
+
+Returns the plain request body.
+
+ If the body has no size (empty), this function returns an empty string.
+
+ If the size of the body is greater than the Nginx buffer size (set by
+ `client_body_buffer_size`), this function will fail and return an error
+ message explaining this limitation.
+
+
+**Phases**
+
+* rewrite, access, admin_api
+
+**Returns**
+
+* `string` the plain request body
+
+
+**Usage**
+
+``` lua
+-- Given a body with payload "Hello, Earth!":
+
+kong.request.get_raw_body():gsub("Earth", "Mars") -- "Hello, Mars!"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_body([mimetype[, max_args]])
+
+Returns the request data as a key/value table.
+ A high-level convenience function.
+ The body is parsed with the most appropriate format:
+
+ * If `mimetype` is specified:
+   * Decodes the body with the requested content type (if supported).
+ * If the request content type is `application/x-www-form-urlencoded`:
+   * Returns the body as form-encoded.
+ * If the request content type is `multipart/form-data`:
+   * Decodes the body as multipart form data
+     (same as `multipart(kong.request.get_raw_body(),
+     kong.request.get_header("Content-Type")):get_all()` ).
+ * If the request content type is `application/json`:
+   * Decodes the body as JSON
+     (same as `json.decode(kong.request.get_raw_body())`).
+   * JSON types are converted to matching Lua types.
+ * If none of the above, returns `nil` and an error message indicating the
+   body could not be parsed.
+
+ The optional argument `mimetype` can be one of the following strings:
+
+ * `application/x-www-form-urlencoded`
+ * `application/json`
+ * `multipart/form-data`
+
+ The optional argument `max_args` can be used to set a limit on the number
+ of form arguments parsed for `application/x-www-form-urlencoded` payloads.
+
+ The third return value is string containing the mimetype used to parsed
+ the body (as per the `mimetype` argument), allowing the caller to identify
+ what MIME type the body was parsed as.
+
+
+**Phases**
+
+* rewrite, access, admin_api
+
+**Parameters**
+
+* **mimetype** (string, _optional_):  the MIME type
+* **max_args** (number, _optional_):  set a limit on the maximum number of parsed
+ arguments
+
+**Returns**
+
+1.  `table|nil` a table representation of the body
+
+1.  `string|nil` an error message
+
+1.  `string|nil` mimetype the MIME type used
+
+
+**Usage**
+
+``` lua
+local body, err, mimetype = kong.request.get_body()
+body.name -- "John Doe"
+body.age  -- "42"
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/1.3.x/pdk/kong.response.md b/app/1.3.x/pdk/kong.response.md
new file mode 100644
index 000000000000..2d2d1cee67fd
--- /dev/null
+++ b/app/1.3.x/pdk/kong.response.md
@@ -0,0 +1,474 @@
+---
+title: kong.response
+pdk: true
+toc: true
+---
+
+## kong.response
+
+Client response module
+
+ The downstream response module contains a set of functions for producing and
+ manipulating responses sent back to the client ("downstream").  Responses can
+ be produced by Kong (e.g. an authentication plugin rejecting a request), or
+ proxied back from an Service's response body.
+
+ Unlike `kong.service.response`, this module allows mutating the response
+ before sending it back to the client.
+
+
+
+
+### kong.response.get_status()
+
+Returns the HTTP status code currently set for the downstream response (as
+ a Lua number).
+
+ If the request was proxied (as per `kong.response.get_source()`), the
+ return value will be that of the response from the Service (identical to
+ `kong.service.response.get_status()`).
+
+ If the request was _not_ proxied, and the response was produced by Kong
+ itself (i.e. via `kong.response.exit()`), the return value will be
+ returned as-is.
+
+
+**Phases**
+
+* header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `number` status The HTTP status code currently set for the
+ downstream response
+
+
+**Usage**
+
+``` lua
+kong.response.get_status() -- 200
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.get_header(name)
+
+Returns the value of the specified response header, as would be seen by
+ the client once received.
+
+ The list of headers returned by this function can consist of both response
+ headers from the proxied Service _and_ headers added by Kong (e.g. via
+ `kong.response.add_header()`).
+
+ The return value is either a `string`, or can be `nil` if a header with
+ `name` was not found in the response. If a header with the same name is
+ present multiple times in the request, this function will return the value
+ of the first occurrence of this header.
+
+
+**Phases**
+
+* header_filter, body_filter, log, admin_api
+
+**Parameters**
+
+* **name** (string):  The name of the header
+
+ Header names are case-insensitive and dashes (`-`) can be written as
+ underscores (`_`); that is, the header `X-Custom-Header` can also be
+ retrieved as `x_custom_header`.
+
+
+**Returns**
+
+* `string|nil` The value of the header
+
+
+**Usage**
+
+``` lua
+-- Given a response with the following headers:
+-- X-Custom-Header: bla
+-- X-Another: foo bar
+-- X-Another: baz
+
+kong.response.get_header("x-custom-header") -- "bla"
+kong.response.get_header("X-Another")       -- "foo bar"
+kong.response.get_header("X-None")          -- nil
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.get_headers([max_headers])
+
+Returns a Lua table holding the response headers.  Keys are header names.
+ Values are either a string with the header value, or an array of strings
+ if a header was sent multiple times. Header names in this table are
+ case-insensitive and are normalized to lowercase, and dashes (`-`) can be
+ written as underscores (`_`); that is, the header `X-Custom-Header` can
+ also be retrieved as `x_custom_header`.
+
+ A response initially has no headers until a plugin short-circuits the
+ proxying by producing one (e.g. an authentication plugin rejecting a
+ request), or the request has been proxied, and one of the latter execution
+ phases is currently running.
+
+ Unlike `kong.service.response.get_headers()`, this function returns *all*
+ headers as the client would see them upon reception, including headers
+ added by Kong itself.
+
+ By default, this function returns up to **100** headers. The optional
+ `max_headers` argument can be specified to customize this limit, but must
+ be greater than **1** and not greater than **1000**.
+
+
+**Phases**
+
+* header_filter, body_filter, log, admin_api
+
+**Parameters**
+
+* **max_headers** (number, _optional_):  Limits how many headers are parsed
+
+**Returns**
+
+1.  `table`  headers A table representation of the headers in the
+ response
+
+
+1.  `string` err If more headers than `max_headers` were present, a
+ string with the error `"truncated"`.
+
+
+**Usage**
+
+``` lua
+-- Given an response from the Service with the following headers:
+-- X-Custom-Header: bla
+-- X-Another: foo bar
+-- X-Another: baz
+
+local headers = kong.response.get_headers()
+
+headers.x_custom_header -- "bla"
+headers.x_another[1]    -- "foo bar"
+headers["X-Another"][2] -- "baz"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.get_source()
+
+This function helps determining where the current response originated
+ from.   Kong being a reverse proxy, it can short-circuit a request and
+ produce a response of its own, or the response can come from the proxied
+ Service.
+
+ Returns a string with three possible values:
+
+ * "exit" is returned when, at some point during the processing of the
+   request, there has been a call to `kong.response.exit()`. In other
+   words, when the request was short-circuited by a plugin or by Kong
+   itself (e.g.  invalid credentials)
+ * "error" is returned when an error has happened while processing the
+   request - for example, a timeout while connecting to the upstream
+   service.
+ * "service" is returned when the response was originated by successfully
+   contacting the proxied Service.
+
+
+**Phases**
+
+* header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` the source.
+
+
+**Usage**
+
+``` lua
+if kong.response.get_source() == "service" then
+  kong.log("The response comes from the Service")
+elseif kong.response.get_source() == "error" then
+  kong.log("There was an error while processing the request")
+elseif kong.response.get_source() == "exit" then
+  kong.log("There was an early exit while processing the request")
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.set_status(status)
+
+Allows changing the downstream response HTTP status code before sending it
+ to the client.
+
+ This function should be used in the `header_filter` phase, as Kong is
+ preparing headers to be sent back to the client.
+
+
+**Phases**
+
+* rewrite, access, header_filter, admin_api
+
+**Parameters**
+
+* **status** (number):  The new status
+
+**Returns**
+
+*  Nothing; throws an error on invalid input.
+
+
+**Usage**
+
+``` lua
+kong.response.set_status(404)
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.set_header(name, value)
+
+Sets a response header with the given value.  This function overrides any
+ existing header with the same name.
+
+ This function should be used in the `header_filter` phase, as Kong is
+ preparing headers to be sent back to the client.
+
+**Phases**
+
+* rewrite, access, header_filter, admin_api
+
+**Parameters**
+
+* **name** (string):  The name of the header
+* **value** (string|number|boolean):  The new value for the header
+
+**Returns**
+
+*  Nothing; throws an error on invalid input.
+
+
+**Usage**
+
+``` lua
+kong.response.set_header("X-Foo", "value")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.add_header(name, value)
+
+Adds a response header with the given value.  Unlike
+ `kong.response.set_header()`, this function does not remove any existing
+ header with the same name. Instead, another header with the same name will
+ be added to the response. If no header with this name already exists on
+ the response, then it is added with the given value, similarly to
+ `kong.response.set_header().`
+
+ This function should be used in the `header_filter` phase, as Kong is
+ preparing headers to be sent back to the client.
+
+**Phases**
+
+* rewrite, access, header_filter, admin_api
+
+**Parameters**
+
+* **name** (string):  The header name
+* **value** (string|number|boolean):  The header value
+
+**Returns**
+
+*  Nothing; throws an error on invalid input.
+
+
+**Usage**
+
+``` lua
+kong.response.add_header("Cache-Control", "no-cache")
+kong.response.add_header("Cache-Control", "no-store")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.clear_header(name)
+
+Removes all occurrences of the specified header in the response sent to
+ the client.
+
+ This function should be used in the `header_filter` phase, as Kong is
+ preparing headers to be sent back to the client.
+
+
+**Phases**
+
+* rewrite, access, header_filter, admin_api
+
+**Parameters**
+
+* **name** (string):  The name of the header to be cleared
+
+**Returns**
+
+*  Nothing; throws an error on invalid input.
+
+
+**Usage**
+
+``` lua
+kong.response.set_header("X-Foo", "foo")
+kong.response.add_header("X-Foo", "bar")
+
+kong.response.clear_header("X-Foo")
+-- from here onwards, no X-Foo headers will exist in the response
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.set_headers(headers)
+
+Sets the headers for the response.  Unlike `kong.response.set_header()`,
+ the `headers` argument must be a table in which each key is a string
+ (corresponding to a header's name), and each value is a string, or an
+ array of strings.
+
+ This function should be used in the `header_filter` phase, as Kong is
+ preparing headers to be sent back to the client.
+
+ The resulting headers are produced in lexicographical order. The order of
+ entries with the same name (when values are given as an array) is
+ retained.
+
+ This function overrides any existing header bearing the same name as those
+ specified in the `headers` argument. Other headers remain unchanged.
+
+
+**Phases**
+
+* rewrite, access, header_filter, admin_api
+
+**Parameters**
+
+* **headers** (table):
+
+**Returns**
+
+*  Nothing; throws an error on invalid input.
+
+
+**Usage**
+
+``` lua
+kong.response.set_headers({
+  ["Bla"] = "boo",
+  ["X-Foo"] = "foo3",
+  ["Cache-Control"] = { "no-store", "no-cache" }
+})
+
+-- Will add the following headers to the response, in this order:
+-- X-Bar: bar1
+-- Bla: boo
+-- Cache-Control: no-store
+-- Cache-Control: no-cache
+-- X-Foo: foo3
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.exit(status[, body[, headers]])
+
+This function interrupts the current processing and produces a response.
+ It is typical to see plugins using it to produce a response before Kong
+ has a chance to proxy the request (e.g. an authentication plugin rejecting
+ a request, or a caching plugin serving a cached response).
+
+ It is recommended to use this function in conjunction with the `return`
+ operator, to better reflect its meaning:
+
+ ```lua
+ return kong.response.exit(200, "Success")
+ ```
+
+ Calling `kong.response.exit()` will interrupt the execution flow of
+ plugins in the current phase. Subsequent phases will still be invoked.
+ E.g. if a plugin called `kong.response.exit()` in the `access` phase, no
+ other plugin will be executed in that phase, but the `header_filter`,
+ `body_filter`, and `log` phases will still be executed, along with their
+ plugins. Plugins should thus be programmed defensively against cases when
+ a request was **not** proxied to the Service, but instead was produced by
+ Kong itself.
+
+ The first argument `status` will set the status code of the response that
+ will be seen by the client.
+
+ The second, optional, `body` argument will set the response body. If it is
+ a string, no special processing will be done, and the body will be sent
+ as-is.  It is the caller's responsibility to set the appropriate
+ Content-Type header via the third argument.  As a convenience, `body` can
+ be specified as a table; in which case, it will be JSON-encoded and the
+ `application/json` Content-Type header will be set. On gRPC we cannot send
+ the `body` with this function at the moment at least, so what it does
+ instead is that it sends "body" in `grpc-message` header instead. If the
+ body is a table it looks for a field `message` in it, and uses that as a
+ `grpc-message` header. Though, if you have specified `Content-Type` header
+ starting with `application/grpc`, the body will be sent.
+
+ The third, optional, `headers` argument can be a table specifying response
+ headers to send. If specified, its behavior is similar to
+ `kong.response.set_headers()`.
+
+ Unless manually specified, this method will automatically set the
+ Content-Length header in the produced response for convenience.
+
+**Phases**
+
+* rewrite, access, admin_api, header_filter (only if `body` is nil)
+
+**Parameters**
+
+* **status** (number):  The status to be used
+* **body** (table|string, _optional_):  The body to be used
+* **headers** (table, _optional_):  The headers to be used
+
+**Returns**
+
+*  Nothing; throws an error on invalid input.
+
+
+**Usage**
+
+``` lua
+return kong.response.exit(403, "Access Forbidden", {
+  ["Content-Type"] = "text/plain",
+  ["WWW-Authenticate"] = "Basic"
+})
+
+---
+
+return kong.response.exit(403, [[{"message":"Access Forbidden"}]], {
+  ["Content-Type"] = "application/json",
+  ["WWW-Authenticate"] = "Basic"
+})
+
+---
+
+return kong.response.exit(403, { message = "Access Forbidden" }, {
+  ["WWW-Authenticate"] = "Basic"
+})
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/1.3.x/pdk/kong.router.md b/app/1.3.x/pdk/kong.router.md
new file mode 100644
index 000000000000..c30ceb5fca48
--- /dev/null
+++ b/app/1.3.x/pdk/kong.router.md
@@ -0,0 +1,68 @@
+---
+title: kong.router
+pdk: true
+toc: true
+---
+
+## kong.router
+
+Router module
+ A set of functions to access the routing properties of the request.
+
+
+
+### kong.router.get_route()
+
+Returns the current `route` entity.  The request was matched against this
+ route.
+
+
+**Phases**
+
+* access, header_filter, body_filter, log
+
+**Returns**
+
+* `table` the `route` entity.
+
+
+**Usage**
+
+``` lua
+if kong.router.get_route() then
+  -- routed by route & service entities
+else
+  -- routed by a legacy API entity
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.router.get_service()
+
+Returns the current `service` entity.  The request will be targetted to this
+ upstream service.
+
+
+**Phases**
+
+* access, header_filter, body_filter, log
+
+**Returns**
+
+* `table` the `service` entity.
+
+
+**Usage**
+
+``` lua
+if kong.router.get_service() then
+  -- routed by route & service entities
+else
+  -- routed by a legacy API entity
+end
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/1.3.x/pdk/kong.service.md b/app/1.3.x/pdk/kong.service.md
new file mode 100644
index 000000000000..eb1111304adf
--- /dev/null
+++ b/app/1.3.x/pdk/kong.service.md
@@ -0,0 +1,131 @@
+---
+title: kong.service
+pdk: true
+toc: true
+---
+
+## kong.service
+
+The service module contains a set of functions to manipulate the connection
+ aspect of the request to the Service, such as connecting to a given host, IP
+ address/port, or choosing a given Upstream entity for load-balancing and
+ healthchecking.
+
+
+
+### kong.service.set_upstream(host)
+
+Sets the desired Upstream entity to handle the load-balancing step for
+ this request.  Using this method is equivalent to creating a Service with a
+ `host` property equal to that of an Upstream entity (in which case, the
+ request would be proxied to one of the Targets associated with that
+ Upstream).
+
+ The `host` argument should receive a string equal to that of one of the
+ Upstream entities currently configured.
+
+
+**Phases**
+
+* access
+
+**Parameters**
+
+* **host** (string):
+
+**Returns**
+
+1.  `boolean|nil` `true` on success, or `nil` if no upstream entities
+ where found
+
+1.  `string|nil`  An error message describing the error if there was
+ one.
+
+
+
+**Usage**
+
+``` lua
+local ok, err = kong.service.set_upstream("service.prod")
+if not ok then
+  kong.log.err(err)
+  return
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.set_target(host, port)
+
+Sets the host and port on which to connect to for proxying the request.  ]]
+ Using this method is equivalent to ask Kong to not run the load-balancing
+ phase for this request, and consider it manually overridden.
+ Load-balancing components such as retries and health-checks will also be
+ ignored for this request.
+
+ The `host` argument expects a string containing the IP address of the
+ upstream server (IPv4/IPv6), and the `port` argument must contain a number
+ representing the port on which to connect to.
+
+
+**Phases**
+
+* access
+
+**Parameters**
+
+* **host** (string):
+* **port** (number):
+
+**Usage**
+
+``` lua
+kong.service.set_target("service.local", 443)
+kong.service.set_target("192.168.130.1", 80)
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.set_tls_cert_key(chain, key)
+
+Sets the client certificate used while handshaking with the Service.
+
+ The `chain` argument is the client certificate and intermediate chain (if any)
+ returned by functions such as [ngx.ssl.parse\_pem\_cert](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/ssl.md#parse_pem_cert).
+
+ The `key` argument is the private key corresponding to the client certificate
+ returned by functions such as [ngx.ssl.parse\_pem\_priv\_key](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/ssl.md#parse_pem_priv_key).
+
+
+**Phases**
+
+* `rewrite`, `access`, `balancer`
+
+**Parameters**
+
+* **chain** (cdata):  The client certificate chain
+* **key** (cdata):  The client certificate private key
+
+**Returns**
+
+1.  `boolean|nil` `true` if the operation succeeded, `nil` if an error occurred
+
+1.  `string|nil` An error message describing the error if there was one.
+
+
+**Usage**
+
+``` lua
+local chain = assert(ssl.parse_pem_cert(cert_data))
+local key = assert(ssl.parse_pem_priv_key(key_data))
+
+local ok, err = tls.set_cert_key(chain, key)
+if not ok then
+  -- do something with error
+end
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/1.3.x/pdk/kong.service.request.md b/app/1.3.x/pdk/kong.service.request.md
new file mode 100644
index 000000000000..c47d45e974b6
--- /dev/null
+++ b/app/1.3.x/pdk/kong.service.request.md
@@ -0,0 +1,437 @@
+---
+title: kong.service.request
+pdk: true
+toc: true
+---
+
+## kong.service.request
+
+Manipulation of the request to the Service
+
+
+
+### kong.service.request.set_scheme(scheme)
+
+Sets the protocol to use when proxying the request to the Service.
+
+**Phases**
+
+* `access`
+
+**Parameters**
+
+* **scheme** (string):  The scheme to be used. Supported values are `"http"` or `"https"`
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_scheme("https")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_path(path)
+
+Sets the path component for the request to the service.  It is not
+ normalized in any way and should **not** include the querystring.
+
+**Phases**
+
+* `access`
+
+**Parameters**
+
+* **path** :  The path string. Example: "/v2/movies"
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_path("/v2/movies")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_raw_query(query)
+
+Sets the querystring of the request to the Service.  The `query` argument is a
+ string (without the leading `?` character), and will not be processed in any
+ way.
+
+ For a higher-level function to set the query string from a Lua table of
+ arguments, see `kong.service.request.set_query()`.
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **query** (string):  The raw querystring. Example: "foo=bar&bla&baz=hello%20world"
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_raw_query("zzz&bar=baz&bar=bla&bar&blo=&foo=hello%20world")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_method(method)
+
+Sets the HTTP method for the request to the service.
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **method** :  The method string, which should be given in all
+ uppercase. Supported values are: `"GET"`, `"HEAD"`, `"PUT"`, `"POST"`,
+ `"DELETE"`, `"OPTIONS"`, `"MKCOL"`, `"COPY"`, `"MOVE"`, `"PROPFIND"`,
+ `"PROPPATCH"`, `"LOCK"`, `"UNLOCK"`, `"PATCH"`, `"TRACE"`.
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_method("DELETE")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_query(args)
+
+Set the querystring of the request to the Service.
+
+ Unlike `kong.service.request.set_raw_query()`, the `query` argument must be a
+ table in which each key is a string (corresponding to an arguments name), and
+ each value is either a boolean, a string or an array of strings or booleans.
+ Additionally, all string values will be URL-encoded.
+
+ The resulting querystring will contain keys in their lexicographical order. The
+ order of entries within the same key (when values are given as an array) is
+ retained.
+
+ If further control of the querystring generation is needed, a raw querystring
+ can be given as a string with `kong.service.request.set_raw_query()`.
+
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **args** (table):  A table where each key is a string (corresponding to an
+   argument name), and each value is either a boolean, a string or an array of
+   strings or booleans. Any string values given are URL-encoded.
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_query({
+  foo = "hello world",
+  bar = {"baz", "bla", true},
+  zzz = true,
+  blo = ""
+})
+-- Will produce the following query string:
+-- bar=baz&bar=bla&bar&blo=&foo=hello%20world&zzz
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_header(header, value)
+
+Sets a header in the request to the Service with the given value.  Any existing header
+ with the same name will be overridden.
+
+ If the `header` argument is `"host"` (case-insensitive), then this is
+ will also set the SNI of the request to the Service.
+
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **header** (string):  The header name. Example: "X-Foo"
+* **value** (string|boolean|number):  The header value. Example: "hello world"
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_header("X-Foo", "value")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.add_header(header, value)
+
+Adds a request header with the given value to the request to the Service.  Unlike
+ `kong.service.request.set_header()`, this function will not remove any existing
+ headers with the same name. Instead, several occurences of the header will be
+ present in the request. The order in which headers are added is retained.
+
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **header** (string):  The header name. Example: "Cache-Control"
+* **value** (string|number|boolean):  The header value. Example: "no-cache"
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.add_header("Cache-Control", "no-cache")
+kong.service.request.add_header("Cache-Control", "no-store")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.clear_header(header)
+
+Removes all occurrences of the specified header in the request to the Service.
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **header** (string):  The header name. Example: "X-Foo"
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+   The function does not throw an error if no header was removed.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_header("X-Foo", "foo")
+kong.service.request.add_header("X-Foo", "bar")
+kong.service.request.clear_header("X-Foo")
+-- from here onwards, no X-Foo headers will exist in the request
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_headers(headers)
+
+Sets the headers of the request to the Service.  Unlike
+ `kong.service.request.set_header()`, the `headers` argument must be a table in
+ which each key is a string (corresponding to a header's name), and each value
+ is a string, or an array of strings.
+
+ The resulting headers are produced in lexicographical order. The order of
+ entries with the same name (when values are given as an array) is retained.
+
+ This function overrides any existing header bearing the same name as those
+ specified in the `headers` argument. Other headers remain unchanged.
+
+ If the `"Host"` header is set (case-insensitive), then this is
+ will also set the SNI of the request to the Service.
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **headers** (table):  A table where each key is a string containing a header name
+   and each value is either a string or an array of strings.
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_header("X-Foo", "foo1")
+kong.service.request.add_header("X-Foo", "foo2")
+kong.service.request.set_header("X-Bar", "bar1")
+kong.service.request.set_headers({
+  ["X-Foo"] = "foo3",
+  ["Cache-Control"] = { "no-store", "no-cache" },
+  ["Bla"] = "boo"
+})
+
+-- Will add the following headers to the request, in this order:
+-- X-Bar: bar1
+-- Bla: boo
+-- Cache-Control: no-store
+-- Cache-Control: no-cache
+-- X-Foo: foo3
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_raw_body(body)
+
+Sets the body of the request to the Service.
+
+ The `body` argument must be a string and will not be processed in any way.
+ This function also sets the `Content-Length` header appropriately. To set an
+ empty body, one can give an empty string `""` to this function.
+
+ For a higher-level function to set the body based on the request content type,
+ see `kong.service.request.set_body()`.
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **body** (string):  The raw body
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_raw_body("Hello, world!")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_body(args[, mimetype])
+
+Sets the body of the request to the Service.  Unlike
+ `kong.service.request.set_raw_body()`, the `args` argument must be a table, and
+ will be encoded with a MIME type.  The encoding MIME type can be specified in
+ the optional `mimetype` argument, or if left unspecified, will be chosen based
+ on the `Content-Type` header of the client's request.
+
+ If the MIME type is `application/x-www-form-urlencoded`:
+
+ * Encodes the arguments as form-encoded: keys are produced in lexicographical
+   order. The order of entries within the same key (when values are
+   given as an array) is retained. Any string values given are URL-encoded.
+
+ If the MIME type is `multipart/form-data`:
+
+ * Encodes the arguments as multipart form data.
+
+ If the MIME type is `application/json`:
+
+ * Encodes the arguments as JSON (same as
+   `kong.service.request.set_raw_body(json.encode(args))`)
+ * Lua types are converted to matching JSON types.mej
+
+ If none of the above, returns `nil` and an error message indicating the
+ body could not be encoded.
+
+ The optional argument `mimetype` can be one of:
+
+ * `application/x-www-form-urlencoded`
+ * `application/json`
+ * `multipart/form-data`
+
+ If the `mimetype` argument is specified, the `Content-Type` header will be
+ set accordingly in the request to the Service.
+
+ If further control of the body generation is needed, a raw body can be given as
+ a string with `kong.service.request.set_raw_body()`.
+
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **args** (table):  A table with data to be converted to the appropriate format
+ and stored in the body.
+* **mimetype** (string, _optional_):  can be one of:
+
+**Returns**
+
+1.  `boolean|nil` `true` on success, `nil` otherwise
+
+1.  `string|nil` `nil` on success, an error message in case of error.
+ Throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.set_header("application/json")
+local ok, err = kong.service.request.set_body({
+  name = "John Doe",
+  age = 42,
+  numbers = {1, 2, 3}
+})
+
+-- Produces the following JSON body:
+-- { "name": "John Doe", "age": 42, "numbers":[1, 2, 3] }
+
+local ok, err = kong.service.request.set_body({
+  foo = "hello world",
+  bar = {"baz", "bla", true},
+  zzz = true,
+  blo = ""
+}, "application/x-www-form-urlencoded")
+
+-- Produces the following body:
+-- bar=baz&bar=bla&bar&blo=&foo=hello%20world&zzz
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/1.3.x/pdk/kong.service.response.md b/app/1.3.x/pdk/kong.service.response.md
new file mode 100644
index 000000000000..feede11b266e
--- /dev/null
+++ b/app/1.3.x/pdk/kong.service.response.md
@@ -0,0 +1,132 @@
+---
+title: kong.service.response
+pdk: true
+toc: true
+---
+
+## kong.service.response
+
+Manipulation of the response from the Service
+
+
+
+### kong.service.response.get_status()
+
+Returns the HTTP status code of the response from the Service as a Lua number.
+
+**Phases**
+
+* `header_filter`, `body_filter`, `log`
+
+**Returns**
+
+* `number|nil`  the status code from the response from the Service, or `nil`
+ if the request was not proxied (i.e. `kong.response.get_source()` returned
+ anything other than `"service"`.
+
+
+**Usage**
+
+``` lua
+kong.log.inspect(kong.service.response.get_status()) -- 418
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.response.get_headers([max_headers])
+
+Returns a Lua table holding the headers from the response from the Service.  Keys are
+ header names. Values are either a string with the header value, or an array of
+ strings if a header was sent multiple times. Header names in this table are
+ case-insensitive and dashes (`-`) can be written as underscores (`_`); that is,
+ the header `X-Custom-Header` can also be retrieved as `x_custom_header`.
+
+ Unlike `kong.response.get_headers()`, this function will only return headers that
+ were present in the response from the Service (ignoring headers added by Kong itself).
+ If the request was not proxied to a Service (e.g. an authentication plugin rejected
+ a request and produced an HTTP 401 response), then the returned `headers` value
+ might be `nil`, since no response from the Service has been received.
+
+ By default, this function returns up to **100** headers. The optional
+ `max_headers` argument can be specified to customize this limit, but must be
+ greater than **1** and not greater than **1000**.
+
+**Phases**
+
+* `header_filter`, `body_filter`, `log`
+
+**Parameters**
+
+* **max_headers** (number, _optional_):  customize the headers to parse
+
+**Returns**
+
+1.  `table` the response headers in table form
+
+1.  `string` err If more headers than `max_headers` were present, a
+ string with the error `"truncated"`.
+
+
+**Usage**
+
+``` lua
+-- Given a response with the following headers:
+-- X-Custom-Header: bla
+-- X-Another: foo bar
+-- X-Another: baz
+local headers = kong.service.response.get_headers()
+if headers then
+  kong.log.inspect(headers.x_custom_header) -- "bla"
+  kong.log.inspect(headers.x_another[1])    -- "foo bar"
+  kong.log.inspect(headers["X-Another"][2]) -- "baz"
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.response.get_header(name)
+
+Returns the value of the specified response header.
+
+ Unlike `kong.response.get_header()`, this function will only return a header
+ if it was present in the response from the Service (ignoring headers added by Kong
+ itself).
+
+
+**Phases**
+
+* `header_filter`, `body_filter`, `log`
+
+**Parameters**
+
+* **name** (string):  The name of the header.
+
+ Header names in are case-insensitive and are normalized to lowercase, and
+ dashes (`-`) can be written as underscores (`_`); that is, the header
+ `X-Custom-Header` can also be retrieved as `x_custom_header`.
+
+
+**Returns**
+
+* `string|nil`  The value of the header, or `nil` if a header with
+ `name` was not found in the response. If a header with the same name is present
+ multiple times in the response, this function will return the value of the
+ first occurrence of this header.
+
+
+**Usage**
+
+``` lua
+-- Given a response with the following headers:
+-- X-Custom-Header: bla
+-- X-Another: foo bar
+-- X-Another: baz
+
+kong.log.inspect(kong.service.response.get_header("x-custom-header")) -- "bla"
+kong.log.inspect(kong.service.response.get_header("X-Another"))       -- "foo bar"
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/1.3.x/pdk/kong.table.md b/app/1.3.x/pdk/kong.table.md
new file mode 100644
index 000000000000..7e62db9eed94
--- /dev/null
+++ b/app/1.3.x/pdk/kong.table.md
@@ -0,0 +1,67 @@
+---
+title: kong.table
+pdk: true
+toc: true
+---
+
+## kong.table
+
+Utilities for Lua tables
+
+
+
+### kong.table.new([narr[, nrec]])
+
+Returns a table with pre-allocated number of slots in its array and hash
+ parts.
+
+**Parameters**
+
+* **narr** (number, _optional_):  specifies the number of slots to pre-allocate
+ in the array part.
+* **nrec** (number, _optional_):  specifies the number of slots to pre-allocate in
+ the hash part.
+
+**Returns**
+
+* `table` the newly created table
+
+
+**Usage**
+
+``` lua
+local tab = kong.table.new(4, 4)
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.table.clear(tab)
+
+Clears a table from all of its array and hash parts entries.
+
+**Parameters**
+
+* **tab** (table):  the table which will be cleared
+
+**Returns**
+
+*  Nothing
+
+
+**Usage**
+
+``` lua
+local tab = {
+  "hello",
+  foo = "bar"
+}
+
+kong.table.clear(tab)
+
+kong.log(tab[1]) -- nil
+kong.log(tab.foo) -- nil
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/1.3.x/plugin-development/access-the-datastore.md b/app/1.3.x/plugin-development/access-the-datastore.md
new file mode 100644
index 000000000000..63fab7c8aa5c
--- /dev/null
+++ b/app/1.3.x/plugin-development/access-the-datastore.md
@@ -0,0 +1,75 @@
+---
+title: Plugin Development - Accessing the Datastore
+book: plugin_dev
+chapter: 5
+---
+
+## Introduction
+
+Kong interacts with the model layer through classes we refer to as "DAOs". This
+chapter will detail the available API to interact with the datastore.
+
+Kong supports two primary datastores: [Cassandra
+{{site.data.kong_latest.dependencies.cassandra}}](http://cassandra.apache.org/)
+and [PostgreSQL
+{{site.data.kong_latest.dependencies.postgres}}](http://www.postgresql.org/).
+
+## kong.db
+
+All entities in Kong are represented by:
+
+- A schema that describes which table the entity relates to in the datastore,
+  constraints on its fields such as foreign keys, non-null constraints etc.
+  This schema is a table described in the [plugin configuration]({{page.book.chapters.plugin-configuration}})
+  chapter.
+- An instance of the `DAO` class mapping to the database currently in use
+  (Cassandra or Postgres). This class' methods consume the schema and expose
+  methods to insert, update, select and delete entities of that type.
+
+The core entities in Kong are: Services, Routes, Consumers and Plugins.
+All of them are accessible as Data Access Objects (DAOs),
+through the `kong.db` global singleton:
+
+
+```lua
+-- Core DAOs
+local services  = kong.db.services
+local routes    = kong.db.routes
+local consumers = kong.db.consumers
+local plugins   = kong.db.plugins
+```
+
+Both core entities from Kong and custom entities from plugins are
+available through `kong.db.*`.
+
+---
+
+## The DAO Lua API
+
+The DAO class is responsible for the operations executed on a given table in
+the datastore, generally mapping to an entity in Kong. All the underlying
+supported databases (currently Cassandra and Postgres) comply to the same
+interface, thus making the DAO compatible with all of them.
+
+For example, inserting a Service and a Plugin is as easy as:
+
+```lua
+local inserted_service, err = kong.db.services:insert({
+  name = "mockbin",
+  url  = "http://mockbin.org",
+})
+
+local inserted_plugin, err = kong.db.plugins:insert({
+  name    = "key-auth",
+  service = inserted_service,
+})
+```
+
+For a real-life example of the DAO being used in a plugin, see the
+[Key-Auth plugin source code](https://github.com/Kong/kong/blob/master/kong/plugins/key-auth/handler.lua).
+
+---
+
+Next: [Storing Custom Entities &rsaquo;]({{page.book.next}})
+
+[Plugin Development Kit]: /{{page.kong_version}}/pdk
diff --git a/app/1.3.x/plugin-development/admin-api.md b/app/1.3.x/plugin-development/admin-api.md
new file mode 100644
index 000000000000..58184b86690f
--- /dev/null
+++ b/app/1.3.x/plugin-development/admin-api.md
@@ -0,0 +1,174 @@
+---
+title: Plugin Development - Extending the Admin API
+book: plugin_dev
+chapter: 8
+---
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> This chapter assumes that you have a relative
+  knowledge of <a href="http://leafo.net/lapis/">Lapis</a>.
+</div>
+
+## Introduction
+
+Kong can be configured using a REST interface referred to as the [Admin API].
+Plugins can extend it by adding their own endpoints to accommodate custom
+entities or other personalized management needs. A typical example of this is
+the creation, retrieval, and deletion (commonly referred to as "CRUD
+operations") of API keys.
+
+The Admin API is a [Lapis](http://leafo.net/lapis/) application, and Kong's
+level of abstraction makes it easy for you to add endpoints.
+
+## Module
+
+```
+kong.plugins.<plugin_name>.api
+```
+
+## Adding endpoints to the Admin API
+
+Kong will detect and load your endpoints if they are defined in a module named:
+
+```
+"kong.plugins.<plugin_name>.api"
+```
+
+This module is bound to return a table with one or more entries with the following structure:
+
+``` lua
+{
+  ["<path>"] = {
+     schema = <schema>,
+     methods = {
+       before = function(self) ... end,
+       on_error = function(self) ... end,
+       GET = function(self) ... end,
+       PUT = function(self) ... end,
+       ...
+     }
+  },
+  ...
+}
+```
+
+Where:
+
+- `<path>` should be a string representing a route like `/users` (See [Lapis routes & URL
+  Patterns](http://leafo.net/lapis/reference/actions.html#routes--url-patterns)) for details.
+  Notice that the path can contain interpolation parameters, like `/users/:users/new`.
+- `<schema>` is a schema definition. Schemas for core and custom plugin entities are available
+  via `kong.db.<entity>.schema`. The schema is used to parse certain fields according to their
+  types; for example if a field is marked as an integer, it will be parsed as such when it is
+  passed to a function (by default form fields are all strings).
+- The `methods` subtable contains functions, indexed by a string.
+  - The `before` key is optional and can hold a function. If present, the function will be executed
+    on every request that hits `path`, before any other function is invoked.
+  - One or more functions can be indexed with HTTP method names, like `GET` or `PUT`. These functions
+    will be executed when the appropriate HTTP method and `path` is matched. If a `before` function is
+    present on the `path`, it will be executed first. Keep in mind that `before` functions can
+    use `kong.response.exit` to finish early, effectively cancelling the "regular" http method function.
+  - The `on_error` key is optional and can hold a function. If present, the function will be executed
+    when the code from other functions (either from a `before` or a "http method") throws an error. If
+    not present, then Kong will use a default error handler to return the errors.
+
+For example:
+
+``` lua
+local endpoints = require "kong.api.endpoints"
+
+local credentials_schema = kong.db.keyauth_credentials.schema
+local consumers_schema = kong.db.consumers.schema
+
+return {
+  ["/consumers/:consumers/key-auth"] = {
+    schema = credentials_schema,
+    methods = {
+      GET = endpoints.get_collection_endpoint(
+              credentials_schema, consumers_schema, "consumer"),
+
+      POST = endpoints.post_collection_endpoint(
+              credentials_schema, consumers_schema, "consumer"),
+    },
+  },
+}
+```
+
+This code will create two Admin API endpoints in `/consumers/:consumers/key-auth`, to
+obtain (`GET`) and create (`POST`) credentials associated to a given consumer. On this example
+the functions are provided by the `kong.api.endpoints` library. If you want to see a more
+complete example, with custom code in functions, see
+[the `api.lua` file from the key-auth plugin](https://github.com/Kong/kong/blob/master/kong/plugins/key-auth/api.lua).
+
+The `endpoints` module currently contains the default implementation for the most usual CRUD
+operations used in Kong. This module provides you with helpers for any insert, retrieve,
+update or delete operations and performs the necessary DAO operations and replies with
+the appropriate HTTP status codes. It also provides you with functions to retrieve parameters from
+the path, such as an Service's name or id, or a Consumer's username or id.
+
+If `endpoints`-provided are functions not enough, a regular Lua function can be used instead. From there you can use:
+
+- Several functions provided by the `endpoints` module.
+- All the functionality provided by the [PDK](../../pdk)
+- The `self` parameter, which is the [Lapis request object](http://leafo.net/lapis/reference/actions.html#request-object).
+- And of course you can `require` any Lua modules if needed. Make sure they are compatible with OpenResty if you choose this route.
+
+``` lua
+local endpoints = require "kong.api.endpoints"
+
+local credentials_schema = kong.db.keyauth_credentials.schema
+local consumers_schema = kong.db.consumers.schema
+
+return {
+  ["/consumers/:consumers/key-auth/:keyauth_credentials"] = {
+    schema = credentials_schema,
+    methods = {
+      before = function(self, db, helpers)
+        local consumer, _, err_t = endpoints.select_entity(self, db, consumers_schema)
+        if err_t then
+          return endpoints.handle_error(err_t)
+        end
+        if not consumer then
+          return kong.response.exit(404, { message = "Not found" })
+        end
+
+        self.consumer = consumer
+
+        if self.req.method ~= "PUT" then
+          local cred, _, err_t = endpoints.select_entity(self, db, credentials_schema)
+          if err_t then
+            return endpoints.handle_error(err_t)
+          end
+
+          if not cred or cred.consumer.id ~= consumer.id then
+            return kong.response.exit(404, { message = "Not found" })
+          end
+          self.keyauth_credential = cred
+          self.params.keyauth_credentials = cred.id
+        end
+      end,
+      GET  = endpoints.get_entity_endpoint(credentials_schema),
+      PUT  = function(self, db, helpers)
+        self.args.post.consumer = { id = self.consumer.id }
+        return endpoints.put_entity_endpoint(credentials_schema)(self, db, helpers)
+      end,
+    },
+  },
+}
+```
+
+On the previous example, the `/consumers/:consumers/key-auth/:keyauth_credentials` path gets
+three functions:
+- The `before` function is a custom Lua function which uses several `endpoints`-provided utilities
+  (`endpoints.handle_error`) as well as PDK functions (`kong.response.exit`). It also populates
+  `self.consumer` for the subsequent functions to use.
+- The `GET` function is built entirely using `endpoints`. This is possible because the `before` has
+  "prepared" things in advance, like `self.consumer`.
+- The `PUT` function populates `self.args.post.consumer` before calling the `endpoints`-provided
+  `put_entity_endpoint` function.
+
+---
+
+Next: [Write tests for your plugin]({{page.book.next}})
+
+[Admin API]: /{{page.kong_version}}/admin-api/
diff --git a/app/1.3.x/plugin-development/custom-entities.md b/app/1.3.x/plugin-development/custom-entities.md
new file mode 100644
index 000000000000..89b69291a42b
--- /dev/null
+++ b/app/1.3.x/plugin-development/custom-entities.md
@@ -0,0 +1,680 @@
+---
+title: Plugin Development - Storing Custom Entities
+book: plugin_dev
+chapter: 6
+---
+
+## Introduction
+
+While not all plugins need it, your plugin might need to store more than
+its configuration in the database. In that case, Kong provides you with
+an abstraction on top of its primary datastores which allows you to store
+custom entities.
+
+As explained in the [previous chapter]({{page.book.previous}}), Kong interacts
+with the model layer through classes we refer to as "DAOs", and available on a
+singleton often referred to as the "DAO Factory". This chapter will explain how
+to to provide an abstraction for your own entities.
+
+## Modules
+
+```
+kong.plugins.<plugin_name>.daos
+kong.plugins.<plugin_name>.migrations.init
+kong.plugins.<plugin_name>.migrations.000_base_<plugin_name>
+kong.plugins.<plugin_name>.migrations.001_<from-version>_to_<to_version>
+kong.plugins.<plugin_name>.migrations.002_<from-version>_to_<to_version>
+```
+
+## Create the migrations folder
+
+Once you have defined your model, you must create your migration modules which
+will be executed by Kong to create the table in which your records of your
+entity will be stored.
+
+If your plugin is intended to support both Cassandra and Postgres, then both
+migrations must be written.
+
+If your plugin doesn't have it already, you should add a `<plugin_name>/migrations`
+folder to it. If there is no `init.lua` file inside already, you should create one.
+This is where all the migrations for your plugin will be referenced.
+
+The initial version of your `migrations/init.lua` file will point to a single migration.
+
+In this case we have called it `000_base_my_plugin`.
+
+``` lua
+-- `migrations/init.lua`
+return {
+  "000_base_my_plugin",
+}
+```
+
+This means that there will be a file in `<plugin_name>/migrations/000_base_my_plugin.lua`
+containing the initial migrations. We'll see how this is done in a minute.
+
+## Adding a new migration to an existing plugin
+
+Sometimes it is necessary to introduce changes after a version of a plugin has already been
+released. A new functionality might be needed. A database table row might need changing.
+
+When this happens, *you must* create a new migrations file. You *must not* of modify the
+existing migration files once they are published (you can still make them more robust and
+bulletproof if you want, e.g. always try to write the migrations reentrant).
+
+While there is no strict rule for naming your migration files, there is a convention that the
+initial one is prefixed by `000`, the next one by `001`, and so on.
+
+Following with our previous example, if we wanted to release a new version of the plugin with
+changes in the database (for example, a table was needed called `foo`) we would insert it by
+adding a file called `<plugin_name>/migrations/001_100_to_110.lua`, and referencing it on the
+migrations init file like so (where `100` is the previous version of the plugin `1.0.0` and
+`110` is the version to which plugin is migrated to `1.1.0`:
+
+
+``` lua
+-- `<plugin_name>/migrations/init.lua`
+return {
+  "000_base_my_plugin",
+  "001_100_to_110",
+}
+```
+
+## Migration File syntax
+
+While Kong's core migrations support both Postgres and Cassandra, custom plugins
+can choose to support either both of them or just one.
+
+A migration file is a Lua file which returns a table with the following structure:
+
+``` lua
+-- `<plugin_name>/migrations/000_base_my_plugin.lua`
+return {
+  postgresql = {
+    up = [[
+      CREATE TABLE IF NOT EXISTS "my_plugin_table" (
+        "id"           UUID                         PRIMARY KEY,
+        "created_at"   TIMESTAMP WITHOUT TIME ZONE,
+        "col1"         TEXT
+      );
+    
+      DO $$
+      BEGIN
+        CREATE INDEX IF NOT EXISTS "my_plugin_table_col1"
+                                ON "my_plugin_table" ("col1");
+      EXCEPTION WHEN UNDEFINED_COLUMN THEN
+        -- Do nothing, accept existing state
+      END$$;
+    ]],
+  },
+
+  cassandra = {
+    up = [[
+      CREATE TABLE IF NOT EXISTS my_plugin_table (
+        id          uuid PRIMARY KEY,
+        created_at  timestamp,
+        col1        text
+      );
+      
+      CREATE INDEX IF NOT EXISTS ON my_plugin_table (col1);
+    ]],
+  }
+}
+
+-- `<plugin_name>/migrations/001_100_to_110.lua`
+return {
+  postgresql = {
+    up = [[
+      DO $$
+      BEGIN
+        ALTER TABLE IF EXISTS ONLY "my_plugin_table" ADD "cache_key" TEXT UNIQUE;
+      EXCEPTION WHEN DUPLICATE_COLUMN THEN
+        -- Do nothing, accept existing state
+      END;
+    $$;
+    ]],
+    teardown = function(connector, helpers)
+      assert(connector:connect_migrations())
+      assert(connector:query([[
+        DO $$
+        BEGIN
+          ALTER TABLE IF EXISTS ONLY "my_plugin_table" DROP "col1";
+        EXCEPTION WHEN UNDEFINED_COLUMN THEN
+          -- Do nothing, accept existing state
+        END$$;
+      ]])
+    end,
+  },
+
+  cassandra = {
+    up = [[
+      ALTER TABLE my_plugin_table ADD cache_key text;
+      CREATE INDEX IF NOT EXISTS ON my_plugin_table (cache_key);
+    ]],
+    teardown = function(connector, helpers)
+      assert(connector:connect_migrations())
+      assert(connector:query("ALTER TABLE my_plugin_table DROP col1"))
+    end,
+  }
+}
+```
+
+If a plugin only supports Postgres or Cassandra, only the section for one strategy is
+needed. Each strategy section has two parts, `up` and `teardown`.
+
+* `up` is an optional string of raw SQL/CQL statements. Those statements will be executed
+  when `kong migrations up` is executed.
+* `teardown` is an optional Lua function, which takes a `connector` parameter. Such connector
+  can invoke the `query` method to execute SQL/CQL queries. Teardown is triggered by
+  `kong migrations finish`
+
+It is recommended that all the non-destructive operations, such as creation of new tables and
+addition of new records is done on the `up` sections, while destructive operations (such as
+removal of data, changing row types, insertion of new data) is done on the `teardown` sections.
+
+In both cases, it is recommended that all the SQL/CQL statements are written so that they are
+as reentrant as possible. `DROP TABLE IF EXISTS` instead of `DROP TABLE`,
+`CREATE INDEX IF NOT EXIST` instead of `CREATE INDEX`, etc. If a migration fails for some
+reason, it is expected that the first attempt at fixing the problem will be simply
+re-running the migrations.
+
+While Postgres does, Cassandra does not support constraints such as "NOT
+NULL", "UNIQUE" or "FOREIGN KEY", but Kong provides you with such features when
+you define your model's schema. Bear in mind that this schema will be the same
+for both Postgres and Cassandra, hence, you might trade-off a pure SQL schema
+for one that works with Cassandra too.
+
+**IMPORTANT**: if your `schema` uses a `unique` constraint, then Kong will
+enforce it for Cassandra, but for Postgres you must set this constraint in
+the migrations.
+
+To see a real-life example, give a look at the [Key-Auth plugin migrations](https://github.com/Kong/kong/tree/{{page.kong_version}}/kong/plugins/key-auth/migrations).
+
+---
+
+## Defining a Schema
+
+The first step to using custom entities in a custom plugin is defining one
+or more *schemas*.
+
+A schema is a Lua table which describes entities. There's structural information
+like how are the different fields of the entity named and what are their types,
+which is similar to the fields describing your [plugin
+configuration]({{page.book.chapters.plugin-configuration}})).
+Compared to plugin configuration schemas, custom entity schemas require
+additional metadata (e.g. which field, or fields, constitute the entities'
+primary key).
+
+Schemas are to be defined in a module named:
+
+```
+kong.plugins.<plugin_name>.daos
+```
+
+Meaning that there should be a file called `<plugin_name>/daos.lua` inside your
+plugin folder. The `daos.lua` file should return a table containing one or more
+schemas. For example:
+
+```lua
+-- daos.lua
+local typedefs = require "kong.db.schema.typedefs"
+
+
+return {
+  -- this plugin only results in one custom DAO, named `keyauth_credentials`:
+  keyauth_credentials = {
+    name                  = "keyauth_credentials", -- the actual table in the database
+    endpoint_key          = "key",
+    primary_key           = { "id" },
+    cache_key             = { "key" },
+    generate_admin_api    = true,
+    admin_api_name        = "key-auths",
+    admin_api_nested_name = "key-auth",    
+    fields = {
+      {
+        -- a value to be inserted by the DAO itself
+        -- (think of serial id and the uniqueness of such required here)
+        id = typedefs.uuid,
+      },
+      {
+        -- also interted by the DAO itself
+        created_at = typedefs.auto_timestamp_s,
+      },
+      {
+        -- a foreign key to a consumer's id
+        consumer = {
+          type      = "foreign",
+          reference = "consumers",
+          default   = ngx.null,
+          on_delete = "cascade",
+        },
+      },
+      {
+        -- a unique API key
+        key = {
+          type      = "string",
+          required  = false,
+          unique    = true,
+          auto      = true,
+        },
+      },
+    },
+  },
+}
+```
+
+This example `daos.lua` file introduces a single schema called `keyauth_credentials`.
+
+Here is a description of some top-level properties:
+
+<table>
+<tbody>
+<tr><th>Name</th><th>Type</th><th>Description</th></tr>
+<tr>
+  <td><code>name</code></td>
+  <td><code>string</code> (required)</td>
+  <td>It will be used to determine the DAO name (<code>kong.db.[name]</code>).</td>
+</tr>
+<tr>
+  <td><code>primary_key</code></td>
+  <td><code>table</code> (required)</td>
+  <td>
+    Field names forming the entity's primary key.
+    Schemas support composite keys, even if most Kong core entities currently use an UUID named
+    <code>id</code>. If you are using Cassandra and need a composite key, it should have the same
+    fields as the partition key.
+  </td>
+</tr>
+<tr>
+<td><code>endpoint_key</code></td>
+  <td><code>string</code> (optional)</td>
+  <td>
+    The name of the field used as an alternative identifier on the Admin API.
+    On the example above, <code>key</code> is the endpoint_key. This means that a credential with
+    <code>id = 123</code> and <code>key = "foo"</code> could be referenced as both
+    <code>/keyauth_credentials/123</code> and <code>/keyauth_credentials/foo</code>.
+  </td>
+</tr>
+<tr>
+  <td><code>cache_key</code></td>
+  <td><code>table</code> (optional)</td>
+  <td>
+    Contains the name of the fields used for generating the <code>cache_key</code>, a string which must
+    unequivocally identify the entity inside Kong's cache. A unique field, like <code>key</code> in your example,
+    is usually good candidate. In other cases a combination of several fields is preferable.
+  </td>
+</tr>
+<tr>
+  <td><code>generate_admin_api</code></td>
+  <td><code>boolean</code> (optional)</td>
+  <td>
+    Whether to auto-generate admin api for the entity or not. By default the admin api is generated for all
+   daos, including custom ones. If you want to create a fully customized admin api for the dao or
+    want to disable auto-generation for the dao altogether, set this option to <code>false</code>.
+  </td>
+</tr>
+<tr>
+  <td><code>admin_api_name</code></td>
+  <td><code>boolean</code> (optional)</td>
+  <td>
+    When <code>generate_admin_api</code> is enabled the admin api auto-generator uses the <code>name</code>
+    to derive the collection urls for the auto-generated admin api. Sometimes you may want to name the 
+    collection urls differently from the <code>name</code>. E.g. with DAO <code>keyauth_credentials</code>
+    we actually wanted the auto-generator to generate endpoints for this dao with alternate and more
+    url-friendly name <code>key-auths</code>, e.g. <code>http://&lt;KONG_ADMIN&gt;/key-auths</code> instead of
+    <code>http://&lt;KONG_ADMIN&gt;/keyauth_credentials</code>).
+  </td>
+</tr>
+<tr>
+  <td><code>admin_api_nested_name</code></td>
+  <td><code>boolean</code> (optional)</td>
+  <td>
+    Similar to <code>admin_api_name</code> the <code>admin_api_nested_name</code> specifies the name for
+    a dao that admin api auto-generator creates in nested contexts. You only need to use this parameter
+    if you are not happy with <code>name</code> or <code>admin_api_name</code>. Kong for legacy reasons
+    have urls like <code>http://&lt;KONG_ADMIN&gt;/consumers/john/key-auth</code> where <code>key-auth</code>
+    does not follow plural form of <code>http://&lt;KONG_ADMIN&gt;/key-auths</code>. <code>admin_api_nested_name</code>
+    enables you to specify different name in those cases.
+  </td>
+</tr>
+<tr>
+  <td><code>fields</code></td>
+  <td><code>table</code></td>
+  <td>
+    Each field definition is a table with a single key, which is the field's name. The table value is
+    a subtable containing the field's <em>attributes</em>, some of which will be explained below.
+  </td>
+</tr>
+</tbody>
+</table>
+
+Many field attributes encode *validation rules*. When attempting to insert or update entities using
+the DAO, these validations will be checked, and an error returned if the provided input doesn't conform
+to them.
+
+The `typedefs` variable (obtained by requiring `kong.db.schema.typedefs`) is a table containing
+a lot of useful type definitions and aliases, including `typedefs.uuid`, the most usual type for the primary key,
+and `typedefs.auto_timestamp_s`, for `created_at` fields. It is used extensively when defining fields.
+
+Here's a non-exhaustive explanation of some of the field attributes available:
+
+<table>
+<tbody>
+<tr><th>Attribute name</th><th>type</th><th>Description</th></tr>
+<tr>
+  <td><code>type</code></td>
+  <td><code>string</code></td>
+  <td>
+    Schemas support the following scalar types: <code>"string"</code>, <code>"integer"</code>, <code>"number"</code> and
+    <code>"boolean"</code>. Compound types like <code>"array"</code>, <code>"record"</code>, or <code>"set"</code> are
+    also supported.<br><br>
+
+    In additon to these values, the <code>type</code> attribute can also take the special <code>"foreign"</code> value,
+    which denotes a foreign relationship.<br><br>
+
+    Each field will need to be backed by database fields of appropriately similar types, created via migrations.<br><br>
+
+    <code>type</code> is the only required attribute for all field definitions.
+  </td>
+</tr>
+<tr>
+  <td><code>default</code></td>
+  <td><code>any</code> (matching with <code>type</code> attribute)</td>
+  <td>
+    Specifies the value the field will have when attempting to insert it, if no value was provided.
+    Default values are always set via Lua, never by the underlying database. It is thus not recommended to set
+    any default values on fields in migrations.
+  </td>
+</tr>
+<tr>
+  <td><code>required</code></td>
+  <td><code>boolean</code></td>
+  <td>
+    When set to <code>true</code> on a field, an error will be thrown when attempting to insert an entity lacking a value
+    for said field (unless the field in question has a default value).
+  </td>
+</tr>
+<tr>
+  <td><code>unique</code></td>
+  <td><code>boolean</code></td>
+  <td>
+  <p>When set to <code>true</code> on a field, an error will be thrown when attempting to insert an entity on the database,
+    but another entity already has the given value on said field.</p>
+
+  <p>This attribute <em>must</em> be backed up by declaring fields as <code>UNIQUE</code> in migrations when using
+    PostgreSQL. The Cassandra strategy does a check in Lua before attempting inserts, so it doesn't require any special treatment.
+  </p>
+  </td>
+</tr>
+<tr>
+  <td><code>auto</code></td>
+  <td><code>boolean</code></td>
+  <td>
+  When attempting to insert an entity without providing a value for this a field where <code>auto</code> is set to <code>true</code>,
+  <br><br>
+  <ul>
+    <li>If <code>type == "uuid"</code>, the field will take a random UUID as value.</li>
+    <li>If <code>type == "string"</code>, the field will take a random string.</li>
+    <li>If the field name is <code>created_at</code> or <code>updated_at</code>, the field will take the current time when
+    inserting / updating, as appropriate.</li>
+  </ul>
+  </td>
+</tr>
+<tr>
+  <td><code>reference</code></td>
+  <td><code>string</code></td>
+  <td>Required for fields of type <code>foreign</code>. The given string <em>must</em> be the name of an existing schema,
+    to which the foreign key will "point to". This means that if a schema B has a foreign key pointing to schema A,
+    then A needs to be loaded before B.
+  </td>
+</tr>
+<tr>
+  <td><code>on_delete</code></td>
+  <td><code>string</code></td>
+  <td>
+    Optional and exclusive for fields of type <code>foreign</code>. It dictates what must happen
+    with entities linked by a foreign key when the entity being referenced is deleted. It can have three possible
+    values:<br><br>
+
+    <ul>
+      <li><code>"cascade"</code>: When the linked entity is deleted, all the dependent entities must also be deleted.</li>
+      <li><code>"null"</code>: When the linked entity is deleted, all the dependent entities will have their foreign key
+      field set to <code>null</code>.</li>
+      <li><code>"restrict"</code>: Attempting to delete an entity with linked entities will result in an error.</li>
+    </ul>
+
+    <br><br>
+    In Cassandra this is handled with pure Lua code, but in PostgreSQL it will be necessary to declare the references
+    as <code>ON DELETE CASCADE/NULL/RESTRICT</code> in a migration.
+  </td>
+</tr>
+</tbody>
+</table>
+
+
+To learn more about schemas, see:
+
+* The source code of [typedefs.lua](https://github.com/Kong/kong/blob/{{page.kong_version | replace: "x", "0"}}/kong/db/schema/typedefs.lua)
+  to get an idea of what's provided there by default.
+* [The Core Schemas](https://github.com/Kong/kong/tree/{{page.kong_version | replace: "x", "0"}}/kong/db/schema/entities)
+  to see examples of some other field attributes not discussed here.
+* [All the `daos.lua` files for embedded plugins](https://github.com/search?utf8=%E2%9C%93&q=repo%3Akong%2Fkong+path%3A%2Fkong%2Fplugins+filename%3Adaos.lua),
+  especially [the key-auth one](https://github.com/Kong/kong/blob/{{page.kong_version | replace: "x", "0"}}/kong/plugins/key-auth/daos.lua),
+  which was used for this guide as an example.
+
+---
+
+## The custom DAO
+
+The schemas are not used directly to interact with the database. Instead, a DAO
+is built for each valid schema. A DAO takes the name of the schema it wraps, and is
+accessible through the `kong.db` interface.
+
+For the example schema above, the DAO generated would be available for plugins
+via `kong.db.keyauth_credentials`.
+
+### Selecting an entity
+
+``` lua
+local entity, err, err_t = kong.db.<name>:select(primary_key)
+```
+
+Attempts to find an entity in the database and return it. Three things can happen:
+
+* The entity was found. In this case, it is returned as a regular Lua table.
+* An error occurred - for example the connection with the database was lost. In that
+  case the first returned value will be `nil`, the second one will be a string
+  describing the error, and the last one will be the same error in table form.
+* An error does not occur but the entity is not found. Then the function will
+  just return `nil`, with no error.
+
+Example of usage:
+
+``` lua
+local entity, err = kong.db.keyauth_credentials:select({
+  id = "c77c50d2-5947-4904-9f37-fa36182a71a9"
+})
+
+if err then
+  kong.log.err("Error when inserting keyauth credential: " .. err)
+  return nil
+end
+
+if not entity then
+  kong.log.err("Could not find credential.")
+  return nil
+end
+```
+
+### Iterating over all the entities
+
+``` lua
+for entity, err on kong.db.<name>:each(entities_per_page) do
+  if err then
+    ...
+  end
+  ...
+end
+```
+
+This method efficiently iterates over all the entities in the database by making paginated
+requests. The `entities_per_page` parameter, which defaults to `100`, controls how many
+entities per page are returned.
+
+On each iteration, a new `entity` will be returned or, if there is any error, the `err`
+variable will be filled up with an error. The recommended way to iterate is checking `err` first,
+and otherwise assume that `entity` is present.
+
+Example of usage:
+
+``` lua
+for credential, err on kong.db.keyauth_credentials:each(1000) do
+  if err then
+    kong.log.err("Error when iterating over keyauth credentials: " .. err)
+    return nil
+  end
+
+  kong.log("id: " .. credential.id)
+end
+```
+
+This example iterates over the credentials in pages of 1000 items, logging their ids unless
+an error happens.
+
+### Inserting an entity
+
+``` lua
+local entity, err, err_t = kong.db.<name>:insert(<values>)
+```
+
+Inserts an entity in the database, and returns a copy of the inserted entity, or
+`nil`, an error message (a string) and a table describing the error in table form.
+
+When the insert is successful, the returned entity contains the extra values produced by
+`default` and `auto`.
+
+The following example uses the `keyauth_credentials` DAO to insert a credential for a given
+Consumer, setting its `key` to `"secret"`. Notice the syntax for referencing foreign keys.
+
+``` lua
+local entity, err = kong.db.keyauth_credentials:insert({
+  consumer = { id = "c77c50d2-5947-4904-9f37-fa36182a71a9" },
+  key = "secret",
+})
+
+if not entity then
+  kong.log.err("Error when inserting keyauth credential: " .. err)
+  return nil
+end
+```
+
+The returned entity, assuming no error happened will have `auto`-filled fields, like `id` and `created_at`.
+
+### Updating an entity
+
+``` lua
+local entity, err, err_t = kong.db.<name>:update(primary_key, <values>)
+```
+
+Updates an existing entity, provided it can be found using the provided primary key and a set of values.
+
+The returned entity will be the entity after the update takes place, or `nil` + an error message + an error table.
+
+The following example modifies the `key` field of an existing credential given the credential's id:
+
+``` lua
+local entity, err = kong.db.keyauth_credentials:update({
+  { id = "2b6a2022-770a-49df-874d-11e2bf2634f5" },
+  { key = "updated_secret" },
+})
+
+if not entity then
+  kong.log.err("Error when updating keyauth credential: " .. err)
+  return nil
+end
+```
+
+Notice how the syntax for specifying a primary key is similar to the one used to specify a foreign key.
+
+### Upserting an entity
+
+``` lua
+local entity, err, err_t = kong.db.<name>:upsert(primary_key, <values>)
+```
+
+`upsert` is a mixture of `insert` and `update`:
+
+* When the provided `primary_key` identifies an existing entity, it works like `update`.
+* When the provided `primary_key` does not identify an existing entity, it works like `insert`
+
+Given this code:
+
+``` lua
+local entity, err = kong.db.keyauth_credentials:upsert({
+  { id = "2b6a2022-770a-49df-874d-11e2bf2634f5" },
+  { consumer = { id = "a96145fb-d71e-4c88-8a5a-2c8b1947534c" } },
+})
+
+if not entity then
+  kong.log.err("Error when upserting keyauth credential: " .. err)
+  return nil
+end
+```
+
+Two things can happen:
+
+* If a credential with id `2b6a2022-770a-49df-874d-11e2bf2634f5` exists,
+  then this code will attempt to set its Consumer to the provided one.
+* If the credential does not exist, then this code is attempting to create
+  a new credential, with the given id and Consumer.
+
+### Deleting an entity
+
+``` lua
+local ok, err, err_t = kong.db.<name>:delete(primary_key)
+```
+
+Attempts to delete the entity identified by `primary_key`. It returns `true`
+if the entity *doesn't exist* after calling this method, or `nil` + error +
+error table if an error is detected.
+
+Notice that calling `delete` will succeed if the entity didn't exist *before
+calling it*. This is for performance reasons - we want to avoid doing a
+read-before-delete if we can avoid it. If you want to do this check, you
+must do it manually, by checking with `select` before invoking `delete`.
+
+Example:
+
+``` lua
+local ok, err = kong.db.keyauth_credentials:delete({
+  { id = "2b6a2022-770a-49df-874d-11e2bf2634f5" }
+})
+
+if not ok then
+  kong.log.err("Error when deleting keyauth credential: " .. err)
+  return nil
+end
+```
+
+---
+
+## Caching custom entities
+
+Sometimes custom entities are required on every request/response, which in turn
+triggers a query on the datastore every time. This is very inefficient because
+querying the datastore adds latency and slows the request/response down, and
+the resulting increased load on the datastore could affect the datastore
+performance itself and, in turn, other Kong nodes.
+
+When a custom entity is required on every request/response it is good practice
+to cache it in-memory by leveraging the in-memory cache API provided by Kong.
+
+The next chapter will focus on caching custom entities, and invalidating them
+when they change in the datastore: [Caching custom entities]({{page.book.next}}).
+
+---
+
+Next: [Caching custom entities &rsaquo;]({{page.book.next}})
+
+[Admin API]: /{{page.kong_version}}/admin-api/
+[Plugin Development Kit]: /{{page.kong_version}}/pdk
diff --git a/app/1.3.x/plugin-development/custom-logic.md b/app/1.3.x/plugin-development/custom-logic.md
new file mode 100644
index 000000000000..5e1e573be08e
--- /dev/null
+++ b/app/1.3.x/plugin-development/custom-logic.md
@@ -0,0 +1,303 @@
+---
+title: Plugin Development - Implementing Custom Logic
+book: plugin_dev
+chapter: 3
+---
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> This chapter assumes that you are familiar with
+  <a href="http://www.lua.org/">Lua</a>.
+</div>
+
+## Introduction
+
+A Kong plugin allows you to inject custom logic (in Lua) at several
+entry-points in the life-cycle of a request/response or a tcp stream
+connection as it is proxied by Kong. To do so, one must implement one
+or several of the methods of the `base_plugin.lua` interface. Those
+methods are to be implemented in a module namespaced under:
+`kong.plugins.<plugin_name>.handler`
+
+## Module
+
+```
+kong.plugins.<plugin_name>.handler
+```
+
+## Available contexts
+
+The plugins interface allows you to override any of the following methods in
+your `handler.lua` file to implement custom logic at various entry-points
+of the execution life-cycle of Kong:
+
+- **[HTTP Module]** *is used for plugins written for HTTP/HTTPS requests*
+
+| Function name      | Phase             | Description
+|--------------------|-------------------|------------
+| `:init_worker()`   | [init_worker]     | Executed upon every Nginx worker process's startup.
+| `:certificate()`   | [ssl_certificate] | Executed during the SSL certificate serving phase of the SSL handshake.
+| `:rewrite()`       | [rewrite]         | Executed for every request upon its reception from a client as a rewrite phase handler. *NOTE* in this phase neither the `Service` nor the `Consumer` have been identified, hence this handler will only be executed if the plugin was configured as a global plugin!
+| `:access()`        | [access]          | Executed for every request from a client and before it is being proxied to the upstream service.
+| `:header_filter()` | [header_filter]   | Executed when all response headers bytes have been received from the upstream service.
+| `:body_filter()`   | [body_filter]     | Executed for each chunk of the response body received from the upstream service. Since the response is streamed back to the client, it can exceed the buffer size and be streamed chunk by chunk. hence this method can be called multiple times if the response is large. See the [lua-nginx-module] documentation for more details.
+| `:log()`           | [log]             | Executed when the last response byte has been sent to the client.
+
+- **[Stream Module]** *is used for plugins written for TCP stream connections*
+
+| Function name      | Phase                                                                        | Description
+|--------------------|------------------------------------------------------------------------------|------------
+| `:init_worker()`   | [init_worker]                                                                | Executed upon every Nginx worker process's startup.
+| `:preread()`       | [preread]                                                                    | Executed once for every connection.
+| `:log()`           | [log](https://github.com/openresty/stream-lua-nginx-module#log_by_lua_block) | Executed once for each connection after it has been closed.
+
+All of those functions, except `init_worker`, take one parameter which is given
+by Kong upon its invocation: the configuration of your plugin. This parameter
+is a Lua table, and contains values defined by your users, according to your
+plugin's schema (described in the `schema.lua` module). More on plugins schemas
+in the [next chapter]({{page.book.next}}).
+
+[HTTP Module]: https://github.com/openresty/lua-nginx-module
+[Stream Module]: https://github.com/openresty/stream-lua-nginx-module
+[init_worker]: https://github.com/openresty/lua-nginx-module#init_worker_by_lua_by_lua_block
+[ssl_certificate]: https://github.com/openresty/lua-nginx-module#ssl_certificate_by_lua_block
+[rewrite]: https://github.com/openresty/lua-nginx-module#rewrite_by_lua_block
+[access]: https://github.com/openresty/lua-nginx-module#access_by_lua_block
+[header_filter]: https://github.com/openresty/lua-nginx-module#header_filter_by_lua_block
+[body_filter]: https://github.com/openresty/lua-nginx-module#body_filter_by_lua_block
+[log]: https://github.com/openresty/lua-nginx-module#log_by_lua_block
+[preread]: https://github.com/openresty/stream-lua-nginx-module#preread_by_lua_block
+
+---
+
+## handler.lua specifications
+
+The `handler.lua` file must return a table implementing the functions you wish
+to be executed. In favor of brevity, here is a commented example module
+implementing all the available methods of both modules (please note some
+of them are shared between modules, like `log`):
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> Kong uses the
+  <a href="https://github.com/rxi/classic">rxi/classic</a> module to simulate
+  classes in Lua and ease the inheritance pattern.
+</div>
+
+```lua
+-- Extending the Base Plugin handler is optional, as there is no real
+-- concept of interface in Lua, but the Base Plugin handler's methods
+-- can be called from your child implementation and will print logs
+-- in your `error.log` file (where all logs are printed).
+local BasePlugin = require "kong.plugins.base_plugin"
+
+
+local CustomHandler = BasePlugin:extend()
+
+
+CustomHandler.VERSION  = "1.0.0"
+CustomHandler.PRIORITY = 10
+
+
+-- Your plugin handler's constructor. If you are extending the
+-- Base Plugin handler, it's only role is to instantiate itself
+-- with a name. The name is your plugin name as it will be printed in the logs.
+function CustomHandler:new()
+  CustomHandler.super.new(self, "my-custom-plugin")
+end
+
+function CustomHandler:init_worker()
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.init_worker(self)
+
+  -- Implement any custom logic here
+end
+
+
+function CustomHandler:preread(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.preread(self)
+
+  -- Implement any custom logic here
+end
+
+
+function CustomHandler:certificate(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.certificate(self)
+
+  -- Implement any custom logic here
+end
+
+function CustomHandler:rewrite(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.rewrite(self)
+
+  -- Implement any custom logic here
+end
+
+function CustomHandler:access(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.access(self)
+
+  -- Implement any custom logic here
+end
+
+function CustomHandler:header_filter(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.header_filter(self)
+
+  -- Implement any custom logic here
+end
+
+function CustomHandler:body_filter(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.body_filter(self)
+
+  -- Implement any custom logic here
+end
+
+function CustomHandler:log(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.log(self)
+
+  -- Implement any custom logic here
+end
+
+-- This module needs to return the created table, so that Kong
+-- can execute those functions.
+return CustomHandler
+```
+
+Of course, the logic of your plugin itself can be abstracted away in another
+module, and called from your `handler` module. Many existing plugins have
+already chosen this pattern when their logic is verbose, but it is purely
+optional:
+
+```lua
+local BasePlugin = require "kong.plugins.base_plugin"
+
+-- The actual logic is implemented in those modules
+local access = require "kong.plugins.my-custom-plugin.access"
+local body_filter = require "kong.plugins.my-custom-plugin.body_filter"
+
+
+local CustomHandler = BasePlugin:extend()
+
+
+CustomHandler.VERSION  = "1.0.0"
+CustomHandler.PRIORITY = 10 
+
+
+function CustomHandler:new()
+  CustomHandler.super.new(self, "my-custom-plugin")
+end
+
+function CustomHandler:access(config)
+  CustomHandler.super.access(self)
+
+  -- Execute any function from the module loaded in `access`,
+  -- for example, `execute()` and passing it the plugin's configuration.
+  access.execute(config)
+end
+
+function CustomHandler:body_filter(config)
+  CustomHandler.super.body_filter(self)
+
+  -- Execute any function from the module loaded in `body_filter`,
+  -- for example, `execute()` and passing it the plugin's configuration.
+  body_filter.execute(config)
+end
+
+
+return CustomHandler
+```
+
+See [the source code of the Key-Auth plugin](https://github.com/Kong/kong/blob/master/kong/plugins/key-auth/handler.lua)
+for an example of a real-life handler code.
+
+---
+
+## Plugin Development Kit
+
+Logic implemented in those phases will most likely have to interact with the
+request/response objects or core components (e.g. access the cache, and
+database). Kong provides a [Plugin Development Kit][pdk] (or "PDK") for such
+purposes: a set of Lua functions and variables that can be used by plugins to
+execute various gateway operations in a way that is guaranteed to be
+forward-compatible with future releases of Kong.
+
+When you are trying to implement some logic that needs to interact with Kong
+(e.g. retrieving request headers, producing a response from a plugin, logging
+some error or debug information), you should consult the [Plugin Development
+Kit Reference][pdk].
+
+---
+
+## Plugins execution order
+
+Some plugins might depend on the execution of others to perform some
+operations. For example, plugins relying on the identity of the consumer have
+to run **after** authentication plugins. Considering this, Kong defines
+**priorities** between plugins execution to ensure that order is respected.
+
+Your plugin's priority can be configured via a property accepting a number in
+the returned handler table:
+
+```lua
+CustomHandler.PRIORITY = 10
+```
+
+The higher the priority, the sooner your plugin's phases will be executed in
+regard to other plugins' phases (such as `:access()`, `:log()`, etc.).
+
+The current order of execution for the bundled plugins is:
+
+Plugin                      | Priority
+----------------------------|----------
+pre-function                | `+inf`
+zipkin                      | 100000
+ip-restriction              | 3000
+bot-detection               | 2500
+cors                        | 2000
+session                     | 1900
+kubernetes-sidecar-injector | 1006
+jwt                         | 1005
+oauth2                      | 1004
+key-auth                    | 1003
+ldap-auth                   | 1002
+basic-auth                  | 1001
+hmac-auth                   | 1000
+request-size-limiting       | 951
+acl                         | 950
+rate-limiting               | 901
+response-ratelimiting       | 900
+request-transformer         | 801
+response-transformer        | 800
+aws-lambda                  | 750
+azure-functions             | 749
+prometheus                  | 13
+http-log                    | 12
+statsd                      | 11
+datadog                     | 10
+file-log                    | 9
+udp-log                     | 8
+tcp-log                     | 7
+loggly                      | 6
+syslog                      | 4
+request-termination         | 2
+correlation-id              | 1
+post-function               | -1000
+
+---
+
+Next: [Plugin configuration &rsaquo;]({{page.book.next}})
+
+[lua-nginx-module]: https://github.com/openresty/lua-nginx-module
+[pdk]: /{{page.kong_version}}/pdk
diff --git a/app/1.3.x/plugin-development/distribution.md b/app/1.3.x/plugin-development/distribution.md
new file mode 100644
index 000000000000..3b1d6bf66a9c
--- /dev/null
+++ b/app/1.3.x/plugin-development/distribution.md
@@ -0,0 +1,306 @@
+---
+title: Plugin Development - (un)Installing your plugin
+book: plugin_dev
+chapter: 10
+---
+
+## Introduction
+
+Custom plugins for Kong consist of Lua source files that need to be in the file
+system of each of your Kong nodes. This guide will provide you with
+step-by-step instructions that will make a Kong node aware of your custom
+plugin(s).
+
+These steps should be applied to each node in your Kong cluster, to ensure the
+custom plugin(s) are available on each one of them.
+
+## Packaging sources
+
+You can either use a regular packing strategy (e.g. `tar`), or use the LuaRocks
+package manager to do it for you. We recommend LuaRocks as it is installed
+along with Kong when using one of the official distribution packages.
+
+When using LuaRocks, you must create a `rockspec` file, which specifies the
+package contents. For an example see the [Kong plugin
+template][plugin-template], for more info about the format see the LuaRocks
+[documentation on rockspecs][rockspec].
+
+Pack your rock using the following command (from the plugin repo):
+
+    # install it locally (based on the `.rockspec` in the current directory)
+    $ luarocks make
+
+    # pack the installed rock
+    $ luarocks pack <plugin-name> <version>
+
+Assuming your plugin rockspec is called
+`kong-plugin-my-plugin-0.1.0-1.rockspec`, the above would become;
+
+    $ luarocks pack kong-plugin-my-plugin 0.1.0-1
+
+The LuaRocks `pack` command has now created a `.rock` file (this is simply a
+zip file containing everything needed to install the rock).
+
+If you do not or cannot use LuaRocks, then use `tar` to pack the
+`.lua` files of which your plugin consists into a `.tar.gz` archive. You can
+also include the `.rockspec` file if you do have LuaRocks on the target
+systems.
+
+The contents of this archive should be close to the following:
+
+    $ tree <plugin-name>
+    <plugin-name>
+    ├── INSTALL.txt
+    ├── README.md
+    ├── kong
+    │   └── plugins
+    │       └── <plugin-name>
+    │           ├── handler.lua
+    │           └── schema.lua
+    └── <plugin-name>-<version>.rockspec
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Installing the plugin
+
+For a Kong node to be able to use the custom plugin, the custom plugin's Lua
+sources must be installed on your host's file system. There are multiple ways
+of doing so: via LuaRocks, or manually. Choose one, and jump to section 3.
+
+1. Via LuaRocks from the created 'rock'
+
+    The `.rock` file is a self contained package that can be installed locally
+    or from a remote server.
+
+    If the `luarocks` utility is installed in your system (this is likely the
+    case if you used one of the official installation packages), you can
+    install the 'rock' in your LuaRocks tree (a directory in which LuaRocks
+    installs Lua modules).
+
+    It can be installed by doing:
+
+        $ luarocks install <rock-filename>
+
+    The filename can be a local name, or any of the supported methods, eg.
+    `http://myrepository.lan/rocks/my-plugin-0.1.0-1.all.rock`
+
+2. Via LuaRocks from the source archive
+
+    If the `luarocks` utility is installed in your system (this is likely the
+    case if you used one of the official installation packages), you can
+    install the Lua sources in your LuaRocks tree (a directory in which
+    LuaRocks installs Lua modules).
+
+    You can do so by changing the current directory to the extracted archive,
+    where the rockspec file is:
+
+        $ cd <plugin-name>
+
+    And then run the following:
+
+        $ luarocks make
+
+    This will install the Lua sources in `kong/plugins/<plugin-name>` in your
+    system's LuaRocks tree, where all the Kong sources are already present.
+
+3. Manually
+
+    A more conservative way of installing your plugin's sources is
+    to avoid "polluting" the LuaRocks tree, and instead, point Kong
+    to the directory containing them.
+
+    This is done by tweaking the `lua_package_path` property of your Kong
+    configuration. Under the hood, this property is an alias to the `LUA_PATH`
+    variable of the Lua VM, if you are familiar with it.
+
+    Those properties contain a semicolon-separated list of directories in
+    which to search for Lua sources. It should be set like so in your Kong
+    configuration file:
+
+        lua_package_path = /<path-to-plugin-location>/?.lua;;
+
+    Where:
+
+    * `/<path-to-plugin-location>` is the path to the directory containing the
+      extracted archive. It should be the location of the `kong` directory
+      from the archive.
+    * `?` is a placeholder that will be replaced by
+      `kong.plugins.<plugin-name>` when Kong will try to load your plugin. Do
+      not change it.
+    * `;;` a placeholder for the "the default Lua path". Do not change it.
+
+    Example:
+
+    The plugin `something` being located on the file system such that the
+    handler file is:
+
+        /usr/local/custom/kong/plugins/<something>/handler.lua
+
+    The location of the `kong` directory is: `/usr/local/custom`, hence the
+    proper path setup would be:
+
+        lua_package_path = /usr/local/custom/?.lua;;
+
+    Multiple plugins:
+
+    If you wish to install two or more custom plugins this way, you can set
+    the variable to something like:
+
+        lua_package_path = /path/to/plugin1/?.lua;/path/to/plugin2/?.lua;;
+
+    * `;` is the separator between directories.
+    * `;;` still means "the default Lua path".
+
+    Note: you can also set this property via its environment variable
+    equivalent: `KONG_LUA_PACKAGE_PATH`.
+
+Reminder: regardless of which method you are using to install your plugin's
+sources, you must still do so for each node in your Kong cluster.
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Load the plugin
+
+You must now add the custom plugin's name to the `plugins` list in your
+Kong configuration (on each Kong node):
+
+    plugins = bundled,<plugin-name>
+
+Or, if you don't want to include the bundled plugins:
+
+    plugins = <plugin-name>
+
+
+If you are using two or more custom plugins, insert commas in between, like so:
+
+    plugins = bundled,plugin1,plugin2
+
+Or
+
+    plugins = plugin1,plugin2
+
+Note: you can also set this property via its environment variable equivalent:
+`KONG_PLUGINS`.
+
+Reminder: don't forget to update the `plugins` directive for each node
+in your Kong cluster.
+
+Reminder: the plugin will take effect after restart kong:
+    
+    kong restart
+
+But, if you want to apply plugin while kong never stop, you can use this:
+
+    kong prepare
+    kong reload
+    
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Verify loading the plugin
+
+You should now be able to start Kong without any issue. Consult your custom
+plugin's instructions on how to enable/configure your plugin
+on a Service, Route, or Consumer entity.
+
+To make sure your plugin is being loaded by Kong, you can start Kong with a
+`debug` log level:
+
+    log_level = debug
+
+or:
+
+    KONG_LOG_LEVEL=debug
+
+Then, you should see the following log for each plugin being loaded:
+
+    [debug] Loading plugin <plugin-name>
+
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Removing a plugin
+
+There are three steps to completely remove a plugin.
+
+1. Remove the plugin from your Kong Service or Route configuration. Make sure
+   that it is no longer applied globally nor for any Service, Route, or
+   consumer. This has to be done only once for the entire Kong cluster, no
+   restart/reload required.  This step in itself will make that the plugin is
+   no longer in use. But it remains available and it is still possible to
+   re-apply the plugin.
+
+2. Remove the plugin from the `plugins` directive (on each Kong node).
+   Make sure to have completed step 1 before doing so. After this step
+   it will be impossible for anyone to re-apply the plugin to any Kong
+   Service, Route, Consumer, or even globally. This step requires to
+   restart/reload the Kong node to take effect.
+
+3. To remove the plugin thoroughly, delete the plugin-related files from
+   each of the Kong nodes. Make sure to have completed step 2, including
+   restarting/reloading Kong, before deleting the files. If you used LuaRocks
+   to install the plugin, you can do `luarocks remove <plugin-name>` to remove
+   it.
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Distributing your plugin
+
+The preferred way to do so is to use [LuaRocks](https://luarocks.org/), a
+package manager for Lua modules. It calls such modules "rocks". **Your module
+does not have to live inside the Kong repository**, but it can be if that's
+how you'd like to maintain your Kong setup.
+
+By defining your modules (and their eventual dependencies) in a [rockspec]
+file, you can install those modules on your platform via LuaRocks. You can
+also upload your module on LuaRocks and make it available to everyone!
+
+Here is an example rockspec which would use the "builtin" build type to define
+modules in Lua notation and their corresponding file:
+
+
+For an example see the [Kong plugin template][plugin-template], for more info
+about the format see the LuaRocks [documentation on rockspecs][rockspec].
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Troubleshooting
+
+Kong can fail to start because of a misconfigured custom plugin for several
+reasons:
+
+* "plugin is in use but not enabled" -> You configured a custom plugin from
+  another node, and that the plugin configuration is in the database, but the
+  current node you are trying to start does not have it in its `plugins`
+  directive. To resolve, add the plugin's name to the node's `plugins`
+  directive.
+
+* "plugin is enabled but not installed" -> The plugin's name is present in the
+  `plugins` directive, but that Kong is unable to load the `handler.lua`
+  source file from the file system. To resolve, make sure that the
+  [lua_package_path](/{{page.kong_version}}/configuration/#development-miscellaneous-section)
+  directive is properly set to load this plugin's Lua sources.
+
+* "no configuration schema found for plugin" -> The plugin is installed,
+  enabled in the `plugins` directive, but Kong is unable to load the
+  `schema.lua` source file from the file system. To resolve, make sure that
+  the `schema.lua` file is present alongside the plugin's `handler.lua` file.
+
+[Back to TOC](#table-of-contents)
+
+---
+
+[rockspec]: https://github.com/keplerproject/luarocks/wiki/Creating-a-rock
+[plugin-template]: https://github.com/Kong/kong-plugin
diff --git a/app/1.3.x/plugin-development/entities-cache.md b/app/1.3.x/plugin-development/entities-cache.md
new file mode 100644
index 000000000000..50eb5cd3eb15
--- /dev/null
+++ b/app/1.3.x/plugin-development/entities-cache.md
@@ -0,0 +1,351 @@
+---
+title: Plugin Development - Caching Custom Entities
+book: plugin_dev
+chapter: 7
+---
+
+## Introduction
+
+Your plugin may need to frequently access custom entities (explained in the
+[previous chapter]({{page.book.previous}})) on every request and/or response.
+Usually, loading them once and caching them in-memory dramatically improves
+the performance while making sure the datastore is not stressed with an
+increased load.
+
+Think of an api-key authentication plugin that needs to validate the api-key on
+every request, thus loading the custom credential object from the datastore on
+every request. When the client provides an api-key along with the request,
+normally you would query the datastore to check if that key exists, and then
+either block the request or retrieve the Consumer ID to identify the user. This
+would happen on every request, and it would be very inefficient:
+
+* Querying the datastore adds latency on every request, making the request
+  processing slower.
+* The datastore would also be affected by an increase of load, potentially
+  crashing or slowing down, which in turn would affect every Kong
+  node.
+
+To avoid querying the datastore every time, we can cache custom entities
+in-memory on the node, so that frequent entity lookups don't trigger a
+datastore query every time (only the first time), but happen in-memory, which
+is much faster and reliable that querying it from the datastore (especially
+under heavy load).
+
+## Modules
+
+```
+kong.plugins.<plugin_name>.daos
+```
+
+## Caching custom entities
+
+Once you have defined your custom entities, you can cache them in-memory in
+your code by using the [kong.cache](/{{page.kong_version}}/pdk/#kong-cache)
+module provided by the [Plugin Development Kit]:
+
+```
+local cache = kong.cache
+```
+
+There are 2 levels of cache:
+
+1. L1: Lua memory cache - local to an Nginx worker process.
+   This can hold any type of Lua value.
+2. L2: Shared memory cache (SHM) - local to an Nginx node, but shared between
+   all the workers. This can only hold scalar values, and hence requires
+   (de)serialization of a more complex types such as Lua tables.
+
+When data is fetched from the database, it will be stored in both caches. 
+If the same worker process requests the data again, it will retrieve the
+previously deserialized data from the Lua memory cache. If a different
+worker within the same Nginx node requests that data, it will find the data
+in the SHM, deserialize it (and store it in its own Lua memory cache) and
+then return it.
+
+This module exposes the following functions:
+
+Function name                                 | Description
+----------------------------------------------|---------------------------
+`value, err = cache:get(key, opts?, cb, ...)` | Retrieves the value from the cache. If the cache does not have value (miss), invokes `cb` in protected mode. `cb` must return one (and only one) value that will be cached. It *can* throw errors, as those will be caught and properly logged by Kong, at the `ngx.ERR` level. This function **does** cache negative results (`nil`). As such, one must rely on its second argument `err` when checking for errors.
+`ttl, err, value = cache:probe(key)`          | Checks if a value is cached. If it is, returns its remaining ttl. It not, returns `nil`. The value being cached can also be a negative caching. The third return value is the value being cached itself.
+`cache:invalidate_local(key)`                 | Evicts a value from the node's cache.
+`cache:invalidate(key)`                       | Evicts a value from the node's cache **and** propagates the eviction events to all other nodes in the cluster.
+`cache:purge()`                               | Evicts **all** values from the node's cache.
+
+Bringing back our authentication plugin example, to lookup a credential with a
+specific api-key, we would write something similar to:
+
+```lua
+-- handler.lua
+local BasePlugin = require "kong.plugins.base_plugin"
+
+
+local kong = kong
+
+
+local function load_credential(key)
+  local credential, err = kong.db.keyauth_credentials:select_by_key(key)
+  if not credential then
+    return nil, err
+  end
+  return credential
+end
+
+
+local CustomHandler = BasePlugin:extend()
+
+
+CustomHandler.VERSION  = "1.0.0"
+CustomHandler.PRIORITY = 1010
+
+
+function CustomHandler:new()
+  CustomHandler.super.new(self, "my-custom-plugin")
+end
+
+
+function CustomHandler:access(config)
+  CustomHandler.super.access(self)
+  
+  -- retrieve the apikey from the request querystring
+  local key = kong.request.get_query_arg("apikey")
+
+  local credential_cache_key = kong.db.keyauth_credentials:cache_key(key)
+
+  -- We are using cache.get to first check if the apikey has been already
+  -- stored into the in-memory cache. If it's not, then we lookup the datastore
+  -- and return the credential object. Internally cache.get will save the value
+  -- in-memory, and then return the credential.
+  local credential, err = kong.cache:get(credential_cache_key, nil,
+                                         load_credential, credential_cache_key)
+  if err then
+    kong.log.err(err)
+    return kong.response.exit(500, {
+      message = "Unexpected error"
+    })
+  end
+    
+  if not credential then
+    -- no credentials in cache nor datastore
+    return kong.response.exit(401, {
+      message = "Invalid authentication credentials"
+    })
+  end
+    
+  -- set an upstream header if the credential exists and is valid
+  kong.service.request.set_header("X-API-Key", credential.apikey)
+end
+
+
+return CustomHandler
+```
+
+Note that in the above example, we use various components from the [Plugin
+Development Kit] to interact with the request, cache module, or even produce a
+response from our plugin.
+
+Now, with the above mechanism in place, once a Consumer has made a request with
+their API key, the cache will be considered warm and subsequent requests won't
+result in a database query.
+
+The cache is used in several places in the [Key-Auth plugin handler](https://github.com/Kong/kong/blob/master/kong/plugins/key-auth/handler.lua).
+Give that file a look in order to see how an official plugin uses the cache.
+
+### Updating or deleting a custom entity
+
+Every time a cached custom entity is updated or deleted in the datastore (i.e.
+using the Admin API), it creates an inconsistency between the data in the
+datastore, and the data cached in the Kong nodes' memory. To avoid this
+inconsistency, we need to evict the cached entity from the in-memory store and
+force Kong to request it again from the datastore. We refer to this process as
+cache invalidation.
+
+---
+
+## Cache invalidation for your entities
+
+If you wish that your cached entities be invalidated upon a CRUD operation
+rather than having to wait for them to reach their TTL, you have to follow a
+few steps. This process can be automated for most entities, but manually
+subscribing to some CRUD events might be required to invalidate some entities
+with more complex relationships.
+
+### Automatic cache invalidation
+
+Cache invalidation can be provided out of the box for your entities if you rely
+on the `cache_key` property of your entity's schema. For example, in the
+following schema:
+
+```lua
+local typedefs = require "kong.db.schema.typedefs"
+
+
+return {
+  -- this plugin only results in one custom DAO, named `keyauth_credentials`:
+  keyauth_credentials = {
+    name                  = "keyauth_credentials", -- the actual table in the database
+    endpoint_key          = "key",
+    primary_key           = { "id" },
+    cache_key             = { "key" },
+    generate_admin_api    = true,
+    admin_api_name        = "key-auths",
+    admin_api_nested_name = "key-auth",    
+    fields = {
+      {
+        -- a value to be inserted by the DAO itself
+        -- (think of serial id and the uniqueness of such required here)
+        id = typedefs.uuid,
+      },
+      {
+        -- also interted by the DAO itself
+        created_at = typedefs.auto_timestamp_s,
+      },
+      {
+        -- a foreign key to a consumer's id
+        consumer = {
+          type      = "foreign",
+          reference = "consumers",
+          default   = ngx.null,
+          on_delete = "cascade",
+        },
+      },
+      {
+        -- a unique API key
+        key = {
+          type      = "string",
+          required  = false,
+          unique    = true,
+          auto      = true,
+        },
+      },
+    },
+  },
+}
+```
+
+We can see that we declare the cache key of this API key entity to be its
+`key` attribute. We use `key` here because it has a unique constraints
+applied to it. Hence, the attributes added to `cache_key` should result in
+a unique combination, so that no two entities could yield the same cache key.
+
+Adding this value allows you to use the following function on the DAO of that
+entity:
+
+```lua
+cache_key = kong.db.<dao>:cache_key(arg1, arg2, arg3, ...)
+```
+
+Where the arguments must be the attributes specified in your schema's
+`cache_key` property, in the order they were specified. This function then
+computes a string value `cache_key` that is ensured to be unique.
+
+For example, if we were to generate the cache_key of an API key:
+
+```lua
+local cache_key = kong.db.keyauth_credentials:cache_key("abcd")
+```
+
+This would produce a cache_key for the API key `"abcd"` (retrieved from one
+of the query's arguments) that we can the use to retrieve the key from the
+cache (or fetch from the database if the cache is a miss):
+
+```lua
+local key       = kong.request.get_query_arg("apikey")
+local cache_key = kong.db.keyauth_credentials:cache_key(key)
+
+local credential, err = kong.cache:get(cache_key, nil, load_entity_key, apikey)
+if err then
+  kong.log.err(err)
+  return kong.response.exit(500, { message = "Unexpected error" })
+end
+
+if not credential then
+  return kong.response.exit(401, { message = "Invalid authentication credentials" })
+end
+
+
+-- do something with the credential
+```
+
+If the `cache_key` is generated like so and specified in an entity's schema,
+cache invalidation will be an automatic process: every CRUD operation that
+affects this API key will be make Kong generate the affected `cache_key`, and
+broadcast it to all of the other nodes on the cluster so they can evict
+that particular value from their cache, and fetch the fresh value from the
+datastore on the next request.
+
+When a parent entity is receiving a CRUD operation (e.g. the Consumer owning
+this API key, as per our schema's `consumer_id` attribute), Kong performs the
+cache invalidation mechanism for both the parent and the child entity.
+
+**Note**: Be aware of the negative caching that Kong provides. In the above
+example, if there is no API key in the datastore for a given key, the cache
+module will store the miss just as if it was a hit. This means that a
+"Create" event (one that would create an API key with this given key) is also
+propagated by Kong so that all nodes that stored the miss can evict it, and
+properly fetch the newly created API key from the datastore.
+
+See the [Clustering Guide](/{{page.kong_version}}/clustering/) to ensure
+that you have properly configured your cluster for such invalidation events.
+
+### Manual cache invalidation
+
+In some cases, the `cache_key` property of an entity's schema is not flexible
+enough, and one must manually invalidate its cache. Reasons for this could be
+that the plugin is not defining a relationship with another entity via the
+traditional `foreign = "parent_entity:parent_attribute"` syntax, or because
+it is not using the `cache_key` method from its DAO, or even because it is
+somehow abusing the caching mechanism.
+
+In those cases, you can manually setup your own subscriber to the same
+invalidation channels Kong is listening to, and perform your own, custom
+invalidation work.
+
+To listen on invalidation channels inside of Kong, implement the following in
+your plugin's `init_worker` handler:
+
+```lua
+function MyCustomHandler:init_worker()
+  -- listen to all CRUD operations made on Consumers
+  kong.worker_events.register(function(data)
+
+  end, "crud", "consumers")
+
+  -- or, listen to a specific CRUD operation only
+  kong.worker_events.register(function(data)
+    kong.log.inspect(data.operation)  -- "update"
+    kong.log.inspect(data.old_entity) -- old entity table (only for "update")
+    kong.log.inspect(data.entity)     -- new entity table
+    kong.log.inspect(data.schema)     -- entity's schema
+  end, "crud", "consumers:update")
+end
+```
+
+Once the above listeners are in place for the desired entities, you can perform
+manual invalidations of any entity that your plugin has cached as you wish so.
+For instance:
+
+```lua
+kong.worker_events.register(function(data)
+  if data.operation == "delete" then
+    local cache_key = data.entity.id
+    kong.cache:invalidate("prefix:" .. cache_key)
+  end
+end, "crud", "consumers")
+```
+
+## Extending the Admin API
+
+As you are probably aware, the [Admin API] is where Kong users communicate with
+Kong to setup their APIs and plugins. It is likely that they also need to be
+able to interact with the custom entities you implemented for your plugin (for
+example, creating and deleting API keys). The way you would do this is by
+extending the Admin API, which we will detail in the next chapter:
+[Extending the Admin API]({{page.book.next}}).
+
+---
+
+Next: [Extending the Admin API &rsaquo;]({{page.book.next}})
+
+[Admin API]: /{{page.kong_version}}/admin-api/
+[Plugin Development Kit]: /{{page.kong_version}}/pdk
diff --git a/app/1.3.x/plugin-development/file-structure.md b/app/1.3.x/plugin-development/file-structure.md
new file mode 100644
index 000000000000..84f8599232c7
--- /dev/null
+++ b/app/1.3.x/plugin-development/file-structure.md
@@ -0,0 +1,124 @@
+---
+title: Plugin Development - File Structure
+book: plugin_dev
+chapter: 2
+---
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> This chapter assumes that you are familiar with
+  <a href="http://www.lua.org/">Lua</a>.
+</div>
+
+## Introduction
+
+Consider your plugin as a set of [Lua
+modules](http://www.lua.org/manual/5.1/manual.html#6.3). Each file described in
+this chapter is to be considered as a separate module. Kong will detect and
+load your plugin's modules if their names follow this convention:
+
+```
+kong.plugins.<plugin_name>.<module_name>
+```
+
+> Your modules of course need to be accessible through your
+> [package.path](http://www.lua.org/manual/5.1/manual.html#pdf-package.path)
+> variable, which can be tweaked to your needs via the
+> [lua_package_path](/{{page.kong_version}}/configuration/#lua_package_path)
+> configuration property.
+> However, the preferred way of installing plugins is through
+> [LuaRocks](https://luarocks.org/), which Kong natively integrates with.
+> More on LuaRocks-installed plugins later in this guide.
+
+To make Kong aware that it has to look for your plugin's modules, you'll have
+to add it to the
+[plugins](/{{page.kong_version}}/configuration/#plugins) property in
+your configuration file, which is a comma-separated list. For example:
+
+```yaml
+plugins = bundled,my-custom-plugin # your plugin name here
+```
+
+Or, if you don't want to load any of the bundled plugins:
+
+```yaml
+plugins = my-custom-plugin # your plugin name here
+```
+
+Now, Kong will try to load several Lua modules from the following namespace:
+
+```
+kong.plugins.my-custom-plugin.<module_name>
+```
+
+Some of these modules are mandatory (e.g. `handler.lua`), and some are
+optional, and will allow the plugin to implement some extra-functionalities
+(e.g. `api.lua` to extend the Admin API endpoints).
+
+Now let's describe exactly what are the modules you can implement and what
+their purpose is.
+
+---
+
+## Basic plugin modules
+
+In its purest form, a plugin consists of two mandatory modules:
+
+```
+simple-plugin
+├── handler.lua
+└── schema.lua
+```
+
+- **[handler.lua]**: the core of your plugin. It is an interface to implement, in
+  which each function will be run at the desired moment in the lifecycle of a
+  request / connection.
+- **[schema.lua]**: your plugin probably has to retain some configuration entered
+  by the user. This module holds the *schema* of that configuration and defines
+  rules on it, so that the user can only enter valid configuration values.
+
+---
+
+## Advanced plugin modules
+
+Some plugins might have to integrate deeper with Kong: have their own table in
+the database, expose endpoints in the Admin API, etc. Each of those can be
+done by adding a new module to your plugin. Here is what the structure of a
+plugin would look like if it was implementing all of the optional modules:
+
+```
+complete-plugin
+├── api.lua
+├── daos.lua
+├── handler.lua
+├── migrations
+│   ├── init.lua
+│   └── 000_base_complete_plugin.lua
+└── schema.lua
+```
+
+Here is the complete list of possible modules to implement and a brief
+description of what their purpose is. This guide will go in details to let you
+master each one of them.
+
+| Module name            | Required   | Description
+|:-----------------------|------------|------------
+| **[api.lua]**          | No         | Defines a list of endpoints to be available in the Admin API to interact with the custom entities handled by your plugin.
+| **[daos.lua]**         | No         | Defines a list of DAOs (Database Access Objects) that are abstractions of custom entities needed by your plugin and stored in the datastore.
+| **[handler.lua]**      | Yes        | An interface to implement. Each function is to be run by Kong at the desired moment in the lifecycle of a request / connection.
+| **[migrations/*.lua]** | No         | The database migrations (e.g. creation of tables). Migrations are only necessary when your plugin has to store custom entities in the database and interact with them through one of the DAOs defined by [daos.lua].
+| **[schema.lua]**       | Yes        | Holds the schema of your plugin's configuration, so that the user can only enter valid configuration values.
+
+The [Key-Auth plugin] is an example of plugin with this file structure.
+See [its source code] for more details.
+
+---
+
+Next: [Write custom logic &rsaquo;]({{page.book.next}})
+
+[api.lua]: {{page.book.chapters.admin-api}}
+[daos.lua]: {{page.book.chapters.custom-entities}}
+[handler.lua]: {{page.book.chapters.custom-logic}}
+[schema.lua]: {{page.book.chapters.plugin-configuration}}
+[migrations/*.lua]: {{page.book.chapters.custom-entities}}
+[Key-Auth plugin]: /hub/kong-inc/key-auth/
+[its source code]: https://github.com/Kong/kong/tree/master/kong/plugins/key-auth
diff --git a/app/1.3.x/plugin-development/index.md b/app/1.3.x/plugin-development/index.md
new file mode 100644
index 000000000000..a317d734fffd
--- /dev/null
+++ b/app/1.3.x/plugin-development/index.md
@@ -0,0 +1,37 @@
+---
+title: Plugin Development - Introduction
+book: plugin_dev
+chapter: 1
+---
+
+# What are plugins and how do they integrate with Kong?
+
+Before going further, it is necessary to briefly explain how Kong is built,
+especially how it integrates with Nginx and what Lua has to do with it.
+
+[lua-nginx-module] enables Lua scripting capabilities in Nginx. Instead of
+compiling Nginx with this module, Kong is distributed along with
+[OpenResty](https://openresty.org/), which already includes lua-nginx-module.
+OpenResty is *not* a fork of Nginx, but a bundle of modules extending its
+capabilities.
+
+Hence, Kong is a Lua application designed to load and execute Lua modules
+(which we more commonly refer to as "*plugins*") and provides an entire
+development environment for them, including an SDK, database abstractions,
+migrations, and more.
+
+Plugins consist of Lua modules interacting with the request/response objects or
+streams via the **Plugin Development Kit** (or "PDK") to implement arbitrary logic.
+The PDK is a set of Lua functions that a plugin can use to facilitate interactions
+between plugins and the core (or other components) of Kong.
+
+This guide will explore in detail the structure of plugins, what they can
+extend, and how to distribute and install them. For a complete reference of the
+PDK, see the [Plugin Development Kit] reference.
+
+---
+
+Next: [File structure of a plugin &rsaquo;]({{page.book.next}})
+
+[lua-nginx-module]: https://github.com/openresty/lua-nginx-module
+[Plugin Development Kit]: /{{page.kong_version}}/pdk
diff --git a/app/1.3.x/plugin-development/plugin-configuration.md b/app/1.3.x/plugin-development/plugin-configuration.md
new file mode 100644
index 000000000000..4ba66bb6676b
--- /dev/null
+++ b/app/1.3.x/plugin-development/plugin-configuration.md
@@ -0,0 +1,420 @@
+---
+title: Plugin Development - Plugin Configuration
+book: plugin_dev
+chapter: 4
+---
+
+## Introduction
+
+Most of the time, it makes sense for your plugin to be configurable to answer
+all of your users' needs. Your plugin's configuration is stored in the
+datastore for Kong to retrieve it and pass it to your
+[handler.lua]({{page.book.chapters.custom-logic}}) methods when the plugin is
+being executed.
+
+The configuration consists of a Lua table in Kong that we call a **schema**. It
+contains key/value properties that the user will set when enabling the plugin
+through the [Admin API]. Kong provides you with a way of validating the user's
+configuration for your plugin.
+
+Your plugin's configuration is being verified against your schema when a user
+issues a request to the [Admin API] to enable or update a plugin on a given
+Service, Route and/or Consumer.
+
+For example, a user performs the following request:
+
+```bash
+$ curl -X POST http://kong:8001/services/<service-name-or-id>/plugins \
+    -d "name=my-custom-plugin" \
+    -d "config.foo=bar"
+```
+
+If all properties of the `config` object are valid according to your schema,
+then the API would return `201 Created` and the plugin would be stored in the
+database along with its configuration:
+```lua
+{
+  foo = "bar"
+}
+ ```
+ 
+If the configuration is not valid, the Admin API would return `400 Bad Request`
+and the appropriate error messages.
+
+## Module
+
+```
+kong.plugins.<plugin_name>.schema
+```
+
+## schema.lua specifications
+
+This module is to return a Lua table with properties that will define how your
+plugins can later be configured by users. Available properties are:
+
+| Property name   | Lua type   | Description
+|-----------------|------------|------------
+| `name`          | `string`   | Name of the plugin, e.g. `key-auth`.
+| `fields`        | `table`    | Array of field definitions.
+| `entity_checks` | `function` | Array of conditional entity level validation checks.
+
+
+All the plugins inherit some default fields which are:
+
+| Field name      | Lua type   | Description
+|-----------------|------------|------------
+| `id`            | `string`   | Auto-generated plugin id.
+| `name`          | `string`   | Name of the plugin, e.g. `key-auth`.
+| `created_at`    | `number`   | Creation time of the plugin configuration (seconds from epoch).
+| `route`         | `table`    | Route to which plugin is bound, if any.
+| `service`       | `table`    | Service to which plugin is bound, if any.
+| `consumer`      | `table`    | Consumer to which plugin is bound when possible, if any.
+| `run_on`        | `string`   | Determines on which node the plugin should run on service mesh.
+| `protocols`     | `table`    | The plugin will run on specified protocol(s).
+| `enabled`       | `boolean`  | Whether or not the plugin is enabled.
+| `tags`          | `table`    | The tags for the plugin.
+
+In most of the cases you can ignore most of those and use the defaults. Or let the user
+specify value when enabling a plugin.
+
+Here is an example of a potential `schema.lua` file (with some overrides applied):
+
+```lua
+local typedefs = require "kong.db.schema.typedefs"
+
+
+return {
+  name = "<plugin-name>",
+  fields = {
+    {
+      -- this plugin will only be applied to Services or Routes
+      consumer = typedefs.no_consumer
+    },
+    {
+      -- this plugin will only be executed on the first Kong node
+      -- if a request comes from a service mesh (when acting as
+      -- a non-service mesh gateway, the nodes are always considered
+      -- to be "first".
+      run_on = typedefs.run_on_first
+    },
+    {
+      -- this plugin will only run within Nginx HTTP module
+      protocols = typedefs.protocols_http
+    },
+    {
+      config = {
+        type = "record",
+        fields = {
+          -- Describe your plugin's configuration's schema here.        
+        },
+      },
+    },
+  },
+  entity_checks = {
+    -- Describe your plugin's entity validation rules
+  },
+}
+```
+
+## Describing your configuration schema
+
+The `config.fields` property of your `schema.lua` file describes the schema of your
+plugin's configuration. It is a flexible array of field definitions where each field
+is a valid configuration property for your plugin, describing the rules for that
+property. For example:
+
+```lua
+{
+  name = "<plugin-name>",
+  fields = {
+    config = {
+      type = "record",
+      fields = {
+        {
+          some_string = {
+            type = "string",
+            required = false,
+          },
+        },
+        {
+          some_boolean = {
+            type = "boolean",
+            default = false,
+          },
+        },
+        {
+          some_array = {
+            type = "array",
+            elements = {
+              type = "string",
+              one_of = {
+                "GET",
+                "POST",
+                "PUT",
+                "DELETE",
+              },
+            },
+          },
+        },
+      },
+    },
+  },
+}
+```
+
+Here is the list of some common (not all) accepted rules for a property (see the fields table above for examples):
+
+| Rule               | Description
+|--------------------|----------------------------
+| `type`             | The type of a property.
+| `required`         | Whether or not the property is required 
+| `default`          | The default value for the property when not specified
+| `elements`         | Field definition of `array` or `set` elements.
+| `keys`             | Field definition of `map` keys.
+| `values`           | Field definition of `map` values.
+| `fields`           | Field definition(s) of `record` fields.
+
+There are many more, but the above are commonly used.
+
+You can also add field validators, to mention a few:
+
+| Rule               | Description
+|--------------------|----------------------------
+| `between`          | Checks that the input number is between allowed values.
+| `eq`               | Checks the equality of the input to allowed value.
+| `ne`               | Checks the inequality of the input to allowed value.
+| `gt`               | Checks that the number is greater than given value. 
+| `len_eq`           | Checks that the input string length is equal to the given value. 
+| `len_min`          | Checks that the input string length is at least the given value.
+| `len_max`          | Checks that the input string length is at most the given value.
+| `match`            | Checks that the input string matches the given Lua pattern.
+| `not_match`        | Checks that the input string doesn't match the given Lua pattern.
+| `match_all`        | Checks that the input string matches all the given Lua patterns.
+| `match_none`       | Checks that the input string doesn't match any of the given Lua patterns.
+| `match_any`        | Checks that the input string matches any of the given Lua patterns.
+| `starts_with`      | Checks that the input string starts with a given value.
+| `one_of`           | Checks that the input string is one of the accepted values.
+| `contains`         | Checks that the input array contains the given value.
+| `is_regex`         | Checks that the input string is a valid regex pattern.  
+| `custom_validator` | A custom validation function written in Lua.
+
+There are some additional validators, but you get a good idea how you can specify validation
+rules on fields from the above table.
+
+---
+
+### Examples
+
+This `schema.lua` file is for the [key-auth](/hub/kong-inc/key-auth/) plugin:
+
+```lua
+-- schema.lua
+local typedefs = require "kong.db.schema.typedefs"
+
+
+return {
+  name = "key-auth",
+  fields = {
+    {
+      consumer = typedefs.no_consumer
+    },
+    {
+      run_on = typedefs.run_on_first
+    },
+    {
+      protocols = typedefs.protocols_http
+    },
+    {
+      config = {
+        type = "record",
+        fields = {
+          {
+            key_names = {
+              type = "array",
+              required = true,
+              elements = typedefs.header_name,
+              default = {
+                "apikey",
+              },
+            },
+          },
+          {
+            hide_credentials = {
+              type = "boolean",
+              default = false,
+            },
+          },
+          {
+            anonymous = {
+              type = "string",
+              uuid = true,
+              legacy = true,
+            },
+          },
+          {
+            key_in_body = {
+              type = "boolean",
+              default = false,
+            },
+          },
+          {
+            run_on_preflight = {
+              type = "boolean",
+              default = true,
+            },
+          },
+        },
+      },
+    },
+  },
+}
+```
+
+Hence, when implementing the `access()` function of your plugin in
+[handler.lua]({{page.book.chapters.custom-logic}}) and given that the user
+enabled the plugin with the default values, you'd have access to:
+
+```lua
+-- handler.lua
+local BasePlugin = require "kong.plugins.base_plugin"
+
+
+local kong = kong
+
+
+local CustomHandler = BasePlugin:extend()
+
+
+CustomHandler.VERSION  = "1.0.0"
+CustomHandler.PRIORITY = 10
+
+
+function CustomHandler:new()
+  CustomHandler.super.new(self, "my-custom-plugin")
+end
+
+
+function CustomHandler:access(config)
+  CustomHandler.super.access(self)
+
+  kong.log.inspect(config.key_names)        -- { "apikey" }
+  kong.log.inspect(config.hide_credentials) -- false
+end
+
+
+return CustomHandler
+```
+
+Note that the above example uses the
+[kong.log.inspect](http://localhost:3000/docs/0.14.x/pdk/kong.log/#kong_log_inspect)
+function of the [Plugin Development Kit] to print out those values to the Kong
+logs.
+
+---
+
+A more complex example, which could be used for an eventual logging plugin:
+
+```lua
+-- schema.lua
+local typedefs = require "kong.db.schema.typedefs"
+
+
+return {
+  name = "my-custom-plugin",
+  fields = {
+    {
+      config = {
+        type = "record",
+        fields = {
+          {
+            environment = {
+              type = "string",
+              required = true,
+              one_of = {
+                "production",
+                "development",
+              },
+            },
+          },
+          {
+            server = {
+              type = "record",
+              fields = {
+                {
+                  host = typedefs.host {
+                    default = "example.com",
+                  },
+                },
+                {
+                  port = {
+                    type = "number",
+                    default = 80,
+                    between = {
+                      0,
+                      65534
+                    },
+                  },
+                },  
+              },
+            },
+          },
+        },
+      },
+    },
+  },
+}
+```
+
+Such a configuration will allow a user to post the configuration to your plugin
+as follows:
+
+```bash
+$ curl -X POST http://kong:8001/services/<service-name-or-id>/plugins \
+    -d "name=my-custom-plugin" \
+    -d "config.environment=development" \
+    -d "config.server.host=http://localhost"
+```
+
+And the following will be available in
+[handler.lua]({{page.book.chapters.custom-logic}}):
+
+```lua
+-- handler.lua
+local BasePlugin = require "kong.plugins.base_plugin"
+
+
+local kong = kong
+
+
+local CustomHandler = BasePlugin:extend()
+
+
+CustomHandler.VERSION  = "1.0.0"
+CustomHandler.PRIORITY = 10
+
+
+function CustomHandler:new()
+  CustomHandler.super.new(self, "my-custom-plugin")
+end
+
+function CustomHandler:access(config)
+  CustomHandler.super.access(self)
+
+  kong.log.inspect(config.environment) -- "development"
+  kong.log.inspect(config.server.host) -- "http://localhost"
+  kong.log.inspect(config.server.port) -- 80
+end
+
+
+return CustomHandler
+```
+
+You can also see a real-world example of schema in [the Key-Auth plugin source code].
+
+---
+
+Next: [Accessing the Datastore &rsaquo;]({{page.book.next}})
+
+[Admin API]: /{{page.kong_version}}/admin-api
+[Plugin Development Kit]: /{{page.kong_version}}/pdk
+[the Key-Auth plugin source code]: https://github.com/Kong/kong/blob/master/kong/plugins/key-auth/schema.lua
diff --git a/app/1.3.x/plugin-development/tests.md b/app/1.3.x/plugin-development/tests.md
new file mode 100644
index 000000000000..398b641d6150
--- /dev/null
+++ b/app/1.3.x/plugin-development/tests.md
@@ -0,0 +1,108 @@
+---
+title: Plugin Development - Writing tests
+book: plugin_dev
+chapter: 9
+toc: false
+---
+
+## Introduction
+
+If you are serious about your plugins, you probably want to write tests for it.
+Unit testing Lua is easy, and [many testing
+frameworks](http://lua-users.org/wiki/UnitTesting) are available. However, you
+might also want to write integration tests. Again, Kong has your back.
+
+## Write integration tests
+
+The preferred testing framework for Kong is
+[busted](http://olivinelabs.com/busted/) running with the
+[resty-cli](https://github.com/openresty/resty-cli) interpreter, though you are
+free to use another one if you wish. In the Kong repository, the busted
+executable can be found at `bin/busted`.
+
+Kong provides you with a helper to start and stop it from Lua in your test
+suite: `spec.helpers`. This helper also provides you with ways to insert
+fixtures in your datastore before running your tests, as well as dropping it,
+and various other helpers.
+
+If you are writing your plugin in your own repository, you will need to copy
+the following files until the Kong testing framework is released:
+
+- `bin/busted`: the busted executable running with the resty-cli interpreter
+- `spec/helpers.lua`: helper functions to start/stop Kong from busted
+- `spec/kong_tests.conf`: a configuration file for your running your test Kong instances with the helpers module
+
+Assuming that the `spec.helpers` module is available in your `LUA_PATH`, you
+can use the following Lua code in busted to start and stop Kong:
+
+```lua
+local helpers = require "spec.helpers"
+
+for _, strategy in helpers.each_strategy() do
+  describe("my plugin", function()
+
+    local bp = helpers.get_db_utils(strategy)
+
+    setup(function()
+      local service = bp.services:insert {
+        name = "test-service",
+        host = "httpbin.org"
+      }
+
+      bp.routes:insert({
+        hosts = { "test.com" },
+        service = { id = service.id }
+      })
+
+      -- start Kong with your testing Kong configuration (defined in "spec.helpers")
+      assert(helpers.start_kong( { plugins = "bundled,my-plugin" }))
+
+      admin_client = helpers.admin_client()
+    end)
+
+    teardown(function()
+      if admin_client then
+        admin_client:close()
+      end
+
+      helpers.stop_kong()
+    end)
+
+    before_each(function()
+      proxy_client = helpers.proxy_client()
+    end)
+
+    after_each(function()
+      if proxy_client then
+        proxy_client:close()
+      end
+    end)
+
+    describe("thing", function()
+      it("should do thing", function()
+        -- send requests through Kong
+        local res = proxy_client:get("/get", {
+          headers = {
+            ["Host"] = "test.com"
+          }
+        })
+
+        local body = assert.res_status(200, res)
+
+        -- body is a string containing the response
+      end)
+    end)
+  end)
+end
+```
+
+> Reminder: With the test Kong configuration file, Kong is running with
+its proxy listening on port 9000 (HTTP), 9443 (HTTPS)
+and Admin API on port 9001.
+
+If you want to see a real-world example, give a look at the
+[Key-Auth plugin specs](https://github.com/Kong/kong/tree/master/spec/03-plugins/10-key-auth)
+
+---
+
+Next: [Distribute your plugin &rsaquo;]({{page.book.next}})
diff --git a/app/1.3.x/proxy.md b/app/1.3.x/proxy.md
new file mode 100644
index 000000000000..20b819205ee2
--- /dev/null
+++ b/app/1.3.x/proxy.md
@@ -0,0 +1,1295 @@
+---
+title: Proxy Reference
+---
+
+## Introduction
+
+In this document we will cover Kong's **proxying capabilities**  by explaining
+its routing capabilities and internal workings in details.
+
+Kong exposes several interfaces which can be tweaked by two configuration
+properties:
+
+- `proxy_listen`, which defines a list of addresses/ports on which Kong will
+  accept **public traffic** from clients and proxy it to your upstream services
+  (`8000` by default).
+- `admin_listen`, which also defines a list of addresses and ports, but those
+  should be restricted to only be accessed by administrators, as they expose
+  Kong's configuration capabilities: the **Admin API** (`8001` by default).
+
+<div class="alert alert-warning">
+<p><strong>Note:</strong> Starting with 1.0.0, the API entity has been removed.
+This document will cover proxying with the new Routes and
+Services entities.</p>
+<p>See an older version of this document if you are using 0.12 or
+below.</p>
+</div>
+
+## Terminology
+
+- `client`: Refers to the *downstream* client making requests to Kong's
+  proxy port.
+- `upstream service`: Refers to your own API/service sitting behind Kong, to
+  which client requests are forwarded.
+- `Service`: Service entities, as the name implies, are abstractions of each of
+  your own upstream services. Examples of Services would be a data
+  transformation microservice, a billing API, etc.
+- `Route`: This refers to the Kong Routes entity. Routes are entrypoints into
+  Kong, and defining rules for a request to be matched, and routed to a given
+  Service.
+- `Plugin`: This refers to Kong "plugins", which are pieces of business logic
+  that run in the proxying lifecycle. Plugins can be configured through the
+  Admin API - either globally (all incoming traffic) or on specific Routes
+  and Services.
+
+[Back to TOC](#table-of-contents)
+
+## Overview
+
+From a high-level perspective, Kong listens for HTTP traffic on its configured
+proxy port(s) (`8000` and `8443` by default). Kong will evaluate any incoming
+HTTP request against the Routes you have configured and try to find a matching
+one. If a given request matches the rules of a specific Route, Kong will
+process proxying the request.
+
+Because each Route may be linked to a Service, Kong will run the plugins you
+have configured on your Route and its associated Service, and then proxy the
+request upstream. You can manage Routes via Kong's Admin API. Routes have
+special attributes that are used for routing - matching incoming HTTP requests.
+Routing attributes differ by subsystem (HTTP/HTTPS, gRPC/gRPCS, and TCP/TLS).
+
+Subsystems and routing attributes:
+- `http`: `methods`, `hosts`, `headers`, `paths` (and `snis`, if `https`)
+- `tcp`: `sources`, `destinations` (and `snis`, if `tls`)
+- `grpc`: `hosts`, `headers`, `paths` (and `snis`, if `grpcs`)
+
+If one attempts to configure a Route with a routing attribute it doesn't support
+(e.g., an `http` route with `sources` or `destinations` fields), an error message
+will be reported:
+
+```
+HTTP/1.1 400 Bad Request
+Content-Type: application/json
+Server: kong/<x.x.x>
+
+{
+    "code": 2,
+    "fields": {
+        "sources": "cannot set 'sources' when 'protocols' is 'http' or 'https'"
+    },
+    "message": "schema violation (sources: cannot set 'sources' when 'protocols' is 'http' or 'https')",
+    "name": "schema violation"
+}
+```
+
+If Kong receives a request that it cannot match against any of the configured
+Routes (or if no Routes are configured), it will respond with:
+
+```http
+HTTP/1.1 404 Not Found
+Content-Type: application/json
+Server: kong/<x.x.x>
+
+{
+    "message": "no route and no Service found with those values"
+}
+```
+
+[Back to TOC](#table-of-contents)
+
+## Reminder: How to configure a Service
+
+The [Configuring a Service][configuring-a-service] quickstart guide explains
+how Kong is configured via the [Admin API][API].
+
+Adding a Service to Kong is done by sending an HTTP request to the Admin API:
+
+```bash
+$ curl -i -X POST http://localhost:8001/services/ \
+    -d 'name=foo-service' \
+    -d 'url=http://foo-service.com'
+HTTP/1.1 201 Created
+...
+
+{
+    "connect_timeout": 60000,
+    "created_at": 1515537771,
+    "host": "foo-service.com",
+    "id": "d54da06c-d69f-4910-8896-915c63c270cd",
+    "name": "foo-service",
+    "path": "/",
+    "port": 80,
+    "protocol": "http",
+    "read_timeout": 60000,
+    "retries": 5,
+    "updated_at": 1515537771,
+    "write_timeout": 60000
+}
+```
+
+This request instructs Kong to register a Service named "foo-service", which
+points to `http://foo-service.com` (your upstream).
+
+**Note:** the `url` argument is a shorthand argument to populate the
+`protocol`, `host`, `port`, and `path` attributes at once.
+
+Now, in order to send traffic to this Service through Kong, we need to specify
+a Route, which acts as an entrypoint to Kong:
+
+```bash
+$ curl -i -X POST http://localhost:8001/routes/ \
+    -d 'hosts[]=example.com' \
+    -d 'paths[]=/foo' \
+    -d 'service.id=d54da06c-d69f-4910-8896-915c63c270cd'
+HTTP/1.1 201 Created
+...
+
+{
+    "created_at": 1515539858,
+    "hosts": [
+        "example.com"
+    ],
+    "id": "ee794195-6783-4056-a5cc-a7e0fde88c81",
+    "methods": null,
+    "paths": [
+        "/foo"
+    ],
+    "preserve_host": false,
+    "priority": 0,
+    "protocols": [
+        "http",
+        "https"
+    ],
+    "service": {
+        "id": "d54da06c-d69f-4910-8896-915c63c270cd"
+    },
+    "strip_path": true,
+    "updated_at": 1515539858
+}
+```
+
+We have now configured a Route to match incoming requests matching the given
+`hosts` and `paths`, and forward them to the `foo-service` we configured, thus
+proxying this traffic to `http://foo-service.com`.
+
+Kong is a transparent proxy, and it will by default forward the request to your
+upstream service untouched, with the exception of various headers such as
+`Connection`, `Date`, and others as required by the HTTP specifications.
+
+[Back to TOC](#table-of-contents)
+
+## Routes and matching capabilities
+
+Let's now discuss how Kong matches a request against the configured routing
+attributes.
+
+Kong supports native proxying of HTTP/HTTPS, TCL/TLS, and GRPC/GRPCS protocols;
+as mentioned earlier, each of these protocols accept a different set of routing
+attributes:
+- `http`: `methods`, `hosts`, `headers`, `paths` (and `snis`, if `https`)
+- `tcp`: `sources`, `destinations` (and `snis`, if `tls`)
+- `grpc`: `hosts`, `headers`, `paths` (and `snis`, if `grpcs`)
+
+Note that all three of these fields are **optional**, but at least **one of them**
+must be specified.
+
+For a request to match a Route:
+
+- The request **must** include **all** of the configured fields
+- The values of the fields in the request **must** match at least one of the
+  configured values (While the field configurations accepts one or more values,
+  a request needs only one of the values to be considered a match)
+
+Let's go through a few examples. Consider a Route configured like this:
+
+```json
+{
+    "hosts": ["example.com", "foo-service.com"],
+    "paths": ["/foo", "/bar"],
+    "methods": ["GET"]
+}
+```
+
+Some of the possible requests matching this Route would look like:
+
+```http
+GET /foo HTTP/1.1
+Host: example.com
+```
+
+```http
+GET /bar HTTP/1.1
+Host: foo-service.com
+```
+
+```http
+GET /foo/hello/world HTTP/1.1
+Host: example.com
+```
+
+All three of these requests satisfy all the conditions set in the Route
+definition.
+
+However, the following requests would **not** match the configured conditions:
+
+```http
+GET / HTTP/1.1
+Host: example.com
+```
+
+```http
+POST /foo HTTP/1.1
+Host: example.com
+```
+
+```http
+GET /foo HTTP/1.1
+Host: foo.com
+```
+
+All three of these requests satisfy only two of configured conditions. The
+first request's path is not a match for any of the configured `paths`, same for
+the second request's HTTP method, and the third request's Host header.
+
+Now that we understand how the routing properties work together, let's explore
+each property individually.
+
+[Back to TOC](#table-of-contents)
+
+### Request Header
+
+Since 1.3, Kong supports routing by arbitrary HTTP headers. A special case of this
+feature is routing by the Host header, which is described below.
+
+Routing a request based on its Host header is the most straightforward way to
+proxy traffic through Kong, especially since this is the intended usage of the
+HTTP Host header. Kong makes it easy to do via the `hosts` field of the Route
+entity.
+
+`hosts` accepts multiple values, which must be comma-separated when specifying
+them via the Admin API, and is represented in a JSON payload:
+
+```bash
+$ curl -i -X POST http://localhost:8001/routes/ \
+    -H 'Content-Type: application/json' \
+    -d '{"hosts":["example.com", "foo-service.com"]}'
+HTTP/1.1 201 Created
+...
+```
+
+But since the Admin API also supports form-urlencoded content types, you
+can specify an array via the `[]` notation:
+
+```bash
+$ curl -i -X POST http://localhost:8001/routes/ \
+    -d 'hosts[]=example.com' \
+    -d 'hosts[]=foo-service.com'
+HTTP/1.1 201 Created
+...
+```
+
+To satisfy the `hosts` condition of this Route, any incoming request from a
+client must now have its Host header set to one of:
+
+```
+Host: example.com
+```
+
+or:
+
+```
+Host: foo-service.com
+```
+
+Similarly, any other header can be used for routing:
+
+```
+$ curl -i -X POST http://localhost:8001/routes/ \
+    -d 'headers.region=north'
+HTTP/1.1 201 Created
+```
+
+Incoming requests containing a `Region` header set to `North` will be routed to
+said Route.
+
+```
+Region: North
+```
+
+[Back to TOC](#table-of-contents)
+
+#### Using wildcard hostnames
+
+To provide flexibility, Kong allows you to specify hostnames with wildcards in
+the `hosts` field. Wildcard hostnames allow any matching Host header to satisfy
+the condition, and thus match a given Route.
+
+Wildcard hostnames **must** contain **only one** asterisk at the leftmost
+**or** rightmost label of the domain. Examples:
+
+- `*.example.com` would allow Host values such as `a.example.com` and
+  `x.y.example.com` to match.
+- `example.*` would allow Host values such as `example.com` and `example.org`
+  to match.
+
+A complete example would look like this:
+
+```json
+{
+    "hosts": ["*.example.com", "service.com"]
+}
+```
+
+Which would allow the following requests to match this Route:
+
+```http
+GET / HTTP/1.1
+Host: an.example.com
+```
+
+```http
+GET / HTTP/1.1
+Host: service.com
+```
+
+[Back to TOC](#table-of-contents)
+
+#### The `preserve_host` property
+
+When proxying, Kong's default behavior is to set the upstream request's Host
+header to the hostname specified in the Service's `host`. The
+`preserve_host` field accepts a boolean flag instructing Kong not to do so.
+
+For example, when the `preserve_host` property is not changed and a Route is
+configured like so:
+
+```json
+{
+    "hosts": ["service.com"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+A possible request from a client to Kong could be:
+
+```http
+GET / HTTP/1.1
+Host: service.com
+```
+
+Kong would extract the Host header value from the Service's `host` property, ,
+and would send the following upstream request:
+
+```http
+GET / HTTP/1.1
+Host: <my-service-host.com>
+```
+
+However, by explicitly configuring a Route with `preserve_host=true`:
+
+```json
+{
+    "hosts": ["service.com"],
+    "preserve_host": true,
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+And assuming the same request from the client:
+
+```http
+GET / HTTP/1.1
+Host: service.com
+```
+
+Kong would preserve the Host on the client request and would send the following
+upstream request instead:
+
+```http
+GET / HTTP/1.1
+Host: service.com
+```
+
+[Back to TOC](#table-of-contents)
+
+### Request headers (except Host)
+
+Since Kong 1.3.0, it is possible to route request by other headers besides `Host`.
+
+To do this, use the `headers` property in your Route:
+
+```json
+{
+    "headers": { "version": ["v1", "v2"] },
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+Given a request with a header such as:
+
+```http
+GET / HTTP/1.1
+version: v1
+```
+
+This request will be routed through to the Service. The same will happen with this one:
+
+```http
+GET / HTTP/1.1
+version: v2
+```
+
+But this request will not be routed to the Service:
+
+```http
+GET / HTTP/1.1
+version: v3
+```
+
+[Back to TOC](#table-of-contents)
+
+### Request path
+
+Another way for a Route to be matched is via request paths. To satisfy this
+routing condition, a client request's path **must** be prefixed with one of the
+values of the `paths` attribute.
+
+For example, with a Route configured like so:
+
+```json
+{
+    "paths": ["/service", "/hello/world"]
+}
+```
+
+The following requests would be matched:
+
+```http
+GET /service HTTP/1.1
+Host: example.com
+```
+
+```http
+GET /service/resource?param=value HTTP/1.1
+Host: example.com
+```
+
+```http
+GET /hello/world/resource HTTP/1.1
+Host: anything.com
+```
+
+For each of these requests, Kong detects that their URL path is prefixed with
+one of the Routes's `paths` values. By default, Kong would then proxy the
+request upstream without changing the URL path.
+
+When proxying with path prefixes, **the longest paths get evaluated first**.
+This allow you to define two Routes with two paths: `/service` and
+`/service/resource`, and ensure that the former does not "shadow" the latter.
+
+[Back to TOC](#table-of-contents)
+
+#### Using regexes in paths
+
+Kong supports regular expression pattern matching for an Route's `paths` field
+via [PCRE](http://pcre.org/) (Perl Compatible Regular Expression). You can
+assign paths as both prefixes and regexes to a Route at the same time.
+
+For example, if we consider the following Route:
+
+```json
+{
+    "paths": ["/users/\d+/profile", "/following"]
+}
+```
+
+The following requests would be matched by this Route:
+
+```http
+GET /following HTTP/1.1
+Host: ...
+```
+
+```http
+GET /users/123/profile HTTP/1.1
+Host: ...
+```
+
+The provided regexes are evaluated with the `a` PCRE flag (`PCRE_ANCHORED`),
+meaning that they will be constrained to match at the first matching point
+in the path (the root `/` character).
+
+[Back to TOC](#table-of-contents)
+
+##### Evaluation order
+
+As previously mentioned, Kong evaluates prefix paths by length: the longest
+prefix paths are evaluated first. However, Kong will evaluate regex paths based
+on the `regex_priority` attribute of Routes from highest priority to lowest.
+Regex paths are furthermore evaluated before prefix paths.
+
+Consider the following Routes:
+
+```json
+[
+    {
+        "paths": ["/status/\d+"],
+        "regex_priority": 0
+    },
+    {
+        "paths": ["/version/\d+/status/\d+"],
+        "regex_priority": 6
+    },
+    {
+        "paths": ["/version"],
+    },
+    {
+        "paths": ["/version/any/"],
+    }
+]
+```
+
+In this scenario, Kong will evaluate incoming requests against the following
+defined URIs, in this order:
+
+1. `/version/\d+/status/\d+`
+2. `/status/\d+`
+3. `/version/any/`
+4. `/version`
+
+Take care to avoid writing regex rules that are overly broad and may consume
+traffic intended for a prefix rule. Adding a rule with the path `/version/.*` to
+the ruleset above would likely consume some traffic intended for the `/version`
+prefix path. If you see unexpected behavior, sending `X-Kong-Debug: 1` in your
+request headers will indicate the matched Route ID in the response headers for
+troubleshooting purposes.
+
+As usual, a request must still match a Route's `hosts` and `methods` properties
+as well, and Kong will traverse your Routes until it finds one that [matches
+the most rules](#matching-priorities).
+
+[Back to TOC](#table-of-contents)
+
+##### Capturing groups
+
+Capturing groups are also supported, and the matched group will be extracted
+from the path and available for plugins consumption. If we consider the
+following regex:
+
+```
+/version/(?<version>\d+)/users/(?<user>\S+)
+```
+
+And the following request path:
+
+```
+/version/1/users/john
+```
+
+Kong will consider the request path a match, and if the overall Route is
+matched (considering other routing attributes), the extracted capturing groups
+will be available from the plugins in the `ngx.ctx` variable:
+
+```lua
+local router_matches = ngx.ctx.router_matches
+
+-- router_matches.uri_captures is:
+-- { "1", "john", version = "1", user = "john" }
+```
+
+[Back to TOC](#table-of-contents)
+
+##### Escaping special characters
+
+Next, it is worth noting that characters found in regexes are often
+reserved characters according to
+[RFC 3986](https://tools.ietf.org/html/rfc3986) and as such,
+should be percent-encoded. **When configuring Routes with regex paths via the
+Admin API, be sure to URL encode your payload if necessary**. For example,
+with `curl` and using an `application/x-www-form-urlencoded` MIME type:
+
+```bash
+$ curl -i -X POST http://localhost:8001/routes \
+    --data-urlencode 'uris[]=/status/\d+'
+HTTP/1.1 201 Created
+...
+```
+
+Note that `curl` does not automatically URL encode your payload, and note the
+usage of `--data-urlencode`, which prevents the `+` character to be URL decoded
+and interpreted as a space ` ` by Kong's Admin API.
+
+[Back to TOC](#table-of-contents)
+
+#### The `strip_path` property
+
+It may be desirable to specify a path prefix to match a Route, but not
+include it in the upstream request. To do so, use the `strip_path` boolean
+property by configuring a Route like so:
+
+```json
+{
+    "paths": ["/service"],
+    "strip_path": true,
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+Enabling this flag instructs Kong that when matching this Route, and proceeding
+with the proxying to a Service, it should **not** include the matched part of
+the URL path in the upstream request's URL. For example, the following
+client's request to the above Route:
+
+```http
+GET /service/path/to/resource HTTP/1.1
+Host: ...
+```
+
+Will cause Kong to send the following upstream request:
+
+```http
+GET /path/to/resource HTTP/1.1
+Host: ...
+```
+
+The same way, if a regex path is defined on a Route that has `strip_path`
+enabled, the entirety of the request URL matching sequence will be stripped.
+Example:
+
+```json
+{
+    "paths": ["/version/\d+/service"],
+    "strip_path": true,
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+The following HTTP request matching the provided regex path:
+
+```http
+GET /version/1/service/path/to/resource HTTP/1.1
+Host: ...
+```
+
+Will be proxied upstream by Kong as:
+
+```http
+GET /path/to/resource HTTP/1.1
+Host: ...
+```
+
+[Back to TOC](#table-of-contents)
+
+### Request HTTP method
+
+The `methods` field allows matching the requests depending on their HTTP
+method.  It accepts multiple values. Its default value is empty (the HTTP
+method is not used for routing).
+
+The following Route allows routing via `GET` and `HEAD`:
+
+```json
+{
+    "methods": ["GET", "HEAD"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+Such a Route would be matched with the following requests:
+
+```http
+GET / HTTP/1.1
+Host: ...
+```
+
+```http
+HEAD /resource HTTP/1.1
+Host: ...
+```
+
+But it would not match a `POST` or `DELETE` request. This allows for much more
+granularity when configuring plugins on Routes. For example, one could imagine
+two Routes pointing to the same service: one with unlimited unauthenticated
+`GET` requests, and a second one allowing only authenticated and rate-limited
+`POST` requests (by applying the authentication and rate limiting plugins to
+such requests).
+
+[Back to TOC](#table-of-contents)
+
+### Request Source
+
+The `sources` routing attribute only applies to TCP and TLS routes. It allows
+matching a route by a list of incoming connection IP and/or port sources.
+
+The following Route allows routing via a list of source IP/ports:
+
+```json
+{
+    "protocols": ["tcp", "tls"],
+    "sources": [{"ip":"10.1.0.0/16", "port":1234}, {"ip":"10.2.2.2"}, {"port":9123}],
+    "id": "...",
+}
+```
+
+TCP or TLS connections originating from IPs in CIDR range "10.1.0.0/16" or IP
+address "10.2.2.2" or Port "9123" would match such Route.
+
+### Request Destination
+
+`destinations` only applies to TCP and TLS routes. Similarly to `sources`, it
+allows matching a route by a list of incoming connection IP and/or port, but
+uses the destination of the TCP/TLS connection as routing attribute.
+
+### Request SNI
+
+When using secure protocols (`https`, `grpcs`, or `tls`), a [Server
+Name Indication][SNI] can be used as a routing attribute. The following Route
+allows routing via SNIs:
+
+```json
+{
+  "snis": ["foo.test", "example.com"],
+  "id": "..."
+}
+```
+
+Incoming requests with a matching hostname set in the TLS connection's SNI
+extension would be routed to this Route. As mentioned, SNI routing applies not
+only to TLS, but also to other protocols carried over TLS - such as HTTPS and
+If multiple SNIs are specified in the Route, any of them can match with the incoming request's SNI.
+with the incoming request (OR relationship between the names).
+
+The SNI is indicated at TLS handshake time and cannot be modified after the TLS connection has been established. This means, for example, that multiple requests reusing the same keepalive connection
+will have the same SNI hostname while performing router match, regardless of the `Host` header.
+has been established. This means keepalive connections that send multiple requests
+will have the same SNI hostnames while performing router match
+(regardless of the `Host` header).
+
+Please note that creating a route with mismatched SNI and `Host` header matcher
+is possible, but generally discouraged.
+
+## Matching priorities
+
+A Route may define matching rules based on its `headers`, `hosts`, `paths`, and
+`methods` (plus `snis` for secure routes - `"https"`, `"grpcs"`, `"tls"`)
+fields. For Kong to match an incoming request to a Route, all existing fields
+must be satisfied. However, Kong allows for quite some flexibility by allowing
+two or more Routes to be configured with fields containing the same values -
+when this occurs, Kong applies a priority rule.
+
+The rule is: **when evaluating a request, Kong will first try to match the
+Routes with the most rules**.
+
+For example, if two Routes are configured like so:
+
+```json
+{
+    "hosts": ["example.com"],
+    "service": {
+        "id": "..."
+    }
+},
+{
+    "hosts": ["example.com"],
+    "methods": ["POST"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+The second Route has a `hosts` field **and** a `methods` field, so it will be
+evaluated first by Kong. By doing so, we avoid the first Route "shadowing"
+calls intended for the second one.
+
+Thus, this request will match the first Route
+
+```http
+GET / HTTP/1.1
+Host: example.com
+```
+
+And this request will match the second one:
+
+```http
+POST / HTTP/1.1
+Host: example.com
+```
+
+Following this logic, if a third Route was to be configured with a `hosts`
+field, a `methods` field, and a `uris` field, it would be evaluated first by
+Kong.
+
+If the rule count for the given request is the same in two Routes `A` and
+`B`, then the following tiebreaker rules will be applied in the order they
+are listed. Route `A` will be selected over `B` if:
+
+* `A` has only "plain" Host headers and `B` has has one or more "wildcard"
+  host headers
+* `A` has more non-Host headers than `B`.
+* `A` has at least one "regex" paths and `B` has only "plain" paths.
+* `A`'s longer path is longer than `B`'s longer path.
+* `A.created_at < B.created_at`
+
+
+[Back to TOC](#table-of-contents)
+
+## Proxying behavior
+
+The proxying rules above detail how Kong forwards incoming requests to your
+upstream services. Below, we detail what happens internally between the time
+Kong *matches* an HTTP request with a registered Route, and the actual
+*forwarding* of the request.
+
+[Back to TOC](#table-of-contents)
+
+### 1. Load balancing
+
+Kong implements load balancing capabilities to distribute proxied
+requests across a pool of instances of an upstream service.
+
+You can find more information about configuring load balancing by consulting
+the [Load Balancing Reference][load-balancing-reference].
+
+[Back to TOC](#table-of-contents)
+
+### 2. Plugins execution
+
+Kong is extensible via "plugins" that hook themselves in the request/response
+lifecycle of the proxied requests. Plugins can perform a variety of operations
+in your environment and/or transformations on the proxied request.
+
+Plugins can be configured to run globally (for all proxied traffic) or on
+specific Routes and Services. In both cases, you must create a [plugin
+configuration][plugin-configuration-object] via the Admin API.
+
+Once a Route has been matched (and its associated Service entity), Kong will
+run plugins associated to either of those entities. Plugins configured on a
+Route run before plugins configured on a Service, but otherwise, the usual
+rules of [plugins association][plugin-association-rules] apply.
+
+These configured plugins will run their `access` phase, which you can find more
+information about in the [Plugin development guide][plugin-development-guide].
+
+[Back to TOC](#table-of-contents)
+
+### 3. Proxying & upstream timeouts
+
+Once Kong has executed all the necessary logic (including plugins), it is ready
+to forward the request to your upstream service. This is done via Nginx's
+[ngx_http_proxy_module][ngx-http-proxy-module]. You can configure the desired
+timeouts for the connection between Kong and a given upstream, via the following
+properties of a Service:
+
+- `upstream_connect_timeout`: defines in milliseconds the timeout for
+  establishing a connection to your upstream service. Defaults to `60000`.
+- `upstream_send_timeout`: defines in milliseconds a timeout between two
+  successive write operations for transmitting a request to your upstream
+  service.  Defaults to `60000`.
+- `upstream_read_timeout`: defines in milliseconds a timeout between two
+  successive read operations for receiving a request from your upstream
+  service.  Defaults to `60000`.
+
+Kong will send the request over HTTP/1.1, and set the following headers:
+
+- `Host: <your_upstream_host>`, as previously described in this document.
+- `Connection: keep-alive`, to allow for reusing the upstream connections.
+- `X-Real-IP: <remote_addr>`, where `$remote_addr` is the variable bearing
+  the same name provided by
+  [ngx_http_core_module][ngx-remote-addr-variable]. Please note that the
+  `$remote_addr` is likely overridden by
+  [ngx_http_realip_module][ngx-http-realip-module].
+- `X-Forwarded-For: <address>`, where `<address>` is the content of
+  `$realip_remote_addr` provided by
+  [ngx_http_realip_module][ngx-http-realip-module] appended to the request
+  header with the same name.
+- `X-Forwarded-Proto: <protocol>`, where `<protocol>` is the protocol used by
+  the client. In the case where `$realip_remote_addr` is one of the **trusted**
+  addresses, the request header with the same name gets forwarded if provided.
+  Otherwise, the value of the `$scheme` variable provided by
+  [ngx_http_core_module][ngx-scheme-variable] will be used.
+- `X-Forwarded-Host: <host>`, where `<host>` is the host name sent by
+  the client. In the case where `$realip_remote_addr` is one of the **trusted**
+  addresses, the request header with the same name gets forwarded if provided.
+  Otherwise, the value of the `$host` variable provided by
+  [ngx_http_core_module][ngx-host-variable] will be used.
+- `X-Forwarded-Port: <port>`, where `<port>` is the port of the server which
+  accepted a request. In the case where `$realip_remote_addr` is one of the
+  **trusted** addresses, the request header with the same name gets forwarded
+  if provided. Otherwise, the value of the `$server_port` variable provided by
+  [ngx_http_core_module][ngx-server-port-variable] will be used.
+
+All the other request headers are forwarded as-is by Kong.
+
+One exception to this is made when using the WebSocket protocol. If so, Kong
+will set the following headers to allow for upgrading the protocol between the
+client and your upstream services:
+
+- `Connection: Upgrade`
+- `Upgrade: websocket`
+
+More information on this topic is covered in the
+[Proxy WebSocket traffic][proxy-websocket] section.
+
+[Back to TOC](#table-of-contents)
+
+### 4. Errors & retries
+
+Whenever an error occurs during proxying, Kong will use the underlying
+Nginx [retries][ngx-http-proxy-retries] mechanism to pass the request on to
+the next upstream.
+
+There are two configurable elements here:
+
+1. The number of retries: this can be configured per Service using the
+   `retries` property. See the [Admin API][API] for more details on this.
+
+2. What exactly constitutes an error: here Kong uses the Nginx defaults, which
+   means an error or timeout occurring while establishing a connection with the
+   server, passing a request to it, or reading the response headers.
+
+The second option is based on Nginx's
+[proxy_next_upstream][proxy_next_upstream] directive. This option is not
+directly configurable through Kong, but can be added using a custom Nginx
+configuration. See the [configuration reference][configuration-reference] for
+more details.
+
+[Back to TOC](#table-of-contents)
+
+### 5. Response
+
+Kong receives the response from the upstream service and sends it back to the
+downstream client in a streaming fashion. At this point Kong will execute
+subsequent plugins added to the Route and/or Service that implement a hook in
+the `header_filter` phase.
+
+Once the `header_filter` phase of all registered plugins has been executed, the
+following headers will be added by Kong and the full set of headers be sent to
+the client:
+
+- `Via: kong/x.x.x`, where `x.x.x` is the Kong version in use
+- `X-Kong-Proxy-Latency: <latency>`, where `latency` is the time in milliseconds
+  between Kong receiving the request from the client and sending the request to
+  your upstream service.
+- `X-Kong-Upstream-Latency: <latency>`, where `latency` is the time in
+  milliseconds that Kong was waiting for the first byte of the upstream service
+  response.
+
+Once the headers are sent to the client, Kong will start executing
+registered plugins for the Route and/or Service that implement the
+`body_filter` hook. This hook may be called multiple times, due to the
+streaming nature of Nginx. Each chunk of the upstream response that is
+successfully processed by such `body_filter` hooks is sent back to the client.
+You can find more information about the `body_filter` hook in the [Plugin
+development guide][plugin-development-guide].
+
+[Back to TOC](#table-of-contents)
+
+## Configuring a fallback Route
+
+As a practical use-case and example of the flexibility offered by Kong's
+proxying capabilities, let's try to implement a "fallback Route", so that in
+order to avoid Kong responding with an HTTP `404`, "no route found", we can
+catch such requests and proxy them to a special upstream service, or apply a
+plugin to it (such a plugin could, for example, terminate the request with a
+different status code or response without proxying the request).
+
+Here is an example of such a fallback Route:
+
+```json
+{
+    "paths": ["/"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+As you can guess, any HTTP request made to Kong would actually match this
+Route, since all URIs are prefixed by the root character `/`. As we know from
+the [Request path][proxy-request-path] section, the longest URL paths are
+evaluated first by Kong, so the `/` path will eventually be evaluated last by
+Kong, and effectively provide a "fallback" Route, only matched as a last
+resort. You can then send traffic to a special Service or apply any plugin you
+wish on this Route.
+
+[Back to TOC](#table-of-contents)
+
+## Configuring SSL for a Route
+
+Kong provides a way to dynamically serve SSL certificates on a per-connection
+basis. SSL certificates are directly handled by the core, and configurable via
+the Admin API. Clients connecting to Kong over TLS must support the [Server
+Name Indication][SNI] extension to make use of this feature.
+
+SSL certificates are handled by two resources in the Kong Admin API:
+
+- `/certificates`, which stores your keys and certificates.
+- `/snis`, which associates a registered certificate with a Server Name
+  Indication.
+
+You can find the documentation for those two resources in the
+[Admin API Reference][API].
+
+Here is how to configure an SSL certificate on a given Route: first, upload
+your SSL certificate and key via the Admin API:
+
+```bash
+$ curl -i -X POST http://localhost:8001/certificates \
+    -F "cert=@/path/to/cert.pem" \
+    -F "key=@/path/to/cert.key" \
+    -F "snis=*.ssl-example.com,other-ssl-example.com"
+HTTP/1.1 201 Created
+...
+```
+
+The `snis` form parameter is a sugar parameter, directly inserting an SNI and
+associating the uploaded certificate to it.
+
+Note that one of the SNI names defined in `snis` above contains a wildcard
+(`*.ssl-example.com`). An SNI may contain a single wildcard in the leftmost (prefix) or
+rightmost (suffix) postion. This can be useful when maintaining multiple subdomains. A
+single `sni` configured with a wildcard name can be used to match multiple
+subdomains, instead of creating an SNI for each.
+
+Valid wildcard positions are `mydomain.*`, `*.mydomain.com`, and `*.www.mydomain.com`.
+
+Matching of `snis` respects the following priority:
+
+ 1. plain (no wildcard)
+ 2. prefix
+ 3. suffix
+
+You must now register the following Route within Kong. We will match requests
+to this Route using only the Host header for convenience:
+
+```bash
+$ curl -i -X POST http://localhost:8001/routes \
+    -d 'hosts=prefix.ssl-example.com,other-ssl-example.com' \
+    -d 'service.id=d54da06c-d69f-4910-8896-915c63c270cd'
+HTTP/1.1 201 Created
+...
+```
+
+You can now expect the Route to be served over HTTPS by Kong:
+
+```bash
+$ curl -i https://localhost:8443/ \
+  -H "Host: prefix.ssl-example.com"
+HTTP/1.1 200 OK
+...
+```
+
+When establishing the connection and negotiating the SSL handshake, if your
+client sends `prefix.ssl-example.com` as part of the SNI extension, Kong will serve
+the `cert.pem` certificate previously configured.
+
+[Back to TOC](#table-of-contents)
+
+### Restricting the client protocol (HTTP/HTTPS, GRPC/GRPCS, TCP/TLS)
+
+Routes have a `protocols` property to restrict the client protocol they should
+listen for. This attribute accepts a set of values, which can be `"http"`,
+`"https"`, `"grpc"`, `"grpcs"`, `"tcp"`, or `"tls"`.
+
+A Route with `http` and `https` will accept traffic in both protocols.
+
+```json
+{
+    "hosts": ["..."],
+    "paths": ["..."],
+    "methods": ["..."],
+    "protocols": ["http", "https"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+Not specifying any protocol has the same effect, since routes default to
+`["http", "https"]`.
+
+However, a Route with *only* `https` would _only_ accept traffic over HTTPS. It
+would _also_ accept unencrypted traffic _if_ SSL termination previously
+occurred from a trusted IP. SSL termination is considered valid when the
+request comes from one of the configured IPs in
+[trusted_ips][configuration-trusted-ips] and if the `X-Forwarded-Proto: https`
+header is set:
+
+```json
+{
+    "hosts": ["..."],
+    "paths": ["..."],
+    "methods": ["..."],
+    "protocols": ["https"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+If a Route such as the above matches a request, but that request is in
+plain-text without valid prior SSL termination, Kong responds with:
+
+```http
+HTTP/1.1 426 Upgrade Required
+Content-Type: application/json; charset=utf-8
+Transfer-Encoding: chunked
+Connection: Upgrade
+Upgrade: TLS/1.2, HTTP/1.1
+Server: kong/x.y.z
+
+{"message":"Please use HTTPS protocol"}
+```
+
+Since Kong 1.0 it's possible to create routes for raw TCP (not necessarily HTTP)
+connections by using `"tcp"` in the `protocols` attribute:
+
+```json
+{
+    "hosts": ["..."],
+    "paths": ["..."],
+    "methods": ["..."],
+    "protocols": ["tcp"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+Similarly, we can create routes which accept raw TLS traffic (not necessarily HTTPS) with
+the `"tls"` value:
+
+```json
+{
+    "hosts": ["..."],
+    "paths": ["..."],
+    "methods": ["..."],
+    "protocols": ["tls"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+A Route with *only* `TLS` would _only_ accept traffic over TLS.
+
+It is also possible to accept both TCP and TLS simultaneously:
+
+```
+{
+    "hosts": ["..."],
+    "paths": ["..."],
+    "methods": ["..."],
+    "protocols": ["tcp", "tls"],
+    "service": {
+        "id": "..."
+    }
+}
+
+```
+
+
+[Back to TOC](#table-of-contents)
+
+## Proxy WebSocket traffic
+
+Kong supports WebSocket traffic thanks to the underlying Nginx implementation.
+When you wish to establish a WebSocket connection between a client and your
+upstream services *through* Kong, you must establish a WebSocket handshake.
+This is done via the HTTP Upgrade mechanism. This is what your client request
+made to Kong would look like:
+
+```http
+GET / HTTP/1.1
+Connection: Upgrade
+Host: my-websocket-api.com
+Upgrade: WebSocket
+```
+
+This will make Kong forward the `Connection` and `Upgrade` headers to your
+upstream service, instead of dismissing them due to the hop-by-hop nature of a
+standard HTTP proxy.
+
+[Back to TOC](#table-of-contents)
+
+### WebSocket and TLS
+
+Kong will accept `ws` and `wss` connections on its respective `http` and
+`https` ports. To enforce TLS connections from clients, set the `protocols`
+property of the [Route][route-entity] to `https` only.
+
+When setting up the [Service][service-entity] to point to your upstream
+WebSocket service, you should carefully pick the protocol you want to use
+between Kong and the upstream. If you want to use TLS (`wss`), then the
+upstream WebSocket service must be defined using the `https` protocol in the
+Service `protocol` property, and the proper port (usually 443). To connect
+without TLS (`ws`), then the `http` protocol and port (usually 80) should be
+used in `protocol` instead.
+
+If you want Kong to terminate SSL/TLS, you can accept `wss` only from the
+client, but proxy to the upstream service over plain text, or `ws`.
+
+[Back to TOC](#table-of-contents)
+
+## Proxy gRPC traffic
+
+Starting with version 1.3, gRPC proxying is natively supported in Kong. In order
+to manage gRPC services and proxy gRPC requests with Kong, create Services and
+Routes for your gRPC Services (check out the [Configuring a gRPC Service guide][conf-grpc-service]).
+
+Note that in Kong 1.3 only observability and logging plugins are supported with
+gRPC - plugins known to be supported with gRPC have "grpc" and "grpcs" listed
+under the supported protocols field in their Kong Hub page - for example,
+check out the [File Log][file-log] plugin's page.
+
+## Conclusion
+
+Through this guide, we hope you gained knowledge of the underlying proxying
+mechanism of Kong, from how does a request match a Route to be routed to its
+associated Service, on to how to allow for using the WebSocket protocol or
+setup dynamic SSL certificates.
+
+This website is Open-Source and can be found at
+[github.com/Kong/docs.konghq.com](https://github.com/Kong/docs.konghq.com/).
+Feel free to provide feedback to this document there, or propose improvements!
+
+If you haven't already, we suggest that you also read the [Load balancing
+Reference][load-balancing-reference], as it closely relates to the topic we
+just covered.
+
+[Back to TOC](#table-of-contents)
+
+[plugin-configuration-object]: /{{page.kong_version}}/admin-api#plugin-object
+[plugin-development-guide]: /{{page.kong_version}}/plugin-development
+[plugin-association-rules]: /{{page.kong_version}}/admin-api/#precedence
+[load-balancing-reference]: /{{page.kong_version}}/loadbalancing
+[configuration-reference]: /{{page.kong_version}}/configuration-reference
+[configuration-trusted-ips]: /{{page.kong_version}}/configuration/#trusted_ips
+[configuring-a-service]: /{{page.kong_version}}/getting-started/configuring-a-service
+[API]: /{{page.kong_version}}/admin-api
+[service-entity]: /{{page.kong_version}}/admin-api/#add-service
+[route-entity]: /{{page.kong_version}}/admin-api/#add-route
+
+[ngx-http-proxy-module]: http://nginx.org/en/docs/http/ngx_http_proxy_module.html
+[ngx-http-realip-module]: http://nginx.org/en/docs/http/ngx_http_realip_module.html
+[ngx-remote-addr-variable]: http://nginx.org/en/docs/http/ngx_http_core_module.html#var_remote_addr
+[ngx-scheme-variable]: http://nginx.org/en/docs/http/ngx_http_core_module.html#var_scheme
+[ngx-host-variable]: http://nginx.org/en/docs/http/ngx_http_core_module.html#var_host
+[ngx-server-port-variable]: http://nginx.org/en/docs/http/ngx_http_core_module.html#var_server_port
+[ngx-http-proxy-retries]: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream_tries
+[SNI]: https://en.wikipedia.org/wiki/Server_Name_Indication
+[conf-grpc-service]: /{{page.kong_version}}/getting-started/configuring-a-grpc-service
+[file-log]: //file-log
diff --git a/app/1.3.x/secure-admin-api.md b/app/1.3.x/secure-admin-api.md
new file mode 100644
index 000000000000..dcdb40f3e7fb
--- /dev/null
+++ b/app/1.3.x/secure-admin-api.md
@@ -0,0 +1,159 @@
+---
+title: Securing the Admin API
+---
+
+## Introduction
+
+Kong's Admin API provides a RESTful interface for administration and
+configuration of Services, Routes, Plugins, Consumers, and Credentials. Because this
+API allows full control of Kong, it is important to secure this API against
+unwanted access. This document describes a few possible approaches to securing
+the Admin API.
+
+## Network Layer Access Restrictions
+
+### Minimal Listening Footprint
+
+By default since its 0.12.0 release, Kong will only accept requests from the
+local interface, as specified in its default `admin_listen` value:
+
+```
+admin_listen = 127.0.0.1:8001
+```
+
+If you change this value, always ensure to keep the listening footprint to a
+minimum, in order to avoid exposing your Admin API to third-parties, which
+could seriously compromise the security of your Kong cluster as a whole.
+For example, **avoid binding Kong to all of your interfaces**, by using
+values such as `0.0.0.0:8001`.
+
+[Back to TOC](#table-of-contents)
+
+### Layer 3/4 Network Controls
+
+In cases where the Admin API must be exposed beyond a localhost interface,
+network security best practices dictate that network-layer access be restricted
+as much as possible. Consider an environment in which Kong listens on a private
+network interface, but should only be accessed by a small subset of an IP range.
+In such a case, host-based firewalls (e.g. iptables) are useful in limiting
+input traffic ranges. For example:
+
+
+```bash
+# assume that Kong is listening on the address defined below, as defined as a
+# /24 CIDR block, and only a select few hosts in this range should have access
+
+$ grep admin_listen /etc/kong/kong.conf
+admin_listen 10.10.10.3:8001
+
+# explicitly allow TCP packets on port 8001 from the Kong node itself
+# this is not necessary if Admin API requests are not sent from the node
+$ iptables -A INPUT -s 10.10.10.3 -m tcp -p tcp --dport 8001 -j ACCEPT
+
+# explicitly allow TCP packets on port 8001 from the following addresses
+$ iptables -A INPUT -s 10.10.10.4 -m tcp -p tcp --dport 8001 -j ACCEPT
+$ iptables -A INPUT -s 10.10.10.5 -m tcp -p tcp --dport 8001 -j ACCEPT
+
+# drop all TCP packets on port 8001 not in the above IP list
+$ iptables -A INPUT -m tcp -p tcp --dport 8001 -j DROP
+
+```
+
+Additional controls, such as similar ACLs applied at a network device level, are
+encouraged, but fall outside the scope of this document.
+
+[Back to TOC](#table-of-contents)
+
+## Kong API Loopback
+
+Kong's routing design allows it to serve as a proxy for the Admin API itself. In
+this manner, Kong itself can be used to provide fine-grained access control to
+the Admin API. Such an environment requires bootstrapping a new Service that defines
+the `admin_listen` address as the Service's `url`. For example:
+
+```bash
+# assume that Kong has defined admin_listen as 127.0.0.1:8001, and we want to
+# reach the Admin API via the url `/admin-api`
+
+$ curl -X POST http://localhost:8001/services \
+  --data name=admin-api \
+  --data host=localhost \
+  --data port=8001
+
+$ curl -X POST http://localhost:8001/services/admin-api/routes \
+  --data paths[]=/admin-api
+
+# we can now transparently reach the Admin API through the proxy server
+$ curl localhost:8000/admin-api/apis
+{
+   "data":[
+      {
+         "uris":[
+            "\/admin-api"
+         ],
+         "id":"653b21bd-4d81-4573-ba00-177cc0108dec",
+         "upstream_read_timeout":60000,
+         "preserve_host":false,
+         "created_at":1496351805000,
+         "upstream_connect_timeout":60000,
+         "upstream_url":"http:\/\/localhost:8001",
+         "strip_uri":true,
+         "https_only":false,
+         "name":"admin-api",
+         "http_if_terminated":true,
+         "upstream_send_timeout":60000,
+         "retries":5
+      }
+   ],
+   "total":1
+}
+```
+
+From here, simply apply desired Kong-specific security controls (such as
+[basic][basic-auth] or [key authentication][key-auth],
+[IP restrictions][ip-restriction], or [access control lists][acl]) as you would
+normally to any other Kong API.
+
+[Back to TOC](#table-of-contents)
+
+## Custom Nginx Configuration
+
+Kong is tightly coupled with Nginx as an HTTP daemon, and can thus be integrated
+into environments with custom Nginx configurations. In this manner, use cases
+with complex security/access control requirements can use the full power of
+Nginx/OpenResty to build server/location blocks to house the Admin API as
+necessary. This allows such environments to leverage native Nginx authorization
+and authentication mechanisms, ACL modules, etc., in addition to providing the
+OpenResty environment on which custom/complex security controls can be built.
+
+For more information on integrating Kong into custom Nginx configurations, see
+[Custom Nginx configuration & embedding Kong][custom-configuration].
+
+[Back to TOC](#table-of-contents)
+
+## Role Based Access Control ##
+
+<div class="alert alert-warning">
+  <strong>Enterprise-Only</strong> This feature is only available with an
+  Enterprise Subscription.
+</div>
+
+Enterprise users can configure role-based access control to secure access to the
+Admin API. RBAC allows for fine-grained control over resource access based on
+a model of user roles and permissions. Users are assigned to one or more roles,
+which each in turn possess one or more permissions granting or denying access
+to a particular resource. In this way, fine-grained control over specific Admin
+API resources can be enforced, while scaling to allow complex, case-specific
+uses.
+
+If you are not a Kong Enterprise customer, you can inquire about our
+Enterprise offering by [contacting us](/enterprise).
+
+[Back to TOC](#table-of-contents)
+
+
+[acl]: /plugins/acl
+[basic-auth]: /plugins/basic-authentication/
+[custom-configuration]: /{{page.kong_version}}/configuration/#custom-nginx-configuration
+[ip-restriction]: /plugins/ip-restriction
+[key-auth]: /plugins/key-authentication
diff --git a/app/1.3.x/upgrading.md b/app/1.3.x/upgrading.md
new file mode 100644
index 000000000000..e8df42ba20d5
--- /dev/null
+++ b/app/1.3.x/upgrading.md
@@ -0,0 +1,167 @@
+---
+title: Upgrade guide
+---
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> What follows is the upgrade guide for 1.3.x.
+  If you are trying to upgrade to an earlier version of Kong, please read
+  <a href="https://github.com/Kong/kong/blob/master/UPGRADE.md">UPGRADE.md file in the Kong repo</a>
+</div>
+
+This guide will inform you about breaking changes you should be aware of
+when upgrading, as well as take you through the correct sequence of steps
+in order to obtain a **no-downtime** migration in different upgrade
+scenarios.
+
+## Upgrade to `1.3`
+
+Kong adheres to [semantic versioning](https://semver.org/), which makes a
+as well as breaking changes.
+distinction between "major", "minor" and "patch" versions. The upgrade path
+will be different on which previous version from which you are migrating.
+
+If you are upgrading from 0.x, this is a major upgrade. If you are
+upgrading from 1.0.x, 1.1.x, or 1.2.x, this is a minor upgrade. Both
+scenarios are explained below.
+
+## 1. Breaking Changes
+
+### Dependencies
+
+If you are using the provided binary packages, all necessary dependencies
+are bundled. If you are building your dependencies by hand, you should
+be aware of the following changes:
+
+- The required OpenResty version has been bumped to
+  [1.15.8.1](http://openresty.org/en/changelog-1015008.html). If you are
+  installing Kong from one of our distribution packages, you are not affected
+  by this change.
+- From this version on, the new
+  [lua-kong-nginx-module](https://github.com/Kong/lua-kong-nginx-module) Nginx
+  module is **required** to be built into OpenResty for Kong to function
+  properly. If you are installing Kong from one of our distribution packages,
+  you are not affected by this change.
+  [openresty-build-tools#26](https://github.com/Kong/openresty-build-tools/pull/26)
+
+**Note:** if you are not using one of our distribution packages and compiling
+OpenResty from source, you must still apply Kong's [OpenResty
+patches](https://github.com/kong/openresty-patches) (and, as highlighted above,
+compile OpenResty with the new lua-kong-nginx-module). Our new
+[openresty-build-tools](https://github.com/Kong/openresty-build-tools)
+repository will allow you to do both easily.
+
+### Core
+
+- Bugfixes in the router *may, in some edge-cases*, result in different Routes
+  being matched. It was reported to us that the router behaved incorrectly in
+  some cases when configuring wildcard Hosts and regex paths (e.g.
+  [#3094](https://github.com/Kong/kong/issues/3094)). It may be so that you are
+  subject to these bugs without realizing it. Please ensure that wildcard Hosts
+  and regex paths Routes you have configured are matching as expected before
+  upgrading.
+  [9ca4dc0](https://github.com/Kong/kong/commit/9ca4dc09fdb12b340531be8e0f9d1560c48664d5)
+  [2683b86](https://github.com/Kong/kong/commit/2683b86c2f7680238e3fe85da224d6f077e3425d)
+  [6a03e1b](https://github.com/Kong/kong/commit/6a03e1bd95594716167ccac840ff3e892ed66215)
+- Upstream connections are now only kept-alive for 100 requests or 60 seconds
+  (idle) by default. Previously, upstream connections were not actively closed
+  by Kong. This is a (non-breaking) change in behavior inherited from Nginx
+  1.15, and configurable via new configuration properties.
+
+### Configuration
+
+- The `upstream_keepalive` configuration property is deprecated, and replaced
+  by the new `nginx_http_upstream_keepalive` property. Its behavior is almost
+  identical, but the notable difference is that the latter leverages the
+  [injected Nginx
+  directives](https://konghq.com/blog/kong-ce-nginx-injected-directives/)
+  feature added in Kong 0.14.0.
+
+## 2. Suggested Upgrade Path
+
+### Upgrade from `0.x` to `1.3`
+
+The lowest version that Kong 1.3 supports migrating from is 0.14.1. if you
+are migrating from a previous 0.x release, please migrate to 0.14.1 first.
+
+For upgrading from 0.14.1 to Kong 1.3, the steps for upgrading are the same as
+upgrading from 0.14.1 to Kong 1.0. Please follow the steps described in the
+"Migration Steps from 0.14" in the [Suggested Upgrade Path for Kong
+1.0](#kong-1-0-upgrade-path).
+
+### Upgrade from `1.0.x` - `1.2.x` to `1.3`
+
+Kong 1.3 supports the no-downtime migration model. This means that while the
+migration is ongoing, you will have two Kong clusters running, sharing the
+same database. (This is sometimes called the Blue/Green migration model.)
+
+The migrations are designed so that there is no need to fully copy
+the data, but this also means that they are designed in such a way so that
+the new version of Kong is able to use the data as it is migrated, and to do
+it in a way so that the old Kong cluster keeps working until it is finally
+time to decommission it. For this reason, the full migration is now split into
+two steps, which are performed via commands `kong migrations up` (which does
+only non-destructive operations) and `kong migrations finish` (which puts the
+database in the final expected state for Kong 1.2).
+
+1. Download 1.3, and configure it to point to the same datastore as your old
+   (1.0 - 1.2) cluster. Run `kong migrations up`.
+2. Once that finishes running, both the old and new (1.3) clusters can now run
+   simultaneously on the same datastore. Start provisioning 1.3 nodes, but do
+   not use their Admin API yet. If you need to perform Admin API requests,
+   these should be made to the old cluster's nodes.  The reason is to prevent
+   the new cluster from generating data that is not understood by the old
+   cluster.
+3. Gradually divert traffic away from your old nodes, and into
+   your 1.3 cluster. Monitor your traffic to make sure everything
+   is going smoothly.
+4. When your traffic is fully migrated to the 1.3 cluster, decommission your
+   old nodes.
+5. From your 1.3 cluster, run: `kong migrations finish`.  From this point on,
+   it will not be possible to start nodes in the old cluster pointing to the
+   same datastore anymore. Only run this command when you are confident that
+   your migration was successful. From now on, you can safely make Admin API
+   requests to your 1.3 nodes.
+
+### Upgrade Path for Patch Releases
+
+There are no migrations in upgrades between current or
+future patch releases of the same minor release of Kong
+(e.g. 1.0.0 to 1.0.1, 1.0.1 to 1.0.4, etc.). Therefore, the
+upgrade process is simpler.
+
+Assuming that Kong is already running on your system, acquire the latest
+version from any of the available [installation
+methods](https://getkong.org/install/) and proceed to install it, overriding
+your previous installation.
+
+If you are planning to make modifications to your configuration, this is a
+good time to do so.
+
+Then, run migration to upgrade your database schema:
+
+```shell
+$ kong migrations up [-c configuration_file]
+```
+
+If the command is successful, and no migration ran
+(no output), then you only have to
+[reload](https://getkong.org/docs/latest/cli/#reload) Kong:
+
+```shell
+$ kong reload [-c configuration_file]
+```
+
+**Reminder**: `kong reload` leverages the Nginx `reload` signal that seamlessly
+starts new workers, which take over from old workers before those old workers
+are terminated. In this way, Kong will serve new requests via the new
+configuration, without dropping existing in-flight connections.
+
+### Installing 1.3 on a Fresh Datastore
+
+The following commands should be used to prepare a new 1.3 cluster from a fresh
+datastore:
+
+```
+$ kong migrations bootstrap [-c config]
+$ kong start [-c config]
+```
diff --git a/app/_assets/stylesheets/header.less b/app/_assets/stylesheets/header.less
index 135c8a2e9422..9766e71c0bbe 100644
--- a/app/_assets/stylesheets/header.less
+++ b/app/_assets/stylesheets/header.less
@@ -1580,7 +1580,7 @@ body {
         }
       }
       a {
-        color: $blue;
+        color: var(--blue);
       }
       &:first-of-type {
         transform: scale(1);
@@ -1640,11 +1640,11 @@ body {
       &.install {
         &:hover {
           a {
-            color: $blue;
+            color: --blue;
           }
           svg {
             g {
-              fill: $blue !important;
+              fill: --blue !important;
             }
           }
         }
diff --git a/app/_assets/stylesheets/page.less b/app/_assets/stylesheets/page.less
index 12b5a24281fb..c54785234513 100644
--- a/app/_assets/stylesheets/page.less
+++ b/app/_assets/stylesheets/page.less
@@ -51,10 +51,6 @@
     }
   }
 
-  .page-header-title-enterprise {
-    max-width:calc(~"100% - 280px");
-  }
-
   .page-header-btn {
     &#version-dropdown{
       @media screen and (max-width:476px){
diff --git a/app/_data/docs_nav_1.3.x.yml b/app/_data/docs_nav_1.3.x.yml
new file mode 100644
index 000000000000..fd430b7c04b3
--- /dev/null
+++ b/app/_data/docs_nav_1.3.x.yml
@@ -0,0 +1,360 @@
+# Generated via autodoc-nav
+- title: Getting Started
+  items:
+    - text: Introduction
+      url: /getting-started/introduction
+
+    - text: Five-minute quickstart
+      url: /getting-started/quickstart
+
+    - text: Configuring a Service
+      url: /getting-started/configuring-a-service
+
+    - text: Enabling Plugins
+      url: /getting-started/enabling-plugins
+
+    - text: Adding Consumers
+      url: /getting-started/adding-consumers
+
+- title: Guides &amp; References
+  items:
+    - text: Configuration reference
+      url: /configuration
+
+    - text: CLI reference
+      url: /cli
+
+    - text: Proxy reference
+      url: /proxy
+
+    - text: Authentication reference
+      url: /auth
+
+    - text: Load balancing reference
+      url: /loadbalancing
+
+    - text: Health checks and circuit breakers reference
+      url: /health-checks-circuit-breakers
+
+    - text: Clustering reference
+      url: /clustering
+
+    - text: Logging reference
+      url: /logging
+
+    - text: Network &amp; Firewall
+      url: /network
+
+    - text: Securing the Admin API
+      url: /secure-admin-api
+
+    - text: Plugin Development Guide
+      url: /plugin-development
+      items:
+        - text: Introduction
+          url: /plugin-development
+
+        - text: File structure
+          url: /plugin-development/file-structure
+
+        - text: Implementing custom logic
+          url: /plugin-development/custom-logic
+
+        - text: Plugin configuration
+          url: /plugin-development/plugin-configuration
+
+        - text: Accessing the datastore
+          url: /plugin-development/access-the-datastore
+
+        - text: Storing custom entities
+          url: /plugin-development/custom-entities
+
+        - text: Caching custom entities
+          url: /plugin-development/entities-cache
+
+        - text: Extending the Admin API
+          url: /plugin-development/admin-api
+
+        - text: Writing tests
+          url: /plugin-development/tests
+
+        - text: (un)Installing your plugin
+          url: /plugin-development/distribution
+
+    - text: Plugin Development Kit
+      url: /pdk
+      items:
+
+      - text: kong.client
+        url: /pdk/kong.client
+
+      - text: kong.ctx
+        url: /pdk/kong.ctx
+
+      - text: kong.ip
+        url: /pdk/kong.ip
+
+      - text: kong.log
+        url: /pdk/kong.log
+
+      - text: kong.nginx
+        url: /pdk/kong.nginx
+
+      - text: kong.node
+        url: /pdk/kong.node
+
+      - text: kong.request
+        url: /pdk/kong.request
+
+      - text: kong.response
+        url: /pdk/kong.response
+
+      - text: kong.router
+        url: /pdk/kong.router
+
+      - text: kong.service
+        url: /pdk/kong.service
+
+      - text: kong.service.request
+        url: /pdk/kong.service.request
+
+      - text: kong.service.response
+        url: /pdk/kong.service.response
+
+      - text: kong.table
+        url: /pdk/kong.table
+
+# Generated via autodoc-admin-api
+- title: Admin API
+  url: /admin-api/
+  items:
+    - text: DB-less
+      url: /db-less-admin-api
+
+    - text: Declarative Configuration
+      url: /db-less-admin-api/#declarative-configuration
+
+    - text: Supported Content Types
+      url: /admin-api/#supported-content-types
+
+    - text: Information Routes
+      url: /admin-api/#information-routes
+      items:
+        - text: Retrieve Node Information
+          url: /admin-api/#retrieve-node-information
+
+        - text: Retrieve Node Status
+          url: /admin-api/#retrieve-node-status
+
+    - text: Tags
+      url: /admin-api/#tags
+      items:
+        - text: List All Tags
+          url: /admin-api/#list-all-tags
+
+        - text: List Entity Ids by Tag
+          url: /admin-api/#list-entity-ids-by-tag
+
+    - text: Service Object
+      url: /admin-api/#service-object
+      items:
+        - text: Add Service
+          url: /admin-api/#add-service
+
+        - text: List Services
+          url: /admin-api/#list-services
+
+        - text: Retrieve Service
+          url: /admin-api/#retrieve-service
+
+        - text: Update Service
+          url: /admin-api/#update-service
+
+        - text: Update Or Create Service
+          url: /admin-api/#update-or-create-service
+
+        - text: Delete Service
+          url: /admin-api/#delete-service
+
+    - text: Route Object
+      url: /admin-api/#route-object
+      items:
+        - text: Add Route
+          url: /admin-api/#add-route
+
+        - text: List Routes
+          url: /admin-api/#list-routes
+
+        - text: Retrieve Route
+          url: /admin-api/#retrieve-route
+
+        - text: Update Route
+          url: /admin-api/#update-route
+
+        - text: Update Or Create Route
+          url: /admin-api/#update-or-create-route
+
+        - text: Delete Route
+          url: /admin-api/#delete-route
+
+    - text: Consumer Object
+      url: /admin-api/#consumer-object
+      items:
+        - text: Add Consumer
+          url: /admin-api/#add-consumer
+
+        - text: List Consumers
+          url: /admin-api/#list-consumers
+
+        - text: Retrieve Consumer
+          url: /admin-api/#retrieve-consumer
+
+        - text: Update Consumer
+          url: /admin-api/#update-consumer
+
+        - text: Update Or Create Consumer
+          url: /admin-api/#update-or-create-consumer
+
+        - text: Delete Consumer
+          url: /admin-api/#delete-consumer
+
+    - text: Plugin Object
+      url: /admin-api/#plugin-object
+      items:
+        - text: Add Plugin
+          url: /admin-api/#add-plugin
+
+        - text: List Plugins
+          url: /admin-api/#list-plugins
+
+        - text: Retrieve Plugin
+          url: /admin-api/#retrieve-plugin
+
+        - text: Update Plugin
+          url: /admin-api/#update-plugin
+
+        - text: Update Or Create Plugin
+          url: /admin-api/#update-or-create-plugin
+
+        - text: Delete Plugin
+          url: /admin-api/#delete-plugin
+
+        - text: Retrieve Enabled Plugins
+          url: /admin-api/#retrieve-enabled-plugins
+
+        - text: Retrieve Plugin Schema
+          url: /admin-api/#retrieve-plugin-schema
+
+    - text: Certificate Object
+      url: /admin-api/#certificate-object
+      items:
+        - text: Add Certificate
+          url: /admin-api/#add-certificate
+
+        - text: List Certificates
+          url: /admin-api/#list-certificates
+
+        - text: Retrieve Certificate
+          url: /admin-api/#retrieve-certificate
+
+        - text: Update Certificate
+          url: /admin-api/#update-certificate
+
+        - text: Update Or Create Certificate
+          url: /admin-api/#update-or-create-certificate
+
+        - text: Delete Certificate
+          url: /admin-api/#delete-certificate
+
+    - text: CA Certificate Object
+      url: /admin-api/#ca-certificate-object
+      items:
+        - text: Add CA Certificate
+          url: /admin-api/#add-ca-certificate
+
+        - text: List CA Certificates
+          url: /admin-api/#list-ca-certificates
+
+        - text: Retrieve CA Certificate
+          url: /admin-api/#retrieve-ca-certificate
+
+        - text: Update CA Certificate
+          url: /admin-api/#update-ca-certificate
+
+        - text: Update Or Create CA Certificate
+          url: /admin-api/#update-or-create-ca-certificate
+
+        - text: Delete CA Certificate
+          url: /admin-api/#delete-ca-certificate
+
+    - text: SNI Object
+      url: /admin-api/#sni-object
+      items:
+        - text: Add SNI
+          url: /admin-api/#add-sni
+
+        - text: List SNIs
+          url: /admin-api/#list-snis
+
+        - text: Retrieve SNI
+          url: /admin-api/#retrieve-sni
+
+        - text: Update SNI
+          url: /admin-api/#update-sni
+
+        - text: Update Or Create SNI
+          url: /admin-api/#update-or-create-sni
+
+        - text: Delete SNI
+          url: /admin-api/#delete-sni
+
+    - text: Upstream Object
+      url: /admin-api/#upstream-object
+      items:
+        - text: Add Upstream
+          url: /admin-api/#add-upstream
+
+        - text: List Upstreams
+          url: /admin-api/#list-upstreams
+
+        - text: Retrieve Upstream
+          url: /admin-api/#retrieve-upstream
+
+        - text: Update Upstream
+          url: /admin-api/#update-upstream
+
+        - text: Update Or Create Upstream
+          url: /admin-api/#update-or-create-upstream
+
+        - text: Delete Upstream
+          url: /admin-api/#delete-upstream
+
+        - text: Show Upstream Health for Node
+          url: /admin-api/#show-upstream-health-for-node
+
+    - text: Target Object
+      url: /admin-api/#target-object
+      items:
+        - text: Add Target
+          url: /admin-api/#add-target
+
+        - text: List Targets
+          url: /admin-api/#list-targets
+
+        - text: Delete Target
+          url: /admin-api/#delete-target
+
+        - text: Set Target Address As Healthy
+          url: /admin-api/#set-target-address-as-healthy
+
+        - text: Set Target Address As Unhealthy
+          url: /admin-api/#set-target-address-as-unhealthy
+
+        - text: Set Target As Healthy
+          url: /admin-api/#set-target-as-healthy
+
+        - text: Set Target As Unhealthy
+          url: /admin-api/#set-target-as-unhealthy
+
+        - text: List All Targets
+          url: /admin-api/#list-all-targets
diff --git a/app/_data/docs_nav_ee_0.34-x.yml b/app/_data/docs_nav_ee_0.34-x.yml
index 63094eae0275..60bcf15c261e 100644
--- a/app/_data/docs_nav_ee_0.34-x.yml
+++ b/app/_data/docs_nav_ee_0.34-x.yml
@@ -45,6 +45,32 @@
     - text: LDAP Auth Advanced Plugin
       url: /plugins/ldap-authentication-advanced
 
+- title: Admin API
+  url: /admin-api/
+  items:
+    - text: Supported Content Types
+      url: /admin-api/#supported-content-types
+    - text: Information
+      url: /admin-api/#information-routes
+    - text: Service Object
+      url: /admin-api/#service-object
+    - text: Route Object
+      url: /admin-api/#route-object
+    - text: API Object
+      url: /admin-api/#api-object
+    - text: Consumer Object
+      url: /admin-api/#consumer-object
+    - text: Plugin Object
+      url: /admin-api/#plugin-object
+    - text: Certificate Object
+      url: /admin-api/#certificate-object
+    - text: SNI Object
+      url: /admin-api/#sni-objects
+    - text: Upstream Object
+      url: /admin-api/#upstream-objects
+    - text: Target Object
+      url: /admin-api/#target-object
+
 - title: Workspaces
   items:
     - text: Overview
diff --git a/app/_data/docs_nav_ee_0.35-x.yml b/app/_data/docs_nav_ee_0.35-x.yml
index 9436e235cf95..204242b13fd3 100644
--- a/app/_data/docs_nav_ee_0.35-x.yml
+++ b/app/_data/docs_nav_ee_0.35-x.yml
@@ -55,20 +55,60 @@
       url: /property-reference
     - text: CLI Reference
       url: /cli
+    - text: Proxy reference
+      url: /proxy
+    - text: Authentication reference
+      url: /auth
+    - text: Load balancing reference
+      url: /loadbalancing
+    - text: Health checks and circuit breakers reference
+      url: /health-checks-circuit-breakers
+    - text: Clustering reference
+      url: /clustering
+    - text: Logging reference
+      url: /logging
+    - text: Network &amp; Firewall
+      url: /network
+    - text: Securing the Admin API
+      url: /secure-admin-api
+    - text: Plugin Development Guide
+      url: /plugin-development
+    - text: Plugin Development Kit
+      url: /pdk
 
 - title: Admin API
   url: /admin-api
   items:
   - text: Overview
-    url: /admin-api
-  - text: Workspaces
+    url: /admin-api/
+  - text: Supported Content Types
+    url: /admin-api/#supported-content-types
+  - text: Information routes
+    url: /admin-api/#information-routes
+  - text: Service Object
+    url: /admin-api/#service-object
+  - text: Route Object
+    url: /admin-api/#route-object
+  - text: Consumer Object routes
+    url: /admin-api/#consumer-object
+  - text: Plugin Object routes
+    url: /admin-api/#plugin-object
+  - text: Certificate Object routes
+    url: /admin-api/#certificate-object
+  - text: SNI Object routes
+    url: /admin-api/#sni-objects
+  - text: Upstream Object routes
+    url: /admin-api/#upstream-objects
+  - text: Target Object routes
+    url: /admin-api/#target-object
+  - text: Workspace Object routes
     url: /admin-api/workspaces/reference
-  - text: RBAC
+  - text: RBAC Object routes
     url: /admin-api/rbac/reference
   - text: Admins
     url: /admin-api/admins/reference
     items:
-      - text: API Reference
+      - text: Admin Object routes
         url: /admin-api/admins/reference
       - text: Examples
         url: /admin-api/admins/examples
@@ -168,14 +208,17 @@
     - text: Networking
       url: /developer-portal/networking
     - text: Administration
+      url: /developer-portal/administration/managing-developers
       items:
         - text: Managing Developers
           url: /developer-portal/administration/managing-developers
     - text: Theme Customization
+      url: /developer-portal/theme-customization/customizing-dev-portal
       items:
           - text: Customizing the Dev Portal
             url: /developer-portal/theme-customization/customizing-dev-portal
     - text: Content Management
+      url: /developer-portal/content-management/file-management
       items:
           - text: File Management
             url: /developer-portal/content-management/file-management
@@ -183,9 +226,10 @@
       url: /developer-portal/faq
 
 - title: APIs and Plugins
-  url: https://konghq.com/hub
+  url: /plugins
   items:
     - text: Plugin Reference
+      url: /plugins/canary-release
       items:
       - text: Canary Release Plugin
         url: /plugins/canary-release
@@ -218,10 +262,15 @@
       - text: Request Validator
         url: /plugins/request-validator
     - text: Implementation
+      url: /plugins/allowing-multiple-authentication-methods
       items:
         - text: Multiple Authentication Methods
           url: /plugins/allowing-multiple-authentication-methods
+        - text: OpenID Connect with Azure AD
+          url: /plugins/oidc-azuread
         - text: OpenID Connect with Google
           url: /plugins/oidc-google
+        - text: OpenID Connect with Okta
+          url: /plugins/oidc-okta
         - text: OpenID Connect with Auth0
           url: /plugins/oidc-auth0
diff --git a/app/_data/docs_nav_ee_0.36-x.yml b/app/_data/docs_nav_ee_0.36-x.yml
index 98fc147e3ed8..f41e4986ed3a 100644
--- a/app/_data/docs_nav_ee_0.36-x.yml
+++ b/app/_data/docs_nav_ee_0.36-x.yml
@@ -24,7 +24,6 @@
     - text: Migrating to 0.36
       url: /deployment/migrations
 
-
 - title: Getting Started
   url: /getting-started/
   items:
@@ -54,20 +53,69 @@
       url: /property-reference
     - text: CLI Reference
       url: /cli
+    - text: Rate Limiting Library
+      url: /enterprise/references/rate-limiting
+      absolute_url: true
+    - text: CLI reference
+      url: /cli
+    - text: Proxy reference
+      url: /proxy
+    - text: Authentication reference
+      url: /auth
+    - text: Load balancing reference
+      url: /loadbalancing
+    - text: Health checks and circuit breakers reference
+      url: /health-checks-circuit-breakers
+    - text: Clustering reference
+      url: /clustering
+    - text: Logging reference
+      url: /logging
+    - text: Network &amp; Firewall
+      url: /network
+    - text: Securing the Admin API
+      url: /secure-admin-api
+    - text: Plugin Development Guide
+      url: /plugin-development
+    - text: Plugin Development Kit
+      url: /pdk
+    - text : OpenAPI Spec to Kong Entities
+      url: /oasconfig
 
 - title: Admin API
   url: /admin-api
   items:
   - text: Overview
     url: /admin-api
-  - text: Workspaces
+  - text: Supported Content Types
+    url: /admin-api/#supported-content-types
+  - text: Information Routes
+    url: /admin-api/#information-routes
+  - text: Tags
+    url: /admin-api/#tags
+  - text: Service Object
+    url: /admin-api/#service-object
+  - text: Route Object
+    url: /admin-api/#route-object
+  - text: Consumer Object
+    url: /admin-api/#consumer-object
+  - text: Plugin Object
+    url: /admin-api/#plugin-object
+  - text: Certificate Object
+    url: /admin-api/#certificate-object
+  - text: SNI Object
+    url: /admin-api/#sni-object
+  - text: Upstream Object
+    url: /admin-api/#upstream-object
+  - text: Target Object
+    url: /admin-api/#target-object
+  - text: Workspace Object routes
     url: /admin-api/workspaces/reference
-  - text: RBAC
+  - text: RBAC Object routes
     url: /admin-api/rbac/reference
   - text: Admins
     url: /admin-api/admins/reference
     items:
-      - text: API Reference
+      - text: Admin Object routes
         url: /admin-api/admins/reference
       - text: Examples
         url: /admin-api/admins/examples
@@ -182,7 +230,7 @@
       url: /developer-portal/faq
 
 - title: APIs and Plugins
-  url: https://konghq.com/hub
+  url: /plugins
   items:
     - text: Plugin Reference
       items:
@@ -220,7 +268,11 @@
       items:
         - text: Multiple Authentication Methods
           url: /plugins/allowing-multiple-authentication-methods
+        - text: OpenID Connect with Azure AD
+          url: /plugins/oidc-azuread
         - text: OpenID Connect with Google
           url: /plugins/oidc-google
+        - text: OpenID Connect with Okta
+          url: /plugins/oidc-okta
         - text: OpenID Connect with Auth0
           url: /plugins/oidc-auth0
diff --git a/app/_data/kong_versions.yml b/app/_data/kong_versions.yml
index afc50f71e3ad..2f24ffe4db91 100644
--- a/app/_data/kong_versions.yml
+++ b/app/_data/kong_versions.yml
@@ -155,14 +155,24 @@
     openresty: "1.13.6.2"
 -
   release: "1.2.x"
-  version: "1.2.1"
-  luarocks_version: "1.2.1-0"
+  version: "1.2.2"
+  luarocks_version: "1.2.2-0"
   dependencies:
     luajit: "2.1.0-beta3"
     luarocks: "2.4.3"
     cassandra: "3.x.x"
     postgres: "9.5+"
     openresty: "1.13.6.2"
+-
+  release: "1.3.x"
+  version: "1.3.0"
+  luarocks_version: "1.3.0-0"
+  dependencies:
+    luajit: "2.1.0-beta3"
+    luarocks: "3.1.3"
+    cassandra: "3.x.x"
+    postgres: "9.5+"
+    openresty: "1.15.8.1"
 -
   release: "0.31-x"
   version: "0.31"
diff --git a/app/_hub/kong-inc/acl/index.md b/app/_hub/kong-inc/acl/index.md
index a1f6d03025b0..5543a2716491 100644
--- a/app/_hub/kong-inc/acl/index.md
+++ b/app/_hub/kong-inc/acl/index.md
@@ -22,6 +22,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
diff --git a/app/_hub/kong-inc/aws-lambda/index.md b/app/_hub/kong-inc/aws-lambda/index.md
index 968bbd967d9c..25828016ed48 100644
--- a/app/_hub/kong-inc/aws-lambda/index.md
+++ b/app/_hub/kong-inc/aws-lambda/index.md
@@ -24,6 +24,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
diff --git a/app/_hub/kong-inc/azure-functions/index.md b/app/_hub/kong-inc/azure-functions/index.md
index c9572f91ff42..90bea7025521 100644
--- a/app/_hub/kong-inc/azure-functions/index.md
+++ b/app/_hub/kong-inc/azure-functions/index.md
@@ -19,6 +19,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
diff --git a/app/_hub/kong-inc/basic-auth/index.md b/app/_hub/kong-inc/basic-auth/index.md
index d1d08c68582f..18dbac3a7283 100644
--- a/app/_hub/kong-inc/basic-auth/index.md
+++ b/app/_hub/kong-inc/basic-auth/index.md
@@ -22,6 +22,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
diff --git a/app/_hub/kong-inc/bot-detection/index.md b/app/_hub/kong-inc/bot-detection/index.md
index baffef7c9f12..74e30a4944ac 100644
--- a/app/_hub/kong-inc/bot-detection/index.md
+++ b/app/_hub/kong-inc/bot-detection/index.md
@@ -14,6 +14,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
diff --git a/app/_hub/kong-inc/canary/0.31-x.md b/app/_hub/kong-inc/canary/0.31-x.md
index 5264402ecbbd..20685db11a97 100644
--- a/app/_hub/kong-inc/canary/0.31-x.md
+++ b/app/_hub/kong-inc/canary/0.31-x.md
@@ -33,42 +33,36 @@ params:
       value_in_examples:
       description: |
         Future time in seconds since epoch, when the release will start (ignored when `percentage` is set)
-  config:
     - name: duration
       required:
       default: 3600
       value_in_examples:
       description: |
         How long, in seconds, should the transition take (ignored when `percentage` is set)
-  config:
     - name: percentage
       required:
       default:
       value_in_examples:
       description: |
         Fixed % of traffic to be routed to new target, if given overrides `start` and `duration`
-  config:
     - name: steps
       required:
       default: 1000
       value_in_examples:
       description: |
         Number of steps the release should be broken into
-  config:
     - name: upstream_host
       required:
       default:
       value_in_examples:
       description: |
         Target hostname where traffic will be routed, required if `upstream_uri` is not set
-  config:
     - name: upstream_uri
       required:
       default:
       value_in_examples:
       description: |
         Upstream URI where traffic will be routed, required if `upstream_host` is not set
-  config:
     - name: hash
       required:
       default: consumer
diff --git a/app/_hub/kong-inc/canary/0.32-x.md b/app/_hub/kong-inc/canary/0.32-x.md
index 882d455ab732..5f7c499b2e1f 100644
--- a/app/_hub/kong-inc/canary/0.32-x.md
+++ b/app/_hub/kong-inc/canary/0.32-x.md
@@ -33,42 +33,36 @@ params:
       value_in_examples:
       description: |
         Future time in seconds since epoch, when the release will start (ignored when `percentage` is set)
-  config:
     - name: duration
       required:
       default: 3600
       value_in_examples:
       description: |
         How long, in seconds, should the transition take (ignored when `percentage` is set)
-  config:
     - name: percentage
       required:
       default:
       value_in_examples:
       description: |
         Fixed % of traffic to be routed to new target, if given overrides `start` and `duration`
-  config:
     - name: steps
       required:
       default: 1000
       value_in_examples:
       description: |
         Number of steps the release should be broken into
-  config:
     - name: upstream_host
       required:
       default:
       value_in_examples:
       description: |
         Target hostname where traffic will be routed, required if `upstream_uri` is not set
-  config:
     - name: upstream_uri
       required:
       default:
       value_in_examples:
       description: |
         Upstream URI where traffic will be routed, required if `upstream_host` is not set
-  config:
     - name: hash
       required:
       default: consumer
diff --git a/app/_hub/kong-inc/canary/0.33-x.md b/app/_hub/kong-inc/canary/0.33-x.md
index 02fe0b8d5bf1..880700360348 100644
--- a/app/_hub/kong-inc/canary/0.33-x.md
+++ b/app/_hub/kong-inc/canary/0.33-x.md
@@ -8,8 +8,6 @@ desc: Slowly roll out software changes to a subset of users
 description: |
   Reduce the risk of introducing a new software version in production by slowly rolling out the change to a small subset of users. This plugin also enables roll back to your original upstream service, or shift all traffic to the new version.
 
-  * [Detailed documentation for the Enterprise Canary Release Plugin](/enterprise/latest/plugins/canary-release/)
-
 enterprise: true
 type: plugin
 categories:
@@ -35,42 +33,36 @@ params:
       value_in_examples:
       description: |
         Future time in seconds since epoch, when the release will start (ignored when `percentage` is set)
-  config:
     - name: duration
       required:
       default: 3600
       value_in_examples:
       description: |
         How long, in seconds, should the transition take (ignored when `percentage` is set)
-  config:
     - name: percentage
       required:
       default:
       value_in_examples:
       description: |
         Fixed % of traffic to be routed to new target, if given overrides `start` and `duration`
-  config:
     - name: steps
       required:
       default: 1000
       value_in_examples:
       description: |
         Number of steps the release should be broken into
-  config:
     - name: upstream_host
       required:
       default:
       value_in_examples:
       description: |
         Target hostname where traffic will be routed, required if `upstream_uri` is not set
-  config:
     - name: upstream_uri
       required:
       default:
       value_in_examples:
       description: |
         Upstream URI where traffic will be routed, required if `upstream_host` is not set
-  config:
     - name: hash
       required:
       default: consumer
diff --git a/app/_hub/kong-inc/canary/0.34-x.md b/app/_hub/kong-inc/canary/0.34-x.md
index b7bc38e6ea8d..27543d158add 100644
--- a/app/_hub/kong-inc/canary/0.34-x.md
+++ b/app/_hub/kong-inc/canary/0.34-x.md
@@ -8,8 +8,6 @@ desc: Slowly roll out software changes to a subset of users
 description: |
   Reduce the risk of introducing a new software version in production by slowly rolling out the change to a small subset of users. This plugin also enables roll back to your original upstream service, or shift all traffic to the new version.
 
-  * [Detailed documentation for the Enterprise Canary Release Plugin](/enterprise/latest/plugins/canary-release/)
-
 enterprise: true
 type: plugin
 categories:
@@ -35,42 +33,36 @@ params:
       value_in_examples:
       description: |
         Future time in seconds since epoch, when the release will start (ignored when `percentage` is set)
-  config:
     - name: duration
       required:
       default: 3600
       value_in_examples:
       description: |
         How long, in seconds, should the transition take (ignored when `percentage` is set)
-  config:
     - name: percentage
       required:
       default:
       value_in_examples:
       description: |
         Fixed % of traffic to be routed to new target, if given overrides `start` and `duration`
-  config:
     - name: steps
       required:
       default: 1000
       value_in_examples:
       description: |
         Number of steps the release should be broken into
-  config:
     - name: upstream_host
       required:
       default:
       value_in_examples:
       description: |
         Target hostname where traffic will be routed, required if `upstream_uri` is not set
-  config:
     - name: upstream_uri
       required:
       default:
       value_in_examples:
       description: |
         Upstream URI where traffic will be routed, required if `upstream_host` is not set
-  config:
     - name: hash
       required:
       default: consumer
diff --git a/app/_hub/kong-inc/canary/0.35-x.md b/app/_hub/kong-inc/canary/0.35-x.md
index 0850c3d469b6..7048ddc3aec6 100644
--- a/app/_hub/kong-inc/canary/0.35-x.md
+++ b/app/_hub/kong-inc/canary/0.35-x.md
@@ -8,8 +8,6 @@ desc: Slowly roll out software changes to a subset of users
 description: |
   Reduce the risk of introducing a new software version in production by slowly rolling out the change to a small subset of users. This plugin also enables roll back to your original upstream service, or shift all traffic to the new version.
 
-  * [Detailed documentation for the Enterprise Canary Release Plugin](/enterprise/latest/plugins/canary-release/)
-
 enterprise: true
 type: plugin
 categories:
@@ -36,42 +34,36 @@ params:
       value_in_examples:
       description: |
         Future time in seconds since epoch, when the release will start (ignored when `percentage` is set)
-  config:
     - name: duration
       required:
       default: 3600
       value_in_examples:
       description: |
         How long, in seconds, should the transition take (ignored when `percentage` is set)
-  config:
     - name: percentage
       required:
       default:
       value_in_examples:
       description: |
         Fixed % of traffic to be routed to new target, if given overrides `start` and `duration`
-  config:
     - name: steps
       required:
       default: 1000
       value_in_examples:
       description: |
         Number of steps the release should be broken into
-  config:
     - name: upstream_host
       required:
       default:
       value_in_examples:
       description: |
         Target hostname where traffic will be routed, required if `upstream_uri` is not set
-  config:
     - name: upstream_uri
       required:
       default:
       value_in_examples:
       description: |
         Upstream URI where traffic will be routed, required if `upstream_host` is not set
-  config:
     - name: hash
       required:
       default: consumer
diff --git a/app/_hub/kong-inc/canary/index.md b/app/_hub/kong-inc/canary/index.md
index 29bdf83023a3..090acf5d53a3 100644
--- a/app/_hub/kong-inc/canary/index.md
+++ b/app/_hub/kong-inc/canary/index.md
@@ -8,7 +8,10 @@ desc: Slowly roll out software changes to a subset of users
 description: |
   Reduce the risk of introducing a new software version in production by slowly rolling out the change to a small subset of users. This plugin also enables roll back to your original upstream service, or shift all traffic to the new version.
 
-  * [Detailed documentation for the Enterprise Canary Release Plugin](/enterprise/latest/plugins/canary-release/)
+enterprise: true
+type: plugin
+categories:
+  - traffic-control
 
 enterprise: true
 type: plugin
@@ -16,13 +19,9 @@ categories:
   - traffic-control
 
 kong_version_compatibility:
-    community_edition:
-      compatible:
     enterprise_edition:
       compatible:
         - 0.36-x
-        - 0.35-x
-        - 0.34-x
 
 params:
   name: canary
@@ -36,43 +35,49 @@ params:
       default:
       value_in_examples:
       description: |
-        Future time in seconds since epoch, when the release will start (ignored when `percentage` is set)
-  config:
+        Future time in seconds since epoch, when the release will start (ignored when percentage is set, or when using whitelist or blacklist)
     - name: duration
       required:
       default: 3600
       value_in_examples:
       description: |
-        How long, in seconds, should the transition take (ignored when `percentage` is set)
-  config:
+       The duration of the transition in seconds. (Ignored when the percentage is set or when using whitelist or blacklist)
     - name: percentage
       required:
       default:
       value_in_examples:
       description: |
         Fixed % of traffic to be routed to new target, if given overrides `start` and `duration`
-  config:
     - name: steps
       required:
       default: 1000
       value_in_examples:
       description: |
         Number of steps the release should be broken into
-  config:
     - name: upstream_host
       required:
       default:
       value_in_examples:
       description: |
-        Target hostname where traffic will be routed, required if `upstream_uri` is not set
-  config:
+        The target hostname where traffic will be routed. (Required if `upstream_uri/port` is not set.)
+    - name: upstream_fallback
+      required:
+      default: false
+      value_in_examples:
+      description: |
+        Whether the plugin will fallback to the original upstream if the Canary Upstream doesn't have at least one healthy target. (`upstream_host` must point to a valid Kong Upstream entity.)
+    - name: upstream_port
+      required:
+      default:
+      value_in_examples:
+      description: |
+        The target port where traffic will be routed. (Required if `upstream_uri/host` is not set.)
     - name: upstream_uri
       required:
       default:
       value_in_examples:
       description: |
-        Upstream URI where traffic will be routed, required if `upstream_host` is not set
-  config:
+        The Upstream URI where traffic will be routed. (Required if `upstream_host/port` is not set.)
     - name: hash
       required:
       default: consumer
@@ -84,32 +89,79 @@ params:
 
 ### Usage
 
-The plugin will route traffic to 2 different upstream services, referred to as A and B. The location of service A will be defined by the `upstream_url` property of the api the plugin is configured on. The location of service B is defined by the `config.upstream_host` or `config.upstream_uri` as configured on the plugin.
+The Canary Release plugin allows you to route traffic to two separate upstream 
+**Services** referred to as _Service A_ and _Service B_. The location of _Service A_
+is defined by the `service` entity for the request being proxied. The location
+of _Service B_ is defined by the 
+`config.upstream_host`, `config.upstream_port`, and/or `config.upstream_uri` as
+configured on the plugin.
+
+There are 3 modes of operation:
+
+1. Set a fixed percentage to be routed to _Service B_. See parameter
+   `config.percentage`.
+2. Define a whitelist or blacklist group comprised of Consumers with allowed or denied access to _Service B_.
+   The Consumer-group association can be configured using the ACL plugin.
+3. Set a period (in linear time) over which the traffic will be transferred
+   from _Service A_ to _Service B_. See parameters `config.start` and 
+   `config.duration`.
+
+### Determining Where to Route a Request
+
+(This does not apply to whitelisting or blacklisting)
+
+The Canary Release plugin defines a number of "buckets" (`config.steps`). 
+Each of these buckets can be routed to either _Service A_ or _Service B_.
 
-There are 2 modes of operation:
+For example: If you set `config.steps` to 100 steps, and `percentage` to 10%, 
+Canary will create 100 "buckets", 10 of which will be routed to _Service B_, 
+while the other 90 will remain routed to _Service A_.
 
-1. Set a fixed percentage to be routed to destination B. See parameter `config.percentage`.
-2. Set a period over which (in linear time) the traffic will be moved over from destination A to B. See parameters `config.start` and `config.duration`.
+The `config.hash` parameter determines which requests end up in a specific bucket. 
+When set to `consumer`, Canary ensures each Consumer will 
+consistently end up in the same bucket. The effect is that once a Consumer's bucket 
+switches to _Service B_, it will then always go to 
+_Service B_, and will not "flip-flop" between A and B. Alternatively if it is set to
+`ip` then the same concept applies but on the basis of the originating IP address.
 
-### Determining where to route a request
+When using either the `consumer` or `ip` setting, if any specific Consumer or IP 
+is responsible for more than the average percentage of traffic, the migration 
+may not be evenly distributed, e.g., if the percentage is set to 50%, then 50% of 
+either the Consumers or IPs will be rerouted, but not necessarily 50% of the total requests.
 
-The plugin defines a number of "buckets" (`config.steps`). Each of those can be routed to either A or B. For example: 100 steps, and `percentage` at 10%. Then 100 buckets will be created, of which 10 will be routed to upstream B, and 90 will remain at A.
+When set to `none` the requests will be evenly distributed; each bucket 
+will get the same number of requests, but a Consumer or IP might flip-flop between 
+_Service A_ and _Service B_ on consecutive requests.
 
-Which requests end up in a specific bucket is determined by the `config.hash` parameter. When set to consumer then it is made sure that each consumer will consistently end up in the same bucket. The effect being that once a bucket a consumer belongs to is switched to B, it will then always go to B, and a `consumer` will not "flip-flop" between A and B. Alternatively if it is set to `ip` then the same concept applies, but based on the originating ip address.
+Canary provides an automatic fallback if, for some reason, a Consumer or IP can 
+not be identified. The fall-back order is be `consumer`->`ip`->`none`.
 
-The downside of `consumer` and `ip` is that if any specific consumer or ip is responsible for a more than average part of the load, the migration is not nicely distributed. Eg. with percentage set to 50%, then 50% of either the consumers or ips are rerouted, but not necessarily 50% of the requests.
+### Finalizing the Canary
 
-When set to `none` then the requests will be nicely distributed, each bucket will get the same number of requests, but in this case a consumer or ip might be flip-flopping between destination A and B on consecutive requests.
+Once the Canary is complete, either going to 100% for a percentage-based Canary, 
+or when the timed Canary has reached 100%, the configuration will need to be updated.
+Note: if the plugin is configured on a `route`, then all routes for the current
+`service` must have completed the Canary. 
 
-In any case there is an automatic fallback in case a consumer or ip could not be identified for some reason. The fall-back order will be `consumer`->`ip`->`none`.
+1. Update the `service` entity to point to _Service B_ by matching it to the URL as 
+specified by `config.upstream_host`, `config.upstream_uri`, and  `config.upstream_port`.
+2. Remove the Canary plugin with a `DELETE` request.
 
-### Finalizing the canary
+Removing or disabling the Canary Release plugin before the Canary is complete will
+instantly switch all traffic to _Service A_.
 
-Once the canary is complete, either going to 100% for a percent-based canary, or after the timed canary reached 100%, the configuration needs to be updated.
 
-This takes 2 steps:
+### Upstream Healthchecks
 
-1. Update location A to point to location B. This can be done by a PATCH request on the API where the `upstream_url` property is updated to the url as specified by `config.upstream_host` or `config.upstream_uri` (or location B).
-2. Since now the location A and B are the same, the canary plugin can now be removed from the system with a `DELETE` request.
+The configuration item `upstream_fallback` uses 
+[**Upstream Healthchecks**]({{page.kong_version}}/admin-api/#upstream-objects) 
+to skip applying the Canary upstream if it does not have at least one healthy 
+target. For this configuration to take effect, the following conditions must be met:
 
-If the canary was not complete yet, then executing those steps prematurely, will instantly switch 100% of traffic to the new location (B).
+ - As this configuration relies on Kong's balancer (and healthchecks), 
+ the name specified in `config.upstream_host` must point to a valid Kong Upstream 
+ object
+ - [**Healthchecks**]({{page.kong_version}}/health-checks-circuit-breakers/) are 
+ enabled in the canary upstream, i.e., the upstream specified in `upstream_host` 
+ needs to have healthchecks enabled it. It works with both passive and active 
+ healthchecks.
diff --git a/app/_hub/kong-inc/correlation-id/index.md b/app/_hub/kong-inc/correlation-id/index.md
index 8e715f6c3dd8..1f32726b91c0 100644
--- a/app/_hub/kong-inc/correlation-id/index.md
+++ b/app/_hub/kong-inc/correlation-id/index.md
@@ -14,6 +14,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
diff --git a/app/_hub/kong-inc/cors/index.md b/app/_hub/kong-inc/cors/index.md
index 7e53ad0141cb..9f0bd657dbe3 100644
--- a/app/_hub/kong-inc/cors/index.md
+++ b/app/_hub/kong-inc/cors/index.md
@@ -22,6 +22,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
diff --git a/app/_hub/kong-inc/datadog/index.md b/app/_hub/kong-inc/datadog/index.md
index ab4c3c7ff20c..82e068e00454 100644
--- a/app/_hub/kong-inc/datadog/index.md
+++ b/app/_hub/kong-inc/datadog/index.md
@@ -23,6 +23,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
diff --git a/app/_hub/kong-inc/file-log/index.md b/app/_hub/kong-inc/file-log/index.md
index 5653452eba59..dee2c82880a7 100644
--- a/app/_hub/kong-inc/file-log/index.md
+++ b/app/_hub/kong-inc/file-log/index.md
@@ -28,6 +28,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
@@ -57,7 +58,7 @@ params:
   service_id: true
   route_id: true
   consumer_id: true
-  protocols: ["http", "https"]
+  protocols: ["http", "https", "grpc", "grpcs"]
   dbless_compatible: yes
   config:
     - name: path
diff --git a/app/_hub/kong-inc/hmac-auth/index.md b/app/_hub/kong-inc/hmac-auth/index.md
index 7f94b6f4dae0..690184fc426a 100644
--- a/app/_hub/kong-inc/hmac-auth/index.md
+++ b/app/_hub/kong-inc/hmac-auth/index.md
@@ -28,6 +28,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
diff --git a/app/_hub/kong-inc/http-log/index.md b/app/_hub/kong-inc/http-log/index.md
index 7e2201b5f8ae..17e217c68ca6 100644
--- a/app/_hub/kong-inc/http-log/index.md
+++ b/app/_hub/kong-inc/http-log/index.md
@@ -22,6 +22,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
@@ -51,7 +52,7 @@ params:
   service_id: true
   route_id: true
   consumer_id: true
-  protocols: ["http", "https"]
+  protocols: ["http", "https", "grpc", "grpcs"]
   dbless_compatible: yes
   config:
     - name: http_endpoint
diff --git a/app/_hub/kong-inc/ip-restriction/index.md b/app/_hub/kong-inc/ip-restriction/index.md
index 0ca741082010..ebf715674388 100644
--- a/app/_hub/kong-inc/ip-restriction/index.md
+++ b/app/_hub/kong-inc/ip-restriction/index.md
@@ -14,6 +14,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
diff --git a/app/_hub/kong-inc/jwt/index.md b/app/_hub/kong-inc/jwt/index.md
index fb3039e5fdb5..1196b653b87a 100644
--- a/app/_hub/kong-inc/jwt/index.md
+++ b/app/_hub/kong-inc/jwt/index.md
@@ -28,6 +28,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
diff --git a/app/_hub/kong-inc/key-auth/index.md b/app/_hub/kong-inc/key-auth/index.md
index 75da5ae57038..2582ab1d5155 100644
--- a/app/_hub/kong-inc/key-auth/index.md
+++ b/app/_hub/kong-inc/key-auth/index.md
@@ -22,6 +22,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
@@ -63,7 +64,7 @@ params:
       required: false
       default: "`apikey`"
       description: |
-        Describes an array of parameter names where the plugin will look for a key. The client must send the authentication key in one of those key names, and the plugin will try to read the credential from a header or the querystring parameter with the same name.<br>*note*: the key names may only contain [a-z], [A-Z], [0-9], [_] and [-]. Underscores are not permitted for keys in headers due to [additional restrictions in the NGINX defaults](http://nginx.org/en/docs/http/ngx_http_core_module.html#ignore_invalid_headers).
+        Describes an array of parameter names where the plugin will look for a key. The client must send the authentication key in one of those key names, and the plugin will try to read the credential from a header or the querystring parameter with the same name.<br>*note*: the key names may only contain [a-z], [A-Z], [0-9], [_] and [-].
     - name: key_in_body
       required: false
       default: "`false`"
diff --git a/app/_hub/kong-inc/kubernetes-sidecar-injector/index.md b/app/_hub/kong-inc/kubernetes-sidecar-injector/index.md
index fcc385de8e1d..595b850bab17 100644
--- a/app/_hub/kong-inc/kubernetes-sidecar-injector/index.md
+++ b/app/_hub/kong-inc/kubernetes-sidecar-injector/index.md
@@ -18,6 +18,9 @@ kong_version_compatibility:
       compatible:
         - 1.2.x
         - 1.1.x
+    enterprise_edition:
+      compatible:
+        - 0.36-x
 
 params:
   name: kubernetes-sidecar-injector
diff --git a/app/_hub/kong-inc/ldap-auth/index.md b/app/_hub/kong-inc/ldap-auth/index.md
index 818de7f08704..b99a0faa336b 100644
--- a/app/_hub/kong-inc/ldap-auth/index.md
+++ b/app/_hub/kong-inc/ldap-auth/index.md
@@ -22,6 +22,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
diff --git a/app/_hub/kong-inc/loggly/index.md b/app/_hub/kong-inc/loggly/index.md
index 226d1108b58b..c20657e1a8bf 100644
--- a/app/_hub/kong-inc/loggly/index.md
+++ b/app/_hub/kong-inc/loggly/index.md
@@ -14,6 +14,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
@@ -40,7 +41,7 @@ params:
   service_id: true
   route_id: true
   consumer_id: true
-  protocols: ["http", "https"]
+  protocols: ["http", "https", "grpc", "grpcs"]
   dbless_compatible: yes
   config:
     - name: host
diff --git a/app/_hub/kong-inc/mtls-auth/index.md b/app/_hub/kong-inc/mtls-auth/index.md
index e957a460cb74..0c826339f78a 100644
--- a/app/_hub/kong-inc/mtls-auth/index.md
+++ b/app/_hub/kong-inc/mtls-auth/index.md
@@ -57,6 +57,22 @@ then the response will be `HTTP 401` "No required TLS certificate was sent". Tha
 option was configured on the plugin, in which case the anonymous **Consumer** will be used
 and the request will be allowed to proceed.
 
+### Adding certificate authorities
+
+In order to use this plugin, you must add certificate authority certificates. These are stored in a separate ca-certificates store rather than the main certificates store, as they do not require private keys. To add one, obtain a PEM-encoded copy of your CA certificate and POST it to `/ca_certificates`:
+
+```bash
+$ curl -sX POST https://kong:8001/ca_certificates -F cert=@cert.pem
+{
+  "tags": null,
+  "created_at": 1566597621,
+  "cert": "-----BEGIN CERTIFICATE-----\FullPEMOmittedForBrevity==\n-----END CERTIFICATE-----\n",
+  "id": "322dce96-d434-4e0d-9038-311b3520f0a3"
+}
+```
+
+The `id` value returned can now be used for mTLS plugin configurations or consumer mappings.
+
 ### Create manual mappings between certificate and Consumer object
 
 Sometimes you may not wish to use automatic Consumer lookup or you have certificates
diff --git a/app/_hub/kong-inc/oauth2/index.md b/app/_hub/kong-inc/oauth2/index.md
index a5f809c26d34..143a16d266bd 100644
--- a/app/_hub/kong-inc/oauth2/index.md
+++ b/app/_hub/kong-inc/oauth2/index.md
@@ -34,6 +34,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
diff --git a/app/_hub/kong-inc/openid-connect/0.32-x.md b/app/_hub/kong-inc/openid-connect/0.32-x.md
index 03973ec4199d..0452521595e9 100644
--- a/app/_hub/kong-inc/openid-connect/0.32-x.md
+++ b/app/_hub/kong-inc/openid-connect/0.32-x.md
@@ -1720,266 +1720,200 @@ that this usage example is for testing purposes and that you should
 not send confidential information to `httpbin.org` that is used here
 for illustrative purposes.
 
-##### 1. Creating the API
+#### 1. Creating a Service and Route
 
-To create an API we execute the following command:
+To create a Service, issue the following command:
 
 ```bash
-$ http post :8001/apis                          \
+$ http post :8001/services                      \
     name=openid-connect-demo                    \
-    uris=/                                      \
-    upstream_url=http://httpbin.org/anything -v
-```
-```http
-POST /apis HTTP/1.1
-Accept: application/json, */*
-Accept-Encoding: gzip, deflate
-Connection: keep-alive
-Content-Length: 91
-Content-Type: application/json
-Host: localhost:8001
-User-Agent: HTTPie/0.9.9
+    url=http://httpbin.org/anything
 ```
+
+The response should be structured like so:
+
 ```json
 {
-    "name": "openid-connect-demo",
-    "upstream_url": "http://httpbin.org/anything",
-    "uris": "/"
+  "connect_timeout": 60000,
+  "created_at": 1535539722,
+  "host": "httpbin.org",
+  "id": "903978c9-2472-4a04-aff5-d9ba13821e64",
+  "name": "httpbin",
+  "path": "/anything",
+  "port": 80,
+  "protocol": "http",
+  "read_timeout": 60000,
+  "retries": 5,
+  "updated_at": 1535539722,
+  "write_timeout": 60000
 }
 ```
-```http
-HTTP/1.1 201 Created
-Access-Control-Allow-Origin: *
-Connection: keep-alive
-Content-Type: application/json; charset=utf-8
-Date: Mon, 14 Aug 2017 17:09:43 GMT
-Server: kong/0.10.3
-Transfer-Encoding: chunked
+
+Then, to add a Route, issue the following command:
+
+```bash
+$ http :8001/services/httpbin/routes paths:='["/"]' protocols:='["http"]'
 ```
+
+The response should be structured like so:
+
 ```json
 {
-    "created_at": 1502730583000,
-    "http_if_terminated": false,
-    "https_only": false,
-    "id": "f5331dd8-4dc8-4272-8537-199598e660ad",
-    "name": "openid-connect-demo",
-    "preserve_host": false,
-    "retries": 5,
-    "strip_uri": true,
-    "upstream_connect_timeout": 60000,
-    "upstream_read_timeout": 60000,
-    "upstream_send_timeout": 60000,
-    "upstream_url": "http://httpbin.org/anything",
-    "uris": [
-        "/"
-    ]
+  "created_at": 1536698521,
+  "hosts": null,
+  "id": "17b83376-b69d-4638-9b53-13184018eaf6",
+  "methods": null,
+  "paths": [
+    "/"
+  ],
+  "preserve_host": false,
+  "protocols": [
+    "http"
+  ],
+  "regex_priority": 0,
+  "service": {
+    "id": "903978c9-2472-4a04-aff5-d9ba13821e64"
+  },
+  "strip_path": true,
+  "updated_at": 1536698521
 }
 ```
 
-##### 2. Checking the API
-
-Check that the API works by issuing the following command:
+Save the Route ID
 
 ```bash
-$ http :8000 -v
+$ export ROUTE_ID=<the id from the response above>
+$ echo $ROUTE_ID
 ```
+ 
+#### 2. Verify Response with and without Kong 
 
-And you should get output similar to this:
+Verify that you can make a direct call to `http://httpbin.org/anything` _without_ proxying through Kong by issuing the following command:
 
-```http
-GET / HTTP/1.1
-Accept: */*
-Accept-Encoding: gzip, deflate
-Connection: keep-alive
-Host: localhost:8000
-User-Agent: HTTPie/0.9.9
-```
-```http
-HTTP/1.1 200 OK
-Access-Control-Allow-Credentials: true
-Access-Control-Allow-Origin: *
-Connection: keep-alive
-Content-Length: 390
-Content-Type: application/json
-Date: Mon, 14 Aug 2017 17:12:16 GMT
-Server: meinheld/0.6.1
-Via: kong/0.10.3
-X-Kong-Proxy-Latency: 181
-X-Kong-Upstream-Latency: 828
-X-Powered-By: Flask
-X-Processed-Time: 0.00134587287903
+```bash
+$ http get http://httpbin.org/anything
 ```
+
+The response should be `HTTP 200 OK` and appear like so:
+
 ```json
 {
-    "args": {},
-    "data": "",
-    "files": {},
-    "form": {},
-    "headers": {
-        "Accept": "*/*",
-        "Accept-Encoding": "gzip, deflate",
-        "Connection": "close",
-        "Host": "httpbin.org",
-        "User-Agent": "HTTPie/0.9.9",
-        "X-Forwarded-Host": "localhost"
-    },
-    "json": null,
-    "method": "GET",
-    "origin": "127.0.0.1, 37.33.72.184",
-    "url": "http://localhost/anything"
+  "args": {},
+  "data": "",
+  "files": {},
+  "form": {},
+  "headers": {
+    "Accept": "*/*",
+    "Accept-Encoding": "gzip, deflate",
+    "Connection": "close",
+    "Host": "httpbin.org",
+    "User-Agent": "HTTPie/0.9.9"
+  },
+  "json": null,
+  "method": "GET",
+  "origin": "52.70.213.138",
+  "url": "http://httpbin.org/anything"
 }
-```
 
-##### 3. Enabling the Plugin
+```
 
-To enable `openid-connect` plugin for the API,
-execute the following command (on production you
-shouldn't disable SSL verification):
+Verify that Kong successfully proxies through Kong by issuing the following command:
 
 ```bash
-$ http post :8001/apis/openid-connect-demo/plugins  \
-    name=openid-connect                             \
-    config.issuer=<ISSUER>                          \
-    config.client_id=<CLIENT_ID>                    \
-    config.client_secret=<CLIENT_SECRET>            \
-    config.redirect_uri=<REDIRECT_URI>              \
-    config.ssl_verify=false -v
+$ http get 127.0.0.1:8000
 ```
 
-On successful call you will get output similar to this:
-
-```http
-POST /apis/openid-connect-demo/plugins HTTP/1.1
-Accept: application/json, */*
-Accept-Encoding: gzip, deflate
-Connection: keep-alive
-Content-Length: 256
-Content-Type: application/json
-Host: localhost:8001
-User-Agent: HTTPie/0.9.9
-```
+The response should be `HTTP 200 OK` and appear like so:
+
 ```json
 {
-    "config.client_id": "ATdm9WUNmfGzdE0pyRApY66pnfHVJNMI",
-    "config.client_secret": "kaSFMAJSEQVlYl4Crvf4Sl9WIM0rP3gVxbhT3GAhPDTzRbzxKh3pxHnNWMhhRrcN",
-    "config.issuer": "https://kong-demo.eu.auth0.com/",
-    "config.ssl_verify": "false",
-    "name": "openid-connect"
+  "args": {},
+  "data": "",
+  "files": {},
+  "form": {},
+  "headers": {
+    "Accept": "*/*",
+    "Accept-Encoding": "gzip, deflate",
+    "Connection": "close",
+    "Host": "httpbin.org",
+    "User-Agent": "HTTPie/0.9.9",
+    "X-Forwarded-Host": "127.0.0.1"
+  },
+  "json": null,
+  "method": "GET",
+  "origin": "172.19.0.1, 23.96.32.228",
+  "url": "http://127.0.0.1/anything"
 }
 ```
-```http
-HTTP/1.1 201 Created
-Access-Control-Allow-Origin: *
-Connection: keep-alive
-Content-Type: application/json; charset=utf-8
-Date: Mon, 14 Aug 2017 17:22:27 GMT
-Server: kong/0.10.3
-Transfer-Encoding: chunked
+
+#### 3. Secure the Service with OIDC
+
+To enable the OIDC Plugin for the Service, execute the following 
+command, but note that SSL verification is disabled here for 
+testing purposes only:
+
+```bash
+http post :8001/services/httpbin/plugins \
+  name=openid-connect                             \
+  config.issuer=<ISSUER>                          \
+  config.client_id=<CLIENT_ID>                    \
+  config.client_secret=<CLIENT_SECRET>            \
+  config.redirect_uri=<REDIRECT_URI>              \
+  config.ssl_verify=false -v
 ```
+
+On successful `HTTP 200 OK`, the response will be similar to:
+
 ```json
 {
-    "api_id": "f5331dd8-4dc8-4272-8537-199598e660ad",
-    "config": {
-        "auth_methods": [
-            "password",
-            "client_credentials",
-            "authorization_code",
-            "bearer",
-            "introspection",
-            "kong_oauth2",
-            "refresh_token",
-            "session"
-        ],
-        "client_id": [
-            "<CLIENT_ID>"
-        ],
-        "client_secret": [
-            "<CLIENT_SECRET>"
-        ],
-        "consumer_by": [
-            "username",
-            "custom_id"
-        ],
-        "http_version": 1.1,
-        "id_token_param_type": [
-            "query",
-            "header",
-            "body"
-        ],
-        "issuer": "<ISSUER>",
-        "leeway": 0,
-        "login_action": "upstream",
-        "login_tokens": [
-            "id_token"
-        ],
-        "response_mode": "query",
-        "reverify": false,
-        "scopes": [
-            "openid"
-        ],
-        "ssl_verify": false,
-        "timeout": 10000,
-        "upstream_access_token_header": "authorization:bearer",
-        "verify_claims": true,
-        "verify_nonce": true,
-        "verify_parameters": true,
-        "verify_signature": true
-    },
-    "created_at": 1502731347000,
+  "config": {
+    "audience_claim": [
+      "aud"
+    ],
+    "client_id": [
+      "kong"
+    ],
+    "client_secret": [
+      "b8068d7d-d7bf-4b23-8724-881ee49bdbfd"
+    ],
+    "consumer_by": [
+      "username",
+      "custom_id"
+    ],
+    "introspect_jwt_tokens": false,
+    "introspection_hint": "access_token",
+    "issuer": "http://ip10-0-0-3-bec2g5kmeb6ge43qmuc0-8080.direct.konglabs-s3.simplru.com/auth/realms/master",
+    "created_at": 1536700540000,
     "enabled": true,
-    "id": "4a91a0ef-1632-491d-a4e3-b8f98f75dcda",
-    "name": "openid-connect"
+    "id": "6836ba3c-12e0-4f2e-bdfd-88134eaa1786",
+    "name": "openid-connect",
+    "service_id": "903978c9-2472-4a04-aff5-d9ba13821e64"
+  }
 }
 ```
 
-##### 4. Try the API
+#### 4. Verify that Authorization is Now Required
+
+Attempt the following command without authorization:
 
 ```bash
-$ http :8000 -v
+$ http get :8000/anything
 ```
 
-As you might have expected, it doesn't work anymore:
+It will result in:
 
-```http
-GET / HTTP/1.1
-Accept: */*
-Accept-Encoding: gzip, deflate
-Connection: keep-alive
-Host: localhost:8000
-User-Agent: HTTPie/0.9.9
 ```
-
-as it gives this redirect as a reply:
-
-```http
-HTTP/1.1 302 Moved Temporarily
-Connection: keep-alive
-Content-Length: 167
-Content-Type: text/html
-Date: Mon, 14 Aug 2017 17:24:59 GMT
-Location: https://<ISSUER>/authorize?scope=openid&client_id=<CLIENT_ID>&response_mode=query&state=y2J74-KJFzogFXEtWgwDzl-Y&nonce=J-Ylp3E4dIQIhgutGFo3JOOU&redirect_uri=<REDIRECT_URI>&response_type=code
-Server: kong/0.10.3
-Set-Cookie: authorization=<COOKIE>; Path=/; HttpOnly
-```
-```
-<html>
-  <head><title>302 FoundDDD</title></head>
-  <body bgcolor="white">
-    <center><h1>302 Found</h1></center>
-    <hr><center>openresty/1.11.2.2</center>
-  </body>
-</html>
+HTTP 301 Moved Temporarily
 ```
 
 Now, at this point you could try to open the page using a browser and
 see if you can go through the authorization code flow, and after that
-get an reply from httpbin.org. Please check that your redirect uri is
-correctly registered as the identity provider should redirect the
-browser back to Kong url where this plugin is enabled (it can be the same
-API or it can be different API).
+get a reply from `httpbin.org`. Please check that your redirect URI parameter is
+correctly set, since the identity provider should redirect the
+user back to this URI once authentication is successful. (The URI can be the same
+Service or a different one).
 
-You could also try another ways, like for example password grant
-(and please try other authentication methods as well):
+You could also try another way; for example, password grant:
 
 ```bash
 $ http :8000 Authorization:"Basic <username>:<password>"
@@ -2007,6 +1941,7 @@ $ http patch :8001/plugins/<PLUGIN_ID>
 And make an authenticated request again to see how this affects
 the request and response headers.
 
+
 ### Compatibility
 
 The library behind these plugins have been tested with several OpenID
diff --git a/app/_hub/kong-inc/openid-connect/0.33-x.md b/app/_hub/kong-inc/openid-connect/0.33-x.md
index 8de3909d116a..7aacab5e1389 100644
--- a/app/_hub/kong-inc/openid-connect/0.33-x.md
+++ b/app/_hub/kong-inc/openid-connect/0.33-x.md
@@ -1710,266 +1710,200 @@ that this usage example is for testing purposes and that you should
 not send confidential information to `httpbin.org` that is used here
 for illustrative purposes.
 
-#### 1. Creating the API
+#### 1. Creating a Service and Route
 
-To create an API we execute the following command:
+To create a Service, issue the following command:
 
 ```bash
-$ http post :8001/apis                          \
+$ http post :8001/services                      \
     name=openid-connect-demo                    \
-    uris=/                                      \
-    upstream_url=http://httpbin.org/anything -v
-```
-```http
-POST /apis HTTP/1.1
-Accept: application/json, */*
-Accept-Encoding: gzip, deflate
-Connection: keep-alive
-Content-Length: 91
-Content-Type: application/json
-Host: localhost:8001
-User-Agent: HTTPie/0.9.9
+    url=http://httpbin.org/anything
 ```
+
+The response should be structured like so:
+
 ```json
 {
-    "name": "openid-connect-demo",
-    "upstream_url": "http://httpbin.org/anything",
-    "uris": "/"
+  "connect_timeout": 60000,
+  "created_at": 1535539722,
+  "host": "httpbin.org",
+  "id": "903978c9-2472-4a04-aff5-d9ba13821e64",
+  "name": "httpbin",
+  "path": "/anything",
+  "port": 80,
+  "protocol": "http",
+  "read_timeout": 60000,
+  "retries": 5,
+  "updated_at": 1535539722,
+  "write_timeout": 60000
 }
 ```
-```http
-HTTP/1.1 201 Created
-Access-Control-Allow-Origin: *
-Connection: keep-alive
-Content-Type: application/json; charset=utf-8
-Date: Mon, 14 Aug 2017 17:09:43 GMT
-Server: kong/0.10.3
-Transfer-Encoding: chunked
+
+Then, to add a Route, issue the following command:
+
+```bash
+$ http :8001/services/httpbin/routes paths:='["/"]' protocols:='["http"]'
 ```
+
+The response should be structured like so:
+
 ```json
 {
-    "created_at": 1502730583000,
-    "http_if_terminated": false,
-    "https_only": false,
-    "id": "f5331dd8-4dc8-4272-8537-199598e660ad",
-    "name": "openid-connect-demo",
-    "preserve_host": false,
-    "retries": 5,
-    "strip_uri": true,
-    "upstream_connect_timeout": 60000,
-    "upstream_read_timeout": 60000,
-    "upstream_send_timeout": 60000,
-    "upstream_url": "http://httpbin.org/anything",
-    "uris": [
-        "/"
-    ]
+  "created_at": 1536698521,
+  "hosts": null,
+  "id": "17b83376-b69d-4638-9b53-13184018eaf6",
+  "methods": null,
+  "paths": [
+    "/"
+  ],
+  "preserve_host": false,
+  "protocols": [
+    "http"
+  ],
+  "regex_priority": 0,
+  "service": {
+    "id": "903978c9-2472-4a04-aff5-d9ba13821e64"
+  },
+  "strip_path": true,
+  "updated_at": 1536698521
 }
 ```
 
-#### 2. Checking the API
-
-Check that the API works by issuing the following command:
+Save the Route ID
 
 ```bash
-$ http :8000 -v
+$ export ROUTE_ID=<the id from the response above>
+$ echo $ROUTE_ID
 ```
+ 
+#### 2. Verify Response with and without Kong 
 
-And you should get output similar to this:
+Verify that you can make a direct call to `http://httpbin.org/anything` _without_ proxying through Kong by issuing the following command:
 
-```http
-GET / HTTP/1.1
-Accept: */*
-Accept-Encoding: gzip, deflate
-Connection: keep-alive
-Host: localhost:8000
-User-Agent: HTTPie/0.9.9
-```
-```http
-HTTP/1.1 200 OK
-Access-Control-Allow-Credentials: true
-Access-Control-Allow-Origin: *
-Connection: keep-alive
-Content-Length: 390
-Content-Type: application/json
-Date: Mon, 14 Aug 2017 17:12:16 GMT
-Server: meinheld/0.6.1
-Via: kong/0.10.3
-X-Kong-Proxy-Latency: 181
-X-Kong-Upstream-Latency: 828
-X-Powered-By: Flask
-X-Processed-Time: 0.00134587287903
+```bash
+$ http get http://httpbin.org/anything
 ```
+
+The response should be `HTTP 200 OK` and appear like so:
+
 ```json
 {
-    "args": {},
-    "data": "",
-    "files": {},
-    "form": {},
-    "headers": {
-        "Accept": "*/*",
-        "Accept-Encoding": "gzip, deflate",
-        "Connection": "close",
-        "Host": "httpbin.org",
-        "User-Agent": "HTTPie/0.9.9",
-        "X-Forwarded-Host": "localhost"
-    },
-    "json": null,
-    "method": "GET",
-    "origin": "127.0.0.1, 37.33.72.184",
-    "url": "http://localhost/anything"
+  "args": {},
+  "data": "",
+  "files": {},
+  "form": {},
+  "headers": {
+    "Accept": "*/*",
+    "Accept-Encoding": "gzip, deflate",
+    "Connection": "close",
+    "Host": "httpbin.org",
+    "User-Agent": "HTTPie/0.9.9"
+  },
+  "json": null,
+  "method": "GET",
+  "origin": "52.70.213.138",
+  "url": "http://httpbin.org/anything"
 }
-```
 
-#### 3. Enabling the Plugin
+```
 
-To enable `openid-connect` plugin for the API,
-execute the following command (on production you
-shouldn't disable SSL verification):
+Verify that Kong successfully proxies through Kong by issuing the following command:
 
 ```bash
-$ http post :8001/apis/openid-connect-demo/plugins  \
-    name=openid-connect                             \
-    config.issuer=<ISSUER>                          \
-    config.client_id=<CLIENT_ID>                    \
-    config.client_secret=<CLIENT_SECRET>            \
-    config.redirect_uri=<REDIRECT_URI>              \
-    config.ssl_verify=false -v
+$ http get 127.0.0.1:8000
 ```
 
-On successful call you will get output similar to this:
-
-```http
-POST /apis/openid-connect-demo/plugins HTTP/1.1
-Accept: application/json, */*
-Accept-Encoding: gzip, deflate
-Connection: keep-alive
-Content-Length: 256
-Content-Type: application/json
-Host: localhost:8001
-User-Agent: HTTPie/0.9.9
-```
+The response should be `HTTP 200 OK` and appear like so:
+
 ```json
 {
-    "config.client_id": "ATdm9WUNmfGzdE0pyRApY66pnfHVJNMI",
-    "config.client_secret": "kaSFMAJSEQVlYl4Crvf4Sl9WIM0rP3gVxbhT3GAhPDTzRbzxKh3pxHnNWMhhRrcN",
-    "config.issuer": "https://kong-demo.eu.auth0.com/",
-    "config.ssl_verify": "false",
-    "name": "openid-connect"
+  "args": {},
+  "data": "",
+  "files": {},
+  "form": {},
+  "headers": {
+    "Accept": "*/*",
+    "Accept-Encoding": "gzip, deflate",
+    "Connection": "close",
+    "Host": "httpbin.org",
+    "User-Agent": "HTTPie/0.9.9",
+    "X-Forwarded-Host": "127.0.0.1"
+  },
+  "json": null,
+  "method": "GET",
+  "origin": "172.19.0.1, 23.96.32.228",
+  "url": "http://127.0.0.1/anything"
 }
 ```
-```http
-HTTP/1.1 201 Created
-Access-Control-Allow-Origin: *
-Connection: keep-alive
-Content-Type: application/json; charset=utf-8
-Date: Mon, 14 Aug 2017 17:22:27 GMT
-Server: kong/0.10.3
-Transfer-Encoding: chunked
+
+#### 3. Secure the Service with OIDC
+
+To enable the OIDC Plugin for the Service, execute the following 
+command, but note that SSL verification is disabled here for 
+testing purposes only:
+
+```bash
+http post :8001/services/httpbin/plugins \
+  name=openid-connect                             \
+  config.issuer=<ISSUER>                          \
+  config.client_id=<CLIENT_ID>                    \
+  config.client_secret=<CLIENT_SECRET>            \
+  config.redirect_uri=<REDIRECT_URI>              \
+  config.ssl_verify=false -v
 ```
+
+On successful `HTTP 200 OK`, the response will be similar to:
+
 ```json
 {
-    "api_id": "f5331dd8-4dc8-4272-8537-199598e660ad",
-    "config": {
-        "auth_methods": [
-            "password",
-            "client_credentials",
-            "authorization_code",
-            "bearer",
-            "introspection",
-            "kong_oauth2",
-            "refresh_token",
-            "session"
-        ],
-        "client_id": [
-            "<CLIENT_ID>"
-        ],
-        "client_secret": [
-            "<CLIENT_SECRET>"
-        ],
-        "consumer_by": [
-            "username",
-            "custom_id"
-        ],
-        "http_version": 1.1,
-        "id_token_param_type": [
-            "query",
-            "header",
-            "body"
-        ],
-        "issuer": "<ISSUER>",
-        "leeway": 0,
-        "login_action": "upstream",
-        "login_tokens": [
-            "id_token"
-        ],
-        "response_mode": "query",
-        "reverify": false,
-        "scopes": [
-            "openid"
-        ],
-        "ssl_verify": false,
-        "timeout": 10000,
-        "upstream_access_token_header": "authorization:bearer",
-        "verify_claims": true,
-        "verify_nonce": true,
-        "verify_parameters": true,
-        "verify_signature": true
-    },
-    "created_at": 1502731347000,
+  "config": {
+    "audience_claim": [
+      "aud"
+    ],
+    "client_id": [
+      "kong"
+    ],
+    "client_secret": [
+      "b8068d7d-d7bf-4b23-8724-881ee49bdbfd"
+    ],
+    "consumer_by": [
+      "username",
+      "custom_id"
+    ],
+    "introspect_jwt_tokens": false,
+    "introspection_hint": "access_token",
+    "issuer": "http://ip10-0-0-3-bec2g5kmeb6ge43qmuc0-8080.direct.konglabs-s3.simplru.com/auth/realms/master",
+    "created_at": 1536700540000,
     "enabled": true,
-    "id": "4a91a0ef-1632-491d-a4e3-b8f98f75dcda",
-    "name": "openid-connect"
+    "id": "6836ba3c-12e0-4f2e-bdfd-88134eaa1786",
+    "name": "openid-connect",
+    "service_id": "903978c9-2472-4a04-aff5-d9ba13821e64"
+  }
 }
 ```
 
-#### 4. Try the API
+#### 4. Verify that Authorization is Now Required
+
+Attempt the following command without authorization:
 
 ```bash
-$ http :8000 -v
+$ http get :8000/anything
 ```
 
-As you might have expected, it doesn't work anymore:
+It will result in:
 
-```http
-GET / HTTP/1.1
-Accept: */*
-Accept-Encoding: gzip, deflate
-Connection: keep-alive
-Host: localhost:8000
-User-Agent: HTTPie/0.9.9
 ```
-
-as it gives this redirect as a reply:
-
-```http
-HTTP/1.1 302 Moved Temporarily
-Connection: keep-alive
-Content-Length: 167
-Content-Type: text/html
-Date: Mon, 14 Aug 2017 17:24:59 GMT
-Location: https://<ISSUER>/authorize?scope=openid&client_id=<CLIENT_ID>&response_mode=query&state=y2J74-KJFzogFXEtWgwDzl-Y&nonce=J-Ylp3E4dIQIhgutGFo3JOOU&redirect_uri=<REDIRECT_URI>&response_type=code
-Server: kong/0.10.3
-Set-Cookie: authorization=<COOKIE>; Path=/; HttpOnly
-```
-```html
-<html>
-  <head><title>302 Found</title></head>
-  <body bgcolor="white">
-    <center><h1>302 Found</h1></center>
-    <hr><center>openresty/1.11.2.2</center>
-  </body>
-</html>
+HTTP 301 Moved Temporarily
 ```
 
 Now, at this point you could try to open the page using a browser and
 see if you can go through the authorization code flow, and after that
-get an reply from httpbin.org. Please check that your redirect uri is
-correctly registered as the identity provider should redirect the
-browser back to Kong url where this plugin is enabled (it can be the same
-API or it can be different API).
+get a reply from `httpbin.org`. Please check that your redirect URI parameter is
+correctly set, since the identity provider should redirect the
+user back to this URI once authentication is successful. (The URI can be the same
+Service or a different one).
 
-You could also try another ways, like for example password grant
-(and please try other authentication methods as well):
+You could also try another way; for example, password grant:
 
 ```bash
 $ http :8000 Authorization:"Basic <username>:<password>"
@@ -1997,6 +1931,7 @@ $ http patch :8001/plugins/<PLUGIN_ID>
 And make an authenticated request again to see how this affects
 the request and response headers.
 
+
 ## Compatibility
 
 The library behind these plugins have been tested with several OpenID
diff --git a/app/_hub/kong-inc/openid-connect/0.34-x.md b/app/_hub/kong-inc/openid-connect/0.34-x.md
index 9ab15b7edcdc..2b21b67aaee8 100644
--- a/app/_hub/kong-inc/openid-connect/0.34-x.md
+++ b/app/_hub/kong-inc/openid-connect/0.34-x.md
@@ -2313,268 +2313,200 @@ not send confidential information to `httpbin.org` that is used here
 for illustrative purposes.
 
 
-#### 1. Creating the API
+#### 1. Creating a Service and Route
 
-To create an API we execute the following command:
+To create a Service, issue the following command:
 
 ```bash
-$ http post :8001/apis                          \
+$ http post :8001/services                      \
     name=openid-connect-demo                    \
-    uris=/                                      \
-    upstream_url=http://httpbin.org/anything -v
-```
-```http
-POST /apis HTTP/1.1
-Accept: application/json, */*
-Accept-Encoding: gzip, deflate
-Connection: keep-alive
-Content-Length: 91
-Content-Type: application/json
-Host: localhost:8001
-User-Agent: HTTPie/0.9.9
+    url=http://httpbin.org/anything
 ```
+
+The response should be structured like so:
+
 ```json
 {
-    "name": "openid-connect-demo",
-    "upstream_url": "http://httpbin.org/anything",
-    "uris": "/"
+  "connect_timeout": 60000,
+  "created_at": 1535539722,
+  "host": "httpbin.org",
+  "id": "903978c9-2472-4a04-aff5-d9ba13821e64",
+  "name": "httpbin",
+  "path": "/anything",
+  "port": 80,
+  "protocol": "http",
+  "read_timeout": 60000,
+  "retries": 5,
+  "updated_at": 1535539722,
+  "write_timeout": 60000
 }
 ```
-```http
-HTTP/1.1 201 Created
-Access-Control-Allow-Origin: *
-Connection: keep-alive
-Content-Type: application/json; charset=utf-8
-Date: Mon, 14 Aug 2017 17:09:43 GMT
-Server: kong/0.10.3
-Transfer-Encoding: chunked
+
+Then, to add a Route, issue the following command:
+
+```bash
+$ http :8001/services/httpbin/routes paths:='["/"]' protocols:='["http"]'
 ```
+
+The response should be structured like so:
+
 ```json
 {
-    "created_at": 1502730583000,
-    "http_if_terminated": false,
-    "https_only": false,
-    "id": "f5331dd8-4dc8-4272-8537-199598e660ad",
-    "name": "openid-connect-demo",
-    "preserve_host": false,
-    "retries": 5,
-    "strip_uri": true,
-    "upstream_connect_timeout": 60000,
-    "upstream_read_timeout": 60000,
-    "upstream_send_timeout": 60000,
-    "upstream_url": "http://httpbin.org/anything",
-    "uris": [
-        "/"
-    ]
+  "created_at": 1536698521,
+  "hosts": null,
+  "id": "17b83376-b69d-4638-9b53-13184018eaf6",
+  "methods": null,
+  "paths": [
+    "/"
+  ],
+  "preserve_host": false,
+  "protocols": [
+    "http"
+  ],
+  "regex_priority": 0,
+  "service": {
+    "id": "903978c9-2472-4a04-aff5-d9ba13821e64"
+  },
+  "strip_path": true,
+  "updated_at": 1536698521
 }
 ```
 
+Save the Route ID
 
-#### 2. Checking the API
+```bash
+$ export ROUTE_ID=<the id from the response above>
+$ echo $ROUTE_ID
+```
+ 
+#### 2. Verify Response with and without Kong 
 
-Check that the API works by issuing the following command:
+Verify that you can make a direct call to `http://httpbin.org/anything` _without_ proxying through Kong by issuing the following command:
 
 ```bash
-$ http :8000 -v
+$ http get http://httpbin.org/anything
 ```
 
-And you should get output similar to this:
+The response should be `HTTP 200 OK` and appear like so:
 
-```http
-GET / HTTP/1.1
-Accept: */*
-Accept-Encoding: gzip, deflate
-Connection: keep-alive
-Host: localhost:8000
-User-Agent: HTTPie/0.9.9
-```
-```http
-HTTP/1.1 200 OK
-Access-Control-Allow-Credentials: true
-Access-Control-Allow-Origin: *
-Connection: keep-alive
-Content-Length: 390
-Content-Type: application/json
-Date: Mon, 14 Aug 2017 17:12:16 GMT
-Server: meinheld/0.6.1
-Via: kong/0.10.3
-X-Kong-Proxy-Latency: 181
-X-Kong-Upstream-Latency: 828
-X-Powered-By: Flask
-X-Processed-Time: 0.00134587287903
-```
 ```json
 {
-    "args": {},
-    "data": "",
-    "files": {},
-    "form": {},
-    "headers": {
-        "Accept": "*/*",
-        "Accept-Encoding": "gzip, deflate",
-        "Connection": "close",
-        "Host": "httpbin.org",
-        "User-Agent": "HTTPie/0.9.9",
-        "X-Forwarded-Host": "localhost"
-    },
-    "json": null,
-    "method": "GET",
-    "origin": "127.0.0.1, 37.33.72.184",
-    "url": "http://localhost/anything"
+  "args": {},
+  "data": "",
+  "files": {},
+  "form": {},
+  "headers": {
+    "Accept": "*/*",
+    "Accept-Encoding": "gzip, deflate",
+    "Connection": "close",
+    "Host": "httpbin.org",
+    "User-Agent": "HTTPie/0.9.9"
+  },
+  "json": null,
+  "method": "GET",
+  "origin": "52.70.213.138",
+  "url": "http://httpbin.org/anything"
 }
-```
 
+```
 
-#### 3. Enabling the Plugin
-
-To enable `openid-connect` plugin for the API,
-execute the following command (on production you
-shouldn't disable SSL verification):
+Verify that Kong successfully proxies through Kong by issuing the following command:
 
 ```bash
-$ http post :8001/apis/openid-connect-demo/plugins  \
-    name=openid-connect                             \
-    config.issuer=<ISSUER>                          \
-    config.client_id=<CLIENT_ID>                    \
-    config.client_secret=<CLIENT_SECRET>            \
-    config.redirect_uri=<REDIRECT_URI>              \
-    config.ssl_verify=false -v
+$ http get 127.0.0.1:8000
 ```
 
-On successful call you will get output similar to this:
-
-```http
-POST /apis/openid-connect-demo/plugins HTTP/1.1
-Accept: application/json, */*
-Accept-Encoding: gzip, deflate
-Connection: keep-alive
-Content-Length: 256
-Content-Type: application/json
-Host: localhost:8001
-User-Agent: HTTPie/0.9.9
-```
+The response should be `HTTP 200 OK` and appear like so:
+
 ```json
 {
-    "config.client_id": "ATdm9WUNmfGzdE0pyRApY66pnfHVJNMI",
-    "config.client_secret": "kaSFMAJSEQVlYl4Crvf4Sl9WIM0rP3gVxbhT3GAhPDTzRbzxKh3pxHnNWMhhRrcN",
-    "config.issuer": "https://kong-demo.eu.auth0.com/",
-    "config.ssl_verify": "false",
-    "name": "openid-connect"
+  "args": {},
+  "data": "",
+  "files": {},
+  "form": {},
+  "headers": {
+    "Accept": "*/*",
+    "Accept-Encoding": "gzip, deflate",
+    "Connection": "close",
+    "Host": "httpbin.org",
+    "User-Agent": "HTTPie/0.9.9",
+    "X-Forwarded-Host": "127.0.0.1"
+  },
+  "json": null,
+  "method": "GET",
+  "origin": "172.19.0.1, 23.96.32.228",
+  "url": "http://127.0.0.1/anything"
 }
 ```
-```http
-HTTP/1.1 201 Created
-Access-Control-Allow-Origin: *
-Connection: keep-alive
-Content-Type: application/json; charset=utf-8
-Date: Mon, 14 Aug 2017 17:22:27 GMT
-Server: kong/0.10.3
-Transfer-Encoding: chunked
+
+#### 3. Secure the Service with OIDC
+
+To enable the OIDC Plugin for the Service, execute the following 
+command, but note that SSL verification is disabled here for 
+testing purposes only:
+
+```bash
+http post :8001/services/httpbin/plugins \
+  name=openid-connect                             \
+  config.issuer=<ISSUER>                          \
+  config.client_id=<CLIENT_ID>                    \
+  config.client_secret=<CLIENT_SECRET>            \
+  config.redirect_uri=<REDIRECT_URI>              \
+  config.ssl_verify=false -v
 ```
+
+On successful `HTTP 200 OK`, the response will be similar to:
+
 ```json
 {
-    "api_id": "f5331dd8-4dc8-4272-8537-199598e660ad",
-    "config": {
-        "auth_methods": [
-            "password",
-            "client_credentials",
-            "authorization_code",
-            "bearer",
-            "introspection",
-            "kong_oauth2",
-            "refresh_token",
-            "session"
-        ],
-        "client_id": [
-            "<CLIENT_ID>"
-        ],
-        "client_secret": [
-            "<CLIENT_SECRET>"
-        ],
-        "consumer_by": [
-            "username",
-            "custom_id"
-        ],
-        "http_version": 1.1,
-        "id_token_param_type": [
-            "query",
-            "header",
-            "body"
-        ],
-        "issuer": "<ISSUER>",
-        "leeway": 0,
-        "login_action": "upstream",
-        "login_tokens": [
-            "id_token"
-        ],
-        "response_mode": "query",
-        "reverify": false,
-        "scopes": [
-            "openid"
-        ],
-        "ssl_verify": false,
-        "timeout": 10000,
-        "upstream_access_token_header": "authorization:bearer",
-        "verify_claims": true,
-        "verify_nonce": true,
-        "verify_parameters": true,
-        "verify_signature": true
-    },
-    "created_at": 1502731347000,
+  "config": {
+    "audience_claim": [
+      "aud"
+    ],
+    "client_id": [
+      "kong"
+    ],
+    "client_secret": [
+      "b8068d7d-d7bf-4b23-8724-881ee49bdbfd"
+    ],
+    "consumer_by": [
+      "username",
+      "custom_id"
+    ],
+    "introspect_jwt_tokens": false,
+    "introspection_hint": "access_token",
+    "issuer": "http://ip10-0-0-3-bec2g5kmeb6ge43qmuc0-8080.direct.konglabs-s3.simplru.com/auth/realms/master",
+    "created_at": 1536700540000,
     "enabled": true,
-    "id": "4a91a0ef-1632-491d-a4e3-b8f98f75dcda",
-    "name": "openid-connect"
+    "id": "6836ba3c-12e0-4f2e-bdfd-88134eaa1786",
+    "name": "openid-connect",
+    "service_id": "903978c9-2472-4a04-aff5-d9ba13821e64"
+  }
 }
 ```
 
+#### 4. Verify that Authorization is Now Required
 
-#### 4. Try the API
+Attempt the following command without authorization:
 
 ```bash
-$ http :8000 -v
+$ http get :8000/anything
 ```
 
-As you might have expected, it doesn't work anymore:
-
-```http
-GET / HTTP/1.1
-Accept: */*
-Accept-Encoding: gzip, deflate
-Connection: keep-alive
-Host: localhost:8000
-User-Agent: HTTPie/0.9.9
-```
+It will result in:
 
-as it gives this redirect as a reply:
-
-```http
-HTTP/1.1 302 Moved Temporarily
-Connection: keep-alive
-Content-Length: 167
-Content-Type: text/html
-Date: Mon, 14 Aug 2017 17:24:59 GMT
-Location: https://<ISSUER>/authorize?scope=openid&client_id=<CLIENT_ID>&response_mode=query&state=y2J74-KJFzogFXEtWgwDzl-Y&nonce=J-Ylp3E4dIQIhgutGFo3JOOU&redirect_uri=<REDIRECT_URI>&response_type=code
-Server: kong/0.10.3
-Set-Cookie: authorization=<COOKIE>; Path=/; HttpOnly
 ```
-```html
-<html>
-  <head><title>302 Found</title></head>
-  <body bgcolor="white">
-    <center><h1>302 Found</h1></center>
-  </body>
-</html>
+HTTP 301 Moved Temporarily
 ```
 
 Now, at this point you could try to open the page using a browser and
 see if you can go through the authorization code flow, and after that
-get an reply from httpbin.org. Please check that your redirect uri is
-correctly registered as the identity provider should redirect the
-browser back to Kong url where this plugin is enabled (it can be the same
-API or it can be different API).
+get a reply from `httpbin.org`. Please check that your redirect URI parameter is
+correctly set, since the identity provider should redirect the
+user back to this URI once authentication is successful. (The URI can be the same
+Service or a different one).
 
-You could also try another ways, like for example password grant
-(and please try other authentication methods as well):
+You could also try another way; for example, password grant:
 
 ```bash
 $ http :8000 Authorization:"Basic <username>:<password>"
diff --git a/app/_hub/kong-inc/openid-connect/0.35-x.md b/app/_hub/kong-inc/openid-connect/0.35-x.md
index 70b325a08476..b5ea199c9686 100644
--- a/app/_hub/kong-inc/openid-connect/0.35-x.md
+++ b/app/_hub/kong-inc/openid-connect/0.35-x.md
@@ -2314,268 +2314,200 @@ not send confidential information to `httpbin.org` that is used here
 for illustrative purposes.
 
 
-#### 1. Creating the API
+#### 1. Creating a Service and Route
 
-To create an API we execute the following command:
+To create a Service, issue the following command:
 
 ```bash
-$ http post :8001/apis                          \
+$ http post :8001/services                      \
     name=openid-connect-demo                    \
-    uris=/                                      \
-    upstream_url=http://httpbin.org/anything -v
-```
-```http
-POST /apis HTTP/1.1
-Accept: application/json, */*
-Accept-Encoding: gzip, deflate
-Connection: keep-alive
-Content-Length: 91
-Content-Type: application/json
-Host: localhost:8001
-User-Agent: HTTPie/0.9.9
+    url=http://httpbin.org/anything
 ```
+
+The response should be structured like so:
+
 ```json
 {
-    "name": "openid-connect-demo",
-    "upstream_url": "http://httpbin.org/anything",
-    "uris": "/"
+  "connect_timeout": 60000,
+  "created_at": 1535539722,
+  "host": "httpbin.org",
+  "id": "903978c9-2472-4a04-aff5-d9ba13821e64",
+  "name": "httpbin",
+  "path": "/anything",
+  "port": 80,
+  "protocol": "http",
+  "read_timeout": 60000,
+  "retries": 5,
+  "updated_at": 1535539722,
+  "write_timeout": 60000
 }
 ```
-```http
-HTTP/1.1 201 Created
-Access-Control-Allow-Origin: *
-Connection: keep-alive
-Content-Type: application/json; charset=utf-8
-Date: Mon, 14 Aug 2017 17:09:43 GMT
-Server: kong/0.10.3
-Transfer-Encoding: chunked
+
+Then, to add a Route, issue the following command:
+
+```bash
+$ http :8001/services/httpbin/routes paths:='["/"]' protocols:='["http"]'
 ```
+
+The response should be structured like so:
+
 ```json
 {
-    "created_at": 1502730583000,
-    "http_if_terminated": false,
-    "https_only": false,
-    "id": "f5331dd8-4dc8-4272-8537-199598e660ad",
-    "name": "openid-connect-demo",
-    "preserve_host": false,
-    "retries": 5,
-    "strip_uri": true,
-    "upstream_connect_timeout": 60000,
-    "upstream_read_timeout": 60000,
-    "upstream_send_timeout": 60000,
-    "upstream_url": "http://httpbin.org/anything",
-    "uris": [
-        "/"
-    ]
+  "created_at": 1536698521,
+  "hosts": null,
+  "id": "17b83376-b69d-4638-9b53-13184018eaf6",
+  "methods": null,
+  "paths": [
+    "/"
+  ],
+  "preserve_host": false,
+  "protocols": [
+    "http"
+  ],
+  "regex_priority": 0,
+  "service": {
+    "id": "903978c9-2472-4a04-aff5-d9ba13821e64"
+  },
+  "strip_path": true,
+  "updated_at": 1536698521
 }
 ```
 
+Save the Route ID
 
-#### 2. Checking the API
+```bash
+$ export ROUTE_ID=<the id from the response above>
+$ echo $ROUTE_ID
+```
+ 
+#### 2. Verify Response with and without Kong 
 
-Check that the API works by issuing the following command:
+Verify that you can make a direct call to `http://httpbin.org/anything` _without_ proxying through Kong by issuing the following command:
 
 ```bash
-$ http :8000 -v
+$ http get http://httpbin.org/anything
 ```
 
-And you should get output similar to this:
+The response should be `HTTP 200 OK` and appear like so:
 
-```http
-GET / HTTP/1.1
-Accept: */*
-Accept-Encoding: gzip, deflate
-Connection: keep-alive
-Host: localhost:8000
-User-Agent: HTTPie/0.9.9
-```
-```http
-HTTP/1.1 200 OK
-Access-Control-Allow-Credentials: true
-Access-Control-Allow-Origin: *
-Connection: keep-alive
-Content-Length: 390
-Content-Type: application/json
-Date: Mon, 14 Aug 2017 17:12:16 GMT
-Server: meinheld/0.6.1
-Via: kong/0.10.3
-X-Kong-Proxy-Latency: 181
-X-Kong-Upstream-Latency: 828
-X-Powered-By: Flask
-X-Processed-Time: 0.00134587287903
-```
 ```json
 {
-    "args": {},
-    "data": "",
-    "files": {},
-    "form": {},
-    "headers": {
-        "Accept": "*/*",
-        "Accept-Encoding": "gzip, deflate",
-        "Connection": "close",
-        "Host": "httpbin.org",
-        "User-Agent": "HTTPie/0.9.9",
-        "X-Forwarded-Host": "localhost"
-    },
-    "json": null,
-    "method": "GET",
-    "origin": "127.0.0.1, 37.33.72.184",
-    "url": "http://localhost/anything"
+  "args": {},
+  "data": "",
+  "files": {},
+  "form": {},
+  "headers": {
+    "Accept": "*/*",
+    "Accept-Encoding": "gzip, deflate",
+    "Connection": "close",
+    "Host": "httpbin.org",
+    "User-Agent": "HTTPie/0.9.9"
+  },
+  "json": null,
+  "method": "GET",
+  "origin": "52.70.213.138",
+  "url": "http://httpbin.org/anything"
 }
-```
 
+```
 
-#### 3. Enabling the Plugin
-
-To enable `openid-connect` plugin for the API,
-execute the following command (on production you
-shouldn't disable SSL verification):
+Verify that Kong successfully proxies through Kong by issuing the following command:
 
 ```bash
-$ http post :8001/apis/openid-connect-demo/plugins  \
-    name=openid-connect                             \
-    config.issuer=<ISSUER>                          \
-    config.client_id=<CLIENT_ID>                    \
-    config.client_secret=<CLIENT_SECRET>            \
-    config.redirect_uri=<REDIRECT_URI>              \
-    config.ssl_verify=false -v
+$ http get 127.0.0.1:8000
 ```
 
-On successful call you will get output similar to this:
-
-```http
-POST /apis/openid-connect-demo/plugins HTTP/1.1
-Accept: application/json, */*
-Accept-Encoding: gzip, deflate
-Connection: keep-alive
-Content-Length: 256
-Content-Type: application/json
-Host: localhost:8001
-User-Agent: HTTPie/0.9.9
-```
+The response should be `HTTP 200 OK` and appear like so:
+
 ```json
 {
-    "config.client_id": "ATdm9WUNmfGzdE0pyRApY66pnfHVJNMI",
-    "config.client_secret": "kaSFMAJSEQVlYl4Crvf4Sl9WIM0rP3gVxbhT3GAhPDTzRbzxKh3pxHnNWMhhRrcN",
-    "config.issuer": "https://kong-demo.eu.auth0.com/",
-    "config.ssl_verify": "false",
-    "name": "openid-connect"
+  "args": {},
+  "data": "",
+  "files": {},
+  "form": {},
+  "headers": {
+    "Accept": "*/*",
+    "Accept-Encoding": "gzip, deflate",
+    "Connection": "close",
+    "Host": "httpbin.org",
+    "User-Agent": "HTTPie/0.9.9",
+    "X-Forwarded-Host": "127.0.0.1"
+  },
+  "json": null,
+  "method": "GET",
+  "origin": "172.19.0.1, 23.96.32.228",
+  "url": "http://127.0.0.1/anything"
 }
 ```
-```http
-HTTP/1.1 201 Created
-Access-Control-Allow-Origin: *
-Connection: keep-alive
-Content-Type: application/json; charset=utf-8
-Date: Mon, 14 Aug 2017 17:22:27 GMT
-Server: kong/0.10.3
-Transfer-Encoding: chunked
+
+#### 3. Secure the Service with OIDC
+
+To enable the OIDC Plugin for the Service, execute the following 
+command, but note that SSL verification is disabled here for 
+testing purposes only:
+
+```bash
+http post :8001/services/httpbin/plugins \
+  name=openid-connect                             \
+  config.issuer=<ISSUER>                          \
+  config.client_id=<CLIENT_ID>                    \
+  config.client_secret=<CLIENT_SECRET>            \
+  config.redirect_uri=<REDIRECT_URI>              \
+  config.ssl_verify=false -v
 ```
+
+On successful `HTTP 200 OK`, the response will be similar to:
+
 ```json
 {
-    "api_id": "f5331dd8-4dc8-4272-8537-199598e660ad",
-    "config": {
-        "auth_methods": [
-            "password",
-            "client_credentials",
-            "authorization_code",
-            "bearer",
-            "introspection",
-            "kong_oauth2",
-            "refresh_token",
-            "session"
-        ],
-        "client_id": [
-            "<CLIENT_ID>"
-        ],
-        "client_secret": [
-            "<CLIENT_SECRET>"
-        ],
-        "consumer_by": [
-            "username",
-            "custom_id"
-        ],
-        "http_version": 1.1,
-        "id_token_param_type": [
-            "query",
-            "header",
-            "body"
-        ],
-        "issuer": "<ISSUER>",
-        "leeway": 0,
-        "login_action": "upstream",
-        "login_tokens": [
-            "id_token"
-        ],
-        "response_mode": "query",
-        "reverify": false,
-        "scopes": [
-            "openid"
-        ],
-        "ssl_verify": false,
-        "timeout": 10000,
-        "upstream_access_token_header": "authorization:bearer",
-        "verify_claims": true,
-        "verify_nonce": true,
-        "verify_parameters": true,
-        "verify_signature": true
-    },
-    "created_at": 1502731347000,
+  "config": {
+    "audience_claim": [
+      "aud"
+    ],
+    "client_id": [
+      "kong"
+    ],
+    "client_secret": [
+      "b8068d7d-d7bf-4b23-8724-881ee49bdbfd"
+    ],
+    "consumer_by": [
+      "username",
+      "custom_id"
+    ],
+    "introspect_jwt_tokens": false,
+    "introspection_hint": "access_token",
+    "issuer": "http://ip10-0-0-3-bec2g5kmeb6ge43qmuc0-8080.direct.konglabs-s3.simplru.com/auth/realms/master",
+    "created_at": 1536700540000,
     "enabled": true,
-    "id": "4a91a0ef-1632-491d-a4e3-b8f98f75dcda",
-    "name": "openid-connect"
+    "id": "6836ba3c-12e0-4f2e-bdfd-88134eaa1786",
+    "name": "openid-connect",
+    "service_id": "903978c9-2472-4a04-aff5-d9ba13821e64"
+  }
 }
 ```
 
+#### 4. Verify that Authorization is Now Required
 
-#### 4. Try the API
+Attempt the following command without authorization:
 
 ```bash
-$ http :8000 -v
+$ http get :8000/anything
 ```
 
-As you might have expected, it doesn't work anymore:
-
-```http
-GET / HTTP/1.1
-Accept: */*
-Accept-Encoding: gzip, deflate
-Connection: keep-alive
-Host: localhost:8000
-User-Agent: HTTPie/0.9.9
-```
+It will result in:
 
-as it gives this redirect as a reply:
-
-```http
-HTTP/1.1 302 Moved Temporarily
-Connection: keep-alive
-Content-Length: 167
-Content-Type: text/html
-Date: Mon, 14 Aug 2017 17:24:59 GMT
-Location: https://<ISSUER>/authorize?scope=openid&client_id=<CLIENT_ID>&response_mode=query&state=y2J74-KJFzogFXEtWgwDzl-Y&nonce=J-Ylp3E4dIQIhgutGFo3JOOU&redirect_uri=<REDIRECT_URI>&response_type=code
-Server: kong/0.10.3
-Set-Cookie: authorization=<COOKIE>; Path=/; HttpOnly
 ```
-```html
-<html>
-  <head><title>302 Found</title></head>
-  <body bgcolor="white">
-    <center><h1>302 Found</h1></center>
-  </body>
-</html>
+HTTP 301 Moved Temporarily
 ```
 
 Now, at this point you could try to open the page using a browser and
 see if you can go through the authorization code flow, and after that
-get an reply from httpbin.org. Please check that your redirect uri is
-correctly registered as the identity provider should redirect the
-browser back to Kong url where this plugin is enabled (it can be the same
-API or it can be different API).
+get a reply from `httpbin.org`. Please check that your redirect URI parameter is
+correctly set, since the identity provider should redirect the
+user back to this URI once authentication is successful. (The URI can be the same
+Service or a different one).
 
-You could also try another ways, like for example password grant
-(and please try other authentication methods as well):
+You could also try another way; for example, password grant:
 
 ```bash
 $ http :8000 Authorization:"Basic <username>:<password>"
diff --git a/app/_hub/kong-inc/openid-connect/index.md b/app/_hub/kong-inc/openid-connect/index.md
index 55f34d432b24..8b6108de1c1a 100644
--- a/app/_hub/kong-inc/openid-connect/index.md
+++ b/app/_hub/kong-inc/openid-connect/index.md
@@ -2315,268 +2315,200 @@ not send confidential information to `httpbin.org` that is used here
 for illustrative purposes.
 
 
-#### 1. Creating the API
+#### 1. Creating a Service and Route
 
-To create an API we execute the following command:
+To create a Service, issue the following command:
 
 ```bash
-$ http post :8001/apis                          \
+$ http post :8001/services                      \
     name=openid-connect-demo                    \
-    uris=/                                      \
-    upstream_url=http://httpbin.org/anything -v
-```
-```http
-POST /apis HTTP/1.1
-Accept: application/json, */*
-Accept-Encoding: gzip, deflate
-Connection: keep-alive
-Content-Length: 91
-Content-Type: application/json
-Host: localhost:8001
-User-Agent: HTTPie/0.9.9
+    url=http://httpbin.org/anything
 ```
+
+The response should be structured like so:
+
 ```json
 {
-    "name": "openid-connect-demo",
-    "upstream_url": "http://httpbin.org/anything",
-    "uris": "/"
+  "connect_timeout": 60000,
+  "created_at": 1535539722,
+  "host": "httpbin.org",
+  "id": "903978c9-2472-4a04-aff5-d9ba13821e64",
+  "name": "httpbin",
+  "path": "/anything",
+  "port": 80,
+  "protocol": "http",
+  "read_timeout": 60000,
+  "retries": 5,
+  "updated_at": 1535539722,
+  "write_timeout": 60000
 }
 ```
-```http
-HTTP/1.1 201 Created
-Access-Control-Allow-Origin: *
-Connection: keep-alive
-Content-Type: application/json; charset=utf-8
-Date: Mon, 14 Aug 2017 17:09:43 GMT
-Server: kong/0.10.3
-Transfer-Encoding: chunked
+
+Then, to add a Route, issue the following command:
+
+```bash
+$ http :8001/services/httpbin/routes paths:='["/"]' protocols:='["http"]'
 ```
+
+The response should be structured like so:
+
 ```json
 {
-    "created_at": 1502730583000,
-    "http_if_terminated": false,
-    "https_only": false,
-    "id": "f5331dd8-4dc8-4272-8537-199598e660ad",
-    "name": "openid-connect-demo",
-    "preserve_host": false,
-    "retries": 5,
-    "strip_uri": true,
-    "upstream_connect_timeout": 60000,
-    "upstream_read_timeout": 60000,
-    "upstream_send_timeout": 60000,
-    "upstream_url": "http://httpbin.org/anything",
-    "uris": [
-        "/"
-    ]
+  "created_at": 1536698521,
+  "hosts": null,
+  "id": "17b83376-b69d-4638-9b53-13184018eaf6",
+  "methods": null,
+  "paths": [
+    "/"
+  ],
+  "preserve_host": false,
+  "protocols": [
+    "http"
+  ],
+  "regex_priority": 0,
+  "service": {
+    "id": "903978c9-2472-4a04-aff5-d9ba13821e64"
+  },
+  "strip_path": true,
+  "updated_at": 1536698521
 }
 ```
 
+Save the Route ID
 
-#### 2. Checking the API
+```bash
+$ export ROUTE_ID=<the id from the response above>
+$ echo $ROUTE_ID
+```
+ 
+#### 2. Verify Response with and without Kong 
 
-Check that the API works by issuing the following command:
+Verify that you can make a direct call to `http://httpbin.org/anything` _without_ proxying through Kong by issuing the following command:
 
 ```bash
-$ http :8000 -v
+$ http get http://httpbin.org/anything
 ```
 
-And you should get output similar to this:
+The response should be `HTTP 200 OK` and appear like so:
 
-```http
-GET / HTTP/1.1
-Accept: */*
-Accept-Encoding: gzip, deflate
-Connection: keep-alive
-Host: localhost:8000
-User-Agent: HTTPie/0.9.9
-```
-```http
-HTTP/1.1 200 OK
-Access-Control-Allow-Credentials: true
-Access-Control-Allow-Origin: *
-Connection: keep-alive
-Content-Length: 390
-Content-Type: application/json
-Date: Mon, 14 Aug 2017 17:12:16 GMT
-Server: meinheld/0.6.1
-Via: kong/0.10.3
-X-Kong-Proxy-Latency: 181
-X-Kong-Upstream-Latency: 828
-X-Powered-By: Flask
-X-Processed-Time: 0.00134587287903
-```
 ```json
 {
-    "args": {},
-    "data": "",
-    "files": {},
-    "form": {},
-    "headers": {
-        "Accept": "*/*",
-        "Accept-Encoding": "gzip, deflate",
-        "Connection": "close",
-        "Host": "httpbin.org",
-        "User-Agent": "HTTPie/0.9.9",
-        "X-Forwarded-Host": "localhost"
-    },
-    "json": null,
-    "method": "GET",
-    "origin": "127.0.0.1, 37.33.72.184",
-    "url": "http://localhost/anything"
+  "args": {},
+  "data": "",
+  "files": {},
+  "form": {},
+  "headers": {
+    "Accept": "*/*",
+    "Accept-Encoding": "gzip, deflate",
+    "Connection": "close",
+    "Host": "httpbin.org",
+    "User-Agent": "HTTPie/0.9.9"
+  },
+  "json": null,
+  "method": "GET",
+  "origin": "52.70.213.138",
+  "url": "http://httpbin.org/anything"
 }
-```
 
+```
 
-#### 3. Enabling the Plugin
-
-To enable `openid-connect` plugin for the API,
-execute the following command (on production you
-shouldn't disable SSL verification):
+Verify that Kong successfully proxies through Kong by issuing the following command:
 
 ```bash
-$ http post :8001/apis/openid-connect-demo/plugins  \
-    name=openid-connect                             \
-    config.issuer=<ISSUER>                          \
-    config.client_id=<CLIENT_ID>                    \
-    config.client_secret=<CLIENT_SECRET>            \
-    config.redirect_uri=<REDIRECT_URI>              \
-    config.ssl_verify=false -v
+$ http get 127.0.0.1:8000
 ```
 
-On successful call you will get output similar to this:
-
-```http
-POST /apis/openid-connect-demo/plugins HTTP/1.1
-Accept: application/json, */*
-Accept-Encoding: gzip, deflate
-Connection: keep-alive
-Content-Length: 256
-Content-Type: application/json
-Host: localhost:8001
-User-Agent: HTTPie/0.9.9
-```
+The response should be `HTTP 200 OK` and appear like so:
+
 ```json
 {
-    "config.client_id": "ATdm9WUNmfGzdE0pyRApY66pnfHVJNMI",
-    "config.client_secret": "kaSFMAJSEQVlYl4Crvf4Sl9WIM0rP3gVxbhT3GAhPDTzRbzxKh3pxHnNWMhhRrcN",
-    "config.issuer": "https://kong-demo.eu.auth0.com/",
-    "config.ssl_verify": "false",
-    "name": "openid-connect"
+  "args": {},
+  "data": "",
+  "files": {},
+  "form": {},
+  "headers": {
+    "Accept": "*/*",
+    "Accept-Encoding": "gzip, deflate",
+    "Connection": "close",
+    "Host": "httpbin.org",
+    "User-Agent": "HTTPie/0.9.9",
+    "X-Forwarded-Host": "127.0.0.1"
+  },
+  "json": null,
+  "method": "GET",
+  "origin": "172.19.0.1, 23.96.32.228",
+  "url": "http://127.0.0.1/anything"
 }
 ```
-```http
-HTTP/1.1 201 Created
-Access-Control-Allow-Origin: *
-Connection: keep-alive
-Content-Type: application/json; charset=utf-8
-Date: Mon, 14 Aug 2017 17:22:27 GMT
-Server: kong/0.10.3
-Transfer-Encoding: chunked
+
+#### 3. Secure the Service with OIDC
+
+To enable the OIDC Plugin for the Service, execute the following 
+command, but note that SSL verification is disabled here for 
+testing purposes only:
+
+```bash
+http post :8001/services/httpbin/plugins \
+  name=openid-connect                             \
+  config.issuer=<ISSUER>                          \
+  config.client_id=<CLIENT_ID>                    \
+  config.client_secret=<CLIENT_SECRET>            \
+  config.redirect_uri=<REDIRECT_URI>              \
+  config.ssl_verify=false -v
 ```
+
+On successful `HTTP 200 OK`, the response will be similar to:
+
 ```json
 {
-    "api_id": "f5331dd8-4dc8-4272-8537-199598e660ad",
-    "config": {
-        "auth_methods": [
-            "password",
-            "client_credentials",
-            "authorization_code",
-            "bearer",
-            "introspection",
-            "kong_oauth2",
-            "refresh_token",
-            "session"
-        ],
-        "client_id": [
-            "<CLIENT_ID>"
-        ],
-        "client_secret": [
-            "<CLIENT_SECRET>"
-        ],
-        "consumer_by": [
-            "username",
-            "custom_id"
-        ],
-        "http_version": 1.1,
-        "id_token_param_type": [
-            "query",
-            "header",
-            "body"
-        ],
-        "issuer": "<ISSUER>",
-        "leeway": 0,
-        "login_action": "upstream",
-        "login_tokens": [
-            "id_token"
-        ],
-        "response_mode": "query",
-        "reverify": false,
-        "scopes": [
-            "openid"
-        ],
-        "ssl_verify": false,
-        "timeout": 10000,
-        "upstream_access_token_header": "authorization:bearer",
-        "verify_claims": true,
-        "verify_nonce": true,
-        "verify_parameters": true,
-        "verify_signature": true
-    },
-    "created_at": 1502731347000,
+  "config": {
+    "audience_claim": [
+      "aud"
+    ],
+    "client_id": [
+      "kong"
+    ],
+    "client_secret": [
+      "b8068d7d-d7bf-4b23-8724-881ee49bdbfd"
+    ],
+    "consumer_by": [
+      "username",
+      "custom_id"
+    ],
+    "introspect_jwt_tokens": false,
+    "introspection_hint": "access_token",
+    "issuer": "http://ip10-0-0-3-bec2g5kmeb6ge43qmuc0-8080.direct.konglabs-s3.simplru.com/auth/realms/master",
+    "created_at": 1536700540000,
     "enabled": true,
-    "id": "4a91a0ef-1632-491d-a4e3-b8f98f75dcda",
-    "name": "openid-connect"
+    "id": "6836ba3c-12e0-4f2e-bdfd-88134eaa1786",
+    "name": "openid-connect",
+    "service_id": "903978c9-2472-4a04-aff5-d9ba13821e64"
+  }
 }
 ```
 
+#### 4. Verify that Authorization is Now Required
 
-#### 4. Try the API
+Attempt the following command without authorization:
 
 ```bash
-$ http :8000 -v
+$ http get :8000/anything
 ```
 
-As you might have expected, it doesn't work anymore:
-
-```http
-GET / HTTP/1.1
-Accept: */*
-Accept-Encoding: gzip, deflate
-Connection: keep-alive
-Host: localhost:8000
-User-Agent: HTTPie/0.9.9
-```
+It will result in:
 
-as it gives this redirect as a reply:
-
-```http
-HTTP/1.1 302 Moved Temporarily
-Connection: keep-alive
-Content-Length: 167
-Content-Type: text/html
-Date: Mon, 14 Aug 2017 17:24:59 GMT
-Location: https://<ISSUER>/authorize?scope=openid&client_id=<CLIENT_ID>&response_mode=query&state=y2J74-KJFzogFXEtWgwDzl-Y&nonce=J-Ylp3E4dIQIhgutGFo3JOOU&redirect_uri=<REDIRECT_URI>&response_type=code
-Server: kong/0.10.3
-Set-Cookie: authorization=<COOKIE>; Path=/; HttpOnly
 ```
-```html
-<html>
-  <head><title>302 Found</title></head>
-  <body bgcolor="white">
-    <center><h1>302 Found</h1></center>
-  </body>
-</html>
+HTTP 301 Moved Temporarily
 ```
 
 Now, at this point you could try to open the page using a browser and
 see if you can go through the authorization code flow, and after that
-get an reply from httpbin.org. Please check that your redirect uri is
-correctly registered as the identity provider should redirect the
-browser back to Kong url where this plugin is enabled (it can be the same
-API or it can be different API).
+get a reply from `httpbin.org`. Please check that your redirect URI parameter is
+correctly set, since the identity provider should redirect the
+user back to this URI once authentication is successful. (The URI can be the same
+Service or a different one).
 
-You could also try another ways, like for example password grant
-(and please try other authentication methods as well):
+You could also try another way; for example, password grant:
 
 ```bash
 $ http :8000 Authorization:"Basic <username>:<password>"
diff --git a/app/_hub/kong-inc/prometheus/index.md b/app/_hub/kong-inc/prometheus/index.md
index 13d076369287..f2ccc7204d03 100644
--- a/app/_hub/kong-inc/prometheus/index.md
+++ b/app/_hub/kong-inc/prometheus/index.md
@@ -20,6 +20,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
@@ -31,7 +32,7 @@ params:
   name: prometheus
   service_id: true
   route_id: false
-  protocols: ["http", "https", "tcp", "tls"]
+  protocols: ["http", "https", "tcp", "tls", "grpc", "grpcs"]
   dbless_compatible: yes
   dbless_explanation: |
     The database will always be reported as “reachable” in prometheus with DB-less.
diff --git a/app/_hub/kong-inc/proxy-cache/index.md b/app/_hub/kong-inc/proxy-cache/index.md
index 5ad338f0010d..720461ad698a 100644
--- a/app/_hub/kong-inc/proxy-cache/index.md
+++ b/app/_hub/kong-inc/proxy-cache/index.md
@@ -15,6 +15,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
     enterprise_edition:
       compatible:
diff --git a/app/_hub/kong-inc/rate-limiting-advanced/0.35-x.md b/app/_hub/kong-inc/rate-limiting-advanced/0.35-x.md
index 0842ffd0be5f..bdb2d3836bca 100644
--- a/app/_hub/kong-inc/rate-limiting-advanced/0.35-x.md
+++ b/app/_hub/kong-inc/rate-limiting-advanced/0.35-x.md
@@ -159,4 +159,4 @@ $ curl -i -X POST http://kong:8001/services/{service}/plugins \
   --data config.window_size=60,3600 \
   --data config.sync_rate=10
 ```
-This will apply rate limiting policies, one of which will trip when 10 hits have been counted in 60 seconds, or when 100 hits have been counted in 3600 seconds. For more information, please see [Enterprise Rate Limiting Library](https://docs.konghq.com/enterprise/0.35-x/rate-limiting/).
+This will apply rate limiting policies, one of which will trip when 10 hits have been counted in 60 seconds, or when 100 hits have been counted in 3600 seconds. For more information, please see [Enterprise Rate Limiting Library](https://docs.konghq.com/enterprise/references/rate-limiting/).
diff --git a/app/_hub/kong-inc/rate-limiting-advanced/index.md b/app/_hub/kong-inc/rate-limiting-advanced/index.md
index 112a67100192..b6927f9fcadd 100644
--- a/app/_hub/kong-inc/rate-limiting-advanced/index.md
+++ b/app/_hub/kong-inc/rate-limiting-advanced/index.md
@@ -160,4 +160,4 @@ $ curl -i -X POST http://kong:8001/services/{service}/plugins \
   --data config.window_size=60,3600 \
   --data config.sync_rate=10
 ```
-This will apply rate limiting policies, one of which will trip when 10 hits have been counted in 60 seconds, or when 100 hits have been counted in 3600 seconds. For more information, please see [Enterprise Rate Limiting Library](https://docs.konghq.com/enterprise/0.35-x/rate-limiting/).
+This will apply rate limiting policies, one of which will trip when 10 hits have been counted in 60 seconds, or when 100 hits have been counted in 3600 seconds. For more information, please see [Enterprise Rate Limiting Library](https://docs.konghq.com/enterprise/references/rate-limiting/).
diff --git a/app/_hub/kong-inc/rate-limiting/index.md b/app/_hub/kong-inc/rate-limiting/index.md
index 2b2792728c40..dd49b8370838 100644
--- a/app/_hub/kong-inc/rate-limiting/index.md
+++ b/app/_hub/kong-inc/rate-limiting/index.md
@@ -1,6 +1,8 @@
 ---
 name: Rate Limiting
 publisher: Kong Inc.
+redirect_from:
+  - /enterprise/0.35-x/rate-limiting/
 version: 1.0.0
 
 desc: Rate-limit how many HTTP requests a developer can make
@@ -20,38 +22,39 @@ categories:
   - traffic-control
 
 kong_version_compatibility:
-    community_edition:
-      compatible:
-        - 1.2.x
-        - 1.1.x
-        - 1.0.x
-        - 0.14.x
-        - 0.13.x
-        - 0.12.x
-        - 0.11.x
-        - 0.10.x
-        - 0.9.x
-        - 0.8.x
-        - 0.7.x
-        - 0.6.x
-        - 0.5.x
-        - 0.4.x
-        - 0.3.x
-        - 0.2.x
-    enterprise_edition:
-      compatible:
-        - 0.36-x
-        - 0.35-x
-        - 0.34-x
-        - 0.33-x
-        - 0.32-x
+  community_edition:
+    compatible:
+      - 1.3.x
+      - 1.2.x
+      - 1.1.x
+      - 1.0.x
+      - 0.14.x
+      - 0.13.x
+      - 0.12.x
+      - 0.11.x
+      - 0.10.x
+      - 0.9.x
+      - 0.8.x
+      - 0.7.x
+      - 0.6.x
+      - 0.5.x
+      - 0.4.x
+      - 0.3.x
+      - 0.2.x
+  enterprise_edition:
+    compatible:
+      - 0.36-x
+      - 0.35-x
+      - 0.34-x
+      - 0.33-x
+      - 0.32-x
 
 params:
   name: rate-limiting
   service_id: true
   route_id: true
   consumer_id: true
-  protocols: ["http", "https"]
+  protocols: ['http', 'https']
   dbless_compatible: partially
   dbless_explanation: |
     The plugin will run fine with the `local` policy (which doesn't use the database) or
@@ -82,22 +85,22 @@ params:
       description: The amount of HTTP requests the developer can make per year. At least one limit must exist.
     - name: limit_by
       required: false
-      default: "`consumer`"
+      default: '`consumer`'
       description: |
         The entity that will be used when aggregating the limits: `consumer`, `credential`, `ip`. If the `consumer` or the `credential` cannot be determined, the system will always fallback to `ip`.
     - name: policy
       required: false
-      default: "`cluster`"
+      default: '`cluster`'
       description: |
         The rate-limiting policies to use for retrieving and incrementing the limits. Available values are `local` (counters will be stored locally in-memory on the node), `cluster` (counters are stored in the datastore and shared across the nodes) and `redis` (counters are stored on a Redis server and will be shared across the nodes).
     - name: fault_tolerant
       required: false
-      default: "`true`"
+      default: '`true`'
       description: |
         A boolean value that determines if the requests should be proxied even if Kong has troubles connecting a third-party datastore. If `true` requests will be proxied anyways effectively disabling the rate-limiting function until the datastore is working again. If `false` then the clients will see `500` errors.
     - name: hide_client_headers
       required: false
-      default: "`false`"
+      default: '`false`'
       description: Optionally hide informative response headers.
     - name: redis_host
       required: semi
@@ -105,7 +108,7 @@ params:
         When using the `redis` policy, this property specifies the address to the Redis server.
     - name: redis_port
       required: false
-      default: "`6379`"
+      default: '`6379`'
       description: |
         When using the `redis` policy, this property specifies the port of the Redis server. By default is `6379`.
     - name: redis_password
@@ -114,15 +117,14 @@ params:
         When using the `redis` policy, this property specifies the password to connect to the Redis server.
     - name: redis_timeout
       required: false
-      default: "`2000`"
+      default: '`2000`'
       description: |
         When using the `redis` policy, this property specifies the timeout in milliseconds of any command submitted to the Redis server.
     - name: redis_database
       required: false
-      default: "`0`"
+      default: '`0`'
       description: |
         When using the `redis` policy, this property specifies Redis database to use.
-
 ---
 
 ## Headers sent to the client
@@ -146,26 +148,26 @@ X-RateLimit-Remaining-Minute: 9
 If any of the limits configured is being reached, the plugin will return a `HTTP/1.1 429` status code to the client with the following JSON body:
 
 ```json
-{"message":"API rate limit exceeded"}
+{ "message": "API rate limit exceeded" }
 ```
 
 ## Implementation considerations
 
 The plugin supports 3 policies, which each have their specific pros and cons.
 
-policy    | pros          | cons
----       | ---            | ---
-`cluster` | accurate, no extra components to support  | relatively the biggest performance impact, each request forces a read and a write on the underlying datastore.
-`redis`   | accurate, lesser performance impact than a `cluster` policy | extra redis installation required, bigger performance impact than a `local` policy
-`local`   | minimal performance impact | less accurate, and unless a consistent-hashing load balancer is used in front of Kong, it diverges when scaling the number of nodes
+| policy    | pros                                                        | cons                                                                                                                                |
+| --------- | ----------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
+| `cluster` | accurate, no extra components to support                    | relatively the biggest performance impact, each request forces a read and a write on the underlying datastore.                      |
+| `redis`   | accurate, lesser performance impact than a `cluster` policy | extra redis installation required, bigger performance impact than a `local` policy                                                  |
+| `local`   | minimal performance impact                                  | less accurate, and unless a consistent-hashing load balancer is used in front of Kong, it diverges when scaling the number of nodes |
 
 There are 2 use cases that are most common:
 
 1. _every transaction counts_. These are for example transactions with financial
-  consequences. Here the highest level of accuracy is required.
+   consequences. Here the highest level of accuracy is required.
 2. _backend protection_. This is where accuracy is not as relevant, but it is
-  merely used to protect backend services from overload. Either by specific
-  users, or to protect against an attack in general.
+   merely used to protect backend services from overload. Either by specific
+   users, or to protect against an attack in general.
 
 **NOTE**:
 
diff --git a/app/_hub/kong-inc/request-size-limiting/index.md b/app/_hub/kong-inc/request-size-limiting/index.md
index be707e76c359..18c52feb47b3 100644
--- a/app/_hub/kong-inc/request-size-limiting/index.md
+++ b/app/_hub/kong-inc/request-size-limiting/index.md
@@ -26,6 +26,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
diff --git a/app/_hub/kong-inc/request-termination/index.md b/app/_hub/kong-inc/request-termination/index.md
index baedf46987be..8f4c44d19277 100644
--- a/app/_hub/kong-inc/request-termination/index.md
+++ b/app/_hub/kong-inc/request-termination/index.md
@@ -16,6 +16,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
diff --git a/app/_hub/kong-inc/request-transformer/index.md b/app/_hub/kong-inc/request-transformer/index.md
index 660335c670ba..f2084716f2e8 100644
--- a/app/_hub/kong-inc/request-transformer/index.md
+++ b/app/_hub/kong-inc/request-transformer/index.md
@@ -22,6 +22,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
@@ -86,10 +87,6 @@ params:
       required: false
       value_in_examples: [ "param-old:param-new", "param2-old:param2-new" ]
       description: List of parameter name:value pairs. Rename the parameter name if and only if content-type is one the following [`application/json`, `multipart/form-data`,  `application/x-www-form-urlencoded`] and parameter is present.
-    - name: append.headers
-      required: false
-      value_in_examples: [ "x-existing-header:some_value", "x-another-header:some_value" ]
-      description: List of headername:value pairs. If the header is not set, set it with the given value. If it is already set, a new header with the same name and the new value will be set.
     - name: replace.body
       required: false
       description: List of paramname:value pairs. If and only if content-type is one the following [`application/json`, `multipart/form-data`, `application/x-www-form-urlencoded`] and the parameter is already present, replace its old value with the new one. Ignored if the parameter is not already present.
diff --git a/app/_hub/kong-inc/response-ratelimiting/index.md b/app/_hub/kong-inc/response-ratelimiting/index.md
index 6d62e915bc43..80ab881bb934 100644
--- a/app/_hub/kong-inc/response-ratelimiting/index.md
+++ b/app/_hub/kong-inc/response-ratelimiting/index.md
@@ -24,6 +24,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
diff --git a/app/_hub/kong-inc/response-transformer-advanced/0.35-x.md b/app/_hub/kong-inc/response-transformer-advanced/0.35-x.md
index d58b03492775..03b6d9cb5ee4 100755
--- a/app/_hub/kong-inc/response-transformer-advanced/0.35-x.md
+++ b/app/_hub/kong-inc/response-transformer-advanced/0.35-x.md
@@ -15,6 +15,7 @@ type: plugin
 categories:
   - transformations
 
+enterprise: true
 kong_version_compatibility:
     enterprise_edition:
       compatible:
diff --git a/app/_hub/kong-inc/response-transformer-advanced/index.md b/app/_hub/kong-inc/response-transformer-advanced/index.md
index 443549ee2066..ae2c0b605492 100755
--- a/app/_hub/kong-inc/response-transformer-advanced/index.md
+++ b/app/_hub/kong-inc/response-transformer-advanced/index.md
@@ -15,6 +15,7 @@ type: plugin
 categories:
   - transformations
 
+enterprise: true
 kong_version_compatibility:
     enterprise_edition:
       compatible:
diff --git a/app/_hub/kong-inc/response-transformer/index.md b/app/_hub/kong-inc/response-transformer/index.md
index 4145edac5efc..b24ad67c12cd 100644
--- a/app/_hub/kong-inc/response-transformer/index.md
+++ b/app/_hub/kong-inc/response-transformer/index.md
@@ -18,6 +18,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
diff --git a/app/_hub/kong-inc/serverless-functions/index.md b/app/_hub/kong-inc/serverless-functions/index.md
index 595cad8bea95..ab0030e48853 100644
--- a/app/_hub/kong-inc/serverless-functions/index.md
+++ b/app/_hub/kong-inc/serverless-functions/index.md
@@ -16,6 +16,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
diff --git a/app/_hub/kong-inc/session/index.md b/app/_hub/kong-inc/session/index.md
index 4bb2e131cf35..6097e34b959a 100644
--- a/app/_hub/kong-inc/session/index.md
+++ b/app/_hub/kong-inc/session/index.md
@@ -2,6 +2,9 @@
 name: Session
 publisher: Kong Inc.
 version: 2.0.0-x
+redirect_from:
+  - /hub/kong-in/sessions
+  - /hub/kong-inc/sessions
 
 desc: Support sessions for Kong Authentication Plugins.
 description: |
@@ -32,8 +35,7 @@ params:
       required: false
       default: random number generated from `kong.utils.random_string`
       value_in_examples: opensesame
-      description:
-        The secret that is used in keyed HMAC generation.​
+      description: The secret that is used in keyed HMAC generation.​
     - name: cookie_name
       required: false
       default: '`session`'
@@ -48,22 +50,22 @@ params:
       description: The duration (in seconds) of a session remaining at which point the Plugin renews the session
     - name: cookie_path
       required: false
-      default: "/"
+      default: '/'
       description: The resource in the host where the cookie is available
     - name: cookie_domain
       required: false
       default: Set using Nginx variable host, but may be overridden
       description: The domain with which the cookie is intended to be exchanged
     - name: cookie_samesite
-      required: false 
-      default: "Strict"
+      required: false
+      default: 'Strict'
       description: 'Determines whether and how a cookie may be sent with cross-site requests. "Strict": the browser will send cookies only if the request originated from the website that set the cookie. "Lax": same-site cookies are withheld on cross-domain subrequests, but will be sent when a user navigates to the URL from an external site, for example, by following a link. "off": disables the same-site attribute so that a cookie may be sent with cross-site requests. https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#SameSite_cookies'
     - name: cookie_httponly
       required: false
       default: true
       description: Applies the `HttpOnly` tag so that the cookie is sent only to a server https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Secure_and_HttpOnly_cookies
     - name: cookie_secure
-      required: false 
+      required: false
       default: true
       description: Applies the Secure directive so that the cookie may be sent to the server only with an encrypted request over the HTTPS protocol https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Secure_and_HttpOnly_cookies
     - name: cookie_discard
@@ -71,22 +73,21 @@ params:
       default: 10
       description: The duration (in seconds) after which an old session’s TTL is updated that an old cookie is discarded.
     - name: storage
-      required: false 
-      default: "cookie"
+      required: false
+      default: 'cookie'
       description: "Determines where the session data is stored. `kong`: stores encrypted session data into Kong's current database strategy (e.g. Postgres, Cassandra); the cookie will not contain any session data. `cookie`: stores encrypted session data within the cookie itself."
     - name: logout_methods
-      required: false 
+      required: false
       default: '[`"POST"`, `"DELETE"`]'
       description: 'The methods that may be used to end sessions: POST, DELETE, GET.'
     - name: logout_query_arg
-      required: false 
+      required: false
       default: session_logout
       description: The query argument passed to logout requests.
     - name: logout_post_arg
-      required: false 
+      required: false
       default: session_logout
       description: The post argument passed to logout requests. Do not change this property.
-
 ---
 
 ## Usage
@@ -99,13 +100,13 @@ Once the Kong Session **Plugin** is enabled in conjunction with an Authenticatio
 it will run prior to credential verification. If no session is found, then the
 authentication **Plugin** will run and credentials will be checked as normal. If the
 credential verification is successful, then the session **Plugin** will create a new
-session for usage with subsequent requests. 
+session for usage with subsequent requests.
 
-When a new request comes in, and a session is present, then the Kong Session 
-**Plugin** will attach the `ngx.ctx` variables to let the authentication 
-**Plugin** know that authentication has already occured via session validation. 
-Since this configuration is a logical OR scenario, it is desired that anonymous 
-access be forbidden, then the [Request Termination] **Plugin** should be 
+When a new request comes in, and a session is present, then the Kong Session
+**Plugin** will attach the `ngx.ctx` variables to let the authentication
+**Plugin** know that authentication has already occured via session validation.
+Since this configuration is a logical OR scenario, it is desired that anonymous
+access be forbidden, then the [Request Termination] **Plugin** should be
 configured on an anonymous consumer. Failure to do so will allow unauthorized
 requests. For more information please see section on [multiple authentication].
 
@@ -115,166 +116,168 @@ For usage with [Key Auth] **Plugin**
 
 1. Create an example Service and a Route
 
-    Issue the following cURL request to create `example-service` pointing to 
-    mockbin.org, which will echo the request:
+   Issue the following cURL request to create `example-service` pointing to
+   mockbin.org, which will echo the request:
 
-    ```bash
-    $ curl -i -X POST \
-      --url http://localhost:8001/services/ \
-      --data 'name=example-service' \
-      --data 'url=http://mockbin.org/request'
-    ```
+   ```bash
+   $ curl -i -X POST \
+     --url http://localhost:8001/services/ \
+     --data 'name=example-service' \
+     --data 'url=http://mockbin.org/request'
+   ```
 
-    Add a route to the Service:
+   Add a route to the Service:
 
-    ```bash
-    $ curl -i -X POST \
-      --url http://localhost:8001/services/example-service/routes \
-      --data 'paths[]=/sessions-test'
-    ```
+   ```bash
+   $ curl -i -X POST \
+     --url http://localhost:8001/services/example-service/routes \
+     --data 'paths[]=/sessions-test'
+   ```
 
-    The url `http://localhost:8000/sessions-test` will now echo whatever is being 
-    requested.
+   The url `http://localhost:8000/sessions-test` will now echo whatever is being
+   requested.
 
 1. Configure the key-auth **Plugin** for the Service
 
-    Issue the following cURL request to add the key-auth **Plugin** to the Service:
+   Issue the following cURL request to add the key-auth **Plugin** to the Service:
 
-    ```bash
-    $ curl -i -X POST \
-      --url http://localhost:8001/services/example-service/plugins/ \
-      --data 'name=key-auth'
-    ```
+   ```bash
+   $ curl -i -X POST \
+     --url http://localhost:8001/services/example-service/plugins/ \
+     --data 'name=key-auth'
+   ```
 
-    Be sure to note the created **Plugin** `id` - it will be needed later.
+   Be sure to note the created **Plugin** `id` - it will be needed later.
 
 1. Verify that the key-auth **Plugin** is properly configured
 
-    Issue the following cURL request to verify that the [key-auth][key-auth]
-    **Plugin** was properly configured on the Service:
+   Issue the following cURL request to verify that the [key-auth][key-auth]
+   **Plugin** was properly configured on the Service:
 
-    ```bash
-    $ curl -i -X GET \
-      --url http://localhost:8000/sessions-test
-    ```
+   ```bash
+   $ curl -i -X GET \
+     --url http://localhost:8000/sessions-test
+   ```
 
-    Since the required header or parameter `apikey` was not specified, and 
-    anonymous access was not yet enabled, the response should be `401 Unauthorized`:
+   Since the required header or parameter `apikey` was not specified, and
+   anonymous access was not yet enabled, the response should be `401 Unauthorized`:
 
 1. Create a Consumer and an anonymous Consumer
 
-    Every request proxied and authenticated by Kong must be associated with a 
-    Consumer. You'll now create a Consumer named `anonymous_users` by issuing 
-    the following request:
+   Every request proxied and authenticated by Kong must be associated with a
+   Consumer. You'll now create a Consumer named `anonymous_users` by issuing
+   the following request:
 
-    ```bash
-    $ curl -i -X POST \
-      --url http://localhost:8001/consumers/ \
-      --data "username=anonymous_users"
-    ```
+   ```bash
+   $ curl -i -X POST \
+     --url http://localhost:8001/consumers/ \
+     --data "username=anonymous_users"
+   ```
 
-    Be sure to note the Consumer `id` - you'll need it in a later step.
+   Be sure to note the Consumer `id` - you'll need it in a later step.
 
-    Now create a consumer that will authenticate via sessions
-    ```bash
-    $ curl -i -X POST \
-      --url http://localhost:8001/consumers/ \
-      --data "username=fiona"
-    ```
+   Now create a consumer that will authenticate via sessions
+
+   ```bash
+   $ curl -i -X POST \
+     --url http://localhost:8001/consumers/ \
+     --data "username=fiona"
+   ```
 
 1. Provision key-auth credentials for your Consumer
-    
-    ```bash
-    $ curl -i -X POST \
-      --url http://localhost:8001/consumers/fiona/key-auth/ \
-      --data 'key=open_sesame'
-    ```
+
+   ```bash
+   $ curl -i -X POST \
+     --url http://localhost:8001/consumers/fiona/key-auth/ \
+     --data 'key=open_sesame'
+   ```
 
 1. Enable anonymous access
 
-    You'll now re-configure the key-auth **Plugin** to permit anonymous access by 
-    issuing the following request (**replace the uuids below by the `id` value
-    from previous steps**):
+   You'll now re-configure the key-auth **Plugin** to permit anonymous access by
+   issuing the following request (**replace the uuids below by the `id` value
+   from previous steps**):
 
-    ```bash
-    $ curl -i -X PATCH \
-      --url http://localhost:8001/plugins/<your-key-auth-plugin-id> \
-      --data "config.anonymous=<anonymous_consumer_id>"
-    ```
+   ```bash
+   $ curl -i -X PATCH \
+     --url http://localhost:8001/plugins/<your-key-auth-plugin-id> \
+     --data "config.anonymous=<anonymous_consumer_id>"
+   ```
 
 1. Add the Kong Session **Plugin** to the service
 
-    ```bash
-    $ curl -X POST http://localhost:8001/services/example-service/plugins \
-        --data "name=session"  \
-        --data "config.storage=kong" \
-        --data "config.cookie_secure=false"
-    ```
-    > Note: cookie_secure is true by default, and should always be true, but is set to
-    false for the sake of this demo in order to avoid using HTTPS.
+   ```bash
+   $ curl -X POST http://localhost:8001/services/example-service/plugins \
+       --data "name=session"  \
+       --data "config.storage=kong" \
+       --data "config.cookie_secure=false"
+   ```
+
+   > Note: cookie_secure is true by default, and should always be true, but is set to
+   > false for the sake of this demo in order to avoid using HTTPS.
 
 1. Add the Request Termination **Plugin**
 
-    To disable anonymous access to only allow users access via sessions or via
-    authentication credentials, enable the Request Termination **Plugin**.
+   To disable anonymous access to only allow users access via sessions or via
+   authentication credentials, enable the Request Termination **Plugin**.
 
-    ```bash
-    $ curl -X POST http://localhost:8001/services/example-service/plugins \
-        --data "name=request-termination"  \
-        --data "config.status_code=403" \
-        --data "config.message=So long and thanks for all the fish!" \
-        --data "consumer.id=<anonymous_consumer_id>"
-    ```
+   ```bash
+   $ curl -X POST http://localhost:8001/services/example-service/plugins \
+       --data "name=request-termination"  \
+       --data "config.status_code=403" \
+       --data "config.message=So long and thanks for all the fish!" \
+       --data "consumer.id=<anonymous_consumer_id>"
+   ```
 
 ### Setup Without a Database
 
 Add all these to the declarative config file:
 
-``` yaml
+```yaml
 services:
-- name: example-service
-  url: http://mockbin.org/request
+  - name: example-service
+    url: http://mockbin.org/request
 
 routes:
-- service: example-service
-  paths: [ "/sessions-test" ]
+  - service: example-service
+    paths: ['/sessions-test']
 
 consumers:
-- username: anonymous_users
-  # manually set to fixed uuid in order to use it in key-auth plugin
-  id: 81823632-10c0-4098-a4f7-31062520c1e6
-- username: fiona
+  - username: anonymous_users
+    # manually set to fixed uuid in order to use it in key-auth plugin
+    id: 81823632-10c0-4098-a4f7-31062520c1e6
+  - username: fiona
 
 keyauth_credentials:
-- consumer: fiona
-  key: open_sesame
+  - consumer: fiona
+    key: open_sesame
 
 plugins:
-- name: key-auth
-  service: example-service
-  config:
-    # using the anonymous consumer fixed uuid (can't use the username)
-    anonymous: 81823632-10c0-4098-a4f7-31062520c1e6
-    # cookie_secure is true by default, and should always be true,
-    # but is set to false for the sake of this demo in order to avoid using HTTPS.
-    cookie_secure: false
-- name: session
-  config:
-    storage: kong
-    cookie_secure: false
-- name: request-termination
-  service: example-service
-  consumer: anonymous_users
-  config:
-    status_code: 403
-    message: "So long and thanks for all the fish!"
+  - name: key-auth
+    service: example-service
+    config:
+      # using the anonymous consumer fixed uuid (can't use the username)
+      anonymous: 81823632-10c0-4098-a4f7-31062520c1e6
+      # cookie_secure is true by default, and should always be true,
+      # but is set to false for the sake of this demo in order to avoid using HTTPS.
+      cookie_secure: false
+  - name: session
+    config:
+      storage: kong
+      cookie_secure: false
+  - name: request-termination
+    service: example-service
+    consumer: anonymous_users
+    config:
+      status_code: 403
+      message: 'So long and thanks for all the fish!'
 ```
 
 ### Verification
 
 1. Check that Anonymous requests are disabled
 
-   ``` bash
+   ```bash
      $ curl -i -X GET \
        --url http://localhost:8000/sessions-test
    ```
@@ -283,48 +286,49 @@ plugins:
 
 2. Verify that a user can authenticate via sessions
 
-    ```bash
-    $ curl -i -X GET \
-      --url http://localhost:8000/sessions-test?apikey=open_sesame
-    ```
+   ```bash
+   $ curl -i -X GET \
+     --url http://localhost:8000/sessions-test?apikey=open_sesame
+   ```
 
-    The response should now have the `Set-Cookie` header. Make sure that this
-    cookie works.
+   The response should now have the `Set-Cookie` header. Make sure that this
+   cookie works.
 
-    If cookie looks like this:
-    ```
-    Set-Cookie: session=emjbJ3MdyDsoDUkqmemFqw..|1544654411|4QMKAE3I-jFSgmvjWApDRmZHMB8.; Path=/; SameSite=Strict; HttpOnly
-    ```
+   If cookie looks like this:
 
-    Use it like this:
+   ```
+   Set-Cookie: session=emjbJ3MdyDsoDUkqmemFqw..|1544654411|4QMKAE3I-jFSgmvjWApDRmZHMB8.; Path=/; SameSite=Strict; HttpOnly
+   ```
 
-    ```bash
-      $ curl -i -X GET \
-        --url http://localhost:8000/sessions-test \
-        -H "cookie:session=emjbJ3MdyDsoDUkqmemFqw..|1544654411|4QMKAE3I-jFSgmvjWApDRmZHMB8."
-    ```
+   Use it like this:
+
+   ```bash
+     $ curl -i -X GET \
+       --url http://localhost:8000/sessions-test \
+       -H "cookie:session=emjbJ3MdyDsoDUkqmemFqw..|1544654411|4QMKAE3I-jFSgmvjWApDRmZHMB8."
+   ```
 
-    This request should succeed, and `Set-Cookie` response header will not appear
-    until renewal period.
+   This request should succeed, and `Set-Cookie` response header will not appear
+   until renewal period.
 
-1. You can also now verify cookie is attached to browser session: Navigate to 
-  http://localhost:8000/sessions-test  which should return `403` 
-  and see the message "So long and thanks for all the fish!"
-1. In same browser session, navigate to http://localhost:8000/sessions-test?apikey=open_sesame 
-  which should return `200`, authenticated via key-auth key query param.
-1. In same browser session, navigate to http://localhost:8000/sessions-test, 
-  which will now use the session cookie that was granted by the Kong Session 
-  **Plugin**.
+3. You can also now verify cookie is attached to browser session: Navigate to
+   http://localhost:8000/sessions-test which should return `403`
+   and see the message "So long and thanks for all the fish!"
+4. In same browser session, navigate to http://localhost:8000/sessions-test?apikey=open_sesame
+   which should return `200`, authenticated via key-auth key query param.
+5. In same browser session, navigate to http://localhost:8000/sessions-test,
+   which will now use the session cookie that was granted by the Kong Session
+   **Plugin**.
 
 ### Defaults
 
-By default, the Kong Session **Plugin** favors security using a `Secure`, `HTTPOnly`, 
-`Samesite=Strict` cookie. `cookie_domain` is automatically set using Nginx 
+By default, the Kong Session **Plugin** favors security using a `Secure`, `HTTPOnly`,
+`Samesite=Strict` cookie. `cookie_domain` is automatically set using Nginx
 variable host, but can be overridden.
 
 ### Session Data Storage
 
-The session data can be stored in the cookie itself (encrypted) `storage=cookie`, 
+The session data can be stored in the cookie itself (encrypted) `storage=cookie`,
 or inside [Kong](#-kong-storage-adapter). The session data stores two context
 variables:
 
@@ -339,37 +343,37 @@ the Kong Session **Plugin** extends the functionality of [lua-resty-session] wit
 session data storage adapter when `storage=kong`. This will store encrypted
 session data into the current database strategy (e.g. postgres, cassandra etc.)
 and the cookie will not contain any session data. Data stored in the database is
-encrypted and the cookie will contain only the session id, expiration time and 
-HMAC signature. Sessions will use the built-in Kong DAO `ttl` mechanism which destroys 
-sessions after specified `cookie_lifetime` unless renewal occurs during normal 
-browser activity. It is recommended that the application logout via XHR request 
+encrypted and the cookie will contain only the session id, expiration time and
+HMAC signature. Sessions will use the built-in Kong DAO `ttl` mechanism which destroys
+sessions after specified `cookie_lifetime` unless renewal occurs during normal
+browser activity. It is recommended that the application logout via XHR request
 (or something similar) to manually handle redirects.
 
 ## Logging Out
 
 It is typical to provide users the ability to log out (i.e. to manually destroy) their
-current session. Logging out is possible with either query params or `POST` params in 
+current session. Logging out is possible with either query params or `POST` params in
 the request URL. The config's `logout_methods` allows the **Plugin** to limit logging
-out based on the HTTP verb. When `logout_query_arg` is set, it will check the 
+out based on the HTTP verb. When `logout_query_arg` is set, it will check the
 presence of the URL query param specified, and likewise when `logout_post_arg`
 is set it will check the presence of the specified variable in the request body.
-Allowed HTTP verbs are `GET`, `DELETE`, and `POST`. When there is a session 
-present and the incoming request is a logout request, the Kong Session **Plugin** will 
+Allowed HTTP verbs are `GET`, `DELETE`, and `POST`. When there is a session
+present and the incoming request is a logout request, the Kong Session **Plugin** will
 return a 200 before continuing in the **Plugin** run loop, and the request will not
 continue to the upstream.
 
 ## Known Limitations
 
 Due to limitations of OpenResty, the `header_filter` phase cannot connect to the
-database, which poses a problem for initial retrieval of cookie (fresh session). 
-There is a small window of time where cookie is sent to client, but database 
-insert has not yet been committed, as database call is in `ngx.timer` thread. 
-Current workaround is to wait some interval of time (~100-500ms) after 
+database, which poses a problem for initial retrieval of cookie (fresh session).
+There is a small window of time where cookie is sent to client, but database
+insert has not yet been committed, as database call is in `ngx.timer` thread.
+Current workaround is to wait some interval of time (~100-500ms) after
 `Set-Cookie` header is sent to client before making subsequent requests. This is
 _not_ a problem during session renewal period as renew happens in `access` phase.
 
-[Plugin]: https://docs.konghq.com/hub/
+[plugin]: https://docs.konghq.com/hub/
 [lua-resty-session]: https://github.com/bungle/lua-resty-session
 [multiple authentication]: https://docs.konghq.com/0.14.x/auth/#multiple-authentication
-[Key Auth]: https://docs.konghq.com/hub/kong-inc/key-auth/
-[Request Termination]: https://docs.konghq.com/hub/kong-inc/request-termination/
+[key auth]: https://docs.konghq.com/hub/kong-inc/key-auth/
+[request termination]: https://docs.konghq.com/hub/kong-inc/request-termination/
diff --git a/app/_hub/kong-inc/statsd/index.md b/app/_hub/kong-inc/statsd/index.md
index 8c45ece88847..dac0d5a01f74 100644
--- a/app/_hub/kong-inc/statsd/index.md
+++ b/app/_hub/kong-inc/statsd/index.md
@@ -26,6 +26,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
@@ -50,7 +51,7 @@ params:
   service_id: true
   route_id: true
   consumer_id: true
-  protocols: ["http", "https"]
+  protocols: ["http", "https", "grpc", "grpcs"]
   dbless_compatible: yes
   config:
     - name: host
diff --git a/app/_hub/kong-inc/syslog/index.md b/app/_hub/kong-inc/syslog/index.md
index bca9a0abbf53..37e1481783cf 100644
--- a/app/_hub/kong-inc/syslog/index.md
+++ b/app/_hub/kong-inc/syslog/index.md
@@ -14,6 +14,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
@@ -40,7 +41,7 @@ params:
   service_id: true
   route_id: true
   consumer_id: true
-  protocols: ["http", "https"]
+  protocols: ["http", "https", "grpc", "grpcs"]
   dbless_compatible: yes
   config:
     - name: successful_severity
diff --git a/app/_hub/kong-inc/tcp-log/index.md b/app/_hub/kong-inc/tcp-log/index.md
index 9b4cb8e2b37c..16fd0c282ae4 100644
--- a/app/_hub/kong-inc/tcp-log/index.md
+++ b/app/_hub/kong-inc/tcp-log/index.md
@@ -22,6 +22,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
@@ -52,7 +53,7 @@ params:
   service_id: true
   route_id: true
   consumer_id: true
-  protocols: ["http", "https"]
+  protocols: ["http", "https", "grpc", "grpcs"]
   dbless_compatible: yes
   config:
     - name: host
diff --git a/app/_hub/kong-inc/udp-log/index.md b/app/_hub/kong-inc/udp-log/index.md
index 94814aed33ff..d5f1dc5bd2da 100644
--- a/app/_hub/kong-inc/udp-log/index.md
+++ b/app/_hub/kong-inc/udp-log/index.md
@@ -14,6 +14,7 @@ categories:
 kong_version_compatibility:
     community_edition:
       compatible:
+        - 1.3.x
         - 1.2.x
         - 1.1.x
         - 1.0.x
@@ -44,7 +45,7 @@ params:
   service_id: true
   route_id: true
   consumer_id: true
-  protocols: ["http", "https"]
+  protocols: ["http", "https", "grpc", "grpcs"]
   dbless_compatible: yes
   config:
     - name: host
diff --git a/app/_hub/kong-inc/upstream-tls/index.md b/app/_hub/kong-inc/upstream-tls/index.md
index 1dc946bda062..be55ec562be5 100644
--- a/app/_hub/kong-inc/upstream-tls/index.md
+++ b/app/_hub/kong-inc/upstream-tls/index.md
@@ -60,4 +60,4 @@ It can also be applied globally (for every Route, Service, or API) using the
 
 ### Known Issues
 
-Only one root CA cert can be used to verify against the upstream. If you upload a pem file with multiple certs it must be the first certificate in your uploaded pem file.
+PATCH requests to the `trust_certificates` configuration will not take affect until Kong is reloaded. This can be accomplished with the `kong reload` command.
diff --git a/app/_hub/kong-inc/vault-auth/index.md b/app/_hub/kong-inc/vault-auth/index.md
index a671fb0dcbd0..24270808fbe9 100644
--- a/app/_hub/kong-inc/vault-auth/index.md
+++ b/app/_hub/kong-inc/vault-auth/index.md
@@ -6,7 +6,7 @@ version: 0.36-x
 
 desc: Add Vault authentication to your Services
 description: |
-  Add authentication to a Service or Route with an access token and secret token. Credential tokens are stored securely via Vault. Credential lifecyles can be managed through the Kong Admin API, or independantly via Vault.
+  Add authentication to a Service or Route with an access token and secret token. Credential tokens are stored securely via Vault. Credential lifecyles can be managed through the Kong Admin API, or independently via Vault.
 
 enterprise: true
 type: plugin
diff --git a/app/_hub/kong-inc/zipkin/index.md b/app/_hub/kong-inc/zipkin/index.md
index 9d674af848d1..da5603921bc2 100644
--- a/app/_hub/kong-inc/zipkin/index.md
+++ b/app/_hub/kong-inc/zipkin/index.md
@@ -1,6 +1,8 @@
 ---
 name: Zipkin
 publisher: Kong Inc.
+redirect_from:
+  - /hub/kong-inc/zipkin/http-log/
 version: 1.0.0
 
 source_url: https://github.com/Kong/kong-plugin-zipkin
@@ -22,41 +24,52 @@ categories:
   - analytics-monitoring
 
 kong_version_compatibility:
-    community_edition:
-      compatible:
-        - 1.2.x
-        - 1.1.x
-        - 1.0.x
-        - 0.14.x
-    enterprise_edition:
-      compatible:
-        - 0.36-x
-        - 0.35-x
-        - 0.34-x
-        - 0.33-x
-        - 0.32-x
+  community_edition:
+    compatible:
+      - 1.3.x
+      - 1.2.x
+      - 1.1.x
+      - 1.0.x
+      - 0.14.x
+  enterprise_edition:
+    compatible:
+      - 0.36-x
+      - 0.35-x
+      - 0.34-x
+      - 0.33-x
+      - 0.32-x
 
 params:
   name: zipkin
   service_id: true
   route_id: true
   consumer_id: true
-  protocols: ["http", "https", "tcp", "tls"]
+  protocols: ['http', 'https', 'tcp', 'tls', 'grpc', 'grpcs']
   dbless_compatible: yes
   config:
     - name: http_endpoint
       required: true
-      default: ""
+      default: ''
       value_in_examples: http://your.zipkin.collector:9411/api/v2/spans
       description: |
         The full HTTP(S) endpoint to which Zipkin spans should be sent by Kong.
     - name: sample_ratio
       required: false
-      default: "`0.001`"
+      default: '`0.001`'
       value_in_examples: 0.001
       description: |
         How often to sample requests that do not contain trace ids.
         Set to `0` to turn sampling off, or to `1` to sample **all** requests.
+    - name: default_service_name
+      required: false
+      description: |
+        The default service name to override the unknown-service-name spans.
+    - name: include_credential
+      required: true
+      default: true
+      value_in_examples: true
+      description: |
+        Should the credential of the currently authenticated consumer be included in metadata sent to the Zipkin server?
 
 ---
 
@@ -76,7 +89,6 @@ An opentracing "injector" adds trace information to an outgoing request. Current
 
 This plugin follows Zipkin's ["B3" specification](https://github.com/openzipkin/b3-propagation/) as to which HTTP headers to use. Additionally, it supports [Jaegar](http://jaegertracing.io/)-style `uberctx-` headers for propagating [baggage](https://github.com/opentracing/specification/blob/master/specification.md#set-a-baggage-item).
 
-
 ### Reporter
 
 An opentracing "reporter" is how tracing data is reported to another system.
@@ -84,7 +96,6 @@ This plugin records tracing data for a given request, and sends it as a batch to
 
 The `http_endpoint` configuration variable must contain the full uri including scheme, host, port and path sections (i.e. your uri likely ends in `/api/v2/spans`).
 
-
 ## FAQ
 
 ### Can I use this plugin with other tracing systems, like Jaeger?
diff --git a/app/_includes/nav.html b/app/_includes/nav.html
index 33c251d40d20..274207559487 100644
--- a/app/_includes/nav.html
+++ b/app/_includes/nav.html
@@ -104,7 +104,7 @@ <h5 class="list-group-item-action">Service Control Platform</h5>
           </div> <!-- list-group -->
         </li>
         <li class="navbar-item">
-          <a href="https://docs.konghq.com/hub" class="nav-link">Hub</a>
+          <a href="https://docs.konghq.com/hub" class="nav-link">Plugins</a>
         </li>
     </ul>
     <a href="http://konghq.com/" class="navbar-brand col col-xl-auto">
@@ -299,7 +299,7 @@ <h5 class="col-12"><a class="back nav-link"><i class="fas fa-chevron-left"></i>&
 
   <div class="kong-navbar-collapse_section section-left">
     <h5 class="remove">
-      <a class="nav-link" href="https://docs.konghq.com/hub">Hub</a>
+      <a class="nav-link" href="https://docs.konghq.com/hub">Plugins</a>
     </h5>
   </div>
 
diff --git a/app/_layouts/changelog.html b/app/_layouts/changelog.html
index 9ebda0723697..943668ebcb7a 100644
--- a/app/_layouts/changelog.html
+++ b/app/_layouts/changelog.html
@@ -19,7 +19,7 @@
         <img src="/assets/images/icons/icn-documentation{% if page.edition == 'enterprise' %}-ee{%else%}-ce{% endif %}.svg"
           alt="Documentation" />
       </div>
-      <div class="page-header-title {% if page.edition=='enterprise' %} page-header-title-enterprise {% endif %}">
+      <div class="page-header-title">
         <h1>{{page.title}}</h1>
       </div>
   </header>
diff --git a/app/_layouts/docs.html b/app/_layouts/docs.html
index b1058fbb6c68..f65f270b73a5 100644
--- a/app/_layouts/docs.html
+++ b/app/_layouts/docs.html
@@ -20,7 +20,7 @@
         <img src="/assets/images/icons/icn-documentation{% if page.edition == 'enterprise' %}-ee{%else%}-ce{% endif %}.svg"
           alt="Documentation" />
       </div>
-      <div class="page-header-title {% if page.edition=='enterprise' %} page-header-title-enterprise {% endif %}">
+      <div class="page-header-title">
         <h1>{{page.title}}</h1>
       </div>
 
@@ -42,12 +42,10 @@ <h1>{{page.title}}</h1>
           </li>
           {% endfor %}
         </ul>
-        {% if page.edition == 'community' %}
         <div id="getkong-algolia-search" class="search-input">
           <i class="fa fa-search"></i>
           <input type="text" placeholder="Search" id="getkong-algolia-search-input" />
         </div>
-        {% endif %}
       </div>
       {% endif %}
     </div>
@@ -143,8 +141,10 @@ <h2 id="table-of-contents">Table of Contents</h2>
     }
   }
 </style>
-{% if page.edition == 'community' %}
+
 <script type="text/javascript" src="https://cdn.jsdelivr.net/npm/docsearch.js@2/dist/cdn/docsearch.min.js"></script>
+
+{% if page.edition == 'community' %}
 <script type="text/javascript">
   docsearch({
     apiKey: '691286ef280379144076a4f8df47a1d1',
@@ -162,6 +162,28 @@ <h2 id="table-of-contents">Table of Contents</h2>
     }
     // ,debug: true // Set debug to true if you want to inspect the dropdown
   });
+</script>
+{% endif %}
+
+{% if page.edition == 'enterprise' %}
+<script type="text/javascript">
+  docsearch({
+    appId: 'T5JKD83LWT',
+    apiKey: '1390283021f26e36117242934deb8d9d',
+    indexName: 'prod_EE',
+    inputSelector: '#getkong-algolia-search-input',
+    algoliaOptions: {
+      hitsPerPage: 5,
+      'facetFilters': ["version: {{page.kong_version}}"]
+    },
+    // Override selected event to allow for local environment navigation
+    handleSelected: function (input, event, suggestion) {
+      input.setVal('');
+      window.location.href = window.location.protocol + "//" + window.location.host + suggestion.url.split(
+        "docs.konghq.com")[1]
+    }
+    // ,debug: true // Set debug to true if you want to inspect the dropdown
+  });
 
 </script>
 {% endif %}
diff --git a/app/_layouts/reference.html b/app/_layouts/reference.html
new file mode 100644
index 000000000000..689ace1e9f41
--- /dev/null
+++ b/app/_layouts/reference.html
@@ -0,0 +1,31 @@
+---
+layout: default
+---
+
+<div class="page {{ page.class }}">
+  <header class="page-header">
+    <div class="container">
+      <div class="edit-this-page">
+        <a target="_blank" href="https://github.com/Kong/docs.konghq.com/tree/master/app/{{page.path}}"><i class="fa fa-github"></i>
+          Edit this Page</a>
+      </div>
+      <nav class="docs-navigation">
+        <a href="/" {% if page.edition=='community' %} class="active" {% endif %}>Kong</a>
+        <a href="/enterprise" {% if page.edition=='enterprise' %} class="active" {% endif %}>Kong Enterprise</a>
+        <span class="sidebar-toggle">Open Sidebar</span>
+      </nav>
+      <div class="page-header-icon">
+        <img src="/assets/images/icons/icn-documentation{% if page.edition == 'enterprise' %}-ee{%else%}-ce{% endif %}.svg"
+          alt="Documentation" />
+      </div>
+      <div class="page-header-title">
+        <h1>{{page.title}}</h1>
+      </div>
+    </div>
+  </header>
+  <div class="container">
+    <div class="content">
+      {{ content }}
+    </div>
+  </div>
+</div>
diff --git a/app/careers/index.md b/app/careers/index.md
new file mode 100644
index 000000000000..890516d35dc9
--- /dev/null
+++ b/app/careers/index.md
@@ -0,0 +1,3 @@
+---
+redirect_to: https://konghq.com/careers/
+---
diff --git a/app/enterprise/0.31-x/developer-portal/faq.md b/app/enterprise/0.31-x/developer-portal/faq.md
index 6b9b8856c3de..1ed4de947385 100644
--- a/app/enterprise/0.31-x/developer-portal/faq.md
+++ b/app/enterprise/0.31-x/developer-portal/faq.md
@@ -1,5 +1,6 @@
 ---
 title: FAQ Kong Developer Portal
+redirect_from: '/enterprise/0.31-x/developer-portal/FAQ'
 ---
 
 # FAQ
@@ -10,9 +11,9 @@ I am going to [:8003](http://127.0.0.1:8003/) but I only see `{"message":"not fo
 
 When I browse to the Dev Portal, it is blank.
 
-* Check a few things:
-   * Are there files populated? Browse to [:8004/files](http://127.0.0.1:8004/files) to check. If you don't have any files in your Kong database, then the portal will not render anything.
-   * Difference between 127.0.0.1 vs localhost can affect authentication responses. Look into CORS plugin configuration, Kong configuration, and request url to ensure consistency.
-   * Which requests, if any, are failing? If you are getting 401 responses, double check proxy + plugin configuration, and make sure unauthenticated files can be requested without credentials
-   * Double check spelling of proxy URI with Kong configuration.
-   * Check your browser's console and networking output for errors and additional helpful information.
+- Check a few things:
+  - Are there files populated? Browse to [:8004/files](http://127.0.0.1:8004/files) to check. If you don't have any files in your Kong database, then the portal will not render anything.
+  - Difference between 127.0.0.1 vs localhost can affect authentication responses. Look into CORS plugin configuration, Kong configuration, and request url to ensure consistency.
+  - Which requests, if any, are failing? If you are getting 401 responses, double check proxy + plugin configuration, and make sure unauthenticated files can be requested without credentials
+  - Double check spelling of proxy URI with Kong configuration.
+  - Check your browser's console and networking output for errors and additional helpful information.
diff --git a/app/enterprise/0.32-x/developer-portal/faq.md b/app/enterprise/0.32-x/developer-portal/faq.md
index 5a3293407f91..365bc23fea9a 100644
--- a/app/enterprise/0.32-x/developer-portal/faq.md
+++ b/app/enterprise/0.32-x/developer-portal/faq.md
@@ -1,5 +1,6 @@
 ---
 title: FAQ Kong Developer Portal
+redirect_from: '/enterprise/0.32-x/developer-portal/FAQ'
 book: portal
 chapter: 11
 ---
@@ -8,7 +9,7 @@ chapter: 11
 
 ## Why do I get `{"message":"not found"}` when I visit my Developer Portal?
 
-You most likely have not configured the [`portal`][property_portal] 
+You most likely have not configured the [`portal`][property_portal]
 property correctly. Check your Kong Configuration and ensure that [`portal`][property_portal]
 is set to `on`.
 
@@ -32,24 +33,24 @@ enabled.
 
 ## What file types are supported?
 
-You can find a list of supported template types on the 
+You can find a list of supported template types on the
 [File Management][file_types] page.
 
 ## Does the developer portal support uploading images, scripts, and videos?
 
-Currently the Kong Developer Portal only supports text based content, custom 
+Currently the Kong Developer Portal only supports text based content, custom
 scripts &amp; styles, can be added by leveraging `partials`.
 
-Media like images, SVGs, and videos should be encoded and inserted inline or 
+Media like images, SVGs, and videos should be encoded and inserted inline or
 hosted elsewhere and referenced.
 
 ## Can I use other API specification formats like API Blueprint?
 
 Currently only Swagger 2 and OpenAPI 3 are supported.
 
-## Can I modify the Header and Meta tags? 
+## Can I modify the Header and Meta tags?
 
-Direct modification of the `<meta>` and `<head>` tags is currently not supported, 
+Direct modification of the `<meta>` and `<head>` tags is currently not supported,
 you can accomplish this through Custom JS included as a handlebars partial.
 
 ## Can I host my API spec files outside of the File API?
@@ -64,7 +65,7 @@ Currently content written in Markdown format is not supported.
 ## Can I change the code snippet languages displayed on my documentation?
 
 Yes! You can change the display and languages of the code snippets by modifying
-the `unauthenticated/code-snippet-languages.hbs` partial through the Portal API. 
+the `unauthenticated/code-snippet-languages.hbs` partial through the Portal API.
 See [Updating Files][file_updating] for more information.
 
 [file_types]: /enterprise/{{page.kong_version}}/developer-portal/file-management#file-types
diff --git a/app/enterprise/0.32-x/developer-portal/overview.md b/app/enterprise/0.32-x/developer-portal/overview.md
index a6401715aeb3..bc04824a7100 100644
--- a/app/enterprise/0.32-x/developer-portal/overview.md
+++ b/app/enterprise/0.32-x/developer-portal/overview.md
@@ -1,5 +1,6 @@
 ---
 title: Welcome to the Kong Developer Portal Preview
+redirect_from: '/enterprise/0.32-x/developer-portal/introduction/'
 book: portal
 chapter: 1
 ---
@@ -12,11 +13,11 @@ Thank you for installing Kong Enterprise Edition. This document orients you to K
 
 ## Assumptions
 
-* You have installed a recent version of Kong Enterprise Edition that includes Dev Portal functionality.
-    * Dev Portal was introduced in Kong EE v0.31
-* You are a Kong Admin, and have Super Admin permissions in Kong RBAC.
-    * Or, the RBAC feature of Kong EE is disabled.
-* You have a OpenAPI Specification v2 or v3 file (also known as a Swagger Specification, or a Swagger file) that documents at least part of your API. 
-    * This isn't a strict requirement to get started, but you'll need it soon. 
+- You have installed a recent version of Kong Enterprise Edition that includes Dev Portal functionality.
+  - Dev Portal was introduced in Kong EE v0.31
+- You are a Kong Admin, and have Super Admin permissions in Kong RBAC.
+  - Or, the RBAC feature of Kong EE is disabled.
+- You have a OpenAPI Specification v2 or v3 file (also known as a Swagger Specification, or a Swagger file) that documents at least part of your API.
+  - This isn't a strict requirement to get started, but you'll need it soon.
 
 Next: [Glossary &rsaquo;]({{page.book.next}})
diff --git a/app/enterprise/0.32-x/getting-started/enabling-plugins.md b/app/enterprise/0.32-x/getting-started/enabling-plugins.md
index 25276f0d7720..60b9cbf601a9 100644
--- a/app/enterprise/0.32-x/getting-started/enabling-plugins.md
+++ b/app/enterprise/0.32-x/getting-started/enabling-plugins.md
@@ -1,5 +1,6 @@
 ---
 title: Enabling Plugins
+redirect_from: '/0.32-x/getting-started/enabling-plugins'
 ---
 
 ## Introduction
diff --git a/app/enterprise/0.33-x/admin-gui/overview.md b/app/enterprise/0.33-x/admin-gui/overview.md
index 017df5427889..7ffc635ea631 100644
--- a/app/enterprise/0.33-x/admin-gui/overview.md
+++ b/app/enterprise/0.33-x/admin-gui/overview.md
@@ -1,5 +1,9 @@
 ---
 title: Welcome to the Kong Admin GUI
+redirect_from:
+  - /0.33-x/admin-api/
+  - /0.33-x/api-admin-gui/
+  - /enterprise/0.33-x/admin-gui/
 book: admin_gui
 chapter: 1
 toc: false
@@ -13,8 +17,8 @@ Thank you for installing Kong Enterprise Edition. This document orients you to K
 
 ## Assumptions
 
-* You have installed a recent version of Kong Enterprise Edition.
-* You are a Kong Admin, and have Super Admin permissions in Kong RBAC.
-    * Or, the RBAC feature of Kong EE is disabled.
+- You have installed a recent version of Kong Enterprise Edition.
+- You are a Kong Admin, and have Super Admin permissions in Kong RBAC.
+  - Or, the RBAC feature of Kong EE is disabled.
 
 Next: [Getting Started &rsaquo;]({{page.book.next}})
diff --git a/app/enterprise/0.33-x/developer-portal/configuration/getting-started.md b/app/enterprise/0.33-x/developer-portal/configuration/getting-started.md
index 7383a3a58eb8..06a0b173f850 100644
--- a/app/enterprise/0.33-x/developer-portal/configuration/getting-started.md
+++ b/app/enterprise/0.33-x/developer-portal/configuration/getting-started.md
@@ -8,9 +8,9 @@ chapter: 3
 
 1. Open the Kong configuration file in your editor of choice (`kong.conf`)
 2. Find and change the `portal` configuration option to `on` Don't forget to remove the `#` from the beginning of the line, it should now look like: `portal = on`.
-    - Enables the **Dev Portal Files endpoint** on Admin API which can be accessed at: `:8001/files`
-    - Enables the **Public Dev Portal Files API** which can be accessed at `:8004/files`
-    - Serves the **Dev Portal Loader** on port `:8003`
+   - Enables the **Dev Portal Files endpoint** on Admin API which can be accessed at: `:8001/files`
+   - Enables the **Public Dev Portal Files API** which can be accessed at `:8004/files`
+   - Serves the **Dev Portal Loader** on port `:8003`
 3. Restart Kong (`kong restart`)
 
 > Note: Not all deployments of Kong utilize a configuration file, if this describes you (or you are unsure) please reference the [Kong configuration docs](https://getkong.org/0.13.x/configuration/) in order to implement this step.
@@ -19,16 +19,18 @@ chapter: 3
 
 Now that you have enabled the Dev Portal in Kong, you can visit the Example Dev Portal:
 
-* Navigate your browser to `http://127.0.0.1:8003`
+- Navigate your browser to `http://127.0.0.1:8003`
 
 You should now see the Default Dev Portal Homepage, and be able to navigate through the example pages.
 
 ## Next Steps
 
 ### Adding Authentication
+
 To add Authentication, head on over to [Authenticating the Dev Portal](/enterprise/{{page.kong_version}}/developer-portal/configuration/authentication).
 
 ### Customizing
+
 To begin customizing your Dev Portal, jump to [Customizing the Kong Developer Portal](/enterprise/{{page.kong_version}}/developer-portal/customization).
 
 Next: [Authentication &rsaquo;]({{page.book.next}})
diff --git a/app/enterprise/0.33-x/developer-portal/faq.md b/app/enterprise/0.33-x/developer-portal/faq.md
index deab2f25db10..9bebab7c4d1e 100644
--- a/app/enterprise/0.33-x/developer-portal/faq.md
+++ b/app/enterprise/0.33-x/developer-portal/faq.md
@@ -1,6 +1,7 @@
 ---
 title: Kong Developer Portal FAQ
 book: portal
+redirect_from: '/enterprise/0.33-x/developer-portal/FAQ'
 chapter: 11
 ---
 
diff --git a/app/enterprise/0.33-x/developer-portal/overview.md b/app/enterprise/0.33-x/developer-portal/overview.md
index 69a82a24d461..93b50011b5bb 100644
--- a/app/enterprise/0.33-x/developer-portal/overview.md
+++ b/app/enterprise/0.33-x/developer-portal/overview.md
@@ -1,5 +1,6 @@
 ---
 title: Welcome to the Kong Developer Portal Preview
+redirect_from: '/enterprise/0.33-x/developer-portal/introduction/'
 book: portal
 chapter: 1
 toc: false
@@ -13,11 +14,11 @@ Thank you for installing Kong Enterprise Edition. This document orients you to K
 
 ## Assumptions
 
-* You have installed a recent version of Kong Enterprise Edition that includes Dev Portal functionality.
-    * Dev Portal was introduced in Kong EE v0.31
-* You are a Kong Admin, and have Super Admin permissions in Kong RBAC.
-    * Or, the RBAC feature of Kong EE is disabled.
-* You have a OpenAPI Specification v2 or v3 file (also known as a Swagger Specification, or a Swagger file) that documents at least part of your API.
-    * This isn't a strict requirement to get started, but you'll need it soon.
+- You have installed a recent version of Kong Enterprise Edition that includes Dev Portal functionality.
+  - Dev Portal was introduced in Kong EE v0.31
+- You are a Kong Admin, and have Super Admin permissions in Kong RBAC.
+  - Or, the RBAC feature of Kong EE is disabled.
+- You have a OpenAPI Specification v2 or v3 file (also known as a Swagger Specification, or a Swagger file) that documents at least part of your API.
+  - This isn't a strict requirement to get started, but you'll need it soon.
 
 Next: [Glossary &rsaquo;]({{page.book.next}})
diff --git a/app/enterprise/0.33-x/getting-started/enabling-plugins.md b/app/enterprise/0.33-x/getting-started/enabling-plugins.md
index 032554f3877f..059ba8828eb2 100644
--- a/app/enterprise/0.33-x/getting-started/enabling-plugins.md
+++ b/app/enterprise/0.33-x/getting-started/enabling-plugins.md
@@ -1,5 +1,8 @@
 ---
 title: Enabling Plugins
+redirect_from:
+  - /0.33-x/getting-started/enabling-plugins/
+  - /0.33-x/getting-started/enabling-plugins
 ---
 
 ## Introduction
diff --git a/app/enterprise/0.33-x/installation/docker.md b/app/enterprise/0.33-x/installation/docker.md
index 73d9eb40d69f..403a85557de0 100644
--- a/app/enterprise/0.33-x/installation/docker.md
+++ b/app/enterprise/0.33-x/installation/docker.md
@@ -1,5 +1,6 @@
 ---
 title: Installing Kong EE Docker Image
+redirect_from: '/enterprise/0.33-xinstallation/docker'
 ---
 
 <img src="/assets/images/distributions/docker.svg"/>
@@ -9,32 +10,32 @@ title: Installing Kong EE Docker Image
 A guide to installing Kong Enterprise Edition - and its license file - using
 Docker. **Trial users should skip directly to step 4**.
 
-1. Login to [bintray.com](https://bintray.com) - your credentials will have been
-emailed to you by your Sales or Support contact
+1.  Login to [bintray.com](https://bintray.com) - your credentials will have been
+    emailed to you by your Sales or Support contact
 
-2. In the upper right corner, click Edit Profile, so you can retrieve your API
-key, which you will use in step 3 - or click [here](https://bintray.com/profile/edit)
+2.  In the upper right corner, click Edit Profile, so you can retrieve your API
+    key, which you will use in step 3 - or click [here](https://bintray.com/profile/edit)
 
-3. For **users with existing contracts**, add the Kong Docker repository and
-pull the image:
+3.  For **users with existing contracts**, add the Kong Docker repository and
+    pull the image:
 
-    ```
-    $ docker login -u <your_username_from_bintray> -p <your_apikey_from_bintray> kong-docker-kong-enterprise-edition-docker.bintray.io
-    $ docker pull kong-docker-kong-enterprise-edition-docker.bintray.io/kong-enterprise-edition
-    ```
+        ```
+        $ docker login -u <your_username_from_bintray> -p <your_apikey_from_bintray> kong-docker-kong-enterprise-edition-docker.bintray.io
+        $ docker pull kong-docker-kong-enterprise-edition-docker.bintray.io/kong-enterprise-edition
+        ```
 
-4. For **trial users**, run the following, replacing `<your trial image URL>`
-with the URL you received in your welcome email:
+4.  For **trial users**, run the following, replacing `<your trial image URL>`
+    with the URL you received in your welcome email:
 
-    ```
-    curl -Lsv "<your trial image URL>" -o /tmp/kong-docker-ee.tar.gz
-    docker load -i /tmp/kong-docker-ee.tar.gz
-    ```
+        ```
+        curl -Lsv "<your trial image URL>" -o /tmp/kong-docker-ee.tar.gz
+        docker load -i /tmp/kong-docker-ee.tar.gz
+        ```
 
 You should now have your Kong Enterprise Free Trial image locally. Run
 `docker images` to find it.
 
-5. Tag it - for easier use in the commands below - as follows:
+5.  Tag it - for easier use in the commands below - as follows:
 
     ```
     docker tag <IMAGE ID> kong-ee
@@ -44,31 +45,31 @@ You should now have your Kong Enterprise Free Trial image locally. Run
     Enterprise 0.31-1 or `78ffc3bce991` if it is for 0.32. Recent Kong Enterprise
     Free Trial images (>= 0.33) come with a more intuitive name.
 
-6. Generally, we'll be following the instructions [here](/install/docker/) with
-some slight, but important, differences
+6.  Generally, we'll be following the instructions [here](/install/docker/) with
+    some slight, but important, differences
 
-7. For convenience, the commands will look something like this - **PostgreSQL 9.5
-is required**:
+7.  For convenience, the commands will look something like this - **PostgreSQL 9.5
+    is required**:
 
-    ```
-    docker run -d --name kong-ee-database \
-      -p 5432:5432 \
-      -e "POSTGRES_USER=kong" \
-      -e "POSTGRES_DB=kong" \
-      postgres:9.5
-    ```
+        ```
+        docker run -d --name kong-ee-database \
+          -p 5432:5432 \
+          -e "POSTGRES_USER=kong" \
+          -e "POSTGRES_DB=kong" \
+          postgres:9.5
+        ```
 
-8. To make the license data easier to handle, export it as a shell variable.
-Please note that **your license contents will differ**! Users with Bintray
-accounts should visit [https://bintray.com/kong/&lt;YOUR_REPO_NAME&gt;/license#files](https://bintray.com/kong/<YOUR_REPO_NAME>/license#files)
-to retrieve their license. Trial users should download their license from their
-welcome email. Once you have your license, you can set it in an environment variable:
+8.  To make the license data easier to handle, export it as a shell variable.
+    Please note that **your license contents will differ**! Users with Bintray
+    accounts should visit [https://bintray.com/kong/&lt;YOUR_REPO_NAME&gt;/license#files](https://bintray.com/kong/<YOUR_REPO_NAME>/license#files)
+    to retrieve their license. Trial users should download their license from their
+    welcome email. Once you have your license, you can set it in an environment variable:
 
-    ```sh
-    export KONG_LICENSE_DATA='{"license":{"signature":"LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tClZlcnNpb246IEdudVBHIHYyCgpvd0did012TXdDSFdzMTVuUWw3dHhLK01wOTJTR0tLWVc3UU16WTBTVTVNc2toSVREWk1OTFEzVExJek1MY3dTCjA0ek1UVk1OREEwc2pRM04wOHpNalZKVHpOTE1EWk9TVTFLTXpRMVRVNHpTRXMzTjA0d056VXdUTytKWUdNUTQKR05oWW1VQ21NWEJ4Q3NDc3lMQmorTVBmOFhyWmZkNkNqVnJidmkyLzZ6THhzcitBclZtcFZWdnN1K1NiKzFhbgozcjNCeUxCZzdZOVdFL2FYQXJ0NG5lcmVpa2tZS1ozMlNlbGQvMm5iYkRzcmdlWFQzek1BQUE9PQo9b1VnSgotLS0tLUVORCBQR1AgTUVTU0FHRS0tLS0tCg=","payload":{"customer":"Test Company Inc","license_creation_date":"2017-11-08","product_subscription":"Kong Enterprise Edition","admin_seats":"5","support_plan":"None","license_expiration_date":"2017-11-10","license_key":"00141000017ODj3AAG_a1V41000004wT0OEAU"},"version":1}}'
-    ```
+        ```sh
+        export KONG_LICENSE_DATA='{"license":{"signature":"LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tClZlcnNpb246IEdudVBHIHYyCgpvd0did012TXdDSFdzMTVuUWw3dHhLK01wOTJTR0tLWVc3UU16WTBTVTVNc2toSVREWk1OTFEzVExJek1MY3dTCjA0ek1UVk1OREEwc2pRM04wOHpNalZKVHpOTE1EWk9TVTFLTXpRMVRVNHpTRXMzTjA0d056VXdUTytKWUdNUTQKR05oWW1VQ21NWEJ4Q3NDc3lMQmorTVBmOFhyWmZkNkNqVnJidmkyLzZ6THhzcitBclZtcFZWdnN1K1NiKzFhbgozcjNCeUxCZzdZOVdFL2FYQXJ0NG5lcmVpa2tZS1ozMlNlbGQvMm5iYkRzcmdlWFQzek1BQUE9PQo9b1VnSgotLS0tLUVORCBQR1AgTUVTU0FHRS0tLS0tCg=","payload":{"customer":"Test Company Inc","license_creation_date":"2017-11-08","product_subscription":"Kong Enterprise Edition","admin_seats":"5","support_plan":"None","license_expiration_date":"2017-11-10","license_key":"00141000017ODj3AAG_a1V41000004wT0OEAU"},"version":1}}'
+        ```
 
-9. Run Kong migrations:
+9.  Run Kong migrations:
 
     ```
     docker run --rm --link kong-ee-database:kong-ee-database \
@@ -77,6 +78,7 @@ welcome email. Once you have your license, you can set it in an environment vari
       -e "KONG_LICENSE_DATA=$KONG_LICENSE_DATA" \
       kong-ee kong migrations up
     ```
+
     **Docker on Windows users:** Instead of the `KONG_LICENSE_DATA` environment variable, use the [volume bind](https://docs.docker.com/engine/reference/commandline/run/#options) option. For example, assuming you've saved your `license.json` file into `C:\temp`, use `--volume /c/temp/license.json:/etc/kong/license.json` to specify the license file
 
 10. Start Kong:
@@ -104,12 +106,13 @@ welcome email. Once you have your license, you can set it in an environment vari
       -p 8004:8004 \
       kong-ee
     ```
+
     **Docker on Windows users:** Instead of the `KONG_LICENSE_DATA` environment variable, use the [volume bind](https://docs.docker.com/engine/reference/commandline/run/#options) option. For example, assuming you've saved your `license.json` file into `C:\temp`, use `--volume /c/temp/license.json:/etc/kong/license.json` to specify the license file
 
 11. Congratulations! You now have Kong Enterprise installed and running. Test
-it by visiting the Admin GUI at http://localhost:8002 (replace `localhost` with your server IP or hostname when running Kong on
-a remote system). The Dev Portal should also be accessible
-by visiting http://localhost:8003.
+    it by visiting the Admin GUI at http://localhost:8002 (replace `localhost` with your server IP or hostname when running Kong on
+    a remote system). The Dev Portal should also be accessible
+    by visiting http://localhost:8003.
 
 ## Enable RBAC
 
@@ -118,34 +121,34 @@ allows you to create multiple profiles of Kong users - e.g., "super admins",
 "admins", "read only users", etc - and control which resources they have access
 to. To enable it:
 
-1. Create an initial RBAC super admin:
+1.  Create an initial RBAC super admin:
 
     ```
     curl -X POST http://localhost:8001/rbac/users/ -d name=admin -d user_token=12345
     curl -X POST http://localhost:8001/rbac/users/admin/roles -d roles=super-admin
     ```
 
-2. Start a bash session on the container:
+2.  Start a bash session on the container:
 
     ```
     docker exec -it kong-ee /bin/sh
     ```
 
-3. Reload Kong with RBAC enabled:
+3.  Reload Kong with RBAC enabled:
 
     ```
     KONG_ENFORCE_RBAC=on kong reload
     ```
 
-4. Confirm that your user token is working by passing the `Kong-Admin-Token`
-header in requests:
+4.  Confirm that your user token is working by passing the `Kong-Admin-Token`
+    header in requests:
 
-    ```
-    curl -X GET http://localhost:8001/status -H "Kong-Admin-Token: 12345"
-    ```
+        ```
+        curl -X GET http://localhost:8001/status -H "Kong-Admin-Token: 12345"
+        ```
 
-    If you are able to access Kong without issues, you can add `KONG_ENFORCE_RBAC=on`
-    to your initial container environment variables.
+        If you are able to access Kong without issues, you can add `KONG_ENFORCE_RBAC=on`
+        to your initial container environment variables.
 
 ## FAQs
 
@@ -163,25 +166,19 @@ Without a license properly referenced, you’ll get errors running migrations:
 Also, without a license, you will get no output if you do a `docker run` in
 "daemon mode" - the `-d` flag to `docker run`:
 
-
     $ docker run -d ... kong start
     26a995171e23e37f89a4263a10bb084120ab0dbed1aa11a71c888c8e0d74a0b6
 
-
 When you check the container, it won’t be running. Doing a `docker logs` will
 show you:
 
-
     $ docker logs <container name>
     nginx: [alert] Error validating Kong license: license path environment variable not set
 
-
 As awareness, another error that can occur due to the vagaries of the interactions
 between text editors and copy & paste changing straight quotes (" or ') into curly
 ones (“ or ” or ’ or ‘) is:
 
-​```
-nginx: [alert] Error validating Kong license: could not decode license json
-​```
+​`nginx: [alert] Error validating Kong license: could not decode license json ​`
 
 Your license data must contain only straight quotes to be considered valid JSON.
diff --git a/app/enterprise/0.33-x/kong-architecture-overview.md b/app/enterprise/0.33-x/kong-architecture-overview.md
index 5345f1b4a235..6db42368eeed 100644
--- a/app/enterprise/0.33-x/kong-architecture-overview.md
+++ b/app/enterprise/0.33-x/kong-architecture-overview.md
@@ -13,7 +13,7 @@ NGINX provides a robust HTTP server infrastructure. It handles HTTP request proc
 NGINX has a declarative configuration file that resides in its host operating system's filesystem. While some Kong features (e.g. determining upstream request routing based on a request's URL) are possible via NGINX configuration alone, modifying that configuration requires some level of operating system access to edit configuration files and to ask NGINX to reload them, whereas Kong allows users to update configuration via a RESTful HTTP API. [Kong's NGINX
 configuration](https://github.com/Kong/kong/tree/master/kong/templates) is fairly basic: beyond configuring standard headers, listening ports, and log paths, most configuration is delegated to OpenResty.
 
-In some cases, it's useful to add your own NGINX configuration alongside Kong's, e.g. to serve a static website alongside your API gateway. In those cases, you can [modify the configuration templates used by Kong](/latest/configuration/#custom-nginx-templates--embedding-kong).
+In some cases, it's useful to add your own NGINX configuration alongside Kong's, e.g. to serve a static website alongside your API gateway. In those cases, you can modify the configuration templates used by Kong.
 
 Requests handled by NGINX pass through a sequence of [phases](https://nginx.org/en/docs/dev/development_guide.html#http_phases). Much of NGINX's functionality (e.g. the [ability to use gzip compression](http://nginx.org/en/docs/http/ngx_http_gzip_module.html) is provided by modules (written in C) that hook into these phases. While it is possible to write your own modules, NGINX must be recompiled every time a module is added or updated. To simplify the process of adding new functionality, Kong uses OpenResty.
 
diff --git a/app/enterprise/0.33-x/rbac/overview.md b/app/enterprise/0.33-x/rbac/overview.md
index 087e04fdd8f9..1805a381db74 100644
--- a/app/enterprise/0.33-x/rbac/overview.md
+++ b/app/enterprise/0.33-x/rbac/overview.md
@@ -1,5 +1,6 @@
 ---
 title: RBAC Overview
+redirect_from: '/enterprise/0.33-x/plugins/rbac-api/'
 book: rbac
 chapter: 1
 ---
@@ -34,7 +35,7 @@ also allows Entity-Level permissions. As such, its configuration directive
 possible values is:
 
 - `on`: similarly to the previous RBAC implementation, applies Endpoint-level
-access control
+  access control
 - `entity`: applies **only** Entity-level access control
 - `both`: applies **both Endpoint and Entity level access control**
 - `off`: disables RBAC enforcement
@@ -138,19 +139,20 @@ As concrete examples, let's say we want to create a role implementing the
 following use cases:
 
 - A permission that allows a Role (or, more precisely, users in that role), to
-perform any action, over any workspace, and any endpoint:
-  * `endpoint`: `*` - the `*` matches **any** endpoint
-  * `actions`: `*` - the `*` matches **any** action
-  * `workspace`: `*` - the `*` matches **any** workspace
-  * `negative`: `false`
+  perform any action, over any workspace, and any endpoint:
+
+  - `endpoint`: `*` - the `*` matches **any** endpoint
+  - `actions`: `*` - the `*` matches **any** action
+  - `workspace`: `*` - the `*` matches **any** workspace
+  - `negative`: `false`
 
 - Now, I want to explicitly **disallow** write access to the `/rbac/users`
-endpoint, so that users in the Role cannot create, update, or delete my RBAC
-users:
-  * `endpoint`: `/rbac/users`
-  * `actions`: `create,update,delete`
-  * `workspace`: `*`
-  * `negative`: `true`
+  endpoint, so that users in the Role cannot create, update, or delete my RBAC
+  users:
+  - `endpoint`: `/rbac/users`
+  - `actions`: `create,update,delete`
+  - `workspace`: `*`
+  - `negative`: `true`
 
 For more examples, along with API calls, check out the
 [RBAC Examples Chapter][rbac-examples].
@@ -174,9 +176,9 @@ boilerplate RBAC entities. The default permissions are:
 
 - **read-only** This role has read access to all default Kong endpoints
 - **admin** This role has read, create, update, and delete access to all Kong
-endpoints, except for the RBAC Admin API
+  endpoints, except for the RBAC Admin API
 - **super-admin** This role has read, create, update, and delete access to all
-Kong endpoints, including the RBAC Admin API
+  Kong endpoints, including the RBAC Admin API
 
 Kong does not provide any users by default, as this would be a
 backdoor into Admin API security. As such, it the administrator's responsibility
diff --git a/app/enterprise/0.34-x/admin-api-audit-log.md b/app/enterprise/0.34-x/admin-api-audit-log.md
index 9ec7293ef8fd..0742854b2595 100644
--- a/app/enterprise/0.34-x/admin-api-audit-log.md
+++ b/app/enterprise/0.34-x/admin-api-audit-log.md
@@ -1,5 +1,7 @@
 ---
 title: Admin API Audit Log
+redirect_from:
+  - /0.34-x/admin-api/
 ---
 
 ## Introduction
@@ -48,20 +50,20 @@ X-Kong-Admin-Request-ID: ZuUfPfnxNn7D2OTU6Xi4zCnQkavzMUNM
 {
     "database": {
         "reachable": true
-    }, 
+    },
     "server": {
-        "connections_accepted": 1, 
-        "connections_active": 1, 
-        "connections_handled": 1, 
-        "connections_reading": 0, 
-        "connections_waiting": 0, 
-        "connections_writing": 1, 
+        "connections_accepted": 1,
+        "connections_active": 1,
+        "connections_handled": 1,
+        "connections_reading": 0,
+        "connections_waiting": 0,
+        "connections_writing": 1,
         "total_requests": 1
     }
 }
 ```
 
-The above interaction with the Admin API would generate a correlating entry in the audit log table—querying the audit log via the Admin API returns the details of of the interaction above: 
+The above interaction with the Admin API would generate a correlating entry in the audit log table—querying the audit log via the Admin API returns the details of of the interaction above:
 
 ```
 $ http :8001/audit/requests
@@ -77,16 +79,16 @@ X-Kong-Admin-Request-ID: VXgMG1Y3rZKbjrzVYlSdLNPw8asVwhET
 {
     "data": [
         {
-            "client_ip": "127.0.0.1", 
-            "expire": 1544722367698, 
-            "method": "GET", 
-            "path": "/status", 
-            "request_id": "ZuUfPfnxNn7D2OTU6Xi4zCnQkavzMUNM", 
-            "request_timestamp": 1542130367699, 
-            "status": 200, 
+            "client_ip": "127.0.0.1",
+            "expire": 1544722367698,
+            "method": "GET",
+            "path": "/status",
+            "request_id": "ZuUfPfnxNn7D2OTU6Xi4zCnQkavzMUNM",
+            "request_timestamp": 1542130367699,
+            "status": 200,
             "workspace": "0da4afe7-44ad-4e81-a953-5d2923ce68ae"
         }
-    ], 
+    ],
     "total": 1
 }
 ```
@@ -105,17 +107,17 @@ Audit log entries are written with an awareness of the requested Workspace, and
 {
     "data": [
         {
-            "client_ip": "127.0.0.1", 
-            "expire": 1544722999857, 
-            "method": "GET", 
-            "path": "/status", 
-            "rbac_user_id": "2e959b45-0053-41cc-9c2c-5458d0964331", 
-            "request_id": "QUtUa3RMbRLxomqcL68ilOjjl68h56xr", 
-            "request_timestamp": 1542130999858, 
-            "status": 200, 
+            "client_ip": "127.0.0.1",
+            "expire": 1544722999857,
+            "method": "GET",
+            "path": "/status",
+            "rbac_user_id": "2e959b45-0053-41cc-9c2c-5458d0964331",
+            "request_id": "QUtUa3RMbRLxomqcL68ilOjjl68h56xr",
+            "request_timestamp": 1542130999858,
+            "status": 200,
             "workspace": "0da4afe7-44ad-4e81-a953-5d2923ce68ae"
         }
-    ], 
+    ],
     "total": 1
 }
 ```
@@ -155,9 +157,9 @@ Transfer-Encoding: chunked
 X-Kong-Admin-Request-ID: 59fpTWlpUtHJ0qnAWBzQRHRDv7i5DwK2
 
 {
-    "created_at": 1542131418000, 
-    "id": "16787ed7-d805-434a-9cec-5e5a3e5c9e4f", 
-    "type": 0, 
+    "created_at": 1542131418000,
+    "id": "16787ed7-d805-434a-9cec-5e5a3e5c9e4f",
+    "type": 0,
     "username": "bob"
 }
 
@@ -179,17 +181,17 @@ X-Kong-Admin-Request-ID: SpPaxLTkDNndzKaYiWuZl3xrxDUIiGRR
 {
     "data": [
         {
-            "client_ip": "127.0.0.1", 
-            "expire": 1544723418013, 
-            "method": "POST", 
-            "path": "/consumers", 
-            "payload": "{\"username\": \"bob\"}", 
-            "request_id": "59fpTWlpUtHJ0qnAWBzQRHRDv7i5DwK2", 
-            "request_timestamp": 1542131418014, 
-            "status": 201, 
+            "client_ip": "127.0.0.1",
+            "expire": 1544723418013,
+            "method": "POST",
+            "path": "/consumers",
+            "payload": "{\"username\": \"bob\"}",
+            "request_id": "59fpTWlpUtHJ0qnAWBzQRHRDv7i5DwK2",
+            "request_timestamp": 1542131418014,
+            "status": 201,
             "workspace": "fd51ce6e-59c0-4b6b-b991-aa708a9ff4d2"
         }
-    ], 
+    ],
     "total": 1
 }
 ```
@@ -210,14 +212,14 @@ X-Kong-Admin-Request-ID: ZKra3QT0d3eJKl96jOUXYueLumo0ck8c
 {
     "data": [
         {
-            "dao_name": "consumers", 
-            "entity": "{\"created_at\":1542131418000,\"id\":\"16787ed7-d805-434a-9cec-5e5a3e5c9e4f\",\"username\":\"bob\",\"type\":0}", 
-            "entity_key": "16787ed7-d805-434a-9cec-5e5a3e5c9e4f", 
-            "expire": 1544723418009, 
-            "id": "7ebabee7-2b09-445d-bc1f-2092c4ddc4be", 
-            "operation": "create", 
+            "dao_name": "consumers",
+            "entity": "{\"created_at\":1542131418000,\"id\":\"16787ed7-d805-434a-9cec-5e5a3e5c9e4f\",\"username\":\"bob\",\"type\":0}",
+            "entity_key": "16787ed7-d805-434a-9cec-5e5a3e5c9e4f",
+            "expire": 1544723418009,
+            "id": "7ebabee7-2b09-445d-bc1f-2092c4ddc4be",
+            "operation": "create",
             "request_id": "59fpTWlpUtHJ0qnAWBzQRHRDv7i5DwK2"
-        }, 
+        },
   ],
   "total": 1
 }
@@ -259,14 +261,14 @@ Audit log entries will now contain a field `signature`:
 
 ```
 {
-    "client_ip": "127.0.0.1", 
-    "expire": 1544724298663, 
-    "method": "GET", 
-    "path": "/status", 
-    "request_id": "Ka2GeB13RkRIbMwBHw0xqe2EEfY0uZG0", 
-    "request_timestamp": 1542132298664, 
-    "signature": "ctD8DXJEfuFAVdlYuhay7f4kmcZhfRPjX8Q6HlSJ+67aHjJIzzrlSxWKfmxnJ7WKRvlF7bU8PX/rtu1ytLQwmzW2LpMd/WFt34PKmyOFUByslkxCdfKKNHadZ+FfINzD+JrecFdXNJrSxKKHHTxj8g6vglAcoJMmuSB6cMsAuVUbO+CL6N/WV9RfCquxxkQUfqGoyEA09EeU4uC0xa8gcYAr1FMGcu+TdRbazfBqZayrKxn8iMV/7LUefMgzUrVdC7UFjZORo5Q0wl9U/iQWU5sRGiTo/HTQmU/a7EdyX3c6Wbmg2khYJFzUIkg9JRL/YUla+yfe3AL4KwFSH90xTw==", 
-    "status": 200, 
+    "client_ip": "127.0.0.1",
+    "expire": 1544724298663,
+    "method": "GET",
+    "path": "/status",
+    "request_id": "Ka2GeB13RkRIbMwBHw0xqe2EEfY0uZG0",
+    "request_timestamp": 1542132298664,
+    "signature": "ctD8DXJEfuFAVdlYuhay7f4kmcZhfRPjX8Q6HlSJ+67aHjJIzzrlSxWKfmxnJ7WKRvlF7bU8PX/rtu1ytLQwmzW2LpMd/WFt34PKmyOFUByslkxCdfKKNHadZ+FfINzD+JrecFdXNJrSxKKHHTxj8g6vglAcoJMmuSB6cMsAuVUbO+CL6N/WV9RfCquxxkQUfqGoyEA09EeU4uC0xa8gcYAr1FMGcu+TdRbazfBqZayrKxn8iMV/7LUefMgzUrVdC7UFjZORo5Q0wl9U/iQWU5sRGiTo/HTQmU/a7EdyX3c6Wbmg2khYJFzUIkg9JRL/YUla+yfe3AL4KwFSH90xTw==",
+    "status": 200,
     "workspace": "fd51ce6e-59c0-4b6b-b991-aa708a9ff4d2"
 }
 ```
@@ -321,19 +323,19 @@ HTTP 200 OK
 
 ```json
 {
-    "data": [
-        {
-            "client_ip": "127.0.0.1",
-            "expire": 1544722367698,
-            "method": "GET", 
-            "path": "/status", 
-            "request_id": "ZuUfPfnxNn7D2OTU6Xi4zCnQkavzMUNM",
-            "request_timestamp": 1542130367699,
-            "status": 200, 
-            "workspace": "0da4afe7-44ad-4e81-a953-5d2923ce68ae"
-        }
-    ], 
-    "total": 1
+  "data": [
+    {
+      "client_ip": "127.0.0.1",
+      "expire": 1544722367698,
+      "method": "GET",
+      "path": "/status",
+      "request_id": "ZuUfPfnxNn7D2OTU6Xi4zCnQkavzMUNM",
+      "request_timestamp": 1542130367699,
+      "status": 200,
+      "workspace": "0da4afe7-44ad-4e81-a953-5d2923ce68ae"
+    }
+  ],
+  "total": 1
 }
 ```
 
@@ -351,16 +353,16 @@ HTTP 200 OK
 
 ```json
 {
-    "data": [
-        {
-            "dao_name": "consumers",
-            "entity": "{\"created_at\":1542131418000,\"id\":\"16787ed7-d805-434a-9cec-5e5a3e5c9e4f\",\"username\":\"bob\",\"type\":0}",
-            "entity_key": "16787ed7-d805-434a-9cec-5e5a3e5c9e4f",
-            "expire": 1544723418009,
-            "id": "7ebabee7-2b09-445d-bc1f-2092c4ddc4be",
-            "operation": "create",
-            "request_id": "59fpTWlpUtHJ0qnAWBzQRHRDv7i5DwK2"
-        },
+  "data": [
+    {
+      "dao_name": "consumers",
+      "entity": "{\"created_at\":1542131418000,\"id\":\"16787ed7-d805-434a-9cec-5e5a3e5c9e4f\",\"username\":\"bob\",\"type\":0}",
+      "entity_key": "16787ed7-d805-434a-9cec-5e5a3e5c9e4f",
+      "expire": 1544723418009,
+      "id": "7ebabee7-2b09-445d-bc1f-2092c4ddc4be",
+      "operation": "create",
+      "request_id": "59fpTWlpUtHJ0qnAWBzQRHRDv7i5DwK2"
+    }
   ],
   "total": 1
 }
@@ -370,7 +372,7 @@ HTTP 200 OK
 
 ### Configuration Reference
 
-See the [Data & Admin Audit](/enterprise/{{page.kong_version}}/property-reference#data--admin-audit) 
+See the [Data & Admin Audit](/enterprise/{{page.kong_version}}/property-reference#data--admin-audit)
 section of Kong Enterprise's Configuration Property Reference.
 
 [Back to TOC](#table-of-contents)
diff --git a/app/enterprise/0.34-x/admin-api.md b/app/enterprise/0.34-x/admin-api.md
new file mode 100644
index 000000000000..4ce90eec040e
--- /dev/null
+++ b/app/enterprise/0.34-x/admin-api.md
@@ -0,0 +1,2595 @@
+---
+title: Admin API
+
+api_body: |
+    Attribute | Description
+    ---:| ---
+    `name`                        | The API name.
+    `hosts`<br>*semi-optional*    | A comma-separated list of domain names that point to your API. For example: `example.com`. At least one of `hosts`, `uris`, or `methods` should be specified.
+    `uris`<br>*semi-optional*     | A comma-separated list of URIs prefixes that point to your API. For example: `/my-path`. At least one of `hosts`, `uris`, or `methods` should be specified.
+    `methods`<br>*semi-optional*  | A comma-separated list of HTTP methods that point to your API. For example: `GET,POST`. At least one of `hosts`, `uris`, or `methods` should be specified.
+    `upstream_url`                | The base target URL that points to your API server. This URL will be used for proxying requests. For example: `https://example.com`.
+    `strip_uri`<br>*optional*     | When matching an API via one of the `uris` prefixes, strip that matching prefix from the upstream URI to be requested. Default: `true`.
+    `preserve_host`<br>*optional* | When matching an API via one of the `hosts` domain names, make sure the request `Host` header is forwarded to the upstream service. By default, this is `false`, and the upstream `Host` header will be extracted from the configured `upstream_url`.
+    `retries`<br>*optional*       | The number of retries to execute upon failure to proxy. The default is `5`.
+    `upstream_connect_timeout`<br>*optional* | The timeout in milliseconds for establishing a connection to your upstream service. Defaults to `60000`.
+    `upstream_send_timeout`<br>*optional*    | The timeout in milliseconds between two successive write operations for transmitting a request to your upstream service Defaults to `60000`.
+    `upstream_read_timeout`<br>*optional*    | The timeout in milliseconds between two successive read operations for transmitting a request to your upstream service Defaults to `60000`.
+    `https_only`<br>*optional*               | To be enabled if you wish to only serve an API through HTTPS, on the appropriate port (`8443` by default). Default: `false`.
+    `http_if_terminated`<br>*optional*       | Consider the `X-Forwarded-Proto` header when enforcing HTTPS only traffic. Default: `false`.
+
+service_body: |
+    Attributes | Description
+    ---:| ---
+    `name` <br>*optional*         | The Service name.
+    `protocol`                    | The protocol used to communicate with the upstream. It can be one of `http` (default) or `https`.
+    `host`                        | The host of the upstream server.
+    `port`                        | The upstream server port. Defaults to `80`.
+    `path`<br>*optional*          | The path to be used in requests to the upstream server. Empty by default.
+    `retries`<br>*optional*       | The number of retries to execute upon failure to proxy. The default is `5`.
+    `connect_timeout`<br>*optional* | The timeout in milliseconds for establishing a connection to the upstream server. Defaults to `60000`.
+    `write_timeout`<br>*optional*    | The timeout in milliseconds between two successive write operations for transmitting a request to the upstream server. Defaults to `60000`.
+    `read_timeout`<br>*optional*    | The timeout in milliseconds between two successive read operations for transmitting a request to the upstream server. Defaults to `60000`.
+    `url`<br>*shorthand-attribute*    | Shorthand attribute to set `protocol`, `host`, `port` and `path` at once. This attribute is write-only (the Admin API never "returns" the url).
+
+service_json: |
+    {
+        "id": "4e13f54a-bbf1-47a8-8777-255fed7116f2",
+        "created_at": 1488869076800,
+        "updated_at": 1488869076800,
+        "connect_timeout": 60000,
+        "protocol": "http",
+        "host": "example.org",
+        "port": 80,
+        "path": "/api",
+        "name": "example-service",
+        "retries": 5,
+        "read_timeout": 60000,
+        "write_timeout": 60000
+    }
+
+route_body: |
+    Attributes | Description
+    ---:| ---
+    `protocols`<br>                | A list of the protocols this Route should allow. By default it is `["http", "https"]`, which means that the Route accepts both. When set to `["https"]`, HTTP requests are answered with a request to upgrade to HTTPS. With form-encoded, the notation is `protocols[]=http&protocols[]=https`. With JSON, use an Array.
+    `methods`<br>*semi-optional*   | A list of HTTP methods that match this Route. For example: `["GET", "POST"]`. At least one of `hosts`, `paths`, or `methods` must be set. With form-encoded, the notation is `methods[]=GET&methods[]=OPTIONS`. With JSON, use an Array.
+    `hosts`<br>*semi-optional*     | A list of domain names that match this Route. For example: `example.com`. At least one of `hosts`, `paths`, or `methods` must be set. With form-encoded, the notation is `hosts[]=foo.com&hosts[]=bar.com`. With JSON, use an Array.
+    `paths`<br>*semi-optional*     | A list of paths that match this Route. For example: `/my-path`. At least one of `hosts`, `paths`, or `methods` must be set. With form-encoded, the notation is `paths[]=/foo&paths[]=/bar`. With JSON, use an Array.
+    `regex_priority`<br>*optional* | Determines the relative order of this Route against others when evaluating regex paths. Routes with higher numbers will have their regex paths evaluated first. Defaults to `0`.
+    `strip_path`<br>*optional*     | When matching a Route via one of the `paths`, strip the matching prefix from the upstream request URL. Defaults to `true`.
+    `preserve_host`<br>*optional*  | When matching a Route via one of the `hosts` domain names, use the request `Host` header in the upstream request headers. By default set to `false`, and the upstream `Host` header will be that of the Service's `host`.
+    `service`                      | The Service this Route is associated to. This is where the Route proxies traffic to. With form-encoded, the notation is `service.id=<service_id>`. With JSON, use `"service":{"id":"<service_id>"}`.
+
+route_json: |
+    {
+        "id": "22108377-8f26-4c0e-bd9e-2962c1d6b0e6",
+        "created_at": 14888869056483,
+        "updated_at": 14888869056483,
+        "protocols": ["http", "https"],
+        "methods": null,
+        "hosts": ["example.com"],
+        "paths": null,
+        "regex_priority": 0,
+        "strip_path": true,
+        "preserve_host": false,
+        "service": {
+            "id": "4e13f54a-bbf1-47a8-8777-255fed7116f2"
+        }
+    }
+
+consumer_body: |
+    Attributes | Description
+    ---:| ---
+    `username`<br>**semi-optional** | The unique username of the consumer. You must send either this field or `custom_id` with the request.
+    `custom_id`<br>**semi-optional** | Field for storing an existing unique ID for the consumer - useful for mapping Kong with users in your existing database. You must send either this field or `username` with the request.
+
+plugin_configuration_body: |
+    Attributes | Description
+    ---:| ---
+    `name` | The name of the Plugin that's going to be added. Currently the Plugin must be installed in every Kong instance separately.
+    `consumer_id`<br>*optional* | The unique identifier of the consumer that overrides the existing settings for this specific consumer on incoming requests.
+    `config.{property}` | The configuration properties for the Plugin which can be found on the plugins documentation page in the [Kong Hub](https://docs.konghq.com/hub/).
+    `enabled` | Whether the plugin is applied. Default: `true`.
+
+target_body: |
+    Attributes | Description
+    ---:| ---
+    `target` | The target address (ip or hostname) and port. If omitted the `port` defaults to `8000`. If the hostname resolves to an SRV record, the `port` value will overridden by the value from the dns record.
+    `weight`<br>*optional* | The weight this target gets within the upstream loadbalancer (`0`-`1000`, defaults to `100`). If the hostname resolves to an SRV record, the `weight` value will overridden by the value from the dns record.
+
+upstream_body: |
+    Attributes | Description
+    ---:| ---
+    `name` | This is a hostname, which must be equal to the `host` of a Service.
+    `slots`<br>*optional* | The number of slots in the loadbalancer algorithm (`10`-`65536`, defaults to `1000`).
+    `hash_on`<br>*optional* | What to use as hashing input: `none`, `consumer`, `ip`, or `header` (defaults to `none` resulting in a weighted-round-robin scheme).
+    `hash_fallback`<br>*optional* | What to use as hashing input if the primary `hash_on` does not return a hash (eg. header is missing, or no consumer identified): `none`, `consumer`, `ip`, or `header` (defaults to `none`).
+    `hash_on_header`<br>*semi-optional* | The header name to take the value from as hash input (only required when `hash_on` is set to `header`).
+    `hash_fallback_header`<br>*semi-optional* | The header name to take the value from as hash input (only required when `hash_fallback` is set to `header`).
+    `healthchecks.active.timeout`<br>*optional* | Socket timeout for active health checks (in seconds).
+    `healthchecks.active.concurrency`<br>*optional* | Number of targets to check concurrently in active health checks.
+    `healthchecks.active.http_path`<br>*optional* | Path to use in GET HTTP request to run as a probe on active health checks.
+    `healthchecks.active.healthy.interval`<br>*optional* | Interval between active health checks for healthy targets (in seconds). A value of zero indicates that active probes for healthy targets should not be performed.
+    `healthchecks.active.healthy.http_statuses`<br>*optional* | An array of HTTP statuses to consider a success, indicating healthiness, when returned by a probe in active health checks.
+    `healthchecks.active.healthy.successes`<br>*optional* | Number of successes in active probes (as defined by `healthchecks.active.healthy.http_statuses`) to consider a target healthy.
+    `healthchecks.active.unhealthy.interval`<br>*optional* | Interval between active health checks for unhealthy targets (in seconds). A value of zero indicates that active probes for unhealthy targets should not be performed.
+    `healthchecks.active.unhealthy.http_statuses`<br>*optional* | An array of HTTP statuses to consider a failure, indicating unhealthiness, when returned by a probe in active health checks.
+    `healthchecks.active.unhealthy.tcp_failures`<br>*optional* | Number of TCP failures in active probes to consider a target unhealthy.
+    `healthchecks.active.unhealthy.timeouts`<br>*optional* | Number of timeouts in active probes to consider a target unhealthy.
+    `healthchecks.active.unhealthy.http_failures`<br>*optional* | Number of HTTP failures in active probes (as defined by `healthchecks.active.unhealthy.http_statuses`) to consider a target unhealthy.
+    `healthchecks.passive.healthy.http_statuses`<br>*optional* | An array of HTTP statuses which represent healthiness when produced by proxied traffic, as observed by passive health checks.
+    `healthchecks.passive.healthy.successes`<br>*optional* | Number of successes in proxied traffic (as defined by `healthchecks.passive.healthy.http_statuses`) to consider a target healthy, as observed by passive health checks.
+    `healthchecks.passive.unhealthy.http_statuses`<br>*optional* | An array of HTTP statuses which represent unhealthiness when produced by proxied traffic, as observed by passive health checks.
+    `healthchecks.passive.unhealthy.tcp_failures`<br>*optional* | Number of TCP failures in proxied traffic to consider a target unhealthy, as observed by passive health checks.
+    `healthchecks.passive.unhealthy.timeouts`<br>*optional* | Number of timeouts in proxied traffic to consider a target unhealthy, as observed by passive health checks.
+    `healthchecks.passive.unhealthy.http_failures`<br>*optional* | Number of HTTP failures in proxied traffic (as defined by `healthchecks.passive.unhealthy.http_statuses`) to consider a target unhealthy, as observed by passive health checks.
+
+certificate_body: |
+    Attributes | Description
+    ---:| ---
+    `cert` | PEM-encoded public certificate of the SSL key pair.
+    `key` | PEM-encoded private key of the SSL key pair.
+    `snis`<br>*optional* | One or more hostnames to associate with this certificate as an SNI. This is a sugar parameter that will, under the hood, create an SNI object and associate it with this certificate for your convenience.
+
+snis_body: |
+    Attributes | Description
+    ---:| ---
+    `name` | The SNI name to associate with the given certificate.
+    `ssl_certificate_id` | The `id` (a UUID) of the certificate with which to associate the SNI hostname.
+
+---
+
+# Kong Admin API
+
+Kong comes with an **internal** RESTful Admin API for administration purposes.
+Requests to the Admin API can be sent to any node in the cluster, and Kong will
+keep the configuration consistent across all nodes.
+
+- `8001` is the default port on which the Admin API listens.
+- `8444` is the default port for HTTPS traffic to the Admin API.
+
+This API is designed for internal use and provides full control over Kong, so
+care should be taken when setting up Kong environments to avoid undue public
+exposure of this API. See [this document][secure-admin-api] for a discussion
+of methods to secure the Admin API.
+
+## Supported Content Types
+
+The Admin API accepts 2 content types on every endpoint:
+
+- **application/x-www-form-urlencoded**
+
+Simple enough for basic request bodies, you will probably use it most of the time. Note that when sending nested values, Kong expects nested objects to be referenced with dotted keys. Example:
+
+```
+config.limit=10&config.period=seconds
+```
+
+- **application/json**
+
+Handy for complex bodies (ex: complex plugin configuration), in that case simply send a JSON representation of the data you want to send. Example:
+
+```json
+{
+    "config": {
+        "limit": 10,
+        "period": "seconds"
+    }
+}
+```
+
+---
+
+## Information routes
+
+### Retrieve node information
+
+Retrieve generic details about a node.
+
+**Endpoint**
+
+<div class="endpoint get">/</div>
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "hostname": "",
+    "node_id": "6a72192c-a3a1-4c8d-95c6-efabae9fb969",
+    "lua_version": "LuaJIT 2.1.0-beta3",
+    "plugins": {
+        "available_on_server": [
+            ...
+        ],
+        "enabled_in_cluster": [
+            ...
+        ]
+    },
+    "configuration" : {
+        ...
+    },
+    "tagline": "Welcome to Kong Enterprise",
+    "version": "0.34.0"
+}
+```
+
+* `node_id`: A UUID representing the running Kong node. This UUID is randomly generated when Kong starts, so the node will have a different `node_id` each
+  time it is restarted.
+* `available_on_server`: Names of plugins that are installed on the node.
+* `enabled_in_cluster`: Names of plugins that are enabled/configured. That is, the plugins configurations currently in the datastore shared by all Kong nodes.
+
+---
+
+### Retrieve node status
+
+Retrieve usage information about a node, with some basic information about the connections being processed by the underlying nginx process, and the status of the database connection.
+
+If you want to monitor the Kong process, since Kong is built on top of nginx, every existing nginx monitoring tool or agent can be used.
+
+**Endpoint**
+
+<div class="endpoint get">/status</div>
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "server": {
+        "total_requests": 3,
+        "connections_active": 1,
+        "connections_accepted": 1,
+        "connections_handled": 1,
+        "connections_reading": 0,
+        "connections_writing": 1,
+        "connections_waiting": 0
+    },
+    "database": {
+        "reachable": true
+    }
+}
+```
+
+* `server`: Metrics about the nginx HTTP/S server.
+    * `total_requests`: The total number of client requests.
+    * `connections_active`: The current number of active client connections including Waiting connections.
+    * `connections_accepted`: The total number of accepted client connections.
+    * `connections_handled`: The total number of handled connections. Generally, the parameter value is the same as accepts unless some resource limits have been reached.
+    * `connections_reading`: The current number of connections where Kong is reading the request header.
+    * `connections_writing`: The current number of connections where nginx is writing the response back to the client.
+    * `connections_waiting`: The current number of idle client connections waiting for a request.
+* `database`: Metrics about the database.
+    * `reachable`: A boolean value reflecting the state of the database connection. Please note that this flag **does not** reflect the health of the database itself.
+
+---
+
+## Service Object
+
+Service entities, as the name implies, are abstractions of each of your own
+upstream services. Examples of Services would be a data transformation
+microservice, a billing API, etc.
+
+The main attribute of a Service is its URL (where Kong should proxy traffic
+to), which can be set as a single string or by specifying its `protocol`,
+`host`, `port` and `path` individually.
+
+Services are associated to Routes (a Service can have many Routes associated
+with it). Routes are entry-points in Kong and define rules to match client
+requests. Once a Route is matched, Kong proxies the request to its associated
+Service. See the [Proxy Reference][proxy-reference] for a detailed explanation
+of how Kong proxies traffic.
+
+```json
+{{ page.service_json }}
+```
+
+---
+
+### Add Service
+
+**Endpoint**
+
+<div class="endpoint post">/services/</div>
+
+#### Request Body
+
+{{ page.service_body }}
+
+**Response**
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.service_json }}
+```
+
+---
+
+### Retrieve Service
+
+**Endpoints**
+
+<div class="endpoint get">/services/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Service to retrieve.
+
+<div class="endpoint get">/routes/{route id}/service</div>
+
+Attributes | Description
+---:| ---
+`route id`<br>**required** | The unique identifier of a Route belonging to the Service to be retrieved.
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.service_json }}
+```
+---
+
+### List Services
+
+**Endpoint**
+
+<div class="endpoint get">/services/</div>
+
+#### Request Querystring Parameters
+
+Attributes | Description
+---:| ---
+`offset`<br>*optional* | A cursor used for pagination. `offset` is an object identifier that defines a place in the list.
+`size`<br>*optional, default is __100__ max is __1000__* | A limit on the number of objects to be returned per page.
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "data": [{
+        "id": "4e13f54a-bbf1-47a8-8777-255fed7116f2",
+        "created_at": 1488869076800,
+        "updated_at": 1488869076800,
+        "connect_timeout": 60000,
+        "protocol": "http",
+        "host": "example.org",
+        "port": 80,
+        "path": "/api",
+        "name": "example-service",
+        "retries": 5,
+        "read_timeout": 60000,
+        "write_timeout": 60000
+    }, {
+        "id": "8e13faaa-ee42-44ea-8421-255bc12316a1",
+        "created_at": 1488869077320,
+        "updated_at": 1488869077320,
+        "connect_timeout": 60000,
+        "protocol": "http",
+        "host": "example2.org",
+        "port": 80,
+        "path": "/api",
+        "name": "example-service2",
+        "retries": 5,
+        "read_timeout": 60000,
+        "write_timeout": 60000
+    }],
+    "next": "http://localhost:8001/services?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+---
+
+### Update Service
+
+**Endpoints**
+
+<div class="endpoint patch">/services/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The `id` **or** the `name` attribute of the Service to update.
+
+<div class="endpoint patch">/routes/{route id}/service</div>
+
+Attributes | Description
+---:| ---
+`route id`<br>**required** | The `id` attribute of the Route whose Service is to be updated.
+
+#### Request Body
+
+{{ page.service_body }}
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.service_json }}
+```
+
+---
+
+### Delete Service
+
+**Endpoint**
+
+<div class="endpoint delete">/services/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The `id` **or** the `name` attribute of the Service to delete.
+
+**Response**
+
+```
+HTTP 204 No Content
+```
+
+---
+
+## Route Object
+
+The Route entities defines rules to match client requests. Each Route is
+associated with a Service, and a Service may have multiple Routes associated to
+it. Every request matching a given Route will be proxied to its associated
+Service.
+
+The combination of Routes and Services (and the separation of concerns between
+them) offers a powerful routing mechanism with which it is possible to define
+fine-grained entry-points in Kong leading to different upstream services of
+your infrastructure.
+
+```json
+{{ page.route_json }}
+```
+
+---
+
+### Add Route
+
+**Endpoints**
+
+<div class="endpoint post">/routes/</div>
+
+#### Request Body
+
+{{ page.route_body }}
+
+**Response**
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.route_json }}
+```
+
+### Retrieve Route
+
+**Endpoints**
+
+<div class="endpoint get">/routes/{id}</div>
+
+Attributes | Description
+---:| ---
+`id`<br>**required** | The `id` attribute of the Route to retrieve.
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.route_json }}
+```
+
+---
+
+### List Routes
+
+**Endpoints**
+
+<div class="endpoint get">/routes</div>
+
+#### Request Querystring Parameters
+
+Attributes | Description
+---:| ---
+`offset`<br>*optional* | A cursor used for pagination. `offset` is an object identifier that defines a place in the list.
+`size`<br>*optional, default is __100__ max is __1000__* | A limit on the number of objects to be returned per page.
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "data": [{
+      "id": "22108377-8f26-4c0e-bd9e-2962c1d6b0e6",
+      "created_at": 14888869056483,
+      "updated_at": 14888869056483,
+      "protocols": ["http", "https"],
+      "methods": null,
+      "hosts": ["example.com"],
+      "paths": null,
+      "regex_priority": 0,
+      "strip_path": true,
+      "preserve_host": false,
+      "service": {
+          "id": "4e13f54a-bbf1-47a8-8777-255fed7116f2"
+      }
+    }, {
+      "id": "8d9b862b-527c-4bf1-9786-bfbb728f6539",
+      "created_at": 14888869056435,
+      "updated_at": 14888869056435,
+      "protocols": ["http"],
+      "methods": ["GET"],
+      "hosts": ["example.com"],
+      "paths": ["/private"],
+      "regex_priority": 0,
+      "strip_path": true,
+      "preserve_host": false,
+      "service": {
+          "id": "4e13f54a-bbf1-47a8-8777-255fed7116f2"
+      }
+    }],
+    "next": "http://localhost:8001/services/foo/routes?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+---
+
+### List Routes associated to a Service
+
+**Endpoints**
+
+<div class="endpoint get">/services/{service name or id}/routes</div>
+
+#### Request Querystring Parameters
+
+Attributes | Description
+---:| ---
+`service name or id`<br>**required** | The `id` **or** the `name` attribute of the Service whose routes are to be Retrieved. When using this endpoint, only the Routes belonging to the specified Service will be listed.
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "total": 10,
+    "data": [{
+      "id": "22108377-8f26-4c0e-bd9e-2962c1d6b0e6",
+      "created_at": 14888869056483,
+      "updated_at": 14888869056483,
+      "protocols": ["http", "https"],
+      "methods": null,
+      "hosts": ["example.com"],
+      "paths": null,
+      "regex_priority": 0,
+      "strip_path": true,
+      "preserve_host": false,
+      "service": {
+          "id": "4e13f54a-bbf1-47a8-8777-255fed7116f2"
+      }
+    }, {
+      "id": "8d9b862b-527c-4bf1-9786-bfbb728f6539",
+      "created_at": 14888869056435,
+      "updated_at": 14888869056435,
+      "protocols": ["http"],
+      "methods": ["GET"],
+      "hosts": ["example.com"],
+      "paths": ["/private"],
+      "regex_priority": 0,
+      "strip_path": true,
+      "preserve_host": false,
+      "service": {
+          "id": "4e13f54a-bbf1-47a8-8777-255fed7116f2"
+      }
+    }],
+    "next": "http://localhost:8001/services/foo/routes?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+---
+
+### Update Route
+
+**Endpoint**
+
+<div class="endpoint patch">/routes/{id}</div>
+
+Attributes | Description
+---:| ---
+`id`<br>**required** | The `id` attribute of the Route to update.
+
+#### Request Body
+
+{{ page.route_body }}
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.service_json }}
+```
+
+---
+
+### Delete Route
+
+**Endpoint**
+
+<div class="endpoint delete">/routes/{id}</div>
+
+Attributes | Description
+---:| ---
+`id`<br>**required** | The `id` attribute of the Route to delete.
+
+**Response**
+
+```
+HTTP 204 No Content
+```
+
+---
+
+## API Object
+
+<div class="alert alert-warning">
+  <p><strong>Note: The API entity was deprecated in Kong CE 0.13.0 and Kong EE 0.32.</strong></p>
+  <p>It is strongly recommended to migrate your APIs to Routes and Services.</p>
+</div>
+
+The API object describes an API that's being exposed by Kong. Kong needs to know how to retrieve the
+API when a consumer is calling it from the Proxy port. Each API object must specify some combination
+of `hosts`, `uris`, and `methods`. Kong will proxy all requests to the API to the specified upstream URL.
+
+```json
+{
+    "created_at": 1488830759000,
+    "hosts": [
+        "example.org"
+    ],
+    "http_if_terminated": false,
+    "https_only": false,
+    "id": "6378122c-a0a1-438d-a5c6-efabae9fb969",
+    "name": "example-api",
+    "preserve_host": false,
+    "retries": 5,
+    "strip_uri": true,
+    "upstream_connect_timeout": 60000,
+    "upstream_read_timeout": 60000,
+    "upstream_send_timeout": 60000,
+    "upstream_url": "http://httpbin.org"
+}
+```
+
+---
+
+### Add API
+
+**Endpoint**
+
+<div class="endpoint post">/apis/</div>
+
+#### Request Body
+
+{{ page.api_body }}
+
+**Response**
+
+```
+HTTP 201 Created
+```
+
+```json
+{
+    "created_at": 1488830759000,
+    "hosts": [
+        "example.org"
+    ],
+    "http_if_terminated": false,
+    "https_only": false,
+    "id": "6378122c-a0a1-438d-a5c6-efabae9fb969",
+    "name": "example-api",
+    "preserve_host": false,
+    "retries": 5,
+    "strip_uri": true,
+    "upstream_connect_timeout": 60000,
+    "upstream_read_timeout": 60000,
+    "upstream_send_timeout": 60000,
+    "upstream_url": "http://httpbin.org"
+}
+```
+
+---
+
+### Retrieve API
+
+**Endpoint**
+
+<div class="endpoint get">/apis/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the API to retrieve
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "created_at": 1488830759000,
+    "hosts": [
+        "example.org"
+    ],
+    "http_if_terminated": false,
+    "https_only": false,
+    "id": "6378122c-a0a1-438d-a5c6-efabae9fb969",
+    "name": "example-api",
+    "preserve_host": false,
+    "retries": 5,
+    "strip_uri": true,
+    "upstream_connect_timeout": 60000,
+    "upstream_read_timeout": 60000,
+    "upstream_send_timeout": 60000,
+    "upstream_url": "http://httpbin.org"
+}
+```
+
+---
+
+### List APIs
+
+**Endpoint**
+
+<div class="endpoint get">/apis/</div>
+
+#### Request Querystring Parameters
+
+Attributes | Description
+---:| ---
+`id`<br>*optional* | A filter on the list based on the apis `id` field.
+`name`<br>*optional* | A filter on the list based on the apis `name` field.
+`upstream_url`<br>*optional* | A filter on the list based on the apis `upstream_url` field.
+`retries`<br>*optional* | A filter on the list based on the apis `retries` field.
+`size`<br>*optional, default is __100__* | A limit on the number of objects to be returned.
+`offset`<br>*optional* | A cursor used for pagination. `offset` is an object identifier that defines a place in the list.
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "total": 10,
+    "data": [
+        {
+            "created_at": 1488830759000,
+            "hosts": [
+                "example.org"
+            ],
+            "http_if_terminated": false,
+            "https_only": false,
+            "id": "6378122c-a0a1-438d-a5c6-efabae9fb969",
+            "name": "example-api",
+            "preserve_host": false,
+            "retries": 5,
+            "strip_uri": true,
+            "upstream_connect_timeout": 60000,
+            "upstream_read_timeout": 60000,
+            "upstream_send_timeout": 60000,
+            "upstream_url": "http://httpbin.org"
+        },
+        {
+            "created_at": 1488830708000,
+            "hosts": [
+                "api.com"
+            ],
+            "http_if_terminated": false,
+            "https_only": false,
+            "id": "0924978e-eb19-44a0-9adc-55f20db2f04d",
+            "name": "my-api",
+            "preserve_host": false,
+            "retries": 10,
+            "strip_uri": true,
+            "upstream_connect_timeout": 1000,
+            "upstream_read_timeout": 1000,
+            "upstream_send_timeout": 1000,
+            "upstream_url": "http://my-api.com"
+        }
+    ],
+    "next": "http://localhost:8001/apis?size=2&offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+---
+
+### Update API
+
+**Endpoint**
+
+<div class="endpoint patch">/apis/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the API to update
+
+#### Request Body
+
+{{ page.api_body }}
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "created_at": 1488830759000,
+    "hosts": [
+        "updated-example.org"
+    ],
+    "http_if_terminated": false,
+    "https_only": false,
+    "id": "6378122c-a0a1-438d-a5c6-efabae9fb969",
+    "name": "my-updated-api",
+    "preserve_host": false,
+    "retries": 5,
+    "strip_uri": true,
+    "upstream_connect_timeout": 60000,
+    "upstream_read_timeout": 60000,
+    "upstream_send_timeout": 60000,
+    "upstream_url": "http://httpbin.org"
+}
+```
+
+---
+
+### Update Or Create API
+
+**Endpoint**
+
+<div class="endpoint put">/apis/</div>
+
+#### Request Body
+
+{{ page.api_body }}
+
+The behavior of `PUT` endpoints is the following: if the request payload **does
+not** contain an entity's primary key (`id` for APIs), the entity will be
+created with the given payload. If the request payload **does** contain an
+entity's primary key, the payload will "replace" the entity specified by the
+given primary key. If the primary key is **not** that of an existing entity, `404
+NOT FOUND` will be returned.
+
+**Response**
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+---
+
+### Delete API
+
+**Endpoint**
+
+<div class="endpoint delete">/apis/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the API to delete
+
+**Response**
+
+```
+HTTP 204 No Content
+```
+---
+
+## Consumer Object
+
+The Consumer object represents a consumer - or a user - of a Service. You can either rely on Kong as the primary datastore, or you can map the consumer list with your database to keep consistency between Kong and your existing primary datastore.
+
+```json
+{
+    "custom_id": "abc123"
+}
+```
+
+---
+
+### Create Consumer
+
+**Endpoint**
+
+<div class="endpoint post">/consumers/</div>
+
+#### Request Form Parameters
+
+{{ page.consumer_body }}
+
+**Response**
+
+```
+HTTP 201 Created
+```
+
+```json
+{
+    "id": "4d924084-1adb-40a5-c042-63b19db421d1",
+    "custom_id": "abc123",
+    "created_at": 1422386534
+}
+```
+
+---
+
+### Retrieve Consumer
+
+**Endpoint**
+
+<div class="endpoint get">/consumers/{username or id}</div>
+
+Attributes | Description
+---:| ---
+`username or id`<br>**required** | The unique identifier **or** the username of the consumer to retrieve
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "id": "4d924084-1adb-40a5-c042-63b19db421d1",
+    "custom_id": "abc123",
+    "created_at": 1422386534
+}
+```
+
+---
+
+### List Consumers
+
+**Endpoint**
+
+<div class="endpoint get">/consumers/</div>
+
+#### Request Querystring Parameters
+
+Attributes | Description
+---:| ---
+`id`<br>*optional* | A filter on the list based on the consumer `id` field.
+`custom_id`<br>*optional* | A filter on the list based on the consumer `custom_id` field.
+`username`<br>*optional* | A filter on the list based on the consumer `username` field.
+`size`<br>*optional, default is __100__* | A limit on the number of objects to be returned.
+`offset`<br>*optional* | A cursor used for pagination. `offset` is an object identifier that defines a place in the list.
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "total": 10,
+    "data": [
+        {
+            "id": "4d924084-1adb-40a5-c042-63b19db421d1",
+            "custom_id": "abc123",
+            "created_at": 1422386534
+        },
+        {
+            "id": "3f924084-1adb-40a5-c042-63b19db421a2",
+            "custom_id": "def345",
+            "created_at": 1422386585
+        }
+    ],
+    "next": "http://localhost:8001/consumers/?size=2&offset=4d924084-1adb-40a5-c042-63b19db421d1"
+}
+```
+
+---
+
+### Update Consumer
+
+**Endpoint**
+
+<div class="endpoint patch">/consumers/{username or id}</div>
+
+Attributes | Description
+---:| ---
+`username or id`<br>**required** | The unique identifier **or** the username of the consumer to update
+
+#### Request Body
+
+{{ page.consumer_body }}
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "id": "4d924084-1adb-40a5-c042-63b19db421d1",
+    "custom_id": "updated_abc123",
+    "created_at": 1422386534
+}
+```
+
+---
+
+### Update Or Create Consumer
+
+**Endpoint**
+
+<div class="endpoint put">/consumers/</div>
+
+#### Request Body
+
+{{ page.consumer_body }}
+
+The behavior of `PUT` endpoints is the following: if the request payload **does
+not** contain an entity's primary key (`id` for Consumers), the entity will be
+created with the given payload. If the request payload **does** contain an
+entity's primary key, the payload will "replace" the entity specified by the
+given primary key. If the primary key is **not** that of an existing entity, `404
+NOT FOUND` will be returned.
+
+**Response**
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+---
+
+### Delete Consumer
+
+**Endpoint**
+
+<div class="endpoint delete">/consumers/{username or id}</div>
+
+Attributes | Description
+---:| ---
+`username or id`<br>**required** | The unique identifier **or** the name of the consumer to delete
+
+**Response**
+
+```
+HTTP 204 No Content
+```
+
+---
+
+## Plugin Object
+
+A Plugin entity represents a plugin configuration that will be executed during
+the HTTP request/response lifecycle. It is how you can add functionalities
+to Services that run behind Kong, like Authentication or Rate Limiting for
+example. You can find more information about how to install and what values
+each plugin takes by visiting the [Kong Hub](https://docs.konghq.com/hub/).
+
+When adding a Plugin Configuration to a Service, every request made by a client to
+that Service will run said Plugin. If a Plugin needs to be tuned to different
+values for some specific Consumers, you can do so by specifying the
+`consumer_id` value:
+
+```json
+{
+    "id": "4d924084-1adb-40a5-c042-63b19db421d1",
+    "service_id": "5fd1z584-1adb-40a5-c042-63b19db49x21",
+    "consumer_id": "a3dX2dh2-1adb-40a5-c042-63b19dbx83hF4",
+    "name": "rate-limiting",
+    "config": {
+        "minute": 20,
+        "hour": 500
+    },
+    "enabled": true,
+    "created_at": 1422386534
+}
+```
+
+See the [Precedence](#precedence) section below for more details.
+
+### Precedence
+
+A plugin will always be run once and only once per request. But the
+configuration with which it will run depends on the entities it has been
+configured for.
+
+Plugins can be configured for various entities, combination of entities, or
+even globally. This is useful, for example, when you wish to configure a plugin
+a certain way for most requests, but make _authenticated requests_ behave
+slightly differently.
+
+Therefore, there exists an order of precedence for running a plugin when it has
+been applied to different entities with different configurations. The rule of
+thumb is: the more specific a plugin is with regards to how many entities it
+has been configured on, the higher its priority.
+
+The complete order of precedence when a plugin has been configured multiple
+times is:
+
+1. Plugins configured on a combination of: a Route, a Service, and a Consumer.
+   _(Consumer means the request must be authenticated)._
+2. Plugins configured on a combination of a Route and a Consumer.
+   _(Consumer means the request must be authenticated)._
+3. Plugins configured on a combination of a Service and a Consumer.
+   _(Consumer means the request must be authenticated)._
+4. Plugins configured on a combination of a Route and a Service.
+5. Plugins configured on a Consumer.
+   _(Consumer means the request must be authenticated)._
+6. Plugins configured on a Route.
+7. Plugins configured on a Service.
+8. Plugins configured to run globally.
+
+**Example**: if the `rate-limiting` plugin is applied twice (with different
+configurations): for a Service (Plugin config A), and for a Consumer (Plugin
+config B), then requests authenticating this Consumer will run Plugin config B
+and ignore A. However, requests that do not authenticate this Consumer will
+fallback to running Plugin config A. Note that if config B is disabled
+(its `enabled` flag is set to `false`), config A will apply to requests that
+would have otherwise matched config B.
+
+---
+
+### Add Plugin
+
+You can add a plugin in four different ways:
+
+* For every Service/Route and Consumer. Don't set `consumer_id` and set `service_id` or `route_id`.
+* For every Service/Route and a specific Consumer. Only set `consumer_id`.
+* For every Consumer and a specific Service. Only set `service_id` (warning: some plugins only allow setting their `route_id`)
+* For every Consumer and a specific Route. Only set `route_id` (warning: some plugins only allow setting their `service_id`)
+* For a specific Service/Route and Consumer. Set both `service_id`/`route_id` and `consumer_id`.
+
+Note that not all plugins allow to specify `consumer_id`. Check the plugin documentation.
+
+**Endpoint**
+
+<div class="endpoint post">/plugins/</div>
+
+#### Request Body
+
+{{ page.plugin_configuration_body }}
+
+**Response**
+
+```
+HTTP 201 Created
+```
+
+```json
+{
+    "id": "4d924084-1adb-40a5-c042-63b19db421d1",
+    "service_id": "5fd1z584-1adb-40a5-c042-63b19db49x21",
+    "consumer_id": "a3dX2dh2-1adb-40a5-c042-63b19dbx83hF4",
+    "name": "rate-limiting",
+    "config": {
+        "minute": 20,
+        "hour": 500
+    },
+    "enabled": true,
+    "created_at": 1422386534
+}
+```
+
+---
+
+### Retrieve Plugin
+
+<div class="endpoint get">/plugins/{id}</div>
+
+#### Request Querystring Parameters
+
+Attributes | Description
+---:| ---
+`id`<br>**required** | The unique identifier of the plugin to retrieve
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "id": "4d924084-1adb-40a5-c042-63b19db421d1",
+    "service_id": "5fd1z584-1adb-40a5-c042-63b19db49x21",
+    "consumer_id": "a3dX2dh2-1adb-40a5-c042-63b19dbx83hF4",
+    "name": "rate-limiting",
+    "config": {
+        "minute": 20,
+        "hour": 500
+    },
+    "enabled": true,
+    "created_at": 1422386534
+}
+```
+
+---
+
+### List All Plugins
+
+**Endpoint**
+
+<div class="endpoint get">/plugins/</div>
+
+#### Request Querystring Parameters
+
+Attributes | Description
+---:| ---
+`id`<br>*optional* | A filter on the list based on the `id` field.
+`name`<br>*optional* | A filter on the list based on the `name` field.
+`service_id`<br>*optional* | A filter on the list based on the `service_id` field.
+`route_id`<br>*optional* | A filter on the list based on the `route_id` field.
+`consumer_id`<br>*optional* | A filter on the list based on the `consumer_id` field.
+`size`<br>*optional, default is __100__* | A limit on the number of objects to be returned.
+`offset`<br>*optional* | A cursor used for pagination. `offset` is an object identifier that defines a place in the list.
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "total": 10,
+    "data": [
+      {
+          "id": "4d924084-1adb-40a5-c042-63b19db421d1",
+          "service_id": "5fd1z584-1adb-40a5-c042-63b19db49x21",
+          "name": "rate-limiting",
+          "config": {
+              "minute": 20,
+              "hour": 500
+          },
+          "enabled": true,
+          "created_at": 1422386534
+      },
+      {
+          "id": "3f924084-1adb-40a5-c042-63b19db421a2",
+          "service_id": "5fd1z584-1adb-40a5-c042-63b19db49x21",
+          "consumer_id": "a3dX2dh2-1adb-40a5-c042-63b19dbx83hF4",
+          "name": "rate-limiting",
+          "config": {
+              "minute": 300,
+              "hour": 20000
+          },
+          "enabled": true,
+          "created_at": 1422386585
+      }
+    ],
+    "next": "http://localhost:8001/plugins?size=2&offset=4d924084-1adb-40a5-c042-63b19db421d1"
+}
+```
+
+---
+
+### Update Plugin
+
+**Endpoint**
+
+<div class="endpoint patch">/plugins/{plugin id}</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the plugin configuration to update
+
+#### Request Body
+
+{{ page.plugin_configuration_body }}
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "id": "4d924084-1adb-40a5-c042-63b19db421d1",
+    "service_id": "5fd1z584-1adb-40a5-c042-63b19db49x21",
+    "consumer_id": "a3dX2dh2-1adb-40a5-c042-63b19dbx83hF4",
+    "name": "rate-limiting",
+    "config": {
+        "minute": 20,
+        "hour": 500
+    },
+    "enabled": true,
+    "created_at": 1422386534
+}
+```
+
+---
+
+### Update or Add Plugin
+
+**Endpoint**
+
+<div class="endpoint put">/plugins/</div>
+
+#### Request Body
+
+{{ page.plugin_configuration_body }}
+
+The behavior of `PUT` endpoints is the following: if the request payload **does
+not** contain an entity's primary key (`id` and `name` for Plugins), the entity
+will be created with the given payload. If the request payload **does** contain
+an entity's primary key, the payload will "replace" the entity specified by the
+given primary key. If the primary key is **not** that of an existing entity, `404
+NOT FOUND` will be returned.
+
+**Response**
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+---
+
+### Delete Plugin
+
+**Endpoint**
+
+<div class="endpoint delete">/plugins/{plugin id}</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the plugin configuration to delete
+
+**Response**
+
+```
+HTTP 204 No Content
+```
+
+---
+
+### Retrieve Enabled Plugins
+
+Retrieve a list of all installed plugins on the Kong node.
+
+**Endpoint**
+
+<div class="endpoint get">/plugins/enabled</div>
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "enabled_plugins": [
+        "jwt",
+        "acl",
+        "cors",
+        "oauth2",
+        "tcp-log",
+        "udp-log",
+        "file-log",
+        "http-log",
+        "key-auth",
+        "hmac-auth",
+        "basic-auth",
+        "ip-restriction",
+        "request-transformer",
+        "response-transformer",
+        "request-size-limiting",
+        "rate-limiting",
+        "response-ratelimiting",
+        "aws-lambda",
+        "bot-detection",
+        "correlation-id",
+        "datadog",
+        "galileo",
+        "ldap-auth",
+        "loggly",
+        "runscope",
+        "statsd",
+        "syslog"
+    ]
+}
+```
+
+---
+
+### Retrieve Plugin Schema
+
+Retrieve the schema of a plugin's configuration. This is useful to understand what fields a plugin accepts, and can be used for building third-party integrations to the Kong's plugin system.
+
+<div class="endpoint get">/plugins/schema/{plugin name}</div>
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "fields": {
+        "hide_credentials": {
+            "default": false,
+            "type": "boolean"
+        },
+        "key_names": {
+            "default": "function",
+            "required": true,
+            "type": "array"
+        }
+    }
+}
+```
+
+---
+
+## Certificate Object
+
+A certificate object represents a public certificate/private key pair for an SSL
+certificate. These objects are used by Kong to handle SSL/TLS termination for
+encrypted requests. Certificates are optionally associated with SNI objects to
+tie a cert/key pair to one or more hostnames.
+
+```json
+{
+    "cert": "-----BEGIN CERTIFICATE-----...",
+    "key": "-----BEGIN RSA PRIVATE KEY-----..."
+}
+```
+
+---
+
+### Add Certificate
+
+**Endpoint**
+
+<div class="endpoint post">/certificates/</div>
+
+#### Request Body
+
+{{ page.certificate_body }}
+
+**Response**
+
+```
+HTTP 201 Created
+```
+
+```json
+{
+    "id": "21b69eab-09d9-40f9-a55e-c4ee47fada68",
+    "cert": "-----BEGIN CERTIFICATE-----...",
+    "key": "-----BEGIN RSA PRIVATE KEY-----...",
+    "snis": [
+        "example.com"
+    ],
+    "created_at": 1485521710265
+}
+```
+
+---
+
+### Retrieve Certificate
+
+**Endpoint**
+
+<div class="endpoint get">/certificates/{sni or id}</div>
+
+Attributes | Description
+---:| ---
+`SNI or id`<br>**required** | The unique identifier **or** an SNI name associated with this certificate.
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "id": "21b69eab-09d9-40f9-a55e-c4ee47fada68",
+    "cert": "-----BEGIN CERTIFICATE-----...",
+    "key": "-----BEGIN RSA PRIVATE KEY-----...",
+    "snis": [
+        "example.com"
+    ],
+    "created_at": 1485521710265
+}
+```
+---
+
+### List Certificates
+
+**Endpoint**
+
+<div class="endpoint get">/certificates/</div>
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "total": 2,
+    "data": [
+        {
+            "id": "21b69eab-09d9-40f9-a55e-c4ee47fada68",
+            "cert": "-----BEGIN CERTIFICATE-----...",
+            "key": "-----BEGIN RSA PRIVATE KEY-----...",
+            "snis": [
+                "example.com"
+            ],
+            "created_at": 1485521710265
+        },
+        {
+            "id": "6b5b6f71-c0b3-426d-8f3b-8de2c67c816b",
+            "cert": "-----BEGIN CERTIFICATE-----...",
+            "key": "-----BEGIN RSA PRIVATE KEY-----...",
+            "snis": [
+                "example.org"
+            ],
+            "created_at": 1485522651185
+        }
+    ]
+}
+```
+---
+
+### Update Certificate
+
+<div class="endpoint patch">/certificates/{sni or id}</div>
+
+Attributes | Description
+---:| ---
+`SNI or id`<br>**required** | The unique identifier **or** an SNI name associated with this certificate.
+
+#### Request Body
+
+{{ page.certificate_body }}
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "id": "21b69eab-09d9-40f9-a55e-c4ee47fada68",
+    "cert": "-----BEGIN CERTIFICATE-----...",
+    "key": "-----BEGIN RSA PRIVATE KEY-----...",
+    "snis": [
+        "example.com"
+    ],
+    "created_at": 1485521710265
+}
+```
+
+---
+
+### Update or Create Certificate
+
+**Endpoint**
+
+<div class="endpoint put">/certificates/</div>
+
+#### Request Body
+
+{{ page.certificate_body }}
+
+The behavior of `PUT` endpoints is the following: if the request payload **does
+not** contain an entity's primary key (`id` for Certificates), the entity will
+be created with the given payload. If the request payload **does** contain an
+entity's primary key, the payload will "replace" the entity specified by the
+given primary key. If the primary key is **not** that of an existing entity, `404
+NOT FOUND` will be returned.
+
+**Response**
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+---
+
+### Delete Certificate
+
+<div class="endpoint delete">/certificates/{sni or id}</div>
+
+Attributes | Description
+---:| ---
+`sni or id`<br>**required** | The unique identifier **or** an SNI name associated with this certificate.
+
+**Response**
+
+```
+HTTP 204 No Content
+```
+
+---
+
+## SNI Objects
+
+An SNI object represents a many-to-one mapping of hostnames to a certificate.
+That is, a certificate object can have many hostnames associated with it; when
+Kong receives an SSL request, it uses the SNI field in the Client Hello to
+lookup the certificate object based on the SNI associated with the certificate.
+
+```json
+{
+    "name": "example.com",
+    "ssl_certificate_id": "21b69eab-09d9-40f9-a55e-c4ee47fada68"
+}
+```
+
+---
+
+### Add SNI
+
+**Endpoint**
+
+<div class="endpoint post">/snis/</div>
+
+#### Request Body
+
+{{ page.snis_body }}
+
+**Response**
+
+```
+HTTP 201 Created
+```
+
+```json
+{
+    "name": "example.com",
+    "ssl_certificate_id": "21b69eab-09d9-40f9-a55e-c4ee47fada68",
+    "created_at": 1485521710265
+}
+```
+
+---
+
+### Retrieve SNI
+
+**Endpoint**
+
+<div class="endpoint get">/snis/{name}</div>
+
+Attributes | Description
+---:| ---
+`name`<br>**required** | The name of the SNI object.
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "name": "example.com",
+    "ssl_certificate_id": "21b69eab-09d9-40f9-a55e-c4ee47fada68",
+    "created_at": 1485521710265
+}
+```
+
+### List SNIs
+
+**Endpoint**
+
+<div class="endpoint get">/snis/</div>
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "total": 2,
+    "data": [
+        {
+            "name": "example.com",
+            "ssl_certificate_id": "21b69eab-09d9-40f9-a55e-c4ee47fada68",
+            "created_at": 1485521710265
+        },
+        {
+            "name": "example.org",
+            "ssl_certificate_id": "6b5b6f71-c0b3-426d-8f3b-8de2c67c816b",
+            "created_at": 1485521710265
+        }
+    ]
+}
+```
+
+---
+
+### Update SNI
+
+<div class="endpoint patch">/snis/{name}</div>
+
+Attributes | Description
+---:| ---
+`name`<br>**required** | The name of the SNI object.
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "name": "example.com",
+    "ssl_certificate_id": "21b69eab-09d9-40f9-a55e-c4ee47fada68",
+    "created_at": 1485521710265
+}
+```
+
+---
+
+### Update or Create SNI
+
+**Endpoint**
+
+<div class="endpoint put">/snis/</div>
+
+#### Request Body
+
+{{ page.snis_body }}
+
+The behavior of `PUT` endpoints is the following: if the request payload **does
+not** contain an entity's primary key (`name` for SNIs), the entity will be
+created with the given payload. If the request payload **does** contain an
+entity's primary key, the payload will "replace" the entity specified by the
+given primary key. If the primary key is **not** that of an existing entity, `404
+NOT FOUND` will be returned.
+
+**Response**
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+---
+
+### Delete SNI
+
+<div class="endpoint delete">/snis/{name}</div>
+
+Attributes | Description
+---:| ---
+`name`<br>**required** | The name of the SNI object.
+
+**Response**
+
+```
+HTTP 204 No Content
+```
+
+---
+
+## Upstream Objects
+
+The upstream object represents a virtual hostname and can be used to loadbalance
+incoming requests over multiple services (targets). So for example an upstream
+named `service.v1.xyz` for a Service object whose `host` is `service.v1.xyz`.
+Requests for this Service would be proxied to the targets defined within the upstream.
+
+An upstream also includes a [health checker][healthchecks], which is able to
+enable and disable targets based on their ability or inability to serve
+requests. The configuration for the health checker is stored in the upstream
+object, and applies to all of its targets.
+
+```json
+{
+    "name": "service.v1.xyz",
+    "hash_on": "none",
+    "hash_fallback": "none",
+    "healthchecks": {
+        "active": {
+            "concurrency": 10,
+            "healthy": {
+                "http_statuses": [ 200, 302 ],
+                "interval": 0,
+                "successes": 0
+            },
+            "http_path": "/",
+            "timeout": 1,
+            "unhealthy": {
+                "http_failures": 0,
+                "http_statuses": [ 429, 404, 500, 501,
+                                   502, 503, 504, 505 ],
+                "interval": 0,
+                "tcp_failures": 0,
+                "timeouts": 0
+            }
+        },
+        "passive": {
+            "healthy": {
+                "http_statuses": [ 200, 201, 202, 203,
+                                   204, 205, 206, 207,
+                                   208, 226, 300, 301,
+                                   302, 303, 304, 305,
+                                   306, 307, 308 ],
+                "successes": 0
+            },
+            "unhealthy": {
+                "http_failures": 0,
+                "http_statuses": [ 429, 500, 503 ],
+                "tcp_failures": 0,
+                "timeouts": 0
+            }
+        }
+    },
+    "slots": 10
+}
+```
+
+---
+
+### Add upstream
+
+**Endpoint**
+
+<div class="endpoint post">/upstreams/</div>
+
+#### Request Body
+
+{{ page.upstream_body }}
+
+**Response**
+
+```
+HTTP 201 Created
+```
+
+```json
+{
+    "id": "13611da7-703f-44f8-b790-fc1e7bf51b3e",
+    "name": "service.v1.xyz",
+    "hash_on": "none",
+    "hash_fallback": "none",
+    "healthchecks": {
+        "active": {
+            "concurrency": 10,
+            "healthy": {
+                "http_statuses": [ 200, 302 ],
+                "interval": 0,
+                "successes": 0
+            },
+            "http_path": "/",
+            "timeout": 1,
+            "unhealthy": {
+                "http_failures": 0,
+                "http_statuses": [ 429, 404, 500, 501,
+                                   502, 503, 504, 505 ],
+                "interval": 0,
+                "tcp_failures": 0,
+                "timeouts": 0
+            }
+        },
+        "passive": {
+            "healthy": {
+                "http_statuses": [ 200, 201, 202, 203,
+                                   204, 205, 206, 207,
+                                   208, 226, 300, 301,
+                                   302, 303, 304, 305,
+                                   306, 307, 308 ],
+                "successes": 0
+            },
+            "unhealthy": {
+                "http_failures": 0,
+                "http_statuses": [ 429, 500, 503 ],
+                "tcp_failures": 0,
+                "timeouts": 0
+            }
+        }
+    },
+    "slots": 10,
+    "created_at": 1485521710265
+}
+```
+
+---
+
+### Retrieve upstream
+
+**Endpoint**
+
+<div class="endpoint get">/upstreams/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the upstream to retrieve
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "id": "13611da7-703f-44f8-b790-fc1e7bf51b3e",
+    "name": "service.v1.xyz",
+    "hash_on": "none",
+    "hash_fallback": "none",
+    "healthchecks": {
+        "active": {
+            "concurrency": 10,
+            "healthy": {
+                "http_statuses": [ 200, 302 ],
+                "interval": 0,
+                "successes": 0
+            },
+            "http_path": "/",
+            "timeout": 1,
+            "unhealthy": {
+                "http_failures": 0,
+                "http_statuses": [ 429, 404, 500, 501,
+                                   502, 503, 504, 505 ],
+                "interval": 0,
+                "tcp_failures": 0,
+                "timeouts": 0
+            }
+        },
+        "passive": {
+            "healthy": {
+                "http_statuses": [ 200, 201, 202, 203,
+                                   204, 205, 206, 207,
+                                   208, 226, 300, 301,
+                                   302, 303, 304, 305,
+                                   306, 307, 308 ],
+                "successes": 0
+            },
+            "unhealthy": {
+                "http_failures": 0,
+                "http_statuses": [ 429, 500, 503 ],
+                "tcp_failures": 0,
+                "timeouts": 0
+            }
+        }
+    },
+    "slots": 10,
+    "created_at": 1485521710265
+}
+```
+
+---
+
+### List upstreams
+
+**Endpoint**
+
+<div class="endpoint get">/upstreams/</div>
+
+#### Request Querystring Parameters
+
+Attributes | Description
+---:| ---
+`id`<br>*optional* | A filter on the list based on the upstream `id` field.
+`name`<br>*optional* | A filter on the list based on the upstream `name` field.
+`hash_on`<br>*optional* | A filter on the list based on the upstream `hash_on` field.
+`hash_fallback`<br>*optional* | A filter on the list based on the upstream `hash_fallback` field.
+`hash_on_header`<br>*optional* | A filter on the list based on the upstream `hash_on_header` field.
+`hash_fallback_header`<br>*optional* | A filter on the list based on the upstream `hash_fallback_header` field.
+`slots`<br>*optional* | A filter on the list based on the upstream `slots` field.
+`size`<br>*optional, default is __100__* | A limit on the number of objects to be returned.
+`offset`<br>*optional* | A cursor used for pagination. `offset` is an object identifier that defines a place in the list.
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "total": 3,
+    "data": [
+        {
+            "created_at": 1485521710265,
+            "id": "13611da7-703f-44f8-b790-fc1e7bf51b3e",
+            "name": "service.v1.xyz",
+            "hash_on": "none",
+            "hash_fallback": "none",
+            "healthchecks": {
+                "active": {
+                    "concurrency": 10,
+                    "healthy": {
+                        "http_statuses": [ 200, 302 ],
+                        "interval": 0,
+                        "successes": 0
+                    },
+                    "http_path": "/",
+                    "timeout": 1,
+                    "unhealthy": {
+                        "http_failures": 0,
+                        "http_statuses": [ 429, 404, 500, 501,
+                                           502, 503, 504, 505 ],
+                        "interval": 0,
+                        "tcp_failures": 0,
+                        "timeouts": 0
+                    }
+                },
+                "passive": {
+                    "healthy": {
+                        "http_statuses": [ 200, 201, 202, 203,
+                                           204, 205, 206, 207,
+                                           208, 226, 300, 301,
+                                           302, 303, 304, 305,
+                                           306, 307, 308 ],
+                        "successes": 0
+                    },
+                    "unhealthy": {
+                        "http_failures": 0,
+                        "http_statuses": [ 429, 500, 503 ],
+                        "tcp_failures": 0,
+                        "timeouts": 0
+                    }
+                }
+            },
+            "slots": 10
+        },
+        {
+            "created_at": 1485522651185,
+            "id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "name": "service.v2.xyz",
+            "hash_on": "none",
+            "hash_fallback": "none",
+            "healthchecks": {
+                "active": {
+                    "concurrency": 10,
+                    "healthy": {
+                        "http_statuses": [ 200, 302 ],
+                        "interval": 5,
+                        "successes": 2
+                    },
+                    "http_path": "/health_status",
+                    "timeout": 1,
+                    "unhealthy": {
+                        "http_failures": 5,
+                        "http_statuses": [ 429, 404, 500, 501,
+                                           502, 503, 504, 505 ],
+                        "interval": 5,
+                        "tcp_failures": 2,
+                        "timeouts": 3
+                    }
+                },
+                "passive": {
+                    "healthy": {
+                        "http_statuses": [ 200, 201, 202, 203,
+                                           204, 205, 206, 207,
+                                           208, 226, 300, 301,
+                                           302, 303, 304, 305,
+                                           306, 307, 308 ],
+                        "successes": 5
+                    },
+                    "unhealthy": {
+                        "http_failures": 5,
+                        "http_statuses": [ 429, 500, 503 ],
+                        "tcp_failures": 2,
+                        "timeouts": 7
+                    }
+                }
+            },
+            "slots": 10
+        }
+    ],
+    "next": "http://localhost:8001/upstreams?size=2&offset=Mg%3D%3D",
+    "offset": "Mg=="
+}
+```
+
+---
+
+### Update upstream
+
+**Endpoint**
+
+<div class="endpoint patch">/upstreams/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the upstream to update
+
+#### Request Body
+
+{{ page.upstream_body }}
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "id": "4d924084-1adb-40a5-c042-63b19db421d1",
+    "name": "service.v1.xyz",
+    "hash_on": "none",
+    "hash_fallback": "none",
+    "slots": 10,
+    "healthchecks": {
+        "active": {
+            "concurrency": 10,
+            "healthy": {
+                "http_statuses": [ 200, 302 ],
+                "interval": 0,
+                "successes": 0
+            },
+            "http_path": "/",
+            "timeout": 1,
+            "unhealthy": {
+                "http_failures": 0,
+                "http_statuses": [ 429, 404, 500, 501,
+                                   502, 503, 504, 505 ],
+                "interval": 0,
+                "tcp_failures": 0,
+                "timeouts": 0
+            }
+        },
+        "passive": {
+            "healthy": {
+                "http_statuses": [ 200, 201, 202, 203,
+                                   204, 205, 206, 207,
+                                   208, 226, 300, 301,
+                                   302, 303, 304, 305,
+                                   306, 307, 308 ],
+                "successes": 0
+            },
+            "unhealthy": {
+                "http_failures": 0,
+                "http_statuses": [ 429, 500, 503 ],
+                "tcp_failures": 0,
+                "timeouts": 0
+            }
+        }
+    },
+    "created_at": 1422386534
+}
+```
+
+---
+
+### Update Or create Upstream
+
+**Endpoint**
+
+<div class="endpoint put">/upstreams/</div>
+
+#### Request Body
+
+{{ page.upstream_body }}
+
+The behavior of `PUT` endpoints is the following: if the request payload **does
+not** contain an entity's primary key (`id` for Upstreams), the entity will be
+created with the given payload. If the request payload **does** contain an
+entity's primary key, the payload will "replace" the entity specified by the
+given primary key. If the primary key is **not** that of an existing entity, `404
+NOT FOUND` will be returned.
+
+**Response**
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+---
+
+### Delete upstream
+
+**Endpoint**
+
+<div class="endpoint delete">/upstreams/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the upstream to delete
+
+**Response**
+
+```
+HTTP 204 No Content
+```
+
+---
+
+### Show Upstream health for node
+
+Displays the health status for all Targets of a given Upstream, according to
+the perspective of a specific Kong node. Note that, being node-specific
+information, making this same request to different nodes of the Kong cluster
+may produce different results. For example, one specific node of the Kong
+cluster may be experiencing network issues, causing it to fail to connect to
+some Targets: these Targets will be marked as unhealthy by that node
+(directing traffic from this node to other Targets that it can successfully
+reach), but healthy to all others Kong nodes (which have no problems using that
+Target).
+
+The `data` field of the response contains an array of Target objects.
+The health for each Target is returned in its `health` field:
+
+* If a Target fails to be activated in the ring balancer due to DNS issues,
+  its status displays as `DNS_ERROR`.
+* When [health checks][healthchecks] are not enabled in the Upstream
+  configuration, the health status for active Targets is displayed as
+  `HEALTHCHECKS_OFF`.
+* When health checks are enabled and the Target is determined to be healthy,
+  either automatically or [manually](#set-target-as-healthy),
+  its status is displayed as `HEALTHY`. This means that this Target is
+  currently included in this Upstream's load balancer ring.
+* When a Target has been disabled by either active or passive health checks
+  (circuit breakers) or [manually](#set-target-as-unhealthy),
+  its status is displayed as `UNHEALTHY`. The load balancer is not directing
+  any traffic to this Target via this Upstream.
+
+### Endpoint
+
+<div class="endpoint get">/upstreams/{name or id}/health/</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Upstream for which to display Target health.
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "total": 2,
+    "node_id": "cbb297c0-14a9-46bc-ad91-1d0ef9b42df9",
+    "data": [
+        {
+            "created_at": 1485524883980,
+            "id": "18c0ad90-f942-4098-88db-bbee3e43b27f",
+            "health": "HEALTHY",
+            "target": "127.0.0.1:20000",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 100
+        },
+        {
+            "created_at": 1485524914883,
+            "id": "6c6f34eb-e6c3-4c1f-ac58-4060e5bca890",
+            "health": "UNHEALTHY",
+            "target": "127.0.0.1:20002",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 200
+        }
+    ]
+}
+```
+
+---
+
+## Target Object
+
+A target is an ip address/hostname with a port that identifies an instance of a backend
+service. Every upstream can have many targets, and the targets can be
+dynamically added. Changes are effectuated on the fly.
+
+Because the upstream maintains a history of target changes, the targets cannot
+be deleted or modified. To disable a target, post a new one with `weight=0`;
+alternatively, use the `DELETE` convenience method to accomplish the same.
+
+The current target object definition is the one with the latest `created_at`.
+
+```json
+{
+    "target": "1.2.3.4:80",
+    "weight": 15,
+    "upstream_id": "ee3310c1-6789-40ac-9386-f79c0cb58432"
+}
+```
+
+---
+
+### Add target
+
+**Endpoint**
+
+<div class="endpoint post">/upstreams/{name or id}/targets</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the upstream to which to add the target
+
+#### Request Body
+
+{{ page.target_body }}
+
+**Response**
+
+```
+HTTP 201 Created
+```
+
+```json
+{
+    "id": "4661f55e-95c2-4011-8fd6-c5c56df1c9db",
+    "target": "1.2.3.4:80",
+    "weight": 15,
+    "upstream_id": "ee3310c1-6789-40ac-9386-f79c0cb58432",
+    "created_at": 1485523507446
+}
+```
+
+---
+
+### List targets
+
+Lists all targets currently active on the upstream's load balancing wheel.
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> The behavior of this endpoint changed in the 0.12.0
+  release from returning all targets belonging to an upstream, to only
+  currently active ones. The endpoint returning the entire history of targets
+  was moved to [List all targets](#list-all-targets).
+</div>
+
+**Endpoint**
+
+<div class="endpoint get">/upstreams/{name or id}/targets</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the upstream for which to list the targets
+
+#### Request Querystring Parameters
+
+Attributes | Description
+---:| ---
+`id`<br>*optional* | A filter on the list based on the target `id` field.
+`target`<br>*optional* | A filter on the list based on the target `target` field.
+`weight`<br>*optional* | A filter on the list based on the target `weight` field.
+`size`<br>*optional, default is __100__* | A limit on the number of objects to be returned.
+`offset`<br>*optional* | A cursor used for pagination. `offset` is an object identifier that defines a place in the list.
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "total": 30,
+    "data": [
+        {
+            "created_at": 1485524883980,
+            "id": "18c0ad90-f942-4098-88db-bbee3e43b27f",
+            "target": "127.0.0.1:20000",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 100
+        },
+        {
+            "created_at": 1485524897232,
+            "id": "9b96f13d-65af-4f30-bbe9-b367121dd26b",
+            "target": "127.0.0.1:20001",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 0
+        },
+        {
+            "created_at": 1485524914883,
+            "id": "6c6f34eb-e6c3-4c1f-ac58-4060e5bca890",
+            "target": "127.0.0.1:20002",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 200
+        }
+    ]
+}
+```
+
+---
+
+### List all targets
+
+Lists all targets of the upstream. Multiple target objects for the same
+target may be returned, showing the history of changes for a specific target.
+The target object with the latest `created_at` is the current definition.
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> This endpoint is only available with Kong 0.12.0+
+</div>
+
+### Endpoint
+
+<div class="endpoint get">/upstreams/{name or id}/targets/all/</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the upstream for which to list the targets.
+
+**Response**
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "total": 2,
+    "data": [
+        {
+            "created_at": 1485524883980,
+            "id": "18c0ad90-f942-4098-88db-bbee3e43b27f",
+            "target": "127.0.0.1:20000",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 100
+        },
+        {
+            "created_at": 1485524914883,
+            "id": "6c6f34eb-e6c3-4c1f-ac58-4060e5bca890",
+            "target": "127.0.0.1:20002",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 200
+        }
+    ]
+}
+```
+
+---
+
+### Delete target
+
+Disable a target in the load balancer. Under the hood, this method creates
+a new entry for the given target definition with a `weight` of 0.
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> This endpoint is only available with Kong 0.10.1+
+</div>
+
+**Endpoint**
+
+<div class="endpoint delete">/upstreams/{upstream name or id}/targets/{target or id}</div>
+
+Attributes | Description
+---:| ---
+`upstream name or id`<br>**required** | The unique identifier **or** the name of the upstream for which to delete the target.
+`target or id`<br>**required** | The host/port combination element of the target to remove, or the `id` of an existing target entry.
+
+**Response**
+
+```
+HTTP 204 No Content
+```
+
+---
+
+### Set target as healthy
+
+Set the current health status of a target in the load balancer to "healthy"
+in the entire Kong cluster.
+
+This endpoint can be used to manually re-enable a target that was previously
+disabled by the upstream's [health checker][healthchecks]. Upstreams only
+forward requests to healthy nodes, so this call tells Kong to start using this
+target again.
+
+This resets the health counters of the health checkers running in all workers
+of the Kong node, and broadcasts a cluster-wide message so that the "healthy"
+status is propagated to the whole Kong cluster.
+
+**Endpoint**
+
+<div class="endpoint post">/upstreams/{upstream name or id}/targets/{target or id}/healthy</div>
+
+Attributes | Description
+---:| ---
+`upstream name or id`<br>**required** | The unique identifier **or** the name of the upstream.
+`target or id`<br>**required** | The host/port combination element of the target to set as healthy, or the `id` of an existing target entry.
+
+**Response**
+
+```
+HTTP 204 No Content
+```
+
+---
+
+### Set target as unhealthy
+
+Set the current health status of a target in the load balancer to "unhealthy"
+in the entire Kong cluster.
+
+This endpoint can be used to manually disable a target and have it stop
+responding to requests. Upstreams only forward requests to healthy nodes, so
+this call tells Kong to start skipping this target in the ring-balancer
+algorithm.
+
+This call resets the health counters of the health checkers running in all
+workers of the Kong node, and broadcasts a cluster-wide message so that the
+"unhealthy" status is propagated to the whole Kong cluster.
+
+[Active health checks][active] continue to execute for unhealthy
+targets. Note that if active health checks are enabled and the probe detects
+that the target is actually healthy, it will automatically re-enable it again.
+To permanently remove a target from the ring-balancer, you should [delete a
+target](#delete-target) instead.
+
+**Endpoint**
+
+<div class="endpoint post">/upstreams/{upstream name or id}/targets/{target or id}/unhealthy</div>
+
+Attributes | Description
+---:| ---
+`upstream name or id`<br>**required** | The unique identifier **or** the name of the upstream.
+`target or id`<br>**required** | The host/port combination element of the target to set as unhealthy, or the `id` of an existing target entry.
+
+**Response**
+
+```
+HTTP 204 No Content
+```
+
+[clustering]: /enterprise/{{page.kong_version}}/clustering
+[cli]: /enterprise/{{page.kong_version}}/cli
+[active]: /enterprise/{{page.kong_version}}/health-checks-circuit-breakers/#active-health-checks
+[healthchecks]: /enterprise/{{page.kong_version}}/health-checks-circuit-breakers
+[secure-admin-api]: /enterprise/{{page.kong_version}}/secure-admin-api
+[proxy-reference]: /enterprise/{{page.kong_version}}/proxy
diff --git a/app/enterprise/0.34-x/auth.md b/app/enterprise/0.34-x/auth.md
new file mode 100644
index 000000000000..f190620128e8
--- /dev/null
+++ b/app/enterprise/0.34-x/auth.md
@@ -0,0 +1,215 @@
+---
+title: Authentication Reference
+---
+
+## Introduction
+
+Traffic to your upstream services (APIs or microservices) is typically controlled by the application and
+configuration of various Kong [authentication plugins][plugins]. Since Kong's Service entity represents
+a 1-to-1 mapping of your own upstream services, the simplest scenario is to configure authentication
+plugins on the Services of your choosing.
+
+## Generic authentication
+
+The most common scenario is to require authentication and to not allow access for any unauthenticated request.
+To achieve this any of the authentication plugins can be used. The generic scheme/flow of those plugins
+works as follows:
+
+1. Apply an auth plugin to a Service, or globally (you cannot apply one on consumers)
+2. Create a `consumer` entity
+3. Provide the consumer with authentication credentials for the specific authentication method
+4. Now whenever a request comes in Kong will check the provided credentials (depends on the auth type) and
+it will either block the request if it cannot validate, or add consumer and credential details
+in the headers and forward the request
+
+The generic flow above does not always apply, for example when using external authentication like LDAP,
+then there is no consumer to be identified, and only the credentials will be added in the forwarded headers.
+
+The authentication method specific elements and examples can be found in each [plugin's documentation][plugins].
+
+## Consumers
+
+The easiest way to think about consumers is to map them one-on-one to users. Yet, to Kong this does not matter.
+The core principle for consumers is that you can attach plugins to them, and hence customize request behaviour.
+So you might have mobile apps, and define one consumer for each app, or version of it. Or have a consumer per
+platform, e.g. an android consumer, an iOS consumer, etc.
+
+It is an opaque concept to Kong and hence they are called "consumers" and not "users".
+
+## Anonymous Access
+
+Kong has the ability to configure a given Service to allow **both** authenticated **and** anonymous access.
+You might use this configuration to grant access to anonymous users with a low rate-limit, and grant access
+to authenticated users with a higher rate limit.
+
+To configure a Service like this, you first apply your selected authentication plugin, then create a new
+consumer to represent anonymous users, then configure your authentication plugin to allow anonymous
+access. Here is an example, which assumes you have already configured a Service named `example-service` and
+the corresponding route:
+
+1. ### Create an example Service and a Route
+
+    Issue the following cURL request to create `example-service` pointing to mockbin.org, which will echo
+    the request:
+
+    ```bash
+    $ curl -i -X POST \
+      --url http://localhost:8001/services/ \
+      --data 'name=example-service' \
+      --data 'url=http://mockbin.org/request'
+    ```
+
+    Add a route to the Service:
+
+    ```bash
+    $ curl -i -X POST \
+      --url http://localhost:8001/services/example-service/routes \
+      --data 'paths[]=/auth-sample'
+    ```
+
+    The url `http://localhost:8000/auth-sample` will now echo whatever is being requested.
+
+2. ### Configure the key-auth Plugin for your Service
+
+    Issue the following cURL request to add a plugin to a Service:
+
+    ```bash
+    $ curl -i -X POST \
+      --url http://localhost:8001/services/example-service/plugins/ \
+      --data 'name=key-auth'
+    ```
+
+    Be sure to note the created Plugin `id` - you'll need it in step 5.
+
+3. ### Verify that the key-auth plugin is properly configured
+
+    Issue the following cURL request to verify that the [key-auth][key-auth]
+    plugin was properly configured on the Service:
+
+    ```bash
+    $ curl -i -X GET \
+      --url http://localhost:8000/auth-sample
+    ```
+
+    Since you did not specify the required `apikey` header or parameter, and you have not yet
+    enabled anonymous access, the response should be `403 Forbidden`:
+
+    ```http
+    HTTP/1.1 403 Forbidden
+    ...
+
+    {
+      "message": "No API key found in headers or querystring"
+    }
+    ```
+
+4. ### Create an anonymous Consumer
+
+    Every request proxied by Kong must be associated with a Consumer. You'll now create a Consumer
+    named `anonymous_users` (that Kong will utilize when proxying anonymous access) by issuing the
+    following request:
+
+    ```bash
+    $ curl -i -X POST \
+      --url http://localhost:8001/consumers/ \
+      --data "username=anonymous_users"
+    ```
+
+    You should see a response similar to the one below:
+
+    ```http
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+    Connection: keep-alive
+
+    {
+      "username": "anonymous_users",
+      "created_at": 1428555626000,
+      "id": "bbdf1c48-19dc-4ab7-cae0-ff4f59d87dc9"
+    }
+    ```
+
+    Be sure to note the Consumer `id` - you'll need it in the next step.
+
+5. ### Enable anonymous access
+
+    You'll now re-configure the key-auth plugin to permit anonymous access by issuing the following
+    request (**replace the sample uuids below by the `id` values from step 2 and 4**):
+
+    ```bash
+    $ curl -i -X PATCH \
+      --url http://localhost:8001/plugins/<your-plugin-id> \
+      --data "config.anonymous=<your-consumer-id>"
+    ```
+
+    The `config.anonymous=<your-consumer-id>` parameter instructs the key-auth plugin on this Service to permit
+    anonymous access, and to associate such access with the Consumer `id` we received in the previous step. It is
+    required that you provide a valid and pre-existing Consumer `id` in this step - validity of the Consumer `id`
+    is not currently checked when configuring anonymous access, and provisioning of a Consumer `id` that doesn't already
+    exist will result in an incorrect configuration.
+
+6. ### Check anonymous access
+
+    Confirm that your Service now permits anonymous access by issuing the following request:
+
+    ```bash
+    $ curl -i -X GET \
+      --url http://localhost:8000/auth-sample
+    ```
+
+    This is the same request you made in step #3, however this time the request should succeed, because you
+    enabled anonymous access in step #5.
+
+    The response (which is the request as Mockbin received it) should have these elements:
+
+    ```json
+    {
+      ...
+      "headers": {
+        ...
+        "x-consumer-id": "713c592c-38b8-4f5b-976f-1bd2b8069494",
+        "x-consumer-username": "anonymous_users",
+        "x-anonymous-consumer": "true",
+        ...
+      },
+      ...
+    }
+    ```
+
+    It shows the request was successful, but anonymous.
+
+## Multiple Authentication
+
+Kong supports multiple authentication plugins for a given Service, allowing
+different clients to utilize different authentication methods to access a given Service or Route.
+
+The behaviour of the auth plugins can be set to do either a logical `AND`, or a logical `OR` when evaluating
+multiple authentication credentials. The key to the behaviour is the `config.anonymous` property.
+
+- `config.anonymous` not set <br/>
+  If this property is not set (empty) then the auth plugins will always perform authentication and return
+  a `40x` response if not validated. This results in a logical `AND` when multiple auth plugins are being
+  invoked.
+- `config.anonymous` set to a valid consumer id <br/>
+  In this case the auth plugin will only perform authentication if it was not already authenticated. When
+  authentication fails, it will not return a `40x` response, but set the anonymous consumer as the consumer. This
+  results in a logical `OR` + 'anonymous access' when multiple auth plugins are being invoked.
+
+**NOTE 1**: Either all or none of the auth plugins must be configured for anonymous access. The behaviour is
+undefined if they are mixed.
+
+**NOTE 2**: When using the `AND` method, the last plugin executed will be the one setting the credentials
+passed to the upstream service. With the `OR` method, it will be the first plugin that successfully authenticates
+the consumer, or the last plugin that will set its configured anonymous consumer.
+
+**NOTE 3**: When using the OAuth2 plugin in an `AND` fashion, then also the OAuth2 endpoints for requesting
+tokens etc. will require authentication by the other configured auth plugins.
+
+<div class="alert alert-warning">
+  When multiple authentication plugins are enabled in an <tt>OR</tt> fashion on a given Service, and it is desired that
+  anonymous access be forbidden, then the <a href="/plugins/request-termination"><tt>request-termination</tt> plugin</a> should be
+  configured on the anonymous consumer. Failure to do so will allow unauthorized requests.
+</div>
+
+[plugins]: https://konghq.com/plugins/
+[key-auth]: /plugins/key-authentication
diff --git a/app/enterprise/0.34-x/cli.md b/app/enterprise/0.34-x/cli.md
new file mode 100644
index 000000000000..532faf20fedd
--- /dev/null
+++ b/app/enterprise/0.34-x/cli.md
@@ -0,0 +1,216 @@
+---
+title: CLI Reference
+---
+
+## Introduction
+
+The provided CLI (*Command Line Interface*) allows you to start, stop, and
+manage your Kong instances. The CLI manages your local node (as in, on the
+current machine).
+
+If you haven't yet, we recommend you read the [configuration reference][configuration-reference].
+
+## Global flags
+
+All commands take a set of special, optional flags as arguments:
+
+* `--help`: print the command's help message
+* `--v`: enable verbose mode
+* `--vv`: enable debug mode (noisy)
+
+[Back to TOC](#table-of-contents)
+
+## Available commands
+
+### kong check
+
+```
+Usage: kong check <conf>
+
+Check the validity of a given Kong configuration file.
+
+<conf> (default /etc/kong.conf or /etc/kong/kong.conf) configuration file
+```
+
+[Back to TOC](#table-of-contents)
+
+---
+
+### kong prepare
+
+This command prepares the Kong prefix folder, with its sub-folders and files.
+
+```
+Usage: kong prepare [OPTIONS]
+
+Prepare the Kong prefix in the configured prefix directory. This command can
+be used to start Kong from the nginx binary without using the 'kong start'
+command.
+
+Example usage:
+  kong prepare -p /usr/local/kong -c kong.conf && kong migrations up &&
+    nginx -p /usr/local/kong -c /usr/local/kong/nginx.conf
+
+Options:
+ -c,--conf    (optional string) configuration file
+ -p,--prefix  (optional string) override prefix directory
+ --nginx-conf (optional string) custom Nginx configuration template
+```
+
+[Back to TOC](#table-of-contents)
+
+---
+
+### kong health
+
+```
+Usage: kong health [OPTIONS]
+
+Check if the necessary services are running for this node.
+
+Options:
+  -p,--prefix (optional string) prefix at which Kong should be running
+```
+
+[Back to TOC](#table-of-contents)
+
+---
+
+### kong migrations
+
+```
+Usage: kong migrations COMMAND [OPTIONS]
+
+Manage Kong's database migrations.
+
+The available commands are:
+  list   List migrations currently executed.
+  up     Execute all missing migrations up to the latest available.
+  reset  Reset the configured database (irreversible).
+
+Options:
+  -c,--conf (optional string) configuration file
+```
+
+[Back to TOC](#table-of-contents)
+
+---
+
+### kong quit
+
+```
+Usage: kong quit [OPTIONS]
+
+Gracefully quit a running Kong node (Nginx and other
+configured services) in given prefix directory.
+
+This command sends a SIGQUIT signal to Nginx, meaning all
+requests will finish processing before shutting down.
+If the timeout delay is reached, the node will be forcefully
+stopped (SIGTERM).
+
+Options:
+  -p,--prefix  (optional string) prefix Kong is running at
+  -t,--timeout (default 10) timeout before forced shutdown
+```
+
+[Back to TOC](#table-of-contents)
+
+---
+
+### kong reload
+
+```
+Usage: kong reload [OPTIONS]
+
+Reload a Kong node (and start other configured services
+if necessary) in given prefix directory.
+
+This command sends a HUP signal to Nginx, which will spawn
+new workers (taking configuration changes into account),
+and stop the old ones when they have finished processing
+current requests.
+
+Options:
+  -c,--conf    (optional string) configuration file
+  -p,--prefix  (optional string) prefix Kong is running at
+  --nginx-conf (optional string) custom Nginx configuration template
+```
+
+[Back to TOC](#table-of-contents)
+
+---
+
+### kong restart
+
+```
+Usage: kong restart [OPTIONS]
+
+Restart a Kong node in the given prefix directory.
+
+This command is equivalent to doing both 'kong stop' and
+'kong start'.
+
+Options:
+  -c,--conf        (optional string)   configuration file
+  -p,--prefix      (optional string)   prefix at which Kong should be running
+  --nginx-conf     (optional string)   custom Nginx configuration template
+  --run-migrations (optional boolean)  optionally run migrations on the DB
+```
+
+[Back to TOC](#table-of-contents)
+
+---
+
+### kong start
+
+```
+Usage: kong start [OPTIONS]
+
+Start Kong (Nginx and other configured services) in the configured
+prefix directory.
+
+Options:
+  -c,--conf        (optional string)   configuration file
+  -p,--prefix      (optional string)   prefix at which Kong should be running
+  --nginx-conf     (optional string)   custom Nginx configuration template
+  --run-migrations (optional boolean)  optionally run migrations on the DB
+```
+
+[Back to TOC](#table-of-contents)
+
+---
+
+### kong stop
+
+```
+Usage: kong stop [OPTIONS]
+
+Stop a running Kong node (Nginx and other configured services) in given
+prefix directory.
+
+This command sends a SIGTERM signal to Nginx.
+
+Options:
+  -p,--prefix (optional string) prefix Kong is running at
+```
+
+[Back to TOC](#table-of-contents)
+
+---
+
+### kong version
+
+```
+Usage: kong version [OPTIONS]
+
+Print Kong's version. With the -a option, will print
+the version of all underlying dependencies.
+
+Options:
+  -a,--all    get version of all dependencies
+```
+
+[Back to TOC](#table-of-contents)
+
+[configuration-reference]: /enterprise/{{page.kong_version}}/property-reference
diff --git a/app/enterprise/0.34-x/clustering.md b/app/enterprise/0.34-x/clustering.md
new file mode 100644
index 000000000000..f36231cf0400
--- /dev/null
+++ b/app/enterprise/0.34-x/clustering.md
@@ -0,0 +1,296 @@
+---
+title: Enterprise Clustering Reference
+---
+
+## Introduction
+
+A Kong cluster allows you to scale the system horizontally by adding more
+machines to handle more incoming requests. They will all share the same
+configuration since they point to the same database. Kong nodes pointing to the
+**same datastore** will be part of the same Kong cluster.
+
+You need a load-balancer in front of your Kong cluster to distribute traffic
+across your available nodes.
+
+## What a Kong cluster does and doesn't do
+
+**Having a Kong cluster does not mean that your clients traffic will be
+load-balanced across your Kong nodes out of the box.** You still need a
+load-balancer in front of your Kong nodes to distribute your traffic. Instead,
+a Kong cluster means that those nodes will share the same configuration.
+
+For performance reasons, Kong avoids database connections when proxying
+requests, and caches the contents of your database in memory. The cached
+entities include Services, Routes, Consumers, Plugins, Credentials, etc... Since those
+values are in memory, any change made via the Admin API of one of the nodes
+needs to be propagated to the other nodes.
+
+This document describes how those cached entities are being invalidated and how
+to configure your Kong nodes for your use case, which lies somewhere between
+performance and consistency.
+
+[Back to TOC](#table-of-contents)
+
+## Single node Kong clusters
+
+A single Kong node connected to a database (Cassandra or PostgreSQL) creates a
+Kong cluster of one node. Any changes applied via the Admin API of this node
+will instantly take effect. Example:
+
+Consider a single Kong node `A`. If we delete a previously registered Service:
+
+```bash
+$ curl -X DELETE http://127.0.0.1:8001/services/test-service
+```
+
+Then any subsequent request to `A` would instantly return `404 Not Found`, as
+the node purged it from its local cache:
+
+```bash
+$ curl -i http://127.0.0.1:8000/test-service
+```
+
+[Back to TOC](#table-of-contents)
+
+## Multiple nodes Kong clusters
+
+In a cluster of multiple Kong nodes, other nodes connected to the same database
+would not instantly be notified that the Service was deleted by node `A`.  While
+the Service is **not** in the database anymore (it was deleted by node `A`), it is
+**still** in node `B`'s memory.
+
+All nodes perform a periodic background job to synchronize with changes that
+may have been triggered by other nodes. The frequency of this job can be
+configured via:
+
+* [db_update_frequency][db_update_frequency] (default: 5 seconds)
+
+Every `db_update_frequency` seconds, all running Kong nodes will poll the
+database for any update, and will purge the relevant entities from their cache
+if necessary.
+
+If we delete a Service from node `A`, this change will not be effective in node
+`B` until node `B`s next database poll, which will occur up to
+`db_update_frequency` seconds later (though it could happen sooner).
+
+This makes Kong clusters **eventually consistent**.
+
+[Back to TOC](#table-of-contents)
+
+## What is being cached?
+
+All of the core entities such as Services, Routes, Plugins, Consumers, Credentials are
+cached in memory by Kong and depend on their invalidation via the polling
+mechanism to be updated.
+
+Additionally, Kong also caches **database misses**. This means that if you
+configure a Service with no plugin, Kong will cache this information. Example:
+
+On node `A`, we add a Service and a Route:
+
+```bash
+# node A
+$ curl -X POST http://127.0.0.1:8001/services \
+    --data "name=example-service" \
+    --data "url=http://example.com"
+
+$ curl -X POST http://127.0.0.1:8001/services/example-service/routes \
+    --data "paths[]=/example"
+```
+
+(Note that we used `/services/example-service/routes` as a shortcut: we
+could have used the `/routes` endpoint instead, but then we would need to
+pass `service_id` as an argument, with the UUID of the new Service.)
+
+A request to the Proxy port of both node `A` and `B` will cache this Service, and
+the fact that no plugin is configured on it:
+
+```bash
+# node A
+$ curl http://127.0.0.1:8000/example
+HTTP 200 OK
+...
+```
+
+```bash
+# node B
+$ curl http://127.0.0.2:8000/example
+HTTP 200 OK
+...
+```
+
+Now, say we add a plugin to this Service via node `A`'s Admin API:
+
+```bash
+# node A
+$ curl -X POST http://127.0.0.1:8001/services/example-service/plugins \
+    --data "name=example-plugin"
+```
+
+Because this request was issued via node `A`'s Admin API, node `A` will locally
+invalidate its cache and on subsequent requests, it will detect that this API
+has a plugin configured.
+
+However, node `B` hasn't run a database poll yet, and still caches that this
+API has no plugin to run. It will be so until node `B` runs its database
+polling job.
+
+**Conclusion**: all CRUD operations trigger cache invalidations. Creation
+(`POST`, `PUT`) will invalidate cached database misses, and update/deletion
+(`PATCH`, `DELETE`) will invalidate cached database hits.
+
+[Back to TOC](#table-of-contents)
+
+## How to configure database caching?
+
+You can configure 3 properties in the Kong configuration file, the most
+important one being `db_update_frequency`, which determine where your Kong
+nodes stand on the performance vs consistency trade off.
+
+Kong comes with default values tuned for consistency, in order to let you
+experiment with its clustering capabilities while avoiding "surprises". As you
+prepare a production setup, you should consider tuning those values to ensure
+that your performance constraints are respected.
+
+### 1. [db_update_frequency][db_update_frequency] (default: 5s)
+
+This value determines the frequency at which your Kong nodes will be polling
+the database for invalidation events. A lower value will mean that the polling
+job will be executed more frequently, but that your Kong nodes will keep up
+with changes you apply. A higher value will mean that your Kong nodes will
+spend less time running the polling jobs, and will focus on proxying your
+traffic.
+
+**Note**: changes propagate through the cluster in up to `db_update_frequency`
+seconds.
+
+[Back to TOC](#table-of-contents)
+
+### 2. [db_update_propagation][db_update_propagation] (default: 0s)
+
+If your database itself is eventually consistent (ie: Cassandra), you **must**
+configure this value. It is to ensure that the change has time to propagate
+across your database nodes. When set, Kong nodes receiving invalidation events
+from their polling jobs will delay the purging of their cache for
+`db_update_propagation` seconds.
+
+If a Kong node connected to an eventual consistent database was not delaying
+the event handling, it could purge its cache, only to cache the non-updated
+value again (because the change hasn't propagated through the database yet)!
+
+You should set this value to an estimate of the amount of time your database
+cluster takes to propagate changes.
+
+**Note**: when this value is set, changes propagate through the cluster in
+up to `db_update_frequency + db_update_propagation` seconds.
+
+[Back to TOC](#table-of-contents)
+
+### 3. [db_cache_ttl][db_cache_ttl] (default: 3600s)
+
+The time (in seconds) for which Kong will cache database entities (both hits
+and misses). This Time-To-Live value acts as a safeguard in case a Kong node
+misses an invalidation event, to avoid it from running on stale data for too
+long. When the TTL is reached, the value will be purged from its cache, and the
+next database result will be cached again.
+
+You can configure your cache to not invalidate data based on this TTL, by
+disabling it. To disable it, set this value to `0`. But be wary: if a Kong
+node misses an invalidation event for any reason, it might run with a stale
+value in its cache for an undefined amount of time, until the cache is
+manually purged, or the node is restarted.
+
+[Back to TOC](#table-of-contents)
+
+### 4. When using Cassandra
+
+If you use Cassandra as your Kong database, you **must** set
+[db_update_propagation][db_update_propagation] to a non-zero value. Since
+Cassandra is eventually consistent by nature, this will ensure that Kong nodes
+do not prematurely invalidate their cache, only to fetch and catch a
+not up-to-date entity again. Kong will present you a warning logs if you did
+not configure this value when using Cassandra.
+
+Additionally, you might want to configure `cassandra_consistency` to a value
+like `QUORUM` or `LOCAL_QUORUM`, to ensure that values being cached by your
+Kong nodes are up-to-date values from your database.
+
+[Back to TOC](#table-of-contents)
+
+## Interacting with the cache via the Admin API
+
+If for some reason, you wish to investigate the cached values, or manually
+invalidate a value cached by Kong (a cached hit or miss), you can do so via the
+Admin API `/cache` endpoint.
+
+### Inspect a cached value
+
+**Endpoint**
+
+<div class="endpoint get">/cache/{cache_key}</div>
+
+**Response**
+
+If a value with that key is cached:
+
+```
+HTTP 200 OK
+...
+{
+    ...
+}
+```
+
+Else:
+
+```
+HTTP 404 Not Found
+```
+
+**Note**: retrieving the `cache_key` for each entity being cached by Kong is
+currently an undocumented process. Future versions of the Admin API will make
+this process easier.
+
+[Back to TOC](#table-of-contents)
+
+### Purge a cached value
+
+**Endpoint**
+
+<div class="endpoint delete">/cache/{cache_key}</div>
+
+**Response**
+
+```
+HTTP 204 No Content
+...
+```
+
+**Note**: retrieving the `cache_key` for each entity being cached by Kong is
+currently an undocumented process. Future versions of the Admin API will make
+this process easier.
+
+[Back to TOC](#table-of-contents)
+
+### Purge a node's cache
+
+**Endpoint**
+
+<div class="endpoint delete">/cache</div>
+
+**Response**
+
+```
+HTTP 204 No Content
+```
+
+**Note**: be wary of using this endpoint on a warm, production running node.
+If the node is receiving a lot of traffic, purging its cache at the same time
+will trigger many requests to your database, and could cause a
+[dog-pile effect](https://en.wikipedia.org/wiki/Cache_stampede).
+
+[Back to TOC](#table-of-contents)
+
+[db_update_frequency]: /enterprise/{{page.kong_version}}/property-reference/#db_update_frequency
+[db_update_propagation]: /enterprise/{{page.kong_version}}/property-reference/#db_update_propagation
+[db_cache_ttl]: /enterprise/{{page.kong_version}}/property-reference/#db_cache_ttl
diff --git a/app/enterprise/0.34-x/configuration.md b/app/enterprise/0.34-x/configuration.md
new file mode 100644
index 000000000000..c0e2eac8a551
--- /dev/null
+++ b/app/enterprise/0.34-x/configuration.md
@@ -0,0 +1,959 @@
+---
+title: Enterprise Configuration Reference
+---
+
+## Configuration loading
+
+Kong comes with a default configuration file that can be found at
+`/etc/kong/kong.conf.default` if you installed Kong via one of the official
+packages. To start configuring Kong, you can copy this file:
+
+```bash
+$ cp /etc/kong/kong.conf.default /etc/kong/kong.conf
+```
+
+Kong will operate with default settings should all the values in your
+configuration be commented-out. Upon starting, Kong looks for several
+default locations that might contain a configuration file:
+
+```
+/etc/kong/kong.conf
+/etc/kong.conf
+```
+
+You can override this behavior by specifying a custom path for your
+configuration file using the `-c / --conf` argument in the CLI:
+
+```bash
+$ kong start --conf /path/to/kong.conf
+```
+
+The configuration format is straightforward: simply uncomment any property
+(comments are defined by the `#` character) and modify it to your needs.
+Booleans values can be specified as `on/off` or `true`/`false` for convenience.
+
+[Back to TOC](#table-of-contents)
+
+## Verifying your configuration
+
+You can verify the integrity of your settings with the `check` command:
+
+```bash
+$ kong check <path/to/kong.conf>
+configuration at <path/to/kong.conf> is valid
+```
+
+This command will take into account the environment variables you have
+currently set, and will error out in case your settings are invalid.
+
+Additionally, you can also use the CLI in debug mode to have more insight
+as to what properties Kong is being started with:
+
+```bash
+$ kong start -c <kong.conf> --vv
+2016/08/11 14:53:36 [verbose] no config file found at /etc/kong.conf
+2016/08/11 14:53:36 [verbose] no config file found at /etc/kong/kong.conf
+2016/08/11 14:53:36 [debug] admin_listen = "0.0.0.0:8001"
+2016/08/11 14:53:36 [debug] database = "postgres"
+2016/08/11 14:53:36 [debug] log_level = "notice"
+[...]
+```
+
+[Back to TOC](#table-of-contents)
+
+## Environment variables
+
+When loading properties out of a configuration file, Kong will also look for
+environment variables of the same name. This allows you to fully configure Kong
+via environment variables, which is very convenient for container-based
+infrastructures, for example.
+
+All environment variables prefixed with `KONG_`, capitalized and bearing the
+same name as a setting will override it.
+
+Example:
+
+```
+log_level = debug # in kong.conf
+```
+
+Can be overridden with:
+
+```bash
+$ export KONG_LOG_LEVEL=error
+```
+
+[Back to TOC](#table-of-contents)
+
+## Custom Nginx configuration & embedding Kong
+
+Tweaking the Nginx configuration is an essential part of setting up your Kong
+instances since it allows you to optimize its performance for your
+infrastructure, or embed Kong in an already running OpenResty instance.
+
+### Custom Nginx configuration
+
+Kong can be started, reloaded and restarted with an `--nginx-conf` argument,
+which must specify an Nginx configuration template. Such a template uses the
+[Penlight][Penlight] [templating engine][pl.template], which is compiled using
+the given Kong configuration, before being dumped in your Kong prefix
+directory, moments before starting Nginx.
+
+The default template can be found at:
+https://github.com/Kong/kong/tree/master/kong/templates. It is split in two
+Nginx configuration files: `nginx.lua` and `nginx_kong.lua`. The former is
+minimalistic and includes the latter, which contains everything Kong requires
+to run. When `kong start` runs, right before starting Nginx, it copies these
+two files into the prefix directory, which looks like so:
+
+```
+/usr/local/kong
+├── nginx-kong.conf
+├── nginx.conf
+```
+
+If you wish to include other `server` blocks in your Nginx configuration, or if
+you must tweak global settings that are not exposed by the Kong configuration,
+here is a suggestion:
+
+```
+# ---------------------
+# custom_nginx.template
+# ---------------------
+
+worker_processes ${{ "{{NGINX_WORKER_PROCESSES" }}}}; # can be set by kong.conf
+daemon ${{ "{{NGINX_DAEMON" }}}};                     # can be set by kong.conf
+
+pid pids/nginx.pid;                      # this setting is mandatory
+error_log logs/error.log ${{ "{{LOG_LEVEL" }}}}; # can be set by kong.conf
+
+events {
+    use epoll; # custom setting
+    multi_accept on;
+}
+
+http {
+    # include default Kong Nginx config
+    include 'nginx-kong.conf';
+
+    # custom server
+    server {
+        listen 8888;
+        server_name custom_server;
+
+        location / {
+          ... # etc
+        }
+    }
+}
+```
+
+You can then start Kong with:
+
+```bash
+$ kong start -c kong.conf --nginx-conf custom_nginx.template
+```
+
+If you wish to customize the Kong Nginx sub-configuration file to, eventually,
+add other Lua handlers or customize the `lua_*` directives, you can inline the
+`nginx_kong.lua` configuration in this `custom_nginx.template` example file:
+
+```
+# ---------------------
+# custom_nginx.template
+# ---------------------
+
+worker_processes ${{ "{{NGINX_WORKER_PROCESSES" }}}}; # can be set by kong.conf
+daemon ${{ "{{NGINX_DAEMON" }}}};                     # can be set by kong.conf
+
+pid pids/nginx.pid;                      # this setting is mandatory
+error_log logs/error.log ${{ "{{LOG_LEVEL" }}}}; # can be set by kong.conf
+
+events {}
+
+http {
+  resolver ${{ "{{DNS_RESOLVER" }}}} ipv6=off;
+  charset UTF-8;
+  error_log logs/error.log ${{ "{{LOG_LEVEL" }}}};
+  access_log logs/access.log;
+
+  ... # etc
+}
+```
+
+[Back to TOC](#table-of-contents)
+
+### Embedding Kong in OpenResty
+
+If you are running your own OpenResty servers, you can also easily embed Kong
+by including the Kong Nginx sub-configuration using the `include` directive
+(similar to the examples of the previous section). If you have a valid
+top-level NGINX configuration that simply includes the Kong-specific
+configuration:
+
+```
+# my_nginx.conf
+
+http {
+    include 'nginx-kong.conf';
+}
+```
+
+you can start your instance like so:
+
+```bash
+$ nginx -p /usr/local/openresty -c my_nginx.conf
+```
+
+And Kong will be running in that instance (as configured in `nginx-kong.conf`).
+
+[Back to TOC](#table-of-contents)
+
+### Serving both a website and your APIs from Kong
+
+A common use case for API providers is to make Kong serve both a website
+and the APIs themselves over the Proxy port &mdash; `80` or `443` in
+production. For example, `https://my-api.com` (Website) and
+`https://my-api.com/api/v1` (API).
+
+To achieve this, we cannot simply declare a new virtual server block,
+like we did in the previous section. A good solution is to use a custom
+Nginx configuration template which inlines `nginx_kong.lua` and adds a new
+`location` block serving the website alongside the Kong Proxy `location`
+block:
+
+```
+# ---------------------
+# custom_nginx.template
+# ---------------------
+
+worker_processes ${{ "{{NGINX_WORKER_PROCESSES" }}}}; # can be set by kong.conf
+daemon ${{ "{{NGINX_DAEMON" }}}};                     # can be set by kong.conf
+
+pid pids/nginx.pid;                      # this setting is mandatory
+error_log logs/error.log ${{ "{{LOG_LEVEL" }}}}; # can be set by kong.conf
+events {}
+
+http {
+  # here, we inline the contents of nginx_kong.lua
+  charset UTF-8;
+
+  # any contents until Kong's Proxy server block
+  ...
+
+  # Kong's Proxy server block
+  server {
+    server_name kong;
+
+    # any contents until the location / block
+    ...
+
+    # here, we declare our custom location serving our website
+    # (or API portal) which we can optimize for serving static assets
+    location / {
+      root /var/www/my-api.com;
+      index index.htm index.html;
+      ...
+    }
+
+    # Kong's Proxy location / has been changed to /api/v1
+    location /api/v1 {
+      set $upstream_host nil;
+      set $upstream_scheme nil;
+      set $upstream_uri nil;
+
+      # Any remaining configuration for the Proxy location
+      ...
+    }
+  }
+
+  # Kong's Admin server block goes below
+}
+```
+
+[Back to TOC](#table-of-contents)
+
+## Properties reference
+
+### General section
+
+#### prefix
+
+Working directory. Equivalent to Nginx's prefix path, containing temporary files
+and logs. Each Kong process must have a separate working directory.
+
+Default: `/usr/local/kong`
+
+---
+
+#### log_level
+
+Log level of the Nginx server. Logs can be found at `<prefix>/logs/error.log`
+
+See http://nginx.org/en/docs/ngx_core_module.html#error_log for a list of
+accepted values.
+
+Default: `notice`
+
+---
+
+#### proxy_access_log
+
+Path for proxy port request access logs. Set this value to `off` to disable
+logging proxy requests. If this value is a relative path, it will be placed
+under the `prefix` location.
+
+Default: `logs/access.log`
+
+---
+
+#### proxy_error_log
+
+Path for proxy port request error logs. Granularity of these logs is adjusted
+by the `log_level` directive.
+
+Default: `logs/error.log`
+
+---
+
+#### admin_access_log
+
+Path for Admin API request access logs. Set this value to `off` to disable
+logging Admin API requests. If this value is a relative path, it will be placed
+under the `prefix` location.
+
+Default: `logs/admin_access.log`
+
+---
+
+#### admin_error_log
+
+Path for Admin API request error logs. Granularity of these logs is adjusted by
+the `log_level` directive.
+
+Default: `logs/error.log`
+
+---
+
+#### custom_plugins
+
+Comma-separated list of additional plugins this node should load. Use this
+property to load custom plugins that are not bundled with Kong. Plugins will
+be loaded from the `kong.plugins.{name}.*` namespace.
+
+Default: none
+
+Example: `my-plugin,hello-world,custom-rate-limiting`
+
+---
+
+#### anonymous_reports
+
+Send anonymous usage data such as error stack traces to help improve Kong.
+
+Default: `on`
+
+[Back to TOC](#table-of-contents)
+
+---
+
+### Nginx section
+
+#### proxy_listen
+
+Comma-separated list of addresses and ports on which the proxy server should
+listen. The proxy server is the public entrypoint of Kong, which proxies
+traffic from your consumers to your backend services. This value accepts IPv4,
+IPv6, and hostnames.
+
+Some suffixes can be specified for each pair:
+
+- `ssl` will require that all connections made through a particular
+  address/port be made with TLS enabled.
+- `http2` will allow for clients to open HTTP/2 connections to Kong's proxy
+  server.
+- Finally, `proxy_protocol` will enable usage of the PROXY protocol for a
+  given address/port.
+
+the proxy port for this node, enabling a 'control-plane' mode (without traffic
+proxying capabilities) which can configure a cluster of nodes connected to the
+same database.
+
+See http://nginx.org/en/docs/http/ngx_http_core_module.html#listen for
+a description of the accepted formats for this and other `*_listen` values.
+
+Default: `0.0.0.0:8000, 0.0.0.0:8443 ssl`
+
+Example: `0.0.0.0:80, 0.0.0.0:81 http2, 0.0.0.0:443 ssl, 0.0.0.0:444 http2 ssl`
+
+---
+
+#### admin_listen
+
+Comma-separated list of addresses and ports on which the Admin interface
+should listen. The Admin interface is the API allowing you to configure and
+manage Kong. Access to this interface should be *restricted* to Kong
+administrators *only*. This value accepts IPv4, IPv6, and hostnames. Some
+suffixes can be specified for each pair:
+
+- `ssl` will require that all connections made through a particular
+  address/port be made with TLS enabled.
+- `http2` will allow for clients to open HTTP/2 connections to Kong's
+  proxy server.
+- Finally, `proxy_protocol` will enable usage of the PROXY protocol for a
+  given address/port.
+
+This value can be set to `off`, thus disabling the Admin interface for this
+node, enabling a 'data-plane' mode (without configuration capabilities)
+pulling its configuration changes from the database.
+
+Default: `127.0.0.1:8001, 127.0.0.1:8444 ssl`
+
+Example: `127.0.0.1:8444 http2 ssl`
+
+---
+
+#### nginx_user
+
+Defines user and group credentials used by worker processes. If group is omitted, a
+group whose name equals that of user is used.
+
+Default: `nobody nobody`
+
+Example: `nginx www`
+
+---
+
+#### nginx_worker_processes
+
+Determines the number of worker processes spawned by Nginx.
+See http://nginx.org/en/docs/ngx_core_module.html#worker_processes for detailed
+usage of this directive and a description of accepted values.
+
+Default: `auto`
+
+---
+
+#### nginx_daemon
+
+Determines whether Nginx will run as a daemon or as a foreground process.
+Mainly useful for development or when running Kong inside a Docker environment.
+
+See http://nginx.org/en/docs/ngx_core_module.html#daemon.
+
+Default: `on`
+
+---
+
+#### mem_cache_size
+
+Size of the in-memory cache for database entities. The accepted units are `k` and
+`m`, with a minimum recommended value of a few MBs.
+
+Default: `128m`
+
+---
+
+#### ssl_cipher_suite
+
+Defines the TLS ciphers served by Nginx. Accepted values are `modern`,
+`intermediate`, `old`, or `custom`.
+See https://wiki.mozilla.org/Security/Server_Side_TLS for detailed
+descriptions of each cipher suite.
+
+Default: `modern`
+
+---
+
+#### ssl_ciphers
+
+Defines a custom list of TLS ciphers to be served by Nginx. This list must
+conform to the pattern defined by `openssl ciphers`. This value is ignored if
+`ssl_cipher_suite` is not `custom`.
+
+Default: none
+
+---
+
+#### ssl_cert
+
+The absolute path to the SSL certificate for `proxy_listen` values with SSL enabled.
+
+Default: none
+
+---
+
+#### ssl_cert_key
+
+The absolute path to the SSL key for `proxy_listen` values with SSL enabled.
+
+Default: none
+
+---
+
+#### client_ssl
+
+Determines if Nginx should send client-side SSL certificates when proxying
+requests.
+
+Default: `off`
+
+---
+
+#### client_ssl_cert
+
+If `client_ssl` is enabled, the absolute path to the client SSL certificate for
+the `proxy_ssl_certificate` directive. Note that this value is statically
+defined on the node, and currently cannot be configured on a per-API basis.
+
+Default: none
+
+---
+
+#### client_ssl_cert_key
+
+If `client_ssl` is enabled, the absolute path to the client SSL key for the
+`proxy_ssl_certificate_key` address. Note this value is statically defined on
+the node, and currently cannot be configured on a per-API basis.
+
+Default: none
+
+---
+
+#### admin_ssl_cert
+
+The absolute path to the SSL certificate for `admin_listen` values with SSL enabled.
+
+Default: none
+
+---
+
+#### admin_ssl_cert_key
+
+The absolute path to the SSL key for `admin_listen` values with SSL enabled.
+
+Default: none
+
+---
+
+#### upstream_keepalive
+
+Sets the maximum number of idle keepalive connections to upstream servers that
+are preserved in the cache of each worker process. When this number is
+exceeded, the least recently used connections are closed.
+
+Default: `60`
+
+---
+
+#### server_tokens
+
+Enables or disables emitting Kong version on error pages and in the `Server`
+or `Via` (in case the request was proxied) response header field.
+
+Default: `on`
+
+---
+
+#### latency_tokens
+
+Enables or disables emitting Kong latency information in the `X-Kong-Proxy-Latency`
+and `X-Kong-Upstream-Latency` response header fields.
+
+Default: `on`
+
+---
+
+#### trusted_ips
+
+Defines trusted IP address blocks that are known to send correct
+`X-Forwarded-*` headers. Requests from trusted IPs make Kong forward their
+`X-Forwarded-*` headers upstream. Non-trusted requests make Kong insert its own
+`X-Forwarded-*` headers.
+
+This property also sets the `set_real_ip_from` directive(s) in the Nginx
+configuration. It accepts the same type of values (CIDR blocks) but as a
+comma-separated list.
+
+To trust *all* /!\ IPs, set this value to `0.0.0.0/0,::/0`.
+
+If the special value `unix:` is specified, all UNIX-domain sockets will be
+trusted.
+
+See [the Nginx docs](http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from)
+for more details on the `set_real_ip_from` directive.
+
+Default: none
+
+---
+
+#### real_ip_header
+
+Defines the request header field whose value will be used to replace the client
+address. This value sets the [ngx_http_realip_module][ngx_http_realip_module]
+directive of the same name in the Nginx configuration.
+
+If this value receives `proxy_protocol`, the `proxy_protocol` parameter will be
+appended to the `listen` directive of the Nginx template.
+
+See [the Nginx docs](http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_header)
+for a description of this directive.
+
+Default: `X-Real-IP`
+
+---
+
+#### real_ip_recursive
+
+This value sets the [ngx_http_realip_module][ngx_http_realip_module] directive
+of the same name in the Nginx configuration.
+
+See [the Nginx docs](http://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive)
+for a description of this directive.
+
+Default: `off`
+
+---
+
+#### client_max_body_size
+
+Defines the maximum request body size allowed by requests proxied by Kong, specified in the
+Content-Length request header. If a request exceeds this limit, Kong will respond with a
+413 (Request Entity Too Large). Setting this value to 0 disables checking the request body
+size.
+
+Note: See [the Nginx docs](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size)
+for further description of this parameter. Numeric values may be suffixed with
+`k` or `m` to denote limits in terms of kilobytes or megabytes.
+
+Default: `0`
+
+---
+
+#### client_body_buffer_size
+
+Defines the buffer size for reading the request body. If the client request body is
+larger than this value, the body will be buffered to disk. Note that when the body is
+buffered to disk Kong plugins that access or manipulate the request body may not work, so
+it is advisable to set this value as high as possible (e.g., set it as high as
+`client_max_body_size` to force request bodies to be kept in memory). Do note that
+high-concurrency environments will require significant memory allocations to process
+many concurrent large request bodies.
+
+Note: See [the Nginx docs](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size)
+for further description of this parameter. Numeric values may be suffixed with
+`k` or `m` to denote limits in terms of kilobytes or megabytes.
+
+Default: `8k`
+
+---
+
+#### error_default_type
+
+Default MIME type to use when the request `Accept` header is missing and Nginx is
+returning an error for the request. Accepted values are `text/plain`,
+`text/html`, `application/json`, and `application/xml`.
+
+Default: `text/plain`
+
+[Back to TOC](#table-of-contents)
+
+---
+
+### Datastore section
+
+Kong will store all of its data (such as APIs, Consumers and Plugins) in
+either Cassandra or PostgreSQL.
+
+All Kong nodes belonging to the same cluster must connect themselves to the
+same database.
+
+<div class="alert alert-warning">
+  <p><strong>Starting with Kong 0.12.0:</strong></p>
+  <ul>
+    <li>PostgreSQL 9.4 support should be considered deprecated. Users are encouraged to upgrade to 9.5+</li>
+    <li>Cassandra 2.1 support should be considered deprecated. Users are encouraged to upgrade to 2.2+</li>
+  </ul>
+</div>
+
+---
+
+#### database
+
+Determines which of PostgreSQL or Cassandra this node will use as its
+datastore. Accepted values are `postgres` and `cassandra`.
+
+Default: `postgres`
+
+---
+
+#### Postgres settings
+
+name                  |  description
+----------------------|-------------------
+**pg_host**           | Host of the Postgres server
+**pg_port**           | Port of the Postgres server
+**pg_user**           | Postgres user
+**pg_password**       | Postgres user's password
+**pg_database**       | Database to connect to. **must exist**
+**pg_ssl**            | Enable SSL connections to the server
+**pg_ssl_verify**     | If `pg_ssl` is enabled, toggle server certificate verification. See `lua_ssl_trusted_certificate` setting.
+
+---
+
+#### Cassandra settings
+
+name                            | description
+--------------------------------|------------------
+**cassandra_contact_points**    | Comma-separated list of contacts points to your Cassandra cluster.
+**cassandra_port**              | Port on which your nodes are listening.
+**cassandra_keyspace**          | Keyspace to use in your cluster. Will be created if doesn't exist.
+**cassandra_consistency**       | Consistency setting to use when reading/writing.
+**cassandra_timeout**           | Timeout (in ms) for reading/writing.
+**cassandra_ssl**               | Enable SSL connections to the nodes.
+**cassandra_ssl_verify**        | If `cassandra_ssl` is enabled, toggle server certificate verification. See `lua_ssl_trusted_certificate` setting.
+**cassandra_username**          | Username when using the PasswordAuthenticator scheme.
+**cassandra_password**          | Password when using the PasswordAuthenticator scheme.
+**cassandra_consistency**       | Consistency setting to use when reading/writing to the Cassandra cluster.
+**cassandra_lb_policy**         | Load balancing policy to use when distributing queries across your Cassandra cluster. Accepted values are `RoundRobin` and `DCAwareRoundRobin`. Prefer the later if and only if you are using a multi-datacenter cluster, and set the `cassandra_local_datacenter` if so.
+**cassandra_local_datacenter**  | When using the `DCAwareRoundRobin` policy, you must specify the name of the cluster local (closest) to this Kong node.
+**cassandra_repl_strategy**     | If creating the keyspace for the first time, specify a replication strategy.
+**cassandra_repl_factor**       | Specify a replication factor for the `SimpleStrategy`.
+**cassandra_data_centers**      | Specify data centers for the `NetworkTopologyStrategy`.
+**cassandra_schema_consensus_timeout** | Define the timeout (in ms) for the waiting period to each a schema consensus between your Cassandra nodes. This value is only used during migrations.
+
+[Back to TOC](#table-of-contents)
+
+---
+
+### Datastore cache section
+
+In order to avoid unnecessary communication with the datastore, Kong caches
+entities (such as APIs, Consumers, Credentials, etc...) for a configurable
+period of time. It also handles invalidations if such an entity is updated.
+
+This section allows for configuring the behavior of Kong regarding the
+caching of such configuration entities.
+
+---
+
+#### db_update_frequency
+
+Frequency (in seconds) at which to check for
+updated entities with the datastore.
+When a node creates, updates, or deletes an
+entity via the Admin API, other nodes need
+to wait for the next poll (configured by
+this value) to eventually purge the old
+cached entity and start using the new one.
+
+Default: 5 seconds
+
+---
+
+#### db_update_propagation
+
+Time (in seconds) taken for an entity in the
+datastore to be propagated to replica nodes
+of another datacenter.
+When in a distributed environment such as
+a multi-datacenter Cassandra cluster, this
+value should be the maximum number of
+seconds taken by Cassandra to propagate a
+row to other datacenters.
+When set, this property will increase the
+time taken by Kong to propagate the change
+of an entity.
+Single-datacenter setups or PostgreSQL
+servers should suffer no such delays, and
+this value can be safely set to 0.
+
+Default: 0 seconds
+
+---
+
+#### db_cache_ttl
+
+Time-to-live (in seconds) of an entity from
+the datastore when cached by this node.
+Database misses (no entity) are also cached
+according to this setting.
+If set to 0, such cached entities/misses
+never expire.
+
+Default: 3600 seconds (1 hour)
+
+[Back to TOC](#table-of-contents)
+
+---
+
+### DNS resolver section
+
+Kong will resolve hostnames as either `SRV` or `A` records (in that order, and
+`CNAME` records will be dereferenced in the process).
+In case a name was resolved as an `SRV` record it will also override any given
+port number by the `port` field contents received from the DNS server.
+
+The DNS options `SEARCH` and `NDOTS` (from the `/etc/resolv.conf` file) will
+be used to expand short names to fully qualified ones. So it will first try the
+entire `SEARCH` list for the `SRV` type, if that fails it will try the `SEARCH`
+list for `A`, etc.
+
+For the duration of the `ttl`, the internal DNS resolver will loadbalance each
+request it gets over the entries in the DNS record. For `SRV` records the
+`weight` fields will be honored, but it will only use the lowest `priority`
+field entries in the record.
+
+---
+
+#### dns_resolver
+
+Comma separated list of nameservers, each
+entry in `ip[:port]` format to be used by
+Kong. If not specified the nameservers in
+the local `resolv.conf` file will be used.
+Port defaults to 53 if omitted. Accepts
+both IPv4 and IPv6 addresses.
+
+Default: none
+
+---
+
+#### dns_hostsfile
+
+The hosts file to use. This file is read once and its content is static
+in memory. To read the file again after modifying it, Kong must be reloaded.
+
+Default: `/etc/hosts`
+
+---
+
+#### dns_order
+
+The order in which to resolve different
+record types. The `LAST` type means the
+type of the last successful lookup (for the
+specified name). The format is a (case
+insensitive) comma separated list.
+
+Default: `LAST,SRV,A,CNAME`
+
+---
+
+#### dns_stale_ttl
+
+Defines, in seconds, how long a record will
+remain in cache past its TTL. This value
+will be used while the new DNS record is
+fetched in the background.
+Stale data will be used from expiry of a
+record until either the refresh query
+completes, or the `dns_stale_ttl` number of
+seconds have passed.
+
+Default: `4`
+
+---
+
+#### dns_not_found_ttl
+
+TTL in seconds for empty DNS responses and
+"(3) name error" responses.
+
+Default: `30`
+
+---
+
+#### dns_error_ttl
+
+TTL in seconds for error responses.
+
+Default: `1`
+
+---
+
+#### dns_no_sync
+
+If enabled, then upon a cache-miss every
+request will trigger its own dns query.
+When disabled multiple requests for the
+same name/type will be synchronised to a
+single query.
+
+Default: off
+
+[Back to TOC](#table-of-contents)
+
+---
+
+### Development & miscellaneous section
+
+Additional settings inherited from lua-nginx-module allowing for more
+flexibility and advanced usage.
+
+See the lua-nginx-module documentation for more information:
+https://github.com/openresty/lua-nginx-module
+
+---
+
+#### lua_ssl_trusted_certificate
+
+Absolute path to the certificate authority file for Lua cosockets in PEM
+format. This certificate will be the one used for verifying Kong's database
+connections, when `pg_ssl_verify` or `cassandra_ssl_verify` are enabled.
+
+See https://github.com/openresty/lua-nginx-module#lua_ssl_trusted_certificate
+
+Default: none
+
+---
+
+#### lua_ssl_verify_depth
+
+Sets the verification depth in the server certificates chain used by Lua
+cosockets, set by `lua_ssl_trusted_certificate`.
+
+This includes the certificates configured for Kong's database connections.
+
+See https://github.com/openresty/lua-nginx-module#lua_ssl_verify_depth
+
+Default: `1`
+
+---
+
+#### lua_package_path
+
+Sets the Lua module search path (LUA_PATH). Useful when developing or using
+custom plugins not stored in the default search path.
+
+See https://github.com/openresty/lua-nginx-module#lua_package_path
+
+Default: none
+
+---
+
+#### lua_package_cpath
+
+Sets the Lua C module search path (LUA_CPATH).
+
+See https://github.com/openresty/lua-nginx-module#lua_package_cpath
+
+Default: none
+
+---
+
+#### lua_socket_pool_size
+
+Specifies the size limit for every cosocket connection pool associated with
+every remote server.
+
+See https://github.com/openresty/lua-nginx-module#lua_socket_pool_size
+
+Default: `30`
+
+[Back to TOC](#table-of-contents)
+
+[ngx_http_realip_module]: http://nginx.org/en/docs/http/ngx_http_realip_module.html
+
+[Penlight]: http://stevedonovan.github.io/Penlight/api/index.html
+[pl.template]: http://stevedonovan.github.io/Penlight/api/libraries/pl.template.html
diff --git a/app/enterprise/0.34-x/deployment-guide.md b/app/enterprise/0.34-x/deployment-guide.md
index 569c0ffa47e6..48dec6afe328 100644
--- a/app/enterprise/0.34-x/deployment-guide.md
+++ b/app/enterprise/0.34-x/deployment-guide.md
@@ -1,98 +1,100 @@
 ---
 title: Kong Deployment Guide
-redirect_from: "/enterprise/0.34-x/kong-implementation-checklist/"
+redirect_from:
+  - /enterprise/0.34-x/kong-implementation-checklist/
+  - /enterprise/0.34-x/deployment-guide/enterprise/0.34-x/developer-portal/configuration/networking/
 ---
 
 ## Introduction
 
 - Kong can run on instances of any size with any resources. While the system
-requirements vary significantly depending on the use-case, generally speaking,
-we recommend to start big and then gradually reduce the instances to the
-appropriate number and size.
+  requirements vary significantly depending on the use-case, generally speaking,
+  we recommend to start big and then gradually reduce the instances to the
+  appropriate number and size.
 - When allocating resources to a Kong cluster, slightly over-provision the
-cluster to make room for request spikes. Kong requires a database to run and
-you can choose either Cassandra or PostgreSQL.
+  cluster to make room for request spikes. Kong requires a database to run and
+  you can choose either Cassandra or PostgreSQL.
 
 ## PostgreSQL
 
 - Generally speaking, PostgreSQL works well for most of the use-cases, and it’s
-usually easier to setup. We recommend setting up a master-slave replication with
-servers located in different racks, data centers or availability zones to
-account for infrastructure failures.
+  usually easier to setup. We recommend setting up a master-slave replication with
+  servers located in different racks, data centers or availability zones to
+  account for infrastructure failures.
 - In Multi-DC environments, PostgreSQL may not be the right fit, since a Kong
-node located in a different datacenter will have to send write requests all the
-way to the PostgreSQL data-center, adding increased latency to the system.
+  node located in a different datacenter will have to send write requests all the
+  way to the PostgreSQL data-center, adding increased latency to the system.
 
 ## Cassandra
 
 - We recommend using Cassandra in Multi-DC environments because it supports
-native replication and availability capabilities of the system. When starting a
-Cassandra cluster for Kong, we recommend starting at least 3 nodes in every
-datacenter with a replication setting of 2.
+  native replication and availability capabilities of the system. When starting a
+  Cassandra cluster for Kong, we recommend starting at least 3 nodes in every
+  datacenter with a replication setting of 2.
 - Cassandra is an **eventually consistent datastore**, which means that over
-time the data will be the same across the cluster, so please account for
-inconsistencies in the system.
+  time the data will be the same across the cluster, so please account for
+  inconsistencies in the system.
 
 ## Kong Cluster
 
 - Regardless of the datastore being adopted with Kong, the Kong nodes themselves
 need to join in a cluster. The Kong nodes will talk to each other via their
 connections to the database—PostgreSQL or Cassandra. Please refer to the
-[clustering reference](/0.13.x/clustering/) for more details.
+[clustering reference](/enterprise/{{page.kong_version}}/clustering/) for more details.
 
 ## Production System Requirements
 
 - For Kong, prefer CPU optimized instances. We recommend at least 4 CPU cores,
-16GB of RAM and 24GB of disk space. Kong performs better on a system with
-multiple cores. In an AWS environment, we recommend running c4.2xlarge instances
-in production that guarantee enough cores (8) and memory (16GB).
+  16GB of RAM and 24GB of disk space. Kong performs better on a system with
+  multiple cores. In an AWS environment, we recommend running c4.2xlarge instances
+  in production that guarantee enough cores (8) and memory (16GB).
 - For Cassandra and PostgreSQL, prefer memory optimized instances. Assume more
-intensive workload on the datastore if you are using the rate-limiting or
-response rate-limiting plugins with a “cluster” policy. Use this only if Redis
-is not an option. High ulimit value, possibly >=65535. A higher limit value
-will allow Kong and the datastores to process more incoming requests.
+  intensive workload on the datastore if you are using the rate-limiting or
+  response rate-limiting plugins with a “cluster” policy. Use this only if Redis
+  is not an option. High ulimit value, possibly >=65535. A higher limit value
+  will allow Kong and the datastores to process more incoming requests.
 
 ## High Availability
 
 - Instances with multiple cores are required. Kong, by leveraging the underlying
-Nginx runtime, will start a worker process for each core. On systems with
-multiple cores a worker crash will not badly affect the system since the other
-workers can process the ongoing HTTP requests until the crashed worker is being
-automatically replaced with a new one.
+  Nginx runtime, will start a worker process for each core. On systems with
+  multiple cores a worker crash will not badly affect the system since the other
+  workers can process the ongoing HTTP requests until the crashed worker is being
+  automatically replaced with a new one.
 - At least 2 nodes/instances of Kong, behind a load balancer (Nginx, HAProxy,
-AWS ELB or similar). This prevents downtime if a Kong node crashes, since the
-other nodes can process the incoming HTTP requests. The number of instances
-behind the load balancer should increase with the number of incoming requests,
-to avoid the scenario when after a node crashes the sudden increase of load to
-the remaining nodes will effectively DDoS them and make the other nodes crash
-too.
+  AWS ELB or similar). This prevents downtime if a Kong node crashes, since the
+  other nodes can process the incoming HTTP requests. The number of instances
+  behind the load balancer should increase with the number of incoming requests,
+  to avoid the scenario when after a node crashes the sudden increase of load to
+  the remaining nodes will effectively DDoS them and make the other nodes crash
+  too.
 
 ## Scaling Kong
 
 - Kong is stateless and more nodes can be added behind the load balancer to
-scale the system. Incoming HTTP/s requests can be processed by any server, and
-that also includes the Kong’s Admin API.
+  scale the system. Incoming HTTP/s requests can be processed by any server, and
+  that also includes the Kong’s Admin API.
 - Every new Kong node should target the same datastore, and join the existing
 Kong nodes in a cluster. Failure to join the Kong nodes in a Kong cluster will
 result in data inconsistencies and errors when processing requests. Kong
 automates joining a node in the cluster as long as the right configuration
 settings have been provided. For more information, we recommend reading the
-[clustering reference](/0.13.x/clustering/).
+[clustering reference](/enterprise/{{page.kong_version}}/clustering/).
 
 ## Kong Performance
 
 The performance of Kong varies depending on multiple factors, including:
 
 - Network latency from the client to Kong, and from Kong to the final upstream
-servers, greatly affects the performance. The faster the network, the better
-Kong will perform in pretty much every aspect, including system resources.
+  servers, greatly affects the performance. The faster the network, the better
+  Kong will perform in pretty much every aspect, including system resources.
 - Number of incoming HTTP requests and the size of requests and responses that
-have to be processed.
+  have to be processed.
 - Response time from the upstream server. The fastest the upstream servers can
-process a request, the faster Kong can process the response back to the client
-and free up resources to handle more incoming requests.
+  process a request, the faster Kong can process the response back to the client
+  and free up resources to handle more incoming requests.
 - The number of plugins that are being executed. The more plugins, the more
-processing time Kong will require when proxying requests.
+  processing time Kong will require when proxying requests.
 
 ## Cassandra
 
@@ -115,27 +117,27 @@ firewall settings for Kong.
 
 These are the port settings in order for Kong to work:
 
-- Allow HTTP traffic to [`proxy_listen`](/0.13.x/configuration/#proxy_listen). By default, `8000`.
-- Allow HTTPS traffic to [`proxy_listen`](/0.13.x/configuration/#proxy_listen). By default, `8443`.
-- Allow HTTP traffic to [`admin_listen`](/0.13.x/configuration/#admin_listen). By default, `8001`.
-- Allow HTTPS traffic to [`admin_listen`](/0.13.x/configuration/#admin_listen). By default, `8444`.
+- Allow HTTP traffic to [`proxy_listen`](/enterprise/{{page.kong_version}}/property-reference/#proxy_listen). By default, `8000`.
+- Allow HTTPS traffic to [`proxy_listen`](/enterprise/{{page.kong_version}}/property-reference/#proxy_listen). By default, `8443`.
+- Allow HTTP traffic to [`admin_listen`](/enterprise/{{page.kong_version}}/property-reference/#admin_listen). By default, `8001`.
+- Allow HTTPS traffic to [`admin_listen`](/enterprise/{{page.kong_version}}/property-reference/#admin_listen). By default, `8444`.
 
 For Kong Manager:
 
-- Allow HTTP traffic to [`admin_gui_listen`](/enterprise/{{page.kong_version}}/property-reference/#admin_gui_listen). 
-By default, `8002`.
-- Allow HTTPS traffic to [`admin_gui_listen`](/enterprise/{{page.kong_version}}/property-reference/#admin_gui_listen). 
-By default, `8445`.
+- Allow HTTP traffic to [`admin_gui_listen`](/enterprise/{{page.kong_version}}/property-reference/#admin_gui_listen).
+  By default, `8002`.
+- Allow HTTPS traffic to [`admin_gui_listen`](/enterprise/{{page.kong_version}}/property-reference/#admin_gui_listen).
+  By default, `8445`.
 
 For the Dev Portal:
 
-- Allow HTTP traffic to [`portal_gui_listen`](/enterprise/{{page.kong_version}}/property-reference/#portal_gui_listen). 
-By default, `8003`.
-- Allow HTTPS traffic to [`portal_gui_listen`](/enterprise/{{page.kong_version}}/property-reference/#portal_gui_listen). 
-By default, `8446`.
+- Allow HTTP traffic to [`portal_gui_listen`](/enterprise/{{page.kong_version}}/property-reference/#portal_gui_listen).
+  By default, `8003`.
+- Allow HTTPS traffic to [`portal_gui_listen`](/enterprise/{{page.kong_version}}/property-reference/#portal_gui_listen).
+  By default, `8446`.
 
 **Note**: since Kong CE 0.13.0—and EE 0.32—listen directives have a new
-format, described [here](/0.13.x/configuration/#proxy_listen), where instead of
+format, described [here](/enterprise/{{page.kong_version}}/property-reference/#proxy_listen), where instead of
 specifying SSL and non-SSL ports in different configuration directives—e.g.,
 `admin_listen` and `admin_listen_ssl`—only one is required: for example, the
 listen directive for the Admin API for SSL and non-SSL ports now looks like:
@@ -151,20 +153,20 @@ Other listen directives comply to the new format.
 Below are the recommended firewall settings:
 
 - The upstream APIs behind Kong will be available on [proxy_listen][proxy].
-Configure listeners accordingly to the access level you wish to grant to the
-upstream APIs.
+  Configure listeners accordingly to the access level you wish to grant to the
+  upstream APIs.
 - Protect [admin_listen][admin], and only allow trusted sources that can access
-the Admin API.
+  the Admin API.
 
 ### Network
 
 - Kong assumes a flat network topology in Multi-DC setups. If you have a
-Multi-DC setup, Kong nodes between the datacenters should communicate over a
-VPN connection.
+  Multi-DC setup, Kong nodes between the datacenters should communicate over a
+  VPN connection.
 - Kong will try to auto-detect the node’s first, non-loopback, IPv4 address and
-advertise this address to other Kong nodes. Sometimes this is not enough and the
-IP address needs to be manually set, you can do that by changing the advertise
-property in the cluster configuration.
+  advertise this address to other Kong nodes. Sometimes this is not enough and the
+  IP address needs to be manually set, you can do that by changing the advertise
+  property in the cluster configuration.
 
 ## Upgrades and Deployments
 
@@ -177,7 +179,7 @@ upgrading between major versions (0.a.x, 0.b.x) or minor versions (0.x.a, 0.x.b)
 
 - Major versions in a pre-1.0 release are, for example, v0.7.x, v0.8.x, v0.9.x, etc.
 - Minor versions in a pre-1.0 phase are v0.7.1, v0.7.2 considering a 0.7.x
-baseline version, or v0.8.1, v0.8.2 in a 0.8.x baseline version.
+  baseline version, or v0.8.1, v0.8.2 in a 0.8.x baseline version.
 
 Starting from version Kong >= 0.9.0 we adopt the following upgrade strategy:
 
@@ -187,8 +189,9 @@ Upgrading to a minor version of the same baseline can be done easily—for
 example, from v0.9.1 to v0.9.2—by installing the newer version on the fly in
 the same node (and executing `kong restart` or `kong reload` to load
 the new version), or by a classic blue/green deployment strategy:
+
 1. Start a new cluster with the new version, and with the same number of nodes,
-pointing to the same datastore.
+   pointing to the same datastore.
 2. Instructing the load balancer to point new traffic to the new cluster.
 3. Terminating the old cluster.
 
@@ -211,17 +214,17 @@ it caches the used datastore entities in memory. To upgrade between major
 versions:
 
 1. Disconnect the datastore from the current Kong cluster by setting up the
-appropriate firewall setting or updating the appropriate security group.
+   appropriate firewall setting or updating the appropriate security group.
 2. Kong will now rely on its internal cache to serve existing requests.
 3. Create a node in a new Kong cluster and run `kong migrations up` to process
-migrations. Once the node has completed the migration, start it with `kong start`.
-Confirm that it can process requests and configuration changes (creating and
-deleting a test API will suffice to confirm Kong can communicate with the
-datastore).
+   migrations. Once the node has completed the migration, start it with `kong start`.
+   Confirm that it can process requests and configuration changes (creating and
+   deleting a test API will suffice to confirm Kong can communicate with the
+   datastore).
 4. Start additional nodes in the new cluster until its node count matches the
-old cluster size.
+   old cluster size.
 5. Once the new cluster is running and able to process requests, configure your
-load balancer to direct new traffic to the new cluster.
+   load balancer to direct new traffic to the new cluster.
 6. Terminate the old cluster.
 
 Upgrades between major versions need to be planned in advance as they involve
@@ -234,7 +237,7 @@ the Admin API won’t be available on the old cluster for the entire process.
 
 * Key Authentication is being deprecated in favor of Basic Authentication. *Before migrating to 0.34, anyone using Key Authentication in 0.33-x should create Basic Authentication credentials for all of their Admins.*
 * Vitals will now be enabled by default. Any Admin who logs in to Kong Manager will have the ability to see charts and metrics for Workspaces they have access to.
-* The Dev Portal and Kong Manager no longer allow use of proxy ports in 0.34. Note that any previous proxies will need to be updated according to [Dev Portal Networking](enterprise/{{page.kong_version}}/developer-portal/configuration/networking/) and [Kong Manager Networking](enterprise/{{page.kong_version}}/kong-manager/configuration/networking/).
+* The Dev Portal and Kong Manager no longer allow use of proxy ports in 0.34. Note that any previous proxies will need to be updated according to [Dev Portal Networking](/enterprise/{{page.kong_version}}/developer-portal/configuration/networking/) and [Kong Manager Networking](/enterprise/{{page.kong_version}}/kong-manager/configuration/networking/).
 * The Dev Portal now supports Workspaces. Existing Dev Portal configurations, files, URLs, and developers will be moved to the 'Default' Workspace. See [Working with Workspaces](/enterprise/{{page.kong_version}}/developer-portal/configuration/workspaces)
 * For a complete list of new features in 0.34, refer to the [Changelog](/enterprise/changelog).
 
@@ -245,15 +248,16 @@ the Admin API won’t be available on the old cluster for the entire process.
 3. Download Kong Enterprise 0.34
 4. Ensure the following properties are configured:
 
-      [`enforce_rbac`](/enterprise/0.34-x/property-reference#enforce_rbac) is `on`
+   [`enforce_rbac`](/enterprise/0.34-x/property-reference#enforce_rbac) is `on`
+
+   [`admin_gui_auth`](/enterprise/0.34-x/property-reference/#admin_gui_auth) is set to `basic-auth` or `ldap-auth`
 
-      [`admin_gui_auth`](/enterprise/0.34-x/property-reference/#admin_gui_auth) is set to `basic-auth` or `ldap-auth`
+   [`portal_gui_protocol`](/enterprise/0.34-x/property-reference/#portal_gui_protocol) is set to `http` or `https`
 
-      [`portal_gui_protocol`](/enterprise/0.34-x/property-reference/#portal_gui_protocol) is set to `http` or `https`
+   [`portal_gui_host`](/enterprise/0.34-x/property-reference/#portal_gui_host) is set to `localhost:8003` or the custom host name configured for Dev Portal
 
-      [`portal_gui_host`](/enterprise/0.34-x/property-reference/#portal_gui_host) is set to `localhost:8003` or the custom host name configured for Dev Portal
-5. Create a node in a new Kong cluster and run kong migrations up to process migrations. 
-6. Once the node has completed the migration, start it with kong start. 
+5. Create a node in a new Kong cluster and run kong migrations up to process migrations.
+6. Once the node has completed the migration, start it with kong start.
 7. Confirm that it can process requests and configuration changes (creating and deleting a test Service will suffice to confirm Kong can communicate with the datastore).
 8. Start additional nodes in the new cluster until its node count matches the old cluster size.
 9. Once the new cluster is running and able to process requests, configure your load balancer to direct new traffic to the new cluster.
@@ -264,6 +268,6 @@ the Admin API won’t be available on the old cluster for the entire process.
 ---
 
 [cassandra-network-topology]: https://docs.datastax.com/en/cassandra/3.0/cassandra/architecture/archDataDistributeReplication.html
-[proxy]: /0.13.x/configuration/#proxy_listen
-[admin]: /0.13.x/configuration/#admin_listen
+[proxy]: /enterprise/{{page.kong_version}}/property-reference/#proxy_listen
+[admin]: /enterprise/{{page.kong_version}}/property-reference/#admin_listen
 [upgrade]: https://github.com/Kong/kong/blob/master/UPGRADE.md
diff --git a/app/enterprise/0.34-x/developer-portal/configuration/getting-started.md b/app/enterprise/0.34-x/developer-portal/configuration/getting-started.md
index 6f1099718ca0..253b4a440ad7 100644
--- a/app/enterprise/0.34-x/developer-portal/configuration/getting-started.md
+++ b/app/enterprise/0.34-x/developer-portal/configuration/getting-started.md
@@ -1,13 +1,15 @@
 ---
 title: Getting Started with the Kong Dev Portal
+redirect_from:
+  - /enterprise/0.34-x/developer-portal/configuration/property-reference
 book: portal
 chapter: 3
 toc: false
 ---
 
-## Enable the Kong Dev Portal 
+## Enable the Kong Dev Portal
 
-To enable the Dev Portal, the following properties must be set in the Kong 
+To enable the Dev Portal, the following properties must be set in the Kong
 configuration file (`kong.conf`):
 
 ```
@@ -24,25 +26,23 @@ Kong must be **restarted** for these values to take effect.
 - The **Dev Portal Files endpoint** can be accessed at `:8001/files`
 - The **Public Dev Portal Files API** can be accessed at `:8004/files`
 
-
-*Optional*
+_Optional_
 
 ```
 smtp_mock = on
 portal_gui_use_subdomains = on
 ```
+
 When `smtp_mock` is enabled, Kong will not attempt to send actual emails. This
 is useful for testing purposes.
 
-When `portal_gui_use_subdomains` is enabled Dev Portal workspace urls will be 
+When `portal_gui_use_subdomains` is enabled Dev Portal workspace urls will be
 included as subdomains e.g `http://default.localhost:8003`
 
-For more information on the Dev Portal properties available, checkout out the 
+For more information on the Dev Portal properties available, checkout out the
 [Kong Enterprise Configuration Property Reference](/enterprise/{{page.kong_version}}/property-reference)
 
-> Note: Not all deployments of Kong utilize a configuration file, if this describes you (or you are unsure) please reference the [Kong configuration docs](/0.13.x/configuration/) in order to implement this step.
-
-
+> Note: Not all deployments of Kong utilize a configuration file, if this describes you (or you are unsure) please reference the [Kong configuration docs](/enterprise/{{page.kong_version}}/property-reference/) in order to implement this step.
 
 <div>
  <h2>Next Steps</h2>
@@ -62,7 +62,7 @@ For more information on the Dev Portal properties available, checkout out the
   </div>
 
   <div class="docs-grid-block">
-    <h3><img src="/assets/images/icons/documentation/icn-window.svg" /><a href="/enterprise/{{page.kong_version}}/configuration/developer-portal/smtp">SMTP Configuration</a></h3>
+    <h3><img src="/assets/images/icons/documentation/icn-window.svg" /><a href="/enterprise/{{page.kong_version}}/property-reference/developer-portal/smtp">SMTP Configuration</a></h3>
     <p>Learn how to configure the Dev Portal SMTP server.</p>
     <a href="/enterprise/{{page.kong_version}}/developer-portal/configuration/smtp">Learn more &rarr;</a>
   </div>
diff --git a/app/enterprise/0.34-x/developer-portal/configuration/smtp.md b/app/enterprise/0.34-x/developer-portal/configuration/smtp.md
index 706d76ecf895..f8a0c78aa087 100644
--- a/app/enterprise/0.34-x/developer-portal/configuration/smtp.md
+++ b/app/enterprise/0.34-x/developer-portal/configuration/smtp.md
@@ -1,5 +1,8 @@
 ---
 title: Dev Portal SMTP Configuration
+redirect_from:
+  - /enterprise/0.34-x/configuration/developer-portal/smtp
+  - /enterprise/0.34-x/developer-portal/smtp
 toc: false
 ---
 
@@ -16,7 +19,6 @@ curl http://localhost:8001/workspaces/<WORKSPACE_NAME> \
 
 If they are not modified manually, the Dev Portal will use the default value defined in the Kong Configuration file.
 
-
 **Note:** As of 0.34 the contents of the emails sent by the Dev Portal cannot be modified.
 
 ### portal_invite_email
@@ -27,6 +29,7 @@ If they are not modified manually, the Dev Portal will use the default value def
 When enabled, Kong Admins will be able to invite Developers to a Dev Portal by using the "Invite" button in the Kong Manager.
 
 **Email:**
+
 ```
 Subject: Invite to access Developer Portal <WORKSPACE_NAME>
 
@@ -52,7 +55,6 @@ Hello Admin!
 Please visit <KONG_MANAGER_URL/developers/requested> to review this request.
 ```
 
-
 ### portal_approved_email
 
 **Default:** `on`
@@ -76,7 +78,7 @@ Please visit <DEV PORTAL URL/login> to login.
 **Description:**
 When enabled, Developers will be able to use the "Reset Password" flow on a Dev Portal and will receive an email with password reset instructions.
 
-When disabled, Developers will *not* be able to reset their account passwords.
+When disabled, Developers will _not_ be able to reset their account passwords.
 
 ```
 Subject: Password Reset Instructions for Developer Portal <WORKSPACE_NAME>.
@@ -93,7 +95,6 @@ If you didn't make this request, keep your account secure by clicking
 the link above to change your password.
 ```
 
-
 ### portal_token_exp
 
 **Default:** `21600`
@@ -101,7 +102,6 @@ the link above to change your password.
 **Description:**
 Duration in seconds for the expiration of the Dev Portal reset password token. Default `21600` is six hours.
 
-
 ### portal_reset_success_email
 
 **Default:** `on`
@@ -122,7 +122,6 @@ Click the link below to sign in with your new credentials.
 <DEV_PORTAL_URL>
 ```
 
-
 ### portal_emails_from
 
 **Default:** `nil`
@@ -136,7 +135,6 @@ The name and email address for the 'From' header included in all Dev Portal emai
 portal_emails_from = Your Name <example@example.com>
 ```
 
-
 ### portal_emails_reply_to
 
 **Default:** `nil`
@@ -144,7 +142,6 @@ portal_emails_from = Your Name <example@example.com>
 **Description:**
 The email address for the 'Reply-To' header included in all Dev Portal emails.
 
-
 **Example :**
 
 ```
diff --git a/app/enterprise/0.34-x/developer-portal/developers/developer-access.md b/app/enterprise/0.34-x/developer-portal/developers/developer-access.md
index 6cc8d458d185..04e57b1624a7 100644
--- a/app/enterprise/0.34-x/developer-portal/developers/developer-access.md
+++ b/app/enterprise/0.34-x/developer-portal/developers/developer-access.md
@@ -4,7 +4,7 @@ title: Developer Account Management
 
 ## Granting Access to Developers
 
-Since [Developers][developers] are a type of [Consumer](/0.13.x/getting-started/adding-consumers/), plugins and auth credentials can be similarly applied to them. In this section we will learn how Developers can get access to your routes and services by managing their credentials.
+Since [Developers][developers] are a type of [Consumer](/enterprise/{{page.kong_version}}/getting-started/adding-consumers/), plugins and auth credentials can be similarly applied to them. In this section we will learn how Developers can get access to your routes and services by managing their credentials.
 
 ## How to Manage Your Developer Credentials
 
diff --git a/app/enterprise/0.34-x/developer-portal/glossary.md b/app/enterprise/0.34-x/developer-portal/glossary.md
index 9895d1f41913..ce7008f38762 100644
--- a/app/enterprise/0.34-x/developer-portal/glossary.md
+++ b/app/enterprise/0.34-x/developer-portal/glossary.md
@@ -35,7 +35,7 @@ chapter: 2
 
 * **API** = The APIs that are proxied by Kong API Gateway, the APIs that are documented in Dev Portal, and APIs whose usage is monitored by Vitals, etc.
     * Note that this is *not* the **Admin API** of Kong—we consistently refer to that as **Admin API**
-* **Consumer** = [A Kong concept and entity.](/0.13.x/getting-started/adding-consumers/) 
+* **Consumer** = [A Kong concept and entity.](/enterprise/{{page.kong_version}}/getting-started/adding-consumers/) 
 * **Application** = A computer program that calls API(s) proxied by **Kong API Gateway**.
     * This could be a mobile or web front end, an application running on the server of a partner or customer, or an application running within your company.
 
diff --git a/app/enterprise/0.34-x/developer-portal/management/file-management.md b/app/enterprise/0.34-x/developer-portal/management/file-management.md
index acc16c3c7a69..42e5104d5116 100644
--- a/app/enterprise/0.34-x/developer-portal/management/file-management.md
+++ b/app/enterprise/0.34-x/developer-portal/management/file-management.md
@@ -1,185 +1,178 @@
 ---
 title: Kong Dev Portal File Management
+redirect_from:
+  - /enterprise/0.34-x/developer-portal/file-management
 ---
 
 ## File Types
 
-![alt text](https://konghq.com/wp-content/uploads/2018/03/diagram-partials-02.png "File types diagram")
+![alt text](https://konghq.com/wp-content/uploads/2018/03/diagram-partials-02.png 'File types diagram')
 
 Dev Portals served by Kong are comprised of three primary file types; **Pages**,
- **Partials**, and **Specifications**. The unique look, feel, and content of 
- the Dev Portal is controlled through creating and editing these three file types.
-
-
-* **Page**
-    * Handlebars file.
-    * Pages can be accessed by appending the Page name to your Dev Portal URL:
-     `:8003/<page_name>`
-    * Pages are indicated by `type=page` in Dev Portal File API.
-* **Partial** 
-    * Handlebars partial registered by name for use within a Pages and other 
+**Partials**, and **Specifications**. The unique look, feel, and content of
+the Dev Portal is controlled through creating and editing these three file types.
+
+- **Page**
+  - Handlebars file.
+  - Pages can be accessed by appending the Page name to your Dev Portal URL:
+    `:8003/<page_name>`
+  - Pages are indicated by `type=page` in Dev Portal File API.
+- **Partial**
+  - Handlebars partial registered by name for use within a Pages and other
     Partials.
-    * Partials can be re-used and shared between all pages using the Handlebars
-     import statement:
-        *  {% raw %} `{{> partial_name}}`{% endraw %}
-    * Partials are indicated by `type=partial` in Dev Portal File API.
-* **Specification**
-    * Open API (Swagger) Spec files that are passed to the OpenAPI Spec Renderer
-     and the Pages / Partials.
-    * Kong Dev Portal is compatible with Swagger version 2.x and OpenAPI Spec 
-    version 3.x files.
-        * Specification files **must** be in _YAML_ or _JSON_ format.
-    * Specifications are indicated by `type=spec` in Dev Portal File API.
-
+  - Partials can be re-used and shared between all pages using the Handlebars
+    import statement:
+    - {% raw %} `{{> partial_name}}`{% endraw %}
+  - Partials are indicated by `type=partial` in Dev Portal File API.
+- **Specification**
+  - Open API (Swagger) Spec files that are passed to the OpenAPI Spec Renderer
+    and the Pages / Partials.
+  - Kong Dev Portal is compatible with Swagger version 2.x and OpenAPI Spec
+    version 3.x files. \* Specification files **must** be in _YAML_ or _JSON_ format.
+  - Specifications are indicated by `type=spec` in Dev Portal File API.
 
 ## Example Files
 
 Alist of all the files included in the example Dev Portal theme can be found
 on in the `Kong Manager` under `Dev Portal`.
 
-
 ### Pages
 
-* **pages/index.hbs**
-    * The page that is served when when visitors access the root URL of your 
+- **pages/index.hbs**
+  - The page that is served when when visitors access the root URL of your
     Dev Portal.
-* **pages/about.hbs**
-    * Sample 'about' page that extends the base `layout` partial.
-* **pages/guides.hbs**
-    * Sample 'guides' page that e∂xtends the base `layout` partial.
-* **pages/404.hbs**
-    * The page that visitors get when they navigate to a non-existent URL of 
+- **pages/about.hbs**
+  - Sample 'about' page that extends the base `layout` partial.
+- **pages/guides.hbs**
+  - Sample 'guides' page that e∂xtends the base `layout` partial.
+- **pages/404.hbs**
+  - The page that visitors get when they navigate to a non-existent URL of
     your Dev Portal.
-* **pages/documentation/index.hbs**
-    * See Virtual Paths And The Specification Loader section for more 
+- **pages/documentation/index.hbs**
+  - See Virtual Paths And The Specification Loader section for more
     information.
-* **pages/documentation/loader.hbs**
-    * See Virtual Paths And The Specification Loader section for more 
+- **pages/documentation/loader.hbs**
+  - See Virtual Paths And The Specification Loader section for more
     information.
-* **pages/documentation/api1.hbs**
-    * A static page that renders the `files` spec using the `spec-renderer` 
+- **pages/documentation/api1.hbs**
+  - A static page that renders the `files` spec using the `spec-renderer`
     partial using the `spec` argument.
-* **pages/documentation/api2.hbs**
-    * A static page that renders the `vitals` spec using the `spec-renderer` 
+- **pages/documentation/api2.hbs**
+  - A static page that renders the `vitals` spec using the `spec-renderer`
     partial using the `spec` argument.
 
-
 ### Partials
 
-* **partials/layout.hbs**
-    * Base layout template for the Example Dev Portal which contains 
-    references to the `header`,  `footer`,  `theme-css`,  `custom-css`, and 
-    `title` partials. The base layout can be extended using inline partial 
+- **partials/layout.hbs**
+  - Base layout template for the Example Dev Portal which contains
+    references to the `header`, `footer`, `theme-css`, `custom-css`, and
+    `title` partials. The base layout can be extended using inline partial
     references inside of **Pages**. An example is the `about.hbs` page.
-* **partials/header.hbs**
-    * The default Example Dev Portal header partial for authenticated users.
-* **partials/sidebar.hbs**
-    * The default Example Dev Portal sidebar that is included in the 
-    `documentation/{api1,api2,loader}` pages that includes the `sidebar-spec` 
+- **partials/header.hbs**
+  - The default Example Dev Portal header partial for authenticated users.
+- **partials/sidebar.hbs**
+  - The default Example Dev Portal sidebar that is included in the
+    `documentation/{api1,api2,loader}` pages that includes the `sidebar-spec`
     partial and a link to the `guides.hbs` page.
-* **partials/kong-docs-sidebar.hbs**
-    *  Another example sidebar that is included in the guides pages
-* **partials/sidebar-spec.hbs**
-    * This partial renders a list of links to methods found in the 
+- **partials/kong-docs-sidebar.hbs**
+  - Another example sidebar that is included in the guides pages
+- **partials/sidebar-spec.hbs**
+  - This partial renders a list of links to methods found in the
     specification loaded through the `spec-renderer` partial.
-* **partials/spec-renderer.hbs**
-    * This partial renders a specification from the Dev Portal Files API.
-     When the `spec` argument is used it does a direct lookup for either a 
-     `json` or `yaml` spec file.
-* **partials/custom-js.hbs**
-    * This partial defines JavaScript that runs on all pages in the Example 
+- **partials/spec-renderer.hbs**
+  - This partial renders a specification from the Dev Portal Files API.
+    When the `spec` argument is used it does a direct lookup for either a
+    `json` or `yaml` spec file.
+- **partials/custom-js.hbs**
+  - This partial defines JavaScript that runs on all pages in the Example
     Dev Portal - it is “empty” and ready for you to customize
 
-
 ### Specifications
 
-* **specs/files.json**
-    * API specification file, in Swagger 2.0 and JSON format.
-* **specs/vitals.yaml**
-    * Another API specification file, in Swagger 2.0 and YAML format.
-* **specs/admin.json**
-    * Another API specification file, in the Swagger 2.0 and JSON format.
-
+- **specs/files.json**
+  - API specification file, in Swagger 2.0 and JSON format.
+- **specs/vitals.yaml**
+  - Another API specification file, in Swagger 2.0 and YAML format.
+- **specs/admin.json**
+  - Another API specification file, in the Swagger 2.0 and JSON format.
 
 ## File Paths
 
-Files can be served under nested paths, called *namespaces*, to allow further 
+Files can be served under nested paths, called _namespaces_, to allow further
 control over how content is organized and served.
 
-1. To serve a page named `api1` under the namespace `/documentation`:
+1.  To serve a page named `api1` under the namespace `/documentation`:
     1. Upload a Page with `name=documentation/api1` to the Dev Portal File API
-        1. We have already done this for you. You can view this file in the 
-        Example Dev Portal file archive you downloaded and sync'd earlier, 
-        you can also view it from the Dev Portal File API.
+       1. We have already done this for you. You can view this file in the
+          Example Dev Portal file archive you downloaded and sync'd earlier,
+          you can also view it from the Dev Portal File API.
     2. Navigate in your browser to `:8003/documentation/api1`
-    3. You will see the contents of the Page you just uploaded to the Dev 
-    Portal File API. This is how namespaces work.
-2. In order to serve content on the namespace itself (e.g. `/documentation`) 
-you can either:
+    3. You will see the contents of the Page you just uploaded to the Dev
+       Portal File API. This is how namespaces work.
+2.  In order to serve content on the namespace itself (e.g. `/documentation`)
+    you can either:
 
-    1. Upload a page with `name=documentation`
-    2. Upload a Page with `name=documentation/index`
-        1. We have already uploaded a file with this name to your Dev 
-        Portal File API earlier in the Uploading the Example Dev Portal 
-        files section. You can view this file in both the archive and inside 
-        of your Dev Portal File API.
+        1. Upload a page with `name=documentation`
+        2. Upload a Page with `name=documentation/index`
+            1. We have already uploaded a file with this name to your Dev
+            Portal File API earlier in the Uploading the Example Dev Portal
+            files section. You can view this file in both the archive and inside
+            of your Dev Portal File API.
 
-   * Navigate in your browser to `:8003/documentation` in either of these cases
-    to see the pages content.
+    - Navigate in your browser to `:8003/documentation` in either of these cases
+      to see the pages content.
 
 ### Virtual Paths and the Specification Loader
 
-**Virtual Paths** allow you the ability to dynamically render Specification 
+**Virtual Paths** allow you the ability to dynamically render Specification
 files without creating a page for each Specification.
 
+> You may have noticed the two static Specification file pages as well as the
+> Specification Loader `documentation/loader` within the Example Dev Portal
 
-> You may have noticed the two static Specification file pages as well as the 
->Specification Loader `documentation/loader` within the Example Dev Portal
-
-The inclusion of a **Specification Loader** (a file defined by 
-`name=<namespace>/loader`),  as well as the inclusion of the `spec-renderer` 
+The inclusion of a **Specification Loader** (a file defined by
+`name=<namespace>/loader`), as well as the inclusion of the `spec-renderer`
 partial within the Specification Loader itself, enables the following
 functionality:
 
-* When the Specification Loader is present under a namespace 
-(e.g. `/documentation/loader`) visiting a path such as `/documentation/spec-1`
- will attempt to render a Specification file uploaded with the name `spec-1`.
-* If the Specification does not exist in the Dev Portal File API the path 
-visited will return the **404** page.
+- When the Specification Loader is present under a namespace
+  (e.g. `/documentation/loader`) visiting a path such as `/documentation/spec-1`
+  will attempt to render a Specification file uploaded with the name `spec-1`.
+- If the Specification does not exist in the Dev Portal File API the path
+  visited will return the **404** page.
 
 An example Specification Loader is as follows:
 
-> Note: while layout of the loader page is flexible the inclusion of the 
->`spec-renderer` partial is required in order to provide spec rendering 
->functionality. Furthermore the Dev Portal needs **all** elements of the 
->`spec-renderer` partial to remain as is to function as expected.
-![alt text](https://konghq.com/wp-content/uploads/2018/03/code-spec-renderer.png "Logo Title Text 1")
-
+> Note: while layout of the loader page is flexible the inclusion of the
+> `spec-renderer` partial is required in order to provide spec rendering
+> functionality. Furthermore the Dev Portal needs **all** elements of the
+> `spec-renderer` partial to remain as is to function as expected.
+> ![alt text](https://konghq.com/wp-content/uploads/2018/03/code-spec-renderer.png 'Logo Title Text 1')
 
 ## Adding Files
 
 #### File Requirements
 
-* File names **must not** include the file extension, unless you wish your pages
- and partials to be referenced with them.
-    * A **Page** with `name=guides.hbs` would be accessible at: 
+- File names **must not** include the file extension, unless you wish your pages
+  and partials to be referenced with them.
+  - A **Page** with `name=guides.hbs` would be accessible at:
     `http://127.0.0.1:8003/guides.hbs`
-    * A **Page** with `name=guides` would be accessible at: 
+  - A **Page** with `name=guides` would be accessible at:
     `http://127.0.0.1:8003/guides`
-* File names **must** be _unique_.
-    * You cannot have more than one file with the same name, even if they are of
-     different types.
-* Files **must** be of the type: `partial` or `page` or `spec`
-    * Other file formats like image and video are not supported by the Files API,
-     and must be served either from another web server or added inline.
-* Pages and Partials **must** be written in _[Handlebars](https://handlebarsjs.com/)_
-    * Files with the `.hbs` extension may contain HTML or 
+- File names **must** be _unique_.
+  - You cannot have more than one file with the same name, even if they are of
+    different types.
+- Files **must** be of the type: `partial` or `page` or `spec`
+  - Other file formats like image and video are not supported by the Files API,
+    and must be served either from another web server or added inline.
+- Pages and Partials **must** be written in _[Handlebars](https://handlebarsjs.com/)_
+  - Files with the `.hbs` extension may contain HTML or
     [Handlebars](https://handlebarsjs.com/) code
-* Specification files **must** be in `yaml` or `json` format
+- Specification files **must** be in `yaml` or `json` format
 
 #### Uploading a new page or partial
 
-Create a new file with the name `example.hbs` in your Example Dev Portal files 
+Create a new file with the name `example.hbs` in your Example Dev Portal files
 directory under the `pages/` directory.
 
 Add it to Kong specifying the file as a page:
@@ -192,17 +185,16 @@ curl -X POST http://127.0.0.1:8001/<WORKSPACE_NAME>/files \
         -F "auth=true"
 ```
 
- > Note that the name must match that used in the handlebars file 
- >(example and example.hbs in this sample)
-
+> Note that the name must match that used in the handlebars file
+> (example and example.hbs in this sample)
 
 ### Uploading a specification file
 
 1. Select a Swagger `json` or `yaml` specification file in your filesystem
-    - Should you not have one, we can use the Swagger Pet Store Example: 
-    [Download File](http://petstore.swagger.io/v2/swagger.json)
-2. Upload the specification with the following curl request in your terminal 
-(relative to the file):
+   - Should you not have one, we can use the Swagger Pet Store Example:
+     [Download File](http://petstore.swagger.io/v2/swagger.json)
+2. Upload the specification with the following curl request in your terminal
+   (relative to the file):
 
 ```bash
 curl -X POST http://127.0.0.1:8001/<WORKSPACE_NAME>/files \
@@ -211,34 +203,34 @@ curl -X POST http://127.0.0.1:8001/<WORKSPACE_NAME>/files \
         -F "contents=@swagger.json"
 ```
 
-  > Note: The `@` symbol in the `curl` command will automatically read the file
-  > on disk and place its contents into the `contents` argument.
-
-
+> Note: The `@` symbol in the `curl` command will automatically read the file
+> on disk and place its contents into the `contents` argument.
 
 ## Updating Files
 
 Now let's update **pages/documentation/api1.hbs** to render our newly added
- Specification file:
+Specification file:
 
-1. Find the `pages/documentation/api1.hbs` file in your Example Dev Portal 
-Archive
+1. Find the `pages/documentation/api1.hbs` file in your Example Dev Portal
+   Archive
 2. Find the following line of code:
 
-    {% raw %}
-    ```handlebars
-      {{> spec-renderer spec="files"}}
-    ```
-    {% endraw %}
+   {% raw %}
+
+   ```handlebars
+     {{> spec-renderer spec="files"}}
+   ```
+
+   {% endraw %}
 
-3. Change: `files`  →  `swagger`
+3. Change: `files` → `swagger`
 4. Now make a `PATCH` request to update the page against the Dev Portal File API
- in your terminal (note, no extension on the filename in the url):
+   in your terminal (note, no extension on the filename in the url):
 
-    ```bash
-    curl -X PATCH http://127.0.0.1:8001/<WORKSPACE_NAME>/files/documentation/api1 \
-          -F "contents=@pages/documentation/api1.hbs"
-    ```
+   ```bash
+   curl -X PATCH http://127.0.0.1:8001/<WORKSPACE_NAME>/files/documentation/api1 \
+         -F "contents=@pages/documentation/api1.hbs"
+   ```
 
-5. Navigate to `:8003/<WORKSPACE_NAME>/documentation/api1` in your browser, you 
-should see that the specification has changed.
+5. Navigate to `:8003/<WORKSPACE_NAME>/documentation/api1` in your browser, you
+   should see that the specification has changed.
diff --git a/app/enterprise/0.34-x/getting-started/accessing-your-license.md b/app/enterprise/0.34-x/getting-started/accessing-your-license.md
index be06165b9a3d..70280da1a04d 100644
--- a/app/enterprise/0.34-x/getting-started/accessing-your-license.md
+++ b/app/enterprise/0.34-x/getting-started/accessing-your-license.md
@@ -5,7 +5,7 @@ title: How to Access Your Kong Enterprise License
 Starting with Kong EE 0.29, Kong requires a license file to start. This guide 
 will walk you through accessing your license file. 
 
-Log into https://bintray.com/login?forwardedFrom=%2Fkong%2F
+Log into [bintray.com](https://bintray.com/login?forwardedFrom=%2Fkong%2F)
 If you are unaware of your login credentials, reach out to your CSE and they'll 
 be able to assist you.
 
diff --git a/app/enterprise/0.34-x/getting-started/adding-consumers.md b/app/enterprise/0.34-x/getting-started/adding-consumers.md
index d4c6400abb40..e3351701ce4c 100644
--- a/app/enterprise/0.34-x/getting-started/adding-consumers.md
+++ b/app/enterprise/0.34-x/getting-started/adding-consumers.md
@@ -66,7 +66,7 @@ $ curl -i -X POST \
 
 The authorization header must be base64 encoded. For example, if the credential 
 uses Aladdin as the username and OpenSesame as the password, then the field’s 
-value is the base64-encoding of Aladdin:OpenSesame, or QWxhZGRpbjpPcGVuU2VzYW1l.
+value is the base64-encoding of `Aladdin:OpenSesame`, or `QWxhZGRpbjpPcGVuU2VzYW1l`.
 
 Then the Authorization (or Proxy-Authorization) header must appear as:
 
@@ -86,8 +86,7 @@ $ curl http://kong:8000/{path matching a configured Route} \
 Now that we've covered the basics of adding APIs, Consumers and enabling
 Plugins, feel free to read more on Kong in one of the following documents:
 
-- [Configuration Reference for Kong][configuration]
-- [Configuration Property Reference for Kong Enterprise][enterprise-conf]
+- [Configuration Property Reference][enterprise-conf]
 - [CLI Reference][CLI]
 - [Proxy Reference][proxy]
 - [Admin API Reference][API]
@@ -95,12 +94,11 @@ Plugins, feel free to read more on Kong in one of the following documents:
 
 
 [basic-auth]: /hub/kong-inc/basic-auth
-[API-consumers]: /0.13.x/admin-api#create-consumer
-[consumers]: /0.13.x/admin-api#consumer-object
+[API-consumers]: /enterprise/{{page.kong_version}}/admin-api#create-consumer
+[consumers]: /enterprise/{{page.kong_version}}/admin-api#consumer-object
 [enabling-plugins]: /enterprise/{{page.kong_version}}/getting-started/enabling-plugins
 [enterprise-conf]: /enterprise/{{page.kong_version}}/property-reference
-[configuration]: /0.13.x/configuration
-[CLI]: /0.13.x/cli
-[proxy]: /0.13.x/proxy
-[API]: /0.13.x/admin-api
-[cluster]: /0.13.x/clustering
+[CLI]: /enterprise/{{page.kong_version}}/cli
+[proxy]: /enterprise/{{page.kong_version}}/proxy
+[API]: /enterprise/{{page.kong_version}}/admin-api
+[cluster]: /enterprise/{{page.kong_version}}/clustering
diff --git a/app/enterprise/0.34-x/getting-started/adding-your-api.md b/app/enterprise/0.34-x/getting-started/adding-your-api.md
index e382c955226b..0a7693439a5b 100644
--- a/app/enterprise/0.34-x/getting-started/adding-your-api.md
+++ b/app/enterprise/0.34-x/getting-started/adding-your-api.md
@@ -91,7 +91,7 @@ Now that you've added your API to Kong Enterprise, let's learn how to enable plu
 
 Go to [Enabling Plugins &rsaquo;][enabling-plugins]
 
-[API]: /0.13.x/admin-api
+[API]: /enterprise/{{page.kong_version}}/admin-api
 [enabling-plugins]: /enterprise/{{page.kong_version}}/getting-started/enabling-plugins
-[proxy-port]: /0.13.x/configuration/#nginx-section
+[proxy-port]: /enterprise/{{page.kong_version}}/property-reference/#nginx-section
 [mockbin]: https://mockbin.com/
diff --git a/app/enterprise/0.34-x/getting-started/configuring-a-service.md b/app/enterprise/0.34-x/getting-started/configuring-a-service.md
index d3117e9e8aa0..d50cd3e97c4c 100644
--- a/app/enterprise/0.34-x/getting-started/configuring-a-service.md
+++ b/app/enterprise/0.34-x/getting-started/configuring-a-service.md
@@ -139,7 +139,7 @@ Now that you've added your API to Kong Enterprise, let's learn how to enable plu
 
 Go to [Enabling Plugins &rsaquo;][enabling-plugins]
 
-[API]: /0.13.x/admin-api
+[API]: /enterprise/{{page.kong_version}}/admin-api
 [enabling-plugins]: /enterprise/{{page.kong_version}}/getting-started/enabling-plugins
-[proxy-port]: /0.13.x/configuration/#nginx-section
+[proxy-port]: /enterprise/{{page.kong_version}}/property-reference/#nginx-section
 [mockbin]: https://mockbin.com/
diff --git a/app/enterprise/0.34-x/getting-started/enabling-plugins.md b/app/enterprise/0.34-x/getting-started/enabling-plugins.md
index 5e07652f1edb..51aa2ea2054e 100644
--- a/app/enterprise/0.34-x/getting-started/enabling-plugins.md
+++ b/app/enterprise/0.34-x/getting-started/enabling-plugins.md
@@ -1,5 +1,8 @@
 ---
 title: Enabling Plugins
+redirect_from:
+  - /enterprise/0.34-x/getting-started/enabling-plugins/enterprise/0.34-x/plugins/key-authentication
+  - /enterprise/0.34-x/getting-started/enabling-plugins/enterprise/0.34-x/plugins
 ---
 
 ## Introduction
@@ -35,7 +38,6 @@ Or, add your first plugin via Kong Manager on the "Plugins" page:
  Your browser does not support the video tag.
 </video>
 
-
 ## 2. Verify that the Plugin is Properly Configured
 
 Issue the following cURL request to verify that the [basic-auth][basic-auth]
@@ -47,7 +49,7 @@ $ curl -i -X GET \
   --header 'Host: example.com'
 ```
 
-Since you did not specify the required header or parameter, the response should 
+Since you did not specify the required header or parameter, the response should
 be `401 Unauthorized`:
 
 ```http
@@ -66,6 +68,6 @@ Consumers to your API so we can continue proxying requests through Kong.
 
 Go to [Adding Consumers &rsaquo;][adding-consumers]
 
-[basic-auth]: enterprise/{{page.kong_version}}/plugins/key-authentication
-[plugins]: enterprise/{{page.kong_version}}/plugins
+[basic-auth]: https://docs.konghq.com/hub/kong-inc/basic-auth/
+[plugins]: https://docs.konghq.com/hub/
 [adding-consumers]: /enterprise/{{page.kong_version}}/getting-started/adding-consumers
diff --git a/app/enterprise/0.34-x/getting-started/quickstart.md b/app/enterprise/0.34-x/getting-started/quickstart.md
index dd4fd0609879..c497c78c0231 100644
--- a/app/enterprise/0.34-x/getting-started/quickstart.md
+++ b/app/enterprise/0.34-x/getting-started/quickstart.md
@@ -57,7 +57,7 @@ To set up the first account:
     ```
 
 **Note:** the CLI accepts a configuration option (`-c /path/to/kong.conf`)
-allowing you to point to [your own configuration](/0.13.x/configuration/#configuration-loading).
+allowing you to point to [your own configuration](/enterprise/{{page.kong_version}}/property-reference/#configuration-loading).
 
 ## 2. Verify that Kong Enterprise has Started Successfully
 
@@ -104,10 +104,10 @@ and Kong Manager.
 
 To begin, go to [Configuring a Service &rsaquo;][configuring-a-service]
 
-[CLI]: /0.13.x/cli
-[API]: /0.13.x/admin-api
+[CLI]: /enterprise/{{page.kong_version}}/cli
+[API]: /enterprise/{{page.kong_version}}/admin-api
 [kong-manager]: /enterprise/{{page.kong_version}}/kong-manager/overview
-[datastore-section]: /0.13.x/configuration/#datastore-section
+[datastore-section]: /enterprise/{{page.kong_version}}/property-reference/#datastore
 [configuring-a-service]: /enterprise/{{page.kong_version}}/getting-started/configuring-a-service
 [docker]: /enterprise/{{page.kong_version}}/installation/docker/
 [centos]: /enterprise/{{page.kong_version}}/installation/centos/
diff --git a/app/enterprise/0.34-x/health-checks-circuit-breakers.md b/app/enterprise/0.34-x/health-checks-circuit-breakers.md
new file mode 100644
index 000000000000..3ee2ea2622c9
--- /dev/null
+++ b/app/enterprise/0.34-x/health-checks-circuit-breakers.md
@@ -0,0 +1,294 @@
+---
+title: Health Checks and Circuit Breakers Reference
+---
+
+## Introduction
+
+You can make an API proxied by Kong use a [ring-balancer][ringbalancer], configured
+by adding an [upstream][upstream] entity that contains one or more [target][ringtarget]
+entities, each target pointing to a different IP address (or hostname) and
+port. The ring-balancer will balance load among the various targets, and based
+on the [upstream][upstream] configuration, will perform health checks on the targets,
+making them as healthy or unhealthy whether they are responsive or not. The
+ring-balancer will then only route traffic to healthy targets.
+
+Kong supports two kinds of health checks, which can be used separately or in
+conjunction:
+
+* **active checks**, where a specific HTTP endpoint in the target is
+periodically requested and the health of the target is determined based on its
+response;
+
+* **passive checks** (also known as **circuit breakers**), where Kong analyzes
+the ongoing traffic being proxied and determines the health of targets based
+on their behavior responding requests.
+
+## Healthy and unhealthy targets
+
+The objective of the health checks functionality is to dynamically mark
+targets as healthy or unhealthy, **for a given Kong node**. There is
+no cluster-wide synchronization of health information: each Kong node
+determines the health of its targets separately. This is desirable since at a
+given point one Kong node may be able to connect to a target successfully
+while another node is failing to reach it: the first node will consider
+it healthy, while the second will mark it as unhealthy and start routing
+traffic to other targets of the upstream.
+
+Either an active probe (on active health checks) or a proxied request
+(on passive health checks) produces data which is used to determine
+whether a target is healthy or unhealthy. A request may produce a TCP
+error, timeout, or produce an HTTP status code. Based on this
+information, the health checker updates a series of internal counters:
+
+* If the returned status code is one configured as "healthy", it will
+increment the "Successes" counter for the target and clear all its other
+counters;
+* If it fails to connect, it will increment the "TCP failures" counter
+for the target and clear the "Successes" counter;
+* If it times out, it will increment the "timeouts" counter
+for the target and clear the "Successes" counter;
+* If the returned status code is one configured as "unhealthy", it will
+increment the "HTTP failures" counter for the target and clear the "Successes" counter.
+
+If any of the "TCP failures", "HTTP failures" or "timeouts" counters reaches
+their configured threshold, the target will be marked as unhealthy.
+
+If the "Successes" counter reaches its configured threshold, the target will be
+marked as healthy.
+
+The list of which HTTP status codes are "healthy" or "unhealthy", and the
+individual thresholds for each of these counters are configurable on a
+per-upstream basis. Below, we have an example of a configuration for an
+Upstream entity, showcasing the default values of the various fields
+available for configuring health checks. A description of each
+field is included in the [Admin API][addupstream] reference documentation.
+
+```json
+{
+    "name": "service.v1.xyz",
+    "healthchecks": {
+        "active": {
+            "concurrency": 10,
+            "healthy": {
+                "http_statuses": [ 200, 302 ],
+                "interval": 0,
+                "successes": 0
+            },
+            "http_path": "/",
+            "timeout": 1,
+            "unhealthy": {
+                "http_failures": 0,
+                "http_statuses": [ 429, 404, 500, 501,
+                                   502, 503, 504, 505 ],
+                "interval": 0,
+                "tcp_failures": 0,
+                "timeouts": 0
+            }
+        },
+        "passive": {
+            "healthy": {
+                "http_statuses": [ 200, 201, 202, 203,
+                                   204, 205, 206, 207,
+                                   208, 226, 300, 301,
+                                   302, 303, 304, 305,
+                                   306, 307, 308 ],
+                "successes": 0
+            },
+            "unhealthy": {
+                "http_failures": 0,
+                "http_statuses": [ 429, 500, 503 ],
+                "tcp_failures": 0,
+                "timeouts": 0
+            }
+        }
+    },
+    "slots": 10
+}
+```
+
+If all targets of an upstream are unhealthy, Kong will respond to requests
+to the upstream with `503 Service Unavailable`.
+
+Note:
+
+1. health checks operate only on [*active* targets][targetobject] and do not
+   modify the *active* status of a target in the Kong database.
+2. unhealthy targets will not be removed from the loadbalancer, and hence will
+   not have any impact on the balancer layout when using the hashing algorithm
+   (they will just be skipped).
+3. The [DNS caveats][dnscaveats] and [balancer caveats][balancercaveats]
+   also apply to health checks. If using hostnames for the targets, then make
+   sure the DNS server always returns the full set of IP addresses for a name,
+   and does not limit the response. *Failing to do so might lead to health
+   checks not being executed.*
+
+## Types of health checks
+
+### Active health checks
+
+Active health checks, as the name implies, actively probe targets for
+their health. When active health checks are enabled in an upstream entity,
+Kong will periodically issue HTTP requests to a configured path at each target
+of the upstream. This allows Kong to automatically enable and disable targets
+in the balancer based on the [probe results](#healthy-and-unhealthy-targets).
+
+The periodicity of active health checks can be configured separately for
+when a target is healthy or unhealthy. If the `interval` value for either
+is set to zero, the checking is disabled at the corresponding scenario.
+When both are zero, active health checks are disabled altogether.
+
+[Back to TOC](#table-of-contents)
+
+### Passive health checks (circuit breakers)
+
+Passive health checks, also known as circuit breakers, are
+checks performed based on the requests being proxied by Kong,
+with no additional traffic being generated. When a target becomes
+unresponsive, the passive health checker will detect that and mark
+the target as unhealthy. The ring-balancer will start skipping this
+target, so no more traffic will be routed to it. 
+
+Once the problem with a target is solved and it is ready to receive
+traffic again, the Kong administrator can manually inform the
+health checker that the target should be enabled again, via an
+Admin API endpoint:
+
+```bash
+$ curl -i -X POST http://localhost:8001/upstreams/my_upstream/targets/10.1.2.3:1234/healthy
+HTTP/1.1 204 No Content
+```
+
+This command will broadcast a cluster-wide message so that the "healthy"
+status is propagated to the whole [Kong cluster][clustering]. This will cause Kong nodes to
+reset the health counters of the health checkers running in all workers of the
+Kong node, allowing the ring-balancer to route traffic to the target again.
+
+Passive health checks have the advantage of not producing extra
+traffic, but they are unable to automatically mark a target as
+healthy again: the "circuit is broken", and the target needs to
+be re-enabled again by the system administrator.
+
+[Back to TOC](#table-of-contents)
+
+### Summary of pros and cons
+
+* Active health checks can automatically re-enable a target in the
+ring balancer as soon as it is healthy again. Passive health checks cannot.
+* Passive health checks do not produce additional traffic to the 
+target. Active health checks do.
+* An active health checker demands a known URL with a reliable status response
+in the target to be configured as a probe endpoint (which may be as
+simple as `"/"`). Passive health checks do not demand such configuration.
+* By providing a custom probe endpoint for an active health checker,
+an application may determine its own health metrics and produce a status
+code to be consumed by Kong. Even though a target continues to serve
+traffic which looks healthy to the passive health checker,
+it would be able to respond to the active probe with a failure
+status, essentially requesting to be relieved from taking new traffic.
+
+It is possible to combine the two modes. For example, one can enable
+passive health checks to monitor the target health based solely on its
+traffic, and only use active health checks while the target is unhealthy,
+in order to re-enable it automatically.
+
+## Enabling and disabling health checks
+
+### Enabling active health checks
+
+To enable active health checks, you need to specify the configuration items
+under `healthchecks.active` in the [Upstream object][upstreamobjects] configuration. You
+need to specify the necessary information so that Kong can perform periodic
+probing on the target, and how to interpret the resulting information.
+
+For configuring the probe, you need to specify:
+
+* `healthchecks.active.http_path` - The path that should be used when
+issuing the HTTP GET request to the target. The default value is `"/"`.
+* `healthchecks.active.timeout` - The connection timeout limit for the
+HTTP GET request of the probe. The default value is 1 second.
+* `healthchecks.active.concurrency` - Number of targets to check concurrently
+in active health checks.
+
+You also need to specify positive values for intervals, for running
+probes:
+
+* `healthchecks.active.healthy.interval` - Interval between active health
+checks for healthy targets (in seconds). A value of zero indicates that active
+probes for healthy targets should not be performed.
+* `healthchecks.active.unhealthy.interval` - Interval between active health
+checks for unhealthy targets (in seconds). A value of zero indicates that active
+probes for unhealthy targets should not be performed.
+
+This allows you to tune the behavior of the active health checks, whether you
+want probes for healthy and unhealthy targets to run at the same interval, or
+one to be more frequent than the other.
+
+Finally, you need to configure how Kong should interpret the probe, by setting
+the various thresholds on the [health
+counters](#healthy-and-unhealthy-targets), which, once reached will trigger a
+status change. The counter threshold fields are:
+
+* `healthchecks.active.healthy.successes` - Number of successes in active
+probes (as defined by `healthchecks.active.healthy.http_statuses`) to consider
+a target healthy.
+* `healthchecks.active.unhealthy.tcp_failures` - Number of TCP failures in
+active probes to consider a target unhealthy.
+* `healthchecks.active.unhealthy.timeouts` - Number of timeouts in active
+probes to consider a target unhealthy.
+* `healthchecks.active.unhealthy.http_failures` - Number of HTTP failures in
+active probes (as defined by `healthchecks.active.unhealthy.http_statuses`) to
+consider a target unhealthy.
+
+### Enabling passive health checks
+
+Passive health checks do not feature a probe, as they work by interpreting
+the ongoing traffic that flows from a target. This means that to enable
+passive checks you only need to configure its counter thresholds:
+
+* `healthchecks.passive.healthy.successes` - Number of successes in proxied
+traffic (as defined by `healthchecks.passive.healthy.http_statuses`) to
+consider a target healthy, as observed by passive health checks. This needs to
+be positive when passive checks are enabled so that healthy traffic resets the
+unhealthy counters.
+* `healthchecks.passive.unhealthy.tcp_failures` - Number of TCP failures in
+proxied traffic to consider a target unhealthy, as observed by passive health
+checks.
+* `healthchecks.passive.unhealthy.timeouts` - Number of timeouts in proxied
+traffic to consider a target unhealthy, as observed by passive health checks.
+* `healthchecks.passive.unhealthy.http_failures` - Number of HTTP failures in
+proxied traffic (as defined by `healthchecks.passive.unhealthy.http_statuses`)
+to consider a target unhealthy, as observed by passive health checks.
+
+### Disabling health checks
+
+In all counter thresholds and intervals specified in the `healthchecks`
+configuration, setting a value to zero means that the functionality the field
+represents is disabled. Setting a probe interval to zero disables a probe.
+Likewise, you can disable certain types of checks by setting their counter
+thresholds to zero. For example, to not consider timeouts when performing
+healthchecks, you can set both `timeouts` fields (for active and passive
+checks) to zero. This gives you a fine-grained control of the behavior of the
+health checker.
+
+In summary, to completely disable active health checks for an upstream, you
+need to set both `healthchecks.active.healthy.interval` and
+`healthchecks.active.unhealthy.interval` to `0`.
+
+To completely disable passive health checks, you need to set all counter
+thresholds under `healthchecks.passive` for its various counters to zero.
+
+All counter thresholds and intervals in `healthchecks` are zero by default,
+meaning that health checks are completely disabled by default in newly created
+upstreams.
+
+[Back to TOC](#table-of-contents)
+
+[ringbalancer]: /enterprise/{{page.kong_version}}/loadbalancing#ring-balancer
+[ringtarget]: /enterprise/{{page.kong_version}}/loadbalancing#target
+[upstream]: /enterprise/{{page.kong_version}}/loadbalancing#upstream
+[targetobject]: /enterprise/{{page.kong_version}}/admin-api#target-object
+[addupstream]: /enterprise/{{page.kong_version}}/admin-api#add-upstream
+[clustering]: /enterprise/{{page.kong_version}}/clustering
+[upstreamobjects]: /enterprise/{{page.kong_version}}/admin-api#upstream-objects
+[balancercaveats]: /enterprise/{{page.kong_version}}/loadbalancing#balancing-caveats
+[dnscaveats]: /enterprise/{{page.kong_version}}/loadbalancing#dns-caveats
diff --git a/app/enterprise/0.34-x/installation/amazon-linux.md b/app/enterprise/0.34-x/installation/amazon-linux.md
index 8b7be3aa6e42..789bc30d69ab 100644
--- a/app/enterprise/0.34-x/installation/amazon-linux.md
+++ b/app/enterprise/0.34-x/installation/amazon-linux.md
@@ -53,7 +53,7 @@ $ kong migrations up [-c /path/to/kong.conf]
 $ sudo /usr/local/bin/kong start [-c /path/to/kong.conf]
 ```
 
-**Note:** You may use `kong.conf.default` or create [your own configuration](/0.13.x/configuration/#configuration-loading).
+**Note:** You may use `kong.conf.default` or create [your own configuration](/enterprise/{{page.kong_version}}/property-reference/#configuration-loading).
 
 ## Install HTTPie to Make Commands more Easily
 
diff --git a/app/enterprise/0.34-x/kong-architecture-patterns.md b/app/enterprise/0.34-x/kong-architecture-patterns.md
index c70a22169daa..2ea20ca03997 100644
--- a/app/enterprise/0.34-x/kong-architecture-patterns.md
+++ b/app/enterprise/0.34-x/kong-architecture-patterns.md
@@ -20,7 +20,7 @@ Often we see this initial Kong configuration morph into one where the APIs are w
 
 ## Kong and APIs behind Firewall
 
-The next pattern we see, and the next step for security, is to setup [API servers behind a firewall](/0.13.x/network/) and only allow the Kong API Gateway be accessible to the public.
+The next pattern we see, and the next step for security, is to setup [API servers behind a firewall](/enterprise/{{page.kong_version}}/network/) and only allow the Kong API Gateway be accessible to the public.
 
 This is a popular architecture pattern that we see with customers who have publicly available APIs. Either they are migrating from the initial pattern, improving security by cordoning off direct access to the APIs, or choosing it for their general use. 
 
@@ -31,9 +31,9 @@ This architecture pattern is the one we recommend for most customers. It is stra
 The Kong cluster would be placed behind a firewall, or within an Amazon VPC. The Kong cluster's port 80 or 443, which ever your public API is available on, would be opened to the outside world. Inside the firewall the API servers would only allow connections from the Kong cluster. Other IP:ports may need to be opened for the API servers to reach resources they need to fulfill any requests.
 
 
-Access to the [Kong Admin API can be secured in a couple of different ways](/0.13.x/secure-admin-api/). Depending on your needs you would lock it down to localhost on the machine it is running on, use the firewall to prevent access from anyone outside your network, or proxy the Admin API through Kong itself, and secure it using one of the authentication plugins.
+Access to the [Kong Admin API can be secured in a couple of different ways](/enterprise/{{page.kong_version}}/secure-admin-api/). Depending on your needs you would lock it down to localhost on the machine it is running on, use the firewall to prevent access from anyone outside your network, or proxy the Admin API through Kong itself, and secure it using one of the authentication plugins.
 
-With Kong Enterprise you also have the option of using Role Based Access Control (RBAC) to shape fine grained access for your team, and co-workers. [RBAC in Kong](/enterprise/{{page.kong_version}}/plugins/rbac-api/) is used to create roles with defined permissions; roles are then assigned to users who are limited in what they can and cannot do by the permissions. Roles could be created for read-only roles; for when you want to let co-workers look, but not edit, the configuration. You could also create roles for different teams; giving them access to edit and update only their APIs.
+With Kong Enterprise you also have the option of using Role Based Access Control (RBAC) to shape fine grained access for your team, and co-workers. [RBAC in Kong](/enterprise/{{page.kong_version}}/rbac/overview/) is used to create roles with defined permissions; roles are then assigned to users who are limited in what they can and cannot do by the permissions. Roles could be created for read-only roles; for when you want to let co-workers look, but not edit, the configuration. You could also create roles for different teams; giving them access to edit and update only their APIs.
 
 ## Multi-Datacenter with Cassandra
 
@@ -51,7 +51,7 @@ For security conscious customers we recommend a pattern of having a single node
 
 Each node in Kong cluster can be configured using its kong.conf file. Two separate configurations can be created, one for a proxy only node, and the other for an admin only node. The proxy only nodes would be accessible from the outside world. They would connect to the database and the upstream APIs that are behind the firewall. The admin only node would be inside the firewall, or a separate firewall (or VPC on AWS), and it would connect to the database that the proxy nodes connects to.
 
-So long as the proxy nodes and admin nodes use the same database they will be part of the same cluster. The admin node itself can be located anywhere. There are a few different ways to achieve this. Read [securing the Kong Admin API](/0.13.x/secure-admin-api/) for details.
+So long as the proxy nodes and admin nodes use the same database they will be part of the same cluster. The admin node itself can be located anywhere. There are a few different ways to achieve this. Read [securing the Kong Admin API](/enterprise/{{page.kong_version}}/secure-admin-api/) for details.
 
 ## Unlimited Options
 
diff --git a/app/enterprise/0.34-x/kong-manager/configuration/getting-started.md b/app/enterprise/0.34-x/kong-manager/configuration/getting-started.md
index 613224647d1e..84cb6bbf64ac 100644
--- a/app/enterprise/0.34-x/kong-manager/configuration/getting-started.md
+++ b/app/enterprise/0.34-x/kong-manager/configuration/getting-started.md
@@ -13,7 +13,7 @@ $ kong start [-c /path/to/kong.conf]
 ```
 
 **Note:** the CLI accepts a configuration option (`-c /path/to/kong.conf`)
-allowing you to point to [your own configuration](/0.13.x/configuration/#configuration-loading)
+allowing you to point to [your own configuration](/enterprise/{{page.kong_version}}/property-reference/#configuration-loading)
 
 Once started, navigate to Kong Manager in the browser at `http://localhost:8002`
 
@@ -22,10 +22,10 @@ Once started, navigate to Kong Manager in the browser at `http://localhost:8002`
 If upgrading Kong Enterprise from version 0.33, read the 
 [0.34 Upgrade Guide](/enterprise/{{page.kong_version}}/deployment-guide/#upgrading-to-034), 
 as well as the upgrade notes for a list of new features in the 
-[Changelog](/enterprise/changelog). 
+[Changelog](/enterprise/changelog/#034). 
 
 ## Configuration for Kong Manager
 
-Kong Manager is configurable through the `kong.conf` file. For specific configuration options, refer to the properties described in the [Kong configuration reference](/0.13.x/configuration) and [Kong Enterprise configuration reference](/enterprise/{{page.kong_version}}/property-reference).
+Kong Manager is configurable through the `kong.conf` file. For specific configuration options, refer to the properties described in the [Kong Enterprise configuration reference](/enterprise/{{page.kong_version}}/property-reference).
 
 Next: [Authentication &rsaquo;]({{page.book.next}})
diff --git a/app/enterprise/0.34-x/kong-manager/configuration/networking.md b/app/enterprise/0.34-x/kong-manager/configuration/networking.md
index 31ab5d8a1077..9adad1b3f7ab 100644
--- a/app/enterprise/0.34-x/kong-manager/configuration/networking.md
+++ b/app/enterprise/0.34-x/kong-manager/configuration/networking.md
@@ -1,81 +1,81 @@
 ---
 title: Networking
+redirect_from:
+  - /enterprise/0.34-x/deployment-guide/enterprise/0.34-x/kong-manager/configuration/networking/
+  - /enterprise/0.34-x/deployment-guide/enterprise/0.34-x/kong-manager/configuration/networking/
 book: admin_gui
 chapter: 4
 ---
 
 ## Introduction
 
-This document describes the default networking configuration for Kong Manager 
-as well as common custom configurations. 
-
+This document describes the default networking configuration for Kong Manager
+as well as common custom configurations.
 
 ## Default Configuration
 
-By default, Kong Manager starts up without authentication (`admin_gui_auth`), 
-and it assumes that the Admin API is available on port 8001 (`admin_api_port`) 
+By default, Kong Manager starts up without authentication (`admin_gui_auth`),
+and it assumes that the Admin API is available on port 8001 (`admin_api_port`)
 of the same host that serves Kong Manager.
 
-
 ## Custom Configuration
 
 Common configurations to enable are
 
-* Serving Kong Manager from a dedicated Kong node 
+- Serving Kong Manager from a dedicated Kong node
 
-  When **Kong Manager is on a dedicated Kong node**, it must make external 
+  When **Kong Manager is on a dedicated Kong node**, it must make external
   calls to the Admin API. Set `admin_api_uri` to the location of your Admin API.
 
-* Securing Kong Manager through a Kong authentication plugin
+- Securing Kong Manager through a Kong authentication plugin
 
-  When **Kong Manager is secured through an authentication plugin and _not_ on 
-  a dedicated node**, it makes calls to the Admin API on the same host. By 
-  default, the Admin API listens on ports 8001 and 8444 on 
+  When **Kong Manager is secured through an authentication plugin and _not_ on
+  a dedicated node**, it makes calls to the Admin API on the same host. By
+  default, the Admin API listens on ports 8001 and 8444 on
   localhost. Change `admin_listen` if necessary, or set `admin_api_uri`.
 
-* Securing Kong Manager and serving it from a dedicated node
+- Securing Kong Manager and serving it from a dedicated node
 
-  When **Kong Manager is secured and served from a dedicated node**, set 
+  When **Kong Manager is secured and served from a dedicated node**, set
   `admin_api_uri` to the location of the Admin API.
 
-The table below summarizes which properties to set (or defaults to verify) 
+The table below summarizes which properties to set (or defaults to verify)
 when configuring Kong Manager connectivity to the Admin API.
 
 | authentication enabled | local API    | remote API    | auth settings                                     |
-|------------------------|--------------|---------------|---------------------------------------------------|
+| ---------------------- | ------------ | ------------- | ------------------------------------------------- |
 | yes                    | admin_listen | admin_api_uri | admin_gui_auth, enforce_rbac, admin_gui_auth_conf |
 | no                     | admin_listen | admin_api_uri | n/a                                               |
 
 To enable authentication, configure the following properties:
 
-* [`admin_gui_auth`](/enterprise/{{page.kong_version}}/property-reference/#admin_gui_auth) set to the desired plugin
-* [`admin_gui_auth_conf`](/enterprise/{{page.kong_version}}/property-reference/#admin_gui_auth_conf) (optional)
-* [`enforce_rbac`](/enterprise/{{page.kong_version}}/property-reference/#enforce_rbac) set to `on`
+- [`admin_gui_auth`](/enterprise/{{page.kong_version}}/property-reference/#admin_gui_auth) set to the desired plugin
+- [`admin_gui_auth_conf`](/enterprise/{{page.kong_version}}/property-reference/#admin_gui_auth_conf) (optional)
+- [`enforce_rbac`](/enterprise/{{page.kong_version}}/property-reference/#enforce_rbac) set to `on`
 
-⚠️ When Kong Manager authentication is enabled, RBAC must be turned on to 
-enforce authorization rules. Otherwise, whoever can log in to Kong Manager can 
+⚠️ When Kong Manager authentication is enabled, RBAC must be turned on to
+enforce authorization rules. Otherwise, whoever can log in to Kong Manager can
 perform any operation available on the Admin API.
 
 ## Configuring Kong Manager to Send Email
 
-A Super Admin can invite other Admins to register in Kong Manager, and Admins 
-can reset their passwords using "Forgot Password" functionality. Both of these 
-workflows use email to communicate with the user. 
+A Super Admin can invite other Admins to register in Kong Manager, and Admins
+can reset their passwords using "Forgot Password" functionality. Both of these
+workflows use email to communicate with the user.
 
 Emails from Kong Manager require the following configuration:
 
-* [`admin_emails_from`](/enterprise/{{page.kong_version}}/property-reference/#admin_emails_from)
-* [`admin_emails_reply_to`](/enterprise/{{page.kong_version}}/property-reference/#admin_emails_reply_to)
-* [`admin_invitation_expiry`](/enterprise/{{page.kong_version}}/property-reference/#admin_invitation_expiry)
+- [`admin_emails_from`](/enterprise/{{page.kong_version}}/property-reference/#admin_emails_from)
+- [`admin_emails_reply_to`](/enterprise/{{page.kong_version}}/property-reference/#admin_emails_reply_to)
+- [`admin_invitation_expiry`](/enterprise/{{page.kong_version}}/property-reference/#admin_invitation_expiry)
 
 ⚠️**Important:** Kong does not check for the validity of email
-addresses set in the configuration. If the SMTP settings are 
-configured incorrectly, e.g. if they point to a non-existent 
-email address, Kong Manager will not display an error message. 
+addresses set in the configuration. If the SMTP settings are
+configured incorrectly, e.g. if they point to a non-existent
+email address, Kong Manager will not display an error message.
 
-In addition, refer to the 
-[general SMTP configuration](/enterprise/{{page.kong_version}}/property-reference/#general-smtp-configuration) 
+In addition, refer to the
+[general SMTP configuration](/enterprise/{{page.kong_version}}/property-reference/#general-smtp-configuration)
 shared by Kong Manager and Dev Portal.
 
-
 Next: [Workspaces &rsaquo;]({{page.book.next}})
diff --git a/app/enterprise/0.34-x/kong-manager/organization-management/managing-admins.md b/app/enterprise/0.34-x/kong-manager/organization-management/managing-admins.md
index d7e64e6a11b3..ce7d4ef8136c 100644
--- a/app/enterprise/0.34-x/kong-manager/organization-management/managing-admins.md
+++ b/app/enterprise/0.34-x/kong-manager/organization-management/managing-admins.md
@@ -1,12 +1,14 @@
 ---
 title: Managing Admins
 book: admin_gui
+redirect_from:
+  - /enterprise/0.34-x/organization-management/managing-admins
 chapter: 7
 ---
 
 ## How to Invite a New Admin from the Organization Page
 
-Inviting a new **Admin** through the “Organization” page is similar to inviting an [Admin within a Workspace](#how-to-invite-a-new-admin-in-a-workspace). However, from the “Organization” page, Roles can be assigned to a new **Admin** for multiple Workspaces at once. The **Super Admin** can also view global roles across Workspaces from this page. 
+Inviting a new **Admin** through the “Organization” page is similar to inviting an [Admin within a Workspace](#how-to-invite-a-new-admin-in-a-workspace). However, from the “Organization” page, Roles can be assigned to a new **Admin** for multiple Workspaces at once. The **Super Admin** can also view global roles across Workspaces from this page.
 
 <video width="100%" autoplay loop controls>
   <source src="https://konghq.com/wp-content/uploads/2019/02/org-super-admin-ent-34.mov" type="video/mp4">
@@ -17,17 +19,17 @@ Inviting a new **Admin** through the “Organization” page is similar to invit
 
 2. Fill out the username and email address. When a new **Admin** receives an invitation, they will only be able to log in with that email address. Assign the appropriate Role and click “Invite User” to send the invitation.
 
-    **Super Admins** can invite users to multiple Workspaces, and assign them any Role available within Workspaces, including Roles that exist by default (e.g. super-admin, read-only) and Roles with customized permissions. 
+   **Super Admins** can invite users to multiple Workspaces, and assign them any Role available within Workspaces, including Roles that exist by default (e.g. super-admin, read-only) and Roles with customized permissions.
 
-    The **Super Admin** can see all available Roles across Workspaces on the “Roles” tab of the “Organization” page.
+   The **Super Admin** can see all available Roles across Workspaces on the “Roles” tab of the “Organization” page.
 
 ⚠️ **IMPORTANT**: If a **Role** is not assigned to or is revoked from an **Admin**, the **Workspace** will still appear in the **Admin's Workspace Access** column on the **Organization** page. The **Admin** will not actually be able to access anything in the **Workspace** without a **Role**.
 
     ![Role List](https://konghq.com/wp-content/uploads/2018/12/org2.png)
 
-3. On the “Organization” page, the new invitee will appear on the list with the “Invited” status. Once they accept the invitation, the user will be listed in the main “Users” list. 
+3. On the “Organization” page, the new invitee will appear on the list with the “Invited” status. Once they accept the invitation, the user will be listed in the main “Users” list.
 
-    ![User List](https://konghq.com/wp-content/uploads/2018/12/org3-1.png)
+   ![User List](https://konghq.com/wp-content/uploads/2018/12/org3-1.png)
 
 4. The newly invited **Admin** will have the ability to set a password. If the **Admin** ever forgets the password, it is possible for them to reset it through a recovery email.
 
@@ -36,88 +38,88 @@ Inviting a new **Admin** through the “Organization” page is similar to invit
 ![Create an Admin in Kong Manager](https://konghq.com/wp-content/uploads/2018/07/admins2.png)
 
 1. On the **Admins** page, to invite a new **Admin**, click the **Create New Admin**
-button.
+   button.
 
-2.  When a new **Admin** receives an invitation, they will only be able to log in 
-    with that email address. Assign the appropriate Role and click **Invite Admin** 
-    to send the invitation.
+2. When a new **Admin** receives an invitation, they will only be able to log in
+   with that email address. Assign the appropriate Role and click **Invite Admin**
+   to send the invitation.
 
-    ![Create New Admin](https://konghq.com/wp-content/uploads/2018/11/km-name-admin.png)
+   ![Create New Admin](https://konghq.com/wp-content/uploads/2018/11/km-name-admin.png)
 
-3. On the **Admins** page, the new invitee will appear on the list with the 
-    "invited" status. Once they accept the invitation, their status will 
-    change to "accepted".
+3. On the **Admins** page, the new invitee will appear on the list with the
+   "invited" status. Once they accept the invitation, their status will
+   change to "accepted".
 
-    ![Invited Admins](https://konghq.com/wp-content/uploads/2018/11/km-invited-admins.png)
+   ![Invited Admins](https://konghq.com/wp-content/uploads/2018/11/km-invited-admins.png)
 
-4. The newly invited **Admin** will have the ability to set a password. If the 
-    **Admin** forgets the password, it is possible to reset it through a recovery email.
+4. The newly invited **Admin** will have the ability to set a password. If the
+   **Admin** forgets the password, it is possible to reset it through a recovery email.
 
-⚠️ **IMPORTANT**: By default, the registration link will expire after 259,200 
-    seconds (3 days). This timeframe can be configured with the `kong.conf` 
-    file in `admin_invitation_expiry`.
- 
-⚠️ **IMPORTANT**: If an email fails to send, either due to an incorrect email 
-    address or an external error, it will be possible to resend an invitation.
+⚠️ **IMPORTANT**: By default, the registration link will expire after 259,200
+seconds (3 days). This timeframe can be configured with the `kong.conf`
+file in `admin_invitation_expiry`.
 
-⚠️ **IMPORTANT**: If SMTP is not enabled or the invitation email fails to send, 
-    it is possible for the **Super Admin** to copy and provide a registration link 
-    directly. See the next section.
+⚠️ **IMPORTANT**: If an email fails to send, either due to an incorrect email
+address or an external error, it will be possible to resend an invitation.
+
+⚠️ **IMPORTANT**: If SMTP is not enabled or the invitation email fails to send,
+it is possible for the **Super Admin** to copy and provide a registration link
+directly. See the next section.
 
 ## How to Copy and Send a Registration Link
 
-If a mail server is not yet set up, it is still possible to invite **Admins** to 
-register and log in. 
+If a mail server is not yet set up, it is still possible to invite **Admins** to
+register and log in.
 
-1. Invite an **Admin** as described in the section above. 
+1. Invite an **Admin** as described in the section above.
 
-2. If the "View" link is clicked next to the invited **Admin**'s name, a 
-    `register_url` is displayed on the invitee's details page. 
+2. If the "View" link is clicked next to the invited **Admin**'s name, a
+   `register_url` is displayed on the invitee's details page.
 
-    ![Registration URL](https://konghq.com/wp-content/uploads/2018/11/km-registration-url.png)
+   ![Registration URL](https://konghq.com/wp-content/uploads/2018/11/km-registration-url.png)
 
-3. Copy and directly send this link to the invited **Admin** so that they may set 
-    up their credentials and log in. 
+3. Copy and directly send this link to the invited **Admin** so that they may set
+   up their credentials and log in.
 
-⚠️ **IMPORTANT**: If `admin_gui_auth` is `ldap-auth-advanced`, credentials are 
+⚠️ **IMPORTANT**: If `admin_gui_auth` is `ldap-auth-advanced`, credentials are
 not stored in Kong, and the Admin will be directed to Login.
 
 ## How to Grant an Admin Access with LDAP
 
-1. Pick a user in the LDAP Directory that will be the **Super Admin**. 
+1. Pick a user in the LDAP Directory that will be the **Super Admin**.
 
 2. Change the **Super Admin**’s username in Kong by making a `PATCH` request to
-`admins/kong_admin` and setting the value of `username` to the corresponding 
-LDAP `attribute`. 
+   `admins/kong_admin` and setting the value of `username` to the corresponding
+   LDAP `attribute`.
 
-For example, if the LDAP user's attribute is `einstein`, 
+For example, if the LDAP user's attribute is `einstein`,
 the `PATCH` to `/admins/kong_admin` should have a `username` set to `einstein`.
 
-3. Log in to Kong Manager using the LDAP credentials associated with the Super 
-Admin.
+3.  Log in to Kong Manager using the LDAP credentials associated with the Super
+    Admin.
 
-4. Invite Admins from the "Admins" page in Kong Manager, ensuring that the 
-`username` of each Admin is mapped to the `attribute` value set in the LDAP 
-directory.
+4.  Invite Admins from the "Admins" page in Kong Manager, ensuring that the
+    `username` of each Admin is mapped to the `attribute` value set in the LDAP
+    directory.
 
-        ⚠️ **IMPORTANT**: To enable the Admins to log in, it is still necessary 
-        to assign a Role to them.
+            ⚠️ **IMPORTANT**: To enable the Admins to log in, it is still necessary
+            to assign a Role to them.
 
-5. Once an Admin has logged in successfully and accesses the Admin API using 
-their LDAP credentials, they will be marked as “approved” on the "Admins" list 
-in Kong Manager
+5.  Once an Admin has logged in successfully and accesses the Admin API using
+    their LDAP credentials, they will be marked as “approved” on the "Admins" list
+    in Kong Manager
 
-        ⚠️ **IMPORTANT**: The new Admins will still receive an email, but all 
-        credentials will be handled through the LDAP server, not Kong Manager 
-        or the Admin API.
+            ⚠️ **IMPORTANT**: The new Admins will still receive an email, but all
+            credentials will be handled through the LDAP server, not Kong Manager
+            or the Admin API.
 
 ## Using the Organization Page to Manage Users
 
-To view all of the current Workspaces and Roles, click the "Organization" link 
-on the top navigation bar. 
+To view all of the current Workspaces and Roles, click the "Organization" link
+on the top navigation bar.
 
-From this page, it is possible to update every user's Role across any 
-Workspace. From the "Roles" tab, it is also possible to update the permissions 
+From this page, it is possible to update every user's Role across any
+Workspace. From the "Roles" tab, it is also possible to update the permissions
 assigned to each Role.
 
 Next: [Vitals &rsaquo;]({{page.book.next}})
diff --git a/app/enterprise/0.34-x/kong-manager/organization-management/workspaces.md b/app/enterprise/0.34-x/kong-manager/organization-management/workspaces.md
index b8d4f5a8e1f2..18bea5029a5c 100644
--- a/app/enterprise/0.34-x/kong-manager/organization-management/workspaces.md
+++ b/app/enterprise/0.34-x/kong-manager/organization-management/workspaces.md
@@ -1,5 +1,7 @@
 ---
 title: Workspaces
+redirect_from:
+  - /enterprise/0.34-x/kong-manager/organization-management/rbac-in-workspaces
 book: admin_gui
 chapter: 5
 ---
@@ -11,19 +13,19 @@ chapter: 5
  Your browser does not support the video tag.
 </video>
 
-1. Log in as the Super Admin. On the "Workspaces" page, click the "New Workspace" button at the top right to see the "Create Workspace" form.
+1.  Log in as the Super Admin. On the "Workspaces" page, click the "New Workspace" button at the top right to see the "Create Workspace" form.
 
     ![New Workspace Form](https://konghq.com/wp-content/uploads/2018/11/km-new-workspace.png)
 
-2. Name the new Workspace.
-    
+2.  Name the new Workspace.
+
     ![Name the New Workspace](https://konghq.com/wp-content/uploads/2018/11/km-name-ws.png)
 
-    ⚠️ **WARNING**: Each Workspace name should be unique, regardless of letter 
-    case. For example, naming one Workspace "Payments" and another one 
+    ⚠️ **WARNING**: Each Workspace name should be unique, regardless of letter
+    case. For example, naming one Workspace "Payments" and another one
     "payments" will create two different workspaces that look identical.
 
-    ⚠️ **WARNING**: Do not name Workspaces the same as these major routes in Kong 
+    ⚠️ **WARNING**: Do not name Workspaces the same as these major routes in Kong
     Manager:
 
     ```
@@ -40,21 +42,21 @@ chapter: 5
     • Vitals
     ```
 
-3. Select a color or avatar to make each Workspace easier to distinguish, or accept the default color. 
+3.  Select a color or avatar to make each Workspace easier to distinguish, or accept the default color.
 
     ![Select Workspace Color](https://konghq.com/wp-content/uploads/2018/11/km-color-ws.png)
 
-4. Click the "Create New Workspace" button. Upon creation, the application will navigate to the new Workspace's "Dashboard" page.
+4.  Click the "Create New Workspace" button. Upon creation, the application will navigate to the new Workspace's "Dashboard" page.
 
     ![New Dashboard](https://konghq.com/wp-content/uploads/2018/11/km-new-dashboard.png)
 
-5. On the left sidebar, click the "Admins" link in the "Security" section. If 
-the sidebar is collapsed, hover over the security badge icon at the bottom and 
-click the "Admins" link. 
+5.  On the left sidebar, click the "Admins" link in the "Security" section. If
+    the sidebar is collapsed, hover over the security badge icon at the bottom and
+    click the "Admins" link.
 
-    ![Admins Hover Over](https://konghq.com/wp-content/uploads/2018/11/admins-section.png)
+        ![Admins Hover Over](https://konghq.com/wp-content/uploads/2018/11/admins-section.png)
 
-6. The "Admins" page displays a list of current Admins and Roles. Four default Roles specific to the new Workspace are already visible, and new Roles specific to the Workspace can be assigned from this page. 
+6.  The "Admins" page displays a list of current Admins and Roles. Four default Roles specific to the new Workspace are already visible, and new Roles specific to the Workspace can be assigned from this page.
 
     ![New Workspace Admins](https://konghq.com/wp-content/uploads/2018/11/km-ws-admins.png)
 
@@ -65,13 +67,13 @@ click the "Admins" link.
  Your browser does not support the video tag.
 </video>
 
-⚠️ **IMPORTANT**: In order to delete a Workspace, everything inside the 
-Workspace must be deleted first. This includes default Roles on the "Admins" 
+⚠️ **IMPORTANT**: In order to delete a Workspace, everything inside the
+Workspace must be deleted first. This includes default Roles on the "Admins"
 page.
 
 1. Within the Workspace, navigate to the "Dashboard" page.
 
-    ![Workspace Dashboard](https://konghq.com/wp-content/uploads/2018/11/km-dashboard.png)
+   ![Workspace Dashboard](https://konghq.com/wp-content/uploads/2018/11/km-dashboard.png)
 
 2. At the top right, click the "Settings" button.
 
@@ -79,17 +81,17 @@ page.
 
 ## Navigating across Workspaces in Kong Manager
 
-To navigate between Workspaces, from the "Overview" page, click on any 
-Workspace displayed beneath the Vitals chart. The list of Workspaces may be 
+To navigate between Workspaces, from the "Overview" page, click on any
+Workspace displayed beneath the Vitals chart. The list of Workspaces may be
 rendered as cards or a table, depending on preference.
 
 ![Workspace List](https://konghq.com/wp-content/uploads/2018/11/km-ws-list.png)
 
-If a Role does not have permission to access entire endpoints, the user 
+If a Role does not have permission to access entire endpoints, the user
 assigned to the Role will not be able to see the related navigation links.
 
 For more information about Admins and Roles, see [RBAC and Permissions](/enterprise/{{page.kong_version}}/kong-manager/organization-management/rbac-and-perms). For 
 information about how RBAC applies to specific Workspaces, see 
-[RBAC in Workspaces](/enterprise/{{page.kong_version}}/kong-manager/organization-management/rbac-in-workspaces)
+[RBAC in Workspaces](/enterprise/{{page.kong_version}}/kong-manager/organization-management/rbac-and-perms/#rbac-in-workspaces)
 
 Next: [RBAC and Permissions &rsaquo;]({{page.book.next}})
diff --git a/app/enterprise/0.34-x/loadbalancing.md b/app/enterprise/0.34-x/loadbalancing.md
new file mode 100644
index 000000000000..b359cac4e0c9
--- /dev/null
+++ b/app/enterprise/0.34-x/loadbalancing.md
@@ -0,0 +1,367 @@
+---
+title: Load Balancing Reference
+---
+
+## Introduction
+
+Kong provides multiple ways of load balancing requests to multiple backend
+services: a straightforward DNS-based method, and a more dynamic ring-balancer
+that also allows for service registry without needing a DNS server.
+
+## DNS-based load balancing
+
+When using DNS-based load balancing, the registration of the backend services
+is done outside of Kong, and Kong only receives updates from the DNS server.
+
+Every Service that has been defined with a `host` containing a hostname
+(instead of an IP address) will automatically use DNS-based load balancing
+if the name resolves to multiple IP addresses, provided the hostname does not
+resolve to an `upstream` name or a name in your DNS hostsfile.
+
+The DNS record `ttl` setting (time to live) determines how often the information
+is refreshed. When using a `ttl` of 0, every request will be resolved using its
+own DNS query. Obviously this will have a performance penalty, but the latency of
+updates/changes will be very low.
+
+[Back to TOC](#table-of-contents)
+
+### A records
+
+An A record contains one or more IP addresses. Hence, when a hostname
+resolves to an A record, each backend service must have its own IP address.
+
+Because there is no `weight` information, all entries will be treated as equally
+weighted in the load balancer, and the balancer will do a straight forward
+round-robin.
+
+[Back to TOC](#table-of-contents)
+
+### SRV records
+
+An SRV record contains weight and port information for all of its IP addresses.
+A backend service can be identified by a unique combination of IP address
+and port number. Hence, a single IP address can host multiple instances of the
+same service on different ports.
+
+Because the `weight` information is available, each entry will get its own
+weight in the load balancer and it will perform a weighted round-robin.
+
+Similarly, any given port information will be overridden by the port information from
+the DNS server. If a Service has attributes `host=myhost.com` and `port=123`,
+and `myhost.com` resolves to an SRV record with `127.0.0.1:456`, then the request
+will be proxied to `http://127.0.0.1:456/somepath`, as port `123` will be
+overridden by `456`.
+
+[Back to TOC](#table-of-contents)
+
+### DNS priorities
+
+The DNS resolver will start resolving the following record types in order:
+
+  1. The last successful type previously resolved
+  2. SRV record
+  3. A record
+  4. CNAME record
+
+This order is configurable through the [`dns_order` configuration property][dns-order-config].
+
+[Back to TOC](#table-of-contents)
+
+### DNS caveats
+
+- Whenever the DNS record is refreshed a list is generated to handle the
+weighting properly. Try to keep the weights as multiples of each other to keep
+the algorithm performant, e.g., 2 weights of 17 and 31 would result in a structure
+with 527 entries, whereas weights 16 and 32 (or their smallest relative
+counterparts 1 and 2) would result in a structure with merely 3 entries,
+especially with a very small (or even 0) `ttl` value.
+
+- Some nameservers do not return all entries (due to UDP packet size) in those
+cases (for example Consul returns a maximum of 3) a given Kong node will only
+use the few upstream service instances provided by the nameserver. In this
+scenario, it is possible that the pool of upstream instances will be loaded
+inconsistently, because the Kong node is effectively unaware of some of the
+instances, due to the limited information provided by the nameserver.
+To mitigate this use a different nameserver, use IP
+addresses instead of names, or make sure you use enough Kong nodes to still
+have all upstream services being used.
+
+- When the nameserver returns a `3 name error`, then that is a valid response
+for Kong. If this is unexpected, first validate the correct name is being
+queried for, and second check your nameserver configuration.
+
+- The initial pick of an IP address from a DNS record (A or SRV) is not
+randomized. So when using records with a `ttl` of 0, the nameserver is
+expected to randomize the record entries.
+
+[Back to TOC](#table-of-contents)
+
+## Ring-balancer
+
+When using the ring-balancer, the adding and removing of backend services will
+be handled by Kong, and no DNS updates will be necessary. Kong will act as the
+service registry. Nodes can be added/deleted with a single HTTP request and
+will instantly start/stop receiving traffic.
+
+Configuring the ring-balancer is done through the `upstream` and `target`
+entities.
+
+  - `target`: an IP address or hostname with a port number where a backend
+    service resides, eg. "192.168.100.12:80". Each target gets an additional
+    `weight` to indicate the relative load it gets. IP addresses can be
+    in both IPv4 and IPv6 format.
+  - `upstream`: a 'virtual hostname' which can be used in a Route `host`
+    field, e.g., an upstream named `weather.v2.service` would get all requests
+    from a Service with `host=weather.v2.service`.
+
+[Back to TOC](#table-of-contents)
+
+### Upstream
+
+Each upstream gets its own ring-balancer. Each `upstream` can have many
+`target` entries attached to it, and requests proxied to the 'virtual hostname'
+will be load balanced over the targets. A ring-balancer has a pre-defined
+number of slots, and based on the target weights the slots get assigned to the
+targets of the upstream.
+
+Adding and removing targets can be done with a simple HTTP request on the
+Admin API. This operation is relatively cheap. Changing the upstream
+itself is more expensive as the balancer will need to be rebuilt when the
+number of slots change for example.
+
+The only occurrence where the balancer will be rebuilt automatically is when
+the target history is cleaned; other than that, it will only rebuild upon changes.
+
+Within the balancer there are the positions (from 1 to `slots`),
+which are __randomly distributed__ on the ring.
+The randomness is required to make invoking the ring-balancer cheap at
+runtime. A simple round-robin over the wheel (the positions) will do to
+provide a well distributed weighted round-robin over the `targets`, whilst
+also having cheap operations when inserting/deleting targets.
+
+The number of slots to use per target should (at least) be around 100 to make
+sure the slots are properly distributed. Eg. for an expected maximum of 8
+targets, the `upstream` should be defined with at least `slots=800`, even if
+the initial setup only features 2 targets.
+
+The tradeoff here is that the higher the number of slots, the better the random
+distribution, but the more expensive the changes are (add/removing targets)
+
+Detailed information on adding and manipulating
+upstreams is available in the `upstream` section of the
+[Admin API reference][upstream-object-reference].
+
+[Back to TOC](#table-of-contents)
+
+### Target
+
+Because the `upstream` maintains a history of changes, targets can only be
+added, not modified nor deleted. To change a target, just add a new entry for
+the target, and change the `weight` value. The last entry is the one that will
+be used. As such setting `weight=0` will disable a target, effectively
+deleting it from the balancer. Detailed information on adding and manipulating
+targets is available in the `target` section of the
+[Admin API reference][target-object-reference].
+
+The targets will be automatically cleaned when there are 10x more inactive
+entries than active ones. Cleaning will involve rebuilding the balancer, and
+hence is more expensive than just adding a target entry.
+
+A `target` can also have a hostname instead of an IP address. In that case
+the name will be resolved and all entries found will individually be added to
+the ring balancer, e.g., adding `api.host.com:123` with `weight=100`. The
+name 'api.host.com' resolves to an A record with 2 IP addresses. Then both
+ip addresses will be added as target, each getting `weight=100` and port 123.
+__NOTE__: the weight is used for the individual entries, not for the whole!
+
+Would it resolve to an SRV record, then also the `port` and `weight` fields
+from the DNS record would be picked up, and would overrule the given port `123`
+and `weight=100`.
+
+The balancer will honor the DNS record's `ttl` setting and requery and update
+the balancer when it expires.
+
+__Exception__: When a DNS record has `ttl=0`, the hostname will be added
+as a single target, with the specified weight. Upon every proxied request
+to this target it will query the nameserver again.
+
+[Back to TOC](#table-of-contents)
+
+### Balancing algorithms
+
+By default a ring-balancer will use a weighted-round-robin scheme. The alternative
+would be to use the hash-based algorithm. The input for the hash can be either
+`none`, `consumer`, `ip`, or `header`. When set to `none` the
+weighted-round-robin scheme will be used, and hashing will be disabled.
+
+There are two options, a primary and a fallback in case the primary fails
+(e.g., if the primary is set to `consumer`, but no consumer is authenticated)
+
+The different hashing options:
+
+- `none`: Do not use hashing, but use weighted-round-robin instead (default).
+
+- `consumer`: Use the consumer id as the hash input. This option will fallback
+  on the credential id if no consumer id is available (in case of external auth
+  like ldap).
+
+- `ip`: The remote (originating) IP address will be used as input. Review the
+  configuration settings for [determining the real IP][real-ip-config] when
+  using this.
+
+- `header`: use a specified header (in either `hash_on_header` or `hash_fallback_header`
+  field) as input for the hash.
+
+The hashing algorithm is based on 'consistent-hashing' (or the 'ketama principle')
+which makes sure that when the balancer gets modified by changing the targets
+(adding, removing, failing, or changing weights) only the minimum number of
+hashing losses occur. This will maximize upstream cache hits.
+
+For more information on the exact settings see the `upstream` section of the
+[Admin API reference][upstream-object-reference].
+
+[Back to TOC](#table-of-contents)
+
+### Balancing caveats
+
+The ring-balancer is designed to work both with a single node as well as in a cluster.
+For the weighted-round-robin algorithm there isn't much difference, but when using
+the hash based algorithm it is important that all nodes build the exact same
+ring-balancer to make sure they all work identical. To do this the balancer
+must be build in a deterministic way.
+
+- Do not use hostnames in the balancer as the
+balancers might/will slowly diverge because the DNS ttl has only second precision
+and renewal is determined by when a name is actually requested. On top of this is
+the issue with some nameservers not returning all entries, which exacerbates
+this problem. So when using the hashing approach in a Kong cluster, add `target`
+entities only by their IP address, and never by name.
+
+- When picking your hash input make sure the input has enough variance to get
+to a well distributed hash. Hashes will be calculated using the CRC-32 digest.
+So for example, if your system has thousands of users, but only a few consumers, defined
+per platform (eg. 3 consumers: Web, iOS and Android) then picking the `consumer`
+hash input will not suffice, using the remote IP address by setting the hash to
+`ip` would provide more variance in the input and hence a better distribution
+in the hash output.
+
+[Back to TOC](#table-of-contents)
+
+## Blue-Green Deployments
+
+Using the ring-balancer a [blue-green deployment][blue-green-canary] can be easily orchestrated for
+a Service. Switching target infrastructure only requires a `PATCH` request on a
+Service, to change its `host` value.
+
+Set up the "Blue" environment, running version 1 of the address service:
+
+```bash
+# create an upstream
+$ curl -X POST http://kong:8001/upstreams \
+    --data "name=address.v1.service"
+
+# add two targets to the upstream
+$ curl -X POST http://kong:8001/upstreams/address.v1.service/targets \
+    --data "target=192.168.34.15:80"
+    --data "weight=100"
+$ curl -X POST http://kong:8001/upstreams/address.v1.service/targets \
+    --data "target=192.168.34.16:80"
+    --data "weight=50"
+
+# create a Service targeting the Blue upstream
+$ curl -X POST http://kong:8001/services/ \
+    --data "name=address-service" \
+    --data "host=address.v1.service" \
+    --data "path=/address"
+
+# finally, add a Route as an entry-point into the Service
+$ curl -X POST http://kong:8001/services/address-service/routes/ \
+    --data "hosts[]=address.mydomain.com"
+```
+
+Requests with host header set to `address.mydomain.com` will now be proxied
+by Kong to the two defined targets; 2/3 of the requests will go to
+`http://192.168.34.15:80/address` (`weight=100`), and 1/3 will go to
+`http://192.168.34.16:80/address` (`weight=50`).
+
+Before deploying version 2 of the address service, set up the "Green"
+environment:
+
+```bash
+# create a new Green upstream for address service v2
+$ curl -X POST http://kong:8001/upstreams \
+    --data "name=address.v2.service"
+
+# add targets to the upstream
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.17:80"
+    --data "weight=100"
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.18:80"
+    --data "weight=100"
+```
+
+To activate the Blue/Green switch, we now only need to update the Service:
+
+```bash
+# Switch the Service from Blue to Green upstream, v1 -> v2
+$ curl -X PATCH http://kong:8001/services/address-service \
+    --data "host=address.v2.service"
+```
+
+Incoming requests with host header set to `address.mydomain.com` will now be
+proxied by Kong to the new targets; 1/2 of the requests will go to
+`http://192.168.34.17:80/address` (`weight=100`), and the other 1/2 will go to
+`http://192.168.34.18:80/address` (`weight=100`).
+
+As always, the changes through the Kong Admin API are dynamic and will take
+effect immediately. No reload or restart is required, and no in progress
+requests will be dropped.
+
+[Back to TOC](#table-of-contents)
+
+## Canary Releases
+
+Using the ring-balancer, target weights can be adjusted granularly, allowing
+for a smooth, controlled [canary release][blue-green-canary].
+
+Using a very simple 2 target example:
+
+```bash
+# first target at 1000
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.17:80"
+    --data "weight=1000"
+
+# second target at 0
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.18:80"
+    --data "weight=0"
+```
+
+By repeating the requests, but altering the weights each time, traffic will
+slowly be routed towards the other target. For example, set it at 10%:
+
+```bash
+# first target at 900
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.17:80"
+    --data "weight=900"
+
+# second target at 100
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.18:80"
+    --data "weight=100"
+```
+
+The changes through the Kong Admin API are dynamic and will take
+effect immediately. No reload or restart is required, and no in progress
+requests will be dropped.
+
+[Back to TOC](#table-of-contents)
+
+[upstream-object-reference]: /enterprise/{{page.kong_version}}/admin-api#upstream-object
+[target-object-reference]: /enterprise/{{page.kong_version}}/admin-api#target-object
+[dns-order-config]: /enterprise/{{page.kong_version}}/property-reference/#dns_order
+[real-ip-config]: /enterprise/{{page.kong_version}}/property-reference/#real_ip_header
+[blue-green-canary]: http://blog.christianposta.com/deploy/blue-green-deployments-a-b-testing-and-canary-releases/
diff --git a/app/enterprise/0.34-x/lua-reference/index.html b/app/enterprise/0.34-x/lua-reference/index.html
new file mode 100644
index 000000000000..e97ceaab5fb1
--- /dev/null
+++ b/app/enterprise/0.34-x/lua-reference/index.html
@@ -0,0 +1,101 @@
+---
+title: Lua Reference
+layout: default
+---
+
+
+<header class="page-header">
+  <div class="container">
+    <div class="page-header-icon">
+      <img src="/assets/images/icons/icn-documentation.svg" alt="Documentation" />
+    </div>
+    <div class="page-header-title">
+      <h1>Public Lua API Reference</h1>
+      <p>For plugins developers and core contributors</p>
+    </div>
+    {% if site.data.kong_versions.size > 1 %}
+      {% include lua-reference-dropdown.html
+        page=page
+        site=site
+      %}
+    {% endif %}
+  </div>
+</header>
+
+<div class="container">
+  <aside class="page-navigation">
+    <nav>
+      <ul>
+        <li>
+          <a href="/{{page.kong_version}}"><h5>Back to docs</h5></a>
+        </li>
+        <li>
+          <a href="/{{page.kong_version}}/lua-reference/"><h5>Index</h5></a>
+        </li>
+        <li>
+          <h5>Modules</h5>
+          <ul>
+            <li><a href="modules/kong.dao">kong.dao</a></li>
+            <li><a href="modules/kong.plugins.basic-auth.crypto">kong.plugins.basic-auth.crypto</a></li>
+            <li><a href="modules/kong.plugins.galileo.alf">kong.plugins.galileo.alf</a></li>
+            <li><a href="modules/kong.plugins.galileo.buffer">kong.plugins.galileo.buffer</a></li>
+            <li><a href="modules/kong.plugins.jwt.jwt_parser">kong.plugins.jwt.jwt_parser</a></li>
+            <li><a href="modules/kong.tools.responses">kong.tools.responses</a></li>
+            <li><a href="modules/kong.tools.timestamp">kong.tools.timestamp</a></li>
+            <li><a href="modules/kong.tools.utils">kong.tools.utils</a></li>
+            <li><a href="modules/spec.helpers">spec.helpers</a></li>
+          </ul>
+        </li>
+      </ul>
+    </nav>
+  </aside>
+
+  <div class="page-content-container">
+  <div class="page-content">
+    <div class="content">
+
+      <h2>Modules</h2>
+      <table class="module_list">
+        <tr>
+          <td class="name"><a href="modules/kong.dao">kong.dao</a></td>
+          <td class="summary">Operates over entities of a given type in a database table.</td>
+        </tr>
+        <tr>
+          <td class="name"><a href="modules/kong.plugins.basic-auth.crypto">kong.plugins.basic-auth.crypto</a></td>
+          <td class="summary">Salt the password
+ Password is salted with the credential's consumer_id (long enough, unique)</td>
+        </tr>
+        <tr>
+          <td class="name"><a href="modules/kong.plugins.galileo.alf">kong.plugins.galileo.alf</a></td>
+          <td class="summary">Add an entry to the ALF's <code>entries</code></td>
+        </tr>
+        <tr>
+          <td class="name"><a href="modules/kong.plugins.galileo.buffer">kong.plugins.galileo.buffer</a></td>
+          <td class="summary">Timer handlers</td>
+        </tr>
+        <tr>
+          <td class="name"><a href="modules/kong.plugins.jwt.jwt_parser">kong.plugins.jwt.jwt_parser</a></td>
+          <td class="summary">Supported algorithms for signing tokens.</td>
+        </tr>
+        <tr>
+          <td class="name"><a href="modules/kong.tools.responses">kong.tools.responses</a></td>
+          <td class="summary">Kong helper methods to send HTTP responses to clients.</td>
+        </tr>
+        <tr>
+          <td class="name"><a href="modules/kong.tools.timestamp">kong.tools.timestamp</a></td>
+          <td class="summary">Module for timestamp support.</td>
+        </tr>
+        <tr>
+          <td class="name"><a href="modules/kong.tools.utils">kong.tools.utils</a></td>
+          <td class="summary">Module containing some general utility functions used in many places in Kong.</td>
+        </tr>
+        <tr>
+          <td class="name"><a href="modules/spec.helpers">spec.helpers</a></td>
+          <td class="summary">Collection of utilities to help testing Kong features and plugins.</td>
+        </tr>
+      </table>
+
+    </div>
+  </div>
+</div>
+</div>
diff --git a/app/enterprise/0.34-x/lua-reference/modules/kong.dao.html b/app/enterprise/0.34-x/lua-reference/modules/kong.dao.html
new file mode 100644
index 000000000000..bcac61150434
--- /dev/null
+++ b/app/enterprise/0.34-x/lua-reference/modules/kong.dao.html
@@ -0,0 +1,427 @@
+---
+title: Lua Reference - kong.dao
+layout: default
+---
+
+
+<header class="page-header">
+  <div class="container">
+    <div class="page-header-icon">
+      <img src="/assets/images/icons/icn-documentation.svg" alt="Documentation" />
+    </div>
+    <div class="page-header-title">
+      <h1>Public Lua API Reference</h1>
+      <p>For plugins developers and core contributors</p>
+    </div>
+    {% if site.data.kong_versions.size > 1 %}
+      {% include lua-reference-dropdown.html
+        page=page
+        site=site
+      %}
+    {% endif %}
+  </div>
+</header>
+
+<div class="container">
+  <aside class="page-navigation">
+    <nav>
+      <ul>
+        <li>
+          <a href="/{{page.kong_version}}"><h5>Back to docs</h5></a>
+        </li>
+        <li>
+          <a href="/{{page.kong_version}}/lua-reference/"><h5>Index</h5></a>
+        </li>
+        <li>
+          <h5>Modules</h5>
+          <ul>
+            <li>kong.dao</li>
+            <li><a href="../../modules/kong.plugins.basic-auth.crypto">kong.plugins.basic-auth.crypto</a></li>
+            <li><a href="../../modules/kong.plugins.galileo.alf">kong.plugins.galileo.alf</a></li>
+            <li><a href="../../modules/kong.plugins.galileo.buffer">kong.plugins.galileo.buffer</a></li>
+            <li><a href="../../modules/kong.plugins.jwt.jwt_parser">kong.plugins.jwt.jwt_parser</a></li>
+            <li><a href="../../modules/kong.tools.responses">kong.tools.responses</a></li>
+            <li><a href="../../modules/kong.tools.timestamp">kong.tools.timestamp</a></li>
+            <li><a href="../../modules/kong.tools.utils">kong.tools.utils</a></li>
+            <li><a href="../../modules/spec.helpers">spec.helpers</a></li>
+          </ul>
+        </li>
+      </ul>
+    </nav>
+  </aside>
+
+  <div class="page-content-container">
+  <div class="page-content">
+    <div class="content">
+<h1><code>kong.dao</code></h1>
+<p>Operates over entities of a given type in a database table.</p>
+<p>An instance of this class is to be instantiated for each entity, and can interact
+ with the table representing the entity in the database.</p>
+
+<p> Instantiations of this class are managed by the DAO Factory.</p>
+
+<p> This class provides an abstraction for various databases (PostgreSQL, Cassandra)
+ and is responsible for propagating clustering events related to data invalidation,
+ as well as foreign constraints when the underlying database does not support them
+ (as with Cassandra).</p>
+
+
+<h3>Info:</h3>
+<ul>
+</ul>
+
+<h2><a href="#Functions">Functions</a></h2>
+<table class="function_list">
+  <tr>
+    <td class="name"><a href="#DAO:count">DAO:count (tbl)</a></td>
+    <td class="summary">Count the number of rows.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#DAO:delete">DAO:delete (tbl)</a></td>
+    <td class="summary">Delete a row.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#DAO:find">DAO:find (tbl)</a></td>
+    <td class="summary">Find a row.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#DAO:find_all">DAO:find_all (tbl)</a></td>
+    <td class="summary">Find all rows.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#DAO:find_page">DAO:find_page (tbl, page_offset, page_size)</a></td>
+    <td class="summary">Find a paginated set of rows.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#DAO:insert">DAO:insert (tbl, options)</a></td>
+    <td class="summary">Insert a row.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#DAO:new">DAO:new (db, model_mt, schema, constraints)</a></td>
+    <td class="summary">Instantiate a DAO.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#DAO:update">DAO:update (tbl, filter_keys, options)</a></td>
+    <td class="summary">Update a row.</td>
+  </tr>
+</table>
+
+
+<h2 class="section-header "><a name="Functions">Functions</a></h2>
+
+
+<dl class="function">
+  <hr />
+  <dt>
+    <h4><a name="DAO:count">DAO:count</a></h4>
+  </dt>
+  <dd>
+    Count the number of rows.
+ Count the number of rows matching the given values.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">tbl</code>
+          <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+          (optional) A table containing the fields and values to filter for.
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        <span class="types"><span class="type">number</span></span>
+        count The total count of rows matching the given filter, or total count of rows if no filter was given.
+      </li>
+      <li>
+        <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+        err If an error occurred, a table describing the issue.
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="DAO:delete">DAO:delete</a></h4>
+  </dt>
+  <dd>
+    Delete a row.
+ Delete a row in table related to this instance. Also deletes all rows with a relashionship to the deleted row
+ (via foreign key relations). For SQL databases such as PostgreSQL, the underlying implementation
+ leverages "FOREIGN KEY" constraints, but for others such as Cassandra, such operations are executed
+ manually.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">tbl</code>
+          <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+          A table containing the primary key field(s) for this row.
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+        row A table representing the deleted row
+      </li>
+      <li>
+        <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+        err If an error occurred, a table describing the issue.
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="DAO:find">DAO:find</a></h4>
+  </dt>
+  <dd>
+    Find a row.
+ Find a row by its given, mandatory primary key. All other fields are ignored.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">tbl</code>
+          <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+          A table containing the primary key field(s) for this row.
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+        row The row, or nil if none could be found.
+      </li>
+      <li>
+        <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+        err If an error occurred, a table describing the issue.
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="DAO:find_all">DAO:find_all</a></h4>
+  </dt>
+  <dd>
+    Find all rows.
+ Find all rows in the table, eventually matching the values in the given fields.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">tbl</code>
+          <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+          (optional) A table containing the fields and values to search for.
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        <span class="types"><span class="type">rows</span></span>
+        An array of rows.
+      </li>
+      <li>
+        <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+        err If an error occurred, a table describing the issue.
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="DAO:find_page">DAO:find_page</a></h4>
+  </dt>
+  <dd>
+    Find a paginated set of rows.
+ Find a pginated set of rows eventually matching the values in the given fields.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">tbl</code>
+          <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+          (optional) A table containing the fields and values to filter for.
+        </li>
+        <li>
+          <code class="parameter">page_offset</code>
+          Offset at which to resume pagination.
+        </li>
+        <li>
+          <code class="parameter">page_size</code>
+          Size of the page to retrieve (number of rows).
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+        rows An array of rows.
+      </li>
+      <li>
+        <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+        err If an error occurred, a table describing the issue.
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="DAO:insert">DAO:insert</a></h4>
+  </dt>
+  <dd>
+    Insert a row.
+ Insert a given Lua table as a row in the related table.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">tbl</code>
+          <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+          Table to insert as a row.
+        </li>
+        <li>
+          <code class="parameter">options</code>
+          <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+          Options to use for this insertion. (<code>ttl</code>: Time-to-live for this row, in seconds, <code>quiet</code>: does not send event)
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+        res A table representing the insert row (with fields created during the insertion).
+      </li>
+      <li>
+        <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+        err If an error occurred, a table describing the issue.
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="DAO:new">DAO:new</a></h4>
+  </dt>
+  <dd>
+    Instantiate a DAO.
+ The DAO Factory is responsible for instantiating DAOs for each entity.
+ This method is only documented for clarity.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">db</code>
+          An instance of the underlying database object (<code>cassandra_db</code> or <code>postgres_db</code>)
+        </li>
+        <li>
+          <code class="parameter">model_mt</code>
+          The related model metatable. Such metatables contain, among other things, validation methods.
+        </li>
+        <li>
+          <code class="parameter">schema</code>
+          The schema of the entity for which this DAO is instantiated. The schema contains crucial information about how to interact with the database (fields type, table name, etc...)
+        </li>
+        <li>
+          <code class="parameter">constraints</code>
+          A table of constraints built by the DAO Factory. Such constraints are mostly useful for databases without support for foreign keys. SQL databases handle those constraints natively.
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        self
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="DAO:update">DAO:update</a></h4>
+  </dt>
+  <dd>
+    Update a row.
+ Update a row in the related table. Performe a partial update by default (only fields in <code>tbl</code> will)
+ be updated. If asked, can perform a "full" update, replacing the entire entity (assuming it is valid)
+ with the one specified in <code>tbl</code> at once.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">tbl</code>
+          <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+          A table containing the new values for this row.
+        </li>
+        <li>
+          <code class="parameter">filter_keys</code>
+          <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+          A table which must contain the primary key(s) to select the row to be updated.
+        </li>
+        <li>
+          <code class="parameter">options</code>
+          <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+          Options to use for this update. (<code>full</code>: performs a full update of the entity, <code>quiet</code>: does not send event).
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+        res A table representing the updated entity.
+      </li>
+      <li>
+        <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+        err If an error occurred, a table describing the issue.
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+</dl>
+
+
+    </div>
+  </div>
+</div>
+</div>
diff --git a/app/enterprise/0.34-x/lua-reference/modules/kong.plugins.basic-auth.crypto.html b/app/enterprise/0.34-x/lua-reference/modules/kong.plugins.basic-auth.crypto.html
new file mode 100644
index 000000000000..653884af4c02
--- /dev/null
+++ b/app/enterprise/0.34-x/lua-reference/modules/kong.plugins.basic-auth.crypto.html
@@ -0,0 +1,109 @@
+---
+title: Lua Reference - kong.plugins.basic-auth.crypto
+layout: default
+---
+
+
+<header class="page-header">
+  <div class="container">
+    <div class="page-header-icon">
+      <img src="/assets/images/icons/icn-documentation.svg" alt="Documentation" />
+    </div>
+    <div class="page-header-title">
+      <h1>Public Lua API Reference</h1>
+      <p>For plugins developers and core contributors</p>
+    </div>
+    {% if site.data.kong_versions.size > 1 %}
+      {% include lua-reference-dropdown.html
+        page=page
+        site=site
+      %}
+    {% endif %}
+  </div>
+</header>
+
+<div class="container">
+  <aside class="page-navigation">
+    <nav>
+      <ul>
+        <li>
+          <a href="/{{page.kong_version}}"><h5>Back to docs</h5></a>
+        </li>
+        <li>
+          <a href="/{{page.kong_version}}/lua-reference/"><h5>Index</h5></a>
+        </li>
+        <li>
+          <h5>Modules</h5>
+          <ul>
+            <li><a href="../../modules/kong.dao">kong.dao</a></li>
+            <li>kong.plugins.basic-auth.crypto</li>
+            <li><a href="../../modules/kong.plugins.galileo.alf">kong.plugins.galileo.alf</a></li>
+            <li><a href="../../modules/kong.plugins.galileo.buffer">kong.plugins.galileo.buffer</a></li>
+            <li><a href="../../modules/kong.plugins.jwt.jwt_parser">kong.plugins.jwt.jwt_parser</a></li>
+            <li><a href="../../modules/kong.tools.responses">kong.tools.responses</a></li>
+            <li><a href="../../modules/kong.tools.timestamp">kong.tools.timestamp</a></li>
+            <li><a href="../../modules/kong.tools.utils">kong.tools.utils</a></li>
+            <li><a href="../../modules/spec.helpers">spec.helpers</a></li>
+          </ul>
+        </li>
+      </ul>
+    </nav>
+  </aside>
+
+  <div class="page-content-container">
+  <div class="page-content">
+    <div class="content">
+<h1><code>kong.plugins.basic-auth.crypto</code></h1>
+<p>Salt the password
+ Password is salted with the credential's consumer_id (long enough, unique)</p>
+<p></p>
+
+
+
+<h2><a href="#Functions">Functions</a></h2>
+<table class="function_list">
+  <tr>
+    <td class="name"><a href="#encrypt">encrypt (credential)</a></td>
+    <td class="summary">Encrypt the password field credential table</td>
+  </tr>
+</table>
+
+
+<h2 class="section-header "><a name="Functions">Functions</a></h2>
+
+
+<dl class="function">
+  <hr />
+  <dt>
+    <h4><a name="encrypt">encrypt</a></h4>
+  </dt>
+  <dd>
+    Encrypt the password field credential table
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">credential</code>
+          The basic auth credential table
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        hash of the salted credential's password
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+</dl>
+
+
+    </div>
+  </div>
+</div>
+</div>
diff --git a/app/enterprise/0.34-x/lua-reference/modules/kong.plugins.galileo.alf.html b/app/enterprise/0.34-x/lua-reference/modules/kong.plugins.galileo.alf.html
new file mode 100644
index 000000000000..6d0e6f5bd147
--- /dev/null
+++ b/app/enterprise/0.34-x/lua-reference/modules/kong.plugins.galileo.alf.html
@@ -0,0 +1,133 @@
+---
+title: Lua Reference - kong.plugins.galileo.alf
+layout: default
+---
+
+
+<header class="page-header">
+  <div class="container">
+    <div class="page-header-icon">
+      <img src="/assets/images/icons/icn-documentation.svg" alt="Documentation" />
+    </div>
+    <div class="page-header-title">
+      <h1>Public Lua API Reference</h1>
+      <p>For plugins developers and core contributors</p>
+    </div>
+    {% if site.data.kong_versions.size > 1 %}
+      {% include lua-reference-dropdown.html
+        page=page
+        site=site
+      %}
+    {% endif %}
+  </div>
+</header>
+
+<div class="container">
+  <aside class="page-navigation">
+    <nav>
+      <ul>
+        <li>
+          <a href="/{{page.kong_version}}"><h5>Back to docs</h5></a>
+        </li>
+        <li>
+          <a href="/{{page.kong_version}}/lua-reference/"><h5>Index</h5></a>
+        </li>
+        <li>
+          <h5>Modules</h5>
+          <ul>
+            <li><a href="../../modules/kong.dao">kong.dao</a></li>
+            <li><a href="../../modules/kong.plugins.basic-auth.crypto">kong.plugins.basic-auth.crypto</a></li>
+            <li>kong.plugins.galileo.alf</li>
+            <li><a href="../../modules/kong.plugins.galileo.buffer">kong.plugins.galileo.buffer</a></li>
+            <li><a href="../../modules/kong.plugins.jwt.jwt_parser">kong.plugins.jwt.jwt_parser</a></li>
+            <li><a href="../../modules/kong.tools.responses">kong.tools.responses</a></li>
+            <li><a href="../../modules/kong.tools.timestamp">kong.tools.timestamp</a></li>
+            <li><a href="../../modules/kong.tools.utils">kong.tools.utils</a></li>
+            <li><a href="../../modules/spec.helpers">spec.helpers</a></li>
+          </ul>
+        </li>
+      </ul>
+    </nav>
+  </aside>
+
+  <div class="page-content-container">
+  <div class="page-content">
+    <div class="content">
+<h1><code>kong.plugins.galileo.alf</code></h1>
+<p>Add an entry to the ALF's <code>entries</code></p>
+<p></p>
+
+
+
+<h2><a href="#Functions">Functions</a></h2>
+<table class="function_list">
+  <tr>
+    <td class="name"><a href="#reset">reset ()</a></td>
+    <td class="summary">Empty the ALF</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#serialize">serialize (service_token, environment)</a></td>
+    <td class="summary">Encode the current ALF to JSON</td>
+  </tr>
+</table>
+
+
+<h2 class="section-header "><a name="Functions">Functions</a></h2>
+
+
+<dl class="function">
+  <hr />
+  <dt>
+    <h4><a name="reset">reset</a></h4>
+  </dt>
+  <dd>
+    Empty the ALF
+
+
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="serialize">serialize</a></h4>
+  </dt>
+  <dd>
+    Encode the current ALF to JSON
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">service_token</code>
+          <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.4">string</a></span>
+          The ALF <code>serviceToken</code>
+        </li>
+        <li>
+          <code class="parameter">environment</code>
+          <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.4">string</a></span>
+          (optional) The ALF <code>environment</code>
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.4">string</a></span>
+        The ALF, JSON encoded
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+</dl>
+
+
+    </div>
+  </div>
+</div>
+</div>
diff --git a/app/enterprise/0.34-x/lua-reference/modules/kong.plugins.galileo.buffer.html b/app/enterprise/0.34-x/lua-reference/modules/kong.plugins.galileo.buffer.html
new file mode 100644
index 000000000000..6d219b08e7f1
--- /dev/null
+++ b/app/enterprise/0.34-x/lua-reference/modules/kong.plugins.galileo.buffer.html
@@ -0,0 +1,102 @@
+---
+title: Lua Reference - kong.plugins.galileo.buffer
+layout: default
+---
+
+
+<header class="page-header">
+  <div class="container">
+    <div class="page-header-icon">
+      <img src="/assets/images/icons/icn-documentation.svg" alt="Documentation" />
+    </div>
+    <div class="page-header-title">
+      <h1>Public Lua API Reference</h1>
+      <p>For plugins developers and core contributors</p>
+    </div>
+    {% if site.data.kong_versions.size > 1 %}
+      {% include lua-reference-dropdown.html
+        page=page
+        site=site
+      %}
+    {% endif %}
+  </div>
+</header>
+
+<div class="container">
+  <aside class="page-navigation">
+    <nav>
+      <ul>
+        <li>
+          <a href="/{{page.kong_version}}"><h5>Back to docs</h5></a>
+        </li>
+        <li>
+          <a href="/{{page.kong_version}}/lua-reference/"><h5>Index</h5></a>
+        </li>
+        <li>
+          <h5>Modules</h5>
+          <ul>
+            <li><a href="../../modules/kong.dao">kong.dao</a></li>
+            <li><a href="../../modules/kong.plugins.basic-auth.crypto">kong.plugins.basic-auth.crypto</a></li>
+            <li><a href="../../modules/kong.plugins.galileo.alf">kong.plugins.galileo.alf</a></li>
+            <li>kong.plugins.galileo.buffer</li>
+            <li><a href="../../modules/kong.plugins.jwt.jwt_parser">kong.plugins.jwt.jwt_parser</a></li>
+            <li><a href="../../modules/kong.tools.responses">kong.tools.responses</a></li>
+            <li><a href="../../modules/kong.tools.timestamp">kong.tools.timestamp</a></li>
+            <li><a href="../../modules/kong.tools.utils">kong.tools.utils</a></li>
+            <li><a href="../../modules/spec.helpers">spec.helpers</a></li>
+          </ul>
+        </li>
+      </ul>
+    </nav>
+  </aside>
+
+  <div class="page-content-container">
+  <div class="page-content">
+    <div class="content">
+<h1><code>kong.plugins.galileo.buffer</code></h1>
+<p>Timer handlers</p>
+<p></p>
+
+
+
+<h2><a href="#Functions">Functions</a></h2>
+<table class="function_list">
+  <tr>
+    <td class="name"><a href="#new">new (conf)</a></td>
+    <td class="summary">Buffer</td>
+  </tr>
+</table>
+
+
+<h2 class="section-header "><a name="Functions">Functions</a></h2>
+
+
+<dl class="function">
+  <hr />
+  <dt>
+    <h4><a name="new">new</a></h4>
+  </dt>
+  <dd>
+    Buffer
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">conf</code>
+
+        </li>
+    </ul>
+
+
+
+
+
+
+  </dd>
+</dl>
+
+
+    </div>
+  </div>
+</div>
+</div>
diff --git a/app/enterprise/0.34-x/lua-reference/modules/kong.plugins.jwt.jwt_parser.html b/app/enterprise/0.34-x/lua-reference/modules/kong.plugins.jwt.jwt_parser.html
new file mode 100644
index 000000000000..06d975dccc5e
--- /dev/null
+++ b/app/enterprise/0.34-x/lua-reference/modules/kong.plugins.jwt.jwt_parser.html
@@ -0,0 +1,184 @@
+---
+title: Lua Reference - kong.plugins.jwt.jwt_parser
+layout: default
+---
+
+
+<header class="page-header">
+  <div class="container">
+    <div class="page-header-icon">
+      <img src="/assets/images/icons/icn-documentation.svg" alt="Documentation" />
+    </div>
+    <div class="page-header-title">
+      <h1>Public Lua API Reference</h1>
+      <p>For plugins developers and core contributors</p>
+    </div>
+    {% if site.data.kong_versions.size > 1 %}
+      {% include lua-reference-dropdown.html
+        page=page
+        site=site
+      %}
+    {% endif %}
+  </div>
+</header>
+
+<div class="container">
+  <aside class="page-navigation">
+    <nav>
+      <ul>
+        <li>
+          <a href="/{{page.kong_version}}"><h5>Back to docs</h5></a>
+        </li>
+        <li>
+          <a href="/{{page.kong_version}}/lua-reference/"><h5>Index</h5></a>
+        </li>
+        <li>
+          <h5>Modules</h5>
+          <ul>
+            <li><a href="../../modules/kong.dao">kong.dao</a></li>
+            <li><a href="../../modules/kong.plugins.basic-auth.crypto">kong.plugins.basic-auth.crypto</a></li>
+            <li><a href="../../modules/kong.plugins.galileo.alf">kong.plugins.galileo.alf</a></li>
+            <li><a href="../../modules/kong.plugins.galileo.buffer">kong.plugins.galileo.buffer</a></li>
+            <li>kong.plugins.jwt.jwt_parser</li>
+            <li><a href="../../modules/kong.tools.responses">kong.tools.responses</a></li>
+            <li><a href="../../modules/kong.tools.timestamp">kong.tools.timestamp</a></li>
+            <li><a href="../../modules/kong.tools.utils">kong.tools.utils</a></li>
+            <li><a href="../../modules/spec.helpers">spec.helpers</a></li>
+          </ul>
+        </li>
+      </ul>
+    </nav>
+  </aside>
+
+  <div class="page-content-container">
+  <div class="page-content">
+    <div class="content">
+<h1><code>kong.plugins.jwt.jwt_parser</code></h1>
+<p>Supported algorithms for signing tokens.</p>
+<p></p>
+
+
+
+<h2><a href="#Functions">Functions</a></h2>
+<table class="function_list">
+  <tr>
+    <td class="name"><a href="#new">new (token)</a></td>
+    <td class="summary">Instantiate a JWT parser
+ Parse a JWT and instantiate a JWT parser for further operations
+ Return errors instead of an instance if any encountered</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#verify_registered_claims">verify_registered_claims (claims_to_verify)</a></td>
+    <td class="summary">Verify registered claims (according to RFC 7519 Section 4.1)
+ Claims are verified by type and a check.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#verify_signature">verify_signature (key)</a></td>
+    <td class="summary">Verify a JWT signature
+ Verify the current JWT signature against a given key</td>
+  </tr>
+</table>
+
+
+<h2 class="section-header "><a name="Functions">Functions</a></h2>
+
+
+<dl class="function">
+  <hr />
+  <dt>
+    <h4><a name="new">new</a></h4>
+  </dt>
+  <dd>
+    Instantiate a JWT parser
+ Parse a JWT and instantiate a JWT parser for further operations
+ Return errors instead of an instance if any encountered
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">token</code>
+          JWT to parse
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        JWT parser
+      </li>
+      <li>
+        error if any
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="verify_registered_claims">verify_registered_claims</a></h4>
+  </dt>
+  <dd>
+    Verify registered claims (according to RFC 7519 Section 4.1)
+ Claims are verified by type and a check.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">claims_to_verify</code>
+          A list of claims to verify.
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        A boolean indicating true if no errors zere found
+      </li>
+      <li>
+        A list of errors
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="verify_signature">verify_signature</a></h4>
+  </dt>
+  <dd>
+    Verify a JWT signature
+ Verify the current JWT signature against a given key
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">key</code>
+          Key against which to verify the signature
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        A boolean indicating if the signature if verified or not
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+</dl>
+
+
+    </div>
+  </div>
+</div>
+</div>
diff --git a/app/enterprise/0.34-x/lua-reference/modules/kong.tools.responses.html b/app/enterprise/0.34-x/lua-reference/modules/kong.tools.responses.html
new file mode 100644
index 000000000000..bb089bd88038
--- /dev/null
+++ b/app/enterprise/0.34-x/lua-reference/modules/kong.tools.responses.html
@@ -0,0 +1,237 @@
+---
+title: Lua Reference - kong.tools.responses
+layout: default
+---
+
+
+<header class="page-header">
+  <div class="container">
+    <div class="page-header-icon">
+      <img src="/assets/images/icons/icn-documentation.svg" alt="Documentation" />
+    </div>
+    <div class="page-header-title">
+      <h1>Public Lua API Reference</h1>
+      <p>For plugins developers and core contributors</p>
+    </div>
+    {% if site.data.kong_versions.size > 1 %}
+      {% include lua-reference-dropdown.html
+        page=page
+        site=site
+      %}
+    {% endif %}
+  </div>
+</header>
+
+<div class="container">
+  <aside class="page-navigation">
+    <nav>
+      <ul>
+        <li>
+          <a href="/{{page.kong_version}}"><h5>Back to docs</h5></a>
+        </li>
+        <li>
+          <a href="/{{page.kong_version}}/lua-reference/"><h5>Index</h5></a>
+        </li>
+        <li>
+          <h5>Modules</h5>
+          <ul>
+            <li><a href="../../modules/kong.dao">kong.dao</a></li>
+            <li><a href="../../modules/kong.plugins.basic-auth.crypto">kong.plugins.basic-auth.crypto</a></li>
+            <li><a href="../../modules/kong.plugins.galileo.alf">kong.plugins.galileo.alf</a></li>
+            <li><a href="../../modules/kong.plugins.galileo.buffer">kong.plugins.galileo.buffer</a></li>
+            <li><a href="../../modules/kong.plugins.jwt.jwt_parser">kong.plugins.jwt.jwt_parser</a></li>
+            <li>kong.tools.responses</li>
+            <li><a href="../../modules/kong.tools.timestamp">kong.tools.timestamp</a></li>
+            <li><a href="../../modules/kong.tools.utils">kong.tools.utils</a></li>
+            <li><a href="../../modules/spec.helpers">spec.helpers</a></li>
+          </ul>
+        </li>
+      </ul>
+    </nav>
+  </aside>
+
+  <div class="page-content-container">
+  <div class="page-content">
+    <div class="content">
+<h1><code>kong.tools.responses</code></h1>
+<p>Kong helper methods to send HTTP responses to clients.</p>
+<p>Can be used in the proxy (core/resolver), plugins or Admin API.
+ Most used HTTP status codes and responses are implemented as helper methods.</p>
+
+<h3>Usage:</h3>
+<ul>
+  <li><pre>local responses = require &quot;kong.tools.responses&quot;
+
+-- In an Admin API endpoint handler, or in one of the plugins&apos; phases.
+-- the `return` keyword is optional since the execution will be stopped
+-- anyways. It simply improves code readability.
+return responses.send_HTTP_OK()
+
+-- Or:
+return responses.send_HTTP_NOT_FOUND(&quot;No entity for given id&quot;)
+
+-- Raw send() helper:
+return responses.send(418, &quot;This is a teapot&quot;)
+</pre></li>
+</ul>
+
+<h3>Info:</h3>
+<ul>
+</ul>
+
+<h2><a href="#Functions">Functions</a></h2>
+<table class="function_list">
+  <tr>
+    <td class="name"><a href="#send">send (status_code, body, headers)</a></td>
+    <td class="summary">Send a response with any status code or body,
+ Not all status codes are available as sugar methods, this function can be
+ used to send any response.</td>
+  </tr>
+</table>
+<h2><a href="#Tables">Tables</a></h2>
+<table class="function_list">
+  <tr>
+    <td class="name"><a href="#status_codes">status_codes</a></td>
+    <td class="summary">Define the most common HTTP status codes for sugar methods.</td>
+  </tr>
+</table>
+
+
+<h2 class="section-header "><a name="Functions">Functions</a></h2>
+
+
+<dl class="function">
+  <hr />
+  <dt>
+    <h4><a name="send">send</a></h4>
+  </dt>
+  <dd>
+    Send a response with any status code or body,
+ Not all status codes are available as sugar methods, this function can be
+ used to send any response.
+ For <code>status_code=5xx</code> the <code>content</code> parameter should be the description of the error that occurred.
+ For <code>status_code=500</code> the content will be logged by ngx.log as an ERR.
+ Will call <a href="https://github.com/openresty/lua-nginx-module#ngxsay">ngx.say</a> and <a href="https://github.com/openresty/lua-nginx-module#ngxexit">ngx.exit</a>, terminating the current context.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">status_code</code>
+          <span class="types"><span class="type">number</span></span>
+          HTTP status code to send
+        </li>
+        <li>
+          <code class="parameter">body</code>
+          A string or table which will be the body of the sent response. If table, the response will be encoded as a JSON object. If string, the response will be a JSON object and the string will be contained in the <code>message</code> property.
+        </li>
+        <li>
+          <code class="parameter">headers</code>
+          <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+          Response headers to send.
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        ngx.exit (Exit current context)
+      </li>
+    </ul>
+
+
+    <h5>See also:</h5>
+    <ul>
+      <li><a href="https://github.com/openresty/lua-nginx-module#ngxsay">ngx.say</a></li>
+      <li><a href="https://github.com/openresty/lua-nginx-module#ngxexit">ngx.exit</a></li>
+    </ul>
+
+
+
+  </dd>
+</dl>
+
+<h2 class="section-header "><a name="Tables">Tables</a></h2>
+
+
+<dl class="function">
+  <hr />
+  <dt>
+    <h4><a name="status_codes">status_codes</a></h4>
+  </dt>
+  <dd>
+    Define the most common HTTP status codes for sugar methods.
+ Each of those status will generate a helper method (sugar)
+ attached to this exported module prefixed with <code>send_</code>.
+ Final signature of those methods will be <code>send_&lt;status_code_key&gt;(message, headers)</code>. See <a href="send">send</a> for more details on those parameters.
+
+    <h5>Fields:</h5>
+    <ul>
+        <li>
+          <code class="parameter">HTTP_OK</code>
+          200 OK
+        </li>
+        <li>
+          <code class="parameter">HTTP_CREATED</code>
+          201 Created
+        </li>
+        <li>
+          <code class="parameter">HTTP_NO_CONTENT</code>
+          204 No Content
+        </li>
+        <li>
+          <code class="parameter">HTTP_BAD_REQUEST</code>
+          400 Bad Request
+        </li>
+        <li>
+          <code class="parameter">HTTP_UNAUTHORIZED</code>
+          401 Unauthorized
+        </li>
+        <li>
+          <code class="parameter">HTTP_FORBIDDEN</code>
+          403 Forbidden
+        </li>
+        <li>
+          <code class="parameter">HTTP_NOT_FOUND</code>
+          404 Not Found
+        </li>
+        <li>
+          <code class="parameter">HTTP_METHOD_NOT_ALLOWED</code>
+          405 Method Not Allowed
+        </li>
+        <li>
+          <code class="parameter">HTTP_CONFLICT</code>
+          409 Conflict
+        </li>
+        <li>
+          <code class="parameter">HTTP_UNSUPPORTED_MEDIA_TYPE</code>
+          415 Unsupported Media Type
+        </li>
+        <li>
+          <code class="parameter">HTTP_INTERNAL_SERVER_ERROR</code>
+          Internal Server Error
+        </li>
+        <li>
+          <code class="parameter">HTTP_SERVICE_UNAVAILABLE</code>
+          503 Service Unavailable
+        </li>
+    </ul>
+
+
+
+
+    <h5>Usage:</h5>
+    <ul>
+      <li><pre class="example"><span class="keyword">return</span> responses.send_HTTP_OK()</pre></li>
+      <li><pre class="example"><span class="keyword">return</span> responses.HTTP_CREATED(<span class="string">"Entity created"</span>)</pre></li>
+      <li><pre class="example"><span class="keyword">return</span> responses.HTTP_INTERNAL_SERVER_ERROR()</pre></li>
+    </ul>
+
+
+  </dd>
+</dl>
+
+
+    </div>
+  </div>
+</div>
+</div>
diff --git a/app/enterprise/0.34-x/lua-reference/modules/kong.tools.timestamp.html b/app/enterprise/0.34-x/lua-reference/modules/kong.tools.timestamp.html
new file mode 100644
index 000000000000..099edef223f7
--- /dev/null
+++ b/app/enterprise/0.34-x/lua-reference/modules/kong.tools.timestamp.html
@@ -0,0 +1,71 @@
+---
+title: Lua Reference - kong.tools.timestamp
+layout: default
+---
+
+
+<header class="page-header">
+  <div class="container">
+    <div class="page-header-icon">
+      <img src="/assets/images/icons/icn-documentation.svg" alt="Documentation" />
+    </div>
+    <div class="page-header-title">
+      <h1>Public Lua API Reference</h1>
+      <p>For plugins developers and core contributors</p>
+    </div>
+    {% if site.data.kong_versions.size > 1 %}
+      {% include lua-reference-dropdown.html
+        page=page
+        site=site
+      %}
+    {% endif %}
+  </div>
+</header>
+
+<div class="container">
+  <aside class="page-navigation">
+    <nav>
+      <ul>
+        <li>
+          <a href="/{{page.kong_version}}"><h5>Back to docs</h5></a>
+        </li>
+        <li>
+          <a href="/{{page.kong_version}}/lua-reference/"><h5>Index</h5></a>
+        </li>
+        <li>
+          <h5>Modules</h5>
+          <ul>
+            <li><a href="../../modules/kong.dao">kong.dao</a></li>
+            <li><a href="../../modules/kong.plugins.basic-auth.crypto">kong.plugins.basic-auth.crypto</a></li>
+            <li><a href="../../modules/kong.plugins.galileo.alf">kong.plugins.galileo.alf</a></li>
+            <li><a href="../../modules/kong.plugins.galileo.buffer">kong.plugins.galileo.buffer</a></li>
+            <li><a href="../../modules/kong.plugins.jwt.jwt_parser">kong.plugins.jwt.jwt_parser</a></li>
+            <li><a href="../../modules/kong.tools.responses">kong.tools.responses</a></li>
+            <li>kong.tools.timestamp</li>
+            <li><a href="../../modules/kong.tools.utils">kong.tools.utils</a></li>
+            <li><a href="../../modules/spec.helpers">spec.helpers</a></li>
+          </ul>
+        </li>
+      </ul>
+    </nav>
+  </aside>
+
+  <div class="page-content-container">
+  <div class="page-content">
+    <div class="content">
+<h1><code>kong.tools.timestamp</code></h1>
+<p>Module for timestamp support.</p>
+<p>Based on the LuaTZ module.</p>
+
+
+<h3>Info:</h3>
+<ul>
+</ul>
+
+
+
+
+    </div>
+  </div>
+</div>
+</div>
diff --git a/app/enterprise/0.34-x/lua-reference/modules/kong.tools.utils.html b/app/enterprise/0.34-x/lua-reference/modules/kong.tools.utils.html
new file mode 100644
index 000000000000..4875b88da6ca
--- /dev/null
+++ b/app/enterprise/0.34-x/lua-reference/modules/kong.tools.utils.html
@@ -0,0 +1,822 @@
+---
+title: Lua Reference - kong.tools.utils
+layout: default
+---
+
+
+<header class="page-header">
+  <div class="container">
+    <div class="page-header-icon">
+      <img src="/assets/images/icons/icn-documentation.svg" alt="Documentation" />
+    </div>
+    <div class="page-header-title">
+      <h1>Public Lua API Reference</h1>
+      <p>For plugins developers and core contributors</p>
+    </div>
+    {% if site.data.kong_versions.size > 1 %}
+      {% include lua-reference-dropdown.html
+        page=page
+        site=site
+      %}
+    {% endif %}
+  </div>
+</header>
+
+<div class="container">
+  <aside class="page-navigation">
+    <nav>
+      <ul>
+        <li>
+          <a href="/{{page.kong_version}}"><h5>Back to docs</h5></a>
+        </li>
+        <li>
+          <a href="/{{page.kong_version}}/lua-reference/"><h5>Index</h5></a>
+        </li>
+        <li>
+          <h5>Modules</h5>
+          <ul>
+            <li><a href="../../modules/kong.dao">kong.dao</a></li>
+            <li><a href="../../modules/kong.plugins.basic-auth.crypto">kong.plugins.basic-auth.crypto</a></li>
+            <li><a href="../../modules/kong.plugins.galileo.alf">kong.plugins.galileo.alf</a></li>
+            <li><a href="../../modules/kong.plugins.galileo.buffer">kong.plugins.galileo.buffer</a></li>
+            <li><a href="../../modules/kong.plugins.jwt.jwt_parser">kong.plugins.jwt.jwt_parser</a></li>
+            <li><a href="../../modules/kong.tools.responses">kong.tools.responses</a></li>
+            <li><a href="../../modules/kong.tools.timestamp">kong.tools.timestamp</a></li>
+            <li>kong.tools.utils</li>
+            <li><a href="../../modules/spec.helpers">spec.helpers</a></li>
+          </ul>
+        </li>
+      </ul>
+    </nav>
+  </aside>
+
+  <div class="page-content-container">
+  <div class="page-content">
+    <div class="content">
+<h1><code>kong.tools.utils</code></h1>
+<p>Module containing some general utility functions used in many places in Kong.</p>
+<p>NOTE: Before implementing a function here, consider if it will be used in many places
+ across Kong. If not, a local function in the appropriate module is preferred.</p>
+
+
+<h3>Info:</h3>
+<ul>
+</ul>
+
+<h2><a href="#Functions">Functions</a></h2>
+<table class="function_list">
+  <tr>
+    <td class="name"><a href="#add_error">add_error (errors, k, v)</a></td>
+    <td class="summary">Add an error message to a key/value table.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#check_hostname">check_hostname (address)</a></td>
+    <td class="summary">parses and validates a hostname.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#check_https">check_https (trusted_ip, allow_terminated)</a></td>
+    <td class="summary">Checks whether a request is https or was originally https (but already
+ terminated).</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#concat">concat (...)</a></td>
+    <td class="summary">Concatenates lists into a new table.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#deep_copy">deep_copy (orig)</a></td>
+    <td class="summary">Deep copies a table into a new table.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#encode_args">encode_args (args, raw)</a></td>
+    <td class="summary">Encode a Lua table to a querystring
+ Tries to mimic ngx_lua's <code>ngx.encode_args</code>, but also percent-encode querystring values.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#format_host">format_host (p1, p2)</a></td>
+    <td class="summary">Formats an ip address or hostname with an (optional) port for use in urls.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#get_hostname">get_hostname ()</a></td>
+    <td class="summary">Retrieves the hostname of the local machine</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#hostname_type">hostname_type (name)</a></td>
+    <td class="summary">checks the hostname type; ipv4, ipv6, or name.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#is_array">is_array (t)</a></td>
+    <td class="summary">Checks if a table is an array and not an associative array.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#load_module_if_exists">load_module_if_exists (module_name)</a></td>
+    <td class="summary">Try to load a module.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#normalize_ip">normalize_ip (address)</a></td>
+    <td class="summary">verifies and normalizes ip addresses and hostnames.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#normalize_ipv4">normalize_ipv4 (address)</a></td>
+    <td class="summary">parses, validates and normalizes an ipv4 address.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#normalize_ipv6">normalize_ipv6 (address)</a></td>
+    <td class="summary">parses, validates and normalizes an ipv6 address.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#pack">pack (...)</a></td>
+    <td class="summary">packs a set of arguments in a table.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#shallow_copy">shallow_copy (orig)</a></td>
+    <td class="summary">Copies a table into a new table.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#split">split ()</a></td>
+    <td class="summary">splits a string.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#strip">strip ()</a></td>
+    <td class="summary">strips whitespace from a string.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#table_contains">table_contains (arr, val)</a></td>
+    <td class="summary">Checks if a value exists in a table.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#table_merge">table_merge (t1, t2)</a></td>
+    <td class="summary">Merges two table together.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#unpack">unpack (t, i, j)</a></td>
+    <td class="summary">unpacks a table to a list of arguments.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#uuid">uuid ()</a></td>
+    <td class="summary">Generates a v4 uuid.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#validate_header_name">validate_header_name (name)</a></td>
+    <td class="summary">Validates a header name.</td>
+  </tr>
+</table>
+
+
+<h2 class="section-header "><a name="Functions">Functions</a></h2>
+
+
+<dl class="function">
+  <hr />
+  <dt>
+    <h4><a name="add_error">add_error</a></h4>
+  </dt>
+  <dd>
+    Add an error message to a key/value table.
+ If the key already exists, a sub table is created with the original and the new value.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">errors</code>
+          (Optional) Table to attach the error to. If <code>nil</code>, the table will be created.
+        </li>
+        <li>
+          <code class="parameter">k</code>
+          Key on which to insert the error in the <code>errors</code> table.
+        </li>
+        <li>
+          <code class="parameter">v</code>
+          Value of the error
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        The <code>errors</code> table with the new error inserted.
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="check_hostname">check_hostname</a></h4>
+  </dt>
+  <dd>
+    parses and validates a hostname.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">address</code>
+          the string containing the hostname (formats; name, name:port)
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        hostname (string) + port (number or nil), or alternatively nil+error
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="check_https">check_https</a></h4>
+  </dt>
+  <dd>
+    Checks whether a request is https or was originally https (but already
+ terminated).  It will check in the current request (global <code>ngx</code> table). If
+ the header <code>X-Forwarded-Proto</code> exists -- with value <code>https</code> then it will also
+ be considered as an https connection.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">trusted_ip</code>
+          boolean indicating if the client is a trusted IP
+        </li>
+        <li>
+          <code class="parameter">allow_terminated</code>
+          if truthy, the <code>X-Forwarded-Proto</code> header will be checked as well.
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        boolean or nil+error in case the header exists multiple times
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="concat">concat</a></h4>
+  </dt>
+  <dd>
+    Concatenates lists into a new table.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">...</code>
+
+        </li>
+    </ul>
+
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="deep_copy">deep_copy</a></h4>
+  </dt>
+  <dd>
+    Deep copies a table into a new table.
+ Tables used as keys are also deep copied, as are metatables
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">orig</code>
+          The table to copy
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        Returns a copy of the input table
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="encode_args">encode_args</a></h4>
+  </dt>
+  <dd>
+    Encode a Lua table to a querystring
+ Tries to mimic ngx_lua's <code>ngx.encode_args</code>, but also percent-encode querystring values.
+ Supports multi-value query args, boolean values.
+ It also supports encoding for bodies (only because it is used in http_client for specs.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">args</code>
+          <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.5">table</a></span>
+          A key/value table containing the query args to encode.
+        </li>
+        <li>
+          <code class="parameter">raw</code>
+          <span class="types"><span class="type">boolean</span></span>
+          If true, will not percent-encode any key/value and will ignore special boolean rules.
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        <span class="types"><a class="type" href="https://www.lua.org/manual/5.1/manual.html#5.4">string</a></span>
+        A valid querystring (without the prefixing '?')
+      </li>
+    </ul>
+
+
+    <h5>See also:</h5>
+    <ul>
+    </ul>
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="format_host">format_host</a></h4>
+  </dt>
+  <dd>
+    Formats an ip address or hostname with an (optional) port for use in urls.
+ Supports ipv4, ipv6 and names.</p>
+
+<p> Explicitly accepts 'nil+error' as input, to pass through any errors from the normalizing and name checking functions.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">p1</code>
+          address to format, either string with name/ip, table returned from <a href="#normalize_ip">normalize_ip</a>, or from the <code>socket.url</code> library.
+        </li>
+        <li>
+          <code class="parameter">p2</code>
+          port (optional) if p1 is a table, then this port will be inserted if no port-field is in the table
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        formatted address or nil+error
+      </li>
+    </ul>
+
+
+
+    <h5>Usage:</h5>
+    <ul>
+      <li><pre class="example"><span class="keyword">local</span> addr, err = format_ip(normalize_ip(<span class="string">"001.002.003.004:123"</span>))  <span class="comment">--&gt; "1.2.3.4:123"
+</span><span class="keyword">local</span> addr, err = format_ip(normalize_ip(<span class="string">"::1"</span>))                  <span class="comment">--&gt; "[0000:0000:0000:0000:0000:0000:0000:0001]"
+</span><span class="keyword">local</span> addr, err = format_ip(<span class="string">"::1"</span>, <span class="number">80</span>))                           <span class="comment">--&gt; "[::1]:80"
+</span><span class="keyword">local</span> addr, err = format_ip(check_hostname(<span class="string">"//bad .. name\\"))    --&gt; nil, "</span>invalid hostname: ... "</pre></li>
+    </ul>
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="get_hostname">get_hostname</a></h4>
+  </dt>
+  <dd>
+    Retrieves the hostname of the local machine
+
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        string  The hostname
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="hostname_type">hostname_type</a></h4>
+  </dt>
+  <dd>
+    checks the hostname type; ipv4, ipv6, or name.
+ Type is determined by exclusion, not by validation. So if it returns 'ipv6' then
+ it can only be an ipv6, but it is not necessarily a valid ipv6 address.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">name</code>
+          the string to check (this may contain a portnumber)
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        string either; 'ipv4', 'ipv6', or 'name'
+      </li>
+    </ul>
+
+
+
+    <h5>Usage:</h5>
+    <ul>
+      <li><pre class="example">hostname_type(<span class="string">"123.123.123.123"</span>)  <span class="comment">--&gt;  "ipv4"
+</span>hostname_type(<span class="string">"::1"</span>)              <span class="comment">--&gt;  "ipv6"
+</span>hostname_type(<span class="string">"some::thing"</span>)      <span class="comment">--&gt;  "ipv6", but invalid...</span></pre></li>
+    </ul>
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="is_array">is_array</a></h4>
+  </dt>
+  <dd>
+    Checks if a table is an array and not an associative array.
+ <strong>* NOTE *</strong> string-keys containing integers are considered valid array entries!
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">t</code>
+          The table to check
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        Returns <code>true</code> if the table is an array, <code>false</code> otherwise
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="load_module_if_exists">load_module_if_exists</a></h4>
+  </dt>
+  <dd>
+    Try to load a module.
+ Will not throw an error if the module was not found, but will throw an error if the
+ loading failed for another reason (eg: syntax error).
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">module_name</code>
+          Path of the module to load (ex: kong.plugins.keyauth.api).
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        success A boolean indicating whether the module was found.
+      </li>
+      <li>
+        module The retrieved module, or the error in case of a failure
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="normalize_ip">normalize_ip</a></h4>
+  </dt>
+  <dd>
+    verifies and normalizes ip addresses and hostnames.  Supports ipv4, ipv4:port, ipv6, [ipv6]:port, name, name:port.
+ Returned ipv4 addresses will have no leading zero's, ipv6 will be fully expanded without brackets.
+ Note: a name will not be normalized!
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">address</code>
+          string containing the address
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        table with the following fields: <code>host</code> (string; normalized address, or name), <a href="https://www.lua.org/manual/5.1/manual.html#pdf-type">type</a> (string; 'ipv4', 'ipv6', 'name'), and <code>port</code> (number or nil), or alternatively nil+error on invalid input
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="normalize_ipv4">normalize_ipv4</a></h4>
+  </dt>
+  <dd>
+    parses, validates and normalizes an ipv4 address.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">address</code>
+          the string containing the address (formats; ipv4, ipv4:port)
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        normalized address (string) + port (number or nil), or alternatively nil+error
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="normalize_ipv6">normalize_ipv6</a></h4>
+  </dt>
+  <dd>
+    parses, validates and normalizes an ipv6 address.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">address</code>
+          the string containing the address (formats; ipv6, [ipv6], [ipv6]:port)
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        normalized expanded address (string) + port (number or nil), or alternatively nil+error
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="pack">pack</a></h4>
+  </dt>
+  <dd>
+    packs a set of arguments in a table.
+ Explicitly sets field <code>n</code> to the number of arguments, so it is <code>nil</code> safe
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">...</code>
+
+        </li>
+    </ul>
+
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="shallow_copy">shallow_copy</a></h4>
+  </dt>
+  <dd>
+    Copies a table into a new table.
+ neither sub tables nor metatables will be copied.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">orig</code>
+          The table to copy
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        Returns a copy of the input table
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="split">split</a></h4>
+  </dt>
+  <dd>
+    splits a string.
+ just a placeholder to the penlight <code>pl.stringx.split</code> function
+
+
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="strip">strip</a></h4>
+  </dt>
+  <dd>
+    strips whitespace from a string.
+ just a placeholder to the penlight <code>pl.stringx.strip</code> function
+
+
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="table_contains">table_contains</a></h4>
+  </dt>
+  <dd>
+    Checks if a value exists in a table.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">arr</code>
+          The table to use
+        </li>
+        <li>
+          <code class="parameter">val</code>
+          The value to check
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        Returns <code>true</code> if the table contains the value, <code>false</code> otherwise
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="table_merge">table_merge</a></h4>
+  </dt>
+  <dd>
+    Merges two table together.
+ A new table is created with a non-recursive copy of the provided tables
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">t1</code>
+          The first table
+        </li>
+        <li>
+          <code class="parameter">t2</code>
+          The second table
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        The (new) merged table
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="unpack">unpack</a></h4>
+  </dt>
+  <dd>
+    unpacks a table to a list of arguments.
+ Explicitly honors the <code>n</code> field if given in the table, so it is <code>nil</code> safe
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">t</code>
+
+        </li>
+        <li>
+          <code class="parameter">i</code>
+
+        </li>
+        <li>
+          <code class="parameter">j</code>
+
+        </li>
+    </ul>
+
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="uuid">uuid</a></h4>
+  </dt>
+  <dd>
+    Generates a v4 uuid.
+
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        string with uuid
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="validate_header_name">validate_header_name</a></h4>
+  </dt>
+  <dd>
+    Validates a header name.
+ Checks characters used in a header name to be valid, as per nginx only
+ a-z, A-Z, 0-9 and '-' are allowed.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">name</code>
+          (string) the header name to verify
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        the valid header name, or <code>nil+error</code>
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+</dl>
+
+
+    </div>
+  </div>
+</div>
+</div>
diff --git a/app/enterprise/0.34-x/lua-reference/modules/spec.helpers.html b/app/enterprise/0.34-x/lua-reference/modules/spec.helpers.html
new file mode 100644
index 000000000000..06aef99711e1
--- /dev/null
+++ b/app/enterprise/0.34-x/lua-reference/modules/spec.helpers.html
@@ -0,0 +1,813 @@
+---
+title: Lua Reference - spec.helpers
+layout: default
+---
+
+
+<header class="page-header">
+  <div class="container">
+    <div class="page-header-icon">
+      <img src="/assets/images/icons/icn-documentation.svg" alt="Documentation" />
+    </div>
+    <div class="page-header-title">
+      <h1>Public Lua API Reference</h1>
+      <p>For plugins developers and core contributors</p>
+    </div>
+    {% if site.data.kong_versions.size > 1 %}
+      {% include lua-reference-dropdown.html
+        page=page
+        site=site
+      %}
+    {% endif %}
+  </div>
+</header>
+
+<div class="container">
+  <aside class="page-navigation">
+    <nav>
+      <ul>
+        <li>
+          <a href="/{{page.kong_version}}"><h5>Back to docs</h5></a>
+        </li>
+        <li>
+          <a href="/{{page.kong_version}}/lua-reference/"><h5>Index</h5></a>
+        </li>
+        <li>
+          <h5>Modules</h5>
+          <ul>
+            <li><a href="../../modules/kong.dao">kong.dao</a></li>
+            <li><a href="../../modules/kong.plugins.basic-auth.crypto">kong.plugins.basic-auth.crypto</a></li>
+            <li><a href="../../modules/kong.plugins.galileo.alf">kong.plugins.galileo.alf</a></li>
+            <li><a href="../../modules/kong.plugins.galileo.buffer">kong.plugins.galileo.buffer</a></li>
+            <li><a href="../../modules/kong.plugins.jwt.jwt_parser">kong.plugins.jwt.jwt_parser</a></li>
+            <li><a href="../../modules/kong.tools.responses">kong.tools.responses</a></li>
+            <li><a href="../../modules/kong.tools.timestamp">kong.tools.timestamp</a></li>
+            <li><a href="../../modules/kong.tools.utils">kong.tools.utils</a></li>
+            <li>spec.helpers</li>
+          </ul>
+        </li>
+      </ul>
+    </nav>
+  </aside>
+
+  <div class="page-content-container">
+  <div class="page-content">
+    <div class="content">
+<h1><code>spec.helpers</code></h1>
+<p>Collection of utilities to help testing Kong features and plugins.</p>
+<p></p>
+
+
+<h3>Info:</h3>
+<ul>
+</ul>
+
+<h2><a href="#http_client">http_client </a></h2>
+<table class="function_list">
+  <tr>
+    <td class="name"><a href="#admin_client">admin_client ()</a></td>
+    <td class="summary">returns a pre-configured <a href="#http_client">http_client</a> for the Kong admin port.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#http_client">http_client (host, port, timeout)</a></td>
+    <td class="summary">Creates a http client.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#http_client:send">http_client:send (opts)</a></td>
+    <td class="summary">Send a http request.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#proxy_client">proxy_client ()</a></td>
+    <td class="summary">returns a pre-configured <a href="#http_client">http_client</a> for the Kong proxy port.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#proxy_ssl_client">proxy_ssl_client ()</a></td>
+    <td class="summary">returns a pre-configured <a href="#http_client">http_client</a> for the Kong SSL proxy port.</td>
+  </tr>
+</table>
+<h2><a href="#TCP_UDP_server_helpers">TCP/UDP server helpers </a></h2>
+<table class="function_list">
+  <tr>
+    <td class="name"><a href="#http_server">http_server (port)</a></td>
+    <td class="summary">Starts a HTTP server.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#tcp_server">tcp_server (port)</a></td>
+    <td class="summary">Starts a TCP server.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#udp_server">udp_server (port)</a></td>
+    <td class="summary">Starts a UDP server.</td>
+  </tr>
+</table>
+<h2><a href="#Custom_assertions">Custom assertions </a></h2>
+<table class="function_list">
+  <tr>
+    <td class="name"><a href="#contains">contains (expected, array, pattern)</a></td>
+    <td class="summary">Assertion to check whether a value lives in an array.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#fail">fail (...)</a></td>
+    <td class="summary">Generic fail assertion.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#formparam">formparam (name)</a></td>
+    <td class="summary">Adds an assertion to look for a urlencoded form parameter in a mockbin request.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#header">header (name)</a></td>
+    <td class="summary">Adds an assertion to look for a named header in a <code>headers</code> subtable.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#jsonbody">jsonbody ()</a></td>
+    <td class="summary">Checks and returns a json body of an http response/request.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#queryparam">queryparam (name)</a></td>
+    <td class="summary">An assertion to look for a query parameter in a <code>queryString</code> subtable.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#request">request (response)</a></td>
+    <td class="summary">Generic modifier "request".</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#response">response (response)</a></td>
+    <td class="summary">Generic modifier "response".</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#status">status (expected, response)</a></td>
+    <td class="summary">Assertion to check the statuscode of a http response.</td>
+  </tr>
+</table>
+<h2><a href="#Shell_helpers">Shell helpers </a></h2>
+<table class="function_list">
+  <tr>
+    <td class="name"><a href="#clean_prefix">clean_prefix (prefix)</a></td>
+    <td class="summary">Cleans the Kong environment.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#execute">execute (...)</a></td>
+    <td class="summary">Execute a command.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#kong_exec">kong_exec (cmd, env)</a></td>
+    <td class="summary">Execute a Kong command.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#prepare_prefix">prepare_prefix (prefix)</a></td>
+    <td class="summary">Prepare the Kong environment.</td>
+  </tr>
+  <tr>
+    <td class="name"><a href="#wait_for_invalidation">wait_for_invalidation (key, timeout)</a></td>
+    <td class="summary">Waits for invalidation of a cached key by polling the mgt-api
+ and waiting for a 404 response.</td>
+  </tr>
+</table>
+
+
+<h2 class="section-header has-description"><a name="http_client">http_client </a></h2>
+
+<div class="section-description">
+An http-client class to perform requests.
+</div>
+
+<dl class="function">
+  <hr />
+  <dt>
+    <h4><a name="admin_client">admin_client</a></h4>
+  </dt>
+  <dd>
+    returns a pre-configured <a href="#http_client">http_client</a> for the Kong admin port.
+
+
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="http_client">http_client</a></h4>
+  </dt>
+  <dd>
+    Creates a http client.  Based on https://github.com/pintsized/lua-resty-http
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">host</code>
+          hostname to connect to
+        </li>
+        <li>
+          <code class="parameter">port</code>
+          port to connect to
+        </li>
+        <li>
+          <code class="parameter">timeout</code>
+          in seconds
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        http client
+      </li>
+    </ul>
+
+
+    <h5>See also:</h5>
+    <ul>
+      <li><a href="../../modules/spec.helpers#http_client:send">http_client:send</a></li>
+    </ul>
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="http_client:send">http_client:send</a></h4>
+  </dt>
+  <dd>
+    Send a http request.  Based on https://github.com/pintsized/lua-resty-http.
+ If <code>opts.body</code> is a table and "Content-Type" header contains
+ <code>application/json</code>, <code>www-form-urlencoded</code>, or <code>multipart/form-data</code>, then it
+ will automatically encode the body according to the content type.
+ If <code>opts.query</code> is a table, a query string will be constructed from it and
+ appended
+ to the request path (assuming none is already present).
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">opts</code>
+          table with options. See https://github.com/pintsized/lua-resty-http
+        </li>
+    </ul>
+
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="proxy_client">proxy_client</a></h4>
+  </dt>
+  <dd>
+    returns a pre-configured <a href="#http_client">http_client</a> for the Kong proxy port.
+
+
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="proxy_ssl_client">proxy_ssl_client</a></h4>
+  </dt>
+  <dd>
+    returns a pre-configured <a href="#http_client">http_client</a> for the Kong SSL proxy port.
+
+
+
+
+
+
+
+  </dd>
+</dl>
+
+<h2 class="section-header "><a name="TCP_UDP_server_helpers">TCP/UDP server helpers </a></h2>
+
+
+<dl class="function">
+  <hr />
+  <dt>
+    <h4><a name="http_server">http_server</a></h4>
+  </dt>
+  <dd>
+    Starts a HTTP server.
+ Accepts a single connection and then closes. Sends a 200 ok, 'Connection:
+ close' response.
+ If the request received has path <code>/delay</code> then the response will be delayed
+ by 2 seconds.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">port</code>
+          `    The port where the server will be listening to
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        <code>thread</code> A thread object
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="tcp_server">tcp_server</a></h4>
+  </dt>
+  <dd>
+    Starts a TCP server.
+ Accepts a single connection and then closes, echoing what was received
+ (single read).
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">port</code>
+          `    The port where the server will be listening to
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        <code>thread</code> A thread object
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="udp_server">udp_server</a></h4>
+  </dt>
+  <dd>
+    Starts a UDP server.
+ Accepts a single connection, reading once and then closes
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">port</code>
+          `    The port where the server will be listening to
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        <code>thread</code> A thread object
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+</dl>
+
+<h2 class="section-header "><a name="Custom_assertions">Custom assertions </a></h2>
+
+
+<dl class="function">
+  <hr />
+  <dt>
+    <h4><a name="contains">contains</a></h4>
+  </dt>
+  <dd>
+    Assertion to check whether a value lives in an array.
+ pattern
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">expected</code>
+          The value to search for
+        </li>
+        <li>
+          <code class="parameter">array</code>
+          The array to search for the value
+        </li>
+        <li>
+          <code class="parameter">pattern</code>
+          (optional) If thruthy, then <code>expected</code> is matched as a string
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        the index at which the value was found
+      </li>
+    </ul>
+
+
+
+    <h5>Usage:</h5>
+    <ul>
+      <li><pre class="example"><span class="keyword">local</span> arr = { <span class="string">"one"</span>, <span class="string">"three"</span> }
+<span class="keyword">local</span> i = <span class="global">assert</span>.contains(<span class="string">"one"</span>, arr)        <span class="comment">--&gt; passes; i == 1
+</span><span class="keyword">local</span> i = <span class="global">assert</span>.contains(<span class="string">"two"</span>, arr)        <span class="comment">--&gt; fails
+</span><span class="keyword">local</span> i = <span class="global">assert</span>.contains(<span class="string">"ee$"</span>, arr, <span class="keyword">true</span>)  <span class="comment">--&gt; passes; i == 2</span></pre></li>
+    </ul>
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="fail">fail</a></h4>
+  </dt>
+  <dd>
+    Generic fail assertion.  A convenience function for debugging tests, always
+ fails. It will output the values it was called with as a table, with an <code>n</code>
+ field to indicate the number of arguments received.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">...</code>
+          any set of parameters to be displayed with the failure
+        </li>
+    </ul>
+
+
+
+
+    <h5>Usage:</h5>
+    <ul>
+      <li><pre class="example"><span class="global">assert</span>.fail(some, value)</pre></li>
+    </ul>
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="formparam">formparam</a></h4>
+  </dt>
+  <dd>
+    Adds an assertion to look for a urlencoded form parameter in a mockbin request.
+ Parameter name comparison is done case-insensitive. Use the <a href="#request">request</a> modifier to set
+ the request to operate on.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">name</code>
+          name of the form parameter to look up (case insensitive)
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        value of the parameter
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="header">header</a></h4>
+  </dt>
+  <dd>
+    Adds an assertion to look for a named header in a <code>headers</code> subtable.
+ Header name comparison is done case-insensitive.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">name</code>
+          header name to look for (case insensitive).
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        value of the header
+      </li>
+    </ul>
+
+
+    <h5>See also:</h5>
+    <ul>
+      <li><a href="../../modules/spec.helpers#response">response</a></li>
+      <li><a href="../../modules/spec.helpers#request">request</a></li>
+    </ul>
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="jsonbody">jsonbody</a></h4>
+  </dt>
+  <dd>
+    Checks and returns a json body of an http response/request.  Only checks
+ validity of the json, does not check appropriate headers. Setting the target
+ to check can be done through <a href="#request">request</a> or <a href="#response">response</a> (requests are only
+ supported with mockbin.com).
+
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        the decoded json as a table
+      </li>
+    </ul>
+
+
+
+    <h5>Usage:</h5>
+    <ul>
+      <li><pre class="example"><span class="keyword">local</span> res = <span class="global">assert</span>(client:send { .. your request params here .. })
+<span class="keyword">local</span> json_table = <span class="global">assert</span>.response(res).has.jsonbody()</pre></li>
+    </ul>
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="queryparam">queryparam</a></h4>
+  </dt>
+  <dd>
+    An assertion to look for a query parameter in a <code>queryString</code> subtable.
+ Parameter name comparison is done case-insensitive.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">name</code>
+          name of the query parameter to look up (case insensitive)
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        value of the parameter
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="request">request</a></h4>
+  </dt>
+  <dd>
+    Generic modifier "request".
+ Will set a "request" value in the assertion state, so following
+ assertions will operate on the value set.
+ The request must be inside a 'response' from mockbin.org or httpbin.org
+ be extracted from the response.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">response</code>
+          results from <a href="#http_client:send">http_client:send</a> function. The request will
+        </li>
+    </ul>
+
+
+
+
+    <h5>Usage:</h5>
+    <ul>
+      <li><pre class="example"><span class="keyword">local</span> res = <span class="global">assert</span>(client:send { .. your request parameters here ..})
+<span class="keyword">local</span> length = <span class="global">assert</span>.request(res).has.header(<span class="string">"Content-Length"</span>)</pre></li>
+    </ul>
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="response">response</a></h4>
+  </dt>
+  <dd>
+    Generic modifier "response".
+ Will set a "response" value in the assertion state, so following
+ assertions will operate on the value set.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">response</code>
+          results from <a href="#http_client:send">http_client:send</a> function.
+        </li>
+    </ul>
+
+
+
+
+    <h5>Usage:</h5>
+    <ul>
+      <li><pre class="example"><span class="keyword">local</span> res = <span class="global">assert</span>(client:send { .. your request parameters here ..})
+<span class="keyword">local</span> length = <span class="global">assert</span>.response(res).has.header(<span class="string">"Content-Length"</span>)</pre></li>
+    </ul>
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="status">status</a></h4>
+  </dt>
+  <dd>
+    Assertion to check the statuscode of a http response.
+ alternatively use <a href="#response">response</a>.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">expected</code>
+          the expected status code
+        </li>
+        <li>
+          <code class="parameter">response</code>
+          (optional) results from <a href="#http_client:send">http_client:send</a> function,
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        the response body as a string
+      </li>
+    </ul>
+
+
+
+    <h5>Usage:</h5>
+    <ul>
+      <li><pre class="example"><span class="keyword">local</span> res = <span class="global">assert</span>(client:send { .. your request params here .. })
+<span class="keyword">local</span> body = <span class="global">assert</span>.has.status(<span class="number">200</span>, res)             <span class="comment">-- or alternatively
+</span><span class="keyword">local</span> body = <span class="global">assert</span>.response(res).has.status(<span class="number">200</span>)    <span class="comment">-- does the same</span></pre></li>
+    </ul>
+
+
+  </dd>
+</dl>
+
+<h2 class="section-header "><a name="Shell_helpers">Shell helpers </a></h2>
+
+
+<dl class="function">
+  <hr />
+  <dt>
+    <h4><a name="clean_prefix">clean_prefix</a></h4>
+  </dt>
+  <dd>
+    Cleans the Kong environment.
+ Deletes the working directory if it exists.
+ configuration will be used
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">prefix</code>
+          (optional) path to the working directory, if omitted the test
+        </li>
+    </ul>
+
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="execute">execute</a></h4>
+  </dt>
+  <dd>
+    Execute a command.
+ Modified version of <code>pl.utils.executeex()</code> so the output can directly be
+ used on an assertion.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">...</code>
+          see penlight documentation
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        ok, stderr, stdout; stdout is only included when the result was ok
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="kong_exec">kong_exec</a></h4>
+  </dt>
+  <dd>
+    Execute a Kong command.
+ variables, overriding the test config (each key will automatically be
+ prefixed with <code>KONG_</code> and be converted to uppercase)
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">cmd</code>
+          Kong command to execute, eg. <code>start</code>, <code>stop</code>, etc.
+        </li>
+        <li>
+          <code class="parameter">env</code>
+          (optional) table with kong parameters to set as environment
+        </li>
+    </ul>
+
+    <h5>Returns:</h5>
+    <ul>
+      <li>
+        same output as <code>exec</code>
+      </li>
+    </ul>
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="prepare_prefix">prepare_prefix</a></h4>
+  </dt>
+  <dd>
+    Prepare the Kong environment.
+ creates the workdirectory and deletes any existing one.
+ configuration will be used
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">prefix</code>
+          (optional) path to the working directory, if omitted the test
+        </li>
+    </ul>
+
+
+
+
+
+
+  </dd>
+  <hr />
+  <dt>
+    <h4><a name="wait_for_invalidation">wait_for_invalidation</a></h4>
+  </dt>
+  <dd>
+    Waits for invalidation of a cached key by polling the mgt-api
+ and waiting for a 404 response.
+
+    <h5>Parameters:</h5>
+    <ul>
+        <li>
+          <code class="parameter">key</code>
+          the cache-key to check
+        </li>
+        <li>
+          <code class="parameter">timeout</code>
+          (optional) in seconds, defaults to 10.
+        </li>
+    </ul>
+
+
+
+
+
+
+  </dd>
+</dl>
+
+
+    </div>
+  </div>
+</div>
+</div>
diff --git a/app/enterprise/0.34-x/network.md b/app/enterprise/0.34-x/network.md
new file mode 100644
index 000000000000..df2c4ab38f96
--- /dev/null
+++ b/app/enterprise/0.34-x/network.md
@@ -0,0 +1,46 @@
+---
+title: Network & Firewall
+---
+
+## Introduction
+
+In this section you will find a summary about the recommended network and firewall settings for Kong.
+
+## Ports
+
+Kong uses multiple connections for different purposes.
+
+* proxy 
+* management api
+
+
+### Proxy
+
+The proxy ports is where Kong receives its incoming traffic. There are two ports with the following defaults;
+
+* `8000` for proxying. This is where Kong listens for HTTP traffic. Be sure to change it to `80` once you go to production. See [proxy_listen].
+* `8443` for proxying HTTPS traffic. Be sure to change it to `443` once you go to production. See [proxy_listen] and the `ssl` suffix.
+
+These are the **only ports** that should be made available to your clients.
+
+### Management api
+
+This is the port where Kong exposes its management api. Hence in production this port should be firewalled to protect
+it from unauthorized access.
+
+* `8001` provides Kong's **Admin API** that you can use to operate Kong. See [admin_listen].
+* `8444` provides the same Kong **Admin API** but using HTTPS. See [admin_listen] and the `ssl` suffix.
+
+## Firewall
+
+Below are the recommended firewall settings:
+
+* The upstream APIs behind Kong will be available via the [proxy_listen] interface/port values.
+  Configure these values according to the access level you wish to grant to the upstream APIs.
+* If you are binding the Admin API to a public-facing interface (via [admin_listen]), then **protect** it to only allow trusted clients to access the Admin API.
+  See also [Securing the Admin API][secure_admin_api].
+
+
+[proxy_listen]: /enterprise/{{page.kong_version}}/property-reference/#proxy_listen
+[admin_listen]: /enterprise/{{page.kong_version}}/property-reference/#admin_listen
+[secure_admin_api]: /enterprise/{{page.kong_version}}/secure-admin-api
diff --git a/app/enterprise/0.34-x/oidc-auth0.md b/app/enterprise/0.34-x/oidc-auth0.md
index b1e328e9bd29..520f62576a4a 100644
--- a/app/enterprise/0.34-x/oidc-auth0.md
+++ b/app/enterprise/0.34-x/oidc-auth0.md
@@ -45,5 +45,5 @@ For basic authentication, use your client ID as the username and your client sec
 [client-credentials-grant]: https://auth0.com/docs/api-auth/tutorials/client-credentials
 [create-auth0-api]: https://auth0.com/docs/apis#how-to-configure-an-api-in-auth0
 [non-interactive-client]: https://auth0.com/docs/clients
-[create-api]: /0.13.x/admin-api/#add-api
+[create-api]: /enterprise/{{page.kong_version}}/admin-api/#add-api
 [audience-required]: https://auth0.com/docs/api/authentication#client-credentials
diff --git a/app/enterprise/0.34-x/oidc-google.md b/app/enterprise/0.34-x/oidc-google.md
index 835391aab5fa..6d8ff5a0ce5d 100644
--- a/app/enterprise/0.34-x/oidc-google.md
+++ b/app/enterprise/0.34-x/oidc-google.md
@@ -60,9 +60,9 @@ standardized][oidc-standard-claims], however--if a provider returns an `email` c
 This also requires that clients login using an account mapped to some consumer, which may not be desirable (e.g. you apply OpenID Connect to a service, but only use plugins requiring a consumer on some routes). To deal with this, you can set the `anonymous` parameter in your OIDC plugin configuration to the ID of a generic consumer, which will then be used for all authenticated users that cannot be mapped to some other consumer.
 
 
-[add-certificate]: /0.13.x/admin-api/#add-certificate
+[add-certificate]: /enterprise/{{page.kong_version}}/admin-api/#add-certificate
 [google-oidc]: https://developers.google.com/identity/protocols/OpenIDConnect
 [google-create-credentials]: https://console.developers.google.com/apis/credentials
-[add-api]: //enterprise/{{page.kong_version}}/getting-started/adding-your-api/
+[add-api]: /enterprise/{{page.kong_version}}/getting-started/adding-your-api/
 [oidc-id-token]: http://openid.net/specs/openid-connect-core-1_0.html#IDToken
 [oidc-standard-claims]: http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
diff --git a/app/enterprise/0.34-x/plugin-development/access-the-datastore.md b/app/enterprise/0.34-x/plugin-development/access-the-datastore.md
new file mode 100644
index 000000000000..e0c5e9ae7489
--- /dev/null
+++ b/app/enterprise/0.34-x/plugin-development/access-the-datastore.md
@@ -0,0 +1,67 @@
+---
+title: Plugin Development - Accessing the datastore
+book: plugin_dev
+chapter: 5
+---
+
+## Introduction
+
+Kong interacts with the model layer through classes we refer to as "DAOs". This chapter will detail the available API to interact with the datastore.
+
+Kong supports two primary datastores: [Cassandra {{site.data.kong_latest.dependencies.cassandra}}](http://cassandra.apache.org/) and [PostgreSQL {{site.data.kong_latest.dependencies.postgres}}](http://www.postgresql.org/).
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> As of CE 0.13.0 and EE 0.32.0, Kong is rolling out a new version of the DAO abstraction layer called `singletons.db`, which will gradually replace `singletons.dao`
+</div>
+---
+
+## `singletons.db` and `singletons.dao`
+
+All entities in Kong are represented by:
+
+- A schema that describes which table the entity relates to in the datastore, constraints on its fields such as foreign keys, non-null constraints etc... This schema is a table described in the [plugin configuration]({{page.book.chapters.plugin-configuration}}) chapter.
+- An instance of the `DAO` class mapping to the database currently in use (Cassandra or PostgreSQL). This class' methods consume the schema and expose methods to insert, update, find and delete entities of that type.
+
+The core entities in Kong are: Services, Routes, Consumers and Plugins. Services and Routes are available through the new `singletons.db` variable. The rest of the entities are available through `singletons.dao`. In the future they will be gradually migrated to `singletons.db`.
+
+Each of these entities can be interacted with through their corresponding DAO instance, available through the **DAO Factory** instance. The DAO Factory is responsible for loading these core entities' DAOs as well as any additional entities, provided for example by plugins.
+
+Both the DAO Factory and the new `db` interface are singleton instances in Kong and thus, are accessible through the `singletons` module:
+
+```lua
+local singletons = require "kong.singletons"
+
+-- Core DAOs
+local services_dao = singletons.db.services
+local routes_dao = singletons.db.routes
+local consumers_dao = singletons.dao.consumers
+local plugins_dao = singletons.dao.plugins
+```
+
+---
+
+## The DAO Lua API
+
+The DAO class is responsible for the operations executed on a given table in the datastore, generally mapping to an entity in Kong. All the underlying supported databases (currently Cassandra and PostgreSQL) comply to the same interface, thus making the DAO compatible with all of them.
+
+For example, inserting a Service (with `singletons.db`) and a Plugin (with `singletons.dao`) is as easy as:
+
+```lua
+local singletons = require "kong.singletons"
+local db  = singletons.db
+local dao = singletons.dao
+
+local inserted_service, err = db.services:insert({
+  name = "mockbin",
+  url = "http://mockbin.org"
+})
+
+local inserted_plugin, err = dao.plugins:insert({
+  name = "key-auth",
+  service_id = inserted_service.id
+})
+```
+
+---
+
+Next: [Custom Entities &rsaquo;]({{page.book.next}})
diff --git a/app/enterprise/0.34-x/plugin-development/admin-api.md b/app/enterprise/0.34-x/plugin-development/admin-api.md
new file mode 100644
index 000000000000..33f4c04a2af1
--- /dev/null
+++ b/app/enterprise/0.34-x/plugin-development/admin-api.md
@@ -0,0 +1,102 @@
+---
+title: Plugin Development - Extending the Admin API
+book: plugin_dev
+chapter: 8
+---
+
+## Module
+
+```
+"kong.plugins.<plugin_name>.api"
+```
+
+---
+
+The [Admin API] is the interface through which users will configure Kong. If your plugin has custom entities or management requirements, then you will need to extend the Admin API. This allows you to expose your own endpoints and implement your own management logic. A typical example of this is the creation, retrieval and deletion (commonly referred to as "CRUD operations") of API keys.
+
+The Admin API is a [Lapis](http://leafo.net/lapis/) application, and Kong's level of abstraction makes it easy for you to add endpoints.
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> This chapter assumes that you have a relative knowledge of <a href="http://leafo.net/lapis/">Lapis</a>.
+</div>
+
+---
+
+## Adding endpoints to the Admin API
+
+Kong will detect and load your endpoints if they are defined in a module named:
+
+```
+"kong.plugins.<plugin_name>.api"
+```
+
+This module is bound to return a table containing strings describing your routes (See [Lapis routes & URL Patterns](http://leafo.net/lapis/reference/actions.html#routes--url-patterns)) and HTTP verbs they support. Routes are then assigned a simple handler function.
+
+This table is then fed to Lapis (See Lapis' [handling HTTP verbs documentation](http://leafo.net/lapis/reference/actions.html#handling-http-verbs)). Example:
+
+```lua
+return {
+  ["/my-plugin/new/get/endpoint"] = {
+    GET = function(self, dao_factory, helpers)
+      -- ...
+    end
+  }
+}
+```
+
+The handler function takes three arguments, which are, in order:
+
+- `self`: The request object. See [Lapis request object](http://leafo.net/lapis/reference/actions.html#request-object)
+- `dao_factory`: The DAO Factory. See the [datastore]({{page.book.chapters.access-the-datastore}}) chapter of this guide.
+- `helpers`: A table containing a few helpers, described below.
+
+In addition to the HTTPS verbs it supports, a route table can also contain two other keys:
+
+- **before**: as in [Lapis](http://leafo.net/lapis/reference/actions.html#handling-http-verbs), a before_filter that runs before the executed verb action.
+- **on_error**: a custom error handler function that overrides the one provided by Kong. See Lapis' [capturing recoverable errors](http://leafo.net/lapis/reference/exception_handling.html#capturing-recoverable-errors) documentation.
+
+---
+
+## Helpers
+
+When handling a request on the Admin API, there are times when you want to send back responses and handle errors, to help you do so the third parameter `helpers` is a table with the following properties:
+
+- `responses`: a module with helper functions to send HTTP responses.
+- `yield_error`: the [yield_error](http://leafo.net/lapis/reference/exception_handling.html#capturing-recoverable-errors) function from Lapis. To call when your handler encounters an error (from a DAO, for example). Since all Kong errors are tables with context, it can send the appropriate response code depending on the error (Internal Server Error, Bad Request, etc...).
+
+### crud_helpers
+
+Since most of the operations you will perform in your endpoints will be CRUD operations, you can also use the `kong.api.crud_helpers` module. This module provides you with helpers for any insert, retrieve, update or delete operations and performs the necessary DAO operations and replies with the appropriate HTTP status codes. It also provides you with functions to retrieve parameters from the path, such as an API's name or id, or a Consumer's username or id.
+
+Example:
+
+```lua
+local crud = require "kong.api.crud_helpers"
+
+return {
+  ["/consumers/:username_or_id/key-auth/"] = {
+    before = function(self, dao_factory, helpers)
+      crud.find_consumer_by_username_or_id(self, dao_factory, helpers)
+      self.params.consumer_id = self.consumer.id
+    end,
+
+    GET = function(self, dao_factory, helpers)
+      crud.paginated_set(self, dao_factory.keyauth_credentials)
+    end,
+
+    PUT = function(self, dao_factory)
+      crud.put(self.params, dao_factory.keyauth_credentials)
+    end,
+
+    POST = function(self, dao_factory)
+      crud.post(self.params, dao_factory.keyauth_credentials)
+    end
+  }
+}
+```
+
+---
+
+Next: [Write tests for your plugin]({{page.book.next}})
+
+[Admin API]: /enterprise/{{page.kong_version}}/admin-api/
diff --git a/app/enterprise/0.34-x/plugin-development/custom-entities.md b/app/enterprise/0.34-x/plugin-development/custom-entities.md
new file mode 100644
index 000000000000..758d07c9d9a4
--- /dev/null
+++ b/app/enterprise/0.34-x/plugin-development/custom-entities.md
@@ -0,0 +1,177 @@
+---
+title: Plugin Development - Custom Entities
+book: plugin_dev
+chapter: 6
+---
+
+## Modules
+
+```
+"kong.plugins.<plugin_name>.schema.migrations"
+"kong.plugins.<plugin_name>.daos"
+```
+
+---
+
+Your plugin might need to store more than its configuration in the database. In that case, Kong provides you with an abstraction on top of its primary datastores which allows you to store custom entities.
+
+As explained in the [previous chapter]({{page.book.previous}}), Kong interacts with the model layer through classes we refer to as "DAOs", and available on a singleton often referred to as the "DAO Factory". This chapter will explain how to to provide an abstraction for your own entities.
+
+---
+
+## Create a migration file
+
+Once you have defined your model, you must create your migration modules which will be executed by Kong to create the table in which your records of your entity will be stored. A migration file simply holds an array of migrations, and returns them.
+
+Since Kong `0.8.0`, both Cassandra and PostgreSQL are supported, which requires that your plugin implements its migrations for both databases.
+
+Each migration must bear a unique name, and `up` and `down` fields. Such fields can either be strings of SQL/CQL queries for simple migrations, or actual Lua code to execute for complex ones. The `up` field will be executed when Kong migrates **forward**. It must bring your database's schema to the latest state required by your plugin. The `down` field must execute the necessary actions to revert your schema to its previous state, before `up` was ran.
+
+One of the main benefits of this approach is should you need to release a new version of your plugin that modifies a model, you can simply add new migrations to the array before releasing your plugin. Another benefit is that it is also possible to revert such migrations.
+
+As described in the [file structure]({{page.book.chapters.file-structure}}) chapter, your migrations modules must be named:
+
+```
+"kong.plugins.<plugin_name>.migrations.cassandra"
+"kong.plugins.<plugin_name>.migrations.postgres"
+```
+
+Here is an example of how one would define a migration file to store API keys:
+
+```lua
+-- cassandra.lua
+return {
+  {
+    name = "2015-07-31-172400_init_keyauth",
+    up =  [[
+      CREATE TABLE IF NOT EXISTS keyauth_credentials(
+        id uuid,
+        consumer_id uuid,
+        key text,
+        created_at timestamp,
+        PRIMARY KEY (id)
+      );
+
+      CREATE INDEX IF NOT EXISTS ON keyauth_credentials(key);
+      CREATE INDEX IF NOT EXISTS keyauth_consumer_id ON keyauth_credentials(consumer_id);
+    ]],
+    down = [[
+      DROP TABLE keyauth_credentials;
+    ]]
+  }
+}
+```
+
+```lua
+-- postgres.lua
+return {
+  {
+    name = "2015-07-31-172400_init_keyauth",
+    up = [[
+      CREATE TABLE IF NOT EXISTS keyauth_credentials(
+        id uuid,
+        consumer_id uuid REFERENCES consumers (id) ON DELETE CASCADE,
+        key text UNIQUE,
+        created_at timestamp without time zone default (CURRENT_TIMESTAMP(0) at time zone 'utc'),
+        PRIMARY KEY (id)
+      );
+
+      DO $$
+      BEGIN
+        IF (SELECT to_regclass('public.keyauth_key_idx')) IS NULL THEN
+          CREATE INDEX keyauth_key_idx ON keyauth_credentials(key);
+        END IF;
+        IF (SELECT to_regclass('public.keyauth_consumer_idx')) IS NULL THEN
+          CREATE INDEX keyauth_consumer_idx ON keyauth_credentials(consumer_id);
+        END IF;
+      END$$;
+    ]],
+    down = [[
+      DROP TABLE keyauth_credentials;
+    ]]
+  }
+}
+```
+
+- `name`: Must be a unique string. The format does not matter but can help you debug issues while developing your plugin, so make sure to name it in a relevant way.
+- `up`: Executed when Kong migrates **forward**.
+- `down`: Executed when Kong migrates **backward**.
+
+While Postgres does, Cassandra does not support constraints such as "NOT NULL", "UNIQUE" or "FOREIGN KEY", but Kong provides you with such features when you define your model's schema. bear in mind that this schema will be the same for both PostgreSQL and Cassandra, hence, you might trade-off a pure SQL schema for one that works with Cassandra too.
+
+**IMPORTANT**: if your `schema` uses a `unique` constraint, then Kong will enforce it for Cassandra, but for Postgres you must set this constraint in the `migrations` file.
+
+---
+
+## Retrieve your custom DAO from the Dao Factory
+
+To make the DAO Factory load your custom DAO(s), you will simply need to define your entity's schema (just like the schemas describing your [plugin configuration]({{page.book.chapters.plugin-configuration}})). This schema contains a few more values since it must describes which table the entity relates to in the datastore, constraints on its fields such as foreign keys, non-null constraints and such.
+
+This schema is to be defined in a module named:
+
+```
+"kong.plugins.<plugin_name>.daos"
+```
+
+Once that module returns your entity's schema, and assuming your plugin is loaded by Kong (see the `custom_plugins` property in `kong.yml`), the DAO Factory will use it to instantiate a DAO object.
+
+Here is an example of how one would define a schema to store API keys in a his or her database:
+
+```lua
+-- daos.lua
+local SCHEMA = {
+  primary_key = {"id"},
+  table = "keyauth_credentials", -- the actual table in the database
+  fields = {
+    id = {type = "id", dao_insert_value = true}, -- a value to be inserted by the DAO itself (think of serial ID and the uniqueness of such required here)
+    created_at = {type = "timestamp", immutable = true, dao_insert_value = true}, -- also interted by the DAO itself
+    consumer_id = {type = "id", required = true, foreign = "consumers:id"}, -- a foreign key to a Consumer's id
+    key = {type = "string", required = false, unique = true} -- a unique API key
+  }
+}
+
+return {keyauth_credentials = SCHEMA} -- this plugin only results in one custom DAO, named `keyauth_credentials`
+```
+
+Since your plugin might have to deal with multiple custom DAOs (in the case when you want to store several entities), this module is bound to return a key/value table where keys are the name on which the custom DAO will be available in the DAO Factory.
+
+You will have noticed a few new properties in the schema definition (compared to your [schema.lua]({{page.book.chapters.plugin-configuration}}) file):
+
+| Property name         | Lua type                  | Description
+|-----------------------|---------------------------|-------------
+| `primary_key`         | Integer indexed table     | An array of each part of your column family's primary key. It also supports **composite keys**, even if all Kong entities currently use a simple `id` for usability of the [Admin API]. If your primary key is composite, only include what makes your **partition key**.
+| `fields.*.dao_insert_value` | Boolean              | If true, specifies that this field is to be automatically populated by the DAO (in the base_dao implementation) depending on it's type. A property of type `id` will be a generated uuid, and `timestamp` a timestamp with second-precision.
+| `fields.*.queryable`  | Boolean                   | If true, specifies that Cassandra maintains an index on the specified column. This allows for querying the column family filtered by this column.
+| `fields.*.foreign`    | String                    | Specifies that this column is a foreign key to another entity's column. The format is: `dao_name:column_name`. This makes it up for Cassandra not supporting foreign keys. When the parent row will be deleted, Kong will also delete rows containing the parent's column value.
+
+Your DAO will now be loaded by the DAO Factory and available as one of its properties:
+
+```lua
+local singletons = require "kong.singletons"
+local dao_factory = singletons.dao
+
+local keys_dao = dao_factory.keyauth_credentials
+
+local key_credential, err = keys_dao:insert({
+  consumer_id = consumer.id,
+  key = "abcd"
+})
+```
+
+The DAO name (`keyauth_credentials`) with which it is accessible from the DAO Factory depends on the key with which you exported your DAO in the returned table of `daos.lua`.
+
+---
+
+## Caching custom entities
+
+Sometimes custom entities are required on every request/response, which in turn triggers a query on the datastore every time. This is very inefficient because querying the datastore adds latency and slows the request/response down, and the resulting increased load on the datastore could affect the datastore performance itself and, in turn, other Kong nodes.
+
+When a custom entity is required on every request/response it is good practice to cache it in-memory by leveraging the in-memory cache API that Kong provides.
+
+The next chapter will focus on caching custom entities, and invalidating them when they change in the datastore: [Caching custom entities]({{page.book.next}}).
+
+---
+
+Next: [Caching custom entities &rsaquo;]({{page.book.next}})
+
+[Admin API]: /enterprise/{{page.kong_version}}/admin-api/
diff --git a/app/enterprise/0.34-x/plugin-development/custom-logic.md b/app/enterprise/0.34-x/plugin-development/custom-logic.md
new file mode 100644
index 000000000000..3d940506a119
--- /dev/null
+++ b/app/enterprise/0.34-x/plugin-development/custom-logic.md
@@ -0,0 +1,243 @@
+---
+title: Plugin Development - Write custom logic
+book: plugin_dev
+chapter: 3
+---
+
+## Module
+
+```
+"kong.plugins.<plugin_name>.handler"
+```
+
+---
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> This chapter assumes that you are familiar with
+  <a href="http://www.lua.org/">Lua</a> and the
+  <a href="https://github.com/openresty/lua-nginx-module">lua-nginx-module API</a>.
+</div>
+
+Kong allows you to execute custom code at different times in the lifecycle of a
+request. To do so, you have to implement one or several of the methods of the
+`base_plugin.lua` interface. Those methods are to be implemented in a module
+at: `"kong.plugins.<plugin_name>.handler"`
+
+---
+
+## Available request contexts
+
+Kong allows you to write your code in all of the lua-nginx-module contexts.
+Each function to implement in your `handler.lua` file will be executed when the
+context is reached for a request:
+
+| Function name           | lua-nginx-module context           | Description
+|-------------------------|------------------------------------|--------------
+| `:init_worker()`         | [init_worker_by_lua]               | Executed upon every Nginx worker process's startup.
+| `:certificate()`         | [ssl_certificate_by_lua_block]     | Executed during the SSL certificate serving phase of the SSL handshake.
+| `:rewrite()`             | [rewrite_by_lua_block]             | Executed for every request upon its reception from a client as a rewrite phase handler. *NOTE* in this phase neither the `api` nor the `consumer` have been identified, hence this handler will only be executed if the plugin was configured as a global plugin!
+| `:access()`              | [access_by_lua]                    | Executed for every request from a client and before it is being proxied to the upstream service.
+| `:header_filter()`       | [header_filter_by_lua]             | Executed when all response headers bytes have been received from the upstream service.
+| `:body_filter()`         | [body_filter_by_lua]               | Executed for each chunk of the response body received from the upstream service. Since the response is streamed back to the client, it can exceed the buffer size and be streamed chunk by chunk. hence this method can be called multiple times if the response is large. See the lua-nginx-module documentation for more details.
+| `:log()`                 | [log_by_lua]                       | Executed when the last response byte has been sent to the client.
+
+All of those functions take one parameter given by Kong: the configuration of your plugin. This parameter is a simple Lua table, and will contain values defined by your users, according to the schema of your choice. More on that in the [next chapter]({{page.book.next}}).
+
+[ssl_certificate_by_lua_block]: https://github.com/openresty/lua-nginx-module#ssl_certificate_by_lua_block
+[init_worker_by_lua]: https://github.com/openresty/lua-nginx-module#init_worker_by_lua
+[rewrite_by_lua_block]: https://github.com/openresty/lua-nginx-module#rewrite_by_lua_block
+[access_by_lua]: https://github.com/openresty/lua-nginx-module#access_by_lua
+[header_filter_by_lua]: https://github.com/openresty/lua-nginx-module#header_filter_by_lua
+[body_filter_by_lua]: https://github.com/openresty/lua-nginx-module#body_filter_by_lua
+[log_by_lua]: https://github.com/openresty/lua-nginx-module#log_by_lua
+
+---
+
+## handler.lua specifications
+
+The `handler.lua` file must return a table implementing the functions you wish
+to be executed. In favor of brevity, here is a commented example module
+implementing all the available methods:
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> Kong uses the
+  <a href="https://github.com/rxi/classic">rxi/classic</a> module to simulate
+  classes in Lua and ease the inheritance pattern.
+</div>
+
+```lua
+-- Extending the Base Plugin handler is optional, as there is no real
+-- concept of interface in Lua, but the Base Plugin handler's methods
+-- can be called from your child implementation and will print logs
+-- in your `error.log` file (where all logs are printed).
+local BasePlugin = require "kong.plugins.base_plugin"
+local CustomHandler = BasePlugin:extend()
+
+-- Your plugin handler's constructor. If you are extending the
+-- Base Plugin handler, it's only role is to instantiate itself
+-- with a name. The name is your plugin name as it will be printed in the logs.
+function CustomHandler:new()
+  CustomHandler.super.new(self, "my-custom-plugin")
+end
+
+function CustomHandler:init_worker()
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.init_worker(self)
+
+  -- Implement any custom logic here
+end
+
+function CustomHandler:certificate(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.certificate(self)
+
+  -- Implement any custom logic here
+end
+
+function CustomHandler:rewrite(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.rewrite(self)
+
+  -- Implement any custom logic here
+end
+
+function CustomHandler:access(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.access(self)
+
+  -- Implement any custom logic here
+end
+
+function CustomHandler:header_filter(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.header_filter(self)
+
+  -- Implement any custom logic here
+end
+
+function CustomHandler:body_filter(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.body_filter(self)
+
+  -- Implement any custom logic here
+end
+
+function CustomHandler:log(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.log(self)
+
+  -- Implement any custom logic here
+end
+
+-- This module needs to return the created table, so that Kong
+-- can execute those functions.
+return CustomHandler
+```
+
+Of course, the logic of your plugin itself can be abstracted away in another
+module, and called from your `handler` module. Many existing plugins have
+already chosen this pattern when their logic is verbose, but it is purely
+optional:
+
+```lua
+local BasePlugin = require "kong.plugins.base_plugin"
+
+-- The actual logic is implemented in those modules
+local access = require "kong.plugins.my-custom-plugin.access"
+local body_filter = require "kong.plugins.my-custom-plugin.body_filter"
+
+local CustomHandler = BasePlugin:extend()
+
+function CustomHandler:new()
+  CustomHandler.super.new(self, "my-custom-plugin")
+end
+
+function CustomHandler:access(config)
+  CustomHandler.super.access(self)
+
+  -- Execute any function from the module loaded in `access`,
+  -- for example, `execute()` and passing it the plugin's configuration.
+  access.execute(config)
+end
+
+function CustomHandler:body_filter(config)
+  CustomHandler.super.body_filter(self)
+
+  -- Execute any function from the module loaded in `body_filter`,
+  -- for example, `execute()` and passing it the plugin's configuration.
+  body_filter.execute(config)
+end
+
+return CustomHandler
+```
+
+---
+
+## Plugins execution order
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> This is still a work-in-progress API. For thoughts on
+  how plugins execution order should be configurable in the future, see
+  <a href="https://github.com/Kong/kong/issues/267">Kong/kong#267</a>.
+</div>
+
+Some plugins might depend on the execution of others to perform some
+operations. For example, plugins relying on the identity of the consumer have
+to run **after** authentication plugins. Considering this, Kong defines
+**priorities** between plugins execution to ensure that order is respected.
+
+Your plugin's priority can be configured via a property accepting a number in
+the returned handler table:
+
+```lua
+CustomHandler.PRIORITY = 10
+```
+
+The higher the priority, the sooner your plugin's phases will be executed in
+regard to other plugins' phases (such as `:access()`, `:log()`, etc...).
+
+The current order of execution for the bundled plugins is:
+
+Plugin                    | Priority
+-------------------------:|:------------
+bot-detection             | 2500
+cors                      | 2000
+jwt                       | 1005
+oauth2                    | 1004
+key-auth                  | 1003
+ldap-auth                 | 1002
+basic-auth                | 1001
+hmac-auth                 | 1000
+ip-restriction            | 990
+request-size-limiting     | 951
+acl                       | 950
+rate-limiting             | 901
+response-ratelimiting     | 900
+request-transformer       | 801
+response-transformer      | 800
+aws-lambda                | 750
+http-log                  | 12
+statsd                    | 11
+datadog                   | 10
+file-log                  | 9
+udp-log                   | 8
+tcp-log                   | 7
+loggly                    | 6
+runscope                  | 5
+syslog                    | 4
+galileo                   | 3
+request-termination       | 2
+correlation-id            | 1
+
+---
+
+Next: [Store configuration &rsaquo;]({{page.book.next}})
+
+[lua-nginx-module]: https://github.com/openresty/lua-nginx-module
diff --git a/app/enterprise/0.34-x/plugin-development/distribution.md b/app/enterprise/0.34-x/plugin-development/distribution.md
new file mode 100644
index 000000000000..eb60df2fcdba
--- /dev/null
+++ b/app/enterprise/0.34-x/plugin-development/distribution.md
@@ -0,0 +1,286 @@
+---
+title: Plugin Development - (un)Install your plugin
+book: plugin_dev
+chapter: 10
+---
+
+## Introduction
+
+Custom plugins for Kong consist of Lua source files that need to be in the file
+system of each of your Kong nodes. This guide will provide you with
+step-by-step instructions that will make a Kong node aware of your custom
+plugin(s).
+
+These steps should be applied to each node in your Kong cluster, to ensure the
+custom plugin(s) are available on each one of them.
+
+## Packaging sources
+
+You can either use a regular packing strategy (eg. `tar`), or use the LuaRocks
+package manager to do it for you. We recommend LuaRocks as it is installed
+along with Kong when using one of the official distribution packages.
+
+When using LuaRocks, you must create a `rockspec` file, which specifies the
+package contents. For an example see the [Kong plugin
+template][plugin-template], for more info about the format see the LuaRocks
+[documentation on rockspecs][rockspec].
+
+Pack your rock using the following command (from the plugin repo):
+
+    # install it locally (based on the `.rockspec` in the current directory)
+    $ luarocks make
+
+    # pack the installed rock
+    $ luarocks pack <plugin-name> <version>
+
+Assuming your plugin rockspec is called
+`kong-plugin-myPlugin-0.1.0-1.rockspec`, the above would become;
+
+    $ luarocks pack kong-plugin-myPlugin 0.1.0-1
+
+The LuaRocks `pack` command has now created a `.rock` file (this is simply a
+zip file containing everything needed to install the rock).
+
+If you do not or cannot use LuaRocks, then use `tar` to pack the
+`.lua` files of which your plugin consists into a `.tar.gz` archive. You can
+also include the `.rockspec` file if you do have LuaRocks on the target
+systems.
+
+The contents of this archive should be close to the following:
+
+    $ tree <plugin-name>
+    <plugin-name>
+    ├── INSTALL.txt
+    ├── README.md
+    ├── kong
+    │   └── plugins
+    │       └── <plugin-name>
+    │           ├── handler.lua
+    │           └── schema.lua
+    └── <plugin-name>-<version>.rockspec
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Installing the plugin
+
+For a Kong node to be able to use the custom plugin, the custom plugin's Lua
+sources must be installed on your host's file system. There are multiple ways
+of doing so: via LuaRocks, or manually. Choose one, and jump to section 3.
+
+1. Via LuaRocks from the created 'rock'
+
+    The `.rock` file is a self contained package that can be installed locally
+    or from a remote server.
+
+    If the `luarocks` utility is installed in your system (this is likely the
+    case if you used one of the official installation packages), you can
+    install the 'rock' in your LuaRocks tree (a directory in which LuaRocks
+    installs Lua modules).
+
+    It can be installed by doing:
+
+        $ luarocks install <rock-filename>
+
+    The filename can be a local name, or any of the supported methods, eg.
+    `http://myrepository.lan/rocks/myplugin-0.1.0-1.all.rock`
+
+2. Via LuaRocks from the source archive
+
+    If the `luarocks` utility is installed in your system (this is likely the
+    case if you used one of the official installation packages), you can
+    install the Lua sources in your LuaRocks tree (a directory in which
+    LuaRocks installs Lua modules).
+
+    You can do so by changing the current directory to the extracted archive,
+    where the rockspec file is:
+
+        $ cd <plugin-name>
+
+    And then run the following:
+
+        $ luarocks make
+
+    This will install the Lua sources in `kong/plugins/<plugin-name>` in your
+    system's LuaRocks tree, where all the Kong sources are already present.
+
+3. Manually
+
+    A more conservative way of installing your plugin's sources is
+    to avoid "polluting" the LuaRocks tree, and instead, point Kong
+    to the directory containing them.
+
+    This is done by tweaking the `lua_package_path` property of your Kong
+    configuration. Under the hood, this property is an alias to the `LUA_PATH`
+    variable of the Lua VM, if you are familiar with it.
+
+    Those properties contain a semicolon-separated list of directories in
+    which to search for Lua sources. It should be set like so in your Kong
+    configuration file:
+
+        lua_package_path = /<path-to-plugin-location>/?.lua;;
+
+    Where:
+
+    * `/<path-to-plugin-location>` is the path to the directory containing the
+      extracted archive. It should be the location of the `kong` directory
+      from the archive.
+    * `?` is a placeholder that will be replaced by
+      `kong.plugins.<plugin-name>` when Kong will try to load your plugin. Do
+      not change it.
+    * `;;` a placeholder for the "the default Lua path". Do not change it.
+
+    Example:
+
+    The plugin `something` being located on the file system such that the
+    handler file is:
+
+        /usr/local/custom/kong/plugins/<something>/handler.lua
+
+    The location of the `kong` directory is: `/usr/local/custom`, hence the
+    proper path setup would be:
+
+        lua_package_path = /usr/local/custom/?.lua;;
+
+    Multiple plugins:
+
+    If you wish to install two or more custom plugins this way, you can set
+    the variable to something like:
+
+        lua_package_path = /path/to/plugin1/?.lua;/path/to/plugin2/?.lua;;
+
+    * `;` is the separator between directories.
+    * `;;` still means "the default Lua path".
+
+    Note: you can also set this property via its environment variable
+    equivalent: `KONG_LUA_PACKAGE_PATH`.
+
+Reminder: regardless of which method you are using to install your plugin's
+sources, you must still do so for each node in your Kong cluster.
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Load the plugin
+
+You must now add the custom plugin's name to the `custom_plugins` list in your
+Kong configuration (on each Kong node):
+
+    custom_plugins = <plugin-name>
+
+If you are using two or more custom plugins, insert commas in between, like so:
+
+    custom_plugins = plugin1,plugin2
+
+Note: you can also set this property via its environment variable equivalent:
+`KONG_CUSTOM_PLUGINS`.
+
+Reminder: don't forget to update the `custom_plugins` directive for each node
+in your Kong cluster.
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Verify loading the plugin
+
+You should now be able to start Kong without any issue. Consult your custom
+plugin's instructions on how to enable/configure your plugin
+on an API or Consumer object.
+
+To make sure your plugin is being loaded by Kong, you can start Kong with a
+`debug` log level:
+
+    log_level = debug
+
+or:
+
+    KONG_LOG_LEVEL=debug
+
+Then, you should see the following log for each plugin being loaded:
+
+    [debug] Loading plugin <plugin-name>
+
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Removing a plugin
+
+There are three steps to completely remove a plugin.
+
+1. Remove the plugin from your Kong api configuration. Make sure that it
+   is no longer applied globally nor for any API or consumer. This has to be
+   done only once for the entire Kong cluster, no restart/reload required.
+   This step in itself will make that the plugin is no longer in use. But it
+   remains available and it is still possible to re-apply the plugin.
+
+2. Remove the plugin from the `custom_plugins` directive (on each Kong node).
+   Make sure to have completed step 1 before doing so. After this step
+   it will be impossible for anyone to re-apply the plugin to any Kong
+   api, consumer, or even globally. This step requires to restart/reload the
+   Kong node to take effect.
+
+3. To remove the plugin thoroughly, delete the plugin-related files from
+   each of the Kong nodes. Make sure to have completed step 2, including
+   restarting/reloading Kong, before deleting the files. If you used LuaRocks
+   to install the plugin, you can do `luarocks remove <plugin-name>` to remove
+   it.
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Distribute your plugin
+
+The preferred way to do so is to use [Luarocks](https://luarocks.org/), a
+package manager for Lua modules. It calls such modules "rocks". **Your module
+does not have to live inside the Kong repository**, but it can be if that's
+how you'd like to maintain your Kong setup.
+
+By defining your modules (and their eventual dependencies) in a [rockspec]
+file, you can install those modules on your platform via Luarocks. You can
+also upload your module on Luarocks and make it available to everyone!
+
+Here is an example rockspec which would use the "builtin" build type to define
+modules in Lua notation and their corresponding file:
+
+
+For an example see the [Kong plugin template][plugin-template], for more info
+about the format see the LuaRocks [documentation on rockspecs][rockspec].
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Troubleshooting
+
+Kong can fail to start because of a misconfigured custom plugin for several
+reasons:
+
+* "plugin is in use but not enabled" -> You configured a custom plugin from
+  another node, and that the plugin configuration is in the database, but the
+  current node you are trying to start does not have it in its `custom_plugins`
+  directive. To resolve, add the plugin's name to the node's `custom_plugins`
+  directive.
+
+* "plugin is enabled but not installed" -> The plugin's name is present in the
+  `custom_plugins` directive, but that Kong is unable to load the `handler.lua`
+  source file from the file system. To resolve, make sure that the
+  lua_package_path directive is properly set to load this plugin's Lua sources.
+
+* "no configuration schema found for plugin" -> The plugin is installed,
+  enabled in custom_plugins, but Kong is unable to load the `schema.lua`
+  source file from the file system.
+  To resolve, make sure that the `schema.lua` file is present alongside the
+  plugin's `handler.lua` file.
+
+[Back to TOC](#table-of-contents)
+
+---
+
+[rockspec]: https://github.com/keplerproject/luarocks/wiki/Creating-a-rock
+[plugin-template]: https://github.com/Kong/kong-plugin
diff --git a/app/enterprise/0.34-x/plugin-development/entities-cache.md b/app/enterprise/0.34-x/plugin-development/entities-cache.md
new file mode 100644
index 000000000000..3f851d947d8c
--- /dev/null
+++ b/app/enterprise/0.34-x/plugin-development/entities-cache.md
@@ -0,0 +1,288 @@
+---
+title: Plugin Development - Caching custom entities
+book: plugin_dev
+chapter: 7
+---
+
+## Modules
+
+```
+"kong.plugins.<plugin_name>.daos"
+```
+
+---
+
+Your plugin may need to frequently access custom entities (explained in the
+[previous chapter]({{page.book.previous}})) on every request and/or response.
+Usually, loading them once and caching them in-memory dramatically improves
+the performance while making sure the datastore is not stressed with an
+increased load.
+
+Think of an api-key authentication plugin that needs to validate the api-key on
+every request, thus loading the custom credential object from the datastore on
+every request. When the client provides an api-key along with the request,
+normally you would query the datastore to check if that key exists, and then
+either block the request or retrieve the Consumer ID to identify the user. This
+would happen on every request, and it would be very inefficient:
+
+* Querying the datastore adds latency on every request, making the request
+  processing slower.
+* The datastore would also be affected by an increase of load, potentially
+  crashing or slowing down, which in turn would affect every Kong
+  node.
+
+To avoid querying the datastore every time, we can cache custom entities
+in-memory on the node, so that frequent entity lookups don't trigger a
+datastore query every time (only the first time), but happen in-memory, which
+is much faster and reliable that querying it from the datastore (especially
+under heavy load).
+
+---
+
+## Caching custom entities
+
+Once you have defined your custom entities, you can cache them in-memory in
+your code by using the `singletons.cache` module provided by Kong:
+
+```
+local singletons = require "kong.singletons"
+local cache = singletons.cache
+```
+
+There are 2 levels of cache:
+
+1. L1: Lua memory cache - local to an nginx worker
+   This can hold any type of Lua value.
+2. L2: Shared memory cache (SHM) - local to an nginx node, but shared between
+   all workers. This can only hold scalar values, and hence requires
+   (de)serialization.
+
+When data is fetched from the database, it will be stored in both caches. Now
+if the same worker process requests the data again, it will retrieve the
+previously-deserialized data from the Lua memory cache. If a different
+worker within the same nginx node requests that data, it will find the data
+in the SHM, deserialize it (and store it in its own Lua memory cache) and
+then return it.
+
+This module exposes the following functions:
+
+Function name                                 | Description
+----------------------------------------------|---------------------------
+`value, err = cache:get(key, opts?, cb, ...)` | Retrieves the value from the cache. If the cache does not have value (miss), invokes `cb` in protected mode. `cb` must return one (and only one) value that will be cached. It *can* throw errors, as those will be caught and properly logged by Kong, at the `ngx.ERR` level. This function **does** cache negative results (`nil`). As such, one must rely on its second argument `err` when checking for errors.
+`ttl, err, value = cache:probe(key)`          | Checks if a value is cached. If it is, returns its remaining TTL. It not, returns `nil`. The value being cached can also be a negative caching. The third return value is the value being cached itself.
+`cache:invalidate_local(key)`                       | Evicts a value from the node's cache.
+`cache:invalidate(key)`                             | Evicts a value from the node's cache **and** propagates the eviction events to all other nodes in the cluster.
+`cache:purge()`                                     | Evicts **all** values from the node's cache.
+
+Bringing back our authentication plugin example, to lookup a credential with a
+specific api-key, we would write something like:
+
+```lua
+-- access.lua
+local singletons = require "kong.singletons"
+
+local function load_entity_key(api_key)
+  -- IMPORTANT: the callback is executed inside a lock, hence we cannot terminate
+  -- a request here, we MUST always return.
+  local apikeys, err = dao.apikeys:find_all({key = api_key}) -- Lookup in the datastore
+  if err then
+    error(err) -- caught by kong.cache and logged
+  end
+
+  if not apikeys then
+    return nil -- nothing was found (cached for `neg_ttl`)
+  end
+
+  -- assuming the key was unique, we always only have 1 value...
+  return apikeys[1] -- cache the credential (cached for `ttl`)
+end
+
+-- retrieve the apikey from the request querystring
+local apikey = request.get_uri_args().apikey
+
+-- We are using cache.get to first check if the apikey has been already
+-- stored into the in-memory cache at the key: "apikeys." .. apikey
+-- If it's not, then we lookup the datastore and return the credential
+-- object. Internally cache.get will save the value in-memory, and then
+-- return the credential.
+local credential, err = cache:get("apikeys." .. apikey, nil,
+                                  load_entity_key, apikey)
+if err then
+  return response.HTTP_INTERNAL_SERVER_ERROR(err)
+end
+
+if not credential then
+  -- no credentials in cache nor datastore
+  return responses.send_HTTP_FORBIDDEN("Invalid authentication credentials")
+end
+
+-- set an upstream header if the credential exists and is valid
+ngx.req.set_header("X-API-Key", credential.apikey)
+```
+
+With the above mechanism in place, once a Consumer has made a request with
+their API key, the cache will be considered warm and subsequent requests
+won't result in a database query.
+
+### Updating or deleting a custom entity
+
+Every time a cached custom entity is updated or deleted in the datastore (i.e.
+using the Admin API), it creates an inconsistency between the data in
+the datastore, and the data cached in the Kong nodes' memory. To avoid this
+inconsistency, we need to evict the cached entity from the in-memory store and
+force Kong to request it again from the datastore. We refer to this process as
+cache invalidation.
+
+---
+
+## Cache invalidation for your entities
+
+If you wish that your cached entities be invalidated upon a CRUD operation
+rather than having to wait for them to reach their TTL, you have to follow
+a few steps. This process can be automated since 0.11.0 for most entities,
+but manually subscribing to some CRUD events might be required to invalidate
+some entities with more complex relationships.
+
+### Automatic cache invalidation
+
+Cache invalidation can be provided out of the box for your entities if you
+rely on the `cache_key` property of your entity's schema. For example, in the
+following schema:
+
+```lua
+local SCHEMA = {
+  primary_key = { "id" },
+  table = "keyauth_credentials",
+  cache_key = { "key" }, -- cache key for this entity
+  fields = {
+    id = { type = "id" },
+    created_at = { type = "timestamp", immutable = true },
+    consumer_id = { type = "id", required = true, foreign = "consumers:id"},
+    key = { type = "string", required = false, unique = true }
+  }
+}
+
+return { keyauth_credentials = SCHEMA }
+```
+
+We can see that we declare the cache key of this API key entity to be its
+`key` attribute. We use `key` here because it has a unique constraints
+applied to it. Hence, the attributes added to `cache_key` should result in
+a unique combination, so that no two entities could yield the same cache key.
+
+Adding this value allows you to use the following function on the DAO of that
+entity:
+
+```lua
+cache_key = dao:cache_key(arg1, arg2, arg3, ...)
+```
+
+Where the arguments must be the attributes specified in your schema's
+`cache_key` property, in the order they were specified. This function then
+computes a string value `cache_key` that is ensured to be unique.
+
+For example, if we were to generate the cache_key of an API key:
+
+```lua
+local cache_key = singletons.dao.keyauth_credentials:cache_key("abcd")
+```
+
+This would produce a cache_key for the API key `"abcd"` (retrieved from one
+of the query's arguments) that we can the use to retrieve the key from the
+cache (or fetch from the database if the cache is a miss):
+
+```lua
+local apikey = request.get_uri_args().apikey
+local cache_key = singletons.dao.keyauth_credentials:cache_key(apikey)
+
+local credential, err = cache:get(cache_key, nil, load_entity_key, apikey)
+if err then
+  return response.HTTP_INTERNAL_SERVER_ERROR(err)
+end
+
+-- do something with the credential
+```
+
+If the `cache_key` is generated like so and specified in an entity's schema,
+cache invalidation will be an automatic process: every CRUD operation that
+affects this API key will be make Kong generate the affected `cache_key`, and
+broadcast it to all of the other nodes on the cluster so they can evict
+that particular value from their cache, and fetch the fresh value from the
+datastore on the next request.
+
+When a parent entity is receiving a CRUD operation (e.g. the Consumer owning
+this API key, as per our schema's `consumer_id` attribute), Kong performs the
+cache invalidation mechanism for both the parent and the child entity.
+
+**Note**: Be aware of the negative caching that Kong provides. In the above
+example, if there is no API key in the datastore for a given key, the cache
+module will store the miss just as if it was a hit. This means that a
+"Create" event (one that would create an API key with this given key) is also
+propagated by Kong so that all nodes that stored the miss can evict it, and
+properly fetch the newly created API key from the datastore.
+
+See the [Clustering Guide](/{{page.kong_version}}/clustering/) to ensure
+that you have properly configured your cluster for such invalidation events.
+
+### Manual cache invalidation
+
+In some cases, the `cache_key` property of an entity's schema is not flexible
+enough, and one must manually invalidate its cache. Reasons for this could be
+that the plugin is not defining a relationship with another entity via the
+traditional `foreign = "parent_entity:parent_attribute"` syntax, or because
+it is not using the `cache_key` method from its DAO, or even because it is
+somehow abusing the caching mechanism.
+
+In those cases, you can manually setup your own subscriber to the same
+invalidation channels Kong is listening to, and perform your own, custom
+invalidation work.
+
+To listen on invalidation channels inside of Kong, implement the following in
+your plugin's `init_worker` handler:
+
+```lua
+function MyCustomHandler:init_worker()
+  local worker_events = singletons.worker_events
+
+  -- listen to all CRUD operations made on Consumers
+  worker_events.register(function(data)
+
+  end, "crud", "consumers")
+
+  -- or, listen to a specific CRUD operation only
+  worker_events.register(function(data)
+    print(data.operation)  -- "update"
+    print(data.old_entity) -- old entity table (only for "update")
+    print(data.entity)     -- new entity table
+    print(data.schema)     -- entity's schema
+  end, "crud", "consumers:update")
+end
+```
+
+Once the above listeners are in place for the desired entities, you can perform
+manual invalidations of any entity that your plugin has cached as you wish so.
+For instance:
+
+```lua
+singletons.worker_events.register(function(data)
+  if data.operation == "delete" then
+    local cache_key = data.entity.id
+    singletons.cache:invalidate("prefix:" .. cache_key)
+  end
+end, "crud", "consumers")
+```
+
+## Extending the Admin API
+
+As you are probably aware, the [Admin API] is where Kong users communicate with
+Kong to setup their APIs and plugins. It is likely that they also need to be
+able to interact with the custom entities you implemented for your plugin (for
+example, creating and deleting API keys). The way you would do this is by
+extending the Admin API, which we will detail in the next chapter: [Extending
+the Admin API]({{page.book.next}}).
+
+---
+
+Next: [Extending the Admin API &rsaquo;]({{page.book.next}})
+
+[Admin API]: /enterprise/{{page.kong_version}}/admin-api/
diff --git a/app/enterprise/0.34-x/plugin-development/file-structure.md b/app/enterprise/0.34-x/plugin-development/file-structure.md
new file mode 100644
index 000000000000..64a09622cbdb
--- /dev/null
+++ b/app/enterprise/0.34-x/plugin-development/file-structure.md
@@ -0,0 +1,107 @@
+---
+title: Plugin Development - File Structure
+book: plugin_dev
+chapter: 2
+---
+
+## Introduction
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> This chapter assumes that you are familiar with
+  <a href="http://www.lua.org/">Lua</a>.
+</div>
+
+Consider your plugin as a set of [Lua
+modules](http://www.lua.org/manual/5.1/manual.html#6.3). Each file described in
+this chapter is to be considered as a separate module. Kong will detect and
+load your plugin's modules if their names follow this convention:
+
+```
+"kong.plugins.<plugin_name>.<module_name>"
+```
+
+> Your modules of course need to be accessible through your
+> [package.path](http://www.lua.org/manual/5.1/manual.html#pdf-package.path)
+> variable, which can be tweaked to your needs by the
+> [lua-package-path](https://github.com/openresty/lua-nginx-module#lua_package_path)
+> directive in your Nginx configuration. However, the preferred way of
+> installing plugins is through [Luarocks](https://luarocks.org/). More on that
+> later in this guide.
+
+To make Kong aware that it has to look for your plugin's modules, you'll have
+to add it to the `custom_plugins` property in your configuration file, which
+is a comma-separated list. For example:
+
+```yaml
+custom_plugins = my-custom-plugin # your plugin name here
+```
+
+Now, Kong will try to load the modules described in this chapter. Some of them
+are mandatory, but the ones that are not will be ignored and Kong will consider
+you do not make use of it. For example, Kong will load
+`"kong.plugins.my-custom-plugin.handler"` to retrieve and execute your plugin's
+logic.
+
+Now let's describe what are the modules you can implement and what their
+purpose is.
+
+---
+
+## Basic plugin modules
+
+In its purest form, a plugin consists of two mandatory modules:
+
+```
+simple-plugin
+├── handler.lua
+└── schema.lua
+```
+
+- [handler.lua]: the core of your plugin. It is an interface to implement, in
+  which each function will be run at the desired moment in the lifecycle of a
+  request.
+- [schema.lua]: your plugin probably has to retain some configuration entered
+  by the user. This module holds the *schema* of that configuration and defines
+  rules on it, so that the user can only enter valid configuration values.
+
+---
+
+## Advanced plugin modules
+
+Some plugins might have to integrate deeper with Kong: have their own table in
+the database, expose endpoints in the Admin API, etc... Each of those can be
+done by adding a new module to your plugin. Here is what the structure of a
+plugin would look like if it was implementing all of the optional modules:
+
+```
+complete-plugin
+├── api.lua
+├── daos.lua
+├── handler.lua
+├── migrations
+│   ├── cassandra.lua
+│   └── postgres.lua
+└── schema.lua
+```
+
+Here is the complete list of possible modules to implement and a brief
+description of what their purpose is. This guide will go in details to let you
+master each one of them.
+
+| Module name        | Required   | Description
+|:-------------------|------------|----------
+| [api.lua]          | No         | Defines a list of endpoints to be available in the Admin API to interact with entities custom entities handled by your plugin.
+| [daos.lua]         | No         | Defines a list of DAOs (Database Access Objects) that are abstractions of custom entities needed by your plugin and stored in the datastore.
+| [handler.lua]      | Yes        | An interface to implement. Each function is to be run by Kong at the desired moment in the lifecycle of a request.
+| [migrations/*.lua] | No         | The corresponding migrations for a given datastore. Migrations are only necessary when your plugin has to store custom entities in the database and interact with them through one of the DAOs defined by [daos.lua].
+| [schema.lua]       | Yes        | Holds the schema of your plugin's configuration, so that the user can only enter valid configuration values.
+
+---
+
+Next: [Write custom logic &rsaquo;]({{page.book.next}})
+
+[api.lua]: {{page.book.chapters.admin-api}}
+[daos.lua]: {{page.book.chapters.custom-entities}}
+[handler.lua]: {{page.book.chapters.custom-logic}}
+[schema.lua]: {{page.book.chapters.plugin-configuration}}
+[migrations/*.lua]: {{page.book.chapters.custom-entities}}
diff --git a/app/enterprise/0.34-x/plugin-development/index.md b/app/enterprise/0.34-x/plugin-development/index.md
new file mode 100644
index 000000000000..6ca7ab133a6e
--- /dev/null
+++ b/app/enterprise/0.34-x/plugin-development/index.md
@@ -0,0 +1,28 @@
+---
+title: Plugin Development - Introduction
+book: plugin_dev
+chapter: 1
+---
+
+## What are plugins and how do they integrate with Kong?
+
+Before going further, it is necessary to briefly explain how Kong is built, especially how it integrates with Nginx and what Lua has to do with it.
+
+[lua-nginx-module] enables Lua scripting capabilities in Nginx. Instead of compiling Nginx with this module, Kong is distributed along with [OpenResty](https://openresty.org/), which already includes lua-nginx-module. OpenResty is *not* a fork of Nginx, but a bundle of modules extending its capabilities.
+
+Hence, Kong is a Lua application designed to load and execute Lua modules (which we more commonly refer to as "*plugins*") and provides an entire development environment for them, including database abstraction, migrations, helpers and more...
+
+Your plugin will consist of Lua modules which will be loaded and executed by Kong, and it will benefit from two APIs:
+
+- [lua-nginx-module API][lua-nginx-module]: allows interaction with Nginx itself, such as, for example, retrieving the request/response, or accessing Nginx's shared memory zone.
+- **Kong's plugin environment**: allows interaction with the datastore holding your configurations (APIs, Consumers, Plugins...) and various helpers allowing the interaction of plugins between each other. This is the environment that will be described by this guide.
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> This guide assumes that you are familiar with <a href="http://www.lua.org/">Lua</a> and the <a href="https://github.com/openresty/lua-nginx-module">lua-nginx-module API</a> and will only describe Kong's plugin environment.
+</div>
+
+---
+
+Next: [File structure of a plugin &rsaquo;]({{page.book.next}})
+
+[lua-nginx-module]: https://github.com/openresty/lua-nginx-module
diff --git a/app/enterprise/0.34-x/plugin-development/plugin-configuration.md b/app/enterprise/0.34-x/plugin-development/plugin-configuration.md
new file mode 100644
index 000000000000..d11a8964264c
--- /dev/null
+++ b/app/enterprise/0.34-x/plugin-development/plugin-configuration.md
@@ -0,0 +1,212 @@
+---
+title: Plugin Development - Store Configuration
+book: plugin_dev
+chapter: 4
+---
+
+## Module
+
+```
+"kong.plugins.<plugin_name>.schema"
+```
+
+---
+
+Most of the time, it makes sense for your plugin to be configurable to answer all of your user's needs. Your plugin's configuration is stored in the datastore for Kong to retrieve it and pass it to your [handler.lua]({{page.book.chapters.custom-logic}}) methods when the plugin is being executed.
+
+The configuration consists of a Lua table in Kong that we call a **schema**. It contains key/value properties that the user will set when enabling the plugin through the [Admin API]. Kong provides you with a way of validating the user's configuration for your plugin.
+
+Your plugin's configuration is being verified against your schema when a user issues a request to the [Admin API] to enable or update a plugin on a given Service, Route and/or Consumer.
+
+For example, a user performs the following request:
+
+```bash
+$ curl -X POST http://kong:8001/services/<service-name-or-id>/plugins/ \
+    -d "name=my-custom-plugin" \
+    -d "config.foo=bar"
+```
+
+If all properties of the `config` object are valid according to your schema, then the API would return `201 Created` and the plugin would be stored in the database along with its configuration (`{foo = "bar"}` in this case). If the configuration is not valid, the Admin API would return `400 Bad Request` and the appropriate error messages.
+
+---
+
+## schema.lua specifications
+
+This module is to return a Lua table with properties that will define how your plugins can later be configured by users. Available properties are:
+
+| Property name                 | Lua type    | Default          | Description
+|-------------------------------|-------------|------------------|-------------
+| `no_consumer`                 | Boolean     | `false`          | If true, it will not be possible to apply this plugin to a specific Consumer. This plugin must be applied to Services and Routes only. For example: authentication plugins.
+| `fields`                      | Table       | `{}`             | Your plugin's **schema**. A key/value table of available properties and their rules.
+| `self_check`                  | Function    | `nil`            | A function to implement if you want to perform any custom validation before accepting the plugin's configuration.
+
+The `self_check` function must be implemented as follows:
+
+```lua
+-- @param `schema` A table describing the schema (rules) of your plugin configuration.
+-- @param `config` A key/value table of the current plugin's configuration.
+-- @param `dao` An instance of the DAO (see DAO chapter).
+-- @param `is_updating` A boolean indicating whether or not this check is performed in the context of an update.
+-- @return `valid` A boolean indicating if the plugin's configuration is valid or not.
+-- @return `error` A DAO error (see DAO chapter)
+```
+
+Here is an example of a potential `schema.lua` file:
+
+```lua
+return {
+  no_consumer = true, -- this plugin will only be applied to Services or Routes,
+  fields = {
+    -- Describe your plugin's configuration's schema here.
+  },
+  self_check = function(schema, plugin_t, dao, is_updating)
+    -- perform any custom verification
+    return true
+  end
+}
+```
+
+## Describing your configuration schema
+
+The `fields` property of your `schema.lua` file described the schema of your plugin's configuration. It is a flexible key/value table where each key will be a valid configuration property for your plugin, and each value a table describing the rules for that property. For example:
+
+```lua
+  fields = {
+    some_string = {type = "string", required = true},
+    some_boolean = {type = "boolean", default = false},
+    some_array = {type = "array", enum = {"GET", "POST", "PUT", "DELETE"}}
+  }
+```
+
+Here is the list of accepted rules for a property:
+
+| Rule          | Lua type(s)              | Accepted values                                 | Description
+|---------------|--------------------------|-------------------------------------------------|----------------------------
+| `type`        | string                   | "id", "number", "boolean", "string", "table", "array", "url", "timestamp" | Validates the type of a property.
+| `required`    | boolean                  |                                                 | **Default**: false. If true, the property must be present in the configuration.
+| `unique`      | boolean                  |                                                 | **Default**: false. If true, the value must be unique (see remark below).
+| `default`     | any                      |                                                 | If the property is not specified in the configuration, will set the property to the given value.
+| `immutable`   | boolean                  |                                                 | **Default**: false. If true, the property will not be allowed to be updated once the plugin configuration has been created.
+| `enum`        | table                    | Integer indexed table                           | A list of accepted values for a property. Any value not included in this list will not be accepted.
+| `regex`       | string                   | A valid PCRE regular expression                 | A regex against which to validate the property's value.
+| `schema`      | table                    | A nested schema definition                      | If the property's `type` is table, defines a schema against which to validate those sub-properties.
+| `func`        | function                 |                                                 | A function to perform any custom validation on a property. See later examples for its parameters and return values.
+
+> - **type**: will cast the value retrieved from the request parameters. If the type is not one of the native Lua types, custom verification is performed against it:
+>   - id: must be a string
+>   - timestamp: must be a number
+>   - url: must be a valid URL
+>   - array: must be an integer-indexed table (equivalent of arrays in Lua). In the Admin API, such an array can either be sent by having several times the property's key with different values in the request's body, or comma-delimited through a single body parameter.
+> - **unique**: This property does not make sense for a plugin configuration, but is used when a plugin needs to store custom entities in the datastore.
+> - **schema**: if you need to perform deepened validation of nested properties, this field allows you to create a nested schema. Schema verification is **recursive**. Any level of nesting is valid, but bear in mind that this will affect the usability of your plugin.
+> - **Any property attached to a configuration object but not present in your schema will also invalidate the said configuration.**
+
+---
+
+### Examples:
+
+This `schema.lua` file for the [key-auth](/plugins/key-authentication/) plugin defines a default list of accepted parameter names for an API key, and a boolean whose default is set to `false`:
+
+```lua
+-- schema.lua
+return {
+  no_consumer = true,
+  fields = {
+    key_names = {type = "array", required = true, default = {"apikey"}},
+    hide_credentials = {type = "boolean", default = false}
+  }
+}
+```
+
+Hence, when implementing the `access()` function of your plugin in [handler.lua]({{page.book.chapters.custom-logic}}) and given that the user enabled the plugin with the default values, you'd have access to:
+
+```lua
+-- handler.lua
+local BasePlugin = require "kong.plugins.base_plugin"
+local CustomHandler = BasePlugin:extend()
+
+function CustomHandler:new()
+  CustomHandler.super.new(self, "my-custom-plugin")
+end
+
+function CustomHandler:access(config)
+  CustomHandler.super.access(self)
+
+  print(config.key_names) -- {"apikey"}
+  print(config.hide_credentials) -- false
+end
+
+return CustomHandler
+```
+
+---
+
+A more complex example, which could be used for an eventual logging plugin:
+
+```lua
+-- schema.lua
+
+local function server_port(given_value, given_config)
+  -- Custom validation
+  if given_value > 65534 then
+    return false, "port value too high"
+  end
+
+  -- If environment is "development", 8080 will be the default port
+  if given_config.environment == "development" then
+    return true, nil, {port = 8080}
+  end
+end
+
+return {
+  fields = {
+    environment = {type = "string", required = true, enum = {"production", "development"}}
+    server = {
+      type = "table",
+      schema = {
+        fields = {
+          host = {type = "url", default = "http://example.com"},
+          port = {type = "number", func = server_port, default = 80}
+        }
+      }
+    }
+  }
+}
+```
+
+Such a configuration will allow a user to post the configuration to your plugin as follows:
+
+```bash
+$ curl -X POST http://kong:8001/services/<service-name-or-id>/plugins \
+    -d "name=my-custom-plugin" \
+    -d "config.environment=development" \
+    -d "config.server.host=http://localhost"
+```
+
+And the following will be available in [handler.lua]({{page.book.chapters.custom-logic}}):
+
+```lua
+-- handler.lua
+local BasePlugin = require "kong.plugins.base_plugin"
+local CustomHandler = BasePlugin:extend()
+
+function CustomHandler:new()
+  CustomHandler.super.new(self, "my-custom-plugin")
+end
+
+function CustomHandler:access(config)
+  CustomHandler.super.access(self)
+
+  print(config.environment) -- "development"
+  print(config.server.host) -- "http://localhost"
+  print(config.server.port) -- 8080
+end
+
+return CustomHandler
+```
+
+---
+
+Next: [Store custom entities &rsaquo;]({{page.book.next}})
+
+[Admin API]: /enterprise/{{page.kong_version}}/admin-api
diff --git a/app/enterprise/0.34-x/plugin-development/tests.md b/app/enterprise/0.34-x/plugin-development/tests.md
new file mode 100644
index 000000000000..108b5074fd77
--- /dev/null
+++ b/app/enterprise/0.34-x/plugin-development/tests.md
@@ -0,0 +1,96 @@
+---
+title: Plugin Development - Writing tests
+book: plugin_dev
+chapter: 9
+---
+
+## Introduction
+
+---
+
+If you are serious about your plugins, you probably want to write tests for it. Unit testing Lua is easy, and [many testing frameworks](http://lua-users.org/wiki/UnitTesting) are available. However, you might also want to write integration tests. Again, Kong has your back.
+
+---
+
+## Write integration tests
+
+The preferred testing framework for Kong is [busted](http://olivinelabs.com/busted/) running with the [resty-cli](https://github.com/openresty/resty-cli) interpreter, though you are free to use another one if you wish. In the Kong repository, the busted executable can be found at `bin/busted`.
+
+Kong provides you with a helper to start and stop it from Lua in your test suite: `spec.helpers`. This helper also provides you with ways to insert fixtures in your datastore before running your tests, as well as dropping it, and various other helpers.
+
+If you are writing your plugin in your own repository, you will need to copy the following files until the Kong testing framework is released:
+
+- `bin/busted`: the busted executable running with the resty-cli interpreter
+- `spec/helpers.lua`: helper functions to start/stop Kong from busted
+- `spec/kong_tests.conf`: a configuration file for your running your test Kong instances with the helpers module
+
+Assuming that the `spec.helpers` module is available in your `LUA_PATH`, you can use the following Lua code in busted to start and stop Kong:
+
+```lua
+local helpers = require "spec.helpers"
+
+for _, strategy in helpers.each_strategy() do
+  describe("my plugin", function()
+
+    local bp = helpers.get_db_utils(strategy)
+
+    setup(function()
+      local service = bp.services:insert {
+        name = "test-service",
+        host = "httpbin.org"
+      }
+
+      bp.routes:insert({
+        hosts = { "test.com" },
+        service = { id = service.id }
+      })
+
+      -- start Kong with your testing Kong configuration (defined in "spec.helpers")
+      assert(helpers.start_kong( { custom_plugins = "my-plugin" }))
+
+      admin_client = helpers.admin_client()
+    end)
+
+    teardown(function()
+      if admin_client then
+        admin_client:close()
+      end
+
+      helpers.stop_kong()
+    end)
+
+    before_each(function()
+      proxy_client = helpers.proxy_client()
+    end)
+
+    after_each(function()
+      if proxy_client then
+        proxy_client:close()
+      end
+    end)
+
+    describe("thing", function()
+      it("should do thing", function()
+        -- send requests through Kong
+        local res = proxy_client:get("/get", {
+          headers = {
+            ["Host"] = "test.com"
+          }
+        })
+
+        local body = assert.res_status(200, res)
+
+        -- body is a string containing the response
+      end)
+    end)
+  end)
+end
+```
+
+> Reminder: With the test Kong configuration file, Kong is running with
+its proxy listening on port 9000 (HTTP), 9443 (HTTPS)
+and Admin API on port 9001.
+
+---
+
+Next: [Distribute your plugin &rsaquo;]({{page.book.next}})
diff --git a/app/enterprise/0.34-x/property-reference.md b/app/enterprise/0.34-x/property-reference.md
index 4bb1716e0206..b0894cdcce21 100644
--- a/app/enterprise/0.34-x/property-reference.md
+++ b/app/enterprise/0.34-x/property-reference.md
@@ -5,6 +5,7 @@ toc: false
 
 ## Table of Contents
 
+* [Configuration Loading](#configuration-loading)
 * [General](#general)
 * [NGINX](#nginx)
 * [Datastore](#datastore)
@@ -20,8 +21,276 @@ toc: false
 * [General SMTP Configuration](#general-smtp-configuration)
 * [Data & Admin Audit](#data-&-admin-audit)
 
-## General
+## Configuration loading
+
+Kong comes with a default configuration file that can be found at
+`/etc/kong/kong.conf.default` if you installed Kong via one of the official
+packages. To start configuring Kong, you can copy this file:
+
+```bash
+$ cp /etc/kong/kong.conf.default /etc/kong/kong.conf
+```
+
+Kong will operate with default settings should all the values in your
+configuration be commented-out. Upon starting, Kong looks for several
+default locations that might contain a configuration file:
+
+```
+/etc/kong/kong.conf
+/etc/kong.conf
+```
+
+You can override this behavior by specifying a custom path for your
+configuration file using the `-c / --conf` argument in the CLI:
+
+```bash
+$ kong start --conf /path/to/kong.conf
+```
+
+The configuration format is straightforward: simply uncomment any property
+(comments are defined by the `#` character) and modify it to your needs.
+Booleans values can be specified as `on/off` or `true`/`false` for convenience.
+
+
+
+## Verifying your configuration
+
+You can verify the integrity of your settings with the `check` command:
+
+```bash
+$ kong check <path/to/kong.conf>
+configuration at <path/to/kong.conf> is valid
+```
+
+This command will take into account the environment variables you have
+currently set, and will error out in case your settings are invalid.
+
+Additionally, you can also use the CLI in debug mode to have more insight
+as to what properties Kong is being started with:
+
+```bash
+$ kong start -c <kong.conf> --vv
+2016/08/11 14:53:36 [verbose] no config file found at /etc/kong.conf
+2016/08/11 14:53:36 [verbose] no config file found at /etc/kong/kong.conf
+2016/08/11 14:53:36 [debug] admin_listen = "0.0.0.0:8001"
+2016/08/11 14:53:36 [debug] database = "postgres"
+2016/08/11 14:53:36 [debug] log_level = "notice"
+[...]
+```
+
+
+
+## Environment variables
+
+When loading properties out of a configuration file, Kong will also look for
+environment variables of the same name. This allows you to fully configure Kong
+via environment variables, which is very convenient for container-based
+infrastructures, for example.
+
+All environment variables prefixed with `KONG_`, capitalized and bearing the
+same name as a setting will override it.
+
+Example:
+
+```
+log_level = debug # in kong.conf
+```
+
+Can be overridden with:
+
+```bash
+$ export KONG_LOG_LEVEL=error
+```
+
+
+
+## Custom Nginx configuration & embedding Kong
+
+Tweaking the Nginx configuration is an essential part of setting up your Kong
+instances since it allows you to optimize its performance for your
+infrastructure, or embed Kong in an already running OpenResty instance.
+
+### Custom Nginx configuration
+
+Kong can be started, reloaded and restarted with an `--nginx-conf` argument,
+which must specify an Nginx configuration template. Such a template uses the
+[Penlight][Penlight] [templating engine][pl.template], which is compiled using
+the given Kong configuration, before being dumped in your Kong prefix
+directory, moments before starting Nginx.
+
+The default template can be found at:
+https://github.com/Kong/kong/tree/master/kong/templates. It is split in two
+Nginx configuration files: `nginx.lua` and `nginx_kong.lua`. The former is
+minimalistic and includes the latter, which contains everything Kong requires
+to run. When `kong start` runs, right before starting Nginx, it copies these
+two files into the prefix directory, which looks like so:
 
+```
+/usr/local/kong
+├── nginx-kong.conf
+├── nginx.conf
+```
+
+If you wish to include other `server` blocks in your Nginx configuration, or if
+you must tweak global settings that are not exposed by the Kong configuration,
+here is a suggestion:
+
+```
+# ---------------------
+# custom_nginx.template
+# ---------------------
+
+worker_processes ${{ "{{NGINX_WORKER_PROCESSES" }}}}; # can be set by kong.conf
+daemon ${{ "{{NGINX_DAEMON" }}}};                     # can be set by kong.conf
+
+pid pids/nginx.pid;                      # this setting is mandatory
+error_log logs/error.log ${{ "{{LOG_LEVEL" }}}}; # can be set by kong.conf
+
+events {
+    use epoll; # custom setting
+    multi_accept on;
+}
+
+http {
+    # include default Kong Nginx config
+    include 'nginx-kong.conf';
+
+    # custom server
+    server {
+        listen 8888;
+        server_name custom_server;
+
+        location / {
+          ... # etc
+        }
+    }
+}
+```
+
+You can then start Kong with:
+
+```bash
+$ kong start -c kong.conf --nginx-conf custom_nginx.template
+```
+
+If you wish to customize the Kong Nginx sub-configuration file to, eventually,
+add other Lua handlers or customize the `lua_*` directives, you can inline the
+`nginx_kong.lua` configuration in this `custom_nginx.template` example file:
+
+```
+# ---------------------
+# custom_nginx.template
+# ---------------------
+
+worker_processes ${{ "{{NGINX_WORKER_PROCESSES" }}}}; # can be set by kong.conf
+daemon ${{ "{{NGINX_DAEMON" }}}};                     # can be set by kong.conf
+
+pid pids/nginx.pid;                      # this setting is mandatory
+error_log logs/error.log ${{ "{{LOG_LEVEL" }}}}; # can be set by kong.conf
+
+events {}
+
+http {
+  resolver ${{ "{{DNS_RESOLVER" }}}} ipv6=off;
+  charset UTF-8;
+  error_log logs/error.log ${{ "{{LOG_LEVEL" }}}};
+  access_log logs/access.log;
+
+  ... # etc
+}
+```
+
+
+
+### Embedding Kong in OpenResty
+
+If you are running your own OpenResty servers, you can also easily embed Kong
+by including the Kong Nginx sub-configuration using the `include` directive
+(similar to the examples of the previous section). If you have a valid
+top-level NGINX configuration that simply includes the Kong-specific
+configuration:
+
+```
+# my_nginx.conf
+
+http {
+    include 'nginx-kong.conf';
+}
+```
+
+you can start your instance like so:
+
+```bash
+$ nginx -p /usr/local/openresty -c my_nginx.conf
+```
+
+And Kong will be running in that instance (as configured in `nginx-kong.conf`).
+
+
+
+### Serving both a website and your APIs from Kong
+
+A common use case for API providers is to make Kong serve both a website
+and the APIs themselves over the Proxy port &mdash; `80` or `443` in
+production. For example, `https://my-api.com` (Website) and
+`https://my-api.com/api/v1` (API).
+
+To achieve this, we cannot simply declare a new virtual server block,
+like we did in the previous section. A good solution is to use a custom
+Nginx configuration template which inlines `nginx_kong.lua` and adds a new
+`location` block serving the website alongside the Kong Proxy `location`
+block:
+
+```
+# ---------------------
+# custom_nginx.template
+# ---------------------
+
+worker_processes ${{ "{{NGINX_WORKER_PROCESSES" }}}}; # can be set by kong.conf
+daemon ${{ "{{NGINX_DAEMON" }}}};                     # can be set by kong.conf
+
+pid pids/nginx.pid;                      # this setting is mandatory
+error_log logs/error.log ${{ "{{LOG_LEVEL" }}}}; # can be set by kong.conf
+events {}
+
+http {
+  # here, we inline the contents of nginx_kong.lua
+  charset UTF-8;
+
+  # any contents until Kong's Proxy server block
+  ...
+
+  # Kong's Proxy server block
+  server {
+    server_name kong;
+
+    # any contents until the location / block
+    ...
+
+    # here, we declare our custom location serving our website
+    # (or API portal) which we can optimize for serving static assets
+    location / {
+      root /var/www/my-api.com;
+      index index.htm index.html;
+      ...
+    }
+
+    # Kong's Proxy location / has been changed to /api/v1
+    location /api/v1 {
+      set $upstream_host nil;
+      set $upstream_scheme nil;
+      set $upstream_uri nil;
+
+      # Any remaining configuration for the Proxy location
+      ...
+    }
+  }
+
+  # Kong's Admin server block goes below
+}
+```
+
+## General
 
 ### prefix
 
diff --git a/app/enterprise/0.34-x/proxy.md b/app/enterprise/0.34-x/proxy.md
new file mode 100644
index 000000000000..2da9f03fe42b
--- /dev/null
+++ b/app/enterprise/0.34-x/proxy.md
@@ -0,0 +1,1075 @@
+---
+title: Proxy Reference
+---
+
+## Introduction
+
+In this document we will cover Kong's **proxying capabilities**  by explaining
+its routing capabilities and internal workings in details.
+
+Kong exposes several interfaces which can be tweaked by two configuration
+properties:
+
+- `proxy_listen`, which defines a list of addresses/ports on which Kong will
+  accept **public traffic** from clients and proxy it to your upstream services
+  (`8000` by default).
+- `admin_listen`, which also defines a list of addresses and ports, but those
+  should be restricted to only be accessed by administrators, as they expose
+  Kong's configuration capabilities: the **Admin API** (`8001` by default).
+
+<div class="alert alert-warning">
+<p><strong>Note:</strong> Starting with CE 0.13.0 and EE 0.32.0, the API entity was
+deprecated. This document will cover proxying with the new Routes and
+Services entities.</p>
+<p>See an older version of this document if you are using 0.12 or
+below.</p>
+</div>
+
+## Terminology
+
+- `client`: Refers to the *downstream* client making requests to Kong's
+  proxy port.
+- `upstream service`: Refers to your own API/service sitting behind Kong, to
+  which client requests are forwarded.
+- `Service`: Service entities, as the name implies, are abstractions of each of
+  your own upstream services. Examples of Services would be a data
+  transformation microservice, a billing API, etc.
+- `Route`: This refers to the Kong Routes entity. Routes are entrypoints into
+  Kong, and defining rules for a request to be matched, and routed to a given
+  Service.
+- `Plugin`: This refers to Kong "plugins", which are pieces of business logic
+  that run in the proxying lifecycle. Plugins can be configured through the
+  Admin API - either globally (all incoming traffic) or on specific Routes
+  and Services.
+
+[Back to TOC](#table-of-contents)
+
+## Overview
+
+From a high-level perspective, Kong listens for HTTP traffic on its configured
+proxy port(s) (`8000` and `8443` by default). Kong will evaluate any incoming
+HTTP request against the Routes you have configured and try to find a matching
+one. If a given request matches the rules of a specific Route, Kong will
+process proxying the request. Because each Route is linked to a Service, Kong
+will run the plugins you have configured on your Route and its associated
+Service, and then proxy the request upstream.
+
+You can manage Routes via Kong's Admin API. The `hosts`, `paths`, and `methods`
+attributes of Routes define rules for matching incoming HTTP requests.
+
+If Kong receives a request that it cannot match against any of the configured
+Routes (or if no Routes are configured), it will respond with:
+
+```http
+HTTP/1.1 404 Not Found
+Content-Type: application/json
+Server: kong/<x.x.x>
+
+{
+    "message": "no route and no API found with those values"
+}
+```
+
+**Note**: this message mentions "APIs" since for backwards-compatibility
+reasons, Kong 0.13 still supports the API entity (and tries to match a request
+against any configured API if no Route was matched first).
+
+[Back to TOC](#table-of-contents)
+
+## Reminder: How to configure a Service
+
+The [Configuring a Service][configuring-a-service] quickstart guide explains
+how Kong is configured via the [Admin API][API].
+
+Adding a Service to Kong is done by sending an HTTP request to the Admin API:
+
+```bash
+$ curl -i -X POST http://localhost:8001/services/ \
+    -d 'name=foo-service' \
+    -d 'url=http://foo-service.com'
+HTTP/1.1 201 Created
+...
+
+{
+    "connect_timeout": 60000,
+    "created_at": 1515537771,
+    "host": "foo-service.com",
+    "id": "d54da06c-d69f-4910-8896-915c63c270cd",
+    "name": "foo-service",
+    "path": "/",
+    "port": 80,
+    "protocol": "http",
+    "read_timeout": 60000,
+    "retries": 5,
+    "updated_at": 1515537771,
+    "write_timeout": 60000
+}
+```
+
+This request instructs Kong to register a Service named "foo-service", which
+points to `http://foo-service.com` (your upstream).
+
+**Note:** the `url` argument is a shorthand argument to populate the
+`protocol`, `host`, `port`, and `path` attributes at once.
+
+Now, in order to send traffic to this Service through Kong, we need to specify
+a Route, which acts as an entrypoint to Kong:
+
+```bash
+$ curl -i -X POST http://localhost:8001/routes/ \
+    -d 'hosts[]=example.com' \
+    -d 'paths[]=/foo' \
+    -d 'service.id=d54da06c-d69f-4910-8896-915c63c270cd'
+HTTP/1.1 201 Created
+...
+
+{
+    "created_at": 1515539858,
+    "hosts": [
+        "example.com"
+    ],
+    "id": "ee794195-6783-4056-a5cc-a7e0fde88c81",
+    "methods": null,
+    "paths": [
+        "/foo"
+    ],
+    "preserve_host": false,
+    "priority": 0,
+    "protocols": [
+        "http",
+        "https"
+    ],
+    "service": {
+        "id": "d54da06c-d69f-4910-8896-915c63c270cd"
+    },
+    "strip_path": true,
+    "updated_at": 1515539858
+}
+```
+
+We have now configured a Route to match incoming requests matching the given
+`hosts` and `paths`, and forward them to the `foo-service` we configured, thus
+proxying this traffic to `http://foo-service.com`.
+
+Kong is a transparent proxy, and it will by default forward the request to your
+upstream service untouched, with the exception of various headers such as
+`Connection`, `Date`, and others as required by the HTTP specifications.
+
+[Back to TOC](#table-of-contents)
+
+## Routes and matching capabilities
+
+Let's now discuss how Kong matches a request against the configured `hosts`,
+`paths` and `methods` properties (or fields) of a Route. Note that all three of
+these fields are **optional**, but at least **one of them** must be specified.
+
+For a request to match a Route:
+
+- The request **must** include **all** of the configured fields
+- The values of the fields in the request **must** match at least one of the
+  configured values (While the field configurations accepts one or more values,
+  a request needs only one of the values to be considered a match)
+
+Let's go through a few examples. Consider a Route configured like this:
+
+```json
+{
+    "hosts": ["example.com", "foo-service.com"],
+    "paths": ["/foo", "/bar"],
+    "methods": ["GET"]
+}
+```
+
+Some of the possible requests matching this Route would look like:
+
+```http
+GET /foo HTTP/1.1
+Host: example.com
+```
+
+```http
+GET /bar HTTP/1.1
+Host: foo-service.com
+```
+
+```http
+GET /foo/hello/world HTTP/1.1
+Host: example.com
+```
+
+All three of these requests satisfy all the conditions set in the Route
+definition.
+
+However, the following requests would **not** match the configured conditions:
+
+```http
+GET / HTTP/1.1
+Host: example.com
+```
+
+```http
+POST /foo HTTP/1.1
+Host: example.com
+```
+
+```http
+GET /foo HTTP/1.1
+Host: foo.com
+```
+
+All three of these requests satisfy only two of configured conditions. The
+first request's path is not a match for any of the configured `paths`, same for
+the second request's HTTP method, and the third request's Host header.
+
+Now that we understand how the `hosts`, `paths`, and `methods` properties work
+together, let's explore each property individually.
+
+[Back to TOC](#table-of-contents)
+
+### Request Host header
+
+Routing a request based on its Host header is the most straightforward way to
+proxy traffic through Kong, especially since this is the intended usage of the
+HTTP Host header. Kong makes it easy to do via the `hosts` field of the Route
+entity.
+
+`hosts` accepts multiple values, which must be comma-separated when specifying
+them via the Admin API:
+
+`hosts` accepts multiple values, which is straightforward to represent in a
+JSON payload:
+
+```bash
+$ curl -i -X POST http://localhost:8001/routes/ \
+    -H 'Content-Type: application/json' \
+    -d '{"hosts":["example.com", "foo-service.com"]}'
+HTTP/1.1 201 Created
+...
+```
+
+But since the Admin API also supports form-urlencoded content types, you
+can specify an array via the `[]` notation:
+
+```bash
+$ curl -i -X POST http://localhost:8001/routes/ \
+    -d 'hosts[]=example.com' \
+    -d 'hosts[]=foo-service.com'
+HTTP/1.1 201 Created
+...
+```
+
+To satisfy the `hosts` condition of this Route, any incoming request from a
+client must now have its Host header set to one of:
+
+```
+Host: example.com
+```
+
+or:
+
+```
+Host: foo-service.com
+```
+
+[Back to TOC](#table-of-contents)
+
+#### Using wildcard hostnames
+
+To provide flexibility, Kong allows you to specify hostnames with wildcards in
+the `hosts` field. Wildcard hostnames allow any matching Host header to satisfy
+the condition, and thus match a given Route.
+
+Wildcard hostnames **must** contain **only one** asterisk at the leftmost
+**or** rightmost label of the domain. Examples:
+
+- `*.example.com` would allow Host values such as `a.example.com` and
+  `x.y.example.com` to match.
+- `example.*` would allow Host values such as `example.com` and `example.org`
+  to match.
+
+A complete example would look like this:
+
+```json
+{
+    "hosts": ["*.example.com", "service.com"]
+}
+```
+
+Which would allow the following requests to match this Route:
+
+```http
+GET / HTTP/1.1
+Host: an.example.com
+```
+
+```http
+GET / HTTP/1.1
+Host: service.com
+```
+
+[Back to TOC](#table-of-contents)
+
+#### The `preserve_host` property
+
+When proxying, Kong's default behavior is to set the upstream request's Host
+header to the hostname specified in the Service's `host`. The
+`preserve_host` field accepts a boolean flag instructing Kong not to do so.
+
+For example, when the `preserve_host` property is not changed and a Route is
+configured like so:
+
+```json
+{
+    "hosts": ["service.com"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+A possible request from a client to Kong could be:
+
+```http
+GET / HTTP/1.1
+Host: service.com
+```
+
+Kong would extract the Host header value from the Service's `host` property, ,
+and would send the following upstream request:
+
+```http
+GET / HTTP/1.1
+Host: <my-service-host.com>
+```
+
+However, by explicitly configuring a Route with `preserve_host=true`:
+
+```json
+{
+    "hosts": ["service.com"],
+    "preserve_host": true,
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+And assuming the same request from the client:
+
+```http
+GET / HTTP/1.1
+Host: service.com
+```
+
+Kong would preserve the Host on the client request and would send the following
+upstream request instead:
+
+```http
+GET / HTTP/1.1
+Host: service.com
+```
+
+[Back to TOC](#table-of-contents)
+
+### Request path
+
+Another way for a Route to be matched is via request paths. To satisfy this
+routing condition, a client request's path **must** be prefixed with one of the
+values of the `paths` attribute.
+
+For example, with a Route configured like so:
+
+```json
+{
+    "paths": ["/service", "/hello/world"]
+}
+```
+
+The following requests would be matched:
+
+```http
+GET /service HTTP/1.1
+Host: example.com
+```
+
+```http
+GET /service/resource?param=value HTTP/1.1
+Host: example.com
+```
+
+```http
+GET /hello/world/resource HTTP/1.1
+Host: anything.com
+```
+
+For each of these requests, Kong detects that their URL path is prefixed with
+one of the Routes's `paths` values. By default, Kong would then proxy the
+request upstream without changing the URL path.
+
+When proxying with path prefixes, **the longest paths get evaluated first**.
+This allow you to define two Routes with two paths: `/service` and
+`/service/resource`, and ensure that the former does not "shadow" the latter.
+
+[Back to TOC](#table-of-contents)
+
+#### Using regexes in paths
+
+Kong supports regular expression pattern matching for an Route's `paths` field
+via [PCRE](http://pcre.org/) (Perl Compatible Regular Expression). You can
+assign paths as both prefixes and regexes to a Route at the same time.
+
+For example, if we consider the following Route:
+
+```json
+{
+    "paths": ["/users/\d+/profile", "/following"]
+}
+```
+
+The following requests would be matched by this Route:
+
+```http
+GET /following HTTP/1.1
+Host: ...
+```
+
+```http
+GET /users/123/profile HTTP/1.1
+Host: ...
+```
+
+The provided regexes are evaluated with the `a` PCRE flag (`PCRE_ANCHORED`),
+meaning that they will be constrained to match at the first matching point
+in the path (the root `/` character).
+
+[Back to TOC](#table-of-contents)
+
+##### Evaluation order
+
+As previously mentioned, Kong evaluates prefix paths by length: the longest
+prefix paths are evaluated first. However, Kong will evaluate regex paths based
+on the `regex_priority` attribute of Routes. This means that considering
+the following Routes:
+
+```json
+[
+    {
+        "paths": ["/status/\d+"],
+        "regex_priority": 0
+    },
+    {
+        "paths": ["/version/\d+/status/\d+"],
+        "regex_priority": 6
+    },
+    {
+        "paths": ["/version"],
+        "regex_priority": 3
+    },
+]
+```
+
+In this scenario, Kong will evaluate incoming requests against the following
+defined URIs, in this order:
+
+1. `/version`
+2. `/version/\d+/status/\d+`
+3. `/status/\d+`
+
+Prefix paths are always evaluated first.
+
+As usual, a request must still match a Route's `hosts` and `methods` properties
+as well, and Kong will traverse your Routes until it finds one that matches
+the most rules (see [Routing priorities][proxy-routing-priorities]).
+
+[Back to TOC](#table-of-contents)
+
+##### Capturing groups
+
+Capturing groups are also supported, and the matched group will be extracted
+from the path and available for plugins consumption. If we consider the
+following regex:
+
+```
+/version/(?<version>\d+)/users/(?<user>\S+)
+```
+
+And the following request path:
+
+```
+/version/1/users/john
+```
+
+Kong will consider the request path a match, and if the overall Route is
+matched (considering the `hosts` and `methods` fields), the extracted capturing
+groups will be available from the plugins in the `ngx.ctx` variable:
+
+```lua
+local router_matches = ngx.ctx.router_matches
+
+-- router_matches.uri_captures is:
+-- { "1", "john", version = "1", user = "john" }
+```
+
+[Back to TOC](#table-of-contents)
+
+##### Escaping special characters
+
+Next, it is worth noting that characters found in regexes are often
+reserved characters according to
+[RFC 3986](http://www.gbiv.com/protocols/uri/rfc/rfc3986.html) and as such,
+should be percent-encoded. **When configuring Routes with regex paths via the
+Admin API, be sure to URL encode your payload if necessary**. For example,
+with `curl` and using an `application/x-www-form-urlencoded` MIME type:
+
+```bash
+$ curl -i -X POST http://localhost:8001/routes \
+    --data-urlencode 'uris[]=/status/\d+'
+HTTP/1.1 201 Created
+...
+```
+
+Note that `curl` does not automatically URL encode your payload, and note the
+usage of `--data-urlencode`, which prevents the `+` character to be URL decoded
+and interpreted as a space ` ` by Kong's Admin API.
+
+[Back to TOC](#table-of-contents)
+
+#### The `strip_path` property
+
+It may be desirable to specify a path prefix to match a Route, but not
+include it in the upstream request. To do so, use the `strip_path` boolean
+property by configuring a Route like so:
+
+```json
+{
+    "paths": ["/service"],
+    "strip_path": true,
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+Enabling this flag instructs Kong that when matching this Route, and proceeding
+with the proxying to a Service, it should **not** include the matched part of
+the URL path in the upstream request's URL. For example, the following
+client's request to the above Route:
+
+```http
+GET /service/path/to/resource HTTP/1.1
+Host: ...
+```
+
+Will cause Kong to send the following upstream request:
+
+```http
+GET /path/to/resource HTTP/1.1
+Host: ...
+```
+
+The same way, if a regex path is defined on a Route that has `strip_path`
+enabled, the entirety of the request URL matching sequence will be stripped.
+Example:
+
+```json
+{
+    "paths": ["/version/\d+/service"],
+    "strip_path": true,
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+The following HTTP request matching the provided regex path:
+
+```http
+GET /version/1/service/path/to/resource HTTP/1.1
+Host: ...
+```
+
+Will be proxied upstream by Kong as:
+
+```http
+GET /path/to/resource HTTP/1.1
+Host: ...
+```
+
+[Back to TOC](#table-of-contents)
+
+### Request HTTP method
+
+The `methods` field allows matching the requests depending on their HTTP
+method.  It accepts multiple values. Its default value is empty (the HTTP
+method is not used for routing).
+
+The following Route allows routing via `GET` and `HEAD`:
+
+```json
+{
+    "methods": ["GET", "HEAD"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+Such a Route would be matched with the following requests:
+
+```http
+GET / HTTP/1.1
+Host: ...
+```
+
+```http
+HEAD /resource HTTP/1.1
+Host: ...
+```
+
+But it would not match a `POST` or `DELETE` request. This allows for much more
+granularity when configuring plugins on Routes. For example, one could imagine
+two Routes pointing to the same service: one with unlimited unauthenticated
+`GET` requests, and a second one allowing only authenticated and rate-limited
+`POST` requests (by applying the authentication and rate limiting plugins to
+such requests).
+
+[Back to TOC](#table-of-contents)
+
+## Matching priorities
+
+A Route may define matching rules based on its `hosts`, `paths`, and `methods`
+fields. For Kong to match an incoming request to a Route, all existing fields
+must be satisfied. However, Kong allows for quite some flexibility by allowing
+two or more Routes to be configured with fields containing the same values -
+when this occurs, Kong applies a priority rule.
+
+The rule is: **when evaluating a request, Kong will first try to match the
+Routes with the most rules**.
+
+For example, if two Routes are configured like so:
+
+```json
+{
+    "hosts": ["example.com"],
+    "service": {
+        "id": "..."
+    }
+},
+{
+    "hosts": ["example.com"],
+    "methods": ["POST"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+The second Route has a `hosts` field **and** a `methods` field, so it will be
+evaluated first by Kong. By doing so, we avoid the first Route "shadowing"
+calls intended for the second one.
+
+Thus, this request will match the first Route
+
+```http
+GET / HTTP/1.1
+Host: example.com
+```
+
+And this request will match the second one:
+
+```http
+POST / HTTP/1.1
+Host: example.com
+```
+
+Following this logic, if a third Route was to be configured with a `hosts`
+field, a `methods` field, and a `uris` field, it would be evaluated first by
+Kong.
+
+[Back to TOC](#table-of-contents)
+
+## Proxying behavior
+
+The proxying rules above detail how Kong forwards incoming requests to your
+upstream services. Below, we detail what happens internally between the time
+Kong *matches* an HTTP request with a registered Route, and the actual
+*forwarding* of the request.
+
+[Back to TOC](#table-of-contents)
+
+### 1. Load balancing
+
+Kong implements load balancing capabilities to distribute proxied
+requests across a pool of instances of an upstream service.
+
+You can find more information about configuring load balancing by consulting
+the [Load Balancing Reference][load-balancing-reference].
+
+[Back to TOC](#table-of-contents)
+
+### 2. Plugins execution
+
+Kong is extensible via "plugins" that hook themselves in the request/response
+lifecycle of the proxied requests. Plugins can perform a variety of operations
+in your environment and/or transformations on the proxied request.
+
+Plugins can be configured to run globally (for all proxied traffic) or on
+specific Routes and Services. In both cases, you must create a [plugin
+configuration][plugin-configuration-object] via the Admin API.
+
+Once a Route has been matched (and its associated Service entity), Kong will
+run plugins associated to either of those entities. Plugins configured on a
+Route run before plugins configured on a Service, but otherwise, the usual
+rules of [plugins association][plugin-association-rules] apply.
+
+These configured plugins will run their `access` phase, which you can find more
+information about in the [Plugin development guide][plugin-development-guide].
+
+[Back to TOC](#table-of-contents)
+
+### 3. Proxying & upstream timeouts
+
+Once Kong has executed all the necessary logic (including plugins), it is ready
+to forward the request to your upstream service. This is done via Nginx's
+[ngx_http_proxy_module][ngx-http-proxy-module]. You can configure the desired
+timeouts for the connection between Kong and a given upstream, via the following
+properties of a Service:
+
+- `upstream_connect_timeout`: defines in milliseconds the timeout for
+  establishing a connection to your upstream service. Defaults to `60000`.
+- `upstream_send_timeout`: defines in milliseconds a timeout between two
+  successive write operations for transmitting a request to your upstream
+  service.  Defaults to `60000`.
+- `upstream_read_timeout`: defines in milliseconds a timeout between two
+  successive read operations for receiving a request from your upstream
+  service.  Defaults to `60000`.
+
+Kong will send the request over HTTP/1.1, and set the following headers:
+
+- `Host: <your_upstream_host>`, as previously described in this document.
+- `Connection: keep-alive`, to allow for reusing the upstream connections.
+- `X-Real-IP: <remote_addr>`, where `$remote_addr` is the variable bearing
+  the same name provided by
+  [ngx_http_core_module][ngx-remote-addr-variable]. Please note that the
+  `$remote_addr` is likely overridden by
+  [ngx_http_realip_module][ngx-http-realip-module].
+- `X-Forwarded-For: <address>`, where `<address>` is the content of
+  `$realip_remote_addr` provided by
+  [ngx_http_realip_module][ngx-http-realip-module] appended to the request
+  header with the same name.
+- `X-Forwarded-Proto: <protocol>`, where `<protocol>` is the protocol used by
+  the client. In the case where `$realip_remote_addr` is one of the **trusted**
+  addresses, the request header with the same name gets forwarded if provided.
+  Otherwise, the value of the `$scheme` variable provided by
+  [ngx_http_core_module][ngx-scheme-variable] will be used.
+- `X-Forwarded-Host: <host>`, where `<host>` is the host name sent by
+  the client. In the case where `$realip_remote_addr` is one of the **trusted**
+  addresses, the request header with the same name gets forwarded if provided.
+  Otherwise, the value of the `$host` variable provided by
+  [ngx_http_core_module][ngx-host-variable] will be used.
+- `X-Forwarded-Port: <port>`, where `<port>` is the port of the server which
+  accepted a request. In the case where `$realip_remote_addr` is one of the
+  **trusted** addresses, the request header with the same name gets forwarded
+  if provided. Otherwise, the value of the `$server_port` variable provided by
+  [ngx_http_core_module][ngx-server-port-variable] will be used.
+
+All the other request headers are forwarded as-is by Kong.
+
+One exception to this is made when using the WebSocket protocol. If so, Kong
+will set the following headers to allow for upgrading the protocol between the
+client and your upstream services:
+
+- `Connection: Upgrade`
+- `Upgrade: websocket`
+
+More information on this topic is covered in the
+[Proxy WebSocket traffic][proxy-websocket] section.
+
+[Back to TOC](#table-of-contents)
+
+### 4. Errors & retries
+
+Whenever an error occurs during proxying, Kong will use the underlying
+Nginx [retries][ngx-http-proxy-retries] mechanism to pass the request on to
+the next upstream.
+
+There are two configurable elements here:
+
+1. The number of retries: this can be configured per Service using the
+   `retries` property. See the [Admin API][API] for more details on this.
+
+2. What exactly constitutes an error: here Kong uses the Nginx defaults, which
+   means an error or timeout occurring while establishing a connection with the
+   server, passing a request to it, or reading the response headers.
+
+The second option is based on Nginx's
+[proxy_next_upstream][proxy_next_upstream] directive. This option is not
+directly configurable through Kong, but can be added using a custom Nginx
+configuration. See the [configuration reference][configuration-reference] for
+more details.
+
+[Back to TOC](#table-of-contents)
+
+### 5. Response
+
+Kong receives the response from the upstream service and sends it back to the
+downstream client in a streaming fashion. At this point Kong will execute
+subsequent plugins added to the Route and/or Service that implement a hook in
+the `header_filter` phase.
+
+Once the `header_filter` phase of all registered plugins has been executed, the
+following headers will be added by Kong and the full set of headers be sent to
+the client:
+
+- `Via: kong/x.x.x`, where `x.x.x` is the Kong version in use
+- `X-Kong-Proxy-Latency: <latency>`, where `latency` is the time in milliseconds
+  between Kong receiving the request from the client and sending the request to
+  your upstream service.
+- `X-Kong-Upstream-Latency: <latency>`, where `latency` is the time in
+  milliseconds that Kong was waiting for the first byte of the upstream service
+  response.
+
+Once the headers are sent to the client, Kong will start executing
+registered plugins for the Route and/or Service that implement the
+`body_filter` hook. This hook may be called multiple times, due to the
+streaming nature of Nginx. Each chunk of the upstream response that is
+successfully processed by such `body_filter` hooks is sent back to the client.
+You can find more information about the `body_filter` hook in the [Plugin
+development guide][plugin-development-guide].
+
+[Back to TOC](#table-of-contents)
+
+## Configuring a fallback Route
+
+As a practical use-case and example of the flexibility offered by Kong's
+proxying capabilities, let's try to implement a "fallback Route", so that in
+order to avoid Kong responding with an HTTP `404`, "no route found", we can
+catch such requests and proxy them to a special upstream service, or apply a
+plugin to it (such a plugin could, for example, terminate the request with a
+different status code or response without proxying the request).
+
+Here is an example of such a fallback Route:
+
+```json
+{
+    "paths": ["/"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+As you can guess, any HTTP request made to Kong would actually match this
+Route, since all URIs are prefixed by the root character `/`. As we know from
+the [Request path][proxy-request-path] section, the longest URL paths are
+evaluated first by Kong, so the `/` path will eventually be evaluated last by
+Kong, and effectively provide a "fallback" Route, only matched as a last
+resort. You can then send traffic to a special Service or apply any plugin you
+wish on this Route.
+
+[Back to TOC](#table-of-contents)
+
+## Configuring SSL for a Route
+
+Kong provides a way to dynamically serve SSL certificates on a per-connection
+basis. SSL certificates are directly handled by the core, and configurable via
+the Admin API. Clients connecting to Kong over TLS must support the [Server
+Name Indication][SNI] extension to make use of this feature.
+
+SSL certificates are handled by two resources in the Kong Admin API:
+
+- `/certificates`, which stores your keys and certificates.
+- `/snis`, which associates a registered certificate with a Server Name
+  Indication.
+
+You can find the documentation for those two resources in the
+[Admin API Reference][API].
+
+Here is how to configure an SSL certificate on a given Route: first, upload
+your SSL certificate and key via the Admin API:
+
+```bash
+$ curl -i -X POST http://localhost:8001/certificates \
+    -F "cert=@/path/to/cert.pem" \
+    -F "key=@/path/to/cert.key" \
+    -F "snis=ssl-example.com,other-ssl-example.com"
+HTTP/1.1 201 Created
+...
+```
+
+The `snis` form parameter is a sugar parameter, directly inserting an SNI and
+associating the uploaded certificate to it.
+
+You must now register the following Route within Kong. We will match requests
+to this Route using only the Host header for convenience:
+
+```bash
+$ curl -i -X POST http://localhost:8001/routes \
+    -d 'hosts=ssl-example.com,other-ssl-example.com' \
+    -d 'service.id=d54da06c-d69f-4910-8896-915c63c270cd'
+HTTP/1.1 201 Created
+...
+```
+
+You can now expect the Route to be served over HTTPS by Kong:
+
+```bash
+$ curl -i https://localhost:8443/ \
+  -H "Host: ssl-example.com"
+HTTP/1.1 200 OK
+...
+```
+
+When establishing the connection and negotiating the SSL handshake, if your
+client sends `ssl-example.com` as part of the SNI extension, Kong will serve
+the `cert.pem` certificate previously configured.
+
+[Back to TOC](#table-of-contents)
+
+### Restricting the client protocol (HTTP/HTTPS)
+
+Routes have a `protocols` property to restrict the client protocol they should
+listen for. This attribute accepts a set of values, which can be `http` or
+`https`.
+
+A Route with `http` and `https` will accept traffic regardless of the protocol
+the client is connecting with (plain-text or over TLS):
+
+```json
+{
+    "hosts": ["..."],
+    "paths": ["..."],
+    "methods": ["..."],
+    "protocols": ["http", "https"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+Not specifying `https` has the same effect, a route would accept both
+plain-text and TLS traffic:
+
+```json
+{
+    "hosts": ["..."],
+    "paths": ["..."],
+    "methods": ["..."],
+    "protocols": ["http"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+However, a Route with only `https` would _only_ accept traffic over TLS. It
+would _also_ accept unencrypted traffic _if_ SSL termination previously
+occurred from a trusted IP. SSL termination is considered valid when the
+request comes from one of the configured IPs in
+[trusted_ips][configuration-trusted-ips] and if the `X-Forwarded-Proto: https`
+header is set:
+
+```json
+{
+    "hosts": ["..."],
+    "paths": ["..."],
+    "methods": ["..."],
+    "protocols": ["https"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+If a Route such as the above matches a request, but that request is in
+plain-text without valid prior SSL termination, Kong responds with:
+
+```http
+HTTP/1.1 426 Upgrade Required
+Content-Type: application/json; charset=utf-8
+Transfer-Encoding: chunked
+Connection: Upgrade
+Upgrade: TLS/1.2, HTTP/1.1
+Server: kong/x.y.z
+
+{"message":"Please use HTTPS protocol"}
+```
+
+[Back to TOC](#table-of-contents)
+
+## Proxy WebSocket traffic
+
+Kong supports WebSocket traffic thanks to the underlying Nginx implementation.
+When you wish to establish a WebSocket connection between a client and your
+upstream services *through* Kong, you must establish a WebSocket handshake.
+This is done via the HTTP Upgrade mechanism. This is what your client request
+made to Kong would look like:
+
+```http
+GET / HTTP/1.1
+Connection: Upgrade
+Host: my-websocket-api.com
+Upgrade: WebSocket
+```
+
+This will make Kong forward the `Connection` and `Upgrade` headers to your
+upstream service, instead of dismissing them due to the hop-by-hop nature of a
+standard HTTP proxy.
+
+[Back to TOC](#table-of-contents)
+
+### WebSocket and TLS
+
+Kong will accept `ws` and `wss` connections on its respective `http` and
+`https` ports. To enforce TLS connections from clients, set the `protocols`
+property of the [Route][route-entity] to `https` only.
+
+When setting up the [Service][service-entity] to point to your upstream
+WebSocket service, you should carefully pick the protocol you want to use
+between Kong and the upstream. If you want to use TLS (`wss`), then the
+upstream WebSocket service must be defined using the `https` protocol in the
+Service `protocol` property, and the proper port (usually 443). To connect
+without TLS (`ws`), then the `http` protocol and port (usually 80) should be
+used in `protocol` instead.
+
+If you want Kong to terminate SSL/TLS, you can accept `wss` only from the
+client, but proxy to the upstream service over plain text, or `ws`.
+
+[Back to TOC](#table-of-contents)
+
+## Conclusion
+
+Through this guide, we hope you gained knowledge of the underlying proxying
+mechanism of Kong, from how does a request match a Route to be routed to its
+associated Service, on to how to allow for using the WebSocket protocol or
+setup dynamic SSL certificates.
+
+This website is Open-Source and can be found at
+[github.com/Kong/docs.konghq.com](https://github.com/Kong/docs.konghq.com/).
+Feel free to provide feedback to this document there, or propose improvements!
+
+If you haven't already, we suggest that you also read the [Load balancing
+Reference][load-balancing-reference], as it closely relates to the topic we
+just covered.
+
+[Back to TOC](#table-of-contents)
+
+[plugin-configuration-object]: /enterprise/{{page.kong_version}}/admin-api#plugin-object
+[plugin-development-guide]: /enterprise/{{page.kong_version}}/plugin-development
+[plugin-association-rules]: /enterprise/{{page.kong_version}}/admin-api/#precedence
+[load-balancing-reference]: /enterprise/{{page.kong_version}}/loadbalancing
+[configuration-reference]: /enterprise/{{page.kong_version}}/property-reference-reference
+[configuration-trusted-ips]: /enterprise/{{page.kong_version}}/property-reference/#trusted_ips
+[configuring-a-service]: /enterprise/{{page.kong_version}}/getting-started/configuring-a-service
+[API]: /enterprise/{{page.kong_version}}/admin-api
+[service-entity]: /enterprise/{{page.kong_version}}/admin-api/#add-service
+[route-entity]: /enterprise/{{page.kong_version}}/admin-api/#add-route
+
+[ngx-http-proxy-module]: http://nginx.org/en/docs/http/ngx_http_proxy_module.html
+[ngx-http-realip-module]: http://nginx.org/en/docs/http/ngx_http_realip_module.html
+[ngx-remote-addr-variable]: http://nginx.org/en/docs/http/ngx_http_core_module.html#var_remote_addr
+[ngx-scheme-variable]: http://nginx.org/en/docs/http/ngx_http_core_module.html#var_scheme
+[ngx-host-variable]: http://nginx.org/en/docs/http/ngx_http_core_module.html#var_host
+[ngx-server-port-variable]: http://nginx.org/en/docs/http/ngx_http_core_module.html#var_server_port
+[ngx-http-proxy-retries]: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream_tries
+[SNI]: https://en.wikipedia.org/wiki/Server_Name_Indication
diff --git a/app/enterprise/0.34-x/rate-limiting.md b/app/enterprise/0.34-x/rate-limiting.md
index 55bd4688c440..2d855e7ad64d 100644
--- a/app/enterprise/0.34-x/rate-limiting.md
+++ b/app/enterprise/0.34-x/rate-limiting.md
@@ -1,137 +1,3 @@
 ---
-title: Enterprise Rate Limiting Library
----
-
-## Overview
-
-This library is designed to provide an efficient, scalable, eventually-consistent sliding window rate limiting library. It relies on atomic operations in shared ngx memory zones to track window counters within a given node, periodically syncing this data to a central data store (current Cassandra, Postgres, and Redis).
-
-A sliding window rate limiting implementation tracks the number of hits assigned to a specific key (such as an IP address, Consumer, Credential, etc) within a given time window, taking into account previous hit rates to smooth out a calculated rate, while still providing a familiar windowing interface that modern developers are used to (e.g., n hits per second/minute/hour). This is similar to a fixed window implementation, in which request rates reset at the beginning of the window, but without the "reset bump" from which fixed window implementations suffer, while providing a more intuitive interface beyond what leaky bucket or token bucket implementations can offer. Note that we use the term "hit" instead of "request" when referring to incrementing values for rate limit keys, because this library provides an abstract rate limiting interface; a sliding window implementation may have uses outside of HTTP request rate limiting, thus, we describe this library in a more abstract sense.
-
-A sliding window takes into account a weighted value of the previous window when calculating the current rate for a given key. A window is defined as a period of time, starting at a given "floor" timestamp, where the floor is calculated based on the size of the window. For window sizes of 60 seconds, the floor always falls at the 0th second (e.g., at the beginning of any given minute). Likewise, windows with a size of 30 seconds will begin at the 0th and 30th seconds of each minute.
-
-Consider a rate limit of 10 hits per minute. In this configuration, this library will calculate the hit rate of a given key based on the number of hits for the current window (starting at the beginning of the current minute), and a weighted percentage of all hits of the previous window (e.g., the previous minute). This weight is calculated based on the current timestamp with respect to the window size in question; the farther away the current time is from the start of the previous window, the lower the weight percentage. This value is best expressed through an example:
-
-```
-current window rate: 10
-previous window rate: 40
-window size: 60
-window position: 30 (seconds past the start of the current window)
-weight = .5 (60 second window size - 30 seconds past the window start)
-
-rate = 'current rate' + 'previous weight' * 'weight'
-     = 10             + 40                * ('window size' - 'window position') / 'window size'
-     = 10             + 40                * (60 - 30) / 60
-     = 10             + 40                * .5
-     = 30
-```
-Strictly speaking, the formula used to define the weighting percentage is as follows:
-
-`weight = (window_size - (time() % window_size)) / window_size`
-
-Where `time()` is the value of the current Unix timestamp.
-
-Each node in the Kong cluster relies on its own in-memory data store as the source of truth for rate limiting counters. Periodically, each node pushes a counter increment for each key it saw to the cluster, which is expected to atomically apply this diff to the appropriate key. The node then retrieves this key's value from the data store, along with other relevant keys for this data sync cycle. In this manner, each node shares the relevant portions of data with the cluster, while relying on a very high-performance method of tracking data during each request. This cycle of converge -> diverge -> reconverge among nodes in the cluster provides our eventually-consistent model.
-
-he periodic rate at which nodes converge is configurable; shorter sync intervals will result in less divergence of data points when traffic is spread across multiple nodes in the cluster (e.g., when sitting behind a round robin balancer), whereas longer sync intervals put less r/w pressure on the datastore, and less overhead on each node to calculate diffs and fetch new synced values. The desirable value here depends on use case; when using cluster syncing to refresh nodes periodically (e.g., to inform new cluster nodes of counter data), a value of 10-30 seconds may be desirable, to minimize data store traffic. Contrarily, environments demanding stronger consistency between nodes (such as orchestrated deployments involving a high churn rate among cluster membership, or cases where strict rate limiting policies must be applied to node sitting behind a non-hashing load balancer) should use a lower sync period, on the order of milliseconds. The minimum possible value is 0.001 (1 millisecond), though practically this value is limited by network performance between Kong nodes and the configured data store.
-
-In addition to periodic data sync behavior, this library can implement rate limiting counter in a synchronous pattern by defining its `sync_rate` as `0`. In such a case, the given counter will be applied directly to the datastore. This behavior is desirable in cases where stronger consistency among the cluster is desired; such a configuration comes with the cost of needing to communicate with the datastore (or Redis) on every request, which can induce noticeable latency into the request ("noticeable" being a relative term of typically a few milliseconds, depending on the performance of the storage mechanism in question; for comparison, Kong typically processes requests on the order of tens of microseconds).
-
-This library can also forgo syncing counter data entirely, and only apply incremental counters to its local memory zone, by defining a `sync_rate` value of less than `0`. This behavior is useful when cluster-wide syncing of data is unnecessary, such as environments using only a single Kong node, or where Kong nodes live behind a hashing load balancer and are treated as isolated instances.
-
-Module configuration data, such as sync rate, shared dictionary name, storage policy, etc, is kept in a per-worker public configuration table. Multiple configurations can be defined as stored as arbitrary `namespaces` (more on this below).
-
-## Developer Notes
-### Public Functions
-The following public functions are provided by this library:
-
-`ratelimiting.new`
-
-_syntax: ok = ratelimiting.new(opts)_
-
-Define configurations for a new namespace. The following options are accepted:
-
-- dict: Name of the shared dictionary to use
-- sync_rate: Rate, in seconds, to sync data diffs to the storage server.
-- strategy: Storage strategy to use. currently cassandra, postgres, and redis are supported. Strategies must provide several public—functions defined below.
-- strategy_opts: A table of options used by the storage strategy. Currently only applicable for the 'redis' strategy.
-- namespace: String defining these config values. A namespace may only be defined once; if a namespace has already been defined on this worker, an error is thrown. If no namespace is defined, the literal string "default" will be used.
-- window_sizes: A list of window sizes used by this configuration.
-
-`ratelimiting.increment`
-
-_syntax: rate = ratelimiting.increment(key, window_size, value, namespace?)_
-
-Increment a given key for window_size by value. If namespace is undefined, the "default" namespace is used. value can be any number Lua type (but ensure that the storage strategy in use for this namespace can support decimal values if a non-integer value is provided). This function returns the sliding rate for this key/window_size after the increment of value has been applied.
-
-`ratelimit.sliding_window`
-
-_syntax: rate = ratelimit.sliding_window(key, window_size, cur_diff?, namespace?)_
-
-Return the current sliding rate for this key/window_size. An optional cur_diff value can be provided that overrides the current stored diff for this key. If `namespace` is undefined, the "default" namespace is used.
-
-`ratelimiting.sync`
-
-_syntax: ratelimiting.sync(premature, namespace?)_
-
-Sync all currently stored key diffs in this worker with the storage server, and retrieve the newly synced value. If namespace is undefined, the "default" `namespace` is used. Before the diffs are pushed, another sync call for the given namespace is scheduled at `sync_rate` seconds in the future. Given this, this function should typically be called during the `init_worker` phase to initialize the recurring timer. This function is intended to be called in an `ngx.timer` context; hence, the first variable represents the injected `premature` param.
-
-`ratelimiting.fetch`
-
-_syntax: ratelimiting.fetch(premature, namespace, time, timeout?)_
-
-Retrieve all relevant counters for the given namespace at the given time. This 
-function establishes a shm mutex such that only one worker will fetch and 
-populate the shm per execution. If timeout is defined, the mutex will expire 
-based on the given timeout value; otherwise, the mutex is unlocked immediately 
-following the dictionary update. This function can be called in an `ngx.timer` 
-context; hence, the first variable represents the injected `premature` param.
-
-### Strategy Functions
-
-Storage strategies must provide the following interfaces:
-
-#### strategy_class.new
-_syntax: strategy = strategy_class.new(dao_factory, opts)_
-
-Implement a new strategy object. `opts` is expected to be a table type, and can be used to pass opaque/arbitrary options to the strategy class.
-
-#### strategy:push_diffs
-_syntax: strategy:push_diffs(diffs)_
-
-Push a table of key diffs to the storage server. diffs is a table provided in the following format:
-
-```
-[1] = {
-    key = "1.2.3.4",
-    windows = {
-      {
-        window    = 12345610,
-        size      = 60,
-        diff      = 5,
-        namespace = foo,
-      },
-      {
-        window    = 12345670,
-        size      = 60,
-        diff      = 5,
-        namespace = foo,
-      },
-    }
-  },
-  ...
-  ["1.2.3.4"] = 1,
-  ...
-  ```
-
-#### strategy:get_counters
-
-_syntax: rows = strategy:get_counters(namespace, window_sizes, time?)_
-
-Return an iterator for each key stored in the datastore/redis for a given `namepsace` and list of window sizes. 'time' is an optional unix second- precision timestamp; if not provided, this value will be set via `ngx.time()`. It is encouraged to pass this via a previous defined timestamp, depending on the context (e.g., if previous calls in the same thread took a nontrivial amount of time to run).
-
-#### strategy:get_window
-
-_syntax: window = strategy:get_window(key, namespace, window_start, window_size)_
-
-Retrieve a single key from the data store based on the values provided.
+redirect_to: /enterprise/references/rate-limiting/
+---
\ No newline at end of file
diff --git a/app/enterprise/0.34-x/rbac/admin-api.md b/app/enterprise/0.34-x/rbac/admin-api.md
index 68dd5345d9bc..40fc741bb18b 100644
--- a/app/enterprise/0.34-x/rbac/admin-api.md
+++ b/app/enterprise/0.34-x/rbac/admin-api.md
@@ -846,7 +846,7 @@ HTTP 204 No Content
 ---
 
 
-[Admin API]: /{{page.kong_version}}/admin-api/
+[Admin API]: /enterprise/{{page.kong_version}}/admin-api/
 
 ## List a User's Permissions
 **Endpoint**
diff --git a/app/enterprise/0.34-x/rbac/overview.md b/app/enterprise/0.34-x/rbac/overview.md
index 6c3d7c7b3848..69f30ac0864f 100644
--- a/app/enterprise/0.34-x/rbac/overview.md
+++ b/app/enterprise/0.34-x/rbac/overview.md
@@ -1,5 +1,9 @@
 ---
 title: RBAC Overview
+redirect_from:
+  - /enterprise/0.34-x/plugins/rbac-api/
+  - /enterprise/0.34-x/kong-manager/organization-management/rbac-in-workspaces/
+  - /enterprise/0.34-x/organization-management/rbac-and-perms/
 book: rbac
 chapter: 1
 ---
@@ -34,7 +38,7 @@ also allows Entity-Level permissions. As such, its configuration directive
 possible values is:
 
 - `on`: similarly to the previous RBAC implementation, applies Endpoint-level
-access control
+  access control
 - `entity`: applies **only** Entity-level access control
 - `both`: applies **both Endpoint and Entity level access control**
 - `off`: disables RBAC enforcement
@@ -109,7 +113,7 @@ A user identifies the actor sending the current request. Users are identified
 by Kong via the `user_token` element, sent to the Admin API as a request header.
 A user is assigned one or more Roles, the permissions of which determine what
 resources the user is allowed access. Users can be quickly enabled or disabled via
-the `enabled` flag on the User entity in the Admin API; this allows 
+the `enabled` flag on the User entity in the Admin API; this allows
 Admins to quickly enable and disable users without removing their
 tokens or metadata.
 
@@ -138,19 +142,20 @@ As concrete examples, let's say we want to create a role implementing the
 following use cases:
 
 - A permission that allows a Role (or, more precisely, users in that role), to
-perform any action, over any workspace, and any endpoint:
-  * `endpoint`: `*` - the `*` matches **any** endpoint
-  * `actions`: `*` - the `*` matches **any** action
-  * `workspace`: `*` - the `*` matches **any** workspace
-  * `negative`: `false`
+  perform any action, over any workspace, and any endpoint:
+
+  - `endpoint`: `*` - the `*` matches **any** endpoint
+  - `actions`: `*` - the `*` matches **any** action
+  - `workspace`: `*` - the `*` matches **any** workspace
+  - `negative`: `false`
 
 - Now, I want to explicitly **disallow** write access to the `/rbac/users`
-endpoint, so that users in the Role cannot create, update, or delete my RBAC
-users:
-  * `endpoint`: `/rbac/users`
-  * `actions`: `create,update,delete`
-  * `workspace`: `*`
-  * `negative`: `true`
+  endpoint, so that users in the Role cannot create, update, or delete my RBAC
+  users:
+  - `endpoint`: `/rbac/users`
+  - `actions`: `create,update,delete`
+  - `workspace`: `*`
+  - `negative`: `true`
 
 For more examples, along with API calls, check out the
 [RBAC Examples Chapter][rbac-examples].
@@ -174,9 +179,9 @@ boilerplate RBAC entities. The default permissions are:
 
 - **read-only** This role has read access to all default Kong endpoints
 - **admin** This role has read, create, update, and delete access to all Kong
-endpoints, except for the RBAC Admin API
+  endpoints, except for the RBAC Admin API
 - **super-admin** This role has read, create, update, and delete access to all
-Kong endpoints, including the RBAC Admin API
+  Kong endpoints, including the RBAC Admin API
 
 Kong does not provide any users by default, as this would be a
 backdoor into Admin API security. As such, it is the Admin's responsibility
diff --git a/app/enterprise/0.34-x/secure-admin-api.md b/app/enterprise/0.34-x/secure-admin-api.md
new file mode 100644
index 000000000000..302570bee55d
--- /dev/null
+++ b/app/enterprise/0.34-x/secure-admin-api.md
@@ -0,0 +1,159 @@
+---
+title: Securing the Admin API
+---
+
+## Introduction
+
+Kong's Admin API provides a RESTful interface for administration and
+configuration of Services, Routes, Plugins, Consumers, and Credentials. Because this
+API allows full control of Kong, it is important to secure this API against
+unwanted access. This document describes a few possible approaches to securing
+the Admin API.
+
+## Network Layer Access Restrictions
+
+### Minimal Listening Footprint
+
+By default since its 0.12.0 release, Kong will only accept requests from the
+local interface, as specified in its default `admin_listen` value:
+
+```
+admin_listen = 127.0.0.1:8001
+```
+
+If you change this value, always ensure to keep the listening footprint to a
+minimum, in order to avoid exposing your Admin API to third-parties, which
+could seriously compromise the security of your Kong cluster as a whole.
+For example, **avoid binding Kong to all of your interfaces**, by using
+values such as `0.0.0.0:8001`.
+
+[Back to TOC](#table-of-contents)
+
+### Layer 3/4 Network Controls
+
+In cases where the Admin API must be exposed beyond a localhost interface,
+network security best practices dictate that network-layer access be restricted
+as much as possible. Consider an environment in which Kong listens on a private
+network interface, but should only be accessed by a small subset of an IP range.
+In such a case, host-based firewalls (e.g. iptables) are useful in limiting
+input traffic ranges. For example:
+
+
+```bash
+# assume that Kong is listening on the address defined below, as defined as a
+# /24 CIDR block, and only a select few hosts in this range should have access
+
+$ grep admin_listen /etc/kong/kong.conf
+admin_listen 10.10.10.3:8001
+
+# explicitly allow TCP packets on port 8001 from the Kong node itself
+# this is not necessary if Admin API requests are not sent from the node
+$ iptables -A INPUT -s 10.10.10.3 -m tcp -p tcp --dport 8001 -j ACCEPT
+
+# explicitly allow TCP packets on port 8001 from the following addresses
+$ iptables -A INPUT -s 10.10.10.4 -m tcp -p tcp --dport 8001 -j ACCEPT
+$ iptables -A INPUT -s 10.10.10.5 -m tcp -p tcp --dport 8001 -j ACCEPT
+
+# drop all TCP packets on port 8001 not in the above IP list
+$ iptables -A INPUT -m tcp -p tcp --dport 8001 -j DROP
+
+```
+
+Additional controls, such as similar ACLs applied at a network device level, are
+encouraged, but fall outside the scope of this document.
+
+[Back to TOC](#table-of-contents)
+
+## Kong API Loopback
+
+Kong's routing design allows it to serve as a proxy for the Admin API itself. In
+this manner, Kong itself can be used to provide fine-grained access control to
+the Admin API. Such an environment requires bootstrapping a new Service that defines
+the `admin_listen` address as the Service's `url`. For example:
+
+```bash
+# assume that Kong has defined admin_listen as 127.0.0.1:8001, and we want to
+# reach the Admin API via the url `/admin-api`
+
+$ curl -X POST http://localhost:8001/services \
+  --data name=admin-api \
+  --data host=localhost \
+  --data port=8001
+
+$ curl -X POST http://localhost:8001/services/admin-api/routes \
+  --data paths[]=/admin-api
+  
+# we can now transparently reach the Admin API through the proxy server
+$ curl localhost:8000/admin-api/apis
+{
+   "data":[
+      {
+         "uris":[
+            "\/admin-api"
+         ],
+         "id":"653b21bd-4d81-4573-ba00-177cc0108dec",
+         "upstream_read_timeout":60000,
+         "preserve_host":false,
+         "created_at":1496351805000,
+         "upstream_connect_timeout":60000,
+         "upstream_url":"http:\/\/localhost:8001",
+         "strip_uri":true,
+         "https_only":false,
+         "name":"admin-api",
+         "http_if_terminated":true,
+         "upstream_send_timeout":60000,
+         "retries":5
+      }
+   ],
+   "total":1
+}
+```
+
+From here, simply apply desired Kong-specific security controls (such as
+[basic][basic-auth] or [key authentication][key-auth],
+[IP restrictions][ip-restriction], or [access control lists][acl]) as you would
+normally to any other Kong API.
+
+[Back to TOC](#table-of-contents)
+
+## Custom Nginx Configuration
+
+Kong is tightly coupled with Nginx as an HTTP daemon, and can thus be integrated
+into environments with custom Nginx configurations. In this manner, use cases
+with complex security/access control requirements can use the full power of
+Nginx/OpenResty to build server/location blocks to house the Admin API as
+necessary. This allows such environments to leverage native Nginx authorization
+and authentication mechanisms, ACL modules, etc., in addition to providing the
+OpenResty environment on which custom/complex security controls can be built.
+
+For more information on integrating Kong into custom Nginx configurations, see
+[Custom Nginx configuration & embedding Kong][custom-configuration].
+
+[Back to TOC](#table-of-contents)
+
+## Role Based Access Control ##
+
+<div class="alert alert-warning">
+  <strong>Enterprise-Only</strong> This feature is only available with an
+  Enterprise Subscription.
+</div>
+
+Enterprise users can configure role-based access control to secure access to the
+Admin API. RBAC allows for fine-grained control over resource access based on
+a model of user roles and permissions. Users are assigned to one or more roles,
+which each in turn possess one or more permissions granting or denying access
+to a particular resource. In this way, fine-grained control over specific Admin
+API resources can be enforced, while scaling to allow complex, case-specific
+uses.
+
+If you are not a Kong Enterprise customer, you can inquire about our
+Enterprise offering by [contacting us](/enterprise).
+
+[Back to TOC](#table-of-contents)
+
+
+[acl]: /plugins/acl
+[basic-auth]: /plugins/basic-authentication/
+[custom-configuration]: /enterprise/{{page.kong_version}}/property-reference/#custom-nginx-configuration
+[ip-restriction]: /plugins/ip-restriction
+[key-auth]: /plugins/key-authentication
diff --git a/app/enterprise/0.34-x/vitals-prometheus-strategy.md b/app/enterprise/0.34-x/vitals-prometheus-strategy.md
index ad28a7ce0e99..d81a0e92e041 100644
--- a/app/enterprise/0.34-x/vitals-prometheus-strategy.md
+++ b/app/enterprise/0.34-x/vitals-prometheus-strategy.md
@@ -22,7 +22,8 @@ using default config that listens on port `9090`.
 
 The latest release of StatsD exporter can be found at the
 [Bintray](https://bintray.com/kong/statsd-exporter). The binary is distributed
-with some specific features like min/max gauges and Unix domain socket support.
+with some specific features like min/max gauges. Alternatively, a
+[Docker image](https://bintray.com/kong/statsd-exporter-docker) is also available.
 
 StatsD exporter needed to configured with a set of mapping rules to translate
 the StatsD UDP events to Prometheus metrics. A default set of mapping rules can
@@ -37,12 +38,15 @@ $ ./statsd_exporter --statsd.mapping-config=statsd.rules.yaml \
 
 The StatsD mapping rules file must be configured to match the metrics sent from
 Kong. To learn how to customize the StatsD events name, please refer to
-[Enable Vitals with Prometheus strategy in Kong](#enable-Vitals-with-prometheus-strategy-in-kong)
+[Enable Vitals with Prometheus strategy in Kong](#enable-vitals-with-prometheus-strategy-in-kong)
 section.
 
 StatsD exporter can run either on a separate node from Kong (to avoid resource
 competition with Kong), or on the same host with Kong (to reduce unnecessary
-network overhead).
+network overhead). Note that feeding metrics from multiple Kong nodes into a single
+StatsD exporter is currently not supported, as it would result in a metrics conflict.
+It's also recommended to match the number of Kong nodes to StatsD exporters for
+better scalability.
 
 In this guide, we assume StatsD exporter is running on hostname `statsd-node`,
 using default config that listens to UDP traffic on port `9125` and the metrics 
diff --git a/app/enterprise/0.34-x/workspaces/admin-api.md b/app/enterprise/0.34-x/workspaces/admin-api.md
index 0e6399ffba88..368c1cdfac4c 100644
--- a/app/enterprise/0.34-x/workspaces/admin-api.md
+++ b/app/enterprise/0.34-x/workspaces/admin-api.md
@@ -339,4 +339,4 @@ Next: [Workspaces Examples &rsaquo;]({{page.book.next}})
 
 ---
 
-[Admin API]: /{{page.kong_version}}/admin-api/
+[Admin API]: /enterprise/{{page.kong_version}}/admin-api/
diff --git a/app/enterprise/0.34-x/workspaces/examples.md b/app/enterprise/0.34-x/workspaces/examples.md
index 15efd785bfa3..fb3fab6d95f6 100644
--- a/app/enterprise/0.34-x/workspaces/examples.md
+++ b/app/enterprise/0.34-x/workspaces/examples.md
@@ -489,4 +489,4 @@ Next: [RBAC Overview &rsaquo;](/enterprise/{{page.kong_version}}/rbac/overview)
 
 ---
 
-[services]: /{{page.kong_version}}/admin-api/#service-object
+[services]: /enterprise/{{page.kong_version}}/admin-api/#service-object
diff --git a/app/enterprise/0.35-x/admin-api/index.md b/app/enterprise/0.35-x/admin-api/index.md
index d3bef79edaf8..c096f7032aad 100644
--- a/app/enterprise/0.35-x/admin-api/index.md
+++ b/app/enterprise/0.35-x/admin-api/index.md
@@ -1,16 +1,2732 @@
 ---
 title: Admin API
+redirect_from:
+  - /0.35-x/admin-api/
 toc: false
+
+service_body: |
+    Attributes | Description
+    ---:| ---
+    `name`<br>*optional* | The Service name.
+    `retries`<br>*optional* | The number of retries to execute upon failure to proxy. Defaults to `5`.
+    `protocol` |  The protocol used to communicate with the upstream. It can be one of `http` or `https`.  Defaults to `"http"`.
+    `host` | The host of the upstream server.
+    `port` | The upstream server port. Defaults to `80`.
+    `path`<br>*optional* | The path to be used in requests to the upstream server.
+    `connect_timeout`<br>*optional* |  The timeout in milliseconds for establishing a connection to the upstream server.  Defaults to `60000`.
+    `write_timeout`<br>*optional* |  The timeout in milliseconds between two successive write operations for transmitting a request to the upstream server.  Defaults to `60000`.
+    `read_timeout`<br>*optional* |  The timeout in milliseconds between two successive read operations for transmitting a request to the upstream server.  Defaults to `60000`.
+    `url`<br>*shorthand-attribute* |  Shorthand attribute to set `protocol`, `host`, `port` and `path` at once. This attribute is write-only (the Admin API never "returns" the url). 
+
+service_json: |
+    {
+        "id": "0c61e164-6171-4837-8836-8f5298726d53",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-service",
+        "retries": 5,
+        "protocol": "http",
+        "host": "example.com",
+        "port": 80,
+        "path": "/some_api",
+        "connect_timeout": 60000,
+        "write_timeout": 60000,
+        "read_timeout": 60000
+    }
+
+service_data: |
+    "data": [{
+        "id": "f00c6da4-3679-4b44-b9fb-36a19bd3ae83",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-service",
+        "retries": 5,
+        "protocol": "http",
+        "host": "example.com",
+        "port": 80,
+        "path": "/some_api",
+        "connect_timeout": 60000,
+        "write_timeout": 60000,
+        "read_timeout": 60000
+    }, {
+        "id": "bdab0e47-4e37-4f0b-8fd0-87d95cc4addc",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-service",
+        "retries": 5,
+        "protocol": "http",
+        "host": "example.com",
+        "port": 80,
+        "path": "/another_api",
+        "connect_timeout": 60000,
+        "write_timeout": 60000,
+        "read_timeout": 60000
+    }],
+
+route_body: |
+    Attributes | Description
+    ---:| ---
+    `name`<br>*optional* | The name of the Route.
+    `protocols` |  A list of the protocols this Route should allow. When set to `["https"]`, HTTP requests are answered with a request to upgrade to HTTPS.  Defaults to `["http", "https"]`.
+    `methods`<br>*semi-optional* |  A list of HTTP methods that match this Route. When using `http` or `https` protocols, at least one of `hosts`, `paths`, or `methods` must be set. 
+    `hosts`<br>*semi-optional* |  A list of domain names that match this Route. When using `http` or `https` protocols, at least one of `hosts`, `paths`, or `methods` must be set.  With form-encoded, the notation is `hosts[]=example.com&hosts[]=foo.test`. With JSON, use an Array.
+    `paths`<br>*semi-optional* |  A list of paths that match this Route. When using `http` or `https` protocols, at least one of `hosts`, `paths`, or `methods` must be set.  With form-encoded, the notation is `paths[]=/foo&paths[]=/bar`. With JSON, use an Array.
+    `regex_priority`<br>*optional* |  A number used to choose which route resolves a given request when several routes match it using regexes simultaneously. When two routes match the path and have the same `regex_priority`, the older one (lowest `created_at`) is used. Note that the priority for non-regex routes is different (longer non-regex routes are matched before shorter ones).  Defaults to `0`.
+    `strip_path`<br>*optional* |  When matching a Route via one of the `paths`, strip the matching prefix from the upstream request URL.  Defaults to `true`.
+    `preserve_host`<br>*optional* |  When matching a Route via one of the `hosts` domain names, use the request `Host` header in the upstream request headers. If set to `false`, the upstream `Host` header will be that of the Service's `host`. 
+    `snis`<br>*semi-optional* |  A list of SNIs that match this Route when using stream routing. When using `tcp` or `tls` protocols, at least one of `snis`, `sources`, or `destinations` must be set. 
+    `sources`<br>*semi-optional* |  A list of IP sources of incoming connections that match this Route when using stream routing. Each entry is an object with fields "ip" (optionally in CIDR range notation) and/or "port". When using `tcp` or `tls` protocols, at least one of `snis`, `sources`, or `destinations` must be set. 
+    `destinations`<br>*semi-optional* |  A list of IP destinations of incoming connections that match this Route when using stream routing. Each entry is an object with fields "ip" (optionally in CIDR range notation) and/or "port". When using `tcp` or `tls` protocols, at least one of `snis`, `sources`, or `destinations` must be set. 
+    `service` |  The Service this Route is associated to. This is where the Route proxies traffic to.  With form-encoded, the notation is `service.id=<service_id>`. With JSON, use `"service":{"id":"<service_id>"}`.
+
+route_json: |
+    {
+        "id": "173a6cee-90d1-40a7-89cf-0329eca780a6",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-route",
+        "protocols": ["http", "https"],
+        "methods": ["GET", "POST"],
+        "hosts": ["example.com", "foo.test"],
+        "paths": ["/foo", "/bar"],
+        "regex_priority": 0,
+        "strip_path": true,
+        "preserve_host": false,
+        "service": {"id":"f5a9c0ca-bdbb-490f-8928-2ca95836239a"}
+    }
+
+route_data: |
+    "data": [{
+        "id": "885a0392-ef1b-4de3-aacf-af3f1697ce2c",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-route",
+        "protocols": ["http", "https"],
+        "methods": ["GET", "POST"],
+        "hosts": ["example.com", "foo.test"],
+        "paths": ["/foo", "/bar"],
+        "regex_priority": 0,
+        "strip_path": true,
+        "preserve_host": false,
+        "service": {"id":"a3395f66-2af6-4c79-bea2-1b6933764f80"}
+    }, {
+        "id": "4fe14415-73d5-4f00-9fbc-c72a0fccfcb2",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-route",
+        "protocols": ["tcp", "tls"],
+        "regex_priority": 0,
+        "strip_path": true,
+        "preserve_host": false,
+        "snis": ["foo.test", "example.com"],
+        "sources": [{"ip":"10.1.0.0/16", "port":1234}, {"ip":"10.2.2.2"}, {"port":9123}],
+        "destinations": [{"ip":"10.1.0.0/16", "port":1234}, {"ip":"10.2.2.2"}, {"port":9123}],
+        "service": {"id":"ea29aaa3-3b2d-488c-b90c-56df8e0dd8c6"}
+    }],
+
+consumer_body: |
+    Attributes | Description
+    ---:| ---
+    `username`<br>*semi-optional* |  The unique username of the consumer. You must send either this field or `custom_id` with the request. 
+    `custom_id`<br>*semi-optional* |  Field for storing an existing unique ID for the consumer - useful for mapping Kong with users in your existing database. You must send either this field or `username` with the request. 
+
+consumer_json: |
+    {
+        "id": "58c8ccbb-eafb-4566-991f-2ed4f678fa70",
+        "created_at": 1422386534,
+        "username": "my-username",
+        "custom_id": "my-custom-id"
+    }
+
+consumer_data: |
+    "data": [{
+        "id": "4e8d95d4-40f2-4818-adcb-30e00c349618",
+        "created_at": 1422386534,
+        "username": "my-username",
+        "custom_id": "my-custom-id"
+    }, {
+        "id": "b87eb55d-69a1-41d2-8653-8d706eecefc0",
+        "created_at": 1422386534,
+        "username": "my-username",
+        "custom_id": "my-custom-id"
+    }],
+
+plugin_body: |
+    Attributes | Description
+    ---:| ---
+    `name` |  The name of the Plugin that's going to be added. Currently the Plugin must be installed in every Kong instance separately. 
+    `route`<br>*optional* |  If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the Route being used.  Defaults to `null`. With form-encoded, the notation is `route.id=<route_id>`. With JSON, use `"route":{"id":"<route_id>"}`.
+    `service`<br>*optional* |  If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.  Defaults to `null`. With form-encoded, the notation is `service.id=<service_id>`. With JSON, use `"service":{"id":"<service_id>"}`.
+    `consumer`<br>*optional* |  If set, the plugin will activate only for requests where the specified has been authenticated. (Note that some plugins can not be restricted to consumers this way.). Leave unset for the plugin to activate regardless of the authenticated consumer.  Defaults to `null`. With form-encoded, the notation is `consumer.id=<consumer_id>`. With JSON, use `"consumer":{"id":"<consumer_id>"}`.
+    `config`<br>*optional* |  The configuration properties for the Plugin which can be found on the plugins documentation page in the [Kong Hub](https://docs.konghq.com/hub/). 
+    `run_on` |  Control on which Kong nodes this plugin will run, given a Service Mesh scenario. Accepted values are: * `first`, meaning "run on the first Kong node that is encountered by the request". On an API Getaway scenario, this is the usual operation, since there is only one Kong node in between source and destination. In a sidecar-to-sidecar Service Mesh scenario, this means running the plugin only on the Kong sidecar of the outbound connection. * `second`, meaning "run on the second node that is encountered by the request". This option is only relevant for sidecar-to-sidecar Service Mesh scenarios: this means running the plugin only on the Kong sidecar of the inbound connection. * `all` means "run on all nodes", meaning both sidecars in a sidecar-to-sidecar scenario. This is useful for tracing/logging plugins.  Defaults to `"first"`.
+    `enabled`<br>*optional* | Whether the plugin is applied. Defaults to `true`.
+
+plugin_json: |
+    {
+        "id": "a3ad71a8-6685-4b03-a101-980a953544f6",
+        "name": "rate-limiting",
+        "created_at": 1422386534,
+        "route": null,
+        "service": null,
+        "consumer": null,
+        "config": {"hour":500, "minute":20},
+        "run_on": "first",
+        "enabled": true
+    }
+
+plugin_data: |
+    "data": [{
+        "id": "147f5ef0-1ed6-4711-b77f-489262f8bff7",
+        "name": "rate-limiting",
+        "created_at": 1422386534,
+        "route": null,
+        "service": null,
+        "consumer": null,
+        "config": {"hour":500, "minute":20},
+        "run_on": "first",
+        "enabled": true
+    }, {
+        "id": "a2e013e8-7623-4494-a347-6d29108ff68b",
+        "name": "rate-limiting",
+        "created_at": 1422386534,
+        "route": null,
+        "service": null,
+        "consumer": null,
+        "config": {"hour":500, "minute":20},
+        "run_on": "first",
+        "enabled": true
+    }],
+
+certificate_body: |
+    Attributes | Description
+    ---:| ---
+    `cert` | PEM-encoded public certificate of the SSL key pair.
+    `key` | PEM-encoded private key of the SSL key pair.
+    `snis`<br>*shorthand-attribute* |  An array of zero or more hostnames to associate with this certificate as SNIs. This is a sugar parameter that will, under the hood, create an SNI object and associate it with this certificate for your convenience. 
+
+certificate_json: |
+    {
+        "id": "91020192-062d-416f-a275-9addeeaffaf2",
+        "created_at": 1422386534,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+        "key": "-----BEGIN RSA PRIVATE KEY-----..."
+    }
+
+certificate_data: |
+    "data": [{
+        "id": "d26761d5-83a4-4f24-ac6c-cff276f2b79c",
+        "created_at": 1422386534,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+        "key": "-----BEGIN RSA PRIVATE KEY-----..."
+    }, {
+        "id": "43429efd-b3a5-4048-94cb-5cc4029909bb",
+        "created_at": 1422386534,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+        "key": "-----BEGIN RSA PRIVATE KEY-----..."
+    }],
+
+sni_body: |
+    Attributes | Description
+    ---:| ---
+    `name` | The SNI name to associate with the given certificate.
+    `certificate` |  The id (a UUID) of the certificate with which to associate the SNI hostname  With form-encoded, the notation is `certificate.id=<certificate_id>`. With JSON, use `"certificate":{"id":"<certificate_id>"}`.
+
+sni_json: |
+    {
+        "id": "04fbeacf-a9f1-4a5d-ae4a-b0407445db3f",
+        "name": "my-sni",
+        "created_at": 1422386534,
+        "certificate": {"id":"a9b2107f-a214-47b3-add4-46b942187924"}
+    }
+
+sni_data: |
+    "data": [{
+        "id": "d044b7d4-3dc2-4bbc-8e9f-6b7a69416df6",
+        "name": "my-sni",
+        "created_at": 1422386534,
+        "certificate": {"id":"7fca84d6-7d37-4a74-a7b0-93e576089a41"}
+    }, {
+        "id": "66c7b5c4-4aaf-4119-af1e-ee3ad75d0af4",
+        "name": "my-sni",
+        "created_at": 1422386534,
+        "certificate": {"id":"02621eee-8309-4bf6-b36b-a82017a5393e"}
+    }],
+
+certificate_authority_body: |
+    Attributes | Description
+    ---:| ---
+    `cert` | PEM-encoded public CA certificate.
+
+certificate_authority_json: |
+    {
+        "id": "322dce96-d434-4e0d-9038-311b3520f0a3",
+        "created_at": 1566597621,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+    }
+
+certificate_authority_data: |
+    "data": [{
+        "id": "322dce96-d434-4e0d-9038-311b3520f0a3",
+        "created_at": 1566597621,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+    }, {
+        "id": "43629afd-bda5-4248-94cb-5cc4029909bb",
+        "created_at": 1566597621,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+    }],
+
+upstream_body: |
+    Attributes | Description
+    ---:| ---
+    `name` | This is a hostname, which must be equal to the `host` of a Service.
+    `hash_on`<br>*optional* | What to use as hashing input: `none` (resulting in a weighted-round-robin scheme with no hashing), `consumer`, `ip`, `header`, or `cookie`. Defaults to `"none"`.
+    `hash_fallback`<br>*optional* | What to use as hashing input if the primary `hash_on` does not return a hash (eg. header is missing, or no consumer identified). One of: `none`, `consumer`, `ip`, `header`, or `cookie`. Not available if `hash_on` is set to `cookie`. Defaults to `"none"`.
+    `hash_on_header`<br>*semi-optional* | The header name to take the value from as hash input. Only required when `hash_on` is set to `header`.
+    `hash_fallback_header`<br>*semi-optional* | The header name to take the value from as hash input. Only required when `hash_fallback` is set to `header`.
+    `hash_on_cookie`<br>*semi-optional* | The cookie name to take the value from as hash input. Only required when `hash_on` or `hash_fallback` is set to `cookie`. If the specified cookie is not in the request, Kong will generate a value and set the cookie in the response.
+    `hash_on_cookie_path`<br>*semi-optional* | The cookie path to set in the response headers. Only required when `hash_on` or `hash_fallback` is set to `cookie`. Defaults to `"/"`.
+    `slots`<br>*optional* | The number of slots in the loadbalancer algorithm (`10`-`65536`). Defaults to `10000`.
+    `healthchecks.active.https_verify_certificate`<br>*optional* | Whether to check the validity of the SSL certificate of the remote host when performing active health checks using HTTPS. Defaults to `true`.
+    `healthchecks.active.unhealthy.http_statuses`<br>*optional* | An array of HTTP statuses to consider a failure, indicating unhealthiness, when returned by a probe in active health checks. Defaults to `[429, 404, 500, 501, 502, 503, 504, 505]`. With form-encoded, the notation is `http_statuses[]=429&http_statuses[]=404`. With JSON, use an Array.
+    `healthchecks.active.unhealthy.tcp_failures`<br>*optional* | Number of TCP failures in active probes to consider a target unhealthy. Defaults to `0`.
+    `healthchecks.active.unhealthy.timeouts`<br>*optional* | Number of timeouts in active probes to consider a target unhealthy. Defaults to `0`.
+    `healthchecks.active.unhealthy.http_failures`<br>*optional* | Number of HTTP failures in active probes (as defined by `healthchecks.active.unhealthy.http_statuses`) to consider a target unhealthy. Defaults to `0`.
+    `healthchecks.active.unhealthy.interval`<br>*optional* | Interval between active health checks for unhealthy targets (in seconds). A value of zero indicates that active probes for unhealthy targets should not be performed. Defaults to `0`.
+    `healthchecks.active.http_path`<br>*optional* | Path to use in GET HTTP request to run as a probe on active health checks. Defaults to `"/"`.
+    `healthchecks.active.timeout`<br>*optional* | Socket timeout for active health checks (in seconds). Defaults to `1`.
+    `healthchecks.active.healthy.http_statuses`<br>*optional* | An array of HTTP statuses to consider a success, indicating healthiness, when returned by a probe in active health checks. Defaults to `[200, 302]`. With form-encoded, the notation is `http_statuses[]=200&http_statuses[]=302`. With JSON, use an Array.
+    `healthchecks.active.healthy.interval`<br>*optional* | Interval between active health checks for healthy targets (in seconds). A value of zero indicates that active probes for healthy targets should not be performed. Defaults to `0`.
+    `healthchecks.active.healthy.successes`<br>*optional* | Number of successes in active probes (as defined by `healthchecks.active.healthy.http_statuses`) to consider a target healthy. Defaults to `0`.
+    `healthchecks.active.https_sni`<br>*optional* | The hostname to use as an SNI (Server Name Identification) when performing active health checks using HTTPS. This is particularly useful when Targets are configured using IPs, so that the target host's certificate can be verified with the proper SNI.
+    `healthchecks.active.concurrency`<br>*optional* | Number of targets to check concurrently in active health checks. Defaults to `10`.
+    `healthchecks.active.type`<br>*optional* | Whether to perform active health checks using HTTP or HTTPS, or just attempt a TCP connection. Possible values are `tcp`, `http` or `https`. Defaults to `"http"`.
+    `healthchecks.passive.unhealthy.http_failures`<br>*optional* | Number of HTTP failures in proxied traffic (as defined by `healthchecks.passive.unhealthy.http_statuses`) to consider a target unhealthy, as observed by passive health checks. Defaults to `0`.
+    `healthchecks.passive.unhealthy.http_statuses`<br>*optional* | An array of HTTP statuses which represent unhealthiness when produced by proxied traffic, as observed by passive health checks. Defaults to `[429, 500, 503]`. With form-encoded, the notation is `http_statuses[]=429&http_statuses[]=500`. With JSON, use an Array.
+    `healthchecks.passive.unhealthy.tcp_failures`<br>*optional* | Number of TCP failures in proxied traffic to consider a target unhealthy, as observed by passive health checks. Defaults to `0`.
+    `healthchecks.passive.unhealthy.timeouts`<br>*optional* | Number of timeouts in proxied traffic to consider a target unhealthy, as observed by passive health checks. Defaults to `0`.
+    `healthchecks.passive.type`<br>*optional* | Whether to perform passive health checks interpreting HTTP/HTTPS statuses, or just check for TCP connection success. Possible values are `tcp`, `http` or `https` (in passive checks, `http` and `https` options are equivalent.). Defaults to `"http"`.
+    `healthchecks.passive.healthy.successes`<br>*optional* | Number of successes in proxied traffic (as defined by `healthchecks.passive.healthy.http_statuses`) to consider a target healthy, as observed by passive health checks. Defaults to `0`.
+    `healthchecks.passive.healthy.http_statuses`<br>*optional* | An array of HTTP statuses which represent healthiness when produced by proxied traffic, as observed by passive health checks. Defaults to `[200, 201, 202, 203, 204, 205, 206, 207, 208, 226, 300, 301, 302, 303, 304, 305, 306, 307, 308]`. With form-encoded, the notation is `http_statuses[]=200&http_statuses[]=201`. With JSON, use an Array.
+
+upstream_json: |
+    {
+        "id": "ce44eef5-41ed-47f6-baab-f725cecf98c7",
+        "created_at": 1422386534,
+        "name": "my-upstream",
+        "hash_on": "none",
+        "hash_fallback": "none",
+        "hash_on_cookie_path": "/",
+        "slots": 10000,
+        "healthchecks": {
+            "active": {
+                "https_verify_certificate": true,
+                "unhealthy": {
+                    "http_statuses": [429, 404, 500, 501, 502, 503, 504, 505],
+                    "tcp_failures": 0,
+                    "timeouts": 0,
+                    "http_failures": 0,
+                    "interval": 0
+                },
+                "http_path": "/",
+                "timeout": 1,
+                "healthy": {
+                    "http_statuses": [200, 302],
+                    "interval": 0,
+                    "successes": 0
+                },
+                "https_sni": "example.com",
+                "concurrency": 10,
+                "type": "http"
+            },
+            "passive": {
+                "unhealthy": {
+                    "http_failures": 0,
+                    "http_statuses": [429, 500, 503],
+                    "tcp_failures": 0,
+                    "timeouts": 0
+                },
+                "type": "http",
+                "healthy": {
+                    "successes": 0,
+                    "http_statuses": [200, 201, 202, 203, 204, 205, 206, 207, 208, 226, 300, 301, 302, 303, 304, 305, 306, 307, 308]
+                }
+            }
+        }
+    }
+
+upstream_data: |
+    "data": [{
+        "id": "01c23299-839c-49a5-a6d5-8864c09184af",
+        "created_at": 1422386534,
+        "name": "my-upstream",
+        "hash_on": "none",
+        "hash_fallback": "none",
+        "hash_on_cookie_path": "/",
+        "slots": 10000,
+        "healthchecks": {
+            "active": {
+                "https_verify_certificate": true,
+                "unhealthy": {
+                    "http_statuses": [429, 404, 500, 501, 502, 503, 504, 505],
+                    "tcp_failures": 0,
+                    "timeouts": 0,
+                    "http_failures": 0,
+                    "interval": 0
+                },
+                "http_path": "/",
+                "timeout": 1,
+                "healthy": {
+                    "http_statuses": [200, 302],
+                    "interval": 0,
+                    "successes": 0
+                },
+                "https_sni": "example.com",
+                "concurrency": 10,
+                "type": "http"
+            },
+            "passive": {
+                "unhealthy": {
+                    "http_failures": 0,
+                    "http_statuses": [429, 500, 503],
+                    "tcp_failures": 0,
+                    "timeouts": 0
+                },
+                "type": "http",
+                "healthy": {
+                    "successes": 0,
+                    "http_statuses": [200, 201, 202, 203, 204, 205, 206, 207, 208, 226, 300, 301, 302, 303, 304, 305, 306, 307, 308]
+                }
+            }
+        }
+    }, {
+        "id": "a4407883-c166-43fd-80ca-3ca035b0cdb7",
+        "created_at": 1422386534,
+        "name": "my-upstream",
+        "hash_on": "none",
+        "hash_fallback": "none",
+        "hash_on_cookie_path": "/",
+        "slots": 10000,
+        "healthchecks": {
+            "active": {
+                "https_verify_certificate": true,
+                "unhealthy": {
+                    "http_statuses": [429, 404, 500, 501, 502, 503, 504, 505],
+                    "tcp_failures": 0,
+                    "timeouts": 0,
+                    "http_failures": 0,
+                    "interval": 0
+                },
+                "http_path": "/",
+                "timeout": 1,
+                "healthy": {
+                    "http_statuses": [200, 302],
+                    "interval": 0,
+                    "successes": 0
+                },
+                "https_sni": "example.com",
+                "concurrency": 10,
+                "type": "http"
+            },
+            "passive": {
+                "unhealthy": {
+                    "http_failures": 0,
+                    "http_statuses": [429, 500, 503],
+                    "tcp_failures": 0,
+                    "timeouts": 0
+                },
+                "type": "http",
+                "healthy": {
+                    "successes": 0,
+                    "http_statuses": [200, 201, 202, 203, 204, 205, 206, 207, 208, 226, 300, 301, 302, 303, 304, 305, 306, 307, 308]
+                }
+            }
+        }
+    }],
+
+target_body: |
+    Attributes | Description
+    ---:| ---
+    `target` |  The target address (ip or hostname) and port. If the hostname resolves to an SRV record, the `port` value will be overridden by the value from the DNS record. 
+    `weight`<br>*optional* |  The weight this target gets within the upstream loadbalancer (`0`-`1000`). If the hostname resolves to an SRV record, the `weight` value will be overridden by the value from the DNS record.  Defaults to `100`.
+
+target_json: |
+    {
+        "id": "ec1a1f6f-2aa4-4e58-93ff-b56368f19b27",
+        "created_at": 1422386534,
+        "upstream": {"id":"ba641b07-e74a-430a-ab46-94b61e5ea66b"},
+        "target": "example.com:8000",
+        "weight": 100
+    }
+
+target_data: |
+    "data": [{
+        "id": "9aa116fd-ef4a-4efa-89bf-a0b17c4be982",
+        "created_at": 1422386534,
+        "upstream": {"id":"127dfc88-ed57-45bf-b77a-a9d3a152ad31"},
+        "target": "example.com:8000",
+        "weight": 100
+    }, {
+        "id": "a9daa3ba-8186-4a0d-96e8-00d80ce7240b",
+        "created_at": 1422386534,
+        "upstream": {"id":"af8330d3-dbdc-48bd-b1be-55b98608834b"},
+        "target": "example.com:8000",
+        "weight": 100
+    }],
+
+
+---
+
+Kong comes with an **internal** RESTful Admin API for administration purposes.
+Requests to the Admin API can be sent to any node in the cluster, and Kong will
+keep the configuration consistent across all nodes.
+
+- `8001` is the default port on which the Admin API listens.
+- `8444` is the default port for HTTPS traffic to the Admin API.
+
+This API is designed for internal use and provides full control over Kong, so
+care should be taken when setting up Kong environments to avoid undue public
+exposure of this API. See [this document][secure-admin-api] for a discussion
+of methods to secure the Admin API.
+
+## Supported Content Types
+
+The Admin API accepts 2 content types on every endpoint:
+
+- **application/x-www-form-urlencoded**
+
+Simple enough for basic request bodies, you will probably use it most of the time.
+Note that when sending nested values, Kong expects nested objects to be referenced
+with dotted keys. Example:
+
+```
+config.limit=10&config.period=seconds
+```
+
+Arrays and sets can be specified in various ways:
+
+1. Sending same parameter multiple times:
+
+```
+hosts=example.com&hosts=example.org
+```
+
+2. Using array notation:
+
+```
+hosts[1]=example.com&hosts[2]=example.org
+```
+or 
+```
+hosts[]=example.com&hosts[]=example.org
+```
+
+Array and object notation can also be mixed:
+
+```
+config.hosts[1]=example.com&config.hosts[2]=example.org
+```
+
+
+- **application/json**
+
+Handy for complex bodies (ex: complex plugin configuration), in that case simply send
+a JSON representation of the data you want to send. Example:
+
+```json
+{
+    "config": {
+        "limit": 10,
+        "period": "seconds"
+    }
+}
+```
+
+JSON arrays can be specified as well:
+
+```json
+{
+    "config": {
+        "limit": 10,
+        "period": "seconds",
+        "hosts": [ "example.com", "example.org" ]
+    }
+}
+```
+
+---
+
+## Information routes
+
+
+
+### Retrieve node information
+
+Retrieve generic details about a node.
+
+<div class="endpoint get">/</div>
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "hostname": "",
+    "node_id": "6a72192c-a3a1-4c8d-95c6-efabae9fb969",
+    "lua_version": "LuaJIT 2.1.0-beta3",
+    "plugins": {
+        "available_on_server": [
+            ...
+        ],
+        "enabled_in_cluster": [
+            ...
+        ]
+    },
+    "configuration" : {
+        ...
+    },
+    "tagline": "Welcome to Kong",
+    "version": "0.14.0"
+}
+```
+
+* `node_id`: A UUID representing the running Kong node. This UUID
+  is randomly generated when Kong starts, so the node will have a
+  different `node_id` each time it is restarted.
+* `available_on_server`: Names of plugins that are installed on the node.
+* `enabled_in_cluster`: Names of plugins that are enabled/configured.
+  That is, the plugins configurations currently in the datastore shared
+  by all Kong nodes.
+
+
+---
+
+### Retrieve node status
+
+Retrieve usage information about a node, with some basic information
+about the connections being processed by the underlying nginx process,
+and the status of the database connection.
+
+If you want to monitor the Kong process, since Kong is built on top
+of nginx, every existing nginx monitoring tool or agent can be used.
+
+
+<div class="endpoint get">/status</div>
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "server": {
+        "total_requests": 3,
+        "connections_active": 1,
+        "connections_accepted": 1,
+        "connections_handled": 1,
+        "connections_reading": 0,
+        "connections_writing": 1,
+        "connections_waiting": 0
+    },
+    "database": {
+        "reachable": true
+    }
+}
+```
+
+* `server`: Metrics about the nginx HTTP/S server.
+    * `total_requests`: The total number of client requests.
+    * `connections_active`: The current number of active client
+      connections including Waiting connections.
+    * `connections_accepted`: The total number of accepted client
+      connections.
+    * `connections_handled`: The total number of handled connections.
+      Generally, the parameter value is the same as accepts unless
+      some resource limits have been reached.
+    * `connections_reading`: The current number of connections
+      where Kong is reading the request header.
+    * `connections_writing`: The current number of connections
+      where nginx is writing the response back to the client.
+    * `connections_waiting`: The current number of idle client
+      connections waiting for a request.
+* `database`: Metrics about the database.
+    * `reachable`: A boolean value reflecting the state of the
+      database connection. Please note that this flag **does not**
+      reflect the health of the database itself.
+
+
+---
+
+## Service Object
+
+Service entities, as the name implies, are abstractions of each of your own
+upstream services. Examples of Services would be a data transformation
+microservice, a billing API, etc.
+
+The main attribute of a Service is its URL (where Kong should proxy traffic
+to), which can be set as a single string or by specifying its `protocol`,
+`host`, `port` and `path` individually.
+
+Services are associated to Routes (a Service can have many Routes associated
+with it). Routes are entry-points in Kong and define rules to match client
+requests. Once a Route is matched, Kong proxies the request to its associated
+Service. See the [Proxy Reference][proxy-reference] for a detailed explanation
+of how Kong proxies traffic.
+
+
+```json
+{{ page.service_json }}
+```
+
+### Add Service
+
+##### Create Service
+
+<div class="endpoint post">/services</div>
+
+
+*Request Body*
+
+{{ page.service_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.service_json }}
+```
+
+
+---
+
+### List Services
+
+##### List all Services
+
+<div class="endpoint get">/services</div>
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.service_data }}
+    "next": "http://localhost:8001/services?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Service
+
+##### Retrieve Service
+
+<div class="endpoint get">/services/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Service to retrieve.
+
+
+##### Retrieve Service associated to a specific Route
+
+<div class="endpoint get">/routes/{route name or id}/service</div>
+
+Attributes | Description
+---:| ---
+`route name or id`<br>**required** | The unique identifier **or** the name of the Route associated to the Service to be retrieved.
+
+
+##### Retrieve Service associated to a specific Plugin
+
+<div class="endpoint get">/plugins/{plugin id}/service</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Service to be retrieved.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.service_json }}
+```
+
+
+---
+
+### Update Service
+
+##### Update Service
+
+<div class="endpoint patch">/services/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Service to update.
+
+
+##### Update Service associated to a specific Route
+
+<div class="endpoint patch">/routes/{route name or id}/service</div>
+
+Attributes | Description
+---:| ---
+`route name or id`<br>**required** | The unique identifier **or** the name of the Route associated to the Service to be updated.
+
+
+##### Update Service associated to a specific Plugin
+
+<div class="endpoint patch">/plugins/{plugin id}/service</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Service to be updated.
+
+
+*Request Body*
+
+{{ page.service_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.service_json }}
+```
+
+
+---
+
+### Update or create Service
+
+##### Create or update Service
+
+<div class="endpoint put">/services/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Service to create or update.
+
+
+##### Create or update Service associated to a specific Route
+
+<div class="endpoint put">/routes/{route name or id}/service</div>
+
+Attributes | Description
+---:| ---
+`route name or id`<br>**required** | The unique identifier **or** the name of the Route associated to the Service to be created or updated.
+
+
+##### Create or update Service associated to a specific Plugin
+
+<div class="endpoint put">/plugins/{plugin id}/service</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Service to be created or updated.
+
+
+*Request Body*
+
+{{ page.service_body }}
+
+
+Inserts (or replaces) the Service under the requested resource with the
+definition specified in the body. The Service will be identified via the `name
+or id` attribute.
+
+When the `name or id` attribute has the structure of a UUID, the Service being
+inserted/replaced will be identified by its `id`. Otherwise it will be
+identified by its `name`.
+
+When creating a new Service without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+Notice that specifying a `name` in the URL and a different one in the request
+body is not allowed.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete Service
+
+##### Delete Service
+
+<div class="endpoint delete">/services/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Service to delete.
+
+
+##### Delete Service associated to a specific Route
+
+<div class="endpoint delete">/routes/{route name or id}/service</div>
+
+Attributes | Description
+---:| ---
+`route name or id`<br>**required** | The unique identifier **or** the name of the Route associated to the Service to be deleted.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+## Route Object
+
+Route entities define rules to match client requests. Each Route is
+associated with a Service, and a Service may have multiple Routes associated to
+it. Every request matching a given Route will be proxied to its associated
+Service.
+
+The combination of Routes and Services (and the separation of concerns between
+them) offers a powerful routing mechanism with which it is possible to define
+fine-grained entry-points in Kong leading to different upstream services of
+your infrastructure.
+
+
+```json
+{{ page.route_json }}
+```
+
+### Add Route
+
+##### Create Route
+
+<div class="endpoint post">/routes</div>
+
+
+##### Create Route associated to a specific Service
+
+<div class="endpoint post">/services/{service name or id}/routes</div>
+
+Attributes | Description
+---:| ---
+`service name or id`<br>**required** | The unique identifier or the `name` attribute of the Service that should be associated to the newly-created Route.
+
+
+*Request Body*
+
+{{ page.route_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.route_json }}
+```
+
+
+---
+
+### List Routes
+
+##### List all Routes
+
+<div class="endpoint get">/routes</div>
+
+
+##### List Routes associated to a specific Service
+
+<div class="endpoint get">/services/{service name or id}/routes</div>
+
+Attributes | Description
+---:| ---
+`service name or id`<br>**required** | The unique identifier or the `name` attribute of the Service whose Routes are to be retrieved. When using this endpoint, only Routes associated to the specified Service will be listed.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.route_data }}
+    "next": "http://localhost:8001/routes?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Route
+
+##### Retrieve Route
+
+<div class="endpoint get">/routes/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Route to retrieve.
+
+
+##### Retrieve Route associated to a specific Plugin
+
+<div class="endpoint get">/plugins/{plugin id}/route</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Route to be retrieved.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.route_json }}
+```
+
+
+---
+
+### Update Route
+
+##### Update Route
+
+<div class="endpoint patch">/routes/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Route to update.
+
+
+##### Update Route associated to a specific Plugin
+
+<div class="endpoint patch">/plugins/{plugin id}/route</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Route to be updated.
+
+
+*Request Body*
+
+{{ page.route_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.route_json }}
+```
+
+
+---
+
+### Update or create Route
+
+##### Create or update Route
+
+<div class="endpoint put">/routes/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Route to create or update.
+
+
+##### Create or update Route associated to a specific Plugin
+
+<div class="endpoint put">/plugins/{plugin id}/route</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Route to be created or updated.
+
+
+*Request Body*
+
+{{ page.route_body }}
+
+
+Inserts (or replaces) the Route under the requested resource with the
+definition specified in the body. The Route will be identified via the `name
+or id` attribute.
+
+When the `name or id` attribute has the structure of a UUID, the Route being
+inserted/replaced will be identified by its `id`. Otherwise it will be
+identified by its `name`.
+
+When creating a new Route without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+Notice that specifying a `name` in the URL and a different one in the request
+body is not allowed.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete Route
+
+##### Delete Route
+
+<div class="endpoint delete">/routes/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Route to delete.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+## Consumer Object
+
+The Consumer object represents a consumer - or a user - of a Service. You can
+either rely on Kong as the primary datastore, or you can map the consumer list
+with your database to keep consistency between Kong and your existing primary
+datastore.
+
+
+```json
+{{ page.consumer_json }}
+```
+
+### Add Consumer
+
+##### Create Consumer
+
+<div class="endpoint post">/consumers</div>
+
+
+*Request Body*
+
+{{ page.consumer_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.consumer_json }}
+```
+
+
+---
+
+### List Consumers
+
+##### List all Consumers
+
+<div class="endpoint get">/consumers</div>
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.consumer_data }}
+    "next": "http://localhost:8001/consumers?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+⚠️ **Note**: **Consumers** associated with **Admins** will _not_ be 
+listed with **`GET`** `/consumers`. Instead, use 
+[**`GET`** `/admins`](/enterprise/0.35-x/admin-api/admins/reference/#list-admins) 
+to list all **Admins**.
+
+---
+
+### Retrieve Consumer
+
+##### Retrieve Consumer
+
+<div class="endpoint get">/consumers/{username or id}</div>
+
+Attributes | Description
+---:| ---
+`username or id`<br>**required** | The unique identifier **or** the username of the Consumer to retrieve.
+
+
+##### Retrieve Consumer associated to a specific Plugin
+
+<div class="endpoint get">/plugins/{plugin id}/consumer</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Consumer to be retrieved.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.consumer_json }}
+```
+
+
+---
+
+### Update Consumer
+
+##### Update Consumer
+
+<div class="endpoint patch">/consumers/{username or id}</div>
+
+Attributes | Description
+---:| ---
+`username or id`<br>**required** | The unique identifier **or** the username of the Consumer to update.
+
+
+##### Update Consumer associated to a specific Plugin
+
+<div class="endpoint patch">/plugins/{plugin id}/consumer</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Consumer to be updated.
+
+
+*Request Body*
+
+{{ page.consumer_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.consumer_json }}
+```
+
+
+---
+
+### Update or create Consumer
+
+##### Create or update Consumer
+
+<div class="endpoint put">/consumers/{username or id}</div>
+
+Attributes | Description
+---:| ---
+`username or id`<br>**required** | The unique identifier **or** the username of the Consumer to create or update.
+
+
+##### Create or update Consumer associated to a specific Plugin
+
+<div class="endpoint put">/plugins/{plugin id}/consumer</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Consumer to be created or updated.
+
+
+*Request Body*
+
+{{ page.consumer_body }}
+
+
+Inserts (or replaces) the Consumer under the requested resource with the
+definition specified in the body. The Consumer will be identified via the `username
+or id` attribute.
+
+When the `username or id` attribute has the structure of a UUID, the Consumer being
+inserted/replaced will be identified by its `id`. Otherwise it will be
+identified by its `username`.
+
+When creating a new Consumer without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+Notice that specifying a `username` in the URL and a different one in the request
+body is not allowed.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete Consumer
+
+##### Delete Consumer
+
+<div class="endpoint delete">/consumers/{username or id}</div>
+
+Attributes | Description
+---:| ---
+`username or id`<br>**required** | The unique identifier **or** the username of the Consumer to delete.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+## Plugin Object
+
+A Plugin entity represents a plugin configuration that will be executed during
+the HTTP request/response lifecycle. It is how you can add functionalities
+to Services that run behind Kong, like Authentication or Rate Limiting for
+example. You can find more information about how to install and what values
+each plugin takes by visiting the [Kong Hub](https://docs.konghq.com/hub/).
+
+When adding a Plugin Configuration to a Service, every request made by a client to
+that Service will run said Plugin. If a Plugin needs to be tuned to different
+values for some specific Consumers, you can do so by specifying the
+`consumer_id` value:
+
+
+```json
+{{ page.plugin_json }}
+```
+
+See the [Precedence](#precedence) section below for more details.
+
+#### Precedence
+
+A plugin will always be run once and only once per request. But the
+configuration with which it will run depends on the entities it has been
+configured for.
+
+Plugins can be configured for various entities, combination of entities, or
+even globally. This is useful, for example, when you wish to configure a plugin
+a certain way for most requests, but make _authenticated requests_ behave
+slightly differently.
+
+Therefore, there exists an order of precedence for running a plugin when it has
+been applied to different entities with different configurations. The rule of
+thumb is: the more specific a plugin is with regards to how many entities it
+has been configured on, the higher its priority.
+
+The complete order of precedence when a plugin has been configured multiple
+times is:
+
+1. Plugins configured on a combination of: a Route, a Service, and a Consumer.
+    (Consumer means the request must be authenticated).
+2. Plugins configured on a combination of a Route and a Consumer.
+    (Consumer means the request must be authenticated).
+3. Plugins configured on a combination of a Service and a Consumer.
+    (Consumer means the request must be authenticated).
+4. Plugins configured on a combination of a Route and a Service.
+5. Plugins configured on a Consumer.
+    (Consumer means the request must be authenticated).
+6. Plugins configured on a Route.
+7. Plugins configured on a Service.
+8. Plugins configured to run globally.
+
+**Example**: if the `rate-limiting` plugin is applied twice (with different
+configurations): for a Service (Plugin config A), and for a Consumer (Plugin
+config B), then requests authenticating this Consumer will run Plugin config B
+and ignore A. However, requests that do not authenticate this Consumer will
+fallback to running Plugin config A. Note that if config B is disabled
+(its `enabled` flag is set to `false`), config A will apply to requests that
+would have otherwise matched config B.
+
+
+### Add Plugin
+
+##### Create Plugin
+
+<div class="endpoint post">/plugins</div>
+
+
+##### Create Plugin associated to a specific Route
+
+<div class="endpoint post">/routes/{route id}/plugins</div>
+
+Attributes | Description
+---:| ---
+`route id`<br>**required** | The unique identifier of the Route that should be associated to the newly-created Plugin.
+
+
+##### Create Plugin associated to a specific Service
+
+<div class="endpoint post">/services/{service id}/plugins</div>
+
+Attributes | Description
+---:| ---
+`service id`<br>**required** | The unique identifier of the Service that should be associated to the newly-created Plugin.
+
+
+##### Create Plugin associated to a specific Consumer
+
+<div class="endpoint post">/consumers/{consumer id}/plugins</div>
+
+Attributes | Description
+---:| ---
+`consumer id`<br>**required** | The unique identifier of the Consumer that should be associated to the newly-created Plugin.
+
+
+*Request Body*
+
+{{ page.plugin_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.plugin_json }}
+```
+
+
+---
+
+### List Plugins
+
+##### List all Plugins
+
+<div class="endpoint get">/plugins</div>
+
+
+##### List Plugins associated to a specific Route
+
+<div class="endpoint get">/routes/{route id}/plugins</div>
+
+Attributes | Description
+---:| ---
+`route id`<br>**required** | The unique identifier of the Route whose Plugins are to be retrieved. When using this endpoint, only Plugins associated to the specified Route will be listed.
+
+
+##### List Plugins associated to a specific Service
+
+<div class="endpoint get">/services/{service id}/plugins</div>
+
+Attributes | Description
+---:| ---
+`service id`<br>**required** | The unique identifier of the Service whose Plugins are to be retrieved. When using this endpoint, only Plugins associated to the specified Service will be listed.
+
+
+##### List Plugins associated to a specific Consumer
+
+<div class="endpoint get">/consumers/{consumer id}/plugins</div>
+
+Attributes | Description
+---:| ---
+`consumer id`<br>**required** | The unique identifier of the Consumer whose Plugins are to be retrieved. When using this endpoint, only Plugins associated to the specified Consumer will be listed.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.plugin_data }}
+    "next": "http://localhost:8001/plugins?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Plugin
+
+##### Retrieve Plugin
+
+<div class="endpoint get">/plugins/{plugin id}</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin to retrieve.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.plugin_json }}
+```
+
+
+---
+
+### Update Plugin
+
+##### Update Plugin
+
+<div class="endpoint patch">/plugins/{plugin id}</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin to update.
+
+
+*Request Body*
+
+{{ page.plugin_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.plugin_json }}
+```
+
+
+---
+
+### Update or create Plugin
+
+##### Create or update Plugin
+
+<div class="endpoint put">/plugins/{plugin id}</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin to create or update.
+
+
+*Request Body*
+
+{{ page.plugin_body }}
+
+
+Inserts (or replaces) the Plugin under the requested resource with the
+definition specified in the body. The Plugin will be identified via the `name
+or id` attribute.
+
+When the `name or id` attribute has the structure of a UUID, the Plugin being
+inserted/replaced will be identified by its `id`. Otherwise it will be
+identified by its `name`.
+
+When creating a new Plugin without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+Notice that specifying a `name` in the URL and a different one in the request
+body is not allowed.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete Plugin
+
+##### Delete Plugin
+
+<div class="endpoint delete">/plugins/{plugin id}</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin to delete.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+### Retrieve Enabled Plugins
+
+Retrieve a list of all installed plugins on the Kong node.
+
+<div class="endpoint get">/plugins/enabled</div>
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "enabled_plugins": [
+        "jwt",
+        "acl",
+        "cors",
+        "oauth2",
+        "tcp-log",
+        "udp-log",
+        "file-log",
+        "http-log",
+        "key-auth",
+        "hmac-auth",
+        "basic-auth",
+        "ip-restriction",
+        "request-transformer",
+        "response-transformer",
+        "request-size-limiting",
+        "rate-limiting",
+        "response-ratelimiting",
+        "aws-lambda",
+        "bot-detection",
+        "correlation-id",
+        "datadog",
+        "galileo",
+        "ldap-auth",
+        "loggly",
+        "statsd",
+        "syslog"
+    ]
+}
+```
+
+
+---
+
+### Retrieve Plugin Schema
+
+Retrieve the schema of a plugin's configuration. This is useful to
+understand what fields a plugin accepts, and can be used for building
+third-party integrations to the Kong's plugin system.
+
+
+<div class="endpoint get">/plugins/schema/{plugin name}</div>
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "fields": {
+        "hide_credentials": {
+            "default": false,
+            "type": "boolean"
+        },
+        "key_names": {
+            "default": "function",
+            "required": true,
+            "type": "array"
+        }
+    }
+}
+```
+
+
+---
+
+## Certificate Object
+
+A certificate object represents a public certificate/private key pair for an SSL
+certificate. These objects are used by Kong to handle SSL/TLS termination for
+encrypted requests. Certificates are optionally associated with SNI objects to
+tie a cert/key pair to one or more hostnames.
+
+
+```json
+{{ page.certificate_json }}
+```
+
+### Add Certificate
+
+##### Create Certificate
+
+<div class="endpoint post">/certificates</div>
+
+
+*Request Body*
+
+{{ page.certificate_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.certificate_json }}
+```
+
+
+---
+
+### List Certificates
+
+##### List all Certificates
+
+<div class="endpoint get">/certificates</div>
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.certificate_data }}
+    "next": "http://localhost:8001/certificates?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Certificate
+
+##### Retrieve Certificate
+
+<div class="endpoint get">/certificates/{certificate id}</div>
+
+Attributes | Description
+---:| ---
+`certificate id`<br>**required** | The unique identifier of the Certificate to retrieve.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.certificate_json }}
+```
+
+
+---
+
+### Update Certificate
+
+##### Update Certificate
+
+<div class="endpoint patch">/certificates/{certificate id}</div>
+
+Attributes | Description
+---:| ---
+`certificate id`<br>**required** | The unique identifier of the Certificate to update.
+
+
+*Request Body*
+
+{{ page.certificate_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.certificate_json }}
+```
+
+
+---
+
+### Update or create Certificate
+
+##### Create or update Certificate
+
+<div class="endpoint put">/certificates/{certificate id}</div>
+
+Attributes | Description
+---:| ---
+`certificate id`<br>**required** | The unique identifier of the Certificate to create or update.
+
+
+*Request Body*
+
+{{ page.certificate_body }}
+
+
+Inserts (or replaces) the Certificate under the requested resource with the
+definition specified in the body. The Certificate will be identified via the `name
+or id` attribute.
+
+When the `name or id` attribute has the structure of a UUID, the Certificate being
+inserted/replaced will be identified by its `id`. Otherwise it will be
+identified by its `name`.
+
+When creating a new Certificate without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+Notice that specifying a `name` in the URL and a different one in the request
+body is not allowed.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete Certificate
+
+##### Delete Certificate
+
+<div class="endpoint delete">/certificates/{certificate id}</div>
+
+Attributes | Description
+---:| ---
+`certificate id`<br>**required** | The unique identifier of the Certificate to delete.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+## SNI Object
+
+An SNI object represents a many-to-one mapping of hostnames to a certificate.
+That is, a certificate object can have many hostnames associated with it; when
+Kong receives an SSL request, it uses the SNI field in the Client Hello to
+lookup the certificate object based on the SNI associated with the certificate.
+
+
+```json
+{{ page.sni_json }}
+```
+
+### Add SNI
+
+##### Create SNI
+
+<div class="endpoint post">/snis</div>
+
+
+##### Create SNI associated to a specific Certificate
+
+<div class="endpoint post">/certificates/{certificate name or id}/snis</div>
+
+Attributes | Description
+---:| ---
+`certificate name or id`<br>**required** | The unique identifier or the `name` attribute of the Certificate that should be associated to the newly-created SNI.
+
+
+*Request Body*
+
+{{ page.sni_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.sni_json }}
+```
+
+
+---
+
+### List SNIs
+
+##### List all SNIs
+
+<div class="endpoint get">/snis</div>
+
+
+##### List SNIs associated to a specific Certificate
+
+<div class="endpoint get">/certificates/{certificate name or id}/snis</div>
+
+Attributes | Description
+---:| ---
+`certificate name or id`<br>**required** | The unique identifier or the `name` attribute of the Certificate whose SNIs are to be retrieved. When using this endpoint, only SNIs associated to the specified Certificate will be listed.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.sni_data }}
+    "next": "http://localhost:8001/snis?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve SNI
+
+##### Retrieve SNI
+
+<div class="endpoint get">/snis/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the SNI to retrieve.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.sni_json }}
+```
+
+
+---
+
+### Update SNI
+
+##### Update SNI
+
+<div class="endpoint patch">/snis/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the SNI to update.
+
+
+*Request Body*
+
+{{ page.sni_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.sni_json }}
+```
+
+
+---
+
+### Update or create SNI
+
+##### Create or update SNI
+
+<div class="endpoint put">/snis/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the SNI to create or update.
+
+
+*Request Body*
+
+{{ page.sni_body }}
+
+
+Inserts (or replaces) the SNI under the requested resource with the
+definition specified in the body. The SNI will be identified via the `name
+or id` attribute.
+
+When the `name or id` attribute has the structure of a UUID, the SNI being
+inserted/replaced will be identified by its `id`. Otherwise it will be
+identified by its `name`.
+
+When creating a new SNI without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+Notice that specifying a `name` in the URL and a different one in the request
+body is not allowed.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete SNI
+
+##### Delete SNI
+
+<div class="endpoint delete">/snis/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the SNI to delete.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+---
+
+## Certificate Authority Object
+
+A certificate authority object represents a public CA certificate.
+These objects are used by Kong to verify client certificates presented to the mTLS plugin.
+
+
+```json
+{{ page.certificate_authority_json }}
+```
+
+### Add Certificate Authority
+
+##### Create Certificate Authority
+
+<div class="endpoint post">/ca_certificates</div>
+
+
+*Request Body*
+
+{{ page.certificate_authority_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.certificate_authority_json }}
+```
+
+
+---
+
+### List Certificate Authorities
+
+##### List all Certificate Authorities
+
+<div class="endpoint get">/ca_certificates</div>
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.certificate_authority_data }}
+    "next": "http://localhost:8001/ca_certificates?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
 ---
 
-<div class="alert alert-ee">
-  <div class="alert-body">
-    <div class="left">
-      <img src="/assets/images/icons/icn-buildings.svg" />
-    </div>
-    <p>The following documentation refers to Kong Enterprise specific Admin API functionality. For a complete reference checkout the <a href="/latest/admin-api">Kong Admin API Reference</a>.</p>
-  </div>
-</div>
+### Retrieve Certificate Authority
+
+##### Retrieve Certificate Authority
+
+<div class="endpoint get">/ca_certificates/{certificate authority id}</div>
+
+Attributes | Description
+---:| ---
+`certificate authority id`<br>**required** | The unique identifier of the certificate authority to retrieve.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.certificate_authority_json }}
+```
+
+
+---
+
+### Update Certificate Authority
+
+##### Update Certificate Authority
+
+<div class="endpoint patch">/ca_certificates/{certificate authority id}</div>
+
+Attributes | Description
+---:| ---
+`certificate authority id`<br>**required** | The unique identifier of the certificate authority to update.
+
+
+*Request Body*
+
+{{ page.certificate_authority_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.certificate_authority_json }}
+```
+
+
+---
+
+### Update or create Certificate Authority
+
+##### Create or update Certificate Authority
+
+<div class="endpoint put">/ca_certificates/{certificate authority id}</div>
+
+Attributes | Description
+---:| ---
+`certificate authority id`<br>**required** | The unique identifier of the certificate authority to create or update.
+
+
+*Request Body*
+
+{{ page.certificate_authority_body }}
+
+
+Inserts (or replaces) the certificate authority under the requested resource with the
+definition specified in the body. The certificate authority will be identified via the ` id` attribute.
+
+When creating a new certificate authority without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete Certificate Authority
+
+##### Delete Certificate Authority
+
+<div class="endpoint delete">/ca_certificates/{certificate authority id}</div>
+
+Attributes | Description
+---:| ---
+`certificate authority id`<br>**required** | The unique identifier of the certificate authority to delete.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+---
+
+## Upstream Object
+
+The upstream object represents a virtual hostname and can be used to loadbalance
+incoming requests over multiple services (targets). So for example an upstream
+named `service.v1.xyz` for a Service object whose `host` is `service.v1.xyz`.
+Requests for this Service would be proxied to the targets defined within the upstream.
+
+An upstream also includes a [health checker][healthchecks], which is able to
+enable and disable targets based on their ability or inability to serve
+requests. The configuration for the health checker is stored in the upstream
+object, and applies to all of its targets.
+
+
+```json
+{{ page.upstream_json }}
+```
+
+### Add Upstream
+
+##### Create Upstream
+
+<div class="endpoint post">/upstreams</div>
+
+
+*Request Body*
+
+{{ page.upstream_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.upstream_json }}
+```
+
+
+---
+
+### List Upstreams
+
+##### List all Upstreams
+
+<div class="endpoint get">/upstreams</div>
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.upstream_data }}
+    "next": "http://localhost:8001/upstreams?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Upstream
+
+##### Retrieve Upstream
+
+<div class="endpoint get">/upstreams/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Upstream to retrieve.
+
+
+##### Retrieve Upstream associated to a specific Target
+
+<div class="endpoint get">/targets/{target host:port or id}/upstream</div>
+
+Attributes | Description
+---:| ---
+`target host:port or id`<br>**required** | The unique identifier **or** the host:port of the Target associated to the Upstream to be retrieved.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.upstream_json }}
+```
+
+
+---
+
+### Update Upstream
+
+##### Update Upstream
+
+<div class="endpoint patch">/upstreams/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Upstream to update.
+
+
+##### Update Upstream associated to a specific Target
+
+<div class="endpoint patch">/targets/{target host:port or id}/upstream</div>
+
+Attributes | Description
+---:| ---
+`target host:port or id`<br>**required** | The unique identifier **or** the host:port of the Target associated to the Upstream to be updated.
+
+
+*Request Body*
+
+{{ page.upstream_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.upstream_json }}
+```
+
+
+---
+
+### Update or create Upstream
+
+##### Create or update Upstream
+
+<div class="endpoint put">/upstreams/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Upstream to create or update.
+
+
+##### Create or update Upstream associated to a specific Target
+
+<div class="endpoint put">/targets/{target host:port or id}/upstream</div>
+
+Attributes | Description
+---:| ---
+`target host:port or id`<br>**required** | The unique identifier **or** the host:port of the Target associated to the Upstream to be created or updated.
+
+
+*Request Body*
+
+{{ page.upstream_body }}
+
+
+Inserts (or replaces) the Upstream under the requested resource with the
+definition specified in the body. The Upstream will be identified via the `name
+or id` attribute.
+
+When the `name or id` attribute has the structure of a UUID, the Upstream being
+inserted/replaced will be identified by its `id`. Otherwise it will be
+identified by its `name`.
+
+When creating a new Upstream without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+Notice that specifying a `name` in the URL and a different one in the request
+body is not allowed.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete Upstream
+
+##### Delete Upstream
+
+<div class="endpoint delete">/upstreams/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Upstream to delete.
+
+
+##### Delete Upstream associated to a specific Target
+
+<div class="endpoint delete">/targets/{target host:port or id}/upstream</div>
+
+Attributes | Description
+---:| ---
+`target host:port or id`<br>**required** | The unique identifier **or** the host:port of the Target associated to the Upstream to be deleted.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+### Show Upstream health for node
+
+Displays the health status for all Targets of a given Upstream, according to
+the perspective of a specific Kong node. Note that, being node-specific
+information, making this same request to different nodes of the Kong cluster
+may produce different results. For example, one specific node of the Kong
+cluster may be experiencing network issues, causing it to fail to connect to
+some Targets: these Targets will be marked as unhealthy by that node
+(directing traffic from this node to other Targets that it can successfully
+reach), but healthy to all others Kong nodes (which have no problems using that
+Target).
+
+The `data` field of the response contains an array of Target objects.
+The health for each Target is returned in its `health` field:
+
+* If a Target fails to be activated in the ring balancer due to DNS issues,
+  its status displays as `DNS_ERROR`.
+* When [health checks][healthchecks] are not enabled in the Upstream
+  configuration, the health status for active Targets is displayed as
+  `HEALTHCHECKS_OFF`.
+* When health checks are enabled and the Target is determined to be healthy,
+  either automatically or [manually](#set-target-as-healthy),
+  its status is displayed as `HEALTHY`. This means that this Target is
+  currently included in this Upstream's load balancer ring.
+* When a Target has been disabled by either active or passive health checks
+  (circuit breakers) or [manually](#set-target-as-unhealthy),
+  its status is displayed as `UNHEALTHY`. The load balancer is not directing
+  any traffic to this Target via this Upstream.
+
+
+<div class="endpoint get">/upstreams/{name or id}/health/</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Upstream for which to display Target health.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "total": 2,
+    "node_id": "cbb297c0-14a9-46bc-ad91-1d0ef9b42df9",
+    "data": [
+        {
+            "created_at": 1485524883980,
+            "id": "18c0ad90-f942-4098-88db-bbee3e43b27f",
+            "health": "HEALTHY",
+            "target": "127.0.0.1:20000",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 100
+        },
+        {
+            "created_at": 1485524914883,
+            "id": "6c6f34eb-e6c3-4c1f-ac58-4060e5bca890",
+            "health": "UNHEALTHY",
+            "target": "127.0.0.1:20002",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 200
+        }
+    ]
+}
+```
+
+
+---
+
+## Target Object
+
+A target is an ip address/hostname with a port that identifies an instance of a backend
+service. Every upstream can have many targets, and the targets can be
+dynamically added. Changes are effectuated on the fly.
+
+Because the upstream maintains a history of target changes, the targets cannot
+be deleted or modified. To disable a target, post a new one with `weight=0`;
+alternatively, use the `DELETE` convenience method to accomplish the same.
+
+The current target object definition is the one with the latest `created_at`.
+
+
+```json
+{{ page.target_json }}
+```
+
+### Add Target
+
+##### Create Target associated to a specific Upstream
+
+<div class="endpoint post">/upstreams/{upstream host:port or id}/targets</div>
+
+Attributes | Description
+---:| ---
+`upstream host:port or id`<br>**required** | The unique identifier or the `host:port` attribute of the Upstream that should be associated to the newly-created Target.
+
+
+*Request Body*
+
+{{ page.target_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.target_json }}
+```
+
+
+---
+
+### List Targets
+
+##### List Targets associated to a specific Upstream
+
+<div class="endpoint get">/upstreams/{upstream host:port or id}/targets</div>
+
+Attributes | Description
+---:| ---
+`upstream host:port or id`<br>**required** | The unique identifier or the `host:port` attribute of the Upstream whose Targets are to be retrieved. When using this endpoint, only Targets associated to the specified Upstream will be listed.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.target_data }}
+    "next": "http://localhost:8001/targets?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Delete Target
+
+Disable a target in the load balancer. Under the hood, this method creates
+a new entry for the given target definition with a `weight` of 0.
+
+
+<div class="endpoint delete">/upstreams/{upstream name or id}/targets/{host:port or id}</div>
+
+Attributes | Description
+---:| ---
+`upstream name or id`<br>**required** | The unique identifier **or** the name of the upstream for which to delete the target.
+`host:port or id`<br>**required** | The host:port combination element of the target to remove, or the `id` of an existing target entry.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+### Set target as healthy
+
+Set the current health status of a target in the load balancer to "healthy"
+in the entire Kong cluster.
+
+This endpoint can be used to manually re-enable a target that was previously
+disabled by the upstream's [health checker][healthchecks]. Upstreams only
+forward requests to healthy nodes, so this call tells Kong to start using this
+target again.
+
+This resets the health counters of the health checkers running in all workers
+of the Kong node, and broadcasts a cluster-wide message so that the "healthy"
+status is propagated to the whole Kong cluster.
+
+
+<div class="endpoint post">/upstreams/{upstream name or id}/targets/{target or id}/healthy</div>
+
+Attributes | Description
+---:| ---
+`upstream name or id`<br>**required** | The unique identifier **or** the name of the upstream.
+`target or id`<br>**required** | The host/port combination element of the target to set as healthy, or the `id` of an existing target entry.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+### Set target as unhealthy
+
+Set the current health status of a target in the load balancer to "unhealthy"
+in the entire Kong cluster.
+
+This endpoint can be used to manually disable a target and have it stop
+responding to requests. Upstreams only forward requests to healthy nodes, so
+this call tells Kong to start skipping this target in the ring-balancer
+algorithm.
+
+This call resets the health counters of the health checkers running in all
+workers of the Kong node, and broadcasts a cluster-wide message so that the
+"unhealthy" status is propagated to the whole Kong cluster.
+
+[Active health checks][active] continue to execute for unhealthy
+targets. Note that if active health checks are enabled and the probe detects
+that the target is actually healthy, it will automatically re-enable it again.
+To permanently remove a target from the ring-balancer, you should [delete a
+target](#delete-target) instead.
+
+
+<div class="endpoint post">/upstreams/{upstream name or id}/targets/{target or id}/unhealthy</div>
+
+Attributes | Description
+---:| ---
+`upstream name or id`<br>**required** | The unique identifier **or** the name of the upstream.
+`target or id`<br>**required** | The host/port combination element of the target to set as unhealthy, or the `id` of an existing target entry.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+### List all Targets
+
+Lists all targets of the upstream. Multiple target objects for the same
+target may be returned, showing the history of changes for a specific target.
+The target object with the latest `created_at` is the current definition.
+
+
+<div class="endpoint get">/upstreams/{name or id}/targets/all/</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the upstream for which to list the targets.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "total": 2,
+    "data": [
+        {
+            "created_at": 1485524883980,
+            "id": "18c0ad90-f942-4098-88db-bbee3e43b27f",
+            "target": "127.0.0.1:20000",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 100
+        },
+        {
+            "created_at": 1485524914883,
+            "id": "6c6f34eb-e6c3-4c1f-ac58-4060e5bca890",
+            "target": "127.0.0.1:20002",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 200
+        }
+    ]
+}
+```
+
+## Enterprise Exclusive Admin API
 
 <div class="docs-grid">
   <div class="docs-grid-block">
@@ -62,3 +2778,13 @@ toc: false
     <a href="/enterprise/{{page.kong_version}}/admin-api/audit-log">Learn more &rarr;</a>
   </div>
 </div>
+
+
+---
+
+[clustering]: /enterprise/{{page.kong_version}}/clustering
+[cli]: /enterprise/{{page.kong_version}}/cli
+[active]: /enterprise/{{page.kong_version}}/health-checks-circuit-breakers/#active-health-checks
+[healthchecks]: /enterprise/{{page.kong_version}}/health-checks-circuit-breakers
+[secure-admin-api]: /enterprise/{{page.kong_version}}/secure-admin-api
+[proxy-reference]: /enterprise/{{page.kong_version}}/proxy
diff --git a/app/enterprise/0.35-x/admin-api/rbac/reference.md b/app/enterprise/0.35-x/admin-api/rbac/reference.md
index 5ca178b74a59..00f725e4dd47 100644
--- a/app/enterprise/0.35-x/admin-api/rbac/reference.md
+++ b/app/enterprise/0.35-x/admin-api/rbac/reference.md
@@ -1,5 +1,7 @@
 ---
 title: RBAC Reference
+redirect_from:
+  - /enterprise/0.35-x/admin-api/rbac/rbac
 book: rbac
 ---
 
@@ -18,26 +20,25 @@ There are 4 basic entities involving RBAC.
   `developer`.
 - **role_endpoint**: A set of enabled or disabled (see `negative`
   parameter) actions (`read`, `create`, `update`, `delete`)
-  `endpoint`. Example: Role `developer` has 1 role_endpoint: `read &
-  write` to endpoint `/routes`
+  `endpoint`. Example: Role `developer` has 1 role_endpoint: `read & write` to endpoint `/routes`
 - **role_entity**: A set of enabled or disabled (see `negative`
   parameter) actions (`read`, `create`, `update`, `delete`)
-  `entity`. Example: Role `developer` has 1 role_entity: `read & write
-  & delete` to entity `283fccff-2d4f-49a9-8730-dc8b71ec2245`.
+  `entity`. Example: Role `developer` has 1 role_entity: `read & write & delete` to entity `283fccff-2d4f-49a9-8730-dc8b71ec2245`.
 
 ## Add a User
+
 **Endpoint**
 
 <div class="endpoint post">/rbac/users</div>
 
 **Request Body**
 
-| Attribute                | Description                                                                                                                         |
-| ---------                | -----------                                                                                                                         |
-| `name`                   | The RBAC user name.                                                                                                                 |
-| `user_token` | The authentication token to be presented to the Admin API. The value will be hashed and cannot be fetched in plaintext. |
-| `enabled`<br>optional    | A flag to enable or disable the user. By default, users are enabled.                                                                |
-| `comment`<br>optional    | A string describing the RBAC user object.                                                                                           |
+| Attribute             | Description                                                                                                             |
+| --------------------- | ----------------------------------------------------------------------------------------------------------------------- |
+| `name`                | The RBAC user name.                                                                                                     |
+| `user_token`          | The authentication token to be presented to the Admin API. The value will be hashed and cannot be fetched in plaintext. |
+| `enabled`<br>optional | A flag to enable or disable the user. By default, users are enabled.                                                    |
+| `comment`<br>optional | A string describing the RBAC user object.                                                                               |
 
 **Response**
 
@@ -56,15 +57,17 @@ HTTP 201 Created
   "user_token_ident": "4d870"
 }
 ```
-___
+
+---
 
 ## Retrieve a User
+
 **Endpoint**
 
 <div class="endpoint get">/rbac/users/{name_or_id}</div>
 
 | Attribute    | Description                 |
-| ---------    | -----------                 |
+| ------------ | --------------------------- |
 | `name_or_id` | The RBAC user name or UUID. |
 
 **Response**
@@ -83,9 +86,11 @@ HTTP 200 OK
   "user_token_ident": "4d870"
 }
 ```
-___
+
+---
 
 ## List Users
+
 **Endpoint**
 
 <div class="endpoint get">/rbac/users/</div>
@@ -122,26 +127,27 @@ HTTP 200 OK
 }
 ```
 
-⚠️ **Note**: **RBAC Users** associated with **Admins** will _not_ be 
-listed with **`GET`** `/rbac/users`. Instead, use 
-[**`GET`** `/admins`](/enterprise/{{page.kong_version}}/admin-api/admins/reference/#list-admins) 
+⚠️ **Note**: **RBAC Users** associated with **Admins** will _not_ be
+listed with **`GET`** `/rbac/users`. Instead, use
+[**`GET`** `/admins`](/enterprise/{{page.kong_version}}/admin-api/admins/reference/#list-admins)
 to list all **Admins**.
 
-___
+---
 
 ## Update a User
+
 **Endpoint**
 
 <div class="endpoint patch">/rbac/users/{name_or_id}</div>
 
 | Attribute    | Description                 |
-| ---------    | -----------                 |
+| ------------ | --------------------------- |
 | `name_or_id` | The RBAC user name or UUID. |
 
 **Request Body**
 
 | Attribute                | Description                                                                                                                         |
-| ---------                | -----------                                                                                                                         |
+| ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------- |
 | `user_token`<br>optional | The authentication token to be presented to the Admin API. If this value is not present, the token will automatically be generated. |
 | `enabled`<br>optional    | A flag to enable or disable the user. By default, users are enabled.                                                                |
 | `comment`<br>optional    | A string describing the RBAC user object.                                                                                           |
@@ -163,15 +169,17 @@ HTTP 200 OK
   "user_token_ident": "4d870"
 }
 ```
-___
+
+---
 
 ## Delete a User
+
 **Endpoint**
 
 <div class="endpoint delete">/rbac/users/{name_or_id}</div>
 
 | Attribute    | Description                 |
-| ---------    | -----------                 |
+| ------------ | --------------------------- |
 | `name_or_id` | The RBAC user name or UUID. |
 
 **Response**
@@ -179,15 +187,17 @@ ___
 ```
 HTTP 204 No Content
 ```
-___
+
+---
 
 ## Add a Role
+
 **Endpoint**
 
 <div class="endpoint post">/rbac/roles</div>
 
 | Attribute             | Description                               |
-| ---------             | -----------                               |
+| --------------------- | ----------------------------------------- |
 | `name`                | The RBAC role name.                       |
 | `comment`<br>optional | A string describing the RBAC user object. |
 
@@ -206,15 +216,17 @@ HTTP 201 Created
   "name": "service_reader"
 }
 ```
-___
+
+---
 
 ## Retrieve a Role
+
 Endpoint
 
 <div class="endpoint get">/rbac/roles/{name_or_id}</div>
 
 | Attribute    | Description                 |
-| ---------    | -----------                 |
+| ------------ | --------------------------- |
 | `name_or_id` | The RBAC role name or UUID. |
 
 **Response**
@@ -231,9 +243,11 @@ HTTP 200 OK
   "name": "service_reader"
 }
 ```
-___
+
+---
 
 ## List Roles
+
 **Endpoint**
 
 <div class="endpoint get">/rbac/roles</div>
@@ -275,9 +289,11 @@ HTTP 200 OK
   "next": null
 }
 ```
-___
+
+---
 
 ## Update or Create a Role
+
 **Endpoint**
 
 <div class="endpoint put">/rbac/roles</div>
@@ -285,7 +301,7 @@ ___
 **Request Body**
 
 | Attribute             | Description                               |
-| ---------             | -----------                               |
+| --------------------- | ----------------------------------------- |
 | `name`                | The RBAC role name.                       |
 | `comment`<br>optional | A string describing the RBAC user object. |
 
@@ -293,8 +309,7 @@ The behavior of `PUT` endpoints is the following: if the request payload **does
 not** contain an entity's primary key (`id` for Users), the entity will be
 created with the given payload. If the request payload **does** contain an
 entity's primary key, the payload will "replace" the entity specified by the
-given primary key. If the primary key is **not** that of an existing entity, `404
-NOT FOUND` will be returned.
+given primary key. If the primary key is **not** that of an existing entity, `404 NOT FOUND` will be returned.
 
 **Response**
 
@@ -321,18 +336,19 @@ HTTP 200 OK
 ```
 
 ## Update a Role
+
 **Endpoint**
 
 <div class="endpoint patch">/rbac/roles/{name_or_id}</div>
 
-| Attribute    | Description                 |
-| ---------    | -----------                 |
+| Attribute    | Description            |
+| ------------ | ---------------------- |
 | `name_or_id` | The RBAC role or UUID. |
 
 **Request Body**
 
 | Attribute             | Description                               |
-| ---------             | -----------                               |
+| --------------------- | ----------------------------------------- |
 | `comment`<br>optional | A string describing the RBAC role object. |
 
 **Response**
@@ -350,40 +366,42 @@ HTTP 200 OK
   "name": "service_reader"
 }
 ```
-___
+
+---
 
 ## Delete a Role
+
 **Endpoint**
 
 <div class="endpoint delete">/rbac/role/{name_or_id}</div>
 
-| Attribute             | Description                               |
-| ---------             | -----------                               |
-| `name`                | The RBAC role name.                       |
+| Attribute | Description         |
+| --------- | ------------------- |
+| `name`    | The RBAC role name. |
 
 **Response**
 
 ```
 HTTP 204 No Content
 ```
-___
+
+---
 
 ## Add a Role Endpoint Permission
+
 **Endpoint**
 
 <div class="endpoint post">/rbac/roles/{name_or_id}/endpoints</div>
 
-
-| Attribute             | Description                               |
-| ---------             | -----------                               |
-| `name_or_id`          | The RBAC role name.                       |
-
+| Attribute    | Description         |
+| ------------ | ------------------- |
+| `name_or_id` | The RBAC role name. |
 
 **Request Body**
 
 | Attribute             | Description                                                                                                                     |
-| ---------             | -----------                                                                                                                     |
-| `workspace`           | Workspace tied to the endpoint. Defaults to the default permission. Special value of "*" means **all** workspaces are affected  |
+| --------------------- | ------------------------------------------------------------------------------------------------------------------------------- |
+| `workspace`           | Workspace tied to the endpoint. Defaults to the default permission. Special value of "\*" means **all** workspaces are affected |
 | `endpoint`            | Endpoint associated with this permission.                                                                                       |
 | `negative`            | If true, explicitly disallow the actions associated with the permissions tied to this endpoint. By default this value is false. |
 | `actions`             | One or more actions associated with this permission. This is a comma separated string (read,create,update,delete)               |
@@ -393,12 +411,13 @@ ___
 exact matches, or contain wildcards, represented by `*`.
 
 - Exact matches; eg:
-  * /apis/
-  * /apis/foo
+
+  - /apis/
+  - /apis/foo
 
 - Wildcards; eg:
-  * /apis/*
-  * /apis/*/plugins
+  - /apis/\*
+  - /apis/\*/plugins
 
 Where `*` replaces exactly one segment between slashes (or the end of
 the path).
@@ -414,12 +433,7 @@ HTTP 201 Created
 
 ```json
 {
-  "actions": [
-    "delete",
-    "create",
-    "update",
-    "read"
-  ],
+  "actions": ["delete", "create", "update", "read"],
   "created_at": 1557764505,
   "endpoint": "/consumers",
   "negative": false,
@@ -433,12 +447,13 @@ HTTP 201 Created
 ---
 
 ## Retrieve a Role Endpoint Permission
+
 **Endpoint**
 
 <div class="endpoint get">/rbac/roles/{name_or_id}/endpoints/{worspace_name_or_id}/{endpoint}</div>
 
 | Attribute             | Description                                  |
-| ---------             | -----------                                  |
+| --------------------- | -------------------------------------------- |
 | `name_or_id`          | The RBAC role name or UUID.                  |
 | `worspace_name_or_id` | The worspace name or UUID.                   |
 | `endpoint`            | The endpoint associated with this permisson. |
@@ -451,12 +466,7 @@ HTTP 200 OK
 
 ```json
 {
-  "actions": [
-    "delete",
-    "create",
-    "update",
-    "read"
-  ],
+  "actions": ["delete", "create", "update", "read"],
   "created_at": 1557764505,
   "endpoint": "/consumers",
   "negative": false,
@@ -469,15 +479,14 @@ HTTP 200 OK
 
 ---
 
-
-
 ## List Role Endpoints Permissions
+
 **Endpoint**
 
 <div class="endpoint get">/rbac/roles/{role_name_or_id}/endpoints</div>
 
 | Attribute         | Description                 |
-| ---------         | -----------                 |
+| ----------------- | --------------------------- |
 | `role_name_or_id` | The RBAC role name or UUID. |
 
 **Response**
@@ -490,12 +499,7 @@ HTTP 200 OK
 {
   "data": [
     {
-      "actions": [
-        "delete",
-        "create",
-        "update",
-        "read"
-      ],
+      "actions": ["delete", "create", "update", "read"],
       "created_at": 1557764505,
       "endpoint": "/consumers",
       "negative": false,
@@ -505,9 +509,7 @@ HTTP 200 OK
       "workspace": "default"
     },
     {
-      "actions": [
-        "read"
-      ],
+      "actions": ["read"],
       "created_at": 1557764438,
       "endpoint": "/services",
       "negative": false,
@@ -523,22 +525,23 @@ HTTP 200 OK
 ---
 
 ## Update a Role Endpoint Permission
+
 **Endpoint**
 
 <div class="endpoint patch">/rbac/roles/{name_or_id}/endpoints/{worspace_name_or_id}/{endpoint}</div>
 
 | Attribute             | Description                                  |
-| ---------             | -----------                                  |
+| --------------------- | -------------------------------------------- |
 | `name_or_id`          | The RBAC role name or UUID.                  |
 | `worspace_name_or_id` | The worspace name or UUID.                   |
 | `endpoint`            | The endpoint associated with this permisson. |
 
 **Request Body**
 
-| Attribute             | Description |
-| ---------             | ----------- |
-| `negative`            | If true, explicitly disallow the actions associated with the permissions tied to this resource. By default this value is false. |
-| `actions`             | One or more actions associated with this permission. |
+| Attribute  | Description                                                                                                                     |
+| ---------- | ------------------------------------------------------------------------------------------------------------------------------- |
+| `negative` | If true, explicitly disallow the actions associated with the permissions tied to this resource. By default this value is false. |
+| `actions`  | One or more actions associated with this permission.                                                                            |
 
 **Response**
 
@@ -548,12 +551,7 @@ HTTP 200 OK
 
 ```json
 {
-  "actions": [
-    "delete",
-    "create",
-    "update",
-    "read"
-  ],
+  "actions": ["delete", "create", "update", "read"],
   "created_at": 1557764438,
   "endpoint": "/services",
   "negative": false,
@@ -566,15 +564,14 @@ HTTP 200 OK
 
 ---
 
-
-
 ## Delete a Role Endpoint Permission
+
 **Endpoint**
 
 <div class="endpoint delete">/rbac/roles/{name_or_id}/endpoints/{worspace_name_or_id}/{endpoint}</div>
 
 | Attribute             | Description                                  |
-| ---------             | -----------                                  |
+| --------------------- | -------------------------------------------- |
 | `name_or_id`          | The RBAC role name or UUID.                  |
 | `worspace_name_or_id` | The worspace name or UUID.                   |
 | `endpoint`            | The endpoint associated with this permisson. |
@@ -587,20 +584,20 @@ HTTP 204 No Content
 
 ---
 
-
-
 ## Add a Role Entity Permission
+
 **Endpoint**
+
 <div class="endpoint post">/rbac/roles/{name_or_id}/entities</div>
 
 | Attribute    | Description                 |
-| ---------    | -----------                 |
+| ------------ | --------------------------- |
 | `name_or_id` | The RBAC role name or UUID. |
 
 **Request Body**
 
 | Attribute             | Description                                                                                                                     |
-| ---------             | -----------                                                                                                                     |
+| --------------------- | ------------------------------------------------------------------------------------------------------------------------------- |
 | `negative`            | If true, explicitly disallow the actions associated with the permissions tied to this resource. By default this value is false. |
 | `entity_id`           | id of the entity associated with this permission.                                                                               |
 | `actions`             | One or more actions associated with this permission.                                                                            |
@@ -612,7 +609,6 @@ workspace. Future entities belonging to that workspace will get the
 same permissions. A wildcard `*` will be interpreted as **all
 entities** in the system.
 
-
 **Response**
 
 ```
@@ -621,11 +617,7 @@ HTTP 201 Created
 
 ```json
 {
-  "actions": [
-    "delete",
-    "create",
-    "read"
-  ],
+  "actions": ["delete", "create", "read"],
   "created_at": 1557771505,
   "entity_id": "*",
   "entity_type": "wildcard",
@@ -639,13 +631,15 @@ HTTP 201 Created
 ---
 
 ## Retrieve a Role Entity Permission
+
 **Endpoint**
+
 <div class="endpoint get">/rbac/roles/{name_or_id}/entities/{entity_id}</div>
 
-| Attribute             | Description                                                                                                                     |
-| ---------             | -----------                                                                                                                     |
-| `name_or_id`          | The RBAC permission name or UUID.                                                                                                |
-| `entity_id`           | id of the entity associated with this permission.                                                                               |
+| Attribute    | Description                                       |
+| ------------ | ------------------------------------------------- |
+| `name_or_id` | The RBAC permission name or UUID.                 |
+| `entity_id`  | id of the entity associated with this permission. |
 
 **Response**
 
@@ -655,11 +649,7 @@ HTTP 200 Ok
 
 ```json
 {
-  "actions": [
-    "delete",
-    "create",
-    "read"
-  ],
+  "actions": ["delete", "create", "read"],
   "created_at": 1557771505,
   "entity_id": "*",
   "entity_type": "wildcard",
@@ -675,11 +665,12 @@ HTTP 200 Ok
 ## List Entity Permissons
 
 **Endpoint**
+
 <div class="endpoint get">/rbac/roles/{name_or_id}/entities</div>
 
-| Attribute             | Description                      |
-| ---------             | -----------                      |
-| `name_or_id`          | The RBAC permisson name or UUID. |
+| Attribute    | Description                      |
+| ------------ | -------------------------------- |
+| `name_or_id` | The RBAC permisson name or UUID. |
 
 **Response**
 
@@ -691,11 +682,7 @@ HTTP 200 Ok
 {
   "data": [
     {
-      "actions": [
-        "delete",
-        "create",
-        "read"
-      ],
+      "actions": ["delete", "create", "read"],
       "created_at": 1557771505,
       "entity_id": "*",
       "entity_type": "wildcard",
@@ -709,22 +696,24 @@ HTTP 200 Ok
 ```
 
 ---
+
 ## Update an Entity Permission
+
 **Endpoint**
 
 <div class="endpoint patch">/rbac/roles/{name_or_id}/entities/{entity_id}</div>
 
-| Attribute             | Description                 |
-| ---------             | -----------                 |
-| `name_or_id`          | The RBAC role name or UUID. |
-| `entity_id`           | The entity name or UUID.    |
+| Attribute    | Description                 |
+| ------------ | --------------------------- |
+| `name_or_id` | The RBAC role name or UUID. |
+| `entity_id`  | The entity name or UUID.    |
 
 **Request Body**
 
-| Attribute    | Description                 |
-| ---------    | -----------                 |
+| Attribute  | Description                                                                                                                     |
+| ---------- | ------------------------------------------------------------------------------------------------------------------------------- |
 | `negative` | If true, explicitly disallow the actions associated with the permissions tied to this resource. By default this value is false. |
-| `actions` | One or more actions associated with this permission. |
+| `actions`  | One or more actions associated with this permission.                                                                            |
 
 **Response**
 
@@ -734,9 +723,7 @@ HTTP 200 OK
 
 ```json
 {
-  "actions": [
-    "update"
-  ],
+  "actions": ["update"],
   "created_at": 1557771505,
   "entity_id": "*",
   "entity_type": "wildcard",
@@ -750,12 +737,13 @@ HTTP 200 OK
 ---
 
 ## Delete an Entity Permission
+
 **Endpoint**
 
 <div class="endpoint delete">/rbac/roles/{name_or_id}/entities/{entity_id}</div>
 
 | Attribute    | Description                 |
-| ---------    | -----------                 |
+| ------------ | --------------------------- |
 | `name_or_id` | The RBAC role name or UUID. |
 | `entity_id`  | The entity name or UUID.    |
 
@@ -768,39 +756,31 @@ HTTP 204 No Content
 ---
 
 ## List Role Permissions
+
 **Endpoint**
+
 <div class="endpoint get">/rbac/roles/{name_or_id}/permissions/</div>
 
 | Attribute    | Description                 |
-| ---------    | -----------                 |
+| ------------ | --------------------------- |
 | `name_or_id` | The RBAC role name or UUID. |
 
-
 **Response**
 
 ```
 HTTP 200 OK
 ```
+
 ```json
 {
   "endpoints": {
     "*": {
       "*": {
-        "actions": [
-          "delete",
-          "create",
-          "update",
-          "read"
-        ],
+        "actions": ["delete", "create", "update", "read"],
         "negative": false
       },
       "/*/rbac/*": {
-        "actions": [
-          "delete",
-          "create",
-          "update",
-          "read"
-        ],
+        "actions": ["delete", "create", "update", "read"],
         "negative": true
       }
     }
@@ -810,19 +790,19 @@ HTTP 200 OK
 ```
 
 ## Add a User to a Role
+
 **Endpoint**
 
 <div class="endpoint post">/rbac/users/{name_or_id}/roles</div>
 
 | Attribute    | Description                 |
-| ---------    | -----------                 |
+| ------------ | --------------------------- |
 | `name_or_id` | The RBAC role name or UUID. |
 
-
 **Request Body**
 
-| Attribute | Description |
-| --------- | ----------- |
+| Attribute | Description                                               |
+| --------- | --------------------------------------------------------- |
 | `roles`   | Comma-separated list of role names to assign to the user. |
 
 **Response**
@@ -830,6 +810,7 @@ HTTP 200 OK
 ```
 HTTP 201 Created
 ```
+
 ```json
 {
   "roles": [
@@ -852,23 +833,24 @@ HTTP 201 Created
 ```
 
 ---
+
 ## List a User's Roles
+
 **Endpoint**
 
 <div class="endpoint get">/rbac/users/{name_or_id}/roles</div>
 
 | Attribute    | Description                 |
-| ---------    | -----------                 |
+| ------------ | --------------------------- |
 | `name_or_id` | The RBAC role name or UUID. |
 
-
 **Response**
 
 ```
 HTTP 200 OK
 ```
-```json
 
+```json
 {
   "roles": [
     {
@@ -896,20 +878,21 @@ HTTP 200 OK
 ```
 
 ---
+
 ## Delete a Role from a User
+
 **Endpoint**
 
 <div class="endpoint delete">/rbac/users/{name_or_id}/roles</div>
 
 | Attribute    | Description                 |
-| ---------    | -----------                 |
+| ------------ | --------------------------- |
 | `name_or_id` | The RBAC role name or UUID. |
 
-
 **Request Body**
 
 | Attribute | Description                                               |
-| --------- | -----------                                               |
+| --------- | --------------------------------------------------------- |
 | `roles`   | Comma-separated list of role names to assign to the user. |
 
 **Response**
@@ -921,12 +904,13 @@ HTTP 204 No Content
 ---
 
 ## List a User's Permissions
+
 **Endpoint**
 
 <div class="endpoint get">/rbac/users/{name_or_id}/permissions</div>
 
 | Attribute    | Description                 |
-| ---------    | -----------                 |
+| ------------ | --------------------------- |
 | `name_or_id` | The RBAC role name or UUID. |
 
 **Response**
@@ -934,19 +918,17 @@ HTTP 204 No Content
 ```
 HTTP 200 OK
 ```
+
 ```json
 {
   "endpoints": {
     "*": {
       "*": {
-        "actions": [
-          "read"
-        ],
+        "actions": ["read"],
         "negative": false
       }
     }
   },
   "entities": {}
 }
-
 ```
diff --git a/app/enterprise/0.35-x/admin-api/vitals/index.md b/app/enterprise/0.35-x/admin-api/vitals/index.md
index bd3525e05362..76ce8a40b019 100644
--- a/app/enterprise/0.35-x/admin-api/vitals/index.md
+++ b/app/enterprise/0.35-x/admin-api/vitals/index.md
@@ -31,13 +31,14 @@ $ export KONG_VITALS=on
 $ export KONG_VITALS=off
 ```
 
-Kong must be restarted for these changes to take effect. 
+Kong must be restarted for these changes to take effect.
 
 ## Vitals Metrics
 
 Vitals metrics fall into two categories:
-* Health Metrics - for monitoring the health of a Kong cluster
-* Traffic Metrics — for monitoring the usage of upstream services
+
+- Health Metrics - for monitoring the health of a Kong cluster
+- Traffic Metrics — for monitoring the usage of upstream services
 
 Within these categories, Vitals collects the following metrics:
 
@@ -60,7 +61,7 @@ Within these categories, Vitals collects the following metrics:
     - [Total Status Codes per Consumer per Route](#total-status-codes-per-consumer-per-route)
 
 All metrics are collected at 1-second intervals and aggregated into 1-minute
-intervals. The 1-second intervals are retained for one hour. The 1-minute 
+intervals. The 1-second intervals are retained for one hour. The 1-minute
 intervals are retained for 25 hours.
 
 If longer retention times are needed, the Vitals API can be used to pull metrics
@@ -68,20 +69,20 @@ out of Kong and into a data retention tool.
 
 ### Health Metrics
 
-Health metrics give insight into the performance of a Kong cluster; for example, 
+Health metrics give insight into the performance of a Kong cluster; for example,
 how many requests it is processing and the latency on those requests.
 
 Health metrics are tracked for each node in a cluster as well as for the cluster
-as a whole. In Kong, a node is a running process with a unique identifier, 
-configuration, cache layout, and connections to both Kong’s datastores and the 
-upstream APIs it proxies. Note that node identifiers are unique to the process, 
-and not to the host on which the process runs. In other words, each Kong restart 
+as a whole. In Kong, a node is a running process with a unique identifier,
+configuration, cache layout, and connections to both Kong’s datastores and the
+upstream APIs it proxies. Note that node identifiers are unique to the process,
+and not to the host on which the process runs. In other words, each Kong restart
 results in a new node, and therefore a new node ID.
 
 #### Latency
 
-The Vitals API may return null for Latency metrics—this occurs when no API 
-requests were proxied during the timeframe. Null latencies are not graphed in 
+The Vitals API may return null for Latency metrics—this occurs when no API
+requests were proxied during the timeframe. Null latencies are not graphed in
 Kong Manager—periods with null latencies appear as gaps in Vitals charts.
 
 ##### Proxy Latency (Request)
@@ -122,7 +123,6 @@ Traffic metrics provide insight into which of your services are being used, and
 
 ##### Total Requests
 
-
 This metric is the count of all API proxy requests received. This includes requests that were rejected due to rate-limiting, failed authentication, etc.
 
 This metric is referenced in the Vitals API with the following label: `requests_proxy_total`
@@ -154,16 +154,19 @@ This metric is the total count of each specific status code for a given route.
 This metric is referenced in the Vitals API with the following label: `status_codes_per_route_total`
 
 ##### Total Status Codes per Consumer
+
 This metric is the total count of each specific status code for a given consumer.
 
 This metric is referenced in the Vitals API with the following label: `status_codes_per_consumer_total`
 
 ##### Total Status Codes per Consumer Per Route
+
 This metric is the total count of each specific status code for a given consumer and route.
 
 This metric is referenced in the Vitals API with the following label: `status_codes_per_consumer_route_total`
 
 ## Vitals API
+
 Vitals data is available via endpoints on Kong’s Admin API. Access to these endpoints may be controlled via Admin API RBAC. The Vitals API is described in the attached OAS (Open API Spec, formerly Swagger) file [vitalsSpec.yaml][vitals_spec]
 
 ## Vitals Data Visualization in Kong Manager
@@ -177,6 +180,7 @@ A timeframe selector adjacent to Vitals charts in Kong Manager controls the time
 Timestamps on the x-axis of Vitals charts are displayed either in the browser's local time zone, or in UTC, depending on the UTC option that appears adjacent to Vitals charts.
 
 ### Cluster and Node Data
+
 Metrics can be displayed on Vitals charts at both node and cluster level. Controls are available to show cluster-wide metrics and/or node-specific metrics. Clicking on individual nodes will toggle the display of data from those nodes. Nodes can be identified by a unique Kong node identifier, by hostname, or by a combination of the two.
 
 ### Status Code Data
@@ -188,7 +192,7 @@ Visualizations of cluster-wide status code classes (1xx, 2xx, 3xx, 4xx, 5xx) can
 Vitals data does not appear in Kong Manager or the Admin API.
 First, make sure Vitals is enabled. (`vitals = on` in your Kong configuration).
 
-Then, check your log files. If you see `[vitals] kong_vitals_requests_consumers cache is full` or `[vitals] error attempting to push to list: no memory`, then Vitals is no longer able to track requests because its cache is full.  This condition may resolve itself if traffic to the node subsides long enough for it to work down the cache. Regardless, the node will continue to proxy requests as usual.
+Then, check your log files. If you see `[vitals] kong_vitals_requests_consumers cache is full` or `[vitals] error attempting to push to list: no memory`, then Vitals is no longer able to track requests because its cache is full. This condition may resolve itself if traffic to the node subsides long enough for it to work down the cache. Regardless, the node will continue to proxy requests as usual.
 
 ### Limitations in Cassandra 2.x
 
diff --git a/app/enterprise/0.35-x/admin-api/vitals/vitals-prometheus-strategy.md b/app/enterprise/0.35-x/admin-api/vitals/vitals-prometheus-strategy.md
index d490f3a929fb..a075aaedf8ac 100644
--- a/app/enterprise/0.35-x/admin-api/vitals/vitals-prometheus-strategy.md
+++ b/app/enterprise/0.35-x/admin-api/vitals/vitals-prometheus-strategy.md
@@ -22,7 +22,8 @@ using default config that listens on port `9090`.
 
 The latest release of StatsD exporter can be found at the
 [Bintray](https://bintray.com/kong/statsd-exporter). The binary is distributed
-with some specific features like min/max gauges and Unix domain socket support.
+with some specific features like min/max gauges. Alternatively, a
+[Docker image](https://bintray.com/kong/statsd-exporter-docker) is also available.
 
 StatsD exporter needed to configured with a set of mapping rules to translate
 the StatsD UDP events to Prometheus metrics. A default set of mapping rules can
@@ -37,12 +38,15 @@ $ ./statsd_exporter --statsd.mapping-config=statsd.rules.yaml \
 
 The StatsD mapping rules file must be configured to match the metrics sent from
 Kong. To learn how to customize the StatsD events name, please refer to
-[Enable Vitals with Prometheus strategy in Kong](#enable-Vitals-with-prometheus-strategy-in-kong)
+[Enable Vitals with Prometheus strategy in Kong](#enable-vitals-with-prometheus-strategy-in-kong)
 section.
 
 StatsD exporter can run either on a separate node from Kong (to avoid resource
 competition with Kong), or on the same host with Kong (to reduce unnecessary
-network overhead).
+network overhead). Note that feeding metrics from multiple Kong nodes into a single
+StatsD exporter is currently not supported, as it would result in a metrics conflict.
+It's also recommended to match the number of Kong nodes to StatsD exporters for
+better scalability.
 
 In this guide, we assume StatsD exporter is running on hostname `statsd-node`,
 using default config that listens to UDP traffic on port `9125` and the metrics 
@@ -129,8 +133,8 @@ $ export KONG_VITALS_STATSD_PREFIX=kong-vitals
 ```yaml
 # in statsd.rules
 mappings:
-# by API
-- match: kong-vitals.api.*.request.count
+# by Service
+- match: kong.service.*.request.count
   name: "kong_requests_proxy"
   labels:
     job: "kong_metrics"
diff --git a/app/enterprise/0.35-x/admin-api/workspaces/examples.md b/app/enterprise/0.35-x/admin-api/workspaces/examples.md
index f7714120ebf3..3899c5337f49 100644
--- a/app/enterprise/0.35-x/admin-api/workspaces/examples.md
+++ b/app/enterprise/0.35-x/admin-api/workspaces/examples.md
@@ -488,4 +488,4 @@ Next: [RBAC Overview &rsaquo;](/enterprise/{{page.kong_version}}/rbac/overview)
 
 ---
 
-[services]: /{{page.kong_version}}/admin-api/#service-object
+[services]: /enterprise/{{page.kong_version}}/admin-api/#service-object
diff --git a/app/enterprise/0.35-x/admin-api/workspaces/reference.md b/app/enterprise/0.35-x/admin-api/workspaces/reference.md
index 46c1ab15e7d7..8fa8e7e4c14a 100644
--- a/app/enterprise/0.35-x/admin-api/workspaces/reference.md
+++ b/app/enterprise/0.35-x/admin-api/workspaces/reference.md
@@ -3,14 +3,14 @@ title: Workspaces Reference
 book: workspaces
 
 workspace_body: |
-    Attribute | Description
-    ---:| ---
-    `name` | The **Workspace** name.
+  Attribute | Description
+  ---:| ---
+  `name` | The **Workspace** name.
 
 workspace_entities_body: |
-    Attribute | Description
-    ---:| ---
-    `entities`| Comma-delimited list of entity identifiers
+  Attribute | Description
+  ---:| ---
+  `entities`| Comma-delimited list of entity identifiers
 ---
 
 ## Introduction
@@ -149,22 +149,21 @@ HTTP 200 OK
 
 <div class="endpoint put">/workspaces/{id}</div>
 
-Attributes | Description
----:| ---
-`id`<br>**conditional** | The **Workspace's** unique ID, if replacing it.*
+|              Attributes | Description                                       |
+| ----------------------: | ------------------------------------------------- |
+| `id`<br>**conditional** | The **Workspace's** unique ID, if replacing it.\* |
 
-* The behavior of `PUT` endpoints is the following: if the request payload **does
-not** contain an entity's primary key (`id` for Workspaces), the entity will be
-created with the given payload. If the request payload **does** contain an
-entity's primary key, the payload will "replace" the entity specified by the
-given primary key. If the primary key is **not** that of an existing entity, `404
-NOT FOUND` will be returned.
+- The behavior of `PUT` endpoints is the following: if the request payload **does
+  not** contain an entity's primary key (`id` for Workspaces), the entity will be
+  created with the given payload. If the request payload **does** contain an
+  entity's primary key, the payload will "replace" the entity specified by the
+  given primary key. If the primary key is **not** that of an existing entity, `404 NOT FOUND` will be returned.
 
 #### Request Body
 
-Attribute | Description
----:| ---
-`name` | The **Workspace** name.
+| Attribute | Description             |
+| --------: | ----------------------- |
+|    `name` | The **Workspace** name. |
 
 **Response**
 
@@ -216,9 +215,9 @@ HTTP 200 OK
 
 <div class="endpoint get">/workspaces/{name or id}</div>
 
-Attributes | Description
----:| ---
-`name or id`<br>**required** | The unique identifier **or** the name of the **Workspace** to retrieve
+|                   Attributes | Description                                                            |
+| ---------------------------: | ---------------------------------------------------------------------- |
+| `name or id`<br>**required** | The unique identifier **or** the name of the **Workspace** to retrieve |
 
 **Response**
 
@@ -233,8 +232,8 @@ HTTP 200 OK
     "portal_developer_meta_fields": "[{\"label\":\"Full Name\",\"title\":\"full_name\",\"validator\":{\"required\":true,\"type\":\"string\"}}]"
   },
   "created_at": 1557504202,
-    "id": "c663cca5-c6f6-474a-ae44-01f62aba16a9",
-    "meta": { },
+  "id": "c663cca5-c6f6-474a-ae44-01f62aba16a9",
+  "meta": {},
   "name": "rocket-team"
 }
 ```
@@ -245,9 +244,9 @@ HTTP 200 OK
 
 <div class="endpoint get">/workspaces/{name or id}/meta</div>
 
-Attributes | Description
----:| ---
-`name or id`<br>**required** | The unique identifier **or** the name of the **Workspace** to retrieve
+|                   Attributes | Description                                                            |
+| ---------------------------: | ---------------------------------------------------------------------- |
+| `name or id`<br>**required** | The unique identifier **or** the name of the **Workspace** to retrieve |
 
 #### Response
 
@@ -288,11 +287,11 @@ HTTP 200 OK
 
 <div class="endpoint delete">/workspaces/{name or id}</div>
 
-Attributes | Description
----:| ---
-`name or id`<br>**required** | The unique identifier **or** the name of the **Workspace** to delete
+|                   Attributes | Description                                                          |
+| ---------------------------: | -------------------------------------------------------------------- |
+| `name or id`<br>**required** | The unique identifier **or** the name of the **Workspace** to delete |
 
-**Note:** All entities within a **Workspace** must be deleted before the 
+**Note:** All entities within a **Workspace** must be deleted before the
 **Workspace** itself can be.
 
 **Response**
@@ -307,15 +306,15 @@ HTTP 204 No Content
 
 <div class="endpoint patch">/workspaces/{name or id}</div>
 
-Attributes | Description
----:| ---
-`name or id`<br>**required** | The unique identifier **or** the name of the **Workspace** to patch
+|                   Attributes | Description                                                         |
+| ---------------------------: | ------------------------------------------------------------------- |
+| `name or id`<br>**required** | The unique identifier **or** the name of the **Workspace** to patch |
 
 #### Request Body
 
-Attributes | Description
----:| ---
-`comment` | A string describing the **Workspace**
+| Attributes | Description                           |
+| ---------: | ------------------------------------- |
+|  `comment` | A string describing the **Workspace** |
 
 The behavior of `PATCH` endpoints prevents the renaming of a **Workspace**.
 
@@ -431,7 +430,7 @@ HTTP 200 OK
 }
 ```
 
-In this case, the **Workspace** references two Services. 
+In this case, the **Workspace** references two Services.
 
 ### Delete entities from a Workspace
 
@@ -487,4 +486,4 @@ HTTP 204 No Content
 
 ---
 
-[Admin API]: /{{page.kong_version}}/admin-api/
+[Admin API]: /enterprise/{{page.kong_version}}/admin-api/
diff --git a/app/enterprise/0.35-x/auth.md b/app/enterprise/0.35-x/auth.md
new file mode 100644
index 000000000000..f190620128e8
--- /dev/null
+++ b/app/enterprise/0.35-x/auth.md
@@ -0,0 +1,215 @@
+---
+title: Authentication Reference
+---
+
+## Introduction
+
+Traffic to your upstream services (APIs or microservices) is typically controlled by the application and
+configuration of various Kong [authentication plugins][plugins]. Since Kong's Service entity represents
+a 1-to-1 mapping of your own upstream services, the simplest scenario is to configure authentication
+plugins on the Services of your choosing.
+
+## Generic authentication
+
+The most common scenario is to require authentication and to not allow access for any unauthenticated request.
+To achieve this any of the authentication plugins can be used. The generic scheme/flow of those plugins
+works as follows:
+
+1. Apply an auth plugin to a Service, or globally (you cannot apply one on consumers)
+2. Create a `consumer` entity
+3. Provide the consumer with authentication credentials for the specific authentication method
+4. Now whenever a request comes in Kong will check the provided credentials (depends on the auth type) and
+it will either block the request if it cannot validate, or add consumer and credential details
+in the headers and forward the request
+
+The generic flow above does not always apply, for example when using external authentication like LDAP,
+then there is no consumer to be identified, and only the credentials will be added in the forwarded headers.
+
+The authentication method specific elements and examples can be found in each [plugin's documentation][plugins].
+
+## Consumers
+
+The easiest way to think about consumers is to map them one-on-one to users. Yet, to Kong this does not matter.
+The core principle for consumers is that you can attach plugins to them, and hence customize request behaviour.
+So you might have mobile apps, and define one consumer for each app, or version of it. Or have a consumer per
+platform, e.g. an android consumer, an iOS consumer, etc.
+
+It is an opaque concept to Kong and hence they are called "consumers" and not "users".
+
+## Anonymous Access
+
+Kong has the ability to configure a given Service to allow **both** authenticated **and** anonymous access.
+You might use this configuration to grant access to anonymous users with a low rate-limit, and grant access
+to authenticated users with a higher rate limit.
+
+To configure a Service like this, you first apply your selected authentication plugin, then create a new
+consumer to represent anonymous users, then configure your authentication plugin to allow anonymous
+access. Here is an example, which assumes you have already configured a Service named `example-service` and
+the corresponding route:
+
+1. ### Create an example Service and a Route
+
+    Issue the following cURL request to create `example-service` pointing to mockbin.org, which will echo
+    the request:
+
+    ```bash
+    $ curl -i -X POST \
+      --url http://localhost:8001/services/ \
+      --data 'name=example-service' \
+      --data 'url=http://mockbin.org/request'
+    ```
+
+    Add a route to the Service:
+
+    ```bash
+    $ curl -i -X POST \
+      --url http://localhost:8001/services/example-service/routes \
+      --data 'paths[]=/auth-sample'
+    ```
+
+    The url `http://localhost:8000/auth-sample` will now echo whatever is being requested.
+
+2. ### Configure the key-auth Plugin for your Service
+
+    Issue the following cURL request to add a plugin to a Service:
+
+    ```bash
+    $ curl -i -X POST \
+      --url http://localhost:8001/services/example-service/plugins/ \
+      --data 'name=key-auth'
+    ```
+
+    Be sure to note the created Plugin `id` - you'll need it in step 5.
+
+3. ### Verify that the key-auth plugin is properly configured
+
+    Issue the following cURL request to verify that the [key-auth][key-auth]
+    plugin was properly configured on the Service:
+
+    ```bash
+    $ curl -i -X GET \
+      --url http://localhost:8000/auth-sample
+    ```
+
+    Since you did not specify the required `apikey` header or parameter, and you have not yet
+    enabled anonymous access, the response should be `403 Forbidden`:
+
+    ```http
+    HTTP/1.1 403 Forbidden
+    ...
+
+    {
+      "message": "No API key found in headers or querystring"
+    }
+    ```
+
+4. ### Create an anonymous Consumer
+
+    Every request proxied by Kong must be associated with a Consumer. You'll now create a Consumer
+    named `anonymous_users` (that Kong will utilize when proxying anonymous access) by issuing the
+    following request:
+
+    ```bash
+    $ curl -i -X POST \
+      --url http://localhost:8001/consumers/ \
+      --data "username=anonymous_users"
+    ```
+
+    You should see a response similar to the one below:
+
+    ```http
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+    Connection: keep-alive
+
+    {
+      "username": "anonymous_users",
+      "created_at": 1428555626000,
+      "id": "bbdf1c48-19dc-4ab7-cae0-ff4f59d87dc9"
+    }
+    ```
+
+    Be sure to note the Consumer `id` - you'll need it in the next step.
+
+5. ### Enable anonymous access
+
+    You'll now re-configure the key-auth plugin to permit anonymous access by issuing the following
+    request (**replace the sample uuids below by the `id` values from step 2 and 4**):
+
+    ```bash
+    $ curl -i -X PATCH \
+      --url http://localhost:8001/plugins/<your-plugin-id> \
+      --data "config.anonymous=<your-consumer-id>"
+    ```
+
+    The `config.anonymous=<your-consumer-id>` parameter instructs the key-auth plugin on this Service to permit
+    anonymous access, and to associate such access with the Consumer `id` we received in the previous step. It is
+    required that you provide a valid and pre-existing Consumer `id` in this step - validity of the Consumer `id`
+    is not currently checked when configuring anonymous access, and provisioning of a Consumer `id` that doesn't already
+    exist will result in an incorrect configuration.
+
+6. ### Check anonymous access
+
+    Confirm that your Service now permits anonymous access by issuing the following request:
+
+    ```bash
+    $ curl -i -X GET \
+      --url http://localhost:8000/auth-sample
+    ```
+
+    This is the same request you made in step #3, however this time the request should succeed, because you
+    enabled anonymous access in step #5.
+
+    The response (which is the request as Mockbin received it) should have these elements:
+
+    ```json
+    {
+      ...
+      "headers": {
+        ...
+        "x-consumer-id": "713c592c-38b8-4f5b-976f-1bd2b8069494",
+        "x-consumer-username": "anonymous_users",
+        "x-anonymous-consumer": "true",
+        ...
+      },
+      ...
+    }
+    ```
+
+    It shows the request was successful, but anonymous.
+
+## Multiple Authentication
+
+Kong supports multiple authentication plugins for a given Service, allowing
+different clients to utilize different authentication methods to access a given Service or Route.
+
+The behaviour of the auth plugins can be set to do either a logical `AND`, or a logical `OR` when evaluating
+multiple authentication credentials. The key to the behaviour is the `config.anonymous` property.
+
+- `config.anonymous` not set <br/>
+  If this property is not set (empty) then the auth plugins will always perform authentication and return
+  a `40x` response if not validated. This results in a logical `AND` when multiple auth plugins are being
+  invoked.
+- `config.anonymous` set to a valid consumer id <br/>
+  In this case the auth plugin will only perform authentication if it was not already authenticated. When
+  authentication fails, it will not return a `40x` response, but set the anonymous consumer as the consumer. This
+  results in a logical `OR` + 'anonymous access' when multiple auth plugins are being invoked.
+
+**NOTE 1**: Either all or none of the auth plugins must be configured for anonymous access. The behaviour is
+undefined if they are mixed.
+
+**NOTE 2**: When using the `AND` method, the last plugin executed will be the one setting the credentials
+passed to the upstream service. With the `OR` method, it will be the first plugin that successfully authenticates
+the consumer, or the last plugin that will set its configured anonymous consumer.
+
+**NOTE 3**: When using the OAuth2 plugin in an `AND` fashion, then also the OAuth2 endpoints for requesting
+tokens etc. will require authentication by the other configured auth plugins.
+
+<div class="alert alert-warning">
+  When multiple authentication plugins are enabled in an <tt>OR</tt> fashion on a given Service, and it is desired that
+  anonymous access be forbidden, then the <a href="/plugins/request-termination"><tt>request-termination</tt> plugin</a> should be
+  configured on the anonymous consumer. Failure to do so will allow unauthorized requests.
+</div>
+
+[plugins]: https://konghq.com/plugins/
+[key-auth]: /plugins/key-authentication
diff --git a/app/enterprise/0.35-x/clustering.md b/app/enterprise/0.35-x/clustering.md
new file mode 100644
index 000000000000..fcf427def903
--- /dev/null
+++ b/app/enterprise/0.35-x/clustering.md
@@ -0,0 +1,297 @@
+---
+title: Clustering Reference
+---
+
+## Introduction
+
+A Kong cluster allows you to scale the system horizontally by adding more
+machines to handle more incoming requests. They will all share the same
+configuration since they point to the same database. Kong nodes pointing to the
+**same datastore** will be part of the same Kong cluster.
+
+You need a load-balancer in front of your Kong cluster to distribute traffic
+across your available nodes.
+
+## What a Kong cluster does and doesn't do
+
+**Having a Kong cluster does not mean that your clients traffic will be
+load-balanced across your Kong nodes out of the box.** You still need a
+load-balancer in front of your Kong nodes to distribute your traffic. Instead,
+a Kong cluster means that those nodes will share the same configuration.
+
+For performance reasons, Kong avoids database connections when proxying
+requests, and caches the contents of your database in memory. The cached
+entities include Services, Routes, Consumers, Plugins, Credentials, etc... Since those
+values are in memory, any change made via the Admin API of one of the nodes
+needs to be propagated to the other nodes.
+
+This document describes how those cached entities are being invalidated and how
+to configure your Kong nodes for your use case, which lies somewhere between
+performance and consistency.
+
+[Back to TOC](#table-of-contents)
+
+## Single node Kong clusters
+
+A single Kong node connected to a database (Cassandra or PostgreSQL) creates a
+Kong cluster of one node. Any changes applied via the Admin API of this node
+will instantly take effect. Example:
+
+Consider a single Kong node `A`. If we delete a previously registered Service:
+
+```bash
+$ curl -X DELETE http://127.0.0.1:8001/services/test-service
+```
+
+Then any subsequent request to `A` would instantly return `404 Not Found`, as
+the node purged it from its local cache:
+
+```bash
+$ curl -i http://127.0.0.1:8000/test-service
+```
+
+[Back to TOC](#table-of-contents)
+
+## Multiple nodes Kong clusters
+
+In a cluster of multiple Kong nodes, other nodes connected to the same database
+would not instantly be notified that the Service was deleted by node `A`.  While
+the Service is **not** in the database anymore (it was deleted by node `A`), it is
+**still** in node `B`'s memory.
+
+All nodes perform a periodic background job to synchronize with changes that
+may have been triggered by other nodes. The frequency of this job can be
+configured via:
+
+* [db_update_frequency][db_update_frequency] (default: 5 seconds)
+
+Every `db_update_frequency` seconds, all running Kong nodes will poll the
+database for any update, and will purge the relevant entities from their cache
+if necessary.
+
+If we delete a Service from node `A`, this change will not be effective in node
+`B` until node `B`s next database poll, which will occur up to
+`db_update_frequency` seconds later (though it could happen sooner).
+
+This makes Kong clusters **eventually consistent**.
+
+[Back to TOC](#table-of-contents)
+
+## What is being cached?
+
+All of the core entities such as Services, Routes, Plugins, Consumers, Credentials are
+cached in memory by Kong and depend on their invalidation via the polling
+mechanism to be updated.
+
+Additionally, Kong also caches **database misses**. This means that if you
+configure a Service with no plugin, Kong will cache this information. Example:
+
+On node `A`, we add a Service and a Route:
+
+```bash
+# node A
+$ curl -X POST http://127.0.0.1:8001/services \
+    --data "name=example-service" \
+    --data "url=http://example.com"
+
+$ curl -X POST http://127.0.0.1:8001/services/example-service/routes \
+    --data "paths[]=/example"
+```
+
+(Note that we used `/services/example-service/routes` as a shortcut: we
+could have used the `/routes` endpoint instead, but then we would need to
+pass `service_id` as an argument, with the UUID of the new Service.)
+
+A request to the Proxy port of both node `A` and `B` will cache this Service, and
+the fact that no plugin is configured on it:
+
+```bash
+# node A
+$ curl http://127.0.0.1:8000/example
+HTTP 200 OK
+...
+```
+
+```bash
+# node B
+$ curl http://127.0.0.2:8000/example
+HTTP 200 OK
+...
+```
+
+Now, say we add a plugin to this Service via node `A`'s Admin API:
+
+```bash
+# node A
+$ curl -X POST http://127.0.0.1:8001/services/example-service/plugins \
+    --data "name=example-plugin"
+```
+
+Because this request was issued via node `A`'s Admin API, node `A` will locally
+invalidate its cache and on subsequent requests, it will detect that this API
+has a plugin configured.
+
+However, node `B` hasn't run a database poll yet, and still caches that this
+API has no plugin to run. It will be so until node `B` runs its database
+polling job.
+
+**Conclusion**: all CRUD operations trigger cache invalidations. Creation
+(`POST`, `PUT`) will invalidate cached database misses, and update/deletion
+(`PATCH`, `DELETE`) will invalidate cached database hits.
+
+[Back to TOC](#table-of-contents)
+
+## How to configure database caching?
+
+You can configure 3 properties in the Kong configuration file, the most
+important one being `db_update_frequency`, which determine where your Kong
+nodes stand on the performance vs consistency trade off.
+
+Kong comes with default values tuned for consistency, in order to let you
+experiment with its clustering capabilities while avoiding "surprises". As you
+prepare a production setup, you should consider tuning those values to ensure
+that your performance constraints are respected.
+
+### 1. [db_update_frequency][db_update_frequency] (default: 5s)
+
+This value determines the frequency at which your Kong nodes will be polling
+the database for invalidation events. A lower value will mean that the polling
+job will be executed more frequently, but that your Kong nodes will keep up
+with changes you apply. A higher value will mean that your Kong nodes will
+spend less time running the polling jobs, and will focus on proxying your
+traffic.
+
+**Note**: changes propagate through the cluster in up to `db_update_frequency`
+seconds.
+
+[Back to TOC](#table-of-contents)
+
+### 2. [db_update_propagation][db_update_propagation] (default: 0s)
+
+If your database itself is eventually consistent (ie: Cassandra), you **must**
+configure this value. It is to ensure that the change has time to propagate
+across your database nodes. When set, Kong nodes receiving invalidation events
+from their polling jobs will delay the purging of their cache for
+`db_update_propagation` seconds.
+
+If a Kong node connected to an eventual consistent database was not delaying
+the event handling, it could purge its cache, only to cache the non-updated
+value again (because the change hasn't propagated through the database yet)!
+
+You should set this value to an estimate of the amount of time your database
+cluster takes to propagate changes.
+
+**Note**: when this value is set, changes propagate through the cluster in
+up to `db_update_frequency + db_update_propagation` seconds.
+
+[Back to TOC](#table-of-contents)
+
+### 3. [db_cache_ttl][db_cache_ttl] (default: 0s)
+
+The time (in seconds) for which Kong will cache database entities (both hits
+and misses). This Time-To-Live value acts as a safeguard in case a Kong node
+misses an invalidation event, to avoid it from running on stale data for too
+long. When the TTL is reached, the value will be purged from its cache, and the
+next database result will be cached again.
+
+By default no data is invalidated based on this TTL (the default value is `0`).
+This is usually fine: Kong nodes rely on invalidation events, which are handled
+at the db store level (Cassandra/PosgreSQL). If you are concerned that a Kong
+node might miss invalidation event for any reason, you should set a TTL. Otherwise
+the node might run with a stale value in its cache for an undefined amount of time,
+until the cache is manually purged, or the node is restarted.
+
+[Back to TOC](#table-of-contents)
+
+### 4. When using Cassandra
+
+If you use Cassandra as your Kong database, you **must** set
+[db_update_propagation][db_update_propagation] to a non-zero value. Since
+Cassandra is eventually consistent by nature, this will ensure that Kong nodes
+do not prematurely invalidate their cache, only to fetch and catch a
+not up-to-date entity again. Kong will present you a warning logs if you did
+not configure this value when using Cassandra.
+
+Additionally, you might want to configure `cassandra_consistency` to a value
+like `QUORUM` or `LOCAL_QUORUM`, to ensure that values being cached by your
+Kong nodes are up-to-date values from your database.
+
+[Back to TOC](#table-of-contents)
+
+## Interacting with the cache via the Admin API
+
+If for some reason, you wish to investigate the cached values, or manually
+invalidate a value cached by Kong (a cached hit or miss), you can do so via the
+Admin API `/cache` endpoint.
+
+### Inspect a cached value
+
+**Endpoint**
+
+<div class="endpoint get">/cache/{cache_key}</div>
+
+**Response**
+
+If a value with that key is cached:
+
+```
+HTTP 200 OK
+...
+{
+    ...
+}
+```
+
+Else:
+
+```
+HTTP 404 Not Found
+```
+
+**Note**: retrieving the `cache_key` for each entity being cached by Kong is
+currently an undocumented process. Future versions of the Admin API will make
+this process easier.
+
+[Back to TOC](#table-of-contents)
+
+### Purge a cached value
+
+**Endpoint**
+
+<div class="endpoint delete">/cache/{cache_key}</div>
+
+**Response**
+
+```
+HTTP 204 No Content
+...
+```
+
+**Note**: retrieving the `cache_key` for each entity being cached by Kong is
+currently an undocumented process. Future versions of the Admin API will make
+this process easier.
+
+[Back to TOC](#table-of-contents)
+
+### Purge a node's cache
+
+**Endpoint**
+
+<div class="endpoint delete">/cache</div>
+
+**Response**
+
+```
+HTTP 204 No Content
+```
+
+**Note**: be wary of using this endpoint on a warm, production running node.
+If the node is receiving a lot of traffic, purging its cache at the same time
+will trigger many requests to your database, and could cause a
+[dog-pile effect](https://en.wikipedia.org/wiki/Cache_stampede).
+
+[Back to TOC](#table-of-contents)
+
+[db_update_frequency]: /enterprise/{{page.kong_version}}/property-reference/#db_update_frequency
+[db_update_propagation]: /enterprise/{{page.kong_version}}/property-reference/#db_update_propagation
+[db_cache_ttl]: /enterprise/{{page.kong_version}}/property-reference/#db_cache_ttl
diff --git a/app/enterprise/0.35-x/deployment/access-license.md b/app/enterprise/0.35-x/deployment/access-license.md
index d6eaf0fb766b..531fc3abc1f7 100644
--- a/app/enterprise/0.35-x/deployment/access-license.md
+++ b/app/enterprise/0.35-x/deployment/access-license.md
@@ -8,7 +8,7 @@ will walk you through how to access your license file.
 
 **Note:** The following guide only pertains to paid versions of Kong Enterprise. For free trial information, check the email received after signing up.
 
-Log into [https://bintray.com/login?forwardedFrom=%2Fkong%2F](https://bintray.com/login?forwardedFrom=%2Fkong%2F)
+Log into [bintray.com](https://bintray.com/login?forwardedFrom=%2Fkong%2F)
 If you are unaware of your login credentials, reach out to your CSE and they'll 
 be able to assist you.
 
diff --git a/app/enterprise/0.35-x/deployment/installation/amazon-linux.md b/app/enterprise/0.35-x/deployment/installation/amazon-linux.md
index 74dd3f978a9f..72b10f6de3b4 100644
--- a/app/enterprise/0.35-x/deployment/installation/amazon-linux.md
+++ b/app/enterprise/0.35-x/deployment/installation/amazon-linux.md
@@ -53,7 +53,7 @@ $ kong migrations bootstrap [-c /path/to/kong.conf]
 $ sudo /usr/local/bin/kong start [-c /path/to/kong.conf]
 ```
 
-**Note:** You may use `kong.conf.default` or create [your own configuration](/0.13.x/configuration/#configuration-loading).
+**Note:** You may use `kong.conf.default` or create [your own configuration](/enterprise/{{page.kong_version}}/property-reference/#configuration-loading).
 
 ## Install HTTPie to Make Commands more Easily
 
diff --git a/app/enterprise/0.35-x/deployment/installation/centos.md b/app/enterprise/0.35-x/deployment/installation/centos.md
index 4e02f192eca3..2dab7f468332 100644
--- a/app/enterprise/0.35-x/deployment/installation/centos.md
+++ b/app/enterprise/0.35-x/deployment/installation/centos.md
@@ -235,5 +235,5 @@ setup reach out to your **Support contact** or head over to the
 ## Next Steps
 
 Work through Kong Enterprise's series of 
-[Getting Started](/enterprise/latest/getting-started) guides to get the most
+[Getting Started](/enterprise/{{page.kong_version}}/getting-started) guides to get the most
 out of Kong Enterprise.
diff --git a/app/enterprise/0.35-x/deployment/installation/overview.md b/app/enterprise/0.35-x/deployment/installation/overview.md
index f7998e263aa3..0e0033738e74 100644
--- a/app/enterprise/0.35-x/deployment/installation/overview.md
+++ b/app/enterprise/0.35-x/deployment/installation/overview.md
@@ -1,5 +1,7 @@
 ---
 title: Installing Kong Enterprise
+redirect_from:
+  - /enterprise/0.35-x/deployment/installation/
 toc: false
 ---
 
diff --git a/app/enterprise/0.35-x/deployment/installation/ubuntu.md b/app/enterprise/0.35-x/deployment/installation/ubuntu.md
index 8f205f617217..1093c6a75eb3 100644
--- a/app/enterprise/0.35-x/deployment/installation/ubuntu.md
+++ b/app/enterprise/0.35-x/deployment/installation/ubuntu.md
@@ -193,5 +193,5 @@ setup reach out to your **Support contact** or head over to the
 ## Next Steps
 
 Work through Kong Enterprise's series of 
-[Getting Started](/enterprise/latest/getting-started) guides to get the most
+[Getting Started](/enterprise/{{page.kong_version}}/getting-started) guides to get the most
 out of Kong Enterprise.
diff --git a/app/enterprise/0.35-x/deployment/migrate-apis-cli.md b/app/enterprise/0.35-x/deployment/migrate-apis-cli.md
index 4b3160c4e7ef..0263293ac876 100644
--- a/app/enterprise/0.35-x/deployment/migrate-apis-cli.md
+++ b/app/enterprise/0.35-x/deployment/migrate-apis-cli.md
@@ -4,16 +4,16 @@ title: Migrating APIs to Services and Routes
 
 ## Overview
 
-The command `kong migrations migrate-apis` will by default migrate apis
-with bundled plugins to routes and services, but it will skip migrating
-apis with custom plugin(s). To migrate apis with custom plugins you can
-add -f or --force option. Verbose (debug) --vv will with Postgres also
-output each SQL transaction SQL statements when executing migration.
+The command `kong migrations migrate-apis` will, by default, migrate APIs
+with bundled plugins to Routes and Services, but it will skip migrating
+any API with a custom plugin. To migrate APIs with custom plugins you can
+add the `-f` or `--force` option. The verbose (debug) option, `--vv`, will also
+output each SQL transaction when executing migrations with Postgres.
 
 
 ### Prerequisites for Migrating APIs to Services and Routes
 
-* You must be on Kong EE 0.34-X
+* You must be on Kong Enterprise 0.34-X
 
 ### kong migrations command usage
 
@@ -64,3 +64,5 @@ Options:
  --vv             debug
 
 ```
+
+See more `kong` commands in the [Enterprise CLI reference](/enterprise/{{page.kong_version}}/cli/)
diff --git a/app/enterprise/0.35-x/developer-portal/configuration/authentication/oidc.md b/app/enterprise/0.35-x/developer-portal/configuration/authentication/oidc.md
index 2680d766a2d8..6e8f6effecb0 100644
--- a/app/enterprise/0.35-x/developer-portal/configuration/authentication/oidc.md
+++ b/app/enterprise/0.35-x/developer-portal/configuration/authentication/oidc.md
@@ -21,10 +21,14 @@ OIDC for the Dev Portal can be enabled in three ways:
 - via the [the command line](#enable-oidc-via-the-command-line)
 - via the [the Kong configuration file](#enable-oidc-via-the-kongconf)
 
+**Warning:** Configuring OIDC authentication for Dev Portal via Kong Manger or with the Admin API will take precedence over any kong.conf 'portal_auth_conf' configuration. Be sure to use only one of the configuration methods.  
+
 
 ### Portal Session Plugin Config
 
-Session Plugin Config does not apply when using OpenID Connect.
+Session Plugin Config does not apply when using OpenID Connect. Any session
+configuration is defined in the configuration object itself and not
+in a separate portal session configuration object as it is with other Dev Portal authentication options.
 
 ### Sample Configuration Object
 
@@ -40,8 +44,8 @@ Provder:
   "client_id": ["<CLIENT-ID>"],
   "login_action": "redirect",
   "logout_redirect_uri": ["http://localhost:8003 (http://localhost:8003/)"],
-  "ssl_verify": false,
   "consumer_claim": ["email"],
+  "redirect_uri": ["https://localhost:8004/auth"],
   "forbidden_redirect_uri": ["http://localhost:8003/unauthorized"],
   "client_secret": ["<CLIENT_SECRET>"],
   "issuer": "https://accounts.google.com/",
@@ -49,17 +53,8 @@ Provder:
   "login_redirect_uri": ["http://localhost:8003 (http://localhost:8003/)"],
   "login_redirect_mode": "query"
 }
-
 ```
 
-The values above can be replaced with their corresponding values for a custom
-OIDC configuration:
-
-  - `<CLIENT_ID>` - Client ID provided by IdP
-        * For Example, Google credentials can be found here:
-        https://console.cloud.google.com/projectselector/apis/credentials
-  - `<CLIENT_SECRET>` - Client secret provided by IdP
-
 If `portal_gui_host` and `portal_api_url` are set to share a domain but differ
 in regards to subdomain, `redirect_uri` and `session_cookie_domain` need to be
 configured to allow OpenID-Connect to apply the session correctly.
@@ -76,9 +71,8 @@ Example:
   "login_redirect_uri": ["https://example.portal.com (https://example.portal.com/)"],
   "login_action": "redirect",
   "logout_redirect_uri": ["https://example.portal.com (https://example.portal.com/)"],
-  "ssl_verify": false,
   "consumer_claim": ["email"],
-  "redirect_uri": ["https://exampleapi.portal.com/auth"],
+  "redirect_uri": ["https://example.portalapi.com/auth"],
   "session_cookie_domain": ".portal.com",
   "forbidden_redirect_uri": ["https://example.portal.com/unauthorized"],
   "client_secret": ["<CLIENT_SECRET"],
@@ -86,9 +80,15 @@ Example:
   "logout_methods": ["GET"],
   "login_redirect_mode": "query"
 }
-
 ```
 
+The values above must be replaced with their corresponding values for a custom
+OIDC configuration:
+* `<CLIENT_ID>` - Client ID provided by IdP. For Example, Google credentials can be found here: https://console.cloud.google.com/projectselector/apis/credentials
+* `<CLIENT_SECRET>` - Client secret provided by IdP
+* The `redirect_uri` the Portal API's '/auth' endpoint.
+* The `session_cookie_domain` is the shared domain of the portal GUI `portal_gui_host` and portal API `portal_api_url` if they have different subdomains.
+
 ### Enable OIDC via Kong Manager
 
 1. Navigate to the Dev Portal's **Settings** page
@@ -112,8 +112,8 @@ curl -X PATCH http://localhost:8001/workspaces/<WORKSPACE NAME> \
   "config.portal_auth_conf=<REPLACE WITH JSON CONFIG OBJECT>
 ```
 
->**Warning** This will automatically authenticate the Dev Portal with Key
->Auth. Anyone currently viewing the Dev Portal will lose access on the
+>**Warning** This will automatically authenticate the Dev Portal with OIDC
+>. Anyone currently viewing the Dev Portal will lose access on the
 >next page refresh.
 
 ### Enable OIDC via the Kong.conf
@@ -130,5 +130,5 @@ portal_auth="openid-connect"
 Then set `portal_auth_conf` property to your
 customized [**Configuration JSON Object**](#/sample-configuration-object)
 
-This will set every Dev Portal to use Key Authentication by default when
+This configuration will set every Dev Portal to use OIDC by default when
 initialized, regardless of Workspace.
diff --git a/app/enterprise/0.35-x/developer-portal/configuration/index.md b/app/enterprise/0.35-x/developer-portal/configuration/index.md
index 0b53bb50b892..25dae954b400 100644
--- a/app/enterprise/0.35-x/developer-portal/configuration/index.md
+++ b/app/enterprise/0.35-x/developer-portal/configuration/index.md
@@ -1,5 +1,7 @@
 ---
 title: Dev Portal Configuration
+redirect_from:
+  - /enterprise/0.35-x/developer-portal/configuration/property-reference/
 ---
 
 <div class="docs-grid">
diff --git a/app/enterprise/0.35-x/developer-portal/introduction.md b/app/enterprise/0.35-x/developer-portal/introduction.md
index 1208fc59bfaa..ea9390f1b66b 100644
--- a/app/enterprise/0.35-x/developer-portal/introduction.md
+++ b/app/enterprise/0.35-x/developer-portal/introduction.md
@@ -2,9 +2,8 @@
 title: Kong Dev Portal Documentation
 toc: false
 ---
-![Welcome to the Kong Dev Portal](https://konghq.com/wp-content/uploads/2018/05/kong-portal-intro.png)
-
 
+![Welcome to the Kong Dev Portal](https://konghq.com/wp-content/uploads/2018/05/kong-portal-intro.png)
 
 <div class="docs-grid">
   <div class="docs-grid-block">
@@ -47,6 +46,4 @@ toc: false
     <a href="/enterprise/changelog/#304">See changelog &rarr;</a>
   </div>
 
-
-
-</div>
\ No newline at end of file
+</div>
diff --git a/app/enterprise/0.35-x/getting-started/add-consumer.md b/app/enterprise/0.35-x/getting-started/add-consumer.md
index 78a1e3cf29a3..5dc3769237bb 100644
--- a/app/enterprise/0.35-x/getting-started/add-consumer.md
+++ b/app/enterprise/0.35-x/getting-started/add-consumer.md
@@ -54,8 +54,8 @@ $ curl -i -X POST \
 ## 3. Verify Validity of Consumer Credentials 
 
 The authorization header must be base64 encoded. For example, if the credential 
-uses Aladdin as the username and OpenSesame as the password, then the field’s 
-value is the base64-encoding of Aladdin:OpenSesame, or QWxhZGRpbjpPcGVuU2VzYW1l.
+uses `Aladdin` as the username and `OpenSesame` as the password, then the field’s 
+value is the base64-encoding of `Aladdin:OpenSesame`, or `QWxhZGRpbjpPcGVuU2VzYW1l`.
 
 Then the Authorization (or Proxy-Authorization) header must appear as:
 
diff --git a/app/enterprise/0.35-x/getting-started/add-service.md b/app/enterprise/0.35-x/getting-started/add-service.md
index f18372ac4a41..70253b3b0537 100644
--- a/app/enterprise/0.35-x/getting-started/add-service.md
+++ b/app/enterprise/0.35-x/getting-started/add-service.md
@@ -5,9 +5,7 @@ title: How to Add a Service and Route
 ### Introduction
 
 This guide walks through the creation and configuration of a 
-**Service and Route** via **Kong Manager** in **Kong Enterprise**. To do this with 
-via the **command line** read Kong's guide to 
-[Configuring a Service](/latest/getting-started/configuring-a-service/).
+**Service and Route** via **Kong Manager** in **Kong Enterprise**. 
 
 For the purpose of this guide, we’ll create a **Service** pointing to the Mockbin 
 API. Mockbin is an “echo” type public website that returns requests back to
@@ -20,10 +18,9 @@ including adding **Services and Routes**, is made via requests on to the
 
 ### Prerequisites
 
-- **Kong Enterprise** is [installed](/enterprise/{{page.kong_version}}/deployment/installation)
-- **Kong Enterprise** is [started](/enterprise/{{page.kong_version}}/getting-started/start-kong)
-- **Super Admin** or [**Admin**](/enterprise/{{page.kong_version}}/getting-started/add-admin)
-access to **Kong Manager**
+* [`enforce_rbac = on`](/enterprise/{{page.kong_version}}/property-reference/#enforce_rbac)
+* Kong Enterprise has [started](/enterprise/{{page.kong_version}}/getting-started/start-kong)
+* Logged in to Kong Manager as a **Super Admin** 
 
 ### Step 1 - Create a New Service
 
@@ -66,7 +63,7 @@ information and **Activity** on the **Service**, as well as any **Routes** or
 [Step 1](#step-1---create-a-new-service), click the **Create New Route** button 
 located in the **Routes** tab at the bottom of the page.
 
-    ![Create Route Service ID](https://doc-assets.konghq.com0.35/getting-started/add-a-service/06-service-route-object.png)
+    ![Create Route Service ID](https://doc-assets.konghq.com/0.35/getting-started/add-a-service/06-service-route-object.png)
 
 2. To create a **Route** you must provide the **Service** `name` and `id`, this
 will be automatically filled out if the form was accessed via the 
diff --git a/app/enterprise/0.35-x/getting-started/enable-plugin.md b/app/enterprise/0.35-x/getting-started/enable-plugin.md
index b927c6a426b9..40a645b93533 100644
--- a/app/enterprise/0.35-x/getting-started/enable-plugin.md
+++ b/app/enterprise/0.35-x/getting-started/enable-plugin.md
@@ -15,11 +15,10 @@ Plugin via the command line, checkout the
 
 ### Prerequisites
 
-- **Kong Enterprise** is [installed](/enterprise/{{page.kong_version}}/deployment/installation)
-- **Kong Enterprise** is [started](/enterprise/{{page.kong_version}}/getting-started/start-kong)
-- A [**Service and Route**](/enterprise/{{page.kong_version}}/getting-started/add-service)
-(optional)
-- **admin** or **super-admin** privileges
+* [`enforce_rbac = on`](/enterprise/{{page.kong_version}}/property-reference/#enforce_rbac)
+* Kong Enterprise has [started](/enterprise/{{page.kong_version}}/getting-started/start-kong)
+* Logged in to Kong Manager as a **Super Admin** 
+* _Optionally_ created a [**Service and Route**](/enterprise/{{page.kong_version}}/getting-started/add-service)
 
 ### How to Enable a Plugin in Kong Manager
 
diff --git a/app/enterprise/0.35-x/getting-started/index.md b/app/enterprise/0.35-x/getting-started/index.md
index 4e7c76ec73d2..90bb0c9c3363 100644
--- a/app/enterprise/0.35-x/getting-started/index.md
+++ b/app/enterprise/0.35-x/getting-started/index.md
@@ -10,9 +10,7 @@ guides is designed to help you familiarize yourself with Kong Enterprise's featu
 and capabilities, with practical steps to start Kong Enterprise securely, access
 Kong Manager as a **Super Admin**, and create new entities such as **Services**.
 
-Each guide also contains links to more in-depth material. Note that Kong
- Enterprise 0.35 includes Kong 1.0 at its core, so CLI commands and most Admin
- API endpoints are documented in standard [Kong documentation](/1.0.x/).
+Each guide also contains links to more in-depth material.
 
  If you have any issues or further questions, please
 [contact Support](https://support.konghq.com/support/s/) and they will be happy
diff --git a/app/enterprise/0.35-x/getting-started/start-kong.md b/app/enterprise/0.35-x/getting-started/start-kong.md
index 0fe368704b15..afcc51a015ba 100644
--- a/app/enterprise/0.35-x/getting-started/start-kong.md
+++ b/app/enterprise/0.35-x/getting-started/start-kong.md
@@ -94,7 +94,7 @@ $ kong start [-c /path/to/kong.conf]
 ```
 
 **Note:** the CLI accepts a configuration option (`-c /path/to/kong.conf`)
-allowing you to point to [your own configuration](/1.0.x/configuration/#configuration-loading).
+allowing you to point to [your own configuration](/enterprise/{{page.kong_version}}/property-reference/#configuration-loading).
 
 ## Step 4
 
diff --git a/app/enterprise/0.35-x/health-checks-circuit-breakers.md b/app/enterprise/0.35-x/health-checks-circuit-breakers.md
new file mode 100644
index 000000000000..42d16e52217b
--- /dev/null
+++ b/app/enterprise/0.35-x/health-checks-circuit-breakers.md
@@ -0,0 +1,321 @@
+---
+title: Health Checks and Circuit Breakers Reference
+---
+
+## Introduction
+
+You can make an API proxied by Kong use a [ring-balancer][ringbalancer], configured
+by adding an [upstream][upstream] entity that contains one or more [target][ringtarget]
+entities, each target pointing to a different IP address (or hostname) and
+port. The ring-balancer will balance load among the various targets, and based
+on the [upstream][upstream] configuration, will perform health checks on the targets,
+making them as healthy or unhealthy whether they are responsive or not. The
+ring-balancer will then only route traffic to healthy targets.
+
+Kong supports two kinds of health checks, which can be used separately or in
+conjunction:
+
+* **active checks**, where a specific HTTP or HTTPS endpoint in the target is
+periodically requested and the health of the target is determined based on its
+response;
+
+* **passive checks** (also known as **circuit breakers**), where Kong analyzes
+the ongoing traffic being proxied and determines the health of targets based
+on their behavior responding requests.
+
+## Healthy and unhealthy targets
+
+The objective of the health checks functionality is to dynamically mark
+targets as healthy or unhealthy, **for a given Kong node**. There is
+no cluster-wide synchronization of health information: each Kong node
+determines the health of its targets separately. This is desirable since at a
+given point one Kong node may be able to connect to a target successfully
+while another node is failing to reach it: the first node will consider
+it healthy, while the second will mark it as unhealthy and start routing
+traffic to other targets of the upstream.
+
+Either an active probe (on active health checks) or a proxied request
+(on passive health checks) produces data which is used to determine
+whether a target is healthy or unhealthy. A request may produce a TCP
+error, timeout, or produce an HTTP status code. Based on this
+information, the health checker updates a series of internal counters:
+
+* If the returned status code is one configured as "healthy", it will
+increment the "Successes" counter for the target and clear all its other
+counters;
+* If it fails to connect, it will increment the "TCP failures" counter
+for the target and clear the "Successes" counter;
+* If it times out, it will increment the "timeouts" counter
+for the target and clear the "Successes" counter;
+* If the returned status code is one configured as "unhealthy", it will
+increment the "HTTP failures" counter for the target and clear the "Successes" counter.
+
+If any of the "TCP failures", "HTTP failures" or "timeouts" counters reaches
+their configured threshold, the target will be marked as unhealthy.
+
+If the "Successes" counter reaches its configured threshold, the target will be
+marked as healthy.
+
+The list of which HTTP status codes are "healthy" or "unhealthy", and the
+individual thresholds for each of these counters are configurable on a
+per-upstream basis. Below, we have an example of a configuration for an
+Upstream entity, showcasing the default values of the various fields
+available for configuring health checks. A description of each
+field is included in the [Admin API][addupstream] reference documentation.
+
+```json
+{
+    "name": "service.v1.xyz",
+    "healthchecks": {
+        "active": {
+            "concurrency": 10,
+            "healthy": {
+                "http_statuses": [ 200, 302 ],
+                "interval": 0,
+                "successes": 0
+            },
+            "http_path": "/",
+            "timeout": 1,
+            "unhealthy": {
+                "http_failures": 0,
+                "http_statuses": [ 429, 404, 500, 501,
+                                   502, 503, 504, 505 ],
+                "interval": 0,
+                "tcp_failures": 0,
+                "timeouts": 0
+            }
+        },
+        "passive": {
+            "healthy": {
+                "http_statuses": [ 200, 201, 202, 203,
+                                   204, 205, 206, 207,
+                                   208, 226, 300, 301,
+                                   302, 303, 304, 305,
+                                   306, 307, 308 ],
+                "successes": 0
+            },
+            "unhealthy": {
+                "http_failures": 0,
+                "http_statuses": [ 429, 500, 503 ],
+                "tcp_failures": 0,
+                "timeouts": 0
+            }
+        }
+    },
+    "slots": 10
+}
+```
+
+If all targets of an upstream are unhealthy, Kong will respond to requests
+to the upstream with `503 Service Unavailable`.
+
+Note:
+
+1. health checks operate only on [*active* targets][targetobject] and do not
+   modify the *active* status of a target in the Kong database.
+2. unhealthy targets will not be removed from the loadbalancer, and hence will
+   not have any impact on the balancer layout when using the hashing algorithm
+   (they will just be skipped).
+3. The [DNS caveats][dnscaveats] and [balancer caveats][balancercaveats]
+   also apply to health checks. If using hostnames for the targets, then make
+   sure the DNS server always returns the full set of IP addresses for a name,
+   and does not limit the response. *Failing to do so might lead to health
+   checks not being executed.*
+
+## Types of health checks
+
+### Active health checks
+
+Active health checks, as the name implies, actively probe targets for
+their health. When active health checks are enabled in an upstream entity,
+Kong will periodically issue HTTP or HTTPS requests to a configured path at each target
+of the upstream. This allows Kong to automatically enable and disable targets
+in the balancer based on the [probe results](#healthy-and-unhealthy-targets).
+
+The periodicity of active health checks can be configured separately for
+when a target is healthy or unhealthy. If the `interval` value for either
+is set to zero, the checking is disabled at the corresponding scenario.
+When both are zero, active health checks are disabled altogether.
+
+<div class="alert alert-warning">
+<strong>Note:</strong> Active health checks currently only support HTTP/HTTPS targets. They
+do not apply to Upstreams assigned to Services with the protocol attribute set to "tcp" or "tls".
+</div>
+
+[Back to TOC](#table-of-contents)
+
+### Passive health checks (circuit breakers)
+
+Passive health checks, also known as circuit breakers, are
+checks performed based on the requests being proxied by Kong (HTTP/HTTPS/TCP),
+with no additional traffic being generated. When a target becomes
+unresponsive, the passive health checker will detect that and mark
+the target as unhealthy. The ring-balancer will start skipping this
+target, so no more traffic will be routed to it.
+
+Once the problem with a target is solved and it is ready to receive
+traffic again, the Kong administrator can manually inform the
+health checker that the target should be enabled again, via an
+Admin API endpoint:
+
+```bash
+$ curl -i -X POST http://localhost:8001/upstreams/my_upstream/targets/10.1.2.3:1234/healthy
+HTTP/1.1 204 No Content
+```
+
+This command will broadcast a cluster-wide message so that the "healthy"
+status is propagated to the whole [Kong cluster][clustering]. This will cause Kong nodes to
+reset the health counters of the health checkers running in all workers of the
+Kong node, allowing the ring-balancer to route traffic to the target again.
+
+Passive health checks have the advantage of not producing extra
+traffic, but they are unable to automatically mark a target as
+healthy again: the "circuit is broken", and the target needs to
+be re-enabled again by the system administrator.
+
+
+[Back to TOC](#table-of-contents)
+
+## Summary of pros and cons
+
+* Active health checks can automatically re-enable a target in the
+ring balancer as soon as it is healthy again. Passive health checks cannot.
+* Passive health checks do not produce additional traffic to the
+target. Active health checks do.
+* An active health checker demands a known URL with a reliable status response
+in the target to be configured as a probe endpoint (which may be as
+simple as `"/"`). Passive health checks do not demand such configuration.
+* By providing a custom probe endpoint for an active health checker,
+an application may determine its own health metrics and produce a status
+code to be consumed by Kong. Even though a target continues to serve
+traffic which looks healthy to the passive health checker,
+it would be able to respond to the active probe with a failure
+status, essentially requesting to be relieved from taking new traffic.
+
+It is possible to combine the two modes. For example, one can enable
+passive health checks to monitor the target health based solely on its
+traffic, and only use active health checks while the target is unhealthy,
+in order to re-enable it automatically.
+
+## Enabling and disabling health checks
+
+### Enabling active health checks
+
+To enable active health checks, you need to specify the configuration items
+under `healthchecks.active` in the [Upstream object][upstreamobjects] configuration. You
+need to specify the necessary information so that Kong can perform periodic
+probing on the target, and how to interpret the resulting information.
+
+You can use the `healthchecks.active.type` field to specify whether to perform
+HTTP or HTTPS probes (setting it to `"http"` or `"https"`), or by simply
+testing if the connection to a given host and port is successful
+(setting it to `"tcp"`).
+
+For configuring the probe, you need to specify:
+
+* `healthchecks.active.http_path` - The path that should be used when
+issuing the HTTP GET request to the target. The default value is `"/"`.
+* `healthchecks.active.timeout` - The connection timeout limit for the
+HTTP GET request of the probe. The default value is 1 second.
+* `healthchecks.active.concurrency` - Number of targets to check concurrently
+in active health checks.
+
+You also need to specify positive values for intervals, for running
+probes:
+
+* `healthchecks.active.healthy.interval` - Interval between active health
+checks for healthy targets (in seconds). A value of zero indicates that active
+probes for healthy targets should not be performed.
+* `healthchecks.active.unhealthy.interval` - Interval between active health
+checks for unhealthy targets (in seconds). A value of zero indicates that active
+probes for unhealthy targets should not be performed.
+
+This allows you to tune the behavior of the active health checks, whether you
+want probes for healthy and unhealthy targets to run at the same interval, or
+one to be more frequent than the other.
+
+If you are using HTTPS healthchecks, you can also specify the following
+fields:
+
+* `healthchecks.active.https_verify_certificate` - Whether to check the
+validity of the SSL certificate of the remote host when performing active
+health checks using HTTPS.
+* `healthchecks.active.https_sni` - The hostname to use as an SNI
+(Server Name Identification) when performing active health checks
+using HTTPS. This is particularly useful when Targets are configured
+using IPs, so that the target host's certificate can be verified
+with the proper SNI.
+
+Note that failed TLS verifications will increment the "TCP failures" counter;
+the "HTTP failures" refer only to HTTP status codes, whether probes are done
+through HTTP or HTTPS.
+
+Finally, you need to configure how Kong should interpret the probe, by setting
+the various thresholds on the [health
+counters](#healthy-and-unhealthy-targets), which, once reached will trigger a
+status change. The counter threshold fields are:
+
+* `healthchecks.active.healthy.successes` - Number of successes in active
+probes (as defined by `healthchecks.active.healthy.http_statuses`) to consider
+a target healthy.
+* `healthchecks.active.unhealthy.tcp_failures` - Number of TCP failures
+or TLS verification failures in active probes to consider a target unhealthy.
+* `healthchecks.active.unhealthy.timeouts` - Number of timeouts in active
+probes to consider a target unhealthy.
+* `healthchecks.active.unhealthy.http_failures` - Number of HTTP failures in
+active probes (as defined by `healthchecks.active.unhealthy.http_statuses`) to
+consider a target unhealthy.
+
+### Enabling passive health checks
+
+Passive health checks do not feature a probe, as they work by interpreting
+the ongoing traffic that flows from a target. This means that to enable
+passive checks you only need to configure its counter thresholds:
+
+* `healthchecks.passive.healthy.successes` - Number of successes in proxied
+traffic (as defined by `healthchecks.passive.healthy.http_statuses`) to
+consider a target healthy, as observed by passive health checks. This needs to
+be positive when passive checks are enabled so that healthy traffic resets the
+unhealthy counters.
+* `healthchecks.passive.unhealthy.tcp_failures` - Number of TCP failures in
+proxied traffic to consider a target unhealthy, as observed by passive health
+checks.
+* `healthchecks.passive.unhealthy.timeouts` - Number of timeouts in proxied
+traffic to consider a target unhealthy, as observed by passive health checks.
+* `healthchecks.passive.unhealthy.http_failures` - Number of HTTP failures in
+proxied traffic (as defined by `healthchecks.passive.unhealthy.http_statuses`)
+to consider a target unhealthy, as observed by passive health checks.
+
+### Disabling health checks
+
+In all counter thresholds and intervals specified in the `healthchecks`
+configuration, setting a value to zero means that the functionality the field
+represents is disabled. Setting a probe interval to zero disables a probe.
+Likewise, you can disable certain types of checks by setting their counter
+thresholds to zero. For example, to not consider timeouts when performing
+healthchecks, you can set both `timeouts` fields (for active and passive
+checks) to zero. This gives you a fine-grained control of the behavior of the
+health checker.
+
+In summary, to completely disable active health checks for an upstream, you
+need to set both `healthchecks.active.healthy.interval` and
+`healthchecks.active.unhealthy.interval` to `0`.
+
+To completely disable passive health checks, you need to set all counter
+thresholds under `healthchecks.passive` for its various counters to zero.
+
+All counter thresholds and intervals in `healthchecks` are zero by default,
+meaning that health checks are completely disabled by default in newly created
+upstreams.
+
+[Back to TOC](#table-of-contents)
+
+[ringbalancer]: /enterprise/{{page.kong_version}}/loadbalancing#ring-balancer
+[ringtarget]: /enterprise/{{page.kong_version}}/loadbalancing#target
+[upstream]: /enterprise/{{page.kong_version}}/loadbalancing#upstream
+[targetobject]: /enterprise/{{page.kong_version}}/admin-api#target-object
+[addupstream]: /enterprise/{{page.kong_version}}/admin-api#add-upstream
+[clustering]: /enterprise/{{page.kong_version}}/clustering
+[upstreamobjects]: /enterprise/{{page.kong_version}}/admin-api#upstream-objects
+[balancercaveats]: /enterprise/{{page.kong_version}}/loadbalancing#balancing-caveats
+[dnscaveats]: /enterprise/{{page.kong_version}}/loadbalancing#dns-caveats
diff --git a/app/enterprise/0.35-x/index.md b/app/enterprise/0.35-x/index.md
index 1676db937b91..cf18f402812f 100644
--- a/app/enterprise/0.35-x/index.md
+++ b/app/enterprise/0.35-x/index.md
@@ -1,5 +1,6 @@
 ---
 title: Kong Enterprise Documentation
+redirect_from: '/enterprise/0.35-xhttps://konghq.com/hub'
 ---
 
 ![Welcome to the Kong Enterprise](https://konghq.com/wp-content/themes/konghq/assets/img/home/buildings.svg)
@@ -18,7 +19,7 @@ title: Kong Enterprise Documentation
   <div class="docs-grid-block">
     <h3><img src="/assets/images/icons/documentation/icn-window.svg" /><a href="/enterprise/{{page.kong_version}}/deployment/installation/overview">Install Kong Enterprise</a></h3>
     <p>Learn how to install Kong Enterprise with your chosen deployment method.</p>
-    <a href="/enterprise/{{page.kong_version}}/deployment/installation/overview">Chose Deployment Method &rarr;</a>
+    <a href="/enterprise/{{page.kong_version}}/deployment/installation/overview">Choose Deployment Method &rarr;</a>
   </div>
 
   <div class="docs-grid-block">
diff --git a/app/enterprise/0.35-x/kong-manager/reset-password.md b/app/enterprise/0.35-x/kong-manager/reset-password.md
index 504ddd63ee0d..6042296c723d 100644
--- a/app/enterprise/0.35-x/kong-manager/reset-password.md
+++ b/app/enterprise/0.35-x/kong-manager/reset-password.md
@@ -5,10 +5,10 @@ toc: false
 
 ### Table of contents
 
-* [Passwords and RBAC Tokens](passwords-and-rbac-tokens)
-* [How to Reset a Forgotten Password in Kong Manager](how-to-reset-a-forgotten-password-in-kong-manager)
-* [How to Reset a Password from within Kong Manager](how-to-reset-a-password-from-within-kong-manager)
-* [How to Reset an RBAC Token in Kong Manager](how-to-reset-an-rbac-token-in-kong-manager)
+* [Passwords and RBAC Tokens](#passwords-and-rbac-tokens)
+* [How to Reset a Forgotten Password in Kong Manager](#how-to-reset-a-forgotten-password-in-kong-manager)
+* [How to Reset a Password from within Kong Manager](#how-to-reset-a-password-from-within-kong-manager)
+* [How to Reset an RBAC Token in Kong Manager](#how-to-reset-an-rbac-token-in-kong-manager)
 
 ## Passwords and RBAC Tokens
 
diff --git a/app/enterprise/0.35-x/loadbalancing.md b/app/enterprise/0.35-x/loadbalancing.md
new file mode 100644
index 000000000000..e97bb93889a1
--- /dev/null
+++ b/app/enterprise/0.35-x/loadbalancing.md
@@ -0,0 +1,374 @@
+---
+title: Load Balancing Reference
+---
+
+## Introduction
+
+Kong provides multiple ways of load balancing requests to multiple backend
+services: a straightforward DNS-based method, and a more dynamic ring-balancer
+that also allows for service registry without needing a DNS server.
+
+## DNS-based load balancing
+
+When using DNS-based load balancing, the registration of the backend services
+is done outside of Kong, and Kong only receives updates from the DNS server.
+
+Every Service that has been defined with a `host` containing a hostname
+(instead of an IP address) will automatically use DNS-based load balancing
+if the name resolves to multiple IP addresses, provided the hostname does not
+resolve to an `upstream` name or a name in your DNS hostsfile.
+
+The DNS record `ttl` setting (time to live) determines how often the information
+is refreshed. When using a `ttl` of 0, every request will be resolved using its
+own DNS query. Obviously this will have a performance penalty, but the latency of
+updates/changes will be very low.
+
+[Back to TOC](#table-of-contents)
+
+### A records
+
+An A record contains one or more IP addresses. Hence, when a hostname
+resolves to an A record, each backend service must have its own IP address.
+
+Because there is no `weight` information, all entries will be treated as equally
+weighted in the load balancer, and the balancer will do a straight forward
+round-robin.
+
+[Back to TOC](#table-of-contents)
+
+### SRV records
+
+An SRV record contains weight and port information for all of its IP addresses.
+A backend service can be identified by a unique combination of IP address
+and port number. Hence, a single IP address can host multiple instances of the
+same service on different ports.
+
+Because the `weight` information is available, each entry will get its own
+weight in the load balancer and it will perform a weighted round-robin.
+
+Similarly, any given port information will be overridden by the port information from
+the DNS server. If a Service has attributes `host=myhost.com` and `port=123`,
+and `myhost.com` resolves to an SRV record with `127.0.0.1:456`, then the request
+will be proxied to `http://127.0.0.1:456/somepath`, as port `123` will be
+overridden by `456`.
+
+[Back to TOC](#table-of-contents)
+
+### DNS priorities
+
+The DNS resolver will start resolving the following record types in order:
+
+  1. The last successful type previously resolved
+  2. SRV record
+  3. A record
+  4. CNAME record
+
+This order is configurable through the [`dns_order` configuration property][dns-order-config].
+
+[Back to TOC](#table-of-contents)
+
+### DNS caveats
+
+- Whenever the DNS record is refreshed a list is generated to handle the
+weighting properly. Try to keep the weights as multiples of each other to keep
+the algorithm performant, e.g., 2 weights of 17 and 31 would result in a structure
+with 527 entries, whereas weights 16 and 32 (or their smallest relative
+counterparts 1 and 2) would result in a structure with merely 3 entries,
+especially with a very small (or even 0) `ttl` value.
+
+- Some nameservers do not return all entries (due to UDP packet size) in those
+cases (for example Consul returns a maximum of 3) a given Kong node will only
+use the few upstream service instances provided by the nameserver. In this
+scenario, it is possible that the pool of upstream instances will be loaded
+inconsistently, because the Kong node is effectively unaware of some of the
+instances, due to the limited information provided by the nameserver.
+To mitigate this use a different nameserver, use IP
+addresses instead of names, or make sure you use enough Kong nodes to still
+have all upstream services being used.
+
+- When the nameserver returns a `3 name error`, then that is a valid response
+for Kong. If this is unexpected, first validate the correct name is being
+queried for, and second check your nameserver configuration.
+
+- The initial pick of an IP address from a DNS record (A or SRV) is not
+randomized. So when using records with a `ttl` of 0, the nameserver is
+expected to randomize the record entries.
+
+[Back to TOC](#table-of-contents)
+
+## Ring-balancer
+
+When using the ring-balancer, the adding and removing of backend services will
+be handled by Kong, and no DNS updates will be necessary. Kong will act as the
+service registry. Nodes can be added/deleted with a single HTTP request and
+will instantly start/stop receiving traffic.
+
+Configuring the ring-balancer is done through the `upstream` and `target`
+entities.
+
+  - `target`: an IP address or hostname with a port number where a backend
+    service resides, eg. "192.168.100.12:80". Each target gets an additional
+    `weight` to indicate the relative load it gets. IP addresses can be
+    in both IPv4 and IPv6 format.
+  - `upstream`: a 'virtual hostname' which can be used in a Route `host`
+    field, e.g., an upstream named `weather.v2.service` would get all requests
+    from a Service with `host=weather.v2.service`.
+
+[Back to TOC](#table-of-contents)
+
+### Upstream
+
+Each upstream gets its own ring-balancer. Each `upstream` can have many
+`target` entries attached to it, and requests proxied to the 'virtual hostname'
+will be load balanced over the targets. A ring-balancer has a pre-defined
+number of slots, and based on the target weights the slots get assigned to the
+targets of the upstream.
+
+Adding and removing targets can be done with a simple HTTP request on the
+Admin API. This operation is relatively cheap. Changing the upstream
+itself is more expensive as the balancer will need to be rebuilt when the
+number of slots change for example.
+
+The only occurrence where the balancer will be rebuilt automatically is when
+the target history is cleaned; other than that, it will only rebuild upon changes.
+
+Within the balancer there are the positions (from 1 to `slots`),
+which are __randomly distributed__ on the ring.
+The randomness is required to make invoking the ring-balancer cheap at
+runtime. A simple round-robin over the wheel (the positions) will do to
+provide a well distributed weighted round-robin over the `targets`, whilst
+also having cheap operations when inserting/deleting targets.
+
+The number of slots to use per target should (at least) be around 100 to make
+sure the slots are properly distributed. Eg. for an expected maximum of 8
+targets, the `upstream` should be defined with at least `slots=800`, even if
+the initial setup only features 2 targets.
+
+The tradeoff here is that the higher the number of slots, the better the random
+distribution, but the more expensive the changes are (add/removing targets)
+
+Detailed information on adding and manipulating
+upstreams is available in the `upstream` section of the
+[Admin API reference][upstream-object-reference].
+
+[Back to TOC](#table-of-contents)
+
+### Target
+
+Because the `upstream` maintains a history of changes, targets can only be
+added, not modified nor deleted. To change a target, just add a new entry for
+the target, and change the `weight` value. The last entry is the one that will
+be used. As such setting `weight=0` will disable a target, effectively
+deleting it from the balancer. Detailed information on adding and manipulating
+targets is available in the `target` section of the
+[Admin API reference][target-object-reference].
+
+The targets will be automatically cleaned when there are 10x more inactive
+entries than active ones. Cleaning will involve rebuilding the balancer, and
+hence is more expensive than just adding a target entry.
+
+A `target` can also have a hostname instead of an IP address. In that case
+the name will be resolved and all entries found will individually be added to
+the ring balancer, e.g., adding `api.host.com:123` with `weight=100`. The
+name 'api.host.com' resolves to an A record with 2 IP addresses. Then both
+ip addresses will be added as target, each getting `weight=100` and port 123.
+__NOTE__: the weight is used for the individual entries, not for the whole!
+
+Would it resolve to an SRV record, then also the `port` and `weight` fields
+from the DNS record would be picked up, and would overrule the given port `123`
+and `weight=100`.
+
+The balancer will honor the DNS record's `ttl` setting and requery and update
+the balancer when it expires.
+
+__Exception__: When a DNS record has `ttl=0`, the hostname will be added
+as a single target, with the specified weight. Upon every proxied request
+to this target it will query the nameserver again.
+
+[Back to TOC](#table-of-contents)
+
+### Balancing algorithms
+
+By default a ring-balancer will use a weighted-round-robin scheme. The alternative
+would be to use the hash-based algorithm. The input for the hash can be either
+`none`, `consumer`, `ip`, `header`, or `cookie`. When set to `none` the
+weighted-round-robin scheme will be used, and hashing will be disabled.
+
+There are two options, a primary and a fallback in case the primary fails
+(e.g., if the primary is set to `consumer`, but no consumer is authenticated)
+
+The different hashing options:
+
+- `none`: Do not use hashing, but use weighted-round-robin instead (default).
+
+- `consumer`: Use the consumer id as the hash input. This option will fallback
+  on the credential id if no consumer id is available (in case of external auth
+  like ldap).
+
+- `ip`: The remote (originating) IP address will be used as input. Review the
+  configuration settings for [determining the real IP][real-ip-config] when
+  using this.
+
+- `header`: Use a specified header (in either `hash_on_header` or `hash_fallback_header`
+  field) as input for the hash.
+
+- `cookie`: Use a specified cookie name (in the `hash_on_cookie` field) with a
+  specified path (in the `hash_on_cookie_path` field, default `"/"`) as input for
+  the hash. If the cookie is not present in the request, it will be set by the
+  response. Hence, the `hash_fallback` setting is invalid if `cookie` is the primary
+  hashing mechanism.
+
+The hashing algorithm is based on 'consistent-hashing' (or the 'ketama principle')
+which makes sure that when the balancer gets modified by changing the targets
+(adding, removing, failing, or changing weights) only the minimum number of
+hashing losses occur. This will maximize upstream cache hits.
+
+For more information on the exact settings see the `upstream` section of the
+[Admin API reference][upstream-object-reference].
+
+[Back to TOC](#table-of-contents)
+
+### Balancing caveats
+
+The ring-balancer is designed to work both with a single node as well as in a cluster.
+For the weighted-round-robin algorithm there isn't much difference, but when using
+the hash based algorithm it is important that all nodes build the exact same
+ring-balancer to make sure they all work identical. To do this the balancer
+must be build in a deterministic way.
+
+- Do not use hostnames in the balancer as the
+balancers might/will slowly diverge because the DNS ttl has only second precision
+and renewal is determined by when a name is actually requested. On top of this is
+the issue with some nameservers not returning all entries, which exacerbates
+this problem. So when using the hashing approach in a Kong cluster, add `target`
+entities only by their IP address, and never by name.
+
+- When picking your hash input make sure the input has enough variance to get
+to a well distributed hash. Hashes will be calculated using the CRC-32 digest.
+So for example, if your system has thousands of users, but only a few consumers, defined
+per platform (eg. 3 consumers: Web, iOS and Android) then picking the `consumer`
+hash input will not suffice, using the remote IP address by setting the hash to
+`ip` would provide more variance in the input and hence a better distribution
+in the hash output. However, if many clients will be behind the same NAT gateway (e.g. in
+call center), `cookie` will provide a better distribution than `ip`.
+
+[Back to TOC](#table-of-contents)
+
+# Blue-Green Deployments
+
+Using the ring-balancer a [blue-green deployment][blue-green-canary] can be easily orchestrated for
+a Service. Switching target infrastructure only requires a `PATCH` request on a
+Service, to change its `host` value.
+
+Set up the "Blue" environment, running version 1 of the address service:
+
+```bash
+# create an upstream
+$ curl -X POST http://kong:8001/upstreams \
+    --data "name=address.v1.service"
+
+# add two targets to the upstream
+$ curl -X POST http://kong:8001/upstreams/address.v1.service/targets \
+    --data "target=192.168.34.15:80"
+    --data "weight=100"
+$ curl -X POST http://kong:8001/upstreams/address.v1.service/targets \
+    --data "target=192.168.34.16:80"
+    --data "weight=50"
+
+# create a Service targeting the Blue upstream
+$ curl -X POST http://kong:8001/services/ \
+    --data "name=address-service" \
+    --data "host=address.v1.service" \
+    --data "path=/address"
+
+# finally, add a Route as an entry-point into the Service
+$ curl -X POST http://kong:8001/services/address-service/routes/ \
+    --data "hosts[]=address.mydomain.com"
+```
+
+Requests with host header set to `address.mydomain.com` will now be proxied
+by Kong to the two defined targets; 2/3 of the requests will go to
+`http://192.168.34.15:80/address` (`weight=100`), and 1/3 will go to
+`http://192.168.34.16:80/address` (`weight=50`).
+
+Before deploying version 2 of the address service, set up the "Green"
+environment:
+
+```bash
+# create a new Green upstream for address service v2
+$ curl -X POST http://kong:8001/upstreams \
+    --data "name=address.v2.service"
+
+# add targets to the upstream
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.17:80"
+    --data "weight=100"
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.18:80"
+    --data "weight=100"
+```
+
+To activate the Blue/Green switch, we now only need to update the Service:
+
+```bash
+# Switch the Service from Blue to Green upstream, v1 -> v2
+$ curl -X PATCH http://kong:8001/services/address-service \
+    --data "host=address.v2.service"
+```
+
+Incoming requests with host header set to `address.mydomain.com` will now be
+proxied by Kong to the new targets; 1/2 of the requests will go to
+`http://192.168.34.17:80/address` (`weight=100`), and the other 1/2 will go to
+`http://192.168.34.18:80/address` (`weight=100`).
+
+As always, the changes through the Kong Admin API are dynamic and will take
+effect immediately. No reload or restart is required, and no in progress
+requests will be dropped.
+
+[Back to TOC](#table-of-contents)
+
+# Canary Releases
+
+Using the ring-balancer, target weights can be adjusted granularly, allowing
+for a smooth, controlled [canary release][blue-green-canary].
+
+Using a very simple 2 target example:
+
+```bash
+# first target at 1000
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.17:80"
+    --data "weight=1000"
+
+# second target at 0
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.18:80"
+    --data "weight=0"
+```
+
+By repeating the requests, but altering the weights each time, traffic will
+slowly be routed towards the other target. For example, set it at 10%:
+
+```bash
+# first target at 900
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.17:80"
+    --data "weight=900"
+
+# second target at 100
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.18:80"
+    --data "weight=100"
+```
+
+The changes through the Kong Admin API are dynamic and will take
+effect immediately. No reload or restart is required, and no in progress
+requests will be dropped.
+
+[Back to TOC](#table-of-contents)
+
+[upstream-object-reference]: /enterprise/{{page.kong_version}}/admin-api#upstream-object
+[target-object-reference]: /enterprise/{{page.kong_version}}/admin-api#target-object
+[dns-order-config]: /enterprise/{{page.kong_version}}/property-reference/#dns_order
+[real-ip-config]: /enterprise/{{page.kong_version}}/property-reference/#real_ip_header
+[blue-green-canary]: http://blog.christianposta.com/deploy/blue-green-deployments-a-b-testing-and-canary-releases/
diff --git a/app/enterprise/0.35-x/logging.md b/app/enterprise/0.35-x/logging.md
new file mode 100644
index 000000000000..11393ff591e8
--- /dev/null
+++ b/app/enterprise/0.35-x/logging.md
@@ -0,0 +1,151 @@
+---
+title: Logging Reference
+toc: false
+---
+
+## Removing Certain Elements From Your Kong Logs
+
+With new regulations surrounding protecting private data like GDPR, there is a chance you may need to change your logging habits. If you use Kong as your API Gateway, this can be done in a single location to take effect on all of your APIs. This guide will walk you through one approach to accomplishing this, but there are always different approaches for different needs. Please note, these changes will effect the output of the NGINX access logs. This will not have any effect on Kong's logging plugins.
+
+For this example, let’s say you want to remove any instances of an email address from your kong logs. The emails addresses may come through in different ways, for example something like `/apiname/v2/verify/alice@example.com` or `/v3/verify?alice@example.com`. In order to keep these from being added to the logs, we will need to use a custom NGINX template.
+
+## Log Levels
+
+Log levels are set in [Kong's configuration](/{{page.kong_version}}/property-reference/#log_level). Following are the log levels in increasing order of their severity, `debug`, `info`,
+`notice`, `warn`, `error` and `crit`.
+
+- *`debug`:* It provides debug information about the plugin's runloop and each individual plugin or other components. Only to be used during debugging since it is too chatty.
+- *`info`/`notice`:* Kong does not make a big difference between both these levels. Provides information about normal behavior most of which can be ignored.
+- *`warn`:* To log any abnormal behavior that doesn't result in dropped transactions but requires further investigation, `warn` level should be used.
+- *`error`:* Used for logging errors that result in a request being dropped (for example getting  an HTTP 500 error). The rate of such logs need to be monitored.
+- *`crit`:* This level is used when Kong is working under critical conditions and not working properly thereby affecting several clients. Nginx also provides `alert` and `emerg` levels but currently Kong doesn't make use of these levels making `crit` the highest severity log level.
+
+By default `notice` is the log level that used and also recommended. However if the logs turn out to be too chatty they can be bumped up to a higher level like `warn`.
+
+## Removing Certain Elements From Your Kong Logs
+
+With new regulations surrounding protecting private data like GDPR, there is a chance you may need to change your logging habits. If you use Kong as your API Gateway, this can be done in a single location to take effect on all of your Services. This guide will walk you through one approach to accomplishing this, but there are always different approaches for different needs. Please note, these changes will effect the output of the NGINX access logs. This will not have any effect on Kong's logging plugins.
+
+For this example, let’s say you want to remove any instances of an email address from your kong logs. The emails addresses may come through in different ways, for example something like `/servicename/v2/verify/alice@example.com` or `/v3/verify?alice@example.com`. In order to keep these from being added to the logs, we will need to use a custom NGINX template.
+
+To start using a custom NGINX template, first get a copy of our template. This can be found [https://docs.konghq.com/latest/configuration/#custom-nginx-templates-embedding-kong](https://docs.konghq.com/latest/configuration/#custom-nginx-templates-embedding-kong) or copied from below
+
+```
+# ---------------------
+# custom_nginx.template
+# ---------------------
+
+worker_processes ${{NGINX_WORKER_PROCESSES}}; # can be set by kong.conf
+daemon ${{NGINX_DAEMON}};                     # can be set by kong.conf
+
+pid pids/nginx.pid;                      # this setting is mandatory
+error_log logs/error.log ${{LOG_LEVEL}}; # can be set by kong.conf
+
+events {
+    use epoll; # custom setting
+    multi_accept on;
+}
+
+http {
+    # include default Kong Nginx config
+    include 'nginx-kong.conf';
+
+    # custom server
+    server {
+        listen 8888;
+        server_name custom_server;
+
+        location / {
+          ... # etc
+        }
+    }
+}
+```
+
+In order to control what is placed in the logs, we will be using the NGINX map module in our template. For more detailed information abut using the map directive, please see [this guide](http://nginx.org/en/docs/http/ngx_http_map_module.html). This will create a new variable whose value depends on values of one or more of the source variables specified in the first parameter. The format is:
+
+```
+
+map $paramater_to_look_at $variable_name {
+    pattern_to_look_for 0;
+    second_pattern_to_look_for 0;
+
+    default 1;
+}
+```
+
+For this example, we will be mapping a new variable called `keeplog` which is dependent on certain values appearing in the `$request_uri`. We will be placing our map directive right at the start of the http block, this must be before `include 'nginx-kong.conf';`. So, for our example, we will add something along the lines of:
+
+```
+map $request_uri $keeplog {
+    ~.+\@.+\..+ 0;
+    ~/servicename/v2/verify 0;
+    ~/v3/verify 0;
+
+    default 1;
+}
+```
+
+You’ll probably notice that each of those lines start with a tilde. This is what tells NGINX to use RegEx when evaluating the line. We have three things to look for in this example:
+- The first line uses regex to look for any email address in the x@y.z format
+- The second line looks for any part of the URI which is /servicename/v2/verify
+- The third line looks at any part of the URI which contains /v3/verify
+
+Because all of those have a value of something other than 0, if a request has one of those elements, it will not be added to the log.
+
+Now, we need to set the log format for what we will keep in the logs. We will use the `log_format` module and assign our new logs a name of show_everything. The contents of the log can be customized for you needs, but for this example, I will simply change everything back to the Kong standards. To see the full list of options you can use, please refer to [this guide](https://nginx.org/en/docs/http/ngx_http_core_module.html#variables).
+
+```
+log_format show_everything '$remote_addr - $remote_user [$time_local] '
+    '$request_uri $status $body_bytes_sent '
+    '"$http_referer" "$http_user_agent"';
+```
+
+Now, our custom NGINX template is all ready to be used. If you have been following along, your file should now be look like this:
+
+```
+# ---------------------
+# custom_nginx.template
+# ---------------------
+
+worker_processes ${{NGINX_WORKER_PROCESSES}}; # can be set by kong.conf
+daemon ${{NGINX_DAEMON}};                     # can be set by kong.conf
+
+pid pids/nginx.pid;                      # this setting is mandatory
+error_log stderr ${{LOG_LEVEL}}; # can be set by kong.conf
+
+
+
+events {
+    use epoll; # custom setting
+    multi_accept on;
+}
+
+http {
+
+
+    map $request_uri $keeplog {
+        ~.+\@.+\..+ 0;
+        ~/v1/invitation/ 0;
+        ~/reset/v1/customer/password/token 0;
+        ~/v2/verify 0;
+
+        default 1;
+    }
+    log_format show_everything '$remote_addr - $remote_user [$time_local] '
+        '$request_uri $status $body_bytes_sent '
+        '"$http_referer" "$http_user_agent"';
+
+    include 'nginx-kong.conf';
+}
+```
+
+The last thing we need to do is tell Kong to use the newly created log, `show_everything`. To do this, we will be altering the Kong variable `prpxy_access_log`. Either by opening and editing `etc/kong/kong.conf` or by using an environmental variable `KONG_PROXY_ACCESS_LOG=` you will want to mend the default location to show
+
+```
+proxy_access_log=logs/access.log show_everything if=$keeplog
+```
+
+The final step in the process to make all the changes take effect is to restart kong. you can use the `kong restart` command to do so.
+
+Now, any requests made with an email address in it will no longer be logged. Of course, we can use this logic to remove anything we want from the logs on a conditional manner.
diff --git a/app/enterprise/0.35-x/network.md b/app/enterprise/0.35-x/network.md
new file mode 100644
index 000000000000..36e7755cb57a
--- /dev/null
+++ b/app/enterprise/0.35-x/network.md
@@ -0,0 +1,46 @@
+---
+title: Network & Firewall
+---
+
+## Introduction
+
+In this section you will find a summary about the recommended network and firewall settings for Kong.
+
+## Ports
+
+Kong uses multiple connections for different purposes.
+
+* proxy
+* management api
+
+### Proxy
+
+The proxy ports is where Kong receives its incoming traffic. There are two ports with the following defaults;
+
+* `8000` for proxying. This is where Kong listens for HTTP traffic. Be sure to change it to `80` once you go to production. See [proxy_listen].
+* `8443` for proxying HTTPS traffic. Be sure to change it to `443` once you go to production. See [proxy_listen] and the `ssl` suffix.
+
+These are the **only ports** that should be made available to your clients.
+
+### Management api
+
+This is the port where Kong exposes its management api. Hence in production this port should be firewalled to protect
+it from unauthorized access.
+
+* `8001` provides Kong's **Admin API** that you can use to operate Kong. See [admin_listen].
+* `8444` provides the same Kong **Admin API** but using HTTPS. See [admin_listen] and the `ssl` suffix.
+
+## Firewall
+
+Below are the recommended firewall settings:
+
+* The upstream Services behind Kong will be available via the [proxy_listen] interface/port values.
+  Configure these values according to the access level you wish to grant to the upstream Services.
+* If you are binding the Admin API to a public-facing interface (via [admin_listen]), then **protect** it to only allow trusted clients to access the Admin API.
+  See also [Securing the Admin API][secure_admin_api].
+* Your proxy will need have rules added for any TCP Stream listeners that you configure. For example, if you want Kong to manage traffic on port `4242`, your
+  firewall will need to be allow traffic on said port.
+
+[proxy_listen]: /enterprise/{{page.kong_version}}/property-reference/#proxy_listen
+[admin_listen]: /enterprise/{{page.kong_version}}/property-reference/#admin_listen
+[secure_admin_api]: /enterprise/{{page.kong_version}}/secure-admin-api
diff --git a/app/enterprise/0.35-x/pdk/index.md b/app/enterprise/0.35-x/pdk/index.md
new file mode 100644
index 000000000000..2f951970b6c4
--- /dev/null
+++ b/app/enterprise/0.35-x/pdk/index.md
@@ -0,0 +1,176 @@
+---
+title: PDK
+pdk: true
+toc: true
+---
+
+## Plugin Development Kit
+
+The Plugin Development Kit (or "PDK") is set of Lua functions and variables
+ that can be used by plugins to implement their own logic.  The PDK is a
+ [Semantically Versioned](https://semver.org/) component, originally
+ released in Kong 0.14.0. The PDK will be guaranteed to be forward-compatible
+ from its 1.0.0 release and on.
+
+ As of this release, the PDK has not yet reached 1.0.0, but plugin authors
+ can already depend on it for a safe and reliable way of interacting with the
+ request, response, or the core components.
+
+ The Plugin Development Kit is accessible from the `kong` global variable,
+ and various functionalities are namespaced under this table, such as
+ `kong.request`, `kong.log`, etc...
+
+
+
+
+### kong.version
+
+A human-readable string containing the version number of the currently
+ running node.
+
+**Usage**
+
+``` lua
+print(kong.version) -- "0.14.0"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.version_num
+
+An integral number representing the version number of the currently running
+ node, useful for comparison and feature-existence checks.
+
+**Usage**
+
+``` lua
+if kong.version_num < 13000 then -- 000.130.00 -> 0.13.0
+  -- no support for Routes & Services
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.pdk_major_version
+
+A number representing the major version of the current PDK (e.g.
+ `1`). Useful for feature-existence checks or backwards-compatible behavior
+ as users of the PDK.
+
+
+**Usage**
+
+``` lua
+if kong.pdk_version_num < 2 then
+  -- PDK is below version 2
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.pdk_version
+
+A human-readable string containing the version number of the current PDK.
+
+**Usage**
+
+``` lua
+print(kong.pdk_version) -- "1.0.0"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.configuration
+
+A read-only table containing the configuration of the current Kong node,
+ based on the configuration file and environment variables.
+
+ See [kong.conf.default](https://github.com/Kong/kong/blob/master/kong.conf.default)
+ for details.
+
+ Comma-separated lists in that file get promoted to arrays of strings in this
+ table.
+
+
+**Usage**
+
+``` lua
+print(kong.configuration.prefix) -- "/usr/local/kong"
+-- this table is read-only; the following throws an error:
+kong.configuration.prefix = "foo"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+
+
+### kong.db
+
+Instance of Kong's DAO (the `kong.db` module).  Contains accessor objects
+ to various entities.
+
+ A more thorough documentation of this DAO and new schema definitions is to
+ be made available in the future.
+
+
+**Usage**
+
+``` lua
+kong.db.services:insert()
+kong.db.routes:select()
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.dns
+
+Instance of Kong's DNS resolver, a client object from the
+ [lua-resty-dns-client](https://github.com/kong/lua-resty-dns-client) module.
+
+ **Note:** usage of this module is currently reserved to the core or to
+ advanced users.
+
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.worker_events
+
+Instance of Kong's IPC module for inter-workers communication from the
+ [lua-resty-worker-events](https://github.com/Kong/lua-resty-worker-events)
+ module.
+
+ **Note:** usage of this module is currently reserved to the core or to
+ advanced users.
+
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.cluster_events
+
+Instance of Kong's cluster events module for inter-nodes communication.
+
+ **Note:** usage of this module is currently reserved to the core or to
+ advanced users.
+
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.cache
+
+Instance of Kong's database caching object, from the `kong.cache` module.
+
+ **Note:** usage of this module is currently reserved to the core or to
+ advanced users.
+
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.35-x/pdk/kong.client.md b/app/enterprise/0.35-x/pdk/kong.client.md
new file mode 100644
index 000000000000..b652e842c160
--- /dev/null
+++ b/app/enterprise/0.35-x/pdk/kong.client.md
@@ -0,0 +1,232 @@
+---
+title: kong.client
+pdk: true
+toc: true
+---
+
+## kong.client
+
+Client information module
+ A set of functions to retrieve information about the client connecting to
+ Kong in the context of a given request.
+
+ See also:
+ [nginx.org/en/docs/http/ngx_http_realip_module.html](http://nginx.org/en/docs/http/ngx_http_realip_module.html)
+
+
+
+### kong.client.get_ip()
+
+Returns the remote address of the client making the request.  This will
+ **always** return the address of the client directly connecting to Kong.
+ That is, in cases when a load balancer is in front of Kong, this function
+ will return the load balancer's address, and **not** that of the
+ downstream client.
+
+
+**Phases**
+
+* certificate, rewrite, access, header_filter, body_filter, log
+
+**Returns**
+
+* `string` ip The remote address of the client making the request
+
+
+**Usage**
+
+``` lua
+-- Given a client with IP 127.0.0.1 making connection through
+-- a load balancer with IP 10.0.0.1 to Kong answering the request for
+-- https://example.com:1234/v1/movies
+kong.client.get_ip() -- "10.0.0.1"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.client.get_forwarded_ip()
+
+Returns the remote address of the client making the request.  Unlike
+ `kong.client.get_ip`, this function will consider forwarded addresses in
+ cases when a load balancer is in front of Kong. Whether this function
+ returns a forwarded address or not depends on several Kong configuration
+ parameters:
+
+ * [trusted\_ips](/enterprise/{{page.kong_version}}/property-reference/#trusted_ips)
+ * [real\_ip\_header](/enterprise/{{page.kong_version}}/property-reference/#real_ip_header)
+ * [real\_ip\_recursive](/enterprise/{{page.kong_version}}/property-reference/#real_ip_recursive)
+
+
+**Phases**
+
+* certificate, rewrite, access, header_filter, body_filter, log
+
+**Returns**
+
+* `string`  ip The remote address of the client making the request,
+ considering forwarded addresses
+
+
+
+**Usage**
+
+``` lua
+-- Given a client with IP 127.0.0.1 making connection through
+-- a load balancer with IP 10.0.0.1 to Kong answering the request for
+-- https://username:password@example.com:1234/v1/movies
+
+kong.request.get_forwarded_ip() -- "127.0.0.1"
+
+-- Note: assuming that 10.0.0.1 is one of the trusted IPs, and that
+-- the load balancer adds the right headers matching with the configuration
+-- of `real_ip_header`, e.g. `proxy_protocol`.
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.client.get_port()
+
+Returns the remote port of the client making the request.  This will
+ **always** return the port of the client directly connecting to Kong. That
+ is, in cases when a load balancer is in front of Kong, this function will
+ return load balancer's port, and **not** that of the downstream client.
+
+**Phases**
+
+* certificate, rewrite, access, header_filter, body_filter, log
+
+**Returns**
+
+* `number` The remote client port
+
+
+**Usage**
+
+``` lua
+-- [client]:40000 <-> 80:[balancer]:30000 <-> 80:[kong]:20000 <-> 80:[service]
+kong.client.get_port() -- 30000
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.client.get_forwarded_port()
+
+Returns the remote port of the client making the request.  Unlike
+ `kong.client.get_port`, this function will consider forwarded ports in cases
+ when a load balancer is in front of Kong. Whether this function returns a
+ forwarded port or not depends on several Kong configuration parameters:
+
+ * [trusted\_ips](/enterprise/{{page.kong_version}}/property-reference/#trusted_ips)
+ * [real\_ip\_header](/enterprise/{{page.kong_version}}/property-reference/#real_ip_header)
+ * [real\_ip\_recursive](/enterprise/{{page.kong_version}}/property-reference/#real_ip_recursive)
+
+**Phases**
+
+* certificate, rewrite, access, header_filter, body_filter, log
+
+**Returns**
+
+* `number` The remote client port, considering forwarded ports
+
+
+**Usage**
+
+``` lua
+-- [client]:40000 <-> 80:[balancer]:30000 <-> 80:[kong]:20000 <-> 80:[service]
+kong.client.get_forwarded_port() -- 40000
+
+-- Note: assuming that [balancer] is one of the trusted IPs, and that
+-- the load balancer adds the right headers matching with the configuration
+-- of `real_ip_header`, e.g. `proxy_protocol`.
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.client.get_credential()
+
+Returns the credentials of the currently authenticated consumer.
+ If not set yet, it returns `nil`.
+
+**Phases**
+
+* access, header_filter, body_filter, log
+
+**Returns**
+
+*  the authenticated credential
+
+
+**Usage**
+
+``` lua
+local credential = kong.client.get_credential()
+if credential then
+  consumer_id = credential.consumer_id
+else
+  -- request not authenticated yet
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.client.get_consumer()
+
+Returns the `consumer` entity of the currently authenticated consumer.
+ If not set yet, it returns `nil`.
+
+**Phases**
+
+* access, header_filter, body_filter, log
+
+**Returns**
+
+* `table` the authenticated consumer entity
+
+
+**Usage**
+
+``` lua
+local consumer = kong.client.get_consumer()
+if consumer then
+  consumer_id = consumer.id
+else
+  -- request not authenticated yet, or a credential
+  -- without a consumer (external auth)
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.client.authenticate(consumer, credential)
+
+Sets the authenticated consumer and/or credential for the current request.
+ While both `consumer` and `credential` can be `nil`, it is required
+ that at least one of them exists. Otherwise this function will throw an
+ error.
+
+**Phases**
+
+* access
+
+**Parameters**
+
+* **consumer** (table|nil):  The consumer to set. Note: if no
+ value is provided, then any existing value will be cleared!
+* **credential** (table|nil):  The credential to set. Note: if
+ no value is provided, then any existing value will be cleared!
+
+**Usage**
+
+``` lua
+-- assuming `credential` and `consumer` have been set by some authentication code
+kong.client.authenticate(consumer, credentials)
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.35-x/pdk/kong.ctx.md b/app/enterprise/0.35-x/pdk/kong.ctx.md
new file mode 100644
index 000000000000..c44dc7e8a776
--- /dev/null
+++ b/app/enterprise/0.35-x/pdk/kong.ctx.md
@@ -0,0 +1,106 @@
+---
+title: kong.ctx
+pdk: true
+toc: true
+---
+
+## kong.ctx
+
+Current request context data
+
+
+
+### kong.ctx.shared
+
+A table that has the lifetime of the current request and is shared between
+ all plugins.  It can be used to share data between several plugins in a given
+ request.
+
+ Since only relevant in the context of a request, this table cannot be
+ accessed from the top-level chunk of Lua modules. Instead, it can only be
+ accessed in request phases, which are represented by the `rewrite`,
+ `access`, `header_filter`, `body_filter`, and `log` phases of the plugin
+ interfaces.  Accessing this table in those functions (and their callees) is
+ fine.
+
+ Values inserted in this table by a plugin will be visible by all other
+ plugins.  One must use caution when interacting with its values, as a naming
+ conflict could result in the overwrite of data.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log
+
+**Usage**
+
+``` lua
+-- Two plugins A and B, and if plugin A has a higher priority than B's
+-- (it executes before B):
+
+-- plugin A handler.lua
+function plugin_a_handler:access(conf)
+  kong.ctx.shared.foo = "hello world"
+
+  kong.ctx.shared.tab = {
+    bar = "baz"
+  }
+end
+
+-- plugin B handler.lua
+function plugin_b_handler:access(conf)
+  kong.log(kong.ctx.shared.foo) -- "hello world"
+  kong.log(kong.ctx.shared.tab.bar) -- "baz"
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.ctx.plugin
+
+A table that has the lifetime of the current request - Unlike
+ `kong.ctx.shared`, this table is **not** shared between plugins.   Instead,
+ it is only visible for the current plugin _instance_. That is, if several
+ instances of the rate-limiting plugin are configured (e.g. on different
+ Services), each instance has its own table, for every request.
+
+ Because of its namespaced nature, this table is safer for a plugin to use
+ than `kong.ctx.shared` since it avoids potential naming conflicts, which
+ could lead to several plugins unknowingly overwrite each other's data.
+
+ Since only relevant in the context of a request, this table cannot be
+ accessed from the top-level chunk of Lua modules. Instead, it can only be
+ accessed in request phases, which are represented by the `rewrite`,
+ `access`, `header_filter`, `body_filter`, and `log` phases of the plugin
+ interfaces.  Accessing this table in those functions (and their callees) is
+ fine.
+
+ Values inserted in this table by a plugin will be visible in successful
+ phases of this plugin's instance only. For example, if a plugin wants to
+ save some value for post-processing during the `log` phase:
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log
+
+**Usage**
+
+``` lua
+-- plugin handler.lua
+
+function plugin_handler:access(conf)
+  kong.ctx.plugin.val_1 = "hello"
+  kong.ctx.plugin.val_2 = "world"
+end
+
+function plugin_handler:log(conf)
+  local value = kong.ctx.plugin.val_1 .. " " .. kong.ctx.plugin.val_2
+
+  kong.log(value) -- "hello world"
+end
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.35-x/pdk/kong.ip.md b/app/enterprise/0.35-x/pdk/kong.ip.md
new file mode 100644
index 000000000000..86c74d21942e
--- /dev/null
+++ b/app/enterprise/0.35-x/pdk/kong.ip.md
@@ -0,0 +1,51 @@
+---
+title: kong.ip
+pdk: true
+toc: true
+---
+
+## kong.ip
+
+Trusted IPs module
+
+ This module can be used to determine whether or not a given IP address is
+ in the range of trusted IP addresses defined by the `trusted_ips` configuration
+ property.
+
+ Trusted IP addresses are those that are known to send correct replacement
+ addresses for clients (as per the chosen header field, e.g. X-Forwarded-*).
+
+ See [docs.konghq.com/latest/configuration/#trusted_ips](https://docs.konghq.com/latest/configuration/#trusted_ips)
+
+
+
+
+### kong.ip.is_trusted(address)
+
+Depending on the `trusted_ips` configuration property,
+ this function will return whether a given ip is trusted or not  Both ipv4 and ipv6 are supported.
+
+
+**Phases**
+
+* init_worker, certificate, rewrite, access, header_filter, body_filter, log
+
+**Parameters**
+
+* **address** (string):  A string representing an IP address
+
+**Returns**
+
+* `boolean` `true` if the IP is trusted, `false` otherwise
+
+
+**Usage**
+
+``` lua
+if kong.ip.is_trusted("1.1.1.1") then
+  kong.log("The IP is trusted")
+end
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.35-x/pdk/kong.log.md b/app/enterprise/0.35-x/pdk/kong.log.md
new file mode 100644
index 000000000000..1914b5d02f3c
--- /dev/null
+++ b/app/enterprise/0.35-x/pdk/kong.log.md
@@ -0,0 +1,261 @@
+---
+title: kong.log
+pdk: true
+toc: true
+---
+
+## kong.log
+
+This namespace contains an instance of a "logging facility", which is a
+ table containing all of the methods described below.
+
+ This instance is namespaced per plugin, and Kong will make sure that before
+ executing a plugin, it will swap this instance with a logging facility
+ dedicated to the plugin. This allows the logs to be prefixed with the
+ plugin's name for debugging purposes.
+
+
+
+
+### kong.log(...)
+
+Write a log line to the location specified by the current Nginx
+ configuration block's `error_log` directive, with the `notice` level (similar
+ to `print()`).
+
+ The Nginx `error_log` directive is set via the `log_level`, `proxy_error_log`
+ and `admin_error_log` Kong configuration properties.
+
+ Arguments given to this function will be concatenated similarly to
+ `ngx.log()`, and the log line will report the Lua file and line number from
+ which it was invoked. Unlike `ngx.log()`, this function will prefix error
+ messages with `[kong]` instead of `[lua]`.
+
+ Arguments given to this function can be of any type, but table arguments
+ will be converted to strings via `tostring` (thus potentially calling a
+ table's `__tostring` metamethod if set). This behavior differs from
+ `ngx.log()` (which only accepts table arguments if they define the
+ `__tostring` metamethod) with the intent to simplify its usage and be more
+ forgiving and intuitive.
+
+ Produced log lines have the following format when logging is invoked from
+ within the core:
+
+ ``` plain
+ [kong] %file_src:%line_src %message
+ ```
+
+ In comparison, log lines produced by plugins have the following format:
+
+ ``` plain
+ [kong] %file_src:%line_src [%namespace] %message
+ ```
+
+ Where:
+
+ * `%namespace`: is the configured namespace (the plugin name in this case).
+ * `%file_src`: is the file name from where the log was called from.
+ * `%line_src`: is the line number from where the log was called from.
+ * `%message`: is the message, made of concatenated arguments given by the caller.
+
+ For example, the following call:
+
+ ``` lua
+ kong.log("hello ", "world")
+ ```
+
+ would, within the core, produce a log line similar to:
+
+ ``` plain
+ 2017/07/09 19:36:25 [notice] 25932#0: *1 [kong] some_file.lua:54 hello world, client: 127.0.0.1, server: localhost, request: "GET /log HTTP/1.1", host: "localhost"
+ ```
+
+ If invoked from within a plugin (e.g. `key-auth`) it would include the
+ namespace prefix, like so:
+
+ ``` plain
+ 2017/07/09 19:36:25 [notice] 25932#0: *1 [kong] some_file.lua:54 [key-auth] hello world, client: 127.0.0.1, server: localhost, request: "GET /log HTTP/1.1", host: "localhost"
+ ```
+
+
+**Phases**
+
+* init_worker, certificate, rewrite, access, header_filter, body_filter, log
+
+**Parameters**
+
+* **...** :  all params will be concatenated and stringified before being sent to the log
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.log("hello ", "world") -- alias to kong.log.notice()
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.log.LEVEL(...)
+
+Similar to `kong.log()`, but the produced log will have the severity given by
+ `<level>`, instead of `notice`.  The supported levels are:
+
+ * `kong.log.alert()`
+ * `kong.log.crit()`
+ * `kong.log.err()`
+ * `kong.log.warn()`
+ * `kong.log.notice()`
+ * `kong.log.info()`
+ * `kong.log.debug()`
+
+ Logs have the same format as that of `kong.log()`. For
+ example, the following call:
+
+ ``` lua
+  kong.log.err("hello ", "world")
+ ```
+
+ would, within the core, produce a log line similar to:
+
+ ``` plain
+ 2017/07/09 19:36:25 [error] 25932#0: *1 [kong] some_file.lua:54 hello world, client: 127.0.0.1, server: localhost, request: "GET /log HTTP/1.1", host: "localhost"
+ ```
+
+ If invoked from within a plugin (e.g. `key-auth`) it would include the
+ namespace prefix, like so:
+
+ ``` plain
+ 2017/07/09 19:36:25 [error] 25932#0: *1 [kong] some_file.lua:54 [key-auth] hello world, client: 127.0.0.1, server: localhost, request: "GET /log HTTP/1.1", host: "localhost"
+ ```
+
+
+**Phases**
+
+* init_worker, certificate, rewrite, access, header_filter, body_filter, log
+
+**Parameters**
+
+* **...** :  all params will be concatenated and stringified before being sent to the log
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.log.warn("something require attention")
+kong.log.err("something failed: ", err)
+kong.log.alert("something requires immediate action")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.log.inspect(...)
+
+Like `kong.log()`, this function will produce a log with the `notice` level,
+ and accepts any number of arguments as well.  If inspect logging is disabled
+ via `kong.log.inspect.off()`, then this function prints nothing, and is
+ aliased to a "NOP" function in order to save CPU cycles.
+
+ ``` lua
+ kong.log.inspect("...")
+ ```
+
+ This function differs from `kong.log()` in the sense that arguments will be
+ concatenated with a space(`" "`), and each argument will be
+ "pretty-printed":
+
+ * numbers will printed (e.g. `5` -> `"5"`)
+ * strings will be quoted (e.g. `"hi"` -> `'"hi"'`)
+ * array-like tables will be rendered (e.g. `{1,2,3}` -> `"{1, 2, 3}"`)
+ * dictionary-like tables will be rendered on multiple lines
+
+ This function is intended for use with debugging purposes in mind, and usage
+ in production code paths should be avoided due to the expensive formatting
+ operations it can perform. Existing statements can be left in production code
+ but nopped by calling `kong.log.inspect.off()`.
+
+ When writing logs, `kong.log.inspect()` always uses its own format, defined
+ as:
+
+ ``` plain
+ %file_src:%func_name:%line_src %message
+ ```
+
+ Where:
+
+ * `%file_src`: is the file name from where the log was called from.
+ * `%func_name`: is the name of the function from where the log was called
+   from.
+ * `%line_src`: is the line number from where the log was called from.
+ * `%message`: is the message, made of concatenated, pretty-printed arguments
+   given by the caller.
+
+ This function uses the [inspect.lua](https://github.com/kikito/inspect.lua)
+ library to pretty-print its arguments.
+
+
+**Phases**
+
+* init_worker, certificate, rewrite, access, header_filter, body_filter, log
+
+**Parameters**
+
+* **...** :  Parameters will be concatenated with spaces between them and
+ rendered as described
+
+**Usage**
+
+``` lua
+kong.log.inspect("some value", a_variable)
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.log.inspect.on()
+
+Enables inspect logs for this logging facility.  Calls to
+ `kong.log.inspect` will be writing log lines with the appropriate
+ formatting of arguments.
+
+
+**Phases**
+
+* init_worker, certificate, rewrite, access, header_filter, body_filter, log
+
+**Usage**
+
+``` lua
+kong.log.inspect.on()
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.log.inspect.off()
+
+Disables inspect logs for this logging facility.  All calls to
+ `kong.log.inspect()` will be nopped.
+
+
+**Phases**
+
+* init_worker, certificate, rewrite, access, header_filter, body_filter, log
+
+**Usage**
+
+``` lua
+kong.log.inspect.off()
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.35-x/pdk/kong.node.md b/app/enterprise/0.35-x/pdk/kong.node.md
new file mode 100644
index 000000000000..b712a6340fd1
--- /dev/null
+++ b/app/enterprise/0.35-x/pdk/kong.node.md
@@ -0,0 +1,29 @@
+---
+title: kong.node
+pdk: true
+toc: true
+---
+
+## kong.node
+
+Node-level utilities
+
+
+
+### kong.node.get_id()
+
+Returns the id used by this node to describe itself.
+
+**Returns**
+
+* `string` The v4 UUID used by this node as its id
+
+
+**Usage**
+
+``` lua
+local id = kong.node.get_id()
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.35-x/pdk/kong.request.md b/app/enterprise/0.35-x/pdk/kong.request.md
new file mode 100644
index 000000000000..a84480ce278c
--- /dev/null
+++ b/app/enterprise/0.35-x/pdk/kong.request.md
@@ -0,0 +1,599 @@
+---
+title: kong.request
+pdk: true
+toc: true
+---
+
+## kong.request
+
+Client request module
+ A set of functions to retrieve information about the incoming requests made
+ by clients.
+
+
+
+### kong.request.get_scheme()
+
+Returns the scheme component of the request's URL.  The returned value is
+ normalized to lower-case form.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` a string like `"http"` or `"https"`
+
+
+**Usage**
+
+``` lua
+-- Given a request to https://example.com:1234/v1/movies
+
+kong.request.get_scheme() -- "https"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_host()
+
+Returns the host component of the request's URL, or the value of the
+ "Host" header.  The returned value is normalized to lower-case form.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` the host
+
+
+**Usage**
+
+``` lua
+-- Given a request to https://example.com:1234/v1/movies
+
+kong.request.get_host() -- "example.com"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_port()
+
+Returns the port component of the request's URL.  The value is returned
+ as a Lua number.
+
+
+**Phases**
+
+* certificate, rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `number` the port
+
+
+**Usage**
+
+``` lua
+-- Given a request to https://example.com:1234/v1/movies
+
+kong.request.get_port() -- 1234
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_forwarded_scheme()
+
+Returns the scheme component of the request's URL, but also considers
+ `X-Forwarded-Proto` if it comes from a trusted source.  The returned
+ value is normalized to lower-case.
+
+ Whether this function considers `X-Forwarded-Proto` or not depends on
+ several Kong configuration parameters:
+
+ * [trusted\_ips](/enterprise/{{page.kong_version}}/property-reference/#trusted_ips)
+ * [real\_ip\_header](/enterprise/{{page.kong_version}}/property-reference/#real_ip_header)
+ * [real\_ip\_recursive](/enterprise/{{page.kong_version}}/property-reference/#real_ip_recursive)
+
+ **Note**: support for the Forwarded HTTP Extension (RFC 7239) is not
+ offered yet since it is not supported by ngx\_http\_realip\_module.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` the forwarded scheme
+
+
+**Usage**
+
+``` lua
+kong.request.get_forwarded_scheme() -- "https"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_forwarded_host()
+
+Returns the host component of the request's URL or the value of the "host"
+ header.  Unlike `kong.request.get_host()`, this function will also consider
+ `X-Forwarded-Host` if it comes from a trusted source. The returned value
+ is normalized to lower-case.
+
+ Whether this function considers `X-Forwarded-Proto` or not depends on
+ several Kong configuration parameters:
+
+ * [trusted\_ips](/enterprise/{{page.kong_version}}/property-reference/#trusted_ips)
+ * [real\_ip\_header](/enterprise/{{page.kong_version}}/property-reference/#real_ip_header)
+ * [real\_ip\_recursive](/enterprise/{{page.kong_version}}/property-reference/#real_ip_recursive)
+
+ **Note**: we do not currently offer support for Forwarded HTTP Extension
+ (RFC 7239) since it is not supported by ngx_http_realip_module.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` the forwarded host
+
+
+**Usage**
+
+``` lua
+kong.request.get_forwarded_host() -- "example.com"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_forwareded_port()
+
+Returns the port component of the request's URL, but also considers
+ `X-Forwarded-Host` if it comes from a trusted source.  The value
+ is returned as a Lua number.
+
+ Whether this function considers `X-Forwarded-Proto` or not depends on
+ several Kong configuration parameters:
+
+ * [trusted\_ips](/enterprise/{{page.kong_version}}/property-reference/#trusted_ips)
+ * [real\_ip\_header](/enterprise/{{page.kong_version}}/property-reference/#real_ip_header)
+ * [real\_ip\_recursive](/enterprise/{{page.kong_version}}/property-reference/#real_ip_recursive)
+
+ **Note**: we do not currently offer support for Forwarded HTTP Extension
+ (RFC 7239) since it is not supported by ngx_http_realip_module.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `number` the forwared port
+
+
+**Usage**
+
+``` lua
+kong.request.get_forwarded_port() -- 1234
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_http_version()
+
+Returns the HTTP version used by the client in the request as a Lua
+ number, returning values such as `1`, `1.1`, `2.0`, or `nil` for
+ unrecognized values.
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `number|nil` the http version
+
+
+**Usage**
+
+``` lua
+kong.request.get_http_version() -- 1.1
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_method()
+
+Returns the HTTP method of the request.  The value is normalized to
+ upper-case.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` the request method
+
+
+**Usage**
+
+``` lua
+kong.request.get_method() -- "GET"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_path()
+
+Returns the path component of the request's URL.  It is not normalized in
+ any way and does not include the querystring.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` the path
+
+
+**Usage**
+
+``` lua
+-- Given a request to https://example.com:1234/v1/movies?movie=foo
+
+kong.request.get_path() -- "/v1/movies"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_path_with_query()
+
+Returns the path, including the querystring if any.  No
+ transformations/normalizations are done.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` the path with the querystring
+
+
+**Usage**
+
+``` lua
+-- Given a request to https://example.com:1234/v1/movies?movie=foo
+
+kong.request.get_raw_path_and_query() -- "/v1/movies?movie=foo"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_raw_query()
+
+Returns the query component of the request's URL.  It is not normalized in
+ any way (not even URL-decoding of special characters) and does not
+ include the leading `?` character.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+*  string the query component of the request's URL
+
+
+**Usage**
+
+``` lua
+-- Given a request to https://example.com/foo?msg=hello%20world&bla=&bar
+
+kong.request.get_raw_query() -- "msg=hello%20world&bla=&bar"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_query_arg()
+
+Returns the value of the specified argument, obtained from the query
+ arguments of the current request.
+
+ The returned value is either a `string`, a boolean `true` if an
+ argument was not given a value, or `nil` if no argument with `name` was
+ found.
+
+ If an argument with the same name is present multiple times in the
+ querystring, this function will return the value of the first occurrence.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string|boolean|nil` the value of the argument
+
+
+**Usage**
+
+``` lua
+-- Given a request GET /test?foo=hello%20world&bar=baz&zzz&blo=&bar=bla&bar
+
+kong.request.get_query_arg("foo") -- "hello world"
+kong.request.get_query_arg("bar") -- "baz"
+kong.request.get_query_arg("zzz") -- true
+kong.request.get_query_arg("blo") -- ""
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_query([max_args])
+
+Returns the table of query arguments obtained from the querystring.  Keys
+ are query argument names. Values are either a string with the argument
+ value, a boolean `true` if an argument was not given a value, or an array
+ if an argument was given in the query string multiple times. Keys and
+ values are unescaped according to URL-encoded escaping rules.
+
+ Note that a query string `?foo&bar` translates to two boolean `true`
+ arguments, and `?foo=&bar=` translates to two string arguments containing
+ empty strings.
+
+ By default, this function returns up to **100** arguments. The optional
+ `max_args` argument can be specified to customize this limit, but must be
+ greater than **1** and not greater than **1000**.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Parameters**
+
+* **max_args** (number, _optional_):  set a limit on the maximum number of parsed
+ arguments
+
+**Returns**
+
+* `table` A table representation of the query string
+
+
+**Usage**
+
+``` lua
+-- Given a request GET /test?foo=hello%20world&bar=baz&zzz&blo=&bar=bla&bar
+
+for k, v in pairs(kong.request.get_query()) do
+  kong.log.inspect(k, v)
+end
+
+-- Will print
+-- "foo" "hello world"
+-- "bar" {"baz", "bla", true}
+-- "zzz" true
+-- "blo" ""
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_header(name)
+
+Returns the value of the specified request header.
+
+ The returned value is either a `string`, or can be `nil` if a header with
+ `name` was not found in the request. If a header with the same name is
+ present multiple times in the request, this function will return the value
+ of the first occurrence of this header.
+
+ Header names in are case-insensitive and are normalized to lowercase, and
+ dashes (`-`) can be written as underscores (`_`); that is, the header
+ `X-Custom-Header` can also be retrieved as `x_custom_header`.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Parameters**
+
+* **name** (string):  the name of the header to be returned
+
+**Returns**
+
+* `string|nil` the value of the header or nil if not present
+
+
+**Usage**
+
+``` lua
+-- Given a request with the following headers:
+
+-- Host: foo.com
+-- X-Custom-Header: bla
+-- X-Another: foo bar
+-- X-Another: baz
+
+kong.request.get_header("Host")            -- "foo.com"
+kong.request.get_header("x-custom-header") -- "bla"
+kong.request.get_header("X-Another")       -- "foo bar"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_headers([max_headers])
+
+Returns a Lua table holding the request headers.  Keys are header names.
+ Values are either a string with the header value, or an array of strings
+ if a header was sent multiple times. Header names in this table are
+ case-insensitive and are normalized to lowercase, and dashes (`-`) can be
+ written as underscores (`_`); that is, the header `X-Custom-Header` can
+ also be retrieved as `x_custom_header`.
+
+ By default, this function returns up to **100** headers. The optional
+ `max_headers` argument can be specified to customize this limit, but must
+ be greater than **1** and not greater than **1000**.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Parameters**
+
+* **max_headers** (number, _optional_):  set a limit on the maximum number of
+ parsed headers
+
+**Returns**
+
+* `table` the request headers in table form
+
+
+**Usage**
+
+``` lua
+-- Given a request with the following headers:
+
+-- Host: foo.com
+-- X-Custom-Header: bla
+-- X-Another: foo bar
+-- X-Another: baz
+local headers = kong.request.get_headers()
+
+headers.host            -- "foo.com"
+headers.x_custom_header -- "bla"
+headers.x_another[1]    -- "foo bar"
+headers["X-Another"][2] -- "baz"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_raw_body()
+
+Returns the plain request body.
+
+ If the body has no size (empty), this function returns an empty string.
+
+ If the size of the body is greater than the Nginx buffer size (set by
+ `client_body_buffer_size`), this function will fail and return an error
+ message explaining this limitation.
+
+
+**Phases**
+
+* rewrite, access, admin_api
+
+**Returns**
+
+* `string` the plain request body
+
+
+**Usage**
+
+``` lua
+-- Given a body with payload "Hello, Earth!":
+
+kong.request.get_raw_body():gsub("Earth", "Mars") -- "Hello, Mars!"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_body([mimetype[, max_args]])
+
+Returns the request data as a key/value table.
+ A high-level convenience function.
+ The body is parsed with the most appropriate format:
+
+ * If `mimetype` is specified:
+   * Decodes the body with the requested content type (if supported).
+ * If the request content type is `application/x-www-form-urlencoded`:
+   * Returns the body as form-encoded.
+ * If the request content type is `multipart/form-data`:
+   * Decodes the body as multipart form data
+     (same as `multipart(kong.request.get_raw_body(),
+     kong.request.get_header("Content-Type")):get_all()` ).
+ * If the request content type is `application/json`:
+   * Decodes the body as JSON
+     (same as `json.decode(kong.request.get_raw_body())`).
+   * JSON types are converted to matching Lua types.
+ * If none of the above, returns `nil` and an error message indicating the
+   body could not be parsed.
+
+ The optional argument `mimetype` can be one of the following strings:
+
+ * `application/x-www-form-urlencoded`
+ * `application/json`
+ * `multipart/form-data`
+
+ The optional argument `max_args` can be used to set a limit on the number
+ of form arguments parsed for `application/x-www-form-urlencoded` payloads.
+
+ The third return value is string containing the mimetype used to parsed
+ the body (as per the `mimetype` argument), allowing the caller to identify
+ what MIME type the body was parsed as.
+
+
+**Phases**
+
+* rewrite, access, admin_api
+
+**Parameters**
+
+* **mimetype** (string, _optional_):  the MIME type
+* **max_args** (number, _optional_):  set a limit on the maximum number of parsed
+ arguments
+
+**Returns**
+
+1.  `table|nil` a table representation of the body
+
+1.  `string|nil` an error message
+
+1.  `string|nil` mimetype the MIME type used
+
+
+**Usage**
+
+``` lua
+local body, err, mimetype = kong.request.get_body()
+body.name -- "John Doe"
+body.age  -- "42"
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.35-x/pdk/kong.response.md b/app/enterprise/0.35-x/pdk/kong.response.md
new file mode 100644
index 000000000000..34e0288186a0
--- /dev/null
+++ b/app/enterprise/0.35-x/pdk/kong.response.md
@@ -0,0 +1,469 @@
+---
+title: kong.response
+pdk: true
+toc: true
+---
+
+## kong.response
+
+Client response module
+
+ The downstream response module contains a set of functions for producing and
+ manipulating responses sent back to the client ("downstream").  Responses can
+ be produced by Kong (e.g. an authentication plugin rejecting a request), or
+ proxied back from an Service's response body.
+
+ Unlike `kong.service.response`, this module allows mutating the response
+ before sending it back to the client.
+
+
+
+
+### kong.response.get_status()
+
+Returns the HTTP status code currently set for the downstream response (as
+ a Lua number).
+
+ If the request was proxied (as per `kong.response.get_source()`), the
+ return value will be that of the response from the Service (identical to
+ `kong.service.response.get_status()`).
+
+ If the request was _not_ proxied, and the response was produced by Kong
+ itself (i.e. via `kong.response.exit()`), the return value will be
+ returned as-is.
+
+
+**Phases**
+
+* header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `number` status The HTTP status code currently set for the
+ downstream response
+
+
+**Usage**
+
+``` lua
+kong.response.get_status() -- 200
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.get_header(name)
+
+Returns the value of the specified response header, as would be seen by
+ the client once received.
+
+ The list of headers returned by this function can consist of both response
+ headers from the proxied Service _and_ headers added by Kong (e.g. via
+ `kong.response.add_header()`).
+
+ The return value is either a `string`, or can be `nil` if a header with
+ `name` was not found in the response. If a header with the same name is
+ present multiple times in the request, this function will return the value
+ of the first occurrence of this header.
+
+
+**Phases**
+
+* header_filter, body_filter, log, admin_api
+
+**Parameters**
+
+* **name** (string):  The name of the header
+
+ Header names are case-insensitive and dashes (`-`) can be written as
+ underscores (`_`); that is, the header `X-Custom-Header` can also be
+ retrieved as `x_custom_header`.
+
+
+**Returns**
+
+* `string|nil` The value of the header
+
+
+**Usage**
+
+``` lua
+-- Given a response with the following headers:
+-- X-Custom-Header: bla
+-- X-Another: foo bar
+-- X-Another: baz
+
+kong.response.get_header("x-custom-header") -- "bla"
+kong.response.get_header("X-Another")       -- "foo bar"
+kong.response.get_header("X-None")          -- nil
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.get_headers([max_headers])
+
+Returns a Lua table holding the response headers.  Keys are header names.
+ Values are either a string with the header value, or an array of strings
+ if a header was sent multiple times. Header names in this table are
+ case-insensitive and are normalized to lowercase, and dashes (`-`) can be
+ written as underscores (`_`); that is, the header `X-Custom-Header` can
+ also be retrieved as `x_custom_header`.
+
+ A response initially has no headers until a plugin short-circuits the
+ proxying by producing one (e.g. an authentication plugin rejecting a
+ request), or the request has been proxied, and one of the latter execution
+ phases is currently running.
+
+ Unlike `kong.service.response.get_headers()`, this function returns *all*
+ headers as the client would see them upon reception, including headers
+ added by Kong itself.
+
+ By default, this function returns up to **100** headers. The optional
+ `max_headers` argument can be specified to customize this limit, but must
+ be greater than **1** and not greater than **1000**.
+
+
+**Phases**
+
+* header_filter, body_filter, log, admin_api
+
+**Parameters**
+
+* **max_headers** (number, _optional_):  Limits how many headers are parsed
+
+**Returns**
+
+1.  `table`  headers A table representation of the headers in the
+ response
+
+
+1.  `string` err If more headers than `max_headers` were present, a
+ string with the error `"truncated"`.
+
+
+**Usage**
+
+``` lua
+-- Given an response from the Service with the following headers:
+-- X-Custom-Header: bla
+-- X-Another: foo bar
+-- X-Another: baz
+
+local headers = kong.response.get_headers()
+
+headers.x_custom_header -- "bla"
+headers.x_another[1]    -- "foo bar"
+headers["X-Another"][2] -- "baz"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.get_source()
+
+This function helps determining where the current response originated
+ from.   Kong being a reverse proxy, it can short-circuit a request and
+ produce a response of its own, or the response can come from the proxied
+ Service.
+
+ Returns a string with three possible values:
+
+ * "exit" is returned when, at some point during the processing of the
+   request, there has been a call to `kong.response.exit()`. In other
+   words, when the request was short-circuited by a plugin or by Kong
+   itself (e.g.  invalid credentials)
+ * "error" is returned when an error has happened while processing the
+   request - for example, a timeout while connecting to the upstream
+   service.
+ * "service" is returned when the response was originated by successfully
+   contacting the proxied Service.
+
+
+**Phases**
+
+* header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` the source.
+
+
+**Usage**
+
+``` lua
+if kong.response.get_source() == "service" then
+  kong.log("The response comes from the Service")
+elseif kong.response.get_source() == "error" then
+  kong.log("There was an error while processing the request")
+elseif kong.response.get_source() == "exit" then
+  kong.log("There was an early exit while processing the request")
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.set_status(status)
+
+Allows changing the downstream response HTTP status code before sending it
+ to the client.
+
+ This function should be used in the `header_filter` phase, as Kong is
+ preparing headers to be sent back to the client.
+
+
+**Phases**
+
+* rewrite, access, header_filter, admin_api
+
+**Parameters**
+
+* **status** (number):  The new status
+
+**Returns**
+
+*  Nothing; throws an error on invalid input.
+
+
+**Usage**
+
+``` lua
+kong.response.set_status(404)
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.set_header(name, value)
+
+Sets a response header with the given value.  This function overrides any
+ existing header with the same name.
+
+ This function should be used in the `header_filter` phase, as Kong is
+ preparing headers to be sent back to the client.
+
+**Phases**
+
+* rewrite, access, header_filter, admin_api
+
+**Parameters**
+
+* **name** (string):  The name of the header
+* **value** (string|number|boolean):  The new value for the header
+
+**Returns**
+
+*  Nothing; throws an error on invalid input.
+
+
+**Usage**
+
+``` lua
+kong.response.set_header("X-Foo", "value")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.add_header(name, value)
+
+Adds a response header with the given value.  Unlike
+ `kong.response.set_header()`, this function does not remove any existing
+ header with the same name. Instead, another header with the same name will
+ be added to the response. If no header with this name already exists on
+ the response, then it is added with the given value, similarly to
+ `kong.response.set_header().`
+
+ This function should be used in the `header_filter` phase, as Kong is
+ preparing headers to be sent back to the client.
+
+**Phases**
+
+* rewrite, access, header_filter, admin_api
+
+**Parameters**
+
+* **name** (string):  The header name
+* **value** (string|number|boolean):  The header value
+
+**Returns**
+
+*  Nothing; throws an error on invalid input.
+
+
+**Usage**
+
+``` lua
+kong.response.add_header("Cache-Control", "no-cache")
+kong.response.add_header("Cache-Control", "no-store")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.clear_header(name)
+
+Removes all occurrences of the specified header in the response sent to
+ the client.
+
+ This function should be used in the `header_filter` phase, as Kong is
+ preparing headers to be sent back to the client.
+
+
+**Phases**
+
+* rewrite, access, header_filter, admin_api
+
+**Parameters**
+
+* **name** (string):  The name of the header to be cleared
+
+**Returns**
+
+*  Nothing; throws an error on invalid input.
+
+
+**Usage**
+
+``` lua
+kong.response.set_header("X-Foo", "foo")
+kong.response.add_header("X-Foo", "bar")
+
+kong.response.clear_header("X-Foo")
+-- from here onwards, no X-Foo headers will exist in the response
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.set_headers(headers)
+
+Sets the headers for the response.  Unlike `kong.response.set_header()`,
+ the `headers` argument must be a table in which each key is a string
+ (corresponding to a header's name), and each value is a string, or an
+ array of strings.
+
+ This function should be used in the `header_filter` phase, as Kong is
+ preparing headers to be sent back to the client.
+
+ The resulting headers are produced in lexicographical order. The order of
+ entries with the same name (when values are given as an array) is
+ retained.
+
+ This function overrides any existing header bearing the same name as those
+ specified in the `headers` argument. Other headers remain unchanged.
+
+
+**Phases**
+
+* rewrite, access, header_filter, admin_api
+
+**Parameters**
+
+* **headers** (table):
+
+**Returns**
+
+*  Nothing; throws an error on invalid input.
+
+
+**Usage**
+
+``` lua
+kong.response.set_headers({
+  ["Bla"] = "boo",
+  ["X-Foo"] = "foo3",
+  ["Cache-Control"] = { "no-store", "no-cache" }
+})
+
+-- Will add the following headers to the response, in this order:
+-- X-Bar: bar1
+-- Bla: boo
+-- Cache-Control: no-store
+-- Cache-Control: no-cache
+-- X-Foo: foo3
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.exit(status[, body[, headers]])
+
+This function interrupts the current processing and produces a response.
+ It is typical to see plugins using it to produce a response before Kong
+ has a chance to proxy the request (e.g. an authentication plugin rejecting
+ a request, or a caching plugin serving a cached response).
+
+ It is recommended to use this function in conjunction with the `return`
+ operator, to better reflect its meaning:
+
+ ```lua
+ return kong.response.exit(200, "Success")
+ ```
+
+ Calling `kong.response.exit()` will interrupt the execution flow of
+ plugins in the current phase. Subsequent phases will still be invoked.
+ E.g. if a plugin called `kong.response.exit()` in the `access` phase, no
+ other plugin will be executed in that phase, but the `header_filter`,
+ `body_filter`, and `log` phases will still be executed, along with their
+ plugins. Plugins should thus be programmed defensively against cases when
+ a request was **not** proxied to the Service, but instead was produced by
+ Kong itself.
+
+ The first argument `status` will set the status code of the response that
+ will be seen by the client.
+
+ The second, optional, `body` argument will set the response body. If it is
+ a string, no special processing will be done, and the body will be sent
+ as-is.  It is the caller's responsibility to set the appropriate
+ Content-Type header via the third argument.  As a convenience, `body` can
+ be specified as a table; in which case, it will be JSON-encoded and the
+ `application/json` Content-Type header will be set.
+
+ The third, optional, `headers` argument can be a table specifying response
+ headers to send. If specified, its behavior is similar to
+ `kong.response.set_headers()`.
+
+ Unless manually specified, this method will automatically set the
+ Content-Length header in the produced response for convenience.
+
+**Phases**
+
+* rewrite, access, admin_api, header_filter (only if `body` is nil)
+
+**Parameters**
+
+* **status** (number):  The status to be used
+* **body** (table|string, _optional_):  The body to be used
+* **headers** (table, _optional_):  The headers to be used
+
+**Returns**
+
+*  Nothing; throws an error on invalid input.
+
+
+**Usage**
+
+``` lua
+return kong.response.exit(403, "Access Forbidden", {
+  ["Content-Type"] = "text/plain",
+  ["WWW-Authenticate"] = "Basic"
+})
+
+---
+
+return kong.response.exit(403, [[{"message":"Access Forbidden"}]], {
+  ["Content-Type"] = "application/json",
+  ["WWW-Authenticate"] = "Basic"
+})
+
+---
+
+return kong.response.exit(403, { message = "Access Forbidden" }, {
+  ["WWW-Authenticate"] = "Basic"
+})
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.35-x/pdk/kong.router.md b/app/enterprise/0.35-x/pdk/kong.router.md
new file mode 100644
index 000000000000..c30ceb5fca48
--- /dev/null
+++ b/app/enterprise/0.35-x/pdk/kong.router.md
@@ -0,0 +1,68 @@
+---
+title: kong.router
+pdk: true
+toc: true
+---
+
+## kong.router
+
+Router module
+ A set of functions to access the routing properties of the request.
+
+
+
+### kong.router.get_route()
+
+Returns the current `route` entity.  The request was matched against this
+ route.
+
+
+**Phases**
+
+* access, header_filter, body_filter, log
+
+**Returns**
+
+* `table` the `route` entity.
+
+
+**Usage**
+
+``` lua
+if kong.router.get_route() then
+  -- routed by route & service entities
+else
+  -- routed by a legacy API entity
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.router.get_service()
+
+Returns the current `service` entity.  The request will be targetted to this
+ upstream service.
+
+
+**Phases**
+
+* access, header_filter, body_filter, log
+
+**Returns**
+
+* `table` the `service` entity.
+
+
+**Usage**
+
+``` lua
+if kong.router.get_service() then
+  -- routed by route & service entities
+else
+  -- routed by a legacy API entity
+end
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.35-x/pdk/kong.service.md b/app/enterprise/0.35-x/pdk/kong.service.md
new file mode 100644
index 000000000000..dce94eb96192
--- /dev/null
+++ b/app/enterprise/0.35-x/pdk/kong.service.md
@@ -0,0 +1,89 @@
+---
+title: kong.service
+pdk: true
+toc: true
+---
+
+## kong.service
+
+The service module contains a set of functions to manipulate the connection
+ aspect of the request to the Service, such as connecting to a given host, IP
+ address/port, or choosing a given Upstream entity for load-balancing and
+ healthchecking.
+
+
+
+### kong.service.set_upstream(host)
+
+Sets the desired Upstream entity to handle the load-balancing step for
+ this request.  Using this method is equivalent to creating a Service with a
+ `host` property equal to that of an Upstream entity (in which case, the
+ request would be proxied to one of the Targets associated with that
+ Upstream).
+
+ The `host` argument should receive a string equal to that of one of the
+ Upstream entities currently configured.
+
+
+**Phases**
+
+* access
+
+**Parameters**
+
+* **host** (string):
+
+**Returns**
+
+1.  `boolean|nil` `true` on success, or `nil` if no upstream entities
+ where found
+
+1.  `string|nil`  An error message describing the error if there was
+ one.
+
+
+
+**Usage**
+
+``` lua
+local ok, err = kong.service.set_upstream("service.prod")
+if not ok then
+  kong.log.err(err)
+  return
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.set_target(host, port)
+
+Sets the host and port on which to connect to for proxying the request.  ]]
+ Using this method is equivalent to ask Kong to not run the load-balancing
+ phase for this request, and consider it manually overridden.
+ Load-balancing components such as retries and health-checks will also be
+ ignored for this request.
+
+ The `host` argument expects a string containing the IP address of the
+ upstream server (IPv4/IPv6), and the `port` argument must contain a number
+ representing the port on which to connect to.
+
+
+**Phases**
+
+* access
+
+**Parameters**
+
+* **host** (string):
+* **port** (number):
+
+**Usage**
+
+``` lua
+kong.service.set_target("service.local", 443)
+kong.service.set_target("192.168.130.1", 80)
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.35-x/pdk/kong.service.request.md b/app/enterprise/0.35-x/pdk/kong.service.request.md
new file mode 100644
index 000000000000..c47d45e974b6
--- /dev/null
+++ b/app/enterprise/0.35-x/pdk/kong.service.request.md
@@ -0,0 +1,437 @@
+---
+title: kong.service.request
+pdk: true
+toc: true
+---
+
+## kong.service.request
+
+Manipulation of the request to the Service
+
+
+
+### kong.service.request.set_scheme(scheme)
+
+Sets the protocol to use when proxying the request to the Service.
+
+**Phases**
+
+* `access`
+
+**Parameters**
+
+* **scheme** (string):  The scheme to be used. Supported values are `"http"` or `"https"`
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_scheme("https")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_path(path)
+
+Sets the path component for the request to the service.  It is not
+ normalized in any way and should **not** include the querystring.
+
+**Phases**
+
+* `access`
+
+**Parameters**
+
+* **path** :  The path string. Example: "/v2/movies"
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_path("/v2/movies")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_raw_query(query)
+
+Sets the querystring of the request to the Service.  The `query` argument is a
+ string (without the leading `?` character), and will not be processed in any
+ way.
+
+ For a higher-level function to set the query string from a Lua table of
+ arguments, see `kong.service.request.set_query()`.
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **query** (string):  The raw querystring. Example: "foo=bar&bla&baz=hello%20world"
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_raw_query("zzz&bar=baz&bar=bla&bar&blo=&foo=hello%20world")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_method(method)
+
+Sets the HTTP method for the request to the service.
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **method** :  The method string, which should be given in all
+ uppercase. Supported values are: `"GET"`, `"HEAD"`, `"PUT"`, `"POST"`,
+ `"DELETE"`, `"OPTIONS"`, `"MKCOL"`, `"COPY"`, `"MOVE"`, `"PROPFIND"`,
+ `"PROPPATCH"`, `"LOCK"`, `"UNLOCK"`, `"PATCH"`, `"TRACE"`.
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_method("DELETE")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_query(args)
+
+Set the querystring of the request to the Service.
+
+ Unlike `kong.service.request.set_raw_query()`, the `query` argument must be a
+ table in which each key is a string (corresponding to an arguments name), and
+ each value is either a boolean, a string or an array of strings or booleans.
+ Additionally, all string values will be URL-encoded.
+
+ The resulting querystring will contain keys in their lexicographical order. The
+ order of entries within the same key (when values are given as an array) is
+ retained.
+
+ If further control of the querystring generation is needed, a raw querystring
+ can be given as a string with `kong.service.request.set_raw_query()`.
+
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **args** (table):  A table where each key is a string (corresponding to an
+   argument name), and each value is either a boolean, a string or an array of
+   strings or booleans. Any string values given are URL-encoded.
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_query({
+  foo = "hello world",
+  bar = {"baz", "bla", true},
+  zzz = true,
+  blo = ""
+})
+-- Will produce the following query string:
+-- bar=baz&bar=bla&bar&blo=&foo=hello%20world&zzz
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_header(header, value)
+
+Sets a header in the request to the Service with the given value.  Any existing header
+ with the same name will be overridden.
+
+ If the `header` argument is `"host"` (case-insensitive), then this is
+ will also set the SNI of the request to the Service.
+
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **header** (string):  The header name. Example: "X-Foo"
+* **value** (string|boolean|number):  The header value. Example: "hello world"
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_header("X-Foo", "value")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.add_header(header, value)
+
+Adds a request header with the given value to the request to the Service.  Unlike
+ `kong.service.request.set_header()`, this function will not remove any existing
+ headers with the same name. Instead, several occurences of the header will be
+ present in the request. The order in which headers are added is retained.
+
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **header** (string):  The header name. Example: "Cache-Control"
+* **value** (string|number|boolean):  The header value. Example: "no-cache"
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.add_header("Cache-Control", "no-cache")
+kong.service.request.add_header("Cache-Control", "no-store")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.clear_header(header)
+
+Removes all occurrences of the specified header in the request to the Service.
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **header** (string):  The header name. Example: "X-Foo"
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+   The function does not throw an error if no header was removed.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_header("X-Foo", "foo")
+kong.service.request.add_header("X-Foo", "bar")
+kong.service.request.clear_header("X-Foo")
+-- from here onwards, no X-Foo headers will exist in the request
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_headers(headers)
+
+Sets the headers of the request to the Service.  Unlike
+ `kong.service.request.set_header()`, the `headers` argument must be a table in
+ which each key is a string (corresponding to a header's name), and each value
+ is a string, or an array of strings.
+
+ The resulting headers are produced in lexicographical order. The order of
+ entries with the same name (when values are given as an array) is retained.
+
+ This function overrides any existing header bearing the same name as those
+ specified in the `headers` argument. Other headers remain unchanged.
+
+ If the `"Host"` header is set (case-insensitive), then this is
+ will also set the SNI of the request to the Service.
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **headers** (table):  A table where each key is a string containing a header name
+   and each value is either a string or an array of strings.
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_header("X-Foo", "foo1")
+kong.service.request.add_header("X-Foo", "foo2")
+kong.service.request.set_header("X-Bar", "bar1")
+kong.service.request.set_headers({
+  ["X-Foo"] = "foo3",
+  ["Cache-Control"] = { "no-store", "no-cache" },
+  ["Bla"] = "boo"
+})
+
+-- Will add the following headers to the request, in this order:
+-- X-Bar: bar1
+-- Bla: boo
+-- Cache-Control: no-store
+-- Cache-Control: no-cache
+-- X-Foo: foo3
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_raw_body(body)
+
+Sets the body of the request to the Service.
+
+ The `body` argument must be a string and will not be processed in any way.
+ This function also sets the `Content-Length` header appropriately. To set an
+ empty body, one can give an empty string `""` to this function.
+
+ For a higher-level function to set the body based on the request content type,
+ see `kong.service.request.set_body()`.
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **body** (string):  The raw body
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_raw_body("Hello, world!")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_body(args[, mimetype])
+
+Sets the body of the request to the Service.  Unlike
+ `kong.service.request.set_raw_body()`, the `args` argument must be a table, and
+ will be encoded with a MIME type.  The encoding MIME type can be specified in
+ the optional `mimetype` argument, or if left unspecified, will be chosen based
+ on the `Content-Type` header of the client's request.
+
+ If the MIME type is `application/x-www-form-urlencoded`:
+
+ * Encodes the arguments as form-encoded: keys are produced in lexicographical
+   order. The order of entries within the same key (when values are
+   given as an array) is retained. Any string values given are URL-encoded.
+
+ If the MIME type is `multipart/form-data`:
+
+ * Encodes the arguments as multipart form data.
+
+ If the MIME type is `application/json`:
+
+ * Encodes the arguments as JSON (same as
+   `kong.service.request.set_raw_body(json.encode(args))`)
+ * Lua types are converted to matching JSON types.mej
+
+ If none of the above, returns `nil` and an error message indicating the
+ body could not be encoded.
+
+ The optional argument `mimetype` can be one of:
+
+ * `application/x-www-form-urlencoded`
+ * `application/json`
+ * `multipart/form-data`
+
+ If the `mimetype` argument is specified, the `Content-Type` header will be
+ set accordingly in the request to the Service.
+
+ If further control of the body generation is needed, a raw body can be given as
+ a string with `kong.service.request.set_raw_body()`.
+
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **args** (table):  A table with data to be converted to the appropriate format
+ and stored in the body.
+* **mimetype** (string, _optional_):  can be one of:
+
+**Returns**
+
+1.  `boolean|nil` `true` on success, `nil` otherwise
+
+1.  `string|nil` `nil` on success, an error message in case of error.
+ Throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.set_header("application/json")
+local ok, err = kong.service.request.set_body({
+  name = "John Doe",
+  age = 42,
+  numbers = {1, 2, 3}
+})
+
+-- Produces the following JSON body:
+-- { "name": "John Doe", "age": 42, "numbers":[1, 2, 3] }
+
+local ok, err = kong.service.request.set_body({
+  foo = "hello world",
+  bar = {"baz", "bla", true},
+  zzz = true,
+  blo = ""
+}, "application/x-www-form-urlencoded")
+
+-- Produces the following body:
+-- bar=baz&bar=bla&bar&blo=&foo=hello%20world&zzz
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.35-x/pdk/kong.service.response.md b/app/enterprise/0.35-x/pdk/kong.service.response.md
new file mode 100644
index 000000000000..feede11b266e
--- /dev/null
+++ b/app/enterprise/0.35-x/pdk/kong.service.response.md
@@ -0,0 +1,132 @@
+---
+title: kong.service.response
+pdk: true
+toc: true
+---
+
+## kong.service.response
+
+Manipulation of the response from the Service
+
+
+
+### kong.service.response.get_status()
+
+Returns the HTTP status code of the response from the Service as a Lua number.
+
+**Phases**
+
+* `header_filter`, `body_filter`, `log`
+
+**Returns**
+
+* `number|nil`  the status code from the response from the Service, or `nil`
+ if the request was not proxied (i.e. `kong.response.get_source()` returned
+ anything other than `"service"`.
+
+
+**Usage**
+
+``` lua
+kong.log.inspect(kong.service.response.get_status()) -- 418
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.response.get_headers([max_headers])
+
+Returns a Lua table holding the headers from the response from the Service.  Keys are
+ header names. Values are either a string with the header value, or an array of
+ strings if a header was sent multiple times. Header names in this table are
+ case-insensitive and dashes (`-`) can be written as underscores (`_`); that is,
+ the header `X-Custom-Header` can also be retrieved as `x_custom_header`.
+
+ Unlike `kong.response.get_headers()`, this function will only return headers that
+ were present in the response from the Service (ignoring headers added by Kong itself).
+ If the request was not proxied to a Service (e.g. an authentication plugin rejected
+ a request and produced an HTTP 401 response), then the returned `headers` value
+ might be `nil`, since no response from the Service has been received.
+
+ By default, this function returns up to **100** headers. The optional
+ `max_headers` argument can be specified to customize this limit, but must be
+ greater than **1** and not greater than **1000**.
+
+**Phases**
+
+* `header_filter`, `body_filter`, `log`
+
+**Parameters**
+
+* **max_headers** (number, _optional_):  customize the headers to parse
+
+**Returns**
+
+1.  `table` the response headers in table form
+
+1.  `string` err If more headers than `max_headers` were present, a
+ string with the error `"truncated"`.
+
+
+**Usage**
+
+``` lua
+-- Given a response with the following headers:
+-- X-Custom-Header: bla
+-- X-Another: foo bar
+-- X-Another: baz
+local headers = kong.service.response.get_headers()
+if headers then
+  kong.log.inspect(headers.x_custom_header) -- "bla"
+  kong.log.inspect(headers.x_another[1])    -- "foo bar"
+  kong.log.inspect(headers["X-Another"][2]) -- "baz"
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.response.get_header(name)
+
+Returns the value of the specified response header.
+
+ Unlike `kong.response.get_header()`, this function will only return a header
+ if it was present in the response from the Service (ignoring headers added by Kong
+ itself).
+
+
+**Phases**
+
+* `header_filter`, `body_filter`, `log`
+
+**Parameters**
+
+* **name** (string):  The name of the header.
+
+ Header names in are case-insensitive and are normalized to lowercase, and
+ dashes (`-`) can be written as underscores (`_`); that is, the header
+ `X-Custom-Header` can also be retrieved as `x_custom_header`.
+
+
+**Returns**
+
+* `string|nil`  The value of the header, or `nil` if a header with
+ `name` was not found in the response. If a header with the same name is present
+ multiple times in the response, this function will return the value of the
+ first occurrence of this header.
+
+
+**Usage**
+
+``` lua
+-- Given a response with the following headers:
+-- X-Custom-Header: bla
+-- X-Another: foo bar
+-- X-Another: baz
+
+kong.log.inspect(kong.service.response.get_header("x-custom-header")) -- "bla"
+kong.log.inspect(kong.service.response.get_header("X-Another"))       -- "foo bar"
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.35-x/pdk/kong.table.md b/app/enterprise/0.35-x/pdk/kong.table.md
new file mode 100644
index 000000000000..7e62db9eed94
--- /dev/null
+++ b/app/enterprise/0.35-x/pdk/kong.table.md
@@ -0,0 +1,67 @@
+---
+title: kong.table
+pdk: true
+toc: true
+---
+
+## kong.table
+
+Utilities for Lua tables
+
+
+
+### kong.table.new([narr[, nrec]])
+
+Returns a table with pre-allocated number of slots in its array and hash
+ parts.
+
+**Parameters**
+
+* **narr** (number, _optional_):  specifies the number of slots to pre-allocate
+ in the array part.
+* **nrec** (number, _optional_):  specifies the number of slots to pre-allocate in
+ the hash part.
+
+**Returns**
+
+* `table` the newly created table
+
+
+**Usage**
+
+``` lua
+local tab = kong.table.new(4, 4)
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.table.clear(tab)
+
+Clears a table from all of its array and hash parts entries.
+
+**Parameters**
+
+* **tab** (table):  the table which will be cleared
+
+**Returns**
+
+*  Nothing
+
+
+**Usage**
+
+``` lua
+local tab = {
+  "hello",
+  foo = "bar"
+}
+
+kong.table.clear(tab)
+
+kong.log(tab[1]) -- nil
+kong.log(tab.foo) -- nil
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.35-x/plugin-development/access-the-datastore.md b/app/enterprise/0.35-x/plugin-development/access-the-datastore.md
new file mode 100644
index 000000000000..f783a00d90a5
--- /dev/null
+++ b/app/enterprise/0.35-x/plugin-development/access-the-datastore.md
@@ -0,0 +1,75 @@
+---
+title: Plugin Development - Accessing the Datastore
+book: plugin_dev
+chapter: 5
+---
+
+## Introduction
+
+Kong interacts with the model layer through classes we refer to as "DAOs". This
+chapter will detail the available API to interact with the datastore.
+
+Kong supports two primary datastores: [Cassandra
+{{site.data.kong_latest.dependencies.cassandra}}](http://cassandra.apache.org/)
+and [PostgreSQL
+{{site.data.kong_latest.dependencies.postgres}}](http://www.postgresql.org/).
+
+## kong.db
+
+All entities in Kong are represented by:
+
+- A schema that describes which table the entity relates to in the datastore,
+  constraints on its fields such as foreign keys, non-null constraints etc.
+  This schema is a table described in the [plugin configuration]({{page.book.chapters.plugin-configuration}})
+  chapter.
+- An instance of the `DAO` class mapping to the database currently in use
+  (Cassandra or Postgres). This class' methods consume the schema and expose
+  methods to insert, update, select and delete entities of that type.
+
+The core entities in Kong are: Services, Routes, Consumers and Plugins.
+All of them are accessible as Data Access Objects (DAOs),
+through the `kong.db` global singleton:
+
+
+```lua
+-- Core DAOs
+local services  = kong.db.services
+local routes    = kong.db.routes
+local consumers = kong.db.consumers
+local plugins   = kong.db.plugins
+```
+
+Both core entities from Kong and custom entities from plugins are
+available through `kong.db.*`.
+
+---
+
+## The DAO Lua API
+
+The DAO class is responsible for the operations executed on a given table in
+the datastore, generally mapping to an entity in Kong. All the underlying
+supported databases (currently Cassandra and Postgres) comply to the same
+interface, thus making the DAO compatible with all of them.
+
+For example, inserting a Service and a Plugin is as easy as:
+
+```lua
+local inserted_service, err = kong.db.services:insert({
+  name = "mockbin",
+  url  = "http://mockbin.org",
+})
+
+local inserted_plugin, err = kong.db.plugins:insert({
+  name    = "key-auth",
+  service = inserted_service,
+})
+```
+
+For a real-life example of the DAO being used in a plugin, see the
+[Key-Auth plugin source code](https://github.com/Kong/kong/blob/master/kong/plugins/key-auth/handler.lua).
+
+---
+
+Next: [Storing Custom Entities &rsaquo;]({{page.book.next}})
+
+[Plugin Development Kit]: /enterprise/{{page.kong_version}}/pdk
diff --git a/app/enterprise/0.35-x/plugin-development/admin-api.md b/app/enterprise/0.35-x/plugin-development/admin-api.md
new file mode 100644
index 000000000000..f5a1211f6d9c
--- /dev/null
+++ b/app/enterprise/0.35-x/plugin-development/admin-api.md
@@ -0,0 +1,174 @@
+---
+title: Plugin Development - Extending the Admin API
+book: plugin_dev
+chapter: 8
+---
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> This chapter assumes that you have a relative
+  knowledge of <a href="http://leafo.net/lapis/">Lapis</a>.
+</div>
+
+## Introduction
+
+Kong can be configured using a REST interface referred to as the [Admin API].
+Plugins can extend it by adding their own endpoints to accommodate custom
+entities or other personalized management needs. A typical example of this is
+the creation, retrieval, and deletion (commonly referred to as "CRUD
+operations") of API keys.
+
+The Admin API is a [Lapis](http://leafo.net/lapis/) application, and Kong's
+level of abstraction makes it easy for you to add endpoints.
+
+## Module
+
+```
+kong.plugins.<plugin_name>.api
+```
+
+## Adding endpoints to the Admin API
+
+Kong will detect and load your endpoints if they are defined in a module named:
+
+```
+"kong.plugins.<plugin_name>.api"
+```
+
+This module is bound to return a table with one or more entries with the following structure:
+
+``` lua
+{
+  ["<path>"] = {
+     schema = <schema>,
+     methods = {
+       before = function(self) ... end,
+       on_error = function(self) ... end,
+       GET = function(self) ... end,
+       PUT = function(self) ... end,
+       ...
+     }
+  },
+  ...
+}
+```
+
+Where:
+
+- `<path>` should be a string representing a route like `/users` (See [Lapis routes & URL
+  Patterns](http://leafo.net/lapis/reference/actions.html#routes--url-patterns)) for details.
+  Notice that the path can contain interpolation parameters, like `/users/:users/new`.
+- `<schema>` is a schema definition. Schemas for core and custom plugin entities are available
+  via `kong.db.<entity>.schema`. The schema is used to parse certain fields according to their
+  types; for example if a field is marked as an integer, it will be parsed as such when it is
+  passed to a function (by default form fields are all strings).
+- The `methods` subtable contains functions, indexed by a string.
+  - The `before` key is optional and can hold a function. If present, the function will be executed
+    on every request that hits `path`, before any other function is invoked.
+  - One or more functions can be indexed with HTTP method names, like `GET` or `PUT`. These functions
+    will be executed when the appropriate HTTP method and `path` is matched. If a `before` function is
+    present on the `path`, it will be executed first. Keep in mind that `before` functions can
+    use `kong.response.exit` to finish early, effectively cancelling the "regular" http method function.
+  - The `on_error` key is optional and can hold a function. If present, the function will be executed
+    when the code from other functions (either from a `before` or a "http method") throws an error. If
+    not present, then Kong will use a default error handler to return the errors.
+
+For example:
+
+``` lua
+local endpoints = require "kong.api.endpoints"
+
+local credentials_schema = kong.db.keyauth_credentials.schema
+local consumers_schema = kong.db.consumers.schema
+
+return {
+  ["/consumers/:consumers/key-auth"] = {
+    schema = credentials_schema,
+    methods = {
+      GET = endpoints.get_collection_endpoint(
+              credentials_schema, consumers_schema, "consumer"),
+
+      POST = endpoints.post_collection_endpoint(
+              credentials_schema, consumers_schema, "consumer"),
+    },
+  },
+}
+```
+
+This code will create two Admin API endpoints in `/consumers/:consumers/key-auth`, to
+obtain (`GET`) and create (`POST`) credentials associated to a given consumer. On this example
+the functions are provided by the `kong.api.endpoints` library. If you want to see a more
+complete example, with custom code in functions, see
+[the `api.lua` file from the key-auth plugin](https://github.com/Kong/kong/blob/master/kong/plugins/key-auth/api.lua).
+
+The `endpoints` module currently contains the default implementation for the most usual CRUD
+operations used in Kong. This module provides you with helpers for any insert, retrieve,
+update or delete operations and performs the necessary DAO operations and replies with
+the appropriate HTTP status codes. It also provides you with functions to retrieve parameters from
+the path, such as an Service's name or id, or a Consumer's username or id.
+
+If `endpoints`-provided are functions not enough, a regular Lua function can be used instead. From there you can use:
+
+- Several functions provided by the `endpoints` module.
+- All the functionality provided by the [PDK](../../pdk)
+- The `self` parameter, which is the [Lapis request object](http://leafo.net/lapis/reference/actions.html#request-object).
+- And of course you can `require` any Lua modules if needed. Make sure they are compatible with OpenResty if you choose this route.
+
+``` lua
+local endpoints = require "kong.api.endpoints"
+
+local credentials_schema = kong.db.keyauth_credentials.schema
+local consumers_schema = kong.db.consumers.schema
+
+return {
+  ["/consumers/:consumers/key-auth/:keyauth_credentials"] = {
+    schema = credentials_schema,
+    methods = {
+      before = function(self, db, helpers)
+        local consumer, _, err_t = endpoints.select_entity(self, db, consumers_schema)
+        if err_t then
+          return endpoints.handle_error(err_t)
+        end
+        if not consumer then
+          return kong.response.exit(404, { message = "Not found" })
+        end
+
+        self.consumer = consumer
+
+        if self.req.method ~= "PUT" then
+          local cred, _, err_t = endpoints.select_entity(self, db, credentials_schema)
+          if err_t then
+            return endpoints.handle_error(err_t)
+          end
+
+          if not cred or cred.consumer.id ~= consumer.id then
+            return kong.response.exit(404, { message = "Not found" })
+          end
+          self.keyauth_credential = cred
+          self.params.keyauth_credentials = cred.id
+        end
+      end,
+      GET  = endpoints.get_entity_endpoint(credentials_schema),
+      PUT  = function(self, db, helpers)
+        self.args.post.consumer = { id = self.consumer.id }
+        return endpoints.put_entity_endpoint(credentials_schema)(self, db, helpers)
+      end,
+    },
+  },
+}
+```
+
+On the previous example, the `/consumers/:consumers/key-auth/:keyauth_credentials` path gets
+three functions:
+- The `before` function is a custom Lua function which uses several `endpoints`-provided utilities
+  (`endpoints.handle_error`) as well as PDK functions (`kong.response.exit`). It also populates
+  `self.consumer` for the subsequent functions to use.
+- The `GET` function is built entirely using `endpoints`. This is possible because the `before` has
+  "prepared" things in advance, like `self.consumer`.
+- The `PUT` function populates `self.args.post.consumer` before calling the `endpoints`-provided
+  `put_entity_endpoint` function.
+
+---
+
+Next: [Write tests for your plugin]({{page.book.next}})
+
+[Admin API]: /enterprise/{{page.kong_version}}/admin-api/
diff --git a/app/enterprise/0.35-x/plugin-development/custom-entities.md b/app/enterprise/0.35-x/plugin-development/custom-entities.md
new file mode 100644
index 000000000000..c8272133ce83
--- /dev/null
+++ b/app/enterprise/0.35-x/plugin-development/custom-entities.md
@@ -0,0 +1,645 @@
+---
+title: Plugin Development - Storing Custom Entities
+book: plugin_dev
+chapter: 6
+---
+
+## Introduction
+
+While not all plugins need it, your plugin might need to store more than
+its configuration in the database. In that case, Kong provides you with
+an abstraction on top of its primary datastores which allows you to store
+custom entities.
+
+As explained in the [previous chapter]({{page.book.previous}}), Kong interacts
+with the model layer through classes we refer to as "DAOs", and available on a
+singleton often referred to as the "DAO Factory". This chapter will explain how
+to to provide an abstraction for your own entities.
+
+## Modules
+
+```
+kong.plugins.<plugin_name>.daos
+kong.plugins.<plugin_name>.migrations.init
+kong.plugins.<plugin_name>.migrations.000_base_<plugin_name>
+kong.plugins.<plugin_name>.migrations.001_<from-version>_to_<to_version>
+kong.plugins.<plugin_name>.migrations.002_<from-version>_to_<to_version>
+```
+
+## Create the migrations folder
+
+Once you have defined your model, you must create your migration modules which
+will be executed by Kong to create the table in which your records of your
+entity will be stored.
+
+If your plugin is intended to support both Cassandra and Postgres, then both
+migrations must be written.
+
+If your plugin doesn't have it already, you should add a `<plugin_name>/migrations`
+folder to it. If there is no `init.lua` file inside already, you should create one.
+This is where all the migrations for your plugin will be referenced.
+
+The initial version of your `migrations/init.lua` file will point to a single migration.
+
+In this case we have called it `000_base_my_plugin`.
+
+``` lua
+-- `migrations/init.lua`
+return {
+  "000_base_my_plugin",
+}
+```
+
+This means that there will be a file in `<plugin_name>/migrations/000_base_my_plugin.lua`
+containing the initial migrations. We'll see how this is done in a minute.
+
+## Adding a new migration to an existing plugin
+
+Sometimes it is necessary to introduce changes after a version of a plugin has already been
+released. A new functionality might be needed. A database table row might need changing.
+
+When this happens, *you must* create a new migrations file. You *must not* of modify the
+existing migration files once they are published (you can still make them more robust and
+bulletproof if you want, e.g. always try to write the migrations reentrant).
+
+While there is no strict rule for naming your migration files, there is a convention that the
+initial one is prefixed by `000`, the next one by `001`, and so on.
+
+Following with our previous example, if we wanted to release a new version of the plugin with
+changes in the database (for example, a table was needed called `foo`) we would insert it by
+adding a file called `<plugin_name>/migrations/001_100_to_110.lua`, and referencing it on the
+migrations init file like so (where `100` is the previous version of the plugin `1.0.0` and
+`110` is the version to which plugin is migrated to `1.1.0`:
+
+
+``` lua
+-- `<plugin_name>/migrations/init.lua`
+return {
+  "000_base_my_plugin",
+  "001_100_to_110",
+}
+```
+
+## Migration File syntax
+
+While Kong's core migrations support both Postgres and Cassandra, custom plugins
+can choose to support either both of them or just one.
+
+A migration file is a Lua file which returns a table with the following structure:
+
+``` lua
+-- `<plugin_name>/migrations/000_base_my_plugin.lua`
+return {
+  postgresql = {
+    up = [[
+      CREATE TABLE IF NOT EXISTS "my_plugin_table" (
+        "id"           UUID                         PRIMARY KEY,
+        "created_at"   TIMESTAMP WITHOUT TIME ZONE,
+        "col1"         TEXT
+      );
+    
+      DO $$
+      BEGIN
+        CREATE INDEX IF NOT EXISTS "my_plugin_table_col1"
+                                ON "my_plugin_table" ("col1");
+      EXCEPTION WHEN UNDEFINED_COLUMN THEN
+        -- Do nothing, accept existing state
+      END$$;
+    ]],
+  },
+
+  cassandra = {
+    up = [[
+      CREATE TABLE IF NOT EXISTS my_plugin_table (
+        id          uuid PRIMARY KEY,
+        created_at  timestamp,
+        col1        text
+      );
+      
+      CREATE INDEX IF NOT EXISTS ON my_plugin_table (col1);
+    ]],
+  }
+}
+
+-- `<plugin_name>/migrations/001_100_to_110.lua`
+return {
+  postgresql = {
+    up = [[
+      DO $$
+      BEGIN
+        ALTER TABLE IF EXISTS ONLY "my_plugin_table" ADD "cache_key" TEXT UNIQUE;
+      EXCEPTION WHEN DUPLICATE_COLUMN THEN
+        -- Do nothing, accept existing state
+      END;
+    $$;
+    ]],
+    teardown = function(connector, helpers)
+      assert(connector:connect_migrations())
+      assert(connector:query([[
+        DO $$
+        BEGIN
+          ALTER TABLE IF EXISTS ONLY "my_plugin_table" DROP "col1";
+        EXCEPTION WHEN UNDEFINED_COLUMN THEN
+          -- Do nothing, accept existing state
+        END$$;
+      ]])
+    end,
+  },
+
+  cassandra = {
+    up = [[
+      ALTER TABLE my_plugin_table ADD cache_key text;
+      CREATE INDEX IF NOT EXISTS ON my_plugin_table (cache_key);
+    ]],
+    teardown = function(connector, helpers)
+      assert(connector:connect_migrations())
+      assert(connector:query("ALTER TABLE my_plugin_table DROP col1"))
+    end,
+  }
+}
+```
+
+If a plugin only supports Postgres or Cassandra, only the section for one strategy is
+needed. Each strategy section has two parts, `up` and `teardown`.
+
+* `up` is an optional string of raw SQL/CQL statements. Those statements will be executed
+  when `kong migrations up` is executed.
+* `teardown` is an optional Lua function, which takes a `connector` parameter. Such connector
+  can invoke the `query` method to execute SQL/CQL queries. Teardown is triggered by
+  `kong migrations finish`
+
+It is recommended that all the non-destructive operations, such as creation of new tables and
+addition of new records is done on the `up` sections, while destructive operations (such as
+removal of data, changing row types, insertion of new data) is done on the `teardown` sections.
+
+In both cases, it is recommended that all the SQL/CQL statements are written so that they are
+as reentrant as possible. `DROP TABLE IF EXISTS` instead of `DROP TABLE`,
+`CREATE INDEX IF NOT EXIST` instead of `CREATE INDEX`, etc. If a migration fails for some
+reason, it is expected that the first attempt at fixing the problem will be simply
+re-running the migrations.
+
+While Postgres does, Cassandra does not support constraints such as "NOT
+NULL", "UNIQUE" or "FOREIGN KEY", but Kong provides you with such features when
+you define your model's schema. Bear in mind that this schema will be the same
+for both Postgres and Cassandra, hence, you might trade-off a pure SQL schema
+for one that works with Cassandra too.
+
+**IMPORTANT**: if your `schema` uses a `unique` constraint, then Kong will
+enforce it for Cassandra, but for Postgres you must set this constraint in
+the migrations.
+
+To see a real-life example, give a look at the [Key-Auth plugin migrations](https://github.com/Kong/kong/tree/{{page.kong_version}}/kong/plugins/key-auth/migrations).
+
+---
+
+## Defining a Schema
+
+The first step to using custom entities in a custom plugin is defining one
+or more *schemas*.
+
+A schema is a Lua table which describes entities. There's structural information
+like how are the different fields of the entity named and what are their types,
+which is similar to the fields describing your [plugin
+configuration]({{page.book.chapters.plugin-configuration}})).
+Compared to plugin configuration schemas, custom entity schemas require
+additional metadata (e.g. which field, or fields, constitute the entities'
+primary key).
+
+Schemas are to be defined in a module named:
+
+```
+kong.plugins.<plugin_name>.daos
+```
+
+Meaning that there should be a file called `<plugin_name>/daos.lua` inside your
+plugin folder. The `daos.lua` file should return a table containing one or more
+schemas. For example:
+
+```lua
+-- daos.lua
+local typedefs = require "kong.db.schema.typedefs"
+
+
+return {
+  -- this plugin only results in one custom DAO, named `keyauth_credentials`:
+  keyauth_credentials = {
+    name               = "keyauth_credentials", -- the actual table in the database
+    endpoint_key       = "key",
+    primary_key        = { "id" },
+    cache_key          = { "key" },
+    generate_admin_api = true,
+    fields = {
+      {
+        -- a value to be inserted by the DAO itself
+        -- (think of serial id and the uniqueness of such required here)
+        id = typedefs.uuid,
+      },
+      {
+        -- also interted by the DAO itself
+        created_at = typedefs.auto_timestamp_s,
+      },
+      {
+        -- a foreign key to a consumer's id
+        consumer = {
+          type      = "foreign",
+          reference = "consumers",
+          default   = ngx.null,
+          on_delete = "cascade",
+        },
+      },
+      {
+        -- a unique API key
+        key = {
+          type      = "string",
+          required  = false,
+          unique    = true,
+          auto      = true,
+        },
+      },
+    },
+  },
+}
+```
+
+This example `daos.lua` file introduces a single schema called `keyauth_credentials`.
+
+Here is a description of some top-level properties:
+
+<table>
+<tbody>
+<tr><th>Name</th><th>Type</th><th>Description</th></tr>
+<tr>
+  <td><code>name</code></td>
+  <td><code>string</code> (required)</td>
+  <td>It will be used to determine the DAO name (<code>kong.db.[name]</code>).</td>
+</tr>
+<tr>
+  <td><code>primary_key</code></td>
+  <td><code>table</code> (required)</td>
+  <td>
+    Field names forming the entity's primary key.
+    Schemas support composite keys, even if most Kong core entities currently use an UUID named
+    <code>id</code>. If you are using Cassandra and need a composite key, it should have the same
+    fields as the partition key.
+  </td>
+</tr>
+<tr>
+<td><code>endpoint_key</code></td>
+  <td><code>string</code> (optional)</td>
+  <td>
+    The name of the field used as an alternative identifier on the Admin API.
+    On the example above, <code>key</code> is the endpoint_key. This means that a credential with
+    <code>id = 123</code> and <code>key = "foo"</code> could be referenced as both
+    <code>/keyauth_credentials/123</code> and <code>/keyauth_credentials/foo</code>.
+  </td>
+</tr>
+<tr>
+  <td><code>cache_key</code></td>
+  <td><code>table</code> (optional)</td>
+  <td>
+    Contains the name of the fields used for generating the <code>cache_key</code>, a string which must
+    unequivocally identify the entity inside Kong's cache. A unique field, like <code>key</code> in your example,
+    is usually good candidate. In other cases a combination of several fields is preferable.
+  </td>
+</tr>
+<tr>
+  <td><code>fields</code></td>
+  <td><code>table</code></td>
+  <td>
+    Each field definition is a table with a single key, which is the field's name. The table value is
+    a subtable containing the field's <em>attributes</em>, some of which will be explained below.
+  </td>
+</tr>
+</tbody>
+</table>
+
+Many field attributes encode *validation rules*. When attempting to insert or update entities using
+the DAO, these validations will be checked, and an error returned if the provided input doesn't conform
+to them.
+
+The `typedefs` variable (obtained by requiring `kong.db.schema.typedefs`) is a table containing
+a lot of useful type definitions and aliases, including `typedefs.uuid`, the most usual type for the primary key,
+and `typedefs.auto_timestamp_s`, for `created_at` fields. It is used extensively when defining fields.
+
+Here's a non-exhaustive explanation of some of the field attributes available:
+
+<table>
+<tbody>
+<tr><th>Attribute name</th><th>type</th><th>Description</th></tr>
+<tr>
+  <td><code>type</code></td>
+  <td><code>string</code></td>
+  <td>
+    Schemas support the following scalar types: <code>"string"</code>, <code>"integer"</code>, <code>"number"</code> and
+    <code>"boolean"</code>. Compound types like <code>"array"</code>, <code>"record"</code>, or <code>"set"</code> are
+    also supported.<br><br>
+
+    In additon to these values, the <code>type</code> attribute can also take the special <code>"foreign"</code> value,
+    which denotes a foreign relationship.<br><br>
+
+    Each field will need to be backed by database fields of appropriately similar types, created via migrations.<br><br>
+
+    <code>type</code> is the only required attribute for all field definitions.
+  </td>
+</tr>
+<tr>
+  <td><code>default</code></td>
+  <td><code>any</code> (matching with <code>type</code> attribute)</td>
+  <td>
+    Specifies the value the field will have when attempting to insert it, if no value was provided.
+    Default values are always set via Lua, never by the underlying database. It is thus not recommended to set
+    any default values on fields in migrations.
+  </td>
+</tr>
+<tr>
+  <td><code>required</code></td>
+  <td><code>boolean</code></td>
+  <td>
+    When set to <code>true</code> on a field, an error will be thrown when attempting to insert an entity lacking a value
+    for said field (unless the field in question has a default value).
+  </td>
+</tr>
+<tr>
+  <td><code>unique</code></td>
+  <td><code>boolean</code></td>
+  <td>
+  <p>When set to <code>true</code> on a field, an error will be thrown when attempting to insert an entity on the database,
+    but another entity already has the given value on said field.</p>
+
+  <p>This attribute <em>must</em> be backed up by declaring fields as <code>UNIQUE</code> in migrations when using
+    PostgreSQL. The Cassandra strategy does a check in Lua before attempting inserts, so it doesn't require any special treatment.
+  </p>
+  </td>
+</tr>
+<tr>
+  <td><code>auto</code></td>
+  <td><code>boolean</code></td>
+  <td>
+  When attempting to insert an entity without providing a value for this a field where <code>auto</code> is set to <code>true</code>,
+  <br><br>
+  <ul>
+    <li>If <code>type == "uuid"</code>, the field will take a random UUID as value.</li>
+    <li>If <code>type == "string"</code>, the field will take a random string.</li>
+    <li>If the field name is <code>created_at</code> or <code>updated_at</code>, the field will take the current time when
+    inserting / updating, as appropriate.</li>
+  </ul>
+  </td>
+</tr>
+<tr>
+  <td><code>reference</code></td>
+  <td><code>string</code></td>
+  <td>Required for fields of type <code>foreign</code>. The given string <em>must</em> be the name of an existing schema,
+    to which the foreign key will "point to". This means that if a schema B has a foreign key pointing to schema A,
+    then A needs to be loaded before B.
+  </td>
+</tr>
+<tr>
+  <td><code>on_delete</code></td>
+  <td><code>string</code></td>
+  <td>
+    Optional and exclusive for fields of type <code>foreign</code>. It dictates what must happen
+    with entities linked by a foreign key when the entity being referenced is deleted. It can have three possible
+    values:<br><br>
+
+    <ul>
+      <li><code>"cascade"</code>: When the linked entity is deleted, all the dependent entities must also be deleted.</li>
+      <li><code>"null"</code>: When the linked entity is deleted, all the dependent entities will have their foreign key
+      field set to <code>null</code>.</li>
+      <li><code>"restrict"</code>: Attempting to delete an entity with linked entities will result in an error.</li>
+    </ul>
+
+    <br><br>
+    In Cassandra this is handled with pure Lua code, but in PostgreSQL it will be necessary to declare the references
+    as <code>ON DELETE CASCADE/NULL/RESTRICT</code> in a migration.
+  </td>
+</tr>
+</tbody>
+</table>
+
+
+To learn more about schemas, see:
+
+* The source code of [typedefs.lua](https://github.com/Kong/kong/blob/{{page.kong_version | replace: "x", "0"}}/kong/db/schema/typedefs.lua)
+  to get an idea of what's provided there by default.
+* [The Core Schemas](https://github.com/Kong/kong/tree/{{page.kong_version | replace: "x", "0"}}/kong/db/schema/entities)
+  to see examples of some other field attributes not discussed here.
+* [All the `daos.lua` files for embedded plugins](https://github.com/search?utf8=%E2%9C%93&q=repo%3Akong%2Fkong+path%3A%2Fkong%2Fplugins+filename%3Adaos.lua),
+  especially [the key-auth one](https://github.com/Kong/kong/blob/{{page.kong_version | replace: "x", "0"}}/kong/plugins/key-auth/daos.lua),
+  which was used for this guide as an example.
+
+---
+
+## The custom DAO
+
+The schemas are not used directly to interact with the database. Instead, a DAO
+is built for each valid schema. A DAO takes the name of the schema it wraps, and is
+accessible through the `kong.db` interface.
+
+For the example schema above, the DAO generated would be available for plugins
+via `kong.db.keyauth_credentials`.
+
+### Selecting an entity
+
+``` lua
+local entity, err, err_t = kong.db.<name>:select(primary_key)
+```
+
+Attempts to find an entity in the database and return it. Three things can happen:
+
+* The entity was found. In this case, it is returned as a regular Lua table.
+* An error occurred - for example the connection with the database was lost. In that
+  case the first returned value will be `nil`, the second one will be a string
+  describing the error, and the last one will be the same error in table form.
+* An error does not occur but the entity is not found. Then the function will
+  just return `nil`, with no error.
+
+Example of usage:
+
+``` lua
+local entity, err = kong.db.keyauth_credentials:select({
+  id = "c77c50d2-5947-4904-9f37-fa36182a71a9"
+})
+
+if err then
+  kong.log.err("Error when inserting keyauth credential: " .. err)
+  return nil
+end
+
+if not entity then
+  kong.log.err("Could not find credential.")
+  return nil
+end
+```
+
+### Iterating over all the entities
+
+``` lua
+for entity, err on kong.db.<name>:each(entities_per_page) do
+  if err then
+    ...
+  end
+  ...
+end
+```
+
+This method efficiently iterates over all the entities in the database by making paginated
+requests. The `entities_per_page` parameter, which defaults to `100`, controls how many
+entities per page are returned.
+
+On each iteration, a new `entity` will be returned or, if there is any error, the `err`
+variable will be filled up with an error. The recommended way to iterate is checking `err` first,
+and otherwise assume that `entity` is present.
+
+Example of usage:
+
+``` lua
+for credential, err on kong.db.keyauth_credentials:each(1000) do
+  if err then
+    kong.log.err("Error when iterating over keyauth credentials: " .. err)
+    return nil
+  end
+
+  kong.log("id: " .. credential.id)
+end
+```
+
+This example iterates over the credentials in pages of 1000 items, logging their ids unless
+an error happens.
+
+### Inserting an entity
+
+``` lua
+local entity, err, err_t = kong.db.<name>:insert(<values>)
+```
+
+Inserts an entity in the database, and returns a copy of the inserted entity, or
+`nil`, an error message (a string) and a table describing the error in table form.
+
+When the insert is successful, the returned entity contains the extra values produced by
+`default` and `auto`.
+
+The following example uses the `keyauth_credentials` DAO to insert a credential for a given
+Consumer, setting its `key` to `"secret"`. Notice the syntax for referencing foreign keys.
+
+``` lua
+local entity, err = kong.db.keyauth_credentials:insert({
+  consumer = { id = "c77c50d2-5947-4904-9f37-fa36182a71a9" },
+  key = "secret",
+})
+
+if not entity then
+  kong.log.err("Error when inserting keyauth credential: " .. err)
+  return nil
+end
+```
+
+The returned entity, assuming no error happened will have `auto`-filled fields, like `id` and `created_at`.
+
+### Updating an entity
+
+``` lua
+local entity, err, err_t = kong.db.<name>:update(primary_key, <values>)
+```
+
+Updates an existing entity, provided it can be found using the provided primary key and a set of values.
+
+The returned entity will be the entity after the update takes place, or `nil` + an error message + an error table.
+
+The following example modifies the `key` field of an existing credential given the credential's id:
+
+``` lua
+local entity, err = kong.db.keyauth_credentials:update({
+  { id = "2b6a2022-770a-49df-874d-11e2bf2634f5" },
+  { key = "updated_secret" },
+})
+
+if not entity then
+  kong.log.err("Error when updating keyauth credential: " .. err)
+  return nil
+end
+```
+
+Notice how the syntax for specifying a primary key is similar to the one used to specify a foreign key.
+
+### Upserting an entity
+
+``` lua
+local entity, err, err_t = kong.db.<name>:upsert(primary_key, <values>)
+```
+
+`upsert` is a mixture of `insert` and `update`:
+
+* When the provided `primary_key` identifies an existing entity, it works like `update`.
+* When the provided `primary_key` does not identify an existing entity, it works like `insert`
+
+Given this code:
+
+``` lua
+local entity, err = kong.db.keyauth_credentials:upsert({
+  { id = "2b6a2022-770a-49df-874d-11e2bf2634f5" },
+  { consumer = { id = "a96145fb-d71e-4c88-8a5a-2c8b1947534c" } },
+})
+
+if not entity then
+  kong.log.err("Error when upserting keyauth credential: " .. err)
+  return nil
+end
+```
+
+Two things can happen:
+
+* If a credential with id `2b6a2022-770a-49df-874d-11e2bf2634f5` exists,
+  then this code will attempt to set its Consumer to the provided one.
+* If the credential does not exist, then this code is attempting to create
+  a new credential, with the given id and Consumer.
+
+### Deleting an entity
+
+``` lua
+local ok, err, err_t = kong.db.<name>:delete(primary_key)
+```
+
+Attempts to delete the entity identified by `primary_key`. It returns `true`
+if the entity *doesn't exist* after calling this method, or `nil` + error +
+error table if an error is detected.
+
+Notice that calling `delete` will succeed if the entity didn't exist *before
+calling it*. This is for performance reasons - we want to avoid doing a
+read-before-delete if we can avoid it. If you want to do this check, you
+must do it manually, by checking with `select` before invoking `delete`.
+
+Example:
+
+``` lua
+local ok, err = kong.db.keyauth_credentials:delete({
+  { id = "2b6a2022-770a-49df-874d-11e2bf2634f5" }
+})
+
+if not ok then
+  kong.log.err("Error when deleting keyauth credential: " .. err)
+  return nil
+end
+```
+
+---
+
+## Caching custom entities
+
+Sometimes custom entities are required on every request/response, which in turn
+triggers a query on the datastore every time. This is very inefficient because
+querying the datastore adds latency and slows the request/response down, and
+the resulting increased load on the datastore could affect the datastore
+performance itself and, in turn, other Kong nodes.
+
+When a custom entity is required on every request/response it is good practice
+to cache it in-memory by leveraging the in-memory cache API provided by Kong.
+
+The next chapter will focus on caching custom entities, and invalidating them
+when they change in the datastore: [Caching custom entities]({{page.book.next}}).
+
+---
+
+Next: [Caching custom entities &rsaquo;]({{page.book.next}})
+
+[Admin API]: /enterprise/{{page.kong_version}}/admin-api/
+[Plugin Development Kit]: /enterprise/{{page.kong_version}}/pdk
diff --git a/app/enterprise/0.35-x/plugin-development/custom-logic.md b/app/enterprise/0.35-x/plugin-development/custom-logic.md
new file mode 100644
index 000000000000..b8374194de2d
--- /dev/null
+++ b/app/enterprise/0.35-x/plugin-development/custom-logic.md
@@ -0,0 +1,302 @@
+---
+title: Plugin Development - Implementing Custom Logic
+book: plugin_dev
+chapter: 3
+---
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> This chapter assumes that you are familiar with
+  <a href="http://www.lua.org/">Lua</a>.
+</div>
+
+## Introduction
+
+A Kong plugin allows you to inject custom logic (in Lua) at several
+entry-points in the life-cycle of a request/response or a tcp stream
+connection as it is proxied by Kong. To do so, one must implement one
+or several of the methods of the `base_plugin.lua` interface. Those
+methods are to be implemented in a module namespaced under:
+`kong.plugins.<plugin_name>.handler`
+
+## Module
+
+```
+kong.plugins.<plugin_name>.handler
+```
+
+## Available contexts
+
+The plugins interface allows you to override any of the following methods in
+your `handler.lua` file to implement custom logic at various entry-points
+of the execution life-cycle of Kong:
+
+- **[HTTP Module]** *is used for plugins written for HTTP/HTTPS requests*
+
+| Function name      | Phase             | Description
+|--------------------|-------------------|------------
+| `:init_worker()`   | [init_worker]     | Executed upon every Nginx worker process's startup.
+| `:certificate()`   | [ssl_certificate] | Executed during the SSL certificate serving phase of the SSL handshake.
+| `:rewrite()`       | [rewrite]         | Executed for every request upon its reception from a client as a rewrite phase handler. *NOTE* in this phase neither the `Service` nor the `Consumer` have been identified, hence this handler will only be executed if the plugin was configured as a global plugin!
+| `:access()`        | [access]          | Executed for every request from a client and before it is being proxied to the upstream service.
+| `:header_filter()` | [header_filter]   | Executed when all response headers bytes have been received from the upstream service.
+| `:body_filter()`   | [body_filter]     | Executed for each chunk of the response body received from the upstream service. Since the response is streamed back to the client, it can exceed the buffer size and be streamed chunk by chunk. hence this method can be called multiple times if the response is large. See the [lua-nginx-module] documentation for more details.
+| `:log()`           | [log]             | Executed when the last response byte has been sent to the client.
+
+- **[Stream Module]** *is used for plugins written for TCP stream connections*
+
+| Function name      | Phase                                                                        | Description
+|--------------------|------------------------------------------------------------------------------|------------
+| `:init_worker()`   | [init_worker]                                                                | Executed upon every Nginx worker process's startup.
+| `:preread()`       | [preread]                                                                    | Executed once for every connection.
+| `:log()`           | [log](https://github.com/openresty/stream-lua-nginx-module#log_by_lua_block) | Executed once for each connection after it has been closed.
+
+All of those functions, except `init_worker`, take one parameter which is given
+by Kong upon its invocation: the configuration of your plugin. This parameter
+is a Lua table, and contains values defined by your users, according to your
+plugin's schema (described in the `schema.lua` module). More on plugins schemas
+in the [next chapter]({{page.book.next}}).
+
+[HTTP Module]: https://github.com/openresty/lua-nginx-module
+[Stream Module]: https://github.com/openresty/stream-lua-nginx-module
+[init_worker]: https://github.com/openresty/lua-nginx-module#init_worker_by_lua_by_lua_block
+[ssl_certificate]: https://github.com/openresty/lua-nginx-module#ssl_certificate_by_lua_block
+[rewrite]: https://github.com/openresty/lua-nginx-module#rewrite_by_lua_block
+[access]: https://github.com/openresty/lua-nginx-module#access_by_lua_block
+[header_filter]: https://github.com/openresty/lua-nginx-module#header_filter_by_lua_block
+[body_filter]: https://github.com/openresty/lua-nginx-module#body_filter_by_lua_block
+[log]: https://github.com/openresty/lua-nginx-module#log_by_lua_block
+[preread]: https://github.com/openresty/stream-lua-nginx-module#preread_by_lua_block
+
+---
+
+## handler.lua specifications
+
+The `handler.lua` file must return a table implementing the functions you wish
+to be executed. In favor of brevity, here is a commented example module
+implementing all the available methods of both modules (please note some
+of them are shared between modules, like `log`):
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> Kong uses the
+  <a href="https://github.com/rxi/classic">rxi/classic</a> module to simulate
+  classes in Lua and ease the inheritance pattern.
+</div>
+
+```lua
+-- Extending the Base Plugin handler is optional, as there is no real
+-- concept of interface in Lua, but the Base Plugin handler's methods
+-- can be called from your child implementation and will print logs
+-- in your `error.log` file (where all logs are printed).
+local BasePlugin = require "kong.plugins.base_plugin"
+
+
+local CustomHandler = BasePlugin:extend()
+
+
+CustomHandler.VERSION  = "1.0.0"
+CustomHandler.PRIORITY = 10
+
+
+-- Your plugin handler's constructor. If you are extending the
+-- Base Plugin handler, it's only role is to instantiate itself
+-- with a name. The name is your plugin name as it will be printed in the logs.
+function CustomHandler:new()
+  CustomHandler.super.new(self, "my-custom-plugin")
+end
+
+function CustomHandler:init_worker()
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.init_worker(self)
+
+  -- Implement any custom logic here
+end
+
+
+function CustomHandler:preread(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.preread(self)
+
+  -- Implement any custom logic here
+end
+
+
+function CustomHandler:certificate(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.certificate(self)
+
+  -- Implement any custom logic here
+end
+
+function CustomHandler:rewrite(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.rewrite(self)
+
+  -- Implement any custom logic here
+end
+
+function CustomHandler:access(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.access(self)
+
+  -- Implement any custom logic here
+end
+
+function CustomHandler:header_filter(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.header_filter(self)
+
+  -- Implement any custom logic here
+end
+
+function CustomHandler:body_filter(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.body_filter(self)
+
+  -- Implement any custom logic here
+end
+
+function CustomHandler:log(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.log(self)
+
+  -- Implement any custom logic here
+end
+
+-- This module needs to return the created table, so that Kong
+-- can execute those functions.
+return CustomHandler
+```
+
+Of course, the logic of your plugin itself can be abstracted away in another
+module, and called from your `handler` module. Many existing plugins have
+already chosen this pattern when their logic is verbose, but it is purely
+optional:
+
+```lua
+local BasePlugin = require "kong.plugins.base_plugin"
+
+-- The actual logic is implemented in those modules
+local access = require "kong.plugins.my-custom-plugin.access"
+local body_filter = require "kong.plugins.my-custom-plugin.body_filter"
+
+
+local CustomHandler = BasePlugin:extend()
+
+
+CustomHandler.VERSION  = "1.0.0"
+CustomHandler.PRIORITY = 10 
+
+
+function CustomHandler:new()
+  CustomHandler.super.new(self, "my-custom-plugin")
+end
+
+function CustomHandler:access(config)
+  CustomHandler.super.access(self)
+
+  -- Execute any function from the module loaded in `access`,
+  -- for example, `execute()` and passing it the plugin's configuration.
+  access.execute(config)
+end
+
+function CustomHandler:body_filter(config)
+  CustomHandler.super.body_filter(self)
+
+  -- Execute any function from the module loaded in `body_filter`,
+  -- for example, `execute()` and passing it the plugin's configuration.
+  body_filter.execute(config)
+end
+
+
+return CustomHandler
+```
+
+See [the source code of the Key-Auth plugin](https://github.com/Kong/kong/blob/master/kong/plugins/key-auth/handler.lua)
+for an example of a real-life handler code.
+
+---
+
+## Plugin Development Kit
+
+Logic implemented in those phases will most likely have to interact with the
+request/response objects or core components (e.g. access the cache, and
+database). Kong provides a [Plugin Development Kit][pdk] (or "PDK") for such
+purposes: a set of Lua functions and variables that can be used by plugins to
+execute various gateway operations in a way that is guaranteed to be
+forward-compatible with future releases of Kong.
+
+When you are trying to implement some logic that needs to interact with Kong
+(e.g. retrieving request headers, producing a response from a plugin, logging
+some error or debug information), you should consult the [Plugin Development
+Kit Reference][pdk].
+
+---
+
+## Plugins execution order
+
+Some plugins might depend on the execution of others to perform some
+operations. For example, plugins relying on the identity of the consumer have
+to run **after** authentication plugins. Considering this, Kong defines
+**priorities** between plugins execution to ensure that order is respected.
+
+Your plugin's priority can be configured via a property accepting a number in
+the returned handler table:
+
+```lua
+CustomHandler.PRIORITY = 10
+```
+
+The higher the priority, the sooner your plugin's phases will be executed in
+regard to other plugins' phases (such as `:access()`, `:log()`, etc.).
+
+The current order of execution for the bundled plugins is:
+
+Plugin                      | Priority
+----------------------------|----------
+pre-function                | `+inf`
+zipkin                      | 100000
+ip-restriction              | 3000
+bot-detection               | 2500
+cors                        | 2000
+kubernetes-sidecar-injector | 1006
+jwt                         | 1005
+oauth2                      | 1004
+key-auth                    | 1003
+ldap-auth                   | 1002
+basic-auth                  | 1001
+hmac-auth                   | 1000
+request-size-limiting       | 951
+acl                         | 950
+rate-limiting               | 901
+response-ratelimiting       | 900
+request-transformer         | 801
+response-transformer        | 800
+aws-lambda                  | 750
+azure-functions             | 749
+prometheus                  | 13
+http-log                    | 12
+statsd                      | 11
+datadog                     | 10
+file-log                    | 9
+udp-log                     | 8
+tcp-log                     | 7
+loggly                      | 6
+syslog                      | 4
+request-termination         | 2
+correlation-id              | 1
+post-function               | -1000
+
+---
+
+Next: [Plugin configuration &rsaquo;]({{page.book.next}})
+
+[lua-nginx-module]: https://github.com/openresty/lua-nginx-module
+[pdk]: /enterprise/{{page.kong_version}}/pdk
diff --git a/app/enterprise/0.35-x/plugin-development/distribution.md b/app/enterprise/0.35-x/plugin-development/distribution.md
new file mode 100644
index 000000000000..a63ab29f98e5
--- /dev/null
+++ b/app/enterprise/0.35-x/plugin-development/distribution.md
@@ -0,0 +1,306 @@
+---
+title: Plugin Development - (un)Installing your plugin
+book: plugin_dev
+chapter: 10
+---
+
+## Introduction
+
+Custom plugins for Kong consist of Lua source files that need to be in the file
+system of each of your Kong nodes. This guide will provide you with
+step-by-step instructions that will make a Kong node aware of your custom
+plugin(s).
+
+These steps should be applied to each node in your Kong cluster, to ensure the
+custom plugin(s) are available on each one of them.
+
+## Packaging sources
+
+You can either use a regular packing strategy (e.g. `tar`), or use the LuaRocks
+package manager to do it for you. We recommend LuaRocks as it is installed
+along with Kong when using one of the official distribution packages.
+
+When using LuaRocks, you must create a `rockspec` file, which specifies the
+package contents. For an example see the [Kong plugin
+template][plugin-template], for more info about the format see the LuaRocks
+[documentation on rockspecs][rockspec].
+
+Pack your rock using the following command (from the plugin repo):
+
+    # install it locally (based on the `.rockspec` in the current directory)
+    $ luarocks make
+
+    # pack the installed rock
+    $ luarocks pack <plugin-name> <version>
+
+Assuming your plugin rockspec is called
+`kong-plugin-my-plugin-0.1.0-1.rockspec`, the above would become;
+
+    $ luarocks pack kong-plugin-my-plugin 0.1.0-1
+
+The LuaRocks `pack` command has now created a `.rock` file (this is simply a
+zip file containing everything needed to install the rock).
+
+If you do not or cannot use LuaRocks, then use `tar` to pack the
+`.lua` files of which your plugin consists into a `.tar.gz` archive. You can
+also include the `.rockspec` file if you do have LuaRocks on the target
+systems.
+
+The contents of this archive should be close to the following:
+
+    $ tree <plugin-name>
+    <plugin-name>
+    ├── INSTALL.txt
+    ├── README.md
+    ├── kong
+    │   └── plugins
+    │       └── <plugin-name>
+    │           ├── handler.lua
+    │           └── schema.lua
+    └── <plugin-name>-<version>.rockspec
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Installing the plugin
+
+For a Kong node to be able to use the custom plugin, the custom plugin's Lua
+sources must be installed on your host's file system. There are multiple ways
+of doing so: via LuaRocks, or manually. Choose one, and jump to section 3.
+
+1. Via LuaRocks from the created 'rock'
+
+    The `.rock` file is a self contained package that can be installed locally
+    or from a remote server.
+
+    If the `luarocks` utility is installed in your system (this is likely the
+    case if you used one of the official installation packages), you can
+    install the 'rock' in your LuaRocks tree (a directory in which LuaRocks
+    installs Lua modules).
+
+    It can be installed by doing:
+
+        $ luarocks install <rock-filename>
+
+    The filename can be a local name, or any of the supported methods, eg.
+    `http://myrepository.lan/rocks/my-plugin-0.1.0-1.all.rock`
+
+2. Via LuaRocks from the source archive
+
+    If the `luarocks` utility is installed in your system (this is likely the
+    case if you used one of the official installation packages), you can
+    install the Lua sources in your LuaRocks tree (a directory in which
+    LuaRocks installs Lua modules).
+
+    You can do so by changing the current directory to the extracted archive,
+    where the rockspec file is:
+
+        $ cd <plugin-name>
+
+    And then run the following:
+
+        $ luarocks make
+
+    This will install the Lua sources in `kong/plugins/<plugin-name>` in your
+    system's LuaRocks tree, where all the Kong sources are already present.
+
+3. Manually
+
+    A more conservative way of installing your plugin's sources is
+    to avoid "polluting" the LuaRocks tree, and instead, point Kong
+    to the directory containing them.
+
+    This is done by tweaking the `lua_package_path` property of your Kong
+    configuration. Under the hood, this property is an alias to the `LUA_PATH`
+    variable of the Lua VM, if you are familiar with it.
+
+    Those properties contain a semicolon-separated list of directories in
+    which to search for Lua sources. It should be set like so in your Kong
+    configuration file:
+
+        lua_package_path = /<path-to-plugin-location>/?.lua;;
+
+    Where:
+
+    * `/<path-to-plugin-location>` is the path to the directory containing the
+      extracted archive. It should be the location of the `kong` directory
+      from the archive.
+    * `?` is a placeholder that will be replaced by
+      `kong.plugins.<plugin-name>` when Kong will try to load your plugin. Do
+      not change it.
+    * `;;` a placeholder for the "the default Lua path". Do not change it.
+
+    Example:
+
+    The plugin `something` being located on the file system such that the
+    handler file is:
+
+        /usr/local/custom/kong/plugins/<something>/handler.lua
+
+    The location of the `kong` directory is: `/usr/local/custom`, hence the
+    proper path setup would be:
+
+        lua_package_path = /usr/local/custom/?.lua;;
+
+    Multiple plugins:
+
+    If you wish to install two or more custom plugins this way, you can set
+    the variable to something like:
+
+        lua_package_path = /path/to/plugin1/?.lua;/path/to/plugin2/?.lua;;
+
+    * `;` is the separator between directories.
+    * `;;` still means "the default Lua path".
+
+    Note: you can also set this property via its environment variable
+    equivalent: `KONG_LUA_PACKAGE_PATH`.
+
+Reminder: regardless of which method you are using to install your plugin's
+sources, you must still do so for each node in your Kong cluster.
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Load the plugin
+
+You must now add the custom plugin's name to the `plugins` list in your
+Kong configuration (on each Kong node):
+
+    plugins = bundled,<plugin-name>
+
+Or, if you don't want to include the bundled plugins:
+
+    plugins = <plugin-name>
+
+
+If you are using two or more custom plugins, insert commas in between, like so:
+
+    plugins = bundled,plugin1,plugin2
+
+Or
+
+    plugins = plugin1,plugin2
+
+Note: you can also set this property via its environment variable equivalent:
+`KONG_PLUGINS`.
+
+Reminder: don't forget to update the `plugins` directive for each node
+in your Kong cluster.
+
+Reminder: the plugin will take effect after restart kong:
+    
+    kong restart
+
+But, if you want to apply plugin while kong never stop, you can use this:
+
+    kong prepare
+    kong reload
+    
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Verify loading the plugin
+
+You should now be able to start Kong without any issue. Consult your custom
+plugin's instructions on how to enable/configure your plugin
+on a Service, Route, or Consumer entity.
+
+To make sure your plugin is being loaded by Kong, you can start Kong with a
+`debug` log level:
+
+    log_level = debug
+
+or:
+
+    KONG_LOG_LEVEL=debug
+
+Then, you should see the following log for each plugin being loaded:
+
+    [debug] Loading plugin <plugin-name>
+
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Removing a plugin
+
+There are three steps to completely remove a plugin.
+
+1. Remove the plugin from your Kong Service or Route configuration. Make sure
+   that it is no longer applied globally nor for any Service, Route, or
+   consumer. This has to be done only once for the entire Kong cluster, no
+   restart/reload required.  This step in itself will make that the plugin is
+   no longer in use. But it remains available and it is still possible to
+   re-apply the plugin.
+
+2. Remove the plugin from the `plugins` directive (on each Kong node).
+   Make sure to have completed step 1 before doing so. After this step
+   it will be impossible for anyone to re-apply the plugin to any Kong
+   Service, Route, Consumer, or even globally. This step requires to
+   restart/reload the Kong node to take effect.
+
+3. To remove the plugin thoroughly, delete the plugin-related files from
+   each of the Kong nodes. Make sure to have completed step 2, including
+   restarting/reloading Kong, before deleting the files. If you used LuaRocks
+   to install the plugin, you can do `luarocks remove <plugin-name>` to remove
+   it.
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Distributing your plugin
+
+The preferred way to do so is to use [LuaRocks](https://luarocks.org/), a
+package manager for Lua modules. It calls such modules "rocks". **Your module
+does not have to live inside the Kong repository**, but it can be if that's
+how you'd like to maintain your Kong setup.
+
+By defining your modules (and their eventual dependencies) in a [rockspec]
+file, you can install those modules on your platform via LuaRocks. You can
+also upload your module on LuaRocks and make it available to everyone!
+
+Here is an example rockspec which would use the "builtin" build type to define
+modules in Lua notation and their corresponding file:
+
+
+For an example see the [Kong plugin template][plugin-template], for more info
+about the format see the LuaRocks [documentation on rockspecs][rockspec].
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Troubleshooting
+
+Kong can fail to start because of a misconfigured custom plugin for several
+reasons:
+
+* "plugin is in use but not enabled" -> You configured a custom plugin from
+  another node, and that the plugin configuration is in the database, but the
+  current node you are trying to start does not have it in its `plugins`
+  directive. To resolve, add the plugin's name to the node's `plugins`
+  directive.
+
+* "plugin is enabled but not installed" -> The plugin's name is present in the
+  `plugins` directive, but that Kong is unable to load the `handler.lua`
+  source file from the file system. To resolve, make sure that the
+  [lua_package_path](/{{page.kong_version}}/property-reference/#development-miscellaneous-section)
+  directive is properly set to load this plugin's Lua sources.
+
+* "no configuration schema found for plugin" -> The plugin is installed,
+  enabled in the `plugins` directive, but Kong is unable to load the
+  `schema.lua` source file from the file system. To resolve, make sure that
+  the `schema.lua` file is present alongside the plugin's `handler.lua` file.
+
+[Back to TOC](#table-of-contents)
+
+---
+
+[rockspec]: https://github.com/keplerproject/luarocks/wiki/Creating-a-rock
+[plugin-template]: https://github.com/Kong/kong-plugin
diff --git a/app/enterprise/0.35-x/plugin-development/entities-cache.md b/app/enterprise/0.35-x/plugin-development/entities-cache.md
new file mode 100644
index 000000000000..a948e746666b
--- /dev/null
+++ b/app/enterprise/0.35-x/plugin-development/entities-cache.md
@@ -0,0 +1,349 @@
+---
+title: Plugin Development - Caching Custom Entities
+book: plugin_dev
+chapter: 7
+---
+
+## Introduction
+
+Your plugin may need to frequently access custom entities (explained in the
+[previous chapter]({{page.book.previous}})) on every request and/or response.
+Usually, loading them once and caching them in-memory dramatically improves
+the performance while making sure the datastore is not stressed with an
+increased load.
+
+Think of an api-key authentication plugin that needs to validate the api-key on
+every request, thus loading the custom credential object from the datastore on
+every request. When the client provides an api-key along with the request,
+normally you would query the datastore to check if that key exists, and then
+either block the request or retrieve the Consumer ID to identify the user. This
+would happen on every request, and it would be very inefficient:
+
+* Querying the datastore adds latency on every request, making the request
+  processing slower.
+* The datastore would also be affected by an increase of load, potentially
+  crashing or slowing down, which in turn would affect every Kong
+  node.
+
+To avoid querying the datastore every time, we can cache custom entities
+in-memory on the node, so that frequent entity lookups don't trigger a
+datastore query every time (only the first time), but happen in-memory, which
+is much faster and reliable that querying it from the datastore (especially
+under heavy load).
+
+## Modules
+
+```
+kong.plugins.<plugin_name>.daos
+```
+
+## Caching custom entities
+
+Once you have defined your custom entities, you can cache them in-memory in
+your code by using the [kong.cache](/{{page.kong_version}}/pdk/#kong-cache)
+module provided by the [Plugin Development Kit]:
+
+```
+local cache = kong.cache
+```
+
+There are 2 levels of cache:
+
+1. L1: Lua memory cache - local to an Nginx worker process.
+   This can hold any type of Lua value.
+2. L2: Shared memory cache (SHM) - local to an Nginx node, but shared between
+   all the workers. This can only hold scalar values, and hence requires
+   (de)serialization of a more complex types such as Lua tables.
+
+When data is fetched from the database, it will be stored in both caches. 
+If the same worker process requests the data again, it will retrieve the
+previously deserialized data from the Lua memory cache. If a different
+worker within the same Nginx node requests that data, it will find the data
+in the SHM, deserialize it (and store it in its own Lua memory cache) and
+then return it.
+
+This module exposes the following functions:
+
+Function name                                 | Description
+----------------------------------------------|---------------------------
+`value, err = cache:get(key, opts?, cb, ...)` | Retrieves the value from the cache. If the cache does not have value (miss), invokes `cb` in protected mode. `cb` must return one (and only one) value that will be cached. It *can* throw errors, as those will be caught and properly logged by Kong, at the `ngx.ERR` level. This function **does** cache negative results (`nil`). As such, one must rely on its second argument `err` when checking for errors.
+`ttl, err, value = cache:probe(key)`          | Checks if a value is cached. If it is, returns its remaining ttl. It not, returns `nil`. The value being cached can also be a negative caching. The third return value is the value being cached itself.
+`cache:invalidate_local(key)`                 | Evicts a value from the node's cache.
+`cache:invalidate(key)`                       | Evicts a value from the node's cache **and** propagates the eviction events to all other nodes in the cluster.
+`cache:purge()`                               | Evicts **all** values from the node's cache.
+
+Bringing back our authentication plugin example, to lookup a credential with a
+specific api-key, we would write something similar to:
+
+```lua
+-- handler.lua
+local BasePlugin = require "kong.plugins.base_plugin"
+
+
+local kong = kong
+
+
+local function load_credential(key)
+  local credential, err = kong.db.keyauth_credentials:select_by_key(key)
+  if not credential then
+    return nil, err
+  end
+  return credential
+end
+
+
+local CustomHandler = BasePlugin:extend()
+
+
+CustomHandler.VERSION  = "1.0.0"
+CustomHandler.PRIORITY = 1010
+
+
+function CustomHandler:new()
+  CustomHandler.super.new(self, "my-custom-plugin")
+end
+
+
+function CustomHandler:access(config)
+  CustomHandler.super.access(self)
+  
+  -- retrieve the apikey from the request querystring
+  local key = kong.request.get_query_arg("apikey")
+
+  local credential_cache_key = kong.db.keyauth_credentials:cache_key(key)
+
+  -- We are using cache.get to first check if the apikey has been already
+  -- stored into the in-memory cache. If it's not, then we lookup the datastore
+  -- and return the credential object. Internally cache.get will save the value
+  -- in-memory, and then return the credential.
+  local credential, err = kong.cache:get(credential_cache_key, nil,
+                                         load_credential, credential_cache_key)
+  if err then
+    kong.log.err(err)
+    return kong.response.exit(500, {
+      message = "Unexpected error"
+    })
+  end
+    
+  if not credential then
+    -- no credentials in cache nor datastore
+    return kong.response.exit(401, {
+      message = "Invalid authentication credentials"
+    })
+  end
+    
+  -- set an upstream header if the credential exists and is valid
+  kong.service.request.set_header("X-API-Key", credential.apikey)
+end
+
+
+return CustomHandler
+```
+
+Note that in the above example, we use various components from the [Plugin
+Development Kit] to interact with the request, cache module, or even produce a
+response from our plugin.
+
+Now, with the above mechanism in place, once a Consumer has made a request with
+their API key, the cache will be considered warm and subsequent requests won't
+result in a database query.
+
+The cache is used in several places in the [Key-Auth plugin handler](https://github.com/Kong/kong/blob/master/kong/plugins/key-auth/handler.lua).
+Give that file a look in order to see how an official plugin uses the cache.
+
+### Updating or deleting a custom entity
+
+Every time a cached custom entity is updated or deleted in the datastore (i.e.
+using the Admin API), it creates an inconsistency between the data in the
+datastore, and the data cached in the Kong nodes' memory. To avoid this
+inconsistency, we need to evict the cached entity from the in-memory store and
+force Kong to request it again from the datastore. We refer to this process as
+cache invalidation.
+
+---
+
+## Cache invalidation for your entities
+
+If you wish that your cached entities be invalidated upon a CRUD operation
+rather than having to wait for them to reach their TTL, you have to follow a
+few steps. This process can be automated for most entities, but manually
+subscribing to some CRUD events might be required to invalidate some entities
+with more complex relationships.
+
+### Automatic cache invalidation
+
+Cache invalidation can be provided out of the box for your entities if you rely
+on the `cache_key` property of your entity's schema. For example, in the
+following schema:
+
+```lua
+local typedefs = require "kong.db.schema.typedefs"
+
+
+return {
+  -- this plugin only results in one custom DAO, named `keyauth_credentials`:
+  keyauth_credentials = {
+    name               = "keyauth_credentials", -- the actual table in the database
+    endpoint_key       = "key",
+    primary_key        = { "id" },
+    cache_key          = { "key" },
+    generate_admin_api = true,
+    fields = {
+      {
+        -- a value to be inserted by the DAO itself
+        -- (think of serial id and the uniqueness of such required here)
+        id = typedefs.uuid,
+      },
+      {
+        -- also interted by the DAO itself
+        created_at = typedefs.auto_timestamp_s,
+      },
+      {
+        -- a foreign key to a consumer's id
+        consumer = {
+          type      = "foreign",
+          reference = "consumers",
+          default   = ngx.null,
+          on_delete = "cascade",
+        },
+      },
+      {
+        -- a unique API key
+        key = {
+          type      = "string",
+          required  = false,
+          unique    = true,
+          auto      = true,
+        },
+      },
+    },
+  },
+}
+```
+
+We can see that we declare the cache key of this API key entity to be its
+`key` attribute. We use `key` here because it has a unique constraints
+applied to it. Hence, the attributes added to `cache_key` should result in
+a unique combination, so that no two entities could yield the same cache key.
+
+Adding this value allows you to use the following function on the DAO of that
+entity:
+
+```lua
+cache_key = kong.db.<dao>:cache_key(arg1, arg2, arg3, ...)
+```
+
+Where the arguments must be the attributes specified in your schema's
+`cache_key` property, in the order they were specified. This function then
+computes a string value `cache_key` that is ensured to be unique.
+
+For example, if we were to generate the cache_key of an API key:
+
+```lua
+local cache_key = kong.db.keyauth_credentials:cache_key("abcd")
+```
+
+This would produce a cache_key for the API key `"abcd"` (retrieved from one
+of the query's arguments) that we can the use to retrieve the key from the
+cache (or fetch from the database if the cache is a miss):
+
+```lua
+local key       = kong.request.get_query_arg("apikey")
+local cache_key = kong.db.keyauth_credentials:cache_key(key)
+
+local credential, err = kong.cache:get(cache_key, nil, load_entity_key, apikey)
+if err then
+  kong.log.err(err)
+  return kong.response.exit(500, { message = "Unexpected error" })
+end
+
+if not credential then
+  return kong.response.exit(401, { message = "Invalid authentication credentials" })
+end
+
+
+-- do something with the credential
+```
+
+If the `cache_key` is generated like so and specified in an entity's schema,
+cache invalidation will be an automatic process: every CRUD operation that
+affects this API key will be make Kong generate the affected `cache_key`, and
+broadcast it to all of the other nodes on the cluster so they can evict
+that particular value from their cache, and fetch the fresh value from the
+datastore on the next request.
+
+When a parent entity is receiving a CRUD operation (e.g. the Consumer owning
+this API key, as per our schema's `consumer_id` attribute), Kong performs the
+cache invalidation mechanism for both the parent and the child entity.
+
+**Note**: Be aware of the negative caching that Kong provides. In the above
+example, if there is no API key in the datastore for a given key, the cache
+module will store the miss just as if it was a hit. This means that a
+"Create" event (one that would create an API key with this given key) is also
+propagated by Kong so that all nodes that stored the miss can evict it, and
+properly fetch the newly created API key from the datastore.
+
+See the [Clustering Guide](/{{page.kong_version}}/clustering/) to ensure
+that you have properly configured your cluster for such invalidation events.
+
+### Manual cache invalidation
+
+In some cases, the `cache_key` property of an entity's schema is not flexible
+enough, and one must manually invalidate its cache. Reasons for this could be
+that the plugin is not defining a relationship with another entity via the
+traditional `foreign = "parent_entity:parent_attribute"` syntax, or because
+it is not using the `cache_key` method from its DAO, or even because it is
+somehow abusing the caching mechanism.
+
+In those cases, you can manually setup your own subscriber to the same
+invalidation channels Kong is listening to, and perform your own, custom
+invalidation work.
+
+To listen on invalidation channels inside of Kong, implement the following in
+your plugin's `init_worker` handler:
+
+```lua
+function MyCustomHandler:init_worker()
+  -- listen to all CRUD operations made on Consumers
+  kong.worker_events.register(function(data)
+
+  end, "crud", "consumers")
+
+  -- or, listen to a specific CRUD operation only
+  kong.worker_events.register(function(data)
+    kong.log.inspect(data.operation)  -- "update"
+    kong.log.inspect(data.old_entity) -- old entity table (only for "update")
+    kong.log.inspect(data.entity)     -- new entity table
+    kong.log.inspect(data.schema)     -- entity's schema
+  end, "crud", "consumers:update")
+end
+```
+
+Once the above listeners are in place for the desired entities, you can perform
+manual invalidations of any entity that your plugin has cached as you wish so.
+For instance:
+
+```lua
+kong.worker_events.register(function(data)
+  if data.operation == "delete" then
+    local cache_key = data.entity.id
+    kong.cache:invalidate("prefix:" .. cache_key)
+  end
+end, "crud", "consumers")
+```
+
+## Extending the Admin API
+
+As you are probably aware, the [Admin API] is where Kong users communicate with
+Kong to setup their APIs and plugins. It is likely that they also need to be
+able to interact with the custom entities you implemented for your plugin (for
+example, creating and deleting API keys). The way you would do this is by
+extending the Admin API, which we will detail in the next chapter:
+[Extending the Admin API]({{page.book.next}}).
+
+---
+
+Next: [Extending the Admin API &rsaquo;]({{page.book.next}})
+
+[Admin API]: /enterprise/{{page.kong_version}}/admin-api/
+[Plugin Development Kit]: /enterprise/{{page.kong_version}}/pdk
diff --git a/app/enterprise/0.35-x/plugin-development/file-structure.md b/app/enterprise/0.35-x/plugin-development/file-structure.md
new file mode 100644
index 000000000000..05ec899b09ab
--- /dev/null
+++ b/app/enterprise/0.35-x/plugin-development/file-structure.md
@@ -0,0 +1,124 @@
+---
+title: Plugin Development - File Structure
+book: plugin_dev
+chapter: 2
+---
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> This chapter assumes that you are familiar with
+  <a href="http://www.lua.org/">Lua</a>.
+</div>
+
+## Introduction
+
+Consider your plugin as a set of [Lua
+modules](http://www.lua.org/manual/5.1/manual.html#6.3). Each file described in
+this chapter is to be considered as a separate module. Kong will detect and
+load your plugin's modules if their names follow this convention:
+
+```
+kong.plugins.<plugin_name>.<module_name>
+```
+
+> Your modules of course need to be accessible through your
+> [package.path](http://www.lua.org/manual/5.1/manual.html#pdf-package.path)
+> variable, which can be tweaked to your needs via the
+> [lua_package_path](/{{page.kong_version}}/property-reference/#lua_package_path)
+> configuration property.
+> However, the preferred way of installing plugins is through
+> [LuaRocks](https://luarocks.org/), which Kong natively integrates with.
+> More on LuaRocks-installed plugins later in this guide.
+
+To make Kong aware that it has to look for your plugin's modules, you'll have
+to add it to the
+[plugins](/{{page.kong_version}}/property-reference/#plugins) property in
+your configuration file, which is a comma-separated list. For example:
+
+```yaml
+plugins = bundled,my-custom-plugin # your plugin name here
+```
+
+Or, if you don't want to load any of the bundled plugins:
+
+```yaml
+plugins = my-custom-plugin # your plugin name here
+```
+
+Now, Kong will try to load several Lua modules from the following namespace:
+
+```
+kong.plugins.my-custom-plugin.<module_name>
+```
+
+Some of these modules are mandatory (e.g. `handler.lua`), and some are
+optional, and will allow the plugin to implement some extra-functionalities
+(e.g. `api.lua` to extend the Admin API endpoints).
+
+Now let's describe exactly what are the modules you can implement and what
+their purpose is.
+
+---
+
+## Basic plugin modules
+
+In its purest form, a plugin consists of two mandatory modules:
+
+```
+simple-plugin
+├── handler.lua
+└── schema.lua
+```
+
+- **[handler.lua]**: the core of your plugin. It is an interface to implement, in
+  which each function will be run at the desired moment in the lifecycle of a
+  request / connection.
+- **[schema.lua]**: your plugin probably has to retain some configuration entered
+  by the user. This module holds the *schema* of that configuration and defines
+  rules on it, so that the user can only enter valid configuration values.
+
+---
+
+## Advanced plugin modules
+
+Some plugins might have to integrate deeper with Kong: have their own table in
+the database, expose endpoints in the Admin API, etc. Each of those can be
+done by adding a new module to your plugin. Here is what the structure of a
+plugin would look like if it was implementing all of the optional modules:
+
+```
+complete-plugin
+├── api.lua
+├── daos.lua
+├── handler.lua
+├── migrations
+│   ├── init.lua
+│   └── 000_base_complete_plugin.lua
+└── schema.lua
+```
+
+Here is the complete list of possible modules to implement and a brief
+description of what their purpose is. This guide will go in details to let you
+master each one of them.
+
+| Module name            | Required   | Description
+|:-----------------------|------------|------------
+| **[api.lua]**          | No         | Defines a list of endpoints to be available in the Admin API to interact with the custom entities handled by your plugin.
+| **[daos.lua]**         | No         | Defines a list of DAOs (Database Access Objects) that are abstractions of custom entities needed by your plugin and stored in the datastore.
+| **[handler.lua]**      | Yes        | An interface to implement. Each function is to be run by Kong at the desired moment in the lifecycle of a request / connection.
+| **[migrations/*.lua]** | No         | The database migrations (e.g. creation of tables). Migrations are only necessary when your plugin has to store custom entities in the database and interact with them through one of the DAOs defined by [daos.lua].
+| **[schema.lua]**       | Yes        | Holds the schema of your plugin's configuration, so that the user can only enter valid configuration values.
+
+The [Key-Auth plugin] is an example of plugin with this file structure.
+See [its source code] for more details.
+
+---
+
+Next: [Write custom logic &rsaquo;]({{page.book.next}})
+
+[api.lua]: {{page.book.chapters.admin-api}}
+[daos.lua]: {{page.book.chapters.custom-entities}}
+[handler.lua]: {{page.book.chapters.custom-logic}}
+[schema.lua]: {{page.book.chapters.plugin-configuration}}
+[migrations/*.lua]: {{page.book.chapters.custom-entities}}
+[Key-Auth plugin]: /hub/kong-inc/key-auth/
+[its source code]: https://github.com/Kong/kong/tree/master/kong/plugins/key-auth
diff --git a/app/enterprise/0.35-x/plugin-development/index.md b/app/enterprise/0.35-x/plugin-development/index.md
new file mode 100644
index 000000000000..2dfd5555482b
--- /dev/null
+++ b/app/enterprise/0.35-x/plugin-development/index.md
@@ -0,0 +1,37 @@
+---
+title: Plugin Development - Introduction
+book: plugin_dev
+chapter: 1
+---
+
+# What are plugins and how do they integrate with Kong?
+
+Before going further, it is necessary to briefly explain how Kong is built,
+especially how it integrates with Nginx and what Lua has to do with it.
+
+[lua-nginx-module] enables Lua scripting capabilities in Nginx. Instead of
+compiling Nginx with this module, Kong is distributed along with
+[OpenResty](https://openresty.org/), which already includes lua-nginx-module.
+OpenResty is *not* a fork of Nginx, but a bundle of modules extending its
+capabilities.
+
+Hence, Kong is a Lua application designed to load and execute Lua modules
+(which we more commonly refer to as "*plugins*") and provides an entire
+development environment for them, including an SDK, database abstractions,
+migrations, and more.
+
+Plugins consist of Lua modules interacting with the request/response objects or
+streams via the **Plugin Development Kit** (or "PDK") to implement arbitrary logic.
+The PDK is a set of Lua functions that a plugin can use to facilitate interactions
+between plugins and the core (or other components) of Kong.
+
+This guide will explore in detail the structure of plugins, what they can
+extend, and how to distribute and install them. For a complete reference of the
+PDK, see the [Plugin Development Kit] reference.
+
+---
+
+Next: [File structure of a plugin &rsaquo;]({{page.book.next}})
+
+[lua-nginx-module]: https://github.com/openresty/lua-nginx-module
+[Plugin Development Kit]: /enterprise/{{page.kong_version}}/pdk
diff --git a/app/enterprise/0.35-x/plugin-development/plugin-configuration.md b/app/enterprise/0.35-x/plugin-development/plugin-configuration.md
new file mode 100644
index 000000000000..22ea06965947
--- /dev/null
+++ b/app/enterprise/0.35-x/plugin-development/plugin-configuration.md
@@ -0,0 +1,420 @@
+---
+title: Plugin Development - Plugin Configuration
+book: plugin_dev
+chapter: 4
+---
+
+## Introduction
+
+Most of the time, it makes sense for your plugin to be configurable to answer
+all of your users' needs. Your plugin's configuration is stored in the
+datastore for Kong to retrieve it and pass it to your
+[handler.lua]({{page.book.chapters.custom-logic}}) methods when the plugin is
+being executed.
+
+The configuration consists of a Lua table in Kong that we call a **schema**. It
+contains key/value properties that the user will set when enabling the plugin
+through the [Admin API]. Kong provides you with a way of validating the user's
+configuration for your plugin.
+
+Your plugin's configuration is being verified against your schema when a user
+issues a request to the [Admin API] to enable or update a plugin on a given
+Service, Route and/or Consumer.
+
+For example, a user performs the following request:
+
+```bash
+$ curl -X POST http://kong:8001/services/<service-name-or-id>/plugins \
+    -d "name=my-custom-plugin" \
+    -d "config.foo=bar"
+```
+
+If all properties of the `config` object are valid according to your schema,
+then the API would return `201 Created` and the plugin would be stored in the
+database along with its configuration:
+```lua
+{
+  foo = "bar"
+}
+ ```
+ 
+If the configuration is not valid, the Admin API would return `400 Bad Request`
+and the appropriate error messages.
+
+## Module
+
+```
+kong.plugins.<plugin_name>.schema
+```
+
+## schema.lua specifications
+
+This module is to return a Lua table with properties that will define how your
+plugins can later be configured by users. Available properties are:
+
+| Property name   | Lua type   | Description
+|-----------------|------------|------------
+| `name`          | `string`   | Name of the plugin, e.g. `key-auth`.
+| `fields`        | `table`    | Array of field definitions.
+| `entity_checks` | `function` | Array of conditional entity level validation checks.
+
+
+All the plugins inherit some default fields which are:
+
+| Field name      | Lua type   | Description
+|-----------------|------------|------------
+| `id`            | `string`   | Auto-generated plugin id.
+| `name`          | `string`   | Name of the plugin, e.g. `key-auth`.
+| `created_at`    | `number`   | Creation time of the plugin configuration (seconds from epoch).
+| `route`         | `table`    | Route to which plugin is bound, if any.
+| `service`       | `table`    | Service to which plugin is bound, if any.
+| `consumer`      | `table`    | Consumer to which plugin is bound when possible, if any.
+| `run_on`        | `string`   | Determines on which node the plugin should run on service mesh.
+| `protocols`     | `table`    | The plugin will run on specified protocol(s).
+| `enabled`       | `boolean`  | Whether or not the plugin is enabled.
+| `tags`          | `table`    | The tags for the plugin.
+
+In most of the cases you can ignore most of those and use the defaults. Or let the user
+specify value when enabling a plugin.
+
+Here is an example of a potential `schema.lua` file (with some overrides applied):
+
+```lua
+local typedefs = require "kong.db.schema.typedefs"
+
+
+return {
+  name = "<plugin-name>",
+  fields = {
+    {
+      -- this plugin will only be applied to Services or Routes
+      consumer = typedefs.no_consumer
+    },
+    {
+      -- this plugin will only be executed on the first Kong node
+      -- if a request comes from a service mesh (when acting as
+      -- a non-service mesh gateway, the nodes are always considered
+      -- to be "first".
+      run_on = typedefs.run_on_first
+    },
+    {
+      -- this plugin will only run within Nginx HTTP module
+      protocols = typedefs.protocols_http
+    },
+    {
+      config = {
+        type = "record",
+        fields = {
+          -- Describe your plugin's configuration's schema here.        
+        },
+      },
+    },
+  },
+  entity_checks = {
+    -- Describe your plugin's entity validation rules
+  },
+}
+```
+
+## Describing your configuration schema
+
+The `config.fields` property of your `schema.lua` file describes the schema of your
+plugin's configuration. It is a flexible array of field definitions where each field
+is a valid configuration property for your plugin, describing the rules for that
+property. For example:
+
+```lua
+{
+  name = "<plugin-name>",
+  fields = {
+    config = {
+      type = "record",
+      fields = {
+        {
+          some_string = {
+            type = "string",
+            required = false,
+          },
+        },
+        {
+          some_boolean = {
+            type = "boolean",
+            default = false,
+          },
+        },
+        {
+          some_array = {
+            type = "array",
+            elements = {
+              type = "string",
+              one_of = {
+                "GET",
+                "POST",
+                "PUT",
+                "DELETE",
+              },
+            },
+          },
+        },
+      },
+    },
+  },
+}
+```
+
+Here is the list of some common (not all) accepted rules for a property (see the fields table above for examples):
+
+| Rule               | Description
+|--------------------|----------------------------
+| `type`             | The type of a property.
+| `required`         | Whether or not the property is required 
+| `default`          | The default value for the property when not specified
+| `elements`         | Field definition of `array` or `set` elements.
+| `keys`             | Field definition of `map` keys.
+| `values`           | Field definition of `map` values.
+| `fields`           | Field definition(s) of `record` fields.
+
+There are many more, but the above are commonly used.
+
+You can also add field validators, to mention a few:
+
+| Rule               | Description
+|--------------------|----------------------------
+| `between`          | Checks that the input number is between allowed values.
+| `eq`               | Checks the equality of the input to allowed value.
+| `ne`               | Checks the inequality of the input to allowed value.
+| `gt`               | Checks that the number is greater than given value. 
+| `len_eq`           | Checks that the input string length is equal to the given value. 
+| `len_min`          | Checks that the input string length is at least the given value.
+| `len_max`          | Checks that the input string length is at most the given value.
+| `match`            | Checks that the input string matches the given Lua pattern.
+| `not_match`        | Checks that the input string doesn't match the given Lua pattern.
+| `match_all`        | Checks that the input string matches all the given Lua patterns.
+| `match_none`       | Checks that the input string doesn't match any of the given Lua patterns.
+| `match_any`        | Checks that the input string matches any of the given Lua patterns.
+| `starts_with`      | Checks that the input string starts with a given value.
+| `one_of`           | Checks that the input string is one of the accepted values.
+| `contains`         | Checks that the input array contains the given value.
+| `is_regex`         | Checks that the input string is a valid regex pattern.  
+| `custom_validator` | A custom validation function written in Lua.
+
+There are some additional validators, but you get a good idea how you can specify validation
+rules on fields from the above table.
+
+---
+
+### Examples
+
+This `schema.lua` file is for the [key-auth](/hub/kong-inc/key-auth/) plugin:
+
+```lua
+-- schema.lua
+local typedefs = require "kong.db.schema.typedefs"
+
+
+return {
+  name = "key-auth",
+  fields = {
+    {
+      consumer = typedefs.no_consumer
+    },
+    {
+      run_on = typedefs.run_on_first
+    },
+    {
+      protocols = typedefs.protocols_http
+    },
+    {
+      config = {
+        type = "record",
+        fields = {
+          {
+            key_names = {
+              type = "array",
+              required = true,
+              elements = typedefs.header_name,
+              default = {
+                "apikey",
+              },
+            },
+          },
+          {
+            hide_credentials = {
+              type = "boolean",
+              default = false,
+            },
+          },
+          {
+            anonymous = {
+              type = "string",
+              uuid = true,
+              legacy = true,
+            },
+          },
+          {
+            key_in_body = {
+              type = "boolean",
+              default = false,
+            },
+          },
+          {
+            run_on_preflight = {
+              type = "boolean",
+              default = true,
+            },
+          },
+        },
+      },
+    },
+  },
+}
+```
+
+Hence, when implementing the `access()` function of your plugin in
+[handler.lua]({{page.book.chapters.custom-logic}}) and given that the user
+enabled the plugin with the default values, you'd have access to:
+
+```lua
+-- handler.lua
+local BasePlugin = require "kong.plugins.base_plugin"
+
+
+local kong = kong
+
+
+local CustomHandler = BasePlugin:extend()
+
+
+CustomHandler.VERSION  = "1.0.0"
+CustomHandler.PRIORITY = 10
+
+
+function CustomHandler:new()
+  CustomHandler.super.new(self, "my-custom-plugin")
+end
+
+
+function CustomHandler:access(config)
+  CustomHandler.super.access(self)
+
+  kong.log.inspect(config.key_names)        -- { "apikey" }
+  kong.log.inspect(config.hide_credentials) -- false
+end
+
+
+return CustomHandler
+```
+
+Note that the above example uses the
+[kong.log.inspect](http://localhost:3000/docs/0.14.x/pdk/kong.log/#kong_log_inspect)
+function of the [Plugin Development Kit] to print out those values to the Kong
+logs.
+
+---
+
+A more complex example, which could be used for an eventual logging plugin:
+
+```lua
+-- schema.lua
+local typedefs = require "kong.db.schema.typedefs"
+
+
+return {
+  name = "my-custom-plugin",
+  fields = {
+    {
+      config = {
+        type = "record",
+        fields = {
+          {
+            environment = {
+              type = "string",
+              required = true,
+              one_of = {
+                "production",
+                "development",
+              },
+            },
+          },
+          {
+            server = {
+              type = "record",
+              fields = {
+                {
+                  host = typedefs.host {
+                    default = "example.com",
+                  },
+                },
+                {
+                  port = {
+                    type = "number",
+                    default = 80,
+                    between = {
+                      0,
+                      65534
+                    },
+                  },
+                },  
+              },
+            },
+          },
+        },
+      },
+    },
+  },
+}
+```
+
+Such a configuration will allow a user to post the configuration to your plugin
+as follows:
+
+```bash
+$ curl -X POST http://kong:8001/services/<service-name-or-id>/plugins \
+    -d "name=my-custom-plugin" \
+    -d "config.environment=development" \
+    -d "config.server.host=http://localhost"
+```
+
+And the following will be available in
+[handler.lua]({{page.book.chapters.custom-logic}}):
+
+```lua
+-- handler.lua
+local BasePlugin = require "kong.plugins.base_plugin"
+
+
+local kong = kong
+
+
+local CustomHandler = BasePlugin:extend()
+
+
+CustomHandler.VERSION  = "1.0.0"
+CustomHandler.PRIORITY = 10
+
+
+function CustomHandler:new()
+  CustomHandler.super.new(self, "my-custom-plugin")
+end
+
+function CustomHandler:access(config)
+  CustomHandler.super.access(self)
+
+  kong.log.inspect(config.environment) -- "development"
+  kong.log.inspect(config.server.host) -- "http://localhost"
+  kong.log.inspect(config.server.port) -- 80
+end
+
+
+return CustomHandler
+```
+
+You can also see a real-world example of schema in [the Key-Auth plugin source code].
+
+---
+
+Next: [Accessing the Datastore &rsaquo;]({{page.book.next}})
+
+[Admin API]: /enterprise/{{page.kong_version}}/admin-api
+[Plugin Development Kit]: /enterprise/{{page.kong_version}}/pdk
+[the Key-Auth plugin source code]: https://github.com/Kong/kong/blob/master/kong/plugins/key-auth/schema.lua
diff --git a/app/enterprise/0.35-x/plugin-development/tests.md b/app/enterprise/0.35-x/plugin-development/tests.md
new file mode 100644
index 000000000000..398b641d6150
--- /dev/null
+++ b/app/enterprise/0.35-x/plugin-development/tests.md
@@ -0,0 +1,108 @@
+---
+title: Plugin Development - Writing tests
+book: plugin_dev
+chapter: 9
+toc: false
+---
+
+## Introduction
+
+If you are serious about your plugins, you probably want to write tests for it.
+Unit testing Lua is easy, and [many testing
+frameworks](http://lua-users.org/wiki/UnitTesting) are available. However, you
+might also want to write integration tests. Again, Kong has your back.
+
+## Write integration tests
+
+The preferred testing framework for Kong is
+[busted](http://olivinelabs.com/busted/) running with the
+[resty-cli](https://github.com/openresty/resty-cli) interpreter, though you are
+free to use another one if you wish. In the Kong repository, the busted
+executable can be found at `bin/busted`.
+
+Kong provides you with a helper to start and stop it from Lua in your test
+suite: `spec.helpers`. This helper also provides you with ways to insert
+fixtures in your datastore before running your tests, as well as dropping it,
+and various other helpers.
+
+If you are writing your plugin in your own repository, you will need to copy
+the following files until the Kong testing framework is released:
+
+- `bin/busted`: the busted executable running with the resty-cli interpreter
+- `spec/helpers.lua`: helper functions to start/stop Kong from busted
+- `spec/kong_tests.conf`: a configuration file for your running your test Kong instances with the helpers module
+
+Assuming that the `spec.helpers` module is available in your `LUA_PATH`, you
+can use the following Lua code in busted to start and stop Kong:
+
+```lua
+local helpers = require "spec.helpers"
+
+for _, strategy in helpers.each_strategy() do
+  describe("my plugin", function()
+
+    local bp = helpers.get_db_utils(strategy)
+
+    setup(function()
+      local service = bp.services:insert {
+        name = "test-service",
+        host = "httpbin.org"
+      }
+
+      bp.routes:insert({
+        hosts = { "test.com" },
+        service = { id = service.id }
+      })
+
+      -- start Kong with your testing Kong configuration (defined in "spec.helpers")
+      assert(helpers.start_kong( { plugins = "bundled,my-plugin" }))
+
+      admin_client = helpers.admin_client()
+    end)
+
+    teardown(function()
+      if admin_client then
+        admin_client:close()
+      end
+
+      helpers.stop_kong()
+    end)
+
+    before_each(function()
+      proxy_client = helpers.proxy_client()
+    end)
+
+    after_each(function()
+      if proxy_client then
+        proxy_client:close()
+      end
+    end)
+
+    describe("thing", function()
+      it("should do thing", function()
+        -- send requests through Kong
+        local res = proxy_client:get("/get", {
+          headers = {
+            ["Host"] = "test.com"
+          }
+        })
+
+        local body = assert.res_status(200, res)
+
+        -- body is a string containing the response
+      end)
+    end)
+  end)
+end
+```
+
+> Reminder: With the test Kong configuration file, Kong is running with
+its proxy listening on port 9000 (HTTP), 9443 (HTTPS)
+and Admin API on port 9001.
+
+If you want to see a real-world example, give a look at the
+[Key-Auth plugin specs](https://github.com/Kong/kong/tree/master/spec/03-plugins/10-key-auth)
+
+---
+
+Next: [Distribute your plugin &rsaquo;]({{page.book.next}})
diff --git a/app/enterprise/0.35-x/plugins/index.md b/app/enterprise/0.35-x/plugins/index.md
new file mode 100644
index 000000000000..6284586b59df
--- /dev/null
+++ b/app/enterprise/0.35-x/plugins/index.md
@@ -0,0 +1,3 @@
+---
+redirect_to: /hub
+---
\ No newline at end of file
diff --git a/app/enterprise/0.35-x/plugins/oidc-azuread.md b/app/enterprise/0.35-x/plugins/oidc-azuread.md
new file mode 100644
index 000000000000..9c294e413385
--- /dev/null
+++ b/app/enterprise/0.35-x/plugins/oidc-azuread.md
@@ -0,0 +1,88 @@
+---
+title: OpenID Connect with Azure AD
+---
+## Introduction
+
+This guide covers an example OpenID Connect plugin configuration to authenticate browser clients using an Azure AD identity provider.
+
+## Prerequisites
+
+Because OpenID Connect deals with user credentials, all transactions should take place over HTTPS. Although user passwords for third party identity providers are only submitted to those providers and not Kong, authentication tokens do grant access to a subset of user account data and protected APIs, and should be secured. As such, you should make Kong's proxy available via a fully-qualified domain name and [add a certificate][add-certificate] for it.
+
+## Kong Configuration
+
+If you have not yet [added a **Route** and a **Service**][add-service], go ahead and do so. Again, note that you should be able to secure this route with HTTPS, so use a hostname you have a certificate for. Add a location handled by your route as an authorized redirect URI in Azure (under the **Authentication** section of your app registration).
+
+## Azure AD IDP Configuration
+
+You must [register an app][azure-create-app] in your Azure AD configuration and [add a client secret credential][azure-client-secret] that Kong will use to access it. You must also configure a redirect URI that is handled by your Route.
+
+Azure AD provides two interfaces for its OAuth2/OIDC-related endpoints, v1.0 and v2.0. Support for some legacy v1.0 behavior is still available on v2.0, including use of v1.0 tokens by default, which is not compatible with Kong's OIDC implementation. To force Azure AD to use v2.0 tokens, [edit your application manifest][azure-manifest] and set `accessTokenAcceptedVersion` to `2` and include a `YOUR_CLIENT_ID/.default` scope in your plugin configuration as shown below.
+
+## Plugin Configuration
+
+Add a plugin with the configuration below to your route using an HTTP client or [Kong Manager][enable-plugin].
+
+```bash
+$ curl -i -X POST https://admin.kong.example/routes/ROUTE_ID/plugins --data name="openid-connect" \
+  --data config.issuer="https://login.microsoftonline.com/YOUR_DIRECTORY_ID/v2.0/.well-known/openid-configuration" \
+  --data config.client_id="YOUR_CLIENT_ID" \
+  --data config.client_secret="YOUR_CLIENT_SECRET" \
+  --data config.redirect_uri="https://example.com/api" \
+  --data config.scopes="openid" \
+  --data config.scopes="email" \
+  --data config.scopes="profile" \
+  --data config.scopes="YOUR_CLIENT_ID/.default" \
+  --data config.verify_parameters="false" 
+```
+
+Several pieces of configuration above must use values specific to your environment:
+
+* The `issuer` URL can be retrieved by pressing the **Endpoints** button on your app registration's **Overview** page.
+* `redirect_uri` should be the URI you specified earlier when configuring your app. You can add one via the **Authentication** section of the app settings if you did not add one initially.
+* For `client_id` and `scopes` replace `YOUR_CLIENT_ID` with the client ID shown on the app **Overview** page.
+* For `client_secret` replace `YOUR_CLIENT_SECRET` with the URL-encoded representation of the secret you created earlier in the **Certificates & secrets** section. Azure AD secrets often include reserved URL characters, which cURL may handle incorrectly if they are not URL-encoded.
+
+Visiting a URL matched by that route in a browser will now redirect to Microsoft's authentication site and return you to the redirect URI after authenticating.
+
+### Access Restrictions
+
+The configuration above allows users to authenticate and access the Route even though no consumer was created for them: any user with a valid account in the directory will have access to the Route. The OIDC plugin allows this as the simplest authentication option, but you may wish to restrict access further. There are several options for this:
+
+#### Domain Restrictions
+
+Azure AD does not provide identity tokens with the `hd` claim, and as such the OIDC plugin's `domains` configuration cannot restrict users based on their domain. Using a [single-tenant][azure-tenant] application will restrict access to users in your directory only. Multi-tenant apps allow users with Microsoft accounts from other directories and optionally any Microsoft account (e.g. live.com or Xbox accounts) to sign in.
+
+#### Consumer Mapping
+
+If you need to interact with other Kong plugins using consumer information, you can add configuration that maps account data received from the identity provider to a Kong consumer. For this example, the user's Azure AD account GUID is mapped to a consumer by setting it as the `custom_id` on their consumer, e.g.
+
+```bash
+$ curl -i -X POST http://admin.kong.example/consumers/ \
+  --data username="Yoda" \
+  --data custom_id="e5634b31-d67f-4661-a6fb-b6cb77849bcf"
+
+$ curl -i -X PATCH http://admin.kong.example/plugins/OIDC_PLUGIN_ID \
+  --data config.consumer_by="custom_id" \
+  --data config.consumer_claim="oid"
+```
+
+Now, if a user logs into an Azure AD account with the GUID `e5634b31-d67f-4661-a6fb-b6cb77849bcf`, Kong will apply configuration associated with the consumer `Yoda` to their requests. 
+
+This also requires that clients login using an account mapped to some consumer, which may not be desirable (e.g. you apply OpenID Connect to a service, but only use plugins requiring a consumer on some routes). To deal with this, you can set the `anonymous` parameter in your OIDC plugin configuration to the ID of a generic consumer, which will then be used for all authenticated users that cannot be mapped to some other consumer. You can alternately set `consumer_optional` to `true` to allow similar logins without mapping an anonymous consumer.
+
+#### Pseudo-consumers
+
+For plugins that typically require consumers, the OIDC plugin can provide a consumer ID based on the value of a claim without mapping to an actual consumer. Setting `credential_claim` to a claim [in your plugin configuration][credential-claim] will extract the value of that claim and use it where Kong would normally use a consumer ID. Note that this may not work with all consumer-related functionality.
+
+Similarly, setting `authenticated_groups_claim` will extract that claim's value and use it as a group for the ACL plugin.
+
+[azure-client-secret]: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application
+[azure-create-app]: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
+[azure-manifest]: https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest#configure-the-app-manifest
+[azure-tenants]: https://docs.microsoft.com/en-us/azure/active-directory/develop/single-and-multi-tenant-apps
+[add-certificate]: /1.0.x/admin-api/#add-certificate
+[add-service]: /enterprise/{{page.kong_version}}/getting-started/add-service
+[oidc-id-token]: http://openid.net/specs/openid-connect-core-1_0.html#IDToken
+[credential-claim]: https://docs.konghq.com/hub/kong-inc/openid-connect/#configcredential_claim
+[enable-plugin]: /enterprise/{{page.kong_version}}/getting-started/enable-plugin/
diff --git a/app/enterprise/0.35-x/plugins/oidc-google.md b/app/enterprise/0.35-x/plugins/oidc-google.md
index a90b3d3cb40d..665a77a3b55e 100644
--- a/app/enterprise/0.35-x/plugins/oidc-google.md
+++ b/app/enterprise/0.35-x/plugins/oidc-google.md
@@ -58,7 +58,7 @@ standardized][oidc-standard-claims], however--if a provider returns an `email` c
 This also requires that clients login using an account mapped to some consumer, which may not be desirable (e.g. you apply OpenID Connect to a service, but only use plugins requiring a consumer on some routes). To deal with this, you can set the `anonymous` parameter in your OIDC plugin configuration to the ID of a generic consumer, which will then be used for all authenticated users that cannot be mapped to some other consumer.
 
 
-[add-certificate]: /1.0.x/admin-api/#add-certificate
+[add-certificate]: /enterprise/{{page.kong_version}}/admin-api/#add-certificate
 [google-oidc]: https://developers.google.com/identity/protocols/OpenIDConnect
 [google-create-credentials]: https://console.developers.google.com/apis/credentials
 [add-service]: /enterprise/{{page.kong_version}}/getting-started/add-service
diff --git a/app/enterprise/0.35-x/plugins/oidc-okta.md b/app/enterprise/0.35-x/plugins/oidc-okta.md
new file mode 100644
index 000000000000..80c59b14b149
--- /dev/null
+++ b/app/enterprise/0.35-x/plugins/oidc-okta.md
@@ -0,0 +1,108 @@
+---
+title: OpenID Connect with Okta
+---
+## Introduction
+
+This guide covers an example OpenID Connect plugin configuration to authenticate browser clients using an Okta identity provider.
+
+## Prerequisites
+
+Because OpenID Connect deals with user credentials, all transactions should take place over HTTPS. Although user passwords for third party identity providers are only submitted to those providers and not Kong, authentication tokens grant access to a subset of user account data and protected APIs, and should be secured. As such, you should make Kong's proxy available via a fully-qualified domain name and [add a certificate][add-certificate] for it.
+
+## Kong Configuration
+
+If you have not yet [added a **Route** and a **Service**][add-service], go ahead and do so. Again, note that you should be able to secure this route with HTTPS, so use a hostname you have a certificate for. Add a location handled by your route as an authorized redirect URI in Okta (under the **Authentication** section of your app registration).
+
+## Okta IDP Configuration
+
+### Sample Okta Configuration Steps 
+
+1. [Register an Application][okta-register-app]. Select the **Applications** page, click **Add Application**.
+
+    <img src="https://doc-assets.konghq.com/0.35/plugins/oidc-okta/01-add-application.png">
+
+2. Select **Web** as the platform.
+
+    <img src="https://doc-assets.konghq.com/0.35/plugins/oidc-okta/02-web-app.png">
+
+3. Fill out the Application's Settings
+
+    **Login re-direct URIs** is a URI that corresponds to a Route you have configured in Kong that will use Okta to authenticate. **Group Assignment** defines who is allowed to use this application. **Grant Type Allowed** indicates the Grant types to allow for your application.
+
+    <img src="https://doc-assets.konghq.com/0.35/plugins/oidc-okta/03-app-settings.png">
+
+4. After submitting the Application configuration, the client credentials will display on the **General** page.
+
+    <img src="https://doc-assets.konghq.com/0.35/plugins/oidc-okta/04-client-id-secret.png">
+
+5. [Define and configure an Authorization server][okta-authorization-server]. Select the **API** page and add an Authorization Server if you don't have an existing one.
+
+    <img src="https://doc-assets.konghq.com/0.35/plugins/oidc-okta/05-auth-server.png">
+
+    <img src="https://doc-assets.konghq.com/0.35/plugins/oidc-okta/06-name-auth.png">
+
+6. Click **Save** and view your Authorization Server Settings.
+
+    <img src="https://doc-assets.konghq.com/0.35/plugins/oidc-okta/07-auth-server-settings.png">
+
+## Plugin Configuration
+
+Add a plugin with the configuration below to your route using an HTTP client or [Kong Manager][enable-plugin].
+
+```bash
+$ curl -i -X POST https://admin.kong.example/routes/ROUTE_ID/plugins --data name="openid-connect" \
+  --data config.issuer="https://YOUR_OKTA_DOMAIN/oauth2/YOUR_AUTH_SERVER/.well-known/openid-configuration" \
+  --data config.client_id="YOUR_CLIENT_ID" \
+  --data config.client_secret="YOUR_CLIENT_SECRET" \
+  --data config.redirect_uri="https://kong.com/api" \
+  --data config.scopes="openid" \
+  --data config.scopes="email" \
+  --data config.scopes="profile"
+```
+
+Several pieces of configuration above must use values specific to your environment:
+
+* The `issuer` URL can be found from your Authorization Server settings.
+* `redirect_uri` should be the URI you specified earlier when configuring your app. You can view and edit this from the **General** page for your application.
+* For `client_id` and `client_secret` replace `YOUR_CLIENT_ID` and `YOUR_CLIENT_SECRET` with the client ID and secret shown in your Okta application's **General** page.
+
+Visiting a URL matched by that route in a browser will now redirect to Okta's authentication site and return you to the redirect URI after authenticating.
+
+Additional plugin parameter to consider:
+
+* The `auth_methods` parameter defines a lists of all the authentication methods that you want the plugin to accept. By default value is a list of all the supported methods. It is advisable to define this parameter with only the methods you wish to allow.
+
+### Access Restrictions
+
+The configuration above allows users to authenticate and access the Route even though no consumer was created for them: any user with a valid account in the directory will have access to the Route. The OIDC plugin allows this as the simplest authentication option, but you may wish to restrict access further. There are several options for this:
+
+#### Consumer Mapping
+
+If you need to interact with other Kong plugins using consumer information, you can add configuration that maps account data received from the identity provider to a Kong consumer. For this example, the user's Okta's AD account GUID is mapped to a consumer by setting it as the `custom_id` on their consumer, e.g.
+
+```bash
+$ curl -i -X POST http://admin.kong.example/consumers/ \
+  --data username="Yoda" \
+  --data custom_id="e5634b31-d67f-4661-a6fb-b6cb77849bcf"
+
+$ curl -i -X PATCH http://admin.kong.example/plugins/OIDC_PLUGIN_ID \
+  --data config.consumer_by="custom_id" \
+  --data config.consumer_claim="sub"
+```
+
+Now, if a user logs into an Okta account with the GUID `e5634b31-d67f-4661-a6fb-b6cb77849bcf`, Kong will apply configuration associated with the consumer `Yoda` to their requests. 
+
+This also requires that clients login using an account mapped to some consumer, which may not be desirable (e.g. you apply OpenID Connect to a service, but only use plugins requiring a consumer on some routes). To deal with this, you can set the `anonymous` parameter in your OIDC plugin configuration to the ID of a generic consumer, which will then be used for all authenticated users that cannot be mapped to some other consumer. You can alternately set `consumer_optional` to `true` to allow similar logins without mapping an anonymous consumer.
+
+#### Pseudo-consumers
+
+For plugins that typically require consumers, the OIDC plugin can provide a consumer ID based on the value of a claim without mapping to an actual consumer. Setting `credential_claim` to a claim [in your plugin configuration][credential-claim] will extract the value of that claim and use it where Kong would normally use a consumer ID. Note that this may not work with all consumer-related functionality.
+
+Similarly, setting `authenticated_groups_claim` will extract that claim's value and use it as a group for the ACL plugin.
+
+[okta-authorization-server]: https://developer.okta.com/docs/guides/customize-authz-server/create-authz-server/
+[okta-register-app]: https://developer.okta.com/docs/guides/add-an-external-idp/openidconnect/register-app-in-okta/
+[add-certificate]: /1.0.x/admin-api/#add-certificate
+[add-service]: /enterprise/{{page.kong_version}}/getting-started/add-service
+[credential-claim]: https://docs.konghq.com/hub/kong-inc/openid-connect/#configcredential_claim
+[enable-plugin]: /enterprise/{{page.kong_version}}/getting-started/enable-plugin/
diff --git a/app/enterprise/0.35-x/plugins/statsd.rules.yaml b/app/enterprise/0.35-x/plugins/statsd.rules.yaml
index d59063017be1..d5bdcc664e26 100644
--- a/app/enterprise/0.35-x/plugins/statsd.rules.yaml
+++ b/app/enterprise/0.35-x/plugins/statsd.rules.yaml
@@ -1,40 +1,4 @@
 mappings:
-# by API
-- match: kong.api.*.request.count
-  name: "kong_requests_proxy"
-  labels:
-    job: "kong_metrics"
-
-- match: kong.api.*.status.*
-  name: "kong_status_code"
-  action: drop
-
-- match: kong.api.*.kong_latency
-  name: "kong_latency_proxy_request"
-  timer_type: histogram
-  buckets: [1]
-  min_max: true
-  labels:
-    job: "kong_metrics"
-
-- match: kong.api.*.upstream_latency
-  name: "kong_latency_upstream"
-  timer_type: histogram
-  buckets: [1]
-  min_max: true
-  labels:
-    job: "kong_metrics"
-
-- match: kong.api.*.cache_datastore_hits_total
-  name: "kong_cache_datastore_hits_total"
-  labels:
-    job: "kong_metrics"
-
-- match: kong.api.*.cache_datastore_misses_total
-  name: "kong_cache_datastore_misses_total"
-  labels:
-    job: "kong_metrics"
-
 # by Service
 - match: kong.service.*.request.count
   name: "kong_requests_proxy"
diff --git a/app/enterprise/0.35-x/property-reference.md b/app/enterprise/0.35-x/property-reference.md
index 40e1d0b75c7e..8e616b9dbd59 100644
--- a/app/enterprise/0.35-x/property-reference.md
+++ b/app/enterprise/0.35-x/property-reference.md
@@ -5,7 +5,8 @@ toc: false
 
 ## Table of Contents
 
-* [General](#general)
+* [Configuration Loading](#configuration-loading)
+* [General Properties](#general-properties)
 * [NGINX](#nginx)
 * [Datastore](#datastore)
 * [Datastore Cache](#datastore-cache)
@@ -21,8 +22,84 @@ toc: false
 * [Data & Admin Audit](#data-&-admin-audit)
 * [Granular Tracing](#granular-tracing)
 
-## General
+## Configuration Loading
 
+Kong comes with a default configuration file that can be found at
+`/etc/kong/kong.conf.default` if you installed Kong via one of the official
+packages. To start configuring Kong, you can copy this file:
+
+```bash
+$ cp /etc/kong/kong.conf.default /etc/kong/kong.conf
+```
+
+Kong will operate with default settings should all the values in your
+configuration be commented out. Upon starting, Kong looks for several
+default locations that might contain a configuration file:
+
+```
+/etc/kong/kong.conf
+/etc/kong.conf
+```
+
+You can override this behavior by specifying a custom path for your
+configuration file using the `-c / --conf` argument in the CLI:
+
+```bash
+$ kong start --conf /path/to/kong.conf
+```
+
+The configuration format is straightforward: simply uncomment any property
+(comments are defined by the `#` character) and modify it to your needs.
+Boolean values can be specified as `on`/`off` or `true`/`false` for convenience.
+
+### Verifying Configuration
+
+You can verify the integrity of your settings with the `check` command:
+
+```bash
+$ kong check <path/to/kong.conf>
+configuration at <path/to/kong.conf> is valid
+```
+
+This command will take into account the environment variables you have
+currently set, and will error out in case your settings are invalid.
+
+Additionally, you can also use the CLI in debug mode to have more insight
+as to what properties Kong is being started with:
+
+```bash
+$ kong start -c <kong.conf> --vv
+2016/08/11 14:53:36 [verbose] no config file found at /etc/kong.conf
+2016/08/11 14:53:36 [verbose] no config file found at /etc/kong/kong.conf
+2016/08/11 14:53:36 [debug] admin_listen = "0.0.0.0:8001"
+2016/08/11 14:53:36 [debug] database = "postgres"
+2016/08/11 14:53:36 [debug] log_level = "notice"
+[...]
+```
+
+### Environment Variables
+
+When loading properties out of a configuration file, Kong will also look for
+environment variables of the same name. This allows you to fully configure Kong
+via environment variables, which is very convenient for container-based
+infrastructures, for example.
+
+To override a setting using an environment variable, declare an environment
+variable with the name of the setting, prefixed with `KONG_` and capitalized.
+
+For example:
+
+```
+log_level = debug # in kong.conf
+```
+
+can be overridden with:
+
+```bash
+$ export KONG_LOG_LEVEL=error
+```
+
+## General Properties
 
 ### prefix
 
diff --git a/app/enterprise/0.35-x/proxy.md b/app/enterprise/0.35-x/proxy.md
new file mode 100644
index 000000000000..f03bd779981f
--- /dev/null
+++ b/app/enterprise/0.35-x/proxy.md
@@ -0,0 +1,1116 @@
+---
+title: Proxy Reference
+---
+
+## Introduction
+
+In this document we will cover Kong's **proxying capabilities**  by explaining
+its routing capabilities and internal workings in details.
+
+Kong exposes several interfaces which can be tweaked by two configuration
+properties:
+
+- `proxy_listen`, which defines a list of addresses/ports on which Kong will
+  accept **public traffic** from clients and proxy it to your upstream services
+  (`8000` by default).
+- `admin_listen`, which also defines a list of addresses and ports, but those
+  should be restricted to only be accessed by administrators, as they expose
+  Kong's configuration capabilities: the **Admin API** (`8001` by default).
+
+<div class="alert alert-warning">
+<p><strong>Note:</strong> Starting with Kong 1.0.0 and Kong Enterprise 0.35, the API entity has been removed.
+This document will cover proxying with the new Routes and
+Services entities.</p>
+<p>See an older version of this document if you are using 0.12 or
+below.</p>
+</div>
+
+## Terminology
+
+- `client`: Refers to the *downstream* client making requests to Kong's
+  proxy port.
+- `upstream service`: Refers to your own API/service sitting behind Kong, to
+  which client requests are forwarded.
+- `Service`: Service entities, as the name implies, are abstractions of each of
+  your own upstream services. Examples of Services would be a data
+  transformation microservice, a billing API, etc.
+- `Route`: This refers to the Kong Routes entity. Routes are entrypoints into
+  Kong, and defining rules for a request to be matched, and routed to a given
+  Service.
+- `Plugin`: This refers to Kong "plugins", which are pieces of business logic
+  that run in the proxying lifecycle. Plugins can be configured through the
+  Admin API - either globally (all incoming traffic) or on specific Routes
+  and Services.
+
+[Back to TOC](#table-of-contents)
+
+## Overview
+
+From a high-level perspective, Kong listens for HTTP traffic on its configured
+proxy port(s) (`8000` and `8443` by default). Kong will evaluate any incoming
+HTTP request against the Routes you have configured and try to find a matching
+one. If a given request matches the rules of a specific Route, Kong will
+process proxying the request. Because each Route is linked to a Service, Kong
+will run the plugins you have configured on your Route and its associated
+Service, and then proxy the request upstream.
+
+You can manage Routes via Kong's Admin API. The `hosts`, `paths`, and `methods`
+attributes of Routes define rules for matching incoming HTTP requests.
+
+If Kong receives a request that it cannot match against any of the configured
+Routes (or if no Routes are configured), it will respond with:
+
+```http
+HTTP/1.1 404 Not Found
+Content-Type: application/json
+Server: kong/<x.x.x>
+
+{
+    "message": "no route and no Service found with those values"
+}
+```
+
+[Back to TOC](#table-of-contents)
+
+## Reminder: How to configure a Service
+
+The [Configuring a Service][configuring-a-service] quickstart guide explains
+how Kong is configured via the [Admin API][API].
+
+Adding a Service to Kong is done by sending an HTTP request to the Admin API:
+
+```bash
+$ curl -i -X POST http://localhost:8001/services/ \
+    -d 'name=foo-service' \
+    -d 'url=http://foo-service.com'
+HTTP/1.1 201 Created
+...
+
+{
+    "connect_timeout": 60000,
+    "created_at": 1515537771,
+    "host": "foo-service.com",
+    "id": "d54da06c-d69f-4910-8896-915c63c270cd",
+    "name": "foo-service",
+    "path": "/",
+    "port": 80,
+    "protocol": "http",
+    "read_timeout": 60000,
+    "retries": 5,
+    "updated_at": 1515537771,
+    "write_timeout": 60000
+}
+```
+
+This request instructs Kong to register a Service named "foo-service", which
+points to `http://foo-service.com` (your upstream).
+
+**Note:** the `url` argument is a shorthand argument to populate the
+`protocol`, `host`, `port`, and `path` attributes at once.
+
+Now, in order to send traffic to this Service through Kong, we need to specify
+a Route, which acts as an entrypoint to Kong:
+
+```bash
+$ curl -i -X POST http://localhost:8001/routes/ \
+    -d 'hosts[]=example.com' \
+    -d 'paths[]=/foo' \
+    -d 'service.id=d54da06c-d69f-4910-8896-915c63c270cd'
+HTTP/1.1 201 Created
+...
+
+{
+    "created_at": 1515539858,
+    "hosts": [
+        "example.com"
+    ],
+    "id": "ee794195-6783-4056-a5cc-a7e0fde88c81",
+    "methods": null,
+    "paths": [
+        "/foo"
+    ],
+    "preserve_host": false,
+    "priority": 0,
+    "protocols": [
+        "http",
+        "https"
+    ],
+    "service": {
+        "id": "d54da06c-d69f-4910-8896-915c63c270cd"
+    },
+    "strip_path": true,
+    "updated_at": 1515539858
+}
+```
+
+We have now configured a Route to match incoming requests matching the given
+`hosts` and `paths`, and forward them to the `foo-service` we configured, thus
+proxying this traffic to `http://foo-service.com`.
+
+Kong is a transparent proxy, and it will by default forward the request to your
+upstream service untouched, with the exception of various headers such as
+`Connection`, `Date`, and others as required by the HTTP specifications.
+
+[Back to TOC](#table-of-contents)
+
+## Routes and matching capabilities
+
+Let's now discuss how Kong matches a request against the configured `hosts`,
+`paths` and `methods` properties (or fields) of a Route. Note that all three of
+these fields are **optional**, but at least **one of them** must be specified.
+
+For a request to match a Route:
+
+- The request **must** include **all** of the configured fields
+- The values of the fields in the request **must** match at least one of the
+  configured values (While the field configurations accepts one or more values,
+  a request needs only one of the values to be considered a match)
+
+Let's go through a few examples. Consider a Route configured like this:
+
+```json
+{
+    "hosts": ["example.com", "foo-service.com"],
+    "paths": ["/foo", "/bar"],
+    "methods": ["GET"]
+}
+```
+
+Some of the possible requests matching this Route would look like:
+
+```http
+GET /foo HTTP/1.1
+Host: example.com
+```
+
+```http
+GET /bar HTTP/1.1
+Host: foo-service.com
+```
+
+```http
+GET /foo/hello/world HTTP/1.1
+Host: example.com
+```
+
+All three of these requests satisfy all the conditions set in the Route
+definition.
+
+However, the following requests would **not** match the configured conditions:
+
+```http
+GET / HTTP/1.1
+Host: example.com
+```
+
+```http
+POST /foo HTTP/1.1
+Host: example.com
+```
+
+```http
+GET /foo HTTP/1.1
+Host: foo.com
+```
+
+All three of these requests satisfy only two of configured conditions. The
+first request's path is not a match for any of the configured `paths`, same for
+the second request's HTTP method, and the third request's Host header.
+
+Now that we understand how the `hosts`, `paths`, and `methods` properties work
+together, let's explore each property individually.
+
+[Back to TOC](#table-of-contents)
+
+### Request Host header
+
+Routing a request based on its Host header is the most straightforward way to
+proxy traffic through Kong, especially since this is the intended usage of the
+HTTP Host header. Kong makes it easy to do via the `hosts` field of the Route
+entity.
+
+`hosts` accepts multiple values, which must be comma-separated when specifying
+them via the Admin API:
+
+`hosts` accepts multiple values, which is straightforward to represent in a
+JSON payload:
+
+```bash
+$ curl -i -X POST http://localhost:8001/routes/ \
+    -H 'Content-Type: application/json' \
+    -d '{"hosts":["example.com", "foo-service.com"]}'
+HTTP/1.1 201 Created
+...
+```
+
+But since the Admin API also supports form-urlencoded content types, you
+can specify an array via the `[]` notation:
+
+```bash
+$ curl -i -X POST http://localhost:8001/routes/ \
+    -d 'hosts[]=example.com' \
+    -d 'hosts[]=foo-service.com'
+HTTP/1.1 201 Created
+...
+```
+
+To satisfy the `hosts` condition of this Route, any incoming request from a
+client must now have its Host header set to one of:
+
+```
+Host: example.com
+```
+
+or:
+
+```
+Host: foo-service.com
+```
+
+[Back to TOC](#table-of-contents)
+
+#### Using wildcard hostnames
+
+To provide flexibility, Kong allows you to specify hostnames with wildcards in
+the `hosts` field. Wildcard hostnames allow any matching Host header to satisfy
+the condition, and thus match a given Route.
+
+Wildcard hostnames **must** contain **only one** asterisk at the leftmost
+**or** rightmost label of the domain. Examples:
+
+- `*.example.com` would allow Host values such as `a.example.com` and
+  `x.y.example.com` to match.
+- `example.*` would allow Host values such as `example.com` and `example.org`
+  to match.
+
+A complete example would look like this:
+
+```json
+{
+    "hosts": ["*.example.com", "service.com"]
+}
+```
+
+Which would allow the following requests to match this Route:
+
+```http
+GET / HTTP/1.1
+Host: an.example.com
+```
+
+```http
+GET / HTTP/1.1
+Host: service.com
+```
+
+[Back to TOC](#table-of-contents)
+
+#### The `preserve_host` property
+
+When proxying, Kong's default behavior is to set the upstream request's Host
+header to the hostname specified in the Service's `host`. The
+`preserve_host` field accepts a boolean flag instructing Kong not to do so.
+
+For example, when the `preserve_host` property is not changed and a Route is
+configured like so:
+
+```json
+{
+    "hosts": ["service.com"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+A possible request from a client to Kong could be:
+
+```http
+GET / HTTP/1.1
+Host: service.com
+```
+
+Kong would extract the Host header value from the Service's `host` property, ,
+and would send the following upstream request:
+
+```http
+GET / HTTP/1.1
+Host: <my-service-host.com>
+```
+
+However, by explicitly configuring a Route with `preserve_host=true`:
+
+```json
+{
+    "hosts": ["service.com"],
+    "preserve_host": true,
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+And assuming the same request from the client:
+
+```http
+GET / HTTP/1.1
+Host: service.com
+```
+
+Kong would preserve the Host on the client request and would send the following
+upstream request instead:
+
+```http
+GET / HTTP/1.1
+Host: service.com
+```
+
+[Back to TOC](#table-of-contents)
+
+### Request path
+
+Another way for a Route to be matched is via request paths. To satisfy this
+routing condition, a client request's path **must** be prefixed with one of the
+values of the `paths` attribute.
+
+For example, with a Route configured like so:
+
+```json
+{
+    "paths": ["/service", "/hello/world"]
+}
+```
+
+The following requests would be matched:
+
+```http
+GET /service HTTP/1.1
+Host: example.com
+```
+
+```http
+GET /service/resource?param=value HTTP/1.1
+Host: example.com
+```
+
+```http
+GET /hello/world/resource HTTP/1.1
+Host: anything.com
+```
+
+For each of these requests, Kong detects that their URL path is prefixed with
+one of the Routes's `paths` values. By default, Kong would then proxy the
+request upstream without changing the URL path.
+
+When proxying with path prefixes, **the longest paths get evaluated first**.
+This allow you to define two Routes with two paths: `/service` and
+`/service/resource`, and ensure that the former does not "shadow" the latter.
+
+[Back to TOC](#table-of-contents)
+
+#### Using regexes in paths
+
+Kong supports regular expression pattern matching for an Route's `paths` field
+via [PCRE](http://pcre.org/) (Perl Compatible Regular Expression). You can
+assign paths as both prefixes and regexes to a Route at the same time.
+
+For example, if we consider the following Route:
+
+```json
+{
+    "paths": ["/users/\d+/profile", "/following"]
+}
+```
+
+The following requests would be matched by this Route:
+
+```http
+GET /following HTTP/1.1
+Host: ...
+```
+
+```http
+GET /users/123/profile HTTP/1.1
+Host: ...
+```
+
+The provided regexes are evaluated with the `a` PCRE flag (`PCRE_ANCHORED`),
+meaning that they will be constrained to match at the first matching point
+in the path (the root `/` character).
+
+[Back to TOC](#table-of-contents)
+
+##### Evaluation order
+
+As previously mentioned, Kong evaluates prefix paths by length: the longest
+prefix paths are evaluated first. However, Kong will evaluate regex paths based
+on the `regex_priority` attribute of Routes from highest priority to lowest.
+Regex paths are furthermore evaluated before prefix paths.
+
+Consider the following Routes:
+
+```json
+[
+    {
+        "paths": ["/status/\d+"],
+        "regex_priority": 0
+    },
+    {
+        "paths": ["/version/\d+/status/\d+"],
+        "regex_priority": 6
+    },
+    {
+        "paths": ["/version"],
+    },
+    {
+        "paths": ["/version/any/"],
+    }
+]
+```
+
+In this scenario, Kong will evaluate incoming requests against the following
+defined URIs, in this order:
+
+1. `/version/\d+/status/\d+`
+2. `/status/\d+`
+3. `/version/any/`
+4. `/version`
+
+Take care to avoid writing regex rules that are overly broad and may consume
+traffic intended for a prefix rule. Adding a rule with the path `/version/.*` to
+the ruleset above would likely consume some traffic intended for the `/version`
+prefix path. If you see unexpected behavior, sending `X-Kong-Debug: 1` in your
+request headers will indicate the matched Route ID in the response headers for
+troubleshooting purposes.
+
+As usual, a request must still match a Route's `hosts` and `methods` properties
+as well, and Kong will traverse your Routes until it finds one that [matches
+the most rules](#matching-priorities).
+
+[Back to TOC](#table-of-contents)
+
+##### Capturing groups
+
+Capturing groups are also supported, and the matched group will be extracted
+from the path and available for plugins consumption. If we consider the
+following regex:
+
+```
+/version/(?<version>\d+)/users/(?<user>\S+)
+```
+
+And the following request path:
+
+```
+/version/1/users/john
+```
+
+Kong will consider the request path a match, and if the overall Route is
+matched (considering the `hosts` and `methods` fields), the extracted capturing
+groups will be available from the plugins in the `ngx.ctx` variable:
+
+```lua
+local router_matches = ngx.ctx.router_matches
+
+-- router_matches.uri_captures is:
+-- { "1", "john", version = "1", user = "john" }
+```
+
+[Back to TOC](#table-of-contents)
+
+##### Escaping special characters
+
+Next, it is worth noting that characters found in regexes are often
+reserved characters according to
+[RFC 3986](https://tools.ietf.org/html/rfc3986) and as such,
+should be percent-encoded. **When configuring Routes with regex paths via the
+Admin API, be sure to URL encode your payload if necessary**. For example,
+with `curl` and using an `application/x-www-form-urlencoded` MIME type:
+
+```bash
+$ curl -i -X POST http://localhost:8001/routes \
+    --data-urlencode 'uris[]=/status/\d+'
+HTTP/1.1 201 Created
+...
+```
+
+Note that `curl` does not automatically URL encode your payload, and note the
+usage of `--data-urlencode`, which prevents the `+` character to be URL decoded
+and interpreted as a space ` ` by Kong's Admin API.
+
+[Back to TOC](#table-of-contents)
+
+#### The `strip_path` property
+
+It may be desirable to specify a path prefix to match a Route, but not
+include it in the upstream request. To do so, use the `strip_path` boolean
+property by configuring a Route like so:
+
+```json
+{
+    "paths": ["/service"],
+    "strip_path": true,
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+Enabling this flag instructs Kong that when matching this Route, and proceeding
+with the proxying to a Service, it should **not** include the matched part of
+the URL path in the upstream request's URL. For example, the following
+client's request to the above Route:
+
+```http
+GET /service/path/to/resource HTTP/1.1
+Host: ...
+```
+
+Will cause Kong to send the following upstream request:
+
+```http
+GET /path/to/resource HTTP/1.1
+Host: ...
+```
+
+The same way, if a regex path is defined on a Route that has `strip_path`
+enabled, the entirety of the request URL matching sequence will be stripped.
+Example:
+
+```json
+{
+    "paths": ["/version/\d+/service"],
+    "strip_path": true,
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+The following HTTP request matching the provided regex path:
+
+```http
+GET /version/1/service/path/to/resource HTTP/1.1
+Host: ...
+```
+
+Will be proxied upstream by Kong as:
+
+```http
+GET /path/to/resource HTTP/1.1
+Host: ...
+```
+
+[Back to TOC](#table-of-contents)
+
+### Request HTTP method
+
+The `methods` field allows matching the requests depending on their HTTP
+method.  It accepts multiple values. Its default value is empty (the HTTP
+method is not used for routing).
+
+The following Route allows routing via `GET` and `HEAD`:
+
+```json
+{
+    "methods": ["GET", "HEAD"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+Such a Route would be matched with the following requests:
+
+```http
+GET / HTTP/1.1
+Host: ...
+```
+
+```http
+HEAD /resource HTTP/1.1
+Host: ...
+```
+
+But it would not match a `POST` or `DELETE` request. This allows for much more
+granularity when configuring plugins on Routes. For example, one could imagine
+two Routes pointing to the same service: one with unlimited unauthenticated
+`GET` requests, and a second one allowing only authenticated and rate-limited
+`POST` requests (by applying the authentication and rate limiting plugins to
+such requests).
+
+[Back to TOC](#table-of-contents)
+
+## Matching priorities
+
+A Route may define matching rules based on its `hosts`, `paths`, and `methods`
+fields. For Kong to match an incoming request to a Route, all existing fields
+must be satisfied. However, Kong allows for quite some flexibility by allowing
+two or more Routes to be configured with fields containing the same values -
+when this occurs, Kong applies a priority rule.
+
+The rule is: **when evaluating a request, Kong will first try to match the
+Routes with the most rules**.
+
+For example, if two Routes are configured like so:
+
+```json
+{
+    "hosts": ["example.com"],
+    "service": {
+        "id": "..."
+    }
+},
+{
+    "hosts": ["example.com"],
+    "methods": ["POST"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+The second Route has a `hosts` field **and** a `methods` field, so it will be
+evaluated first by Kong. By doing so, we avoid the first Route "shadowing"
+calls intended for the second one.
+
+Thus, this request will match the first Route
+
+```http
+GET / HTTP/1.1
+Host: example.com
+```
+
+And this request will match the second one:
+
+```http
+POST / HTTP/1.1
+Host: example.com
+```
+
+Following this logic, if a third Route was to be configured with a `hosts`
+field, a `methods` field, and a `uris` field, it would be evaluated first by
+Kong.
+
+[Back to TOC](#table-of-contents)
+
+## Proxying behavior
+
+The proxying rules above detail how Kong forwards incoming requests to your
+upstream services. Below, we detail what happens internally between the time
+Kong *matches* an HTTP request with a registered Route, and the actual
+*forwarding* of the request.
+
+[Back to TOC](#table-of-contents)
+
+### 1. Load balancing
+
+Kong implements load balancing capabilities to distribute proxied
+requests across a pool of instances of an upstream service.
+
+You can find more information about configuring load balancing by consulting
+the [Load Balancing Reference][load-balancing-reference].
+
+[Back to TOC](#table-of-contents)
+
+### 2. Plugins execution
+
+Kong is extensible via "plugins" that hook themselves in the request/response
+lifecycle of the proxied requests. Plugins can perform a variety of operations
+in your environment and/or transformations on the proxied request.
+
+Plugins can be configured to run globally (for all proxied traffic) or on
+specific Routes and Services. In both cases, you must create a [plugin
+configuration][plugin-configuration-object] via the Admin API.
+
+Once a Route has been matched (and its associated Service entity), Kong will
+run plugins associated to either of those entities. Plugins configured on a
+Route run before plugins configured on a Service, but otherwise, the usual
+rules of [plugins association][plugin-association-rules] apply.
+
+These configured plugins will run their `access` phase, which you can find more
+information about in the [Plugin development guide][plugin-development-guide].
+
+[Back to TOC](#table-of-contents)
+
+### 3. Proxying & upstream timeouts
+
+Once Kong has executed all the necessary logic (including plugins), it is ready
+to forward the request to your upstream service. This is done via Nginx's
+[ngx_http_proxy_module][ngx-http-proxy-module]. You can configure the desired
+timeouts for the connection between Kong and a given upstream, via the following
+properties of a Service:
+
+- `upstream_connect_timeout`: defines in milliseconds the timeout for
+  establishing a connection to your upstream service. Defaults to `60000`.
+- `upstream_send_timeout`: defines in milliseconds a timeout between two
+  successive write operations for transmitting a request to your upstream
+  service.  Defaults to `60000`.
+- `upstream_read_timeout`: defines in milliseconds a timeout between two
+  successive read operations for receiving a request from your upstream
+  service.  Defaults to `60000`.
+
+Kong will send the request over HTTP/1.1, and set the following headers:
+
+- `Host: <your_upstream_host>`, as previously described in this document.
+- `Connection: keep-alive`, to allow for reusing the upstream connections.
+- `X-Real-IP: <remote_addr>`, where `$remote_addr` is the variable bearing
+  the same name provided by
+  [ngx_http_core_module][ngx-remote-addr-variable]. Please note that the
+  `$remote_addr` is likely overridden by
+  [ngx_http_realip_module][ngx-http-realip-module].
+- `X-Forwarded-For: <address>`, where `<address>` is the content of
+  `$realip_remote_addr` provided by
+  [ngx_http_realip_module][ngx-http-realip-module] appended to the request
+  header with the same name.
+- `X-Forwarded-Proto: <protocol>`, where `<protocol>` is the protocol used by
+  the client. In the case where `$realip_remote_addr` is one of the **trusted**
+  addresses, the request header with the same name gets forwarded if provided.
+  Otherwise, the value of the `$scheme` variable provided by
+  [ngx_http_core_module][ngx-scheme-variable] will be used.
+- `X-Forwarded-Host: <host>`, where `<host>` is the host name sent by
+  the client. In the case where `$realip_remote_addr` is one of the **trusted**
+  addresses, the request header with the same name gets forwarded if provided.
+  Otherwise, the value of the `$host` variable provided by
+  [ngx_http_core_module][ngx-host-variable] will be used.
+- `X-Forwarded-Port: <port>`, where `<port>` is the port of the server which
+  accepted a request. In the case where `$realip_remote_addr` is one of the
+  **trusted** addresses, the request header with the same name gets forwarded
+  if provided. Otherwise, the value of the `$server_port` variable provided by
+  [ngx_http_core_module][ngx-server-port-variable] will be used.
+
+All the other request headers are forwarded as-is by Kong.
+
+One exception to this is made when using the WebSocket protocol. If so, Kong
+will set the following headers to allow for upgrading the protocol between the
+client and your upstream services:
+
+- `Connection: Upgrade`
+- `Upgrade: websocket`
+
+More information on this topic is covered in the
+[Proxy WebSocket traffic][proxy-websocket] section.
+
+[Back to TOC](#table-of-contents)
+
+### 4. Errors & retries
+
+Whenever an error occurs during proxying, Kong will use the underlying
+Nginx [retries][ngx-http-proxy-retries] mechanism to pass the request on to
+the next upstream.
+
+There are two configurable elements here:
+
+1. The number of retries: this can be configured per Service using the
+   `retries` property. See the [Admin API][API] for more details on this.
+
+2. What exactly constitutes an error: here Kong uses the Nginx defaults, which
+   means an error or timeout occurring while establishing a connection with the
+   server, passing a request to it, or reading the response headers.
+
+The second option is based on Nginx's
+[proxy_next_upstream][proxy_next_upstream] directive. This option is not
+directly configurable through Kong, but can be added using a custom Nginx
+configuration. See the [configuration reference][configuration-reference] for
+more details.
+
+[Back to TOC](#table-of-contents)
+
+### 5. Response
+
+Kong receives the response from the upstream service and sends it back to the
+downstream client in a streaming fashion. At this point Kong will execute
+subsequent plugins added to the Route and/or Service that implement a hook in
+the `header_filter` phase.
+
+Once the `header_filter` phase of all registered plugins has been executed, the
+following headers will be added by Kong and the full set of headers be sent to
+the client:
+
+- `Via: kong/x.x.x`, where `x.x.x` is the Kong version in use
+- `X-Kong-Proxy-Latency: <latency>`, where `latency` is the time in milliseconds
+  between Kong receiving the request from the client and sending the request to
+  your upstream service.
+- `X-Kong-Upstream-Latency: <latency>`, where `latency` is the time in
+  milliseconds that Kong was waiting for the first byte of the upstream service
+  response.
+
+Once the headers are sent to the client, Kong will start executing
+registered plugins for the Route and/or Service that implement the
+`body_filter` hook. This hook may be called multiple times, due to the
+streaming nature of Nginx. Each chunk of the upstream response that is
+successfully processed by such `body_filter` hooks is sent back to the client.
+You can find more information about the `body_filter` hook in the [Plugin
+development guide][plugin-development-guide].
+
+[Back to TOC](#table-of-contents)
+
+## Configuring a fallback Route
+
+As a practical use-case and example of the flexibility offered by Kong's
+proxying capabilities, let's try to implement a "fallback Route", so that in
+order to avoid Kong responding with an HTTP `404`, "no route found", we can
+catch such requests and proxy them to a special upstream service, or apply a
+plugin to it (such a plugin could, for example, terminate the request with a
+different status code or response without proxying the request).
+
+Here is an example of such a fallback Route:
+
+```json
+{
+    "paths": ["/"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+As you can guess, any HTTP request made to Kong would actually match this
+Route, since all URIs are prefixed by the root character `/`. As we know from
+the [Request path][proxy-request-path] section, the longest URL paths are
+evaluated first by Kong, so the `/` path will eventually be evaluated last by
+Kong, and effectively provide a "fallback" Route, only matched as a last
+resort. You can then send traffic to a special Service or apply any plugin you
+wish on this Route.
+
+[Back to TOC](#table-of-contents)
+
+## Configuring SSL for a Route
+
+Kong provides a way to dynamically serve SSL certificates on a per-connection
+basis. SSL certificates are directly handled by the core, and configurable via
+the Admin API. Clients connecting to Kong over TLS must support the [Server
+Name Indication][SNI] extension to make use of this feature.
+
+SSL certificates are handled by two resources in the Kong Admin API:
+
+- `/certificates`, which stores your keys and certificates.
+- `/snis`, which associates a registered certificate with a Server Name
+  Indication.
+
+You can find the documentation for those two resources in the
+[Admin API Reference][API].
+
+Here is how to configure an SSL certificate on a given Route: first, upload
+your SSL certificate and key via the Admin API:
+
+```bash
+$ curl -i -X POST http://localhost:8001/certificates \
+    -F "cert=@/path/to/cert.pem" \
+    -F "key=@/path/to/cert.key" \
+    -F "snis=ssl-example.com,other-ssl-example.com"
+HTTP/1.1 201 Created
+...
+```
+
+The `snis` form parameter is a sugar parameter, directly inserting an SNI and
+associating the uploaded certificate to it.
+
+You must now register the following Route within Kong. We will match requests
+to this Route using only the Host header for convenience:
+
+```bash
+$ curl -i -X POST http://localhost:8001/routes \
+    -d 'hosts=ssl-example.com,other-ssl-example.com' \
+    -d 'service.id=d54da06c-d69f-4910-8896-915c63c270cd'
+HTTP/1.1 201 Created
+...
+```
+
+You can now expect the Route to be served over HTTPS by Kong:
+
+```bash
+$ curl -i https://localhost:8443/ \
+  -H "Host: ssl-example.com"
+HTTP/1.1 200 OK
+...
+```
+
+When establishing the connection and negotiating the SSL handshake, if your
+client sends `ssl-example.com` as part of the SNI extension, Kong will serve
+the `cert.pem` certificate previously configured.
+
+[Back to TOC](#table-of-contents)
+
+### Restricting the client protocol (HTTP/HTTPS/TCP/TLS)
+
+Routes have a `protocols` property to restrict the client protocol they should
+listen for. This attribute accepts a set of values, which can be `"http"`,
+`"https"`, `"tcp"` or `"tls"`.
+
+A Route with `http` and `https` will accept traffic in both protocols.
+
+```json
+{
+    "hosts": ["..."],
+    "paths": ["..."],
+    "methods": ["..."],
+    "protocols": ["http", "https"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+Not specifying any protocol has the same effect, since routes default to
+`["http", "https"]`.
+
+However, a Route with *only* `https` would _only_ accept traffic over HTTPS. It
+would _also_ accept unencrypted traffic _if_ SSL termination previously
+occurred from a trusted IP. SSL termination is considered valid when the
+request comes from one of the configured IPs in
+[trusted_ips][configuration-trusted-ips] and if the `X-Forwarded-Proto: https`
+header is set:
+
+```json
+{
+    "hosts": ["..."],
+    "paths": ["..."],
+    "methods": ["..."],
+    "protocols": ["https"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+If a Route such as the above matches a request, but that request is in
+plain-text without valid prior SSL termination, Kong responds with:
+
+```http
+HTTP/1.1 426 Upgrade Required
+Content-Type: application/json; charset=utf-8
+Transfer-Encoding: chunked
+Connection: Upgrade
+Upgrade: TLS/1.2, HTTP/1.1
+Server: kong/x.y.z
+
+{"message":"Please use HTTPS protocol"}
+```
+
+Since Kong 1.0 and Kong Enterprise 0.35, it's possible to create routes for raw TCP (not necessarily HTTP)
+connections by using `"tcp"` in the `protocols` attribute:
+
+```json
+{
+    "hosts": ["..."],
+    "paths": ["..."],
+    "methods": ["..."],
+    "protocols": ["tcp"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+Similarly, we can create routes which accept raw TLS traffic (not necessarily HTTPS) with
+the `"tls"` value:
+
+```json
+{
+    "hosts": ["..."],
+    "paths": ["..."],
+    "methods": ["..."],
+    "protocols": ["tls"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+A Route with *only* `TLS` would _only_ accept traffic over TLS.
+
+It is also possible to accept both TCP and TLS simultaneously:
+
+```
+{
+    "hosts": ["..."],
+    "paths": ["..."],
+    "methods": ["..."],
+    "protocols": ["tcp", "tls"],
+    "service": {
+        "id": "..."
+    }
+}
+
+```
+
+
+[Back to TOC](#table-of-contents)
+
+## Proxy WebSocket traffic
+
+Kong supports WebSocket traffic thanks to the underlying Nginx implementation.
+When you wish to establish a WebSocket connection between a client and your
+upstream services *through* Kong, you must establish a WebSocket handshake.
+This is done via the HTTP Upgrade mechanism. This is what your client request
+made to Kong would look like:
+
+```http
+GET / HTTP/1.1
+Connection: Upgrade
+Host: my-websocket-api.com
+Upgrade: WebSocket
+```
+
+This will make Kong forward the `Connection` and `Upgrade` headers to your
+upstream service, instead of dismissing them due to the hop-by-hop nature of a
+standard HTTP proxy.
+
+[Back to TOC](#table-of-contents)
+
+### WebSocket and TLS
+
+Kong will accept `ws` and `wss` connections on its respective `http` and
+`https` ports. To enforce TLS connections from clients, set the `protocols`
+property of the [Route][route-entity] to `https` only.
+
+When setting up the [Service][service-entity] to point to your upstream
+WebSocket service, you should carefully pick the protocol you want to use
+between Kong and the upstream. If you want to use TLS (`wss`), then the
+upstream WebSocket service must be defined using the `https` protocol in the
+Service `protocol` property, and the proper port (usually 443). To connect
+without TLS (`ws`), then the `http` protocol and port (usually 80) should be
+used in `protocol` instead.
+
+If you want Kong to terminate SSL/TLS, you can accept `wss` only from the
+client, but proxy to the upstream service over plain text, or `ws`.
+
+[Back to TOC](#table-of-contents)
+
+## Conclusion
+
+Through this guide, we hope you gained knowledge of the underlying proxying
+mechanism of Kong, from how does a request match a Route to be routed to its
+associated Service, on to how to allow for using the WebSocket protocol or
+setup dynamic SSL certificates.
+
+This website is Open-Source and can be found at
+[github.com/Kong/docs.konghq.com](https://github.com/Kong/docs.konghq.com/).
+Feel free to provide feedback to this document there, or propose improvements!
+
+If you haven't already, we suggest that you also read the [Load balancing
+Reference][load-balancing-reference], as it closely relates to the topic we
+just covered.
+
+[Back to TOC](#table-of-contents)
+
+[plugin-configuration-object]: /enterprise/{{page.kong_version}}/admin-api#plugin-object
+[plugin-development-guide]: /enterprise/{{page.kong_version}}/plugin-development
+[plugin-association-rules]: /enterprise/{{page.kong_version}}/admin-api/#precedence
+[load-balancing-reference]: /enterprise/{{page.kong_version}}/loadbalancing
+[configuration-reference]: /enterprise/{{page.kong_version}}/property-reference-reference
+[configuration-trusted-ips]: /enterprise/{{page.kong_version}}/property-reference/#trusted_ips
+[configuring-a-service]: /enterprise/{{page.kong_version}}/getting-started/add-service
+[API]: /enterprise/{{page.kong_version}}/admin-api
+[service-entity]: /enterprise/{{page.kong_version}}/admin-api/#add-service
+[route-entity]: /enterprise/{{page.kong_version}}/admin-api/#add-route
+
+[ngx-http-proxy-module]: http://nginx.org/en/docs/http/ngx_http_proxy_module.html
+[ngx-http-realip-module]: http://nginx.org/en/docs/http/ngx_http_realip_module.html
+[ngx-remote-addr-variable]: http://nginx.org/en/docs/http/ngx_http_core_module.html#var_remote_addr
+[ngx-scheme-variable]: http://nginx.org/en/docs/http/ngx_http_core_module.html#var_scheme
+[ngx-host-variable]: http://nginx.org/en/docs/http/ngx_http_core_module.html#var_host
+[ngx-server-port-variable]: http://nginx.org/en/docs/http/ngx_http_core_module.html#var_server_port
+[ngx-http-proxy-retries]: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream_tries
+[SNI]: https://en.wikipedia.org/wiki/Server_Name_Indication
diff --git a/app/enterprise/0.35-x/secure-admin-api.md b/app/enterprise/0.35-x/secure-admin-api.md
new file mode 100644
index 000000000000..8986a17b7116
--- /dev/null
+++ b/app/enterprise/0.35-x/secure-admin-api.md
@@ -0,0 +1,159 @@
+---
+title: Securing the Admin API
+---
+
+## Introduction
+
+Kong's Admin API provides a RESTful interface for administration and
+configuration of Services, Routes, Plugins, Consumers, and Credentials. Because this
+API allows full control of Kong, it is important to secure this API against
+unwanted access. This document describes a few possible approaches to securing
+the Admin API.
+
+## Network Layer Access Restrictions
+
+### Minimal Listening Footprint
+
+By default since its 0.12.0 release, Kong will only accept requests from the
+local interface, as specified in its default `admin_listen` value:
+
+```
+admin_listen = 127.0.0.1:8001
+```
+
+If you change this value, always ensure to keep the listening footprint to a
+minimum, in order to avoid exposing your Admin API to third-parties, which
+could seriously compromise the security of your Kong cluster as a whole.
+For example, **avoid binding Kong to all of your interfaces**, by using
+values such as `0.0.0.0:8001`.
+
+[Back to TOC](#table-of-contents)
+
+### Layer 3/4 Network Controls
+
+In cases where the Admin API must be exposed beyond a localhost interface,
+network security best practices dictate that network-layer access be restricted
+as much as possible. Consider an environment in which Kong listens on a private
+network interface, but should only be accessed by a small subset of an IP range.
+In such a case, host-based firewalls (e.g. iptables) are useful in limiting
+input traffic ranges. For example:
+
+
+```bash
+# assume that Kong is listening on the address defined below, as defined as a
+# /24 CIDR block, and only a select few hosts in this range should have access
+
+$ grep admin_listen /etc/kong/kong.conf
+admin_listen 10.10.10.3:8001
+
+# explicitly allow TCP packets on port 8001 from the Kong node itself
+# this is not necessary if Admin API requests are not sent from the node
+$ iptables -A INPUT -s 10.10.10.3 -m tcp -p tcp --dport 8001 -j ACCEPT
+
+# explicitly allow TCP packets on port 8001 from the following addresses
+$ iptables -A INPUT -s 10.10.10.4 -m tcp -p tcp --dport 8001 -j ACCEPT
+$ iptables -A INPUT -s 10.10.10.5 -m tcp -p tcp --dport 8001 -j ACCEPT
+
+# drop all TCP packets on port 8001 not in the above IP list
+$ iptables -A INPUT -m tcp -p tcp --dport 8001 -j DROP
+
+```
+
+Additional controls, such as similar ACLs applied at a network device level, are
+encouraged, but fall outside the scope of this document.
+
+[Back to TOC](#table-of-contents)
+
+## Kong API Loopback
+
+Kong's routing design allows it to serve as a proxy for the Admin API itself. In
+this manner, Kong itself can be used to provide fine-grained access control to
+the Admin API. Such an environment requires bootstrapping a new Service that defines
+the `admin_listen` address as the Service's `url`. For example:
+
+```bash
+# assume that Kong has defined admin_listen as 127.0.0.1:8001, and we want to
+# reach the Admin API via the url `/admin-api`
+
+$ curl -X POST http://localhost:8001/services \
+  --data name=admin-api \
+  --data host=localhost \
+  --data port=8001
+
+$ curl -X POST http://localhost:8001/services/admin-api/routes \
+  --data paths[]=/admin-api
+
+# we can now transparently reach the Admin API through the proxy server
+$ curl localhost:8000/admin-api/apis
+{
+   "data":[
+      {
+         "uris":[
+            "\/admin-api"
+         ],
+         "id":"653b21bd-4d81-4573-ba00-177cc0108dec",
+         "upstream_read_timeout":60000,
+         "preserve_host":false,
+         "created_at":1496351805000,
+         "upstream_connect_timeout":60000,
+         "upstream_url":"http:\/\/localhost:8001",
+         "strip_uri":true,
+         "https_only":false,
+         "name":"admin-api",
+         "http_if_terminated":true,
+         "upstream_send_timeout":60000,
+         "retries":5
+      }
+   ],
+   "total":1
+}
+```
+
+From here, simply apply desired Kong-specific security controls (such as
+[basic][basic-auth] or [key authentication][key-auth],
+[IP restrictions][ip-restriction], or [access control lists][acl]) as you would
+normally to any other Kong API.
+
+[Back to TOC](#table-of-contents)
+
+## Custom Nginx Configuration
+
+Kong is tightly coupled with Nginx as an HTTP daemon, and can thus be integrated
+into environments with custom Nginx configurations. In this manner, use cases
+with complex security/access control requirements can use the full power of
+Nginx/OpenResty to build server/location blocks to house the Admin API as
+necessary. This allows such environments to leverage native Nginx authorization
+and authentication mechanisms, ACL modules, etc., in addition to providing the
+OpenResty environment on which custom/complex security controls can be built.
+
+For more information on integrating Kong into custom Nginx configurations, see
+[Custom Nginx configuration & embedding Kong][custom-configuration].
+
+[Back to TOC](#table-of-contents)
+
+## Role Based Access Control ##
+
+<div class="alert alert-warning">
+  <strong>Enterprise-Only</strong> This feature is only available with an
+  Enterprise Subscription.
+</div>
+
+Enterprise users can configure role-based access control to secure access to the
+Admin API. RBAC allows for fine-grained control over resource access based on
+a model of user roles and permissions. Users are assigned to one or more roles,
+which each in turn possess one or more permissions granting or denying access
+to a particular resource. In this way, fine-grained control over specific Admin
+API resources can be enforced, while scaling to allow complex, case-specific
+uses.
+
+If you are not a Kong Enterprise customer, you can inquire about our
+Enterprise offering by [contacting us](/enterprise).
+
+[Back to TOC](#table-of-contents)
+
+
+[acl]: /plugins/acl
+[basic-auth]: /plugins/basic-authentication/
+[custom-configuration]: /enterprise/{{page.kong_version}}/property-reference/#custom-nginx-configuration
+[ip-restriction]: /plugins/ip-restriction
+[key-auth]: /plugins/key-authentication
diff --git a/app/enterprise/0.36-x/admin-api/index.md b/app/enterprise/0.36-x/admin-api/index.md
index d3bef79edaf8..ac9a1a204f52 100644
--- a/app/enterprise/0.36-x/admin-api/index.md
+++ b/app/enterprise/0.36-x/admin-api/index.md
@@ -1,8 +1,2961 @@
 ---
 title: Admin API
-toc: false
+
+service_body: |
+    Attributes | Description
+    ---:| ---
+    `name`<br>*optional* | The Service name.
+    `retries`<br>*optional* | The number of retries to execute upon failure to proxy. Defaults to `5`.
+    `protocol` |  The protocol used to communicate with the upstream. It can be one of `http` or `https`.  Defaults to `"http"`.
+    `host` | The host of the upstream server.
+    `port` | The upstream server port. Defaults to `80`.
+    `path`<br>*optional* | The path to be used in requests to the upstream server.
+    `connect_timeout`<br>*optional* |  The timeout in milliseconds for establishing a connection to the upstream server.  Defaults to `60000`.
+    `write_timeout`<br>*optional* |  The timeout in milliseconds between two successive write operations for transmitting a request to the upstream server.  Defaults to `60000`.
+    `read_timeout`<br>*optional* |  The timeout in milliseconds between two successive read operations for transmitting a request to the upstream server.  Defaults to `60000`.
+    `tags`<br>*optional* |  An optional set of strings associated with the Service, for grouping and filtering. 
+    `url`<br>*shorthand-attribute* |  Shorthand attribute to set `protocol`, `host`, `port` and `path` at once. This attribute is write-only (the Admin API never "returns" the url). 
+
+service_json: |
+    {
+        "id": "9748f662-7711-4a90-8186-dc02f10eb0f5",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-service",
+        "retries": 5,
+        "protocol": "http",
+        "host": "example.com",
+        "port": 80,
+        "path": "/some_api",
+        "connect_timeout": 60000,
+        "write_timeout": 60000,
+        "read_timeout": 60000,
+        "tags": ["user-level", "low-priority"]
+    }
+
+service_data: |
+    "data": [{
+        "id": "4e3ad2e4-0bc4-4638-8e34-c84a417ba39b",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-service",
+        "retries": 5,
+        "protocol": "http",
+        "host": "example.com",
+        "port": 80,
+        "path": "/some_api",
+        "connect_timeout": 60000,
+        "write_timeout": 60000,
+        "read_timeout": 60000,
+        "tags": ["user-level", "low-priority"]
+    }, {
+        "id": "a5fb8d9b-a99d-40e9-9d35-72d42a62d83a",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-service",
+        "retries": 5,
+        "protocol": "http",
+        "host": "example.com",
+        "port": 80,
+        "path": "/another_api",
+        "connect_timeout": 60000,
+        "write_timeout": 60000,
+        "read_timeout": 60000,
+        "tags": ["admin", "high-priority", "critical"]
+    }],
+
+route_body: |
+    Attributes | Description
+    ---:| ---
+    `name`<br>*optional* | The name of the Route.
+    `protocols` |  A list of the protocols this Route should allow. When set to `["https"]`, HTTP requests are answered with a request to upgrade to HTTPS.  Defaults to `["http", "https"]`.
+    `methods`<br>*semi-optional* |  A list of HTTP methods that match this Route. When using `http` or `https` protocols, at least one of `hosts`, `paths`, or `methods` must be set. 
+    `hosts`<br>*semi-optional* |  A list of domain names that match this Route. When using `http` or `https` protocols, at least one of `hosts`, `paths`, or `methods` must be set.  With form-encoded, the notation is `hosts[]=example.com&hosts[]=foo.test`. With JSON, use an Array.
+    `paths`<br>*semi-optional* |  A list of paths that match this Route. When using `http` or `https` protocols, at least one of `hosts`, `paths`, or `methods` must be set.  With form-encoded, the notation is `paths[]=/foo&paths[]=/bar`. With JSON, use an Array.
+    `https_redirect_status_code` |  The status code Kong responds with when all properties of a Route match except the protocol i.e. if the protocol of the request is `HTTP` instead of `HTTPS`. `Location` header is injected by Kong if the field is set to 301, 302, 307 or 308.  Defaults to `426`.
+    `regex_priority`<br>*optional* |  A number used to choose which route resolves a given request when several routes match it using regexes simultaneously. When two routes match the path and have the same `regex_priority`, the older one (lowest `created_at`) is used. Note that the priority for non-regex routes is different (longer non-regex routes are matched before shorter ones).  Defaults to `0`.
+    `strip_path`<br>*optional* |  When matching a Route via one of the `paths`, strip the matching prefix from the upstream request URL.  Defaults to `true`.
+    `preserve_host`<br>*optional* |  When matching a Route via one of the `hosts` domain names, use the request `Host` header in the upstream request headers. If set to `false`, the upstream `Host` header will be that of the Service's `host`. 
+    `snis`<br>*semi-optional* |  A list of SNIs that match this Route when using stream routing. When using `tcp` or `tls` protocols, at least one of `snis`, `sources`, or `destinations` must be set. 
+    `sources`<br>*semi-optional* |  A list of IP sources of incoming connections that match this Route when using stream routing. Each entry is an object with fields "ip" (optionally in CIDR range notation) and/or "port". When using `tcp` or `tls` protocols, at least one of `snis`, `sources`, or `destinations` must be set. 
+    `destinations`<br>*semi-optional* |  A list of IP destinations of incoming connections that match this Route when using stream routing. Each entry is an object with fields "ip" (optionally in CIDR range notation) and/or "port". When using `tcp` or `tls` protocols, at least one of `snis`, `sources`, or `destinations` must be set. 
+    `tags`<br>*optional* |  An optional set of strings associated with the Route, for grouping and filtering. 
+    `service`<br>*optional* |  The Service this Route is associated to. This is where the Route proxies traffic to.  With form-encoded, the notation is `service.id=<service_id>`. With JSON, use `"service":{"id":"<service_id>"}`.
+
+route_json: |
+    {
+        "id": "51e77dc2-8f3e-4afa-9d0e-0e3bbbcfd515",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-route",
+        "protocols": ["http", "https"],
+        "methods": ["GET", "POST"],
+        "hosts": ["example.com", "foo.test"],
+        "paths": ["/foo", "/bar"],
+        "https_redirect_status_code": 426,
+        "regex_priority": 0,
+        "strip_path": true,
+        "preserve_host": false,
+        "tags": ["user-level", "low-priority"],
+        "service": {"id":"fc73f2af-890d-4f9b-8363-af8945001f7f"}
+    }
+
+route_data: |
+    "data": [{
+        "id": "4506673d-c825-444c-a25b-602e3c2ec16e",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-route",
+        "protocols": ["http", "https"],
+        "methods": ["GET", "POST"],
+        "hosts": ["example.com", "foo.test"],
+        "paths": ["/foo", "/bar"],
+        "https_redirect_status_code": 426,
+        "regex_priority": 0,
+        "strip_path": true,
+        "preserve_host": false,
+        "tags": ["user-level", "low-priority"],
+        "service": {"id":"d35165e2-d03e-461a-bdeb-dad0a112abfe"}
+    }, {
+        "id": "af8330d3-dbdc-48bd-b1be-55b98608834b",
+        "created_at": 1422386534,
+        "updated_at": 1422386534,
+        "name": "my-route",
+        "protocols": ["tcp", "tls"],
+        "https_redirect_status_code": 426,
+        "regex_priority": 0,
+        "strip_path": true,
+        "preserve_host": false,
+        "snis": ["foo.test", "example.com"],
+        "sources": [{"ip":"10.1.0.0/16", "port":1234}, {"ip":"10.2.2.2"}, {"port":9123}],
+        "destinations": [{"ip":"10.1.0.0/16", "port":1234}, {"ip":"10.2.2.2"}, {"port":9123}],
+        "tags": ["admin", "high-priority", "critical"],
+        "service": {"id":"a9daa3ba-8186-4a0d-96e8-00d80ce7240b"}
+    }],
+
+consumer_body: |
+    Attributes | Description
+    ---:| ---
+    `username`<br>*semi-optional* |  The unique username of the consumer. You must send either this field or `custom_id` with the request. 
+    `custom_id`<br>*semi-optional* |  Field for storing an existing unique ID for the consumer - useful for mapping Kong with users in your existing database. You must send either this field or `username` with the request. 
+    `tags`<br>*optional* |  An optional set of strings associated with the Consumer, for grouping and filtering. 
+
+consumer_json: |
+    {
+        "id": "127dfc88-ed57-45bf-b77a-a9d3a152ad31",
+        "created_at": 1422386534,
+        "username": "my-username",
+        "custom_id": "my-custom-id",
+        "tags": ["user-level", "low-priority"]
+    }
+
+consumer_data: |
+    "data": [{
+        "id": "9aa116fd-ef4a-4efa-89bf-a0b17c4be982",
+        "created_at": 1422386534,
+        "username": "my-username",
+        "custom_id": "my-custom-id",
+        "tags": ["user-level", "low-priority"]
+    }, {
+        "id": "ba641b07-e74a-430a-ab46-94b61e5ea66b",
+        "created_at": 1422386534,
+        "username": "my-username",
+        "custom_id": "my-custom-id",
+        "tags": ["admin", "high-priority", "critical"]
+    }],
+
+plugin_body: |
+    Attributes | Description
+    ---:| ---
+    `name` |  The name of the Plugin that's going to be added. Currently the Plugin must be installed in every Kong instance separately. 
+    `route`<br>*optional* |  If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the Route being used.  Defaults to `null`. With form-encoded, the notation is `route.id=<route_id>`. With JSON, use `"route":{"id":"<route_id>"}`.
+    `service`<br>*optional* |  If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.  Defaults to `null`. With form-encoded, the notation is `service.id=<service_id>`. With JSON, use `"service":{"id":"<service_id>"}`.
+    `consumer`<br>*optional* |  If set, the plugin will activate only for requests where the specified has been authenticated. (Note that some plugins can not be restricted to consumers this way.). Leave unset for the plugin to activate regardless of the authenticated consumer.  Defaults to `null`. With form-encoded, the notation is `consumer.id=<consumer_id>`. With JSON, use `"consumer":{"id":"<consumer_id>"}`.
+    `config`<br>*optional* |  The configuration properties for the Plugin which can be found on the plugins documentation page in the [Kong Hub](https://docs.konghq.com/hub/). 
+    `run_on` |  Control on which Kong nodes this plugin will run, given a Service Mesh scenario. Accepted values are: * `first`, meaning "run on the first Kong node that is encountered by the request". On an API Getaway scenario, this is the usual operation, since there is only one Kong node in between source and destination. In a sidecar-to-sidecar Service Mesh scenario, this means running the plugin only on the Kong sidecar of the outbound connection. * `second`, meaning "run on the second node that is encountered by the request". This option is only relevant for sidecar-to-sidecar Service Mesh scenarios: this means running the plugin only on the Kong sidecar of the inbound connection. * `all` means "run on all nodes", meaning both sidecars in a sidecar-to-sidecar scenario. This is useful for tracing/logging plugins.  Defaults to `"first"`.
+    `protocols` |  A list of the request protocols that will trigger this plugin. Possible values are `"http"`, `"https"`, `"tcp"`, and `"tls"`. The default value, as well as the possible values allowed on this field, may change depending on the plugin type. For example, plugins that only work in stream mode will may only support `"tcp"` and `"tls"`.  Defaults to `["http", "https"]`.
+    `enabled`<br>*optional* | Whether the plugin is applied. Defaults to `true`.
+    `tags`<br>*optional* |  An optional set of strings associated with the Plugin, for grouping and filtering. 
+
+plugin_json: |
+    {
+        "id": "ec1a1f6f-2aa4-4e58-93ff-b56368f19b27",
+        "name": "rate-limiting",
+        "created_at": 1422386534,
+        "route": null,
+        "service": null,
+        "consumer": null,
+        "config": {"hour":500, "minute":20},
+        "run_on": "first",
+        "protocols": ["http", "https"],
+        "enabled": true,
+        "tags": ["user-level", "low-priority"]
+    }
+
+plugin_data: |
+    "data": [{
+        "id": "a4407883-c166-43fd-80ca-3ca035b0cdb7",
+        "name": "rate-limiting",
+        "created_at": 1422386534,
+        "route": null,
+        "service": null,
+        "consumer": null,
+        "config": {"hour":500, "minute":20},
+        "run_on": "first",
+        "protocols": ["http", "https"],
+        "enabled": true,
+        "tags": ["user-level", "low-priority"]
+    }, {
+        "id": "01c23299-839c-49a5-a6d5-8864c09184af",
+        "name": "rate-limiting",
+        "created_at": 1422386534,
+        "route": null,
+        "service": null,
+        "consumer": null,
+        "config": {"hour":500, "minute":20},
+        "run_on": "first",
+        "protocols": ["tcp", "tls"],
+        "enabled": true,
+        "tags": ["admin", "high-priority", "critical"]
+    }],
+
+certificate_body: |
+    Attributes | Description
+    ---:| ---
+    `cert` | PEM-encoded public certificate of the SSL key pair.
+    `key` | PEM-encoded private key of the SSL key pair.
+    `tags`<br>*optional* |  An optional set of strings associated with the Certificate, for grouping and filtering. 
+    `snis`<br>*shorthand-attribute* |  An array of zero or more hostnames to associate with this certificate as SNIs. This is a sugar parameter that will, under the hood, create an SNI object and associate it with this certificate for your convenience. To set this attribute this certificate must have a valid private key associated with it. 
+
+certificate_json: |
+    {
+        "id": "ce44eef5-41ed-47f6-baab-f725cecf98c7",
+        "created_at": 1422386534,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+        "key": "-----BEGIN RSA PRIVATE KEY-----...",
+        "tags": ["user-level", "low-priority"]
+    }
+
+certificate_data: |
+    "data": [{
+        "id": "02621eee-8309-4bf6-b36b-a82017a5393e",
+        "created_at": 1422386534,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+        "key": "-----BEGIN RSA PRIVATE KEY-----...",
+        "tags": ["user-level", "low-priority"]
+    }, {
+        "id": "66c7b5c4-4aaf-4119-af1e-ee3ad75d0af4",
+        "created_at": 1422386534,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+        "key": "-----BEGIN RSA PRIVATE KEY-----...",
+        "tags": ["admin", "high-priority", "critical"]
+    }],
+
+sni_body: |
+    Attributes | Description
+    ---:| ---
+    `name` | The SNI name to associate with the given certificate. May contain a single wildcard in the leftmost (suffix) or rightmost (prefix) position. This can be helpful when maintaining multiple subdomains, as a single SNI configured with a wildcard name can be used to match multiple subdomains, instead of creating an SNI entity for each. Valid wildcard positions are `mydomain.*`, `*.mydomain.com`, and `*.www.mydomain.com`. Plain SNI names (no wildcard) take priority when matching, followed by prefix and then suffix.
+    `tags`<br>*optional* |  An optional set of strings associated with the SNIs, for grouping and filtering. 
+    `certificate` |  The id (a UUID) of the certificate with which to associate the SNI hostname. The Certificate must have a valid private key associated with it to be used by the SNI object.  With form-encoded, the notation is `certificate.id=<certificate_id>`. With JSON, use `"certificate":{"id":"<certificate_id>"}`.
+
+sni_json: |
+    {
+        "id": "7fca84d6-7d37-4a74-a7b0-93e576089a41",
+        "name": "my-sni",
+        "created_at": 1422386534,
+        "tags": ["user-level", "low-priority"],
+        "certificate": {"id":"d044b7d4-3dc2-4bbc-8e9f-6b7a69416df6"}
+    }
+
+sni_data: |
+    "data": [{
+        "id": "a9b2107f-a214-47b3-add4-46b942187924",
+        "name": "my-sni",
+        "created_at": 1422386534,
+        "tags": ["user-level", "low-priority"],
+        "certificate": {"id":"04fbeacf-a9f1-4a5d-ae4a-b0407445db3f"}
+    }, {
+        "id": "43429efd-b3a5-4048-94cb-5cc4029909bb",
+        "name": "my-sni",
+        "created_at": 1422386534,
+        "tags": ["admin", "high-priority", "critical"],
+        "certificate": {"id":"d26761d5-83a4-4f24-ac6c-cff276f2b79c"}
+    }],
+
+certificate_authority_body: |
+    Attributes | Description
+    ---:| ---
+    `cert` | PEM-encoded public CA certificate.
+
+certificate_authority_json: |
+    {
+        "id": "322dce96-d434-4e0d-9038-311b3520f0a3",
+        "created_at": 1566597621,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+    }
+
+certificate_authority_data: |
+    "data": [{
+        "id": "322dce96-d434-4e0d-9038-311b3520f0a3",
+        "created_at": 1566597621,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+    }, {
+        "id": "43629afd-bda5-4248-94cb-5cc4029909bb",
+        "created_at": 1566597621,
+        "cert": "-----BEGIN CERTIFICATE-----...",
+    }],
+
+upstream_body: |
+    Attributes | Description
+    ---:| ---
+    `name` | This is a hostname, which must be equal to the `host` of a Service.
+    `hash_on`<br>*optional* | What to use as hashing input: `none` (resulting in a weighted-round-robin scheme with no hashing), `consumer`, `ip`, `header`, or `cookie`. Defaults to `"none"`.
+    `hash_fallback`<br>*optional* | What to use as hashing input if the primary `hash_on` does not return a hash (eg. header is missing, or no consumer identified). One of: `none`, `consumer`, `ip`, `header`, or `cookie`. Not available if `hash_on` is set to `cookie`. Defaults to `"none"`.
+    `hash_on_header`<br>*semi-optional* | The header name to take the value from as hash input. Only required when `hash_on` is set to `header`.
+    `hash_fallback_header`<br>*semi-optional* | The header name to take the value from as hash input. Only required when `hash_fallback` is set to `header`.
+    `hash_on_cookie`<br>*semi-optional* | The cookie name to take the value from as hash input. Only required when `hash_on` or `hash_fallback` is set to `cookie`. If the specified cookie is not in the request, Kong will generate a value and set the cookie in the response.
+    `hash_on_cookie_path`<br>*semi-optional* | The cookie path to set in the response headers. Only required when `hash_on` or `hash_fallback` is set to `cookie`. Defaults to `"/"`.
+    `slots`<br>*optional* | The number of slots in the loadbalancer algorithm (`10`-`65536`). Defaults to `10000`.
+    `healthchecks.active.https_verify_certificate`<br>*optional* | Whether to check the validity of the SSL certificate of the remote host when performing active health checks using HTTPS. Defaults to `true`.
+    `healthchecks.active.unhealthy.http_statuses`<br>*optional* | An array of HTTP statuses to consider a failure, indicating unhealthiness, when returned by a probe in active health checks. Defaults to `[429, 404, 500, 501, 502, 503, 504, 505]`. With form-encoded, the notation is `http_statuses[]=429&http_statuses[]=404`. With JSON, use an Array.
+    `healthchecks.active.unhealthy.tcp_failures`<br>*optional* | Number of TCP failures in active probes to consider a target unhealthy. Defaults to `0`.
+    `healthchecks.active.unhealthy.timeouts`<br>*optional* | Number of timeouts in active probes to consider a target unhealthy. Defaults to `0`.
+    `healthchecks.active.unhealthy.http_failures`<br>*optional* | Number of HTTP failures in active probes (as defined by `healthchecks.active.unhealthy.http_statuses`) to consider a target unhealthy. Defaults to `0`.
+    `healthchecks.active.unhealthy.interval`<br>*optional* | Interval between active health checks for unhealthy targets (in seconds). A value of zero indicates that active probes for unhealthy targets should not be performed. Defaults to `0`.
+    `healthchecks.active.http_path`<br>*optional* | Path to use in GET HTTP request to run as a probe on active health checks. Defaults to `"/"`.
+    `healthchecks.active.timeout`<br>*optional* | Socket timeout for active health checks (in seconds). Defaults to `1`.
+    `healthchecks.active.healthy.http_statuses`<br>*optional* | An array of HTTP statuses to consider a success, indicating healthiness, when returned by a probe in active health checks. Defaults to `[200, 302]`. With form-encoded, the notation is `http_statuses[]=200&http_statuses[]=302`. With JSON, use an Array.
+    `healthchecks.active.healthy.interval`<br>*optional* | Interval between active health checks for healthy targets (in seconds). A value of zero indicates that active probes for healthy targets should not be performed. Defaults to `0`.
+    `healthchecks.active.healthy.successes`<br>*optional* | Number of successes in active probes (as defined by `healthchecks.active.healthy.http_statuses`) to consider a target healthy. Defaults to `0`.
+    `healthchecks.active.https_sni`<br>*optional* | The hostname to use as an SNI (Server Name Identification) when performing active health checks using HTTPS. This is particularly useful when Targets are configured using IPs, so that the target host's certificate can be verified with the proper SNI.
+    `healthchecks.active.concurrency`<br>*optional* | Number of targets to check concurrently in active health checks. Defaults to `10`.
+    `healthchecks.active.type`<br>*optional* | Whether to perform active health checks using HTTP or HTTPS, or just attempt a TCP connection. Possible values are `tcp`, `http` or `https`. Defaults to `"http"`.
+    `healthchecks.passive.unhealthy.http_failures`<br>*optional* | Number of HTTP failures in proxied traffic (as defined by `healthchecks.passive.unhealthy.http_statuses`) to consider a target unhealthy, as observed by passive health checks. Defaults to `0`.
+    `healthchecks.passive.unhealthy.http_statuses`<br>*optional* | An array of HTTP statuses which represent unhealthiness when produced by proxied traffic, as observed by passive health checks. Defaults to `[429, 500, 503]`. With form-encoded, the notation is `http_statuses[]=429&http_statuses[]=500`. With JSON, use an Array.
+    `healthchecks.passive.unhealthy.tcp_failures`<br>*optional* | Number of TCP failures in proxied traffic to consider a target unhealthy, as observed by passive health checks. Defaults to `0`.
+    `healthchecks.passive.unhealthy.timeouts`<br>*optional* | Number of timeouts in proxied traffic to consider a target unhealthy, as observed by passive health checks. Defaults to `0`.
+    `healthchecks.passive.type`<br>*optional* | Whether to perform passive health checks interpreting HTTP/HTTPS statuses, or just check for TCP connection success. Possible values are `tcp`, `http` or `https` (in passive checks, `http` and `https` options are equivalent.). Defaults to `"http"`.
+    `healthchecks.passive.healthy.successes`<br>*optional* | Number of successes in proxied traffic (as defined by `healthchecks.passive.healthy.http_statuses`) to consider a target healthy, as observed by passive health checks. Defaults to `0`.
+    `healthchecks.passive.healthy.http_statuses`<br>*optional* | An array of HTTP statuses which represent healthiness when produced by proxied traffic, as observed by passive health checks. Defaults to `[200, 201, 202, 203, 204, 205, 206, 207, 208, 226, 300, 301, 302, 303, 304, 305, 306, 307, 308]`. With form-encoded, the notation is `http_statuses[]=200&http_statuses[]=201`. With JSON, use an Array.
+    `tags`<br>*optional* |  An optional set of strings associated with the Upstream, for grouping and filtering. 
+
+upstream_json: |
+    {
+        "id": "91020192-062d-416f-a275-9addeeaffaf2",
+        "created_at": 1422386534,
+        "name": "my-upstream",
+        "hash_on": "none",
+        "hash_fallback": "none",
+        "hash_on_cookie_path": "/",
+        "slots": 10000,
+        "healthchecks": {
+            "active": {
+                "https_verify_certificate": true,
+                "unhealthy": {
+                    "http_statuses": [429, 404, 500, 501, 502, 503, 504, 505],
+                    "tcp_failures": 0,
+                    "timeouts": 0,
+                    "http_failures": 0,
+                    "interval": 0
+                },
+                "http_path": "/",
+                "timeout": 1,
+                "healthy": {
+                    "http_statuses": [200, 302],
+                    "interval": 0,
+                    "successes": 0
+                },
+                "https_sni": "example.com",
+                "concurrency": 10,
+                "type": "http"
+            },
+            "passive": {
+                "unhealthy": {
+                    "http_failures": 0,
+                    "http_statuses": [429, 500, 503],
+                    "tcp_failures": 0,
+                    "timeouts": 0
+                },
+                "type": "http",
+                "healthy": {
+                    "successes": 0,
+                    "http_statuses": [200, 201, 202, 203, 204, 205, 206, 207, 208, 226, 300, 301, 302, 303, 304, 305, 306, 307, 308]
+                }
+            }
+        },
+        "tags": ["user-level", "low-priority"]
+    }
+
+upstream_data: |
+    "data": [{
+        "id": "a2e013e8-7623-4494-a347-6d29108ff68b",
+        "created_at": 1422386534,
+        "name": "my-upstream",
+        "hash_on": "none",
+        "hash_fallback": "none",
+        "hash_on_cookie_path": "/",
+        "slots": 10000,
+        "healthchecks": {
+            "active": {
+                "https_verify_certificate": true,
+                "unhealthy": {
+                    "http_statuses": [429, 404, 500, 501, 502, 503, 504, 505],
+                    "tcp_failures": 0,
+                    "timeouts": 0,
+                    "http_failures": 0,
+                    "interval": 0
+                },
+                "http_path": "/",
+                "timeout": 1,
+                "healthy": {
+                    "http_statuses": [200, 302],
+                    "interval": 0,
+                    "successes": 0
+                },
+                "https_sni": "example.com",
+                "concurrency": 10,
+                "type": "http"
+            },
+            "passive": {
+                "unhealthy": {
+                    "http_failures": 0,
+                    "http_statuses": [429, 500, 503],
+                    "tcp_failures": 0,
+                    "timeouts": 0
+                },
+                "type": "http",
+                "healthy": {
+                    "successes": 0,
+                    "http_statuses": [200, 201, 202, 203, 204, 205, 206, 207, 208, 226, 300, 301, 302, 303, 304, 305, 306, 307, 308]
+                }
+            }
+        },
+        "tags": ["user-level", "low-priority"]
+    }, {
+        "id": "147f5ef0-1ed6-4711-b77f-489262f8bff7",
+        "created_at": 1422386534,
+        "name": "my-upstream",
+        "hash_on": "none",
+        "hash_fallback": "none",
+        "hash_on_cookie_path": "/",
+        "slots": 10000,
+        "healthchecks": {
+            "active": {
+                "https_verify_certificate": true,
+                "unhealthy": {
+                    "http_statuses": [429, 404, 500, 501, 502, 503, 504, 505],
+                    "tcp_failures": 0,
+                    "timeouts": 0,
+                    "http_failures": 0,
+                    "interval": 0
+                },
+                "http_path": "/",
+                "timeout": 1,
+                "healthy": {
+                    "http_statuses": [200, 302],
+                    "interval": 0,
+                    "successes": 0
+                },
+                "https_sni": "example.com",
+                "concurrency": 10,
+                "type": "http"
+            },
+            "passive": {
+                "unhealthy": {
+                    "http_failures": 0,
+                    "http_statuses": [429, 500, 503],
+                    "tcp_failures": 0,
+                    "timeouts": 0
+                },
+                "type": "http",
+                "healthy": {
+                    "successes": 0,
+                    "http_statuses": [200, 201, 202, 203, 204, 205, 206, 207, 208, 226, 300, 301, 302, 303, 304, 305, 306, 307, 308]
+                }
+            }
+        },
+        "tags": ["admin", "high-priority", "critical"]
+    }],
+
+target_body: |
+    Attributes | Description
+    ---:| ---
+    `target` |  The target address (ip or hostname) and port. If the hostname resolves to an SRV record, the `port` value will be overridden by the value from the DNS record. 
+    `weight`<br>*optional* |  The weight this target gets within the upstream loadbalancer (`0`-`1000`). If the hostname resolves to an SRV record, the `weight` value will be overridden by the value from the DNS record.  Defaults to `100`.
+    `tags`<br>*optional* |  An optional set of strings associated with the Target, for grouping and filtering. 
+
+target_json: |
+    {
+        "id": "a3ad71a8-6685-4b03-a101-980a953544f6",
+        "created_at": 1422386534,
+        "upstream": {"id":"b87eb55d-69a1-41d2-8653-8d706eecefc0"},
+        "target": "example.com:8000",
+        "weight": 100,
+        "tags": ["user-level", "low-priority"]
+    }
+
+target_data: |
+    "data": [{
+        "id": "4e8d95d4-40f2-4818-adcb-30e00c349618",
+        "created_at": 1422386534,
+        "upstream": {"id":"58c8ccbb-eafb-4566-991f-2ed4f678fa70"},
+        "target": "example.com:8000",
+        "weight": 100,
+        "tags": ["user-level", "low-priority"]
+    }, {
+        "id": "ea29aaa3-3b2d-488c-b90c-56df8e0dd8c6",
+        "created_at": 1422386534,
+        "upstream": {"id":"4fe14415-73d5-4f00-9fbc-c72a0fccfcb2"},
+        "target": "example.com:8000",
+        "weight": 100,
+        "tags": ["admin", "high-priority", "critical"]
+    }],
+
+
+---
+
+Kong comes with an **internal** RESTful Admin API for administration purposes.
+Requests to the Admin API can be sent to any node in the cluster, and Kong will
+keep the configuration consistent across all nodes.
+
+- `8001` is the default port on which the Admin API listens.
+- `8444` is the default port for HTTPS traffic to the Admin API.
+
+This API is designed for internal use and provides full control over Kong, so
+care should be taken when setting up Kong environments to avoid undue public
+exposure of this API. See [this document][secure-admin-api] for a discussion
+of methods to secure the Admin API.
+
+## Supported Content Types
+
+The Admin API accepts 2 content types on every endpoint:
+
+- **application/x-www-form-urlencoded**
+
+Simple enough for basic request bodies, you will probably use it most of the time.
+Note that when sending nested values, Kong expects nested objects to be referenced
+with dotted keys. Example:
+
+```
+config.limit=10&config.period=seconds
+```
+
+Arrays and sets can be specified in various ways:
+
+1. Sending same parameter multiple times:
+    ```
+    hosts=example.com&hosts=example.org
+    ```
+2. Using array notation:
+    ```
+    hosts[1]=example.com&hosts[2]=example.org
+    ```
+    or 
+    ```
+    hosts[]=example.com&hosts[]=example.org
+    ```
+    Array and object notation can also be mixed:
+
+    ```
+    config.hosts[1]=example.com&config.hosts[2]=example.org
+    ```
+
+
+- **application/json**
+
+Handy for complex bodies (ex: complex plugin configuration), in that case simply send
+a JSON representation of the data you want to send. Example:
+
+```json
+{
+    "config": {
+        "limit": 10,
+        "period": "seconds"
+    }
+}
+```
+
+JSON arrays can be specified as well:
+
+```json
+{
+    "config": {
+        "limit": 10,
+        "period": "seconds",
+        "hosts": [ "example.com", "example.org" ]
+    }
+}
+```
+
+---
+
+## Information Routes
+
+
+
+### Retrieve Node Information
+
+Retrieve generic details about a node.
+
+<div class="endpoint get">/</div>
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "hostname": "",
+    "node_id": "6a72192c-a3a1-4c8d-95c6-efabae9fb969",
+    "lua_version": "LuaJIT 2.1.0-beta3",
+    "plugins": {
+        "available_on_server": [
+            ...
+        ],
+        "enabled_in_cluster": [
+            ...
+        ]
+    },
+    "configuration" : {
+        ...
+    },
+    "tagline": "Welcome to Kong",
+    "version": "0.14.0"
+}
+```
+
+* `node_id`: A UUID representing the running Kong node. This UUID
+  is randomly generated when Kong starts, so the node will have a
+  different `node_id` each time it is restarted.
+* `available_on_server`: Names of plugins that are installed on the node.
+* `enabled_in_cluster`: Names of plugins that are enabled/configured.
+  That is, the plugins configurations currently in the datastore shared
+  by all Kong nodes.
+
+
+---
+
+### Retrieve Node Status
+
+Retrieve usage information about a node, with some basic information
+about the connections being processed by the underlying nginx process,
+the status of the database connection, and node's memory usage.
+
+If you want to monitor the Kong process, since Kong is built on top
+of nginx, every existing nginx monitoring tool or agent can be used.
+
+
+<div class="endpoint get">/status</div>
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "database": {
+      "reachable": true
+    },
+    "memory": {
+        "workers_lua_vms": [{
+            "http_allocated_gc": "0.02 MiB",
+            "pid": 18477
+          }, {
+            "http_allocated_gc": "0.02 MiB",
+            "pid": 18478
+        }],
+        "lua_shared_dicts": {
+            "kong": {
+                "allocated_slabs": "0.04 MiB",
+                "capacity": "5.00 MiB"
+            },
+            "kong_db_cache": {
+                "allocated_slabs": "0.80 MiB",
+                "capacity": "128.00 MiB"
+            },
+        }
+    },
+    "server": {
+        "total_requests": 3,
+        "connections_active": 1,
+        "connections_accepted": 1,
+        "connections_handled": 1,
+        "connections_reading": 0,
+        "connections_writing": 1,
+        "connections_waiting": 0
+    }
+}
+```
+
+* `memory`: Metrics about the memory usage.
+    * `workers_lua_vms`: An array with all workers of the Kong node, where each
+      entry contains:
+    * `http_allocated_gc`: HTTP submodule's Lua virtual machine's memory
+      usage information, as reported by `collectgarbage("count")`, for every
+      active worker, i.e. a worker that received a proxy call in the last 10
+      seconds.
+    * `pid`: worker's process identification number.
+    * `lua_shared_dicts`: An array of information about dictionaries that are
+      shared with all workers in a Kong node, where each array node contains how
+      much memory is dedicated for the specific shared dictionary (`capacity`)
+      and how much of said memory is in use (`allocated_slabs`).
+      These shared dictionaries have least recent used (LRU) eviction
+      capabilities, so a full dictionary, where `allocated_slabs == capacity`,
+      will work properly. However for some dictionaries, e.g. cache HIT/MISS
+      shared dictionaries, increasing their size can be beneficial for the
+      overall performance of a Kong node.
+  * The memory usage unit and precision can be changed using the querystring
+    arguments `unit` and `scale`:
+      * `unit`: one of `b/B`, `k/K`, `m/M`, `g/G`, which will return results
+        in bytes, kibibytes, mebibytes, or gibibytes, respectively. When
+        "bytes" are requested, the memory values in the response will have a
+        number type instead of string. Defaults to `m`.
+      * `scale`: the number of digits to the right of the decimal points when
+        values are given in human-readable memory strings (unit other than
+        "bytes"). Defaults to `2`.
+      You can get the shared dictionaries memory usage in kibibytes with 4
+      digits of precision by doing: `GET /status?unit=k&scale=4`
+* `server`: Metrics about the nginx HTTP/S server.
+    * `total_requests`: The total number of client requests.
+    * `connections_active`: The current number of active client
+      connections including Waiting connections.
+    * `connections_accepted`: The total number of accepted client
+      connections.
+    * `connections_handled`: The total number of handled connections.
+      Generally, the parameter value is the same as accepts unless
+      some resource limits have been reached.
+    * `connections_reading`: The current number of connections
+      where Kong is reading the request header.
+    * `connections_writing`: The current number of connections
+      where nginx is writing the response back to the client.
+    * `connections_waiting`: The current number of idle client
+      connections waiting for a request.
+* `database`: Metrics about the database.
+    * `reachable`: A boolean value reflecting the state of the
+      database connection. Please note that this flag **does not**
+      reflect the health of the database itself.
+
+
+---
+
+## Tags
+
+Tags are strings associated to entities in Kong. Each tag must be composed of one or more
+alphanumeric characters, `_`, `-`, `.` or `~`.
+
+Most core entities can be *tagged* via their `tags` attribute, upon creation or edition.
+
+Tags can be used to filter core entities as well, via the `?tags` querystring parameter.
+
+For example: if you normally get a list of all the Services by doing:
+
+```
+GET /services
+```
+
+You can get the list of all the Services tagged `example` by doing:
+
+```
+GET /services?tags=example
+```
+
+Similarly, if you want to filter Services so that you only get the ones tagged `example` *and*
+`admin`, you can do that like so:
+
+```
+GET /services?tags=example,admin
+```
+
+Finally, if you wanted to filter the Services tagged `example` *or* `admin`, you could use:
+
+```
+GET /services?tags=example/admin
+```
+
+Some notes:
+
+* A maximum of 5 tags can be queried simultaneously in a single request with `,` or `/`
+* Mixing operators is not supported: if you try to mix `,` with `/` in the same querystring,
+  you will receive an error.
+* You may need to quote and/or escape some characters when using them from the
+  command line.
+* Filtering by `tags` is not supported in foreign key relationship endpoints. For example,
+  the `tags` parameter will be ignored in a request such as `GET /services/foo/routes?tags=a,b`
+* `offset` parameters are not guaranteed to work if the `tags` parameter is altered or removed
+
+
+### List All Tags
+
+Returns a paginated list of all the tags in the system.
+
+The list of entities will not be restricted to a single entity type: all the
+entities tagged with tags will be present on this list.
+
+If an entity is tagged with more than one tag, the `entity_id` for that entity
+will appear more than once in the resulting list. Similarly, if several entities
+have been tagged with the same tag, the tag will appear in several items of this list.
+
+
+<div class="endpoint get">/tags</div>
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+``` json
+{
+    {
+      "data": [
+        { "entity_name": "services",
+          "entity_id": "acf60b10-125c-4c1a-bffe-6ed55daefba4",
+          "tag": "s1",
+        },
+        { "entity_name": "services",
+          "entity_id": "acf60b10-125c-4c1a-bffe-6ed55daefba4",
+          "tag": "s2",
+        },
+        { "entity_name": "routes",
+          "entity_id": "60631e85-ba6d-4c59-bd28-e36dd90f6000",
+          "tag": "s1",
+        },
+        ...
+      ],
+      "offset" = "c47139f3-d780-483d-8a97-17e9adc5a7ab",
+      "next" = "/tags?offset=c47139f3-d780-483d-8a97-17e9adc5a7ab",
+    }
+}
+```
+
+
+---
+
+### List Entity Ids by Tag
+
+Returns the entities that have been tagged with the specified tag.
+
+The list of entities will not be restricted to a single entity type: all the
+entities tagged with tags will be present on this list.
+
+
+<div class="endpoint get">/tags/:tags</div>
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+``` json
+{
+    {
+      "data": [
+        { "entity_name": "services",
+          "entity_id": "c87440e1-0496-420b-b06f-dac59544bb6c",
+          "tag": "example",
+        },
+        { "entity_name": "routes",
+          "entity_id": "8a99e4b1-d268-446b-ab8b-cd25cff129b1",
+          "tag": "example",
+        },
+        ...
+      ],
+      "offset" = "1fb491c4-f4a7-4bca-aeba-7f3bcee4d2f9",
+      "next" = "/tags/example?offset=1fb491c4-f4a7-4bca-aeba-7f3bcee4d2f9",
+    }
+}
+```
+
+
+---
+
+## Service Object
+
+Service entities, as the name implies, are abstractions of each of your own
+upstream services. Examples of Services would be a data transformation
+microservice, a billing API, etc.
+
+The main attribute of a Service is its URL (where Kong should proxy traffic
+to), which can be set as a single string or by specifying its `protocol`,
+`host`, `port` and `path` individually.
+
+Services are associated to Routes (a Service can have many Routes associated
+with it). Routes are entry-points in Kong and define rules to match client
+requests. Once a Route is matched, Kong proxies the request to its associated
+Service. See the [Proxy Reference][proxy-reference] for a detailed explanation
+of how Kong proxies traffic.
+
+Services can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.service_json }}
+```
+
+### Add Service
+
+##### Create Service
+
+<div class="endpoint post">/services</div>
+
+
+*Request Body*
+
+{{ page.service_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.service_json }}
+```
+
+
+---
+
+### List Services
+
+##### List All Services
+
+<div class="endpoint get">/services</div>
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.service_data }}
+    "next": "http://localhost:8001/services?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Service
+
+##### Retrieve Service
+
+<div class="endpoint get">/services/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Service to retrieve.
+
+
+##### Retrieve Service Associated to a Specific Route
+
+<div class="endpoint get">/routes/{route name or id}/service</div>
+
+Attributes | Description
+---:| ---
+`route name or id`<br>**required** | The unique identifier **or** the name of the Route associated to the Service to be retrieved.
+
+
+##### Retrieve Service Associated to a Specific Plugin
+
+<div class="endpoint get">/plugins/{plugin id}/service</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Service to be retrieved.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.service_json }}
+```
+
+
+---
+
+### Update Service
+
+##### Update Service
+
+<div class="endpoint patch">/services/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Service to update.
+
+
+##### Update Service Associated to a Specific Route
+
+<div class="endpoint patch">/routes/{route name or id}/service</div>
+
+Attributes | Description
+---:| ---
+`route name or id`<br>**required** | The unique identifier **or** the name of the Route associated to the Service to be updated.
+
+
+##### Update Service Associated to a Specific Plugin
+
+<div class="endpoint patch">/plugins/{plugin id}/service</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Service to be updated.
+
+
+*Request Body*
+
+{{ page.service_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.service_json }}
+```
+
+
+---
+
+### Update Or Create Service
+
+##### Create Or Update Service
+
+<div class="endpoint put">/services/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Service to create or update.
+
+
+##### Create Or Update Service Associated to a Specific Route
+
+<div class="endpoint put">/routes/{route name or id}/service</div>
+
+Attributes | Description
+---:| ---
+`route name or id`<br>**required** | The unique identifier **or** the name of the Route associated to the Service to be created or updated.
+
+
+##### Create Or Update Service Associated to a Specific Plugin
+
+<div class="endpoint put">/plugins/{plugin id}/service</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Service to be created or updated.
+
+
+*Request Body*
+
+{{ page.service_body }}
+
+
+Inserts (or replaces) the Service under the requested resource with the
+definition specified in the body. The Service will be identified via the `name
+or id` attribute.
+
+When the `name or id` attribute has the structure of a UUID, the Service being
+inserted/replaced will be identified by its `id`. Otherwise it will be
+identified by its `name`.
+
+When creating a new Service without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+Notice that specifying a `name` in the URL and a different one in the request
+body is not allowed.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete Service
+
+##### Delete Service
+
+<div class="endpoint delete">/services/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Service to delete.
+
+
+##### Delete Service Associated to a Specific Route
+
+<div class="endpoint delete">/routes/{route name or id}/service</div>
+
+Attributes | Description
+---:| ---
+`route name or id`<br>**required** | The unique identifier **or** the name of the Route associated to the Service to be deleted.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+## Route Object
+
+Route entities define rules to match client requests. Each Route is
+associated with a Service, and a Service may have multiple Routes associated to
+it. Every request matching a given Route will be proxied to its associated
+Service.
+
+The combination of Routes and Services (and the separation of concerns between
+them) offers a powerful routing mechanism with which it is possible to define
+fine-grained entry-points in Kong leading to different upstream services of
+your infrastructure.
+
+Routes can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.route_json }}
+```
+
+### Add Route
+
+##### Create Route
+
+<div class="endpoint post">/routes</div>
+
+
+##### Create Route Associated to a Specific Service
+
+<div class="endpoint post">/services/{service name or id}/routes</div>
+
+Attributes | Description
+---:| ---
+`service name or id`<br>**required** | The unique identifier or the `name` attribute of the Service that should be associated to the newly-created Route.
+
+
+*Request Body*
+
+{{ page.route_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.route_json }}
+```
+
+
+---
+
+### List Routes
+
+##### List All Routes
+
+<div class="endpoint get">/routes</div>
+
+
+##### List Routes Associated to a Specific Service
+
+<div class="endpoint get">/services/{service name or id}/routes</div>
+
+Attributes | Description
+---:| ---
+`service name or id`<br>**required** | The unique identifier or the `name` attribute of the Service whose Routes are to be retrieved. When using this endpoint, only Routes associated to the specified Service will be listed.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.route_data }}
+    "next": "http://localhost:8001/routes?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Route
+
+##### Retrieve Route
+
+<div class="endpoint get">/routes/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Route to retrieve.
+
+
+##### Retrieve Route Associated to a Specific Plugin
+
+<div class="endpoint get">/plugins/{plugin id}/route</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Route to be retrieved.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.route_json }}
+```
+
+
+---
+
+### Update Route
+
+##### Update Route
+
+<div class="endpoint patch">/routes/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Route to update.
+
+
+##### Update Route Associated to a Specific Plugin
+
+<div class="endpoint patch">/plugins/{plugin id}/route</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Route to be updated.
+
+
+*Request Body*
+
+{{ page.route_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.route_json }}
+```
+
+
+---
+
+### Update Or Create Route
+
+##### Create Or Update Route
+
+<div class="endpoint put">/routes/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Route to create or update.
+
+
+##### Create Or Update Route Associated to a Specific Plugin
+
+<div class="endpoint put">/plugins/{plugin id}/route</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Route to be created or updated.
+
+
+*Request Body*
+
+{{ page.route_body }}
+
+
+Inserts (or replaces) the Route under the requested resource with the
+definition specified in the body. The Route will be identified via the `name
+or id` attribute.
+
+When the `name or id` attribute has the structure of a UUID, the Route being
+inserted/replaced will be identified by its `id`. Otherwise it will be
+identified by its `name`.
+
+When creating a new Route without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+Notice that specifying a `name` in the URL and a different one in the request
+body is not allowed.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete Route
+
+##### Delete Route
+
+<div class="endpoint delete">/routes/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Route to delete.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+## Consumer Object
+
+The Consumer object represents a consumer - or a user - of a Service. You can
+either rely on Kong as the primary datastore, or you can map the consumer list
+with your database to keep consistency between Kong and your existing primary
+datastore.
+
+Consumers can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.consumer_json }}
+```
+
+### Add Consumer
+
+##### Create Consumer
+
+<div class="endpoint post">/consumers</div>
+
+
+*Request Body*
+
+{{ page.consumer_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.consumer_json }}
+```
+
+
+---
+
+### List Consumers
+
+##### List All Consumers
+
+<div class="endpoint get">/consumers</div>
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.consumer_data }}
+    "next": "http://localhost:8001/consumers?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Consumer
+
+##### Retrieve Consumer
+
+<div class="endpoint get">/consumers/{username or id}</div>
+
+Attributes | Description
+---:| ---
+`username or id`<br>**required** | The unique identifier **or** the username of the Consumer to retrieve.
+
+
+##### Retrieve Consumer Associated to a Specific Plugin
+
+<div class="endpoint get">/plugins/{plugin id}/consumer</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Consumer to be retrieved.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.consumer_json }}
+```
+
+
+---
+
+### Update Consumer
+
+##### Update Consumer
+
+<div class="endpoint patch">/consumers/{username or id}</div>
+
+Attributes | Description
+---:| ---
+`username or id`<br>**required** | The unique identifier **or** the username of the Consumer to update.
+
+
+##### Update Consumer Associated to a Specific Plugin
+
+<div class="endpoint patch">/plugins/{plugin id}/consumer</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Consumer to be updated.
+
+
+*Request Body*
+
+{{ page.consumer_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.consumer_json }}
+```
+
+
+---
+
+### Update Or Create Consumer
+
+##### Create Or Update Consumer
+
+<div class="endpoint put">/consumers/{username or id}</div>
+
+Attributes | Description
+---:| ---
+`username or id`<br>**required** | The unique identifier **or** the username of the Consumer to create or update.
+
+
+##### Create Or Update Consumer Associated to a Specific Plugin
+
+<div class="endpoint put">/plugins/{plugin id}/consumer</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin associated to the Consumer to be created or updated.
+
+
+*Request Body*
+
+{{ page.consumer_body }}
+
+
+Inserts (or replaces) the Consumer under the requested resource with the
+definition specified in the body. The Consumer will be identified via the `username
+or id` attribute.
+
+When the `username or id` attribute has the structure of a UUID, the Consumer being
+inserted/replaced will be identified by its `id`. Otherwise it will be
+identified by its `username`.
+
+When creating a new Consumer without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+Notice that specifying a `username` in the URL and a different one in the request
+body is not allowed.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete Consumer
+
+##### Delete Consumer
+
+<div class="endpoint delete">/consumers/{username or id}</div>
+
+Attributes | Description
+---:| ---
+`username or id`<br>**required** | The unique identifier **or** the username of the Consumer to delete.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+## Plugin Object
+
+A Plugin entity represents a plugin configuration that will be executed during
+the HTTP request/response lifecycle. It is how you can add functionalities
+to Services that run behind Kong, like Authentication or Rate Limiting for
+example. You can find more information about how to install and what values
+each plugin takes by visiting the [Kong Hub](https://docs.konghq.com/hub/).
+
+When adding a Plugin Configuration to a Service, every request made by a client to
+that Service will run said Plugin. If a Plugin needs to be tuned to different
+values for some specific Consumers, you can do so by creating a separate
+plugin instance that specifies both the Service and the Consumer, through the
+`service` and `consumer` fields.
+
+Plugins can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.plugin_json }}
+```
+
+See the [Precedence](#precedence) section below for more details.
+
+#### Precedence
+
+A plugin will always be run once and only once per request. But the
+configuration with which it will run depends on the entities it has been
+configured for.
+
+Plugins can be configured for various entities, combination of entities, or
+even globally. This is useful, for example, when you wish to configure a plugin
+a certain way for most requests, but make _authenticated requests_ behave
+slightly differently.
+
+Therefore, there exists an order of precedence for running a plugin when it has
+been applied to different entities with different configurations. The rule of
+thumb is: the more specific a plugin is with regards to how many entities it
+has been configured on, the higher its priority.
+
+The complete order of precedence when a plugin has been configured multiple
+times is:
+
+1. Plugins configured on a combination of: a Route, a Service, and a Consumer.
+    (Consumer means the request must be authenticated).
+2. Plugins configured on a combination of a Route and a Consumer.
+    (Consumer means the request must be authenticated).
+3. Plugins configured on a combination of a Service and a Consumer.
+    (Consumer means the request must be authenticated).
+4. Plugins configured on a combination of a Route and a Service.
+5. Plugins configured on a Consumer.
+    (Consumer means the request must be authenticated).
+6. Plugins configured on a Route.
+7. Plugins configured on a Service.
+8. Plugins configured to run globally.
+
+**Example**: if the `rate-limiting` plugin is applied twice (with different
+configurations): for a Service (Plugin config A), and for a Consumer (Plugin
+config B), then requests authenticating this Consumer will run Plugin config B
+and ignore A. However, requests that do not authenticate this Consumer will
+fallback to running Plugin config A. Note that if config B is disabled
+(its `enabled` flag is set to `false`), config A will apply to requests that
+would have otherwise matched config B.
+
+
+### Add Plugin
+
+##### Create Plugin
+
+<div class="endpoint post">/plugins</div>
+
+
+##### Create Plugin Associated to a Specific Route
+
+<div class="endpoint post">/routes/{route id}/plugins</div>
+
+Attributes | Description
+---:| ---
+`route id`<br>**required** | The unique identifier of the Route that should be associated to the newly-created Plugin.
+
+
+##### Create Plugin Associated to a Specific Service
+
+<div class="endpoint post">/services/{service id}/plugins</div>
+
+Attributes | Description
+---:| ---
+`service id`<br>**required** | The unique identifier of the Service that should be associated to the newly-created Plugin.
+
+
+##### Create Plugin Associated to a Specific Consumer
+
+<div class="endpoint post">/consumers/{consumer id}/plugins</div>
+
+Attributes | Description
+---:| ---
+`consumer id`<br>**required** | The unique identifier of the Consumer that should be associated to the newly-created Plugin.
+
+
+*Request Body*
+
+{{ page.plugin_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.plugin_json }}
+```
+
+
+---
+
+### List Plugins
+
+##### List All Plugins
+
+<div class="endpoint get">/plugins</div>
+
+
+##### List Plugins Associated to a Specific Route
+
+<div class="endpoint get">/routes/{route id}/plugins</div>
+
+Attributes | Description
+---:| ---
+`route id`<br>**required** | The unique identifier of the Route whose Plugins are to be retrieved. When using this endpoint, only Plugins associated to the specified Route will be listed.
+
+
+##### List Plugins Associated to a Specific Service
+
+<div class="endpoint get">/services/{service id}/plugins</div>
+
+Attributes | Description
+---:| ---
+`service id`<br>**required** | The unique identifier of the Service whose Plugins are to be retrieved. When using this endpoint, only Plugins associated to the specified Service will be listed.
+
+
+##### List Plugins Associated to a Specific Consumer
+
+<div class="endpoint get">/consumers/{consumer id}/plugins</div>
+
+Attributes | Description
+---:| ---
+`consumer id`<br>**required** | The unique identifier of the Consumer whose Plugins are to be retrieved. When using this endpoint, only Plugins associated to the specified Consumer will be listed.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.plugin_data }}
+    "next": "http://localhost:8001/plugins?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Plugin
+
+##### Retrieve Plugin
+
+<div class="endpoint get">/plugins/{plugin id}</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin to retrieve.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.plugin_json }}
+```
+
+
+---
+
+### Update Plugin
+
+##### Update Plugin
+
+<div class="endpoint patch">/plugins/{plugin id}</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin to update.
+
+
+*Request Body*
+
+{{ page.plugin_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.plugin_json }}
+```
+
+
+---
+
+### Update Or Create Plugin
+
+##### Create Or Update Plugin
+
+<div class="endpoint put">/plugins/{plugin id}</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin to create or update.
+
+
+*Request Body*
+
+{{ page.plugin_body }}
+
+
+Inserts (or replaces) the Plugin under the requested resource with the
+definition specified in the body. The Plugin will be identified via the `name
+or id` attribute.
+
+When the `name or id` attribute has the structure of a UUID, the Plugin being
+inserted/replaced will be identified by its `id`. Otherwise it will be
+identified by its `name`.
+
+When creating a new Plugin without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+Notice that specifying a `name` in the URL and a different one in the request
+body is not allowed.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete Plugin
+
+##### Delete Plugin
+
+<div class="endpoint delete">/plugins/{plugin id}</div>
+
+Attributes | Description
+---:| ---
+`plugin id`<br>**required** | The unique identifier of the Plugin to delete.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+### Retrieve Enabled Plugins
+
+Retrieve a list of all installed plugins on the Kong node.
+
+<div class="endpoint get">/plugins/enabled</div>
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "enabled_plugins": [
+        "jwt",
+        "acl",
+        "cors",
+        "oauth2",
+        "tcp-log",
+        "udp-log",
+        "file-log",
+        "http-log",
+        "key-auth",
+        "hmac-auth",
+        "basic-auth",
+        "ip-restriction",
+        "request-transformer",
+        "response-transformer",
+        "request-size-limiting",
+        "rate-limiting",
+        "response-ratelimiting",
+        "aws-lambda",
+        "bot-detection",
+        "correlation-id",
+        "datadog",
+        "galileo",
+        "ldap-auth",
+        "loggly",
+        "statsd",
+        "syslog"
+    ]
+}
+```
+
+
+---
+
+### Retrieve Plugin Schema
+
+Retrieve the schema of a plugin's configuration. This is useful to
+understand what fields a plugin accepts, and can be used for building
+third-party integrations to the Kong's plugin system.
+
+
+<div class="endpoint get">/plugins/schema/{plugin name}</div>
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "fields": {
+        "hide_credentials": {
+            "default": false,
+            "type": "boolean"
+        },
+        "key_names": {
+            "default": "function",
+            "required": true,
+            "type": "array"
+        }
+    }
+}
+```
+
+
+---
+
+## Certificate Object
+
+A certificate object represents a public certificate, and can be optionally paired with the
+corresponding private key. These objects are used by Kong to handle SSL/TLS termination for
+encrypted requests, or for use as a trusted CA store when validating peer certificate of
+client/service. Certificates are optionally associated with SNI objects to
+tie a cert/key pair to one or more hostnames.
+
+Certificates can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.certificate_json }}
+```
+
+### Add Certificate
+
+##### Create Certificate
+
+<div class="endpoint post">/certificates</div>
+
+
+*Request Body*
+
+{{ page.certificate_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.certificate_json }}
+```
+
+
+---
+
+### List Certificates
+
+##### List All Certificates
+
+<div class="endpoint get">/certificates</div>
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.certificate_data }}
+    "next": "http://localhost:8001/certificates?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Certificate
+
+##### Retrieve Certificate
+
+<div class="endpoint get">/certificates/{certificate id}</div>
+
+Attributes | Description
+---:| ---
+`certificate id`<br>**required** | The unique identifier of the Certificate to retrieve.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.certificate_json }}
+```
+
+
+---
+
+### Update Certificate
+
+##### Update Certificate
+
+<div class="endpoint patch">/certificates/{certificate id}</div>
+
+Attributes | Description
+---:| ---
+`certificate id`<br>**required** | The unique identifier of the Certificate to update.
+
+
+*Request Body*
+
+{{ page.certificate_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.certificate_json }}
+```
+
+
+---
+
+### Update Or Create Certificate
+
+##### Create Or Update Certificate
+
+<div class="endpoint put">/certificates/{certificate id}</div>
+
+Attributes | Description
+---:| ---
+`certificate id`<br>**required** | The unique identifier of the Certificate to create or update.
+
+
+*Request Body*
+
+{{ page.certificate_body }}
+
+
+Inserts (or replaces) the Certificate under the requested resource with the
+definition specified in the body. The Certificate will be identified via the `name
+or id` attribute.
+
+When the `name or id` attribute has the structure of a UUID, the Certificate being
+inserted/replaced will be identified by its `id`. Otherwise it will be
+identified by its `name`.
+
+When creating a new Certificate without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+Notice that specifying a `name` in the URL and a different one in the request
+body is not allowed.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete Certificate
+
+##### Delete Certificate
+
+<div class="endpoint delete">/certificates/{certificate id}</div>
+
+Attributes | Description
+---:| ---
+`certificate id`<br>**required** | The unique identifier of the Certificate to delete.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+## SNI Object
+
+An SNI object represents a many-to-one mapping of hostnames to a certificate.
+That is, a certificate object can have many hostnames associated with it; when
+Kong receives an SSL request, it uses the SNI field in the Client Hello to
+lookup the certificate object based on the SNI associated with the certificate.
+
+SNIs can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.sni_json }}
+```
+
+### Add SNI
+
+##### Create SNI
+
+<div class="endpoint post">/snis</div>
+
+
+##### Create SNI Associated to a Specific Certificate
+
+<div class="endpoint post">/certificates/{certificate name or id}/snis</div>
+
+Attributes | Description
+---:| ---
+`certificate name or id`<br>**required** | The unique identifier or the `name` attribute of the Certificate that should be associated to the newly-created SNI.
+
+
+*Request Body*
+
+{{ page.sni_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.sni_json }}
+```
+
+
+---
+
+### List SNIs
+
+##### List All SNIs
+
+<div class="endpoint get">/snis</div>
+
+
+##### List SNIs Associated to a Specific Certificate
+
+<div class="endpoint get">/certificates/{certificate name or id}/snis</div>
+
+Attributes | Description
+---:| ---
+`certificate name or id`<br>**required** | The unique identifier or the `name` attribute of the Certificate whose SNIs are to be retrieved. When using this endpoint, only SNIs associated to the specified Certificate will be listed.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.sni_data }}
+    "next": "http://localhost:8001/snis?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve SNI
+
+##### Retrieve SNI
+
+<div class="endpoint get">/snis/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the SNI to retrieve.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.sni_json }}
+```
+
+
+---
+
+### Update SNI
+
+##### Update SNI
+
+<div class="endpoint patch">/snis/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the SNI to update.
+
+
+*Request Body*
+
+{{ page.sni_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.sni_json }}
+```
+
+
+---
+
+### Update Or Create SNI
+
+##### Create Or Update SNI
+
+<div class="endpoint put">/snis/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the SNI to create or update.
+
+
+*Request Body*
+
+{{ page.sni_body }}
+
+
+Inserts (or replaces) the SNI under the requested resource with the
+definition specified in the body. The SNI will be identified via the `name
+or id` attribute.
+
+When the `name or id` attribute has the structure of a UUID, the SNI being
+inserted/replaced will be identified by its `id`. Otherwise it will be
+identified by its `name`.
+
+When creating a new SNI without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+Notice that specifying a `name` in the URL and a different one in the request
+body is not allowed.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete SNI
+
+##### Delete SNI
+
+<div class="endpoint delete">/snis/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the SNI to delete.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+---
+
+## Certificate Authority Object
+
+A certificate authority object represents a public CA certificate.
+These objects are used by Kong to verify client certificates presented to the mTLS plugin.
+
+
+```json
+{{ page.certificate_authority_json }}
+```
+
+### Add Certificate Authority
+
+##### Create Certificate Authority
+
+<div class="endpoint post">/ca_certificates</div>
+
+
+*Request Body*
+
+{{ page.certificate_authority_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.certificate_authority_json }}
+```
+
+
+---
+
+### List Certificate Authorities
+
+##### List all Certificate Authorities
+
+<div class="endpoint get">/ca_certificates</div>
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.certificate_authority_data }}
+    "next": "http://localhost:8001/ca_certificates?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Certificate Authority
+
+##### Retrieve Certificate Authority
+
+<div class="endpoint get">/ca_certificates/{certificate authority id}</div>
+
+Attributes | Description
+---:| ---
+`certificate authority id`<br>**required** | The unique identifier of the certificate authority to retrieve.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.certificate_authority_json }}
+```
+
+
+---
+
+### Update Certificate Authority
+
+##### Update Certificate Authority
+
+<div class="endpoint patch">/ca_certificates/{certificate authority id}</div>
+
+Attributes | Description
+---:| ---
+`certificate authority id`<br>**required** | The unique identifier of the certificate authority to update.
+
+
+*Request Body*
+
+{{ page.certificate_authority_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.certificate_authority_json }}
+```
+
+
+---
+
+### Update or create Certificate Authority
+
+##### Create or update Certificate Authority
+
+<div class="endpoint put">/ca_certificates/{certificate authority id}</div>
+
+Attributes | Description
+---:| ---
+`certificate authority id`<br>**required** | The unique identifier of the certificate authority to create or update.
+
+
+*Request Body*
+
+{{ page.certificate_authority_body }}
+
+
+Inserts (or replaces) the certificate authority under the requested resource with the
+definition specified in the body. The certificate authority will be identified via the ` id` attribute.
+
+When creating a new certificate authority without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete Certificate Authority
+
+##### Delete Certificate Authority
+
+<div class="endpoint delete">/ca_certificates/{certificate authority id}</div>
+
+Attributes | Description
+---:| ---
+`certificate authority id`<br>**required** | The unique identifier of the certificate authority to delete.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+
+---
+
+## Upstream Object
+
+The upstream object represents a virtual hostname and can be used to loadbalance
+incoming requests over multiple services (targets). So for example an upstream
+named `service.v1.xyz` for a Service object whose `host` is `service.v1.xyz`.
+Requests for this Service would be proxied to the targets defined within the upstream.
+
+An upstream also includes a [health checker][healthchecks], which is able to
+enable and disable targets based on their ability or inability to serve
+requests. The configuration for the health checker is stored in the upstream
+object, and applies to all of its targets.
+
+Upstreams can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.upstream_json }}
+```
+
+### Add Upstream
+
+##### Create Upstream
+
+<div class="endpoint post">/upstreams</div>
+
+
+*Request Body*
+
+{{ page.upstream_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.upstream_json }}
+```
+
+
+---
+
+### List Upstreams
+
+##### List All Upstreams
+
+<div class="endpoint get">/upstreams</div>
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.upstream_data }}
+    "next": "http://localhost:8001/upstreams?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Retrieve Upstream
+
+##### Retrieve Upstream
+
+<div class="endpoint get">/upstreams/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Upstream to retrieve.
+
+
+##### Retrieve Upstream Associated to a Specific Target
+
+<div class="endpoint get">/targets/{target host:port or id}/upstream</div>
+
+Attributes | Description
+---:| ---
+`target host:port or id`<br>**required** | The unique identifier **or** the host:port of the Target associated to the Upstream to be retrieved.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.upstream_json }}
+```
+
+
+---
+
+### Update Upstream
+
+##### Update Upstream
+
+<div class="endpoint patch">/upstreams/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Upstream to update.
+
+
+##### Update Upstream Associated to a Specific Target
+
+<div class="endpoint patch">/targets/{target host:port or id}/upstream</div>
+
+Attributes | Description
+---:| ---
+`target host:port or id`<br>**required** | The unique identifier **or** the host:port of the Target associated to the Upstream to be updated.
+
+
+*Request Body*
+
+{{ page.upstream_body }}
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{{ page.upstream_json }}
+```
+
+
+---
+
+### Update Or Create Upstream
+
+##### Create Or Update Upstream
+
+<div class="endpoint put">/upstreams/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Upstream to create or update.
+
+
+##### Create Or Update Upstream Associated to a Specific Target
+
+<div class="endpoint put">/targets/{target host:port or id}/upstream</div>
+
+Attributes | Description
+---:| ---
+`target host:port or id`<br>**required** | The unique identifier **or** the host:port of the Target associated to the Upstream to be created or updated.
+
+
+*Request Body*
+
+{{ page.upstream_body }}
+
+
+Inserts (or replaces) the Upstream under the requested resource with the
+definition specified in the body. The Upstream will be identified via the `name
+or id` attribute.
+
+When the `name or id` attribute has the structure of a UUID, the Upstream being
+inserted/replaced will be identified by its `id`. Otherwise it will be
+identified by its `name`.
+
+When creating a new Upstream without specifying `id` (neither in the URL nor in
+the body), then it will be auto-generated.
+
+Notice that specifying a `name` in the URL and a different one in the request
+body is not allowed.
+
+
+*Response*
+
+```
+HTTP 201 Created or HTTP 200 OK
+```
+
+See POST and PATCH responses.
+
+
+---
+
+### Delete Upstream
+
+##### Delete Upstream
+
+<div class="endpoint delete">/upstreams/{name or id}</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Upstream to delete.
+
+
+##### Delete Upstream Associated to a Specific Target
+
+<div class="endpoint delete">/targets/{target host:port or id}/upstream</div>
+
+Attributes | Description
+---:| ---
+`target host:port or id`<br>**required** | The unique identifier **or** the host:port of the Target associated to the Upstream to be deleted.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+### Show Upstream Health for Node
+
+Displays the health status for all Targets of a given Upstream, according to
+the perspective of a specific Kong node. Note that, being node-specific
+information, making this same request to different nodes of the Kong cluster
+may produce different results. For example, one specific node of the Kong
+cluster may be experiencing network issues, causing it to fail to connect to
+some Targets: these Targets will be marked as unhealthy by that node
+(directing traffic from this node to other Targets that it can successfully
+reach), but healthy to all others Kong nodes (which have no problems using that
+Target).
+
+The `data` field of the response contains an array of Target objects.
+The health for each Target is returned in its `health` field:
+
+* If a Target fails to be activated in the ring balancer due to DNS issues,
+  its status displays as `DNS_ERROR`.
+* When [health checks][healthchecks] are not enabled in the Upstream
+  configuration, the health status for active Targets is displayed as
+  `HEALTHCHECKS_OFF`.
+* When health checks are enabled and the Target is determined to be healthy,
+  either automatically or [manually](#set-target-as-healthy),
+  its status is displayed as `HEALTHY`. This means that this Target is
+  currently included in this Upstream's load balancer ring.
+* When a Target has been disabled by either active or passive health checks
+  (circuit breakers) or [manually](#set-target-as-unhealthy),
+  its status is displayed as `UNHEALTHY`. The load balancer is not directing
+  any traffic to this Target via this Upstream.
+
+
+<div class="endpoint get">/upstreams/{name or id}/health/</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the Upstream for which to display Target health.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "total": 2,
+    "node_id": "cbb297c0-14a9-46bc-ad91-1d0ef9b42df9",
+    "data": [
+        {
+            "created_at": 1485524883980,
+            "id": "18c0ad90-f942-4098-88db-bbee3e43b27f",
+            "health": "HEALTHY",
+            "target": "127.0.0.1:20000",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 100
+        },
+        {
+            "created_at": 1485524914883,
+            "id": "6c6f34eb-e6c3-4c1f-ac58-4060e5bca890",
+            "health": "UNHEALTHY",
+            "target": "127.0.0.1:20002",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 200
+        }
+    ]
+}
+```
+
+
+---
+
+## Target Object
+
+A target is an ip address/hostname with a port that identifies an instance of a backend
+service. Every upstream can have many targets, and the targets can be
+dynamically added. Changes are effectuated on the fly.
+
+Because the upstream maintains a history of target changes, the targets cannot
+be deleted or modified. To disable a target, post a new one with `weight=0`;
+alternatively, use the `DELETE` convenience method to accomplish the same.
+
+The current target object definition is the one with the latest `created_at`.
+
+Targets can be both [tagged and filtered by tags](#tags).
+
+
+```json
+{{ page.target_json }}
+```
+
+### Add Target
+
+##### Create Target Associated to a Specific Upstream
+
+<div class="endpoint post">/upstreams/{upstream host:port or id}/targets</div>
+
+Attributes | Description
+---:| ---
+`upstream host:port or id`<br>**required** | The unique identifier or the `host:port` attribute of the Upstream that should be associated to the newly-created Target.
+
+
+*Request Body*
+
+{{ page.target_body }}
+
+
+*Response*
+
+```
+HTTP 201 Created
+```
+
+```json
+{{ page.target_json }}
+```
+
+
+---
+
+### List Targets
+
+##### List Targets Associated to a Specific Upstream
+
+<div class="endpoint get">/upstreams/{upstream host:port or id}/targets</div>
+
+Attributes | Description
+---:| ---
+`upstream host:port or id`<br>**required** | The unique identifier or the `host:port` attribute of the Upstream whose Targets are to be retrieved. When using this endpoint, only Targets associated to the specified Upstream will be listed.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+{{ page.target_data }}
+    "next": "http://localhost:8001/targets?offset=6378122c-a0a1-438d-a5c6-efabae9fb969"
+}
+```
+
+
+---
+
+### Delete Target
+
+Disable a target in the load balancer. Under the hood, this method creates
+a new entry for the given target definition with a `weight` of 0.
+
+
+<div class="endpoint delete">/upstreams/{upstream name or id}/targets/{host:port or id}</div>
+
+Attributes | Description
+---:| ---
+`upstream name or id`<br>**required** | The unique identifier **or** the name of the upstream for which to delete the target.
+`host:port or id`<br>**required** | The host:port combination element of the target to remove, or the `id` of an existing target entry.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+### Set Target As Healthy
+
+Set the current health status of a target in the load balancer to "healthy"
+in the entire Kong cluster.
+
+This endpoint can be used to manually re-enable a target that was previously
+disabled by the upstream's [health checker][healthchecks]. Upstreams only
+forward requests to healthy nodes, so this call tells Kong to start using this
+target again.
+
+This resets the health counters of the health checkers running in all workers
+of the Kong node, and broadcasts a cluster-wide message so that the "healthy"
+status is propagated to the whole Kong cluster.
+
+
+<div class="endpoint post">/upstreams/{upstream name or id}/targets/{target or id}/healthy</div>
+
+Attributes | Description
+---:| ---
+`upstream name or id`<br>**required** | The unique identifier **or** the name of the upstream.
+`target or id`<br>**required** | The host/port combination element of the target to set as healthy, or the `id` of an existing target entry.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
+---
+
+### Set Target As Unhealthy
+
+Set the current health status of a target in the load balancer to "unhealthy"
+in the entire Kong cluster.
+
+This endpoint can be used to manually disable a target and have it stop
+responding to requests. Upstreams only forward requests to healthy nodes, so
+this call tells Kong to start skipping this target in the ring-balancer
+algorithm.
+
+This call resets the health counters of the health checkers running in all
+workers of the Kong node, and broadcasts a cluster-wide message so that the
+"unhealthy" status is propagated to the whole Kong cluster.
+
+[Active health checks][active] continue to execute for unhealthy
+targets. Note that if active health checks are enabled and the probe detects
+that the target is actually healthy, it will automatically re-enable it again.
+To permanently remove a target from the ring-balancer, you should [delete a
+target](#delete-target) instead.
+
+
+<div class="endpoint post">/upstreams/{upstream name or id}/targets/{target or id}/unhealthy</div>
+
+Attributes | Description
+---:| ---
+`upstream name or id`<br>**required** | The unique identifier **or** the name of the upstream.
+`target or id`<br>**required** | The host/port combination element of the target to set as unhealthy, or the `id` of an existing target entry.
+
+
+*Response*
+
+```
+HTTP 204 No Content
+```
+
+
 ---
 
+### List All Targets
+
+Lists all targets of the upstream. Multiple target objects for the same
+target may be returned, showing the history of changes for a specific target.
+The target object with the latest `created_at` is the current definition.
+
+
+<div class="endpoint get">/upstreams/{name or id}/targets/all/</div>
+
+Attributes | Description
+---:| ---
+`name or id`<br>**required** | The unique identifier **or** the name of the upstream for which to list the targets.
+
+
+*Response*
+
+```
+HTTP 200 OK
+```
+
+```json
+{
+    "total": 2,
+    "data": [
+        {
+            "created_at": 1485524883980,
+            "id": "18c0ad90-f942-4098-88db-bbee3e43b27f",
+            "target": "127.0.0.1:20000",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 100
+        },
+        {
+            "created_at": 1485524914883,
+            "id": "6c6f34eb-e6c3-4c1f-ac58-4060e5bca890",
+            "target": "127.0.0.1:20002",
+            "upstream_id": "07131005-ba30-4204-a29f-0927d53257b4",
+            "weight": 200
+        }
+    ]
+}
+```
+
+## Enterprise Exclusive Admin API
+
 <div class="alert alert-ee">
   <div class="alert-body">
     <div class="left">
@@ -62,3 +3015,13 @@ toc: false
     <a href="/enterprise/{{page.kong_version}}/admin-api/audit-log">Learn more &rarr;</a>
   </div>
 </div>
+
+---
+
+[clustering]: /enterprise/{{page.kong_version}}/clustering
+[cli]: /enterprise/{{page.kong_version}}/cli
+[active]: /enterprise/{{page.kong_version}}/health-checks-circuit-breakers/#active-health-checks
+[healthchecks]: /enterprise/{{page.kong_version}}/health-checks-circuit-breakers
+[secure-admin-api]: /enterprise/{{page.kong_version}}/secure-admin-api
+[proxy-reference]: /enterprise/{{page.kong_version}}/proxy
+
diff --git a/app/enterprise/0.36-x/admin-api/rbac/reference.md b/app/enterprise/0.36-x/admin-api/rbac/reference.md
index 5ca178b74a59..eeeca7f6954d 100644
--- a/app/enterprise/0.36-x/admin-api/rbac/reference.md
+++ b/app/enterprise/0.36-x/admin-api/rbac/reference.md
@@ -1,5 +1,7 @@
 ---
 title: RBAC Reference
+redirect_from:
+  - /enterprise/latest/setting-up-admin-api-rbac
 book: rbac
 ---
 
@@ -18,26 +20,25 @@ There are 4 basic entities involving RBAC.
   `developer`.
 - **role_endpoint**: A set of enabled or disabled (see `negative`
   parameter) actions (`read`, `create`, `update`, `delete`)
-  `endpoint`. Example: Role `developer` has 1 role_endpoint: `read &
-  write` to endpoint `/routes`
+  `endpoint`. Example: Role `developer` has 1 role_endpoint: `read & write` to endpoint `/routes`
 - **role_entity**: A set of enabled or disabled (see `negative`
   parameter) actions (`read`, `create`, `update`, `delete`)
-  `entity`. Example: Role `developer` has 1 role_entity: `read & write
-  & delete` to entity `283fccff-2d4f-49a9-8730-dc8b71ec2245`.
+  `entity`. Example: Role `developer` has 1 role_entity: `read & write & delete` to entity `283fccff-2d4f-49a9-8730-dc8b71ec2245`.
 
 ## Add a User
+
 **Endpoint**
 
 <div class="endpoint post">/rbac/users</div>
 
 **Request Body**
 
-| Attribute                | Description                                                                                                                         |
-| ---------                | -----------                                                                                                                         |
-| `name`                   | The RBAC user name.                                                                                                                 |
-| `user_token` | The authentication token to be presented to the Admin API. The value will be hashed and cannot be fetched in plaintext. |
-| `enabled`<br>optional    | A flag to enable or disable the user. By default, users are enabled.                                                                |
-| `comment`<br>optional    | A string describing the RBAC user object.                                                                                           |
+| Attribute             | Description                                                                                                             |
+| --------------------- | ----------------------------------------------------------------------------------------------------------------------- |
+| `name`                | The RBAC user name.                                                                                                     |
+| `user_token`          | The authentication token to be presented to the Admin API. The value will be hashed and cannot be fetched in plaintext. |
+| `enabled`<br>optional | A flag to enable or disable the user. By default, users are enabled.                                                    |
+| `comment`<br>optional | A string describing the RBAC user object.                                                                               |
 
 **Response**
 
@@ -56,15 +57,17 @@ HTTP 201 Created
   "user_token_ident": "4d870"
 }
 ```
-___
+
+---
 
 ## Retrieve a User
+
 **Endpoint**
 
 <div class="endpoint get">/rbac/users/{name_or_id}</div>
 
 | Attribute    | Description                 |
-| ---------    | -----------                 |
+| ------------ | --------------------------- |
 | `name_or_id` | The RBAC user name or UUID. |
 
 **Response**
@@ -83,9 +86,11 @@ HTTP 200 OK
   "user_token_ident": "4d870"
 }
 ```
-___
+
+---
 
 ## List Users
+
 **Endpoint**
 
 <div class="endpoint get">/rbac/users/</div>
@@ -122,26 +127,27 @@ HTTP 200 OK
 }
 ```
 
-⚠️ **Note**: **RBAC Users** associated with **Admins** will _not_ be 
-listed with **`GET`** `/rbac/users`. Instead, use 
-[**`GET`** `/admins`](/enterprise/{{page.kong_version}}/admin-api/admins/reference/#list-admins) 
+⚠️ **Note**: **RBAC Users** associated with **Admins** will _not_ be
+listed with **`GET`** `/rbac/users`. Instead, use
+[**`GET`** `/admins`](/enterprise/{{page.kong_version}}/admin-api/admins/reference/#list-admins)
 to list all **Admins**.
 
-___
+---
 
 ## Update a User
+
 **Endpoint**
 
 <div class="endpoint patch">/rbac/users/{name_or_id}</div>
 
 | Attribute    | Description                 |
-| ---------    | -----------                 |
+| ------------ | --------------------------- |
 | `name_or_id` | The RBAC user name or UUID. |
 
 **Request Body**
 
 | Attribute                | Description                                                                                                                         |
-| ---------                | -----------                                                                                                                         |
+| ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------- |
 | `user_token`<br>optional | The authentication token to be presented to the Admin API. If this value is not present, the token will automatically be generated. |
 | `enabled`<br>optional    | A flag to enable or disable the user. By default, users are enabled.                                                                |
 | `comment`<br>optional    | A string describing the RBAC user object.                                                                                           |
@@ -163,15 +169,17 @@ HTTP 200 OK
   "user_token_ident": "4d870"
 }
 ```
-___
+
+---
 
 ## Delete a User
+
 **Endpoint**
 
 <div class="endpoint delete">/rbac/users/{name_or_id}</div>
 
 | Attribute    | Description                 |
-| ---------    | -----------                 |
+| ------------ | --------------------------- |
 | `name_or_id` | The RBAC user name or UUID. |
 
 **Response**
@@ -179,15 +187,17 @@ ___
 ```
 HTTP 204 No Content
 ```
-___
+
+---
 
 ## Add a Role
+
 **Endpoint**
 
 <div class="endpoint post">/rbac/roles</div>
 
 | Attribute             | Description                               |
-| ---------             | -----------                               |
+| --------------------- | ----------------------------------------- |
 | `name`                | The RBAC role name.                       |
 | `comment`<br>optional | A string describing the RBAC user object. |
 
@@ -206,15 +216,17 @@ HTTP 201 Created
   "name": "service_reader"
 }
 ```
-___
+
+---
 
 ## Retrieve a Role
+
 Endpoint
 
 <div class="endpoint get">/rbac/roles/{name_or_id}</div>
 
 | Attribute    | Description                 |
-| ---------    | -----------                 |
+| ------------ | --------------------------- |
 | `name_or_id` | The RBAC role name or UUID. |
 
 **Response**
@@ -231,9 +243,11 @@ HTTP 200 OK
   "name": "service_reader"
 }
 ```
-___
+
+---
 
 ## List Roles
+
 **Endpoint**
 
 <div class="endpoint get">/rbac/roles</div>
@@ -275,9 +289,11 @@ HTTP 200 OK
   "next": null
 }
 ```
-___
+
+---
 
 ## Update or Create a Role
+
 **Endpoint**
 
 <div class="endpoint put">/rbac/roles</div>
@@ -285,7 +301,7 @@ ___
 **Request Body**
 
 | Attribute             | Description                               |
-| ---------             | -----------                               |
+| --------------------- | ----------------------------------------- |
 | `name`                | The RBAC role name.                       |
 | `comment`<br>optional | A string describing the RBAC user object. |
 
@@ -293,8 +309,7 @@ The behavior of `PUT` endpoints is the following: if the request payload **does
 not** contain an entity's primary key (`id` for Users), the entity will be
 created with the given payload. If the request payload **does** contain an
 entity's primary key, the payload will "replace" the entity specified by the
-given primary key. If the primary key is **not** that of an existing entity, `404
-NOT FOUND` will be returned.
+given primary key. If the primary key is **not** that of an existing entity, `404 NOT FOUND` will be returned.
 
 **Response**
 
@@ -321,18 +336,19 @@ HTTP 200 OK
 ```
 
 ## Update a Role
+
 **Endpoint**
 
 <div class="endpoint patch">/rbac/roles/{name_or_id}</div>
 
-| Attribute    | Description                 |
-| ---------    | -----------                 |
+| Attribute    | Description            |
+| ------------ | ---------------------- |
 | `name_or_id` | The RBAC role or UUID. |
 
 **Request Body**
 
 | Attribute             | Description                               |
-| ---------             | -----------                               |
+| --------------------- | ----------------------------------------- |
 | `comment`<br>optional | A string describing the RBAC role object. |
 
 **Response**
@@ -350,40 +366,42 @@ HTTP 200 OK
   "name": "service_reader"
 }
 ```
-___
+
+---
 
 ## Delete a Role
+
 **Endpoint**
 
 <div class="endpoint delete">/rbac/role/{name_or_id}</div>
 
-| Attribute             | Description                               |
-| ---------             | -----------                               |
-| `name`                | The RBAC role name.                       |
+| Attribute | Description         |
+| --------- | ------------------- |
+| `name`    | The RBAC role name. |
 
 **Response**
 
 ```
 HTTP 204 No Content
 ```
-___
+
+---
 
 ## Add a Role Endpoint Permission
+
 **Endpoint**
 
 <div class="endpoint post">/rbac/roles/{name_or_id}/endpoints</div>
 
-
-| Attribute             | Description                               |
-| ---------             | -----------                               |
-| `name_or_id`          | The RBAC role name.                       |
-
+| Attribute    | Description         |
+| ------------ | ------------------- |
+| `name_or_id` | The RBAC role name. |
 
 **Request Body**
 
 | Attribute             | Description                                                                                                                     |
-| ---------             | -----------                                                                                                                     |
-| `workspace`           | Workspace tied to the endpoint. Defaults to the default permission. Special value of "*" means **all** workspaces are affected  |
+| --------------------- | ------------------------------------------------------------------------------------------------------------------------------- |
+| `workspace`           | Workspace tied to the endpoint. Defaults to the default permission. Special value of "\*" means **all** workspaces are affected |
 | `endpoint`            | Endpoint associated with this permission.                                                                                       |
 | `negative`            | If true, explicitly disallow the actions associated with the permissions tied to this endpoint. By default this value is false. |
 | `actions`             | One or more actions associated with this permission. This is a comma separated string (read,create,update,delete)               |
@@ -393,12 +411,13 @@ ___
 exact matches, or contain wildcards, represented by `*`.
 
 - Exact matches; eg:
-  * /apis/
-  * /apis/foo
+
+  - /apis/
+  - /apis/foo
 
 - Wildcards; eg:
-  * /apis/*
-  * /apis/*/plugins
+  - /apis/\*
+  - /apis/\*/plugins
 
 Where `*` replaces exactly one segment between slashes (or the end of
 the path).
@@ -414,12 +433,7 @@ HTTP 201 Created
 
 ```json
 {
-  "actions": [
-    "delete",
-    "create",
-    "update",
-    "read"
-  ],
+  "actions": ["delete", "create", "update", "read"],
   "created_at": 1557764505,
   "endpoint": "/consumers",
   "negative": false,
@@ -433,12 +447,13 @@ HTTP 201 Created
 ---
 
 ## Retrieve a Role Endpoint Permission
+
 **Endpoint**
 
 <div class="endpoint get">/rbac/roles/{name_or_id}/endpoints/{worspace_name_or_id}/{endpoint}</div>
 
 | Attribute             | Description                                  |
-| ---------             | -----------                                  |
+| --------------------- | -------------------------------------------- |
 | `name_or_id`          | The RBAC role name or UUID.                  |
 | `worspace_name_or_id` | The worspace name or UUID.                   |
 | `endpoint`            | The endpoint associated with this permisson. |
@@ -451,12 +466,7 @@ HTTP 200 OK
 
 ```json
 {
-  "actions": [
-    "delete",
-    "create",
-    "update",
-    "read"
-  ],
+  "actions": ["delete", "create", "update", "read"],
   "created_at": 1557764505,
   "endpoint": "/consumers",
   "negative": false,
@@ -469,15 +479,14 @@ HTTP 200 OK
 
 ---
 
-
-
 ## List Role Endpoints Permissions
+
 **Endpoint**
 
 <div class="endpoint get">/rbac/roles/{role_name_or_id}/endpoints</div>
 
 | Attribute         | Description                 |
-| ---------         | -----------                 |
+| ----------------- | --------------------------- |
 | `role_name_or_id` | The RBAC role name or UUID. |
 
 **Response**
@@ -490,12 +499,7 @@ HTTP 200 OK
 {
   "data": [
     {
-      "actions": [
-        "delete",
-        "create",
-        "update",
-        "read"
-      ],
+      "actions": ["delete", "create", "update", "read"],
       "created_at": 1557764505,
       "endpoint": "/consumers",
       "negative": false,
@@ -505,9 +509,7 @@ HTTP 200 OK
       "workspace": "default"
     },
     {
-      "actions": [
-        "read"
-      ],
+      "actions": ["read"],
       "created_at": 1557764438,
       "endpoint": "/services",
       "negative": false,
@@ -523,22 +525,23 @@ HTTP 200 OK
 ---
 
 ## Update a Role Endpoint Permission
+
 **Endpoint**
 
 <div class="endpoint patch">/rbac/roles/{name_or_id}/endpoints/{worspace_name_or_id}/{endpoint}</div>
 
 | Attribute             | Description                                  |
-| ---------             | -----------                                  |
+| --------------------- | -------------------------------------------- |
 | `name_or_id`          | The RBAC role name or UUID.                  |
 | `worspace_name_or_id` | The worspace name or UUID.                   |
 | `endpoint`            | The endpoint associated with this permisson. |
 
 **Request Body**
 
-| Attribute             | Description |
-| ---------             | ----------- |
-| `negative`            | If true, explicitly disallow the actions associated with the permissions tied to this resource. By default this value is false. |
-| `actions`             | One or more actions associated with this permission. |
+| Attribute  | Description                                                                                                                     |
+| ---------- | ------------------------------------------------------------------------------------------------------------------------------- |
+| `negative` | If true, explicitly disallow the actions associated with the permissions tied to this resource. By default this value is false. |
+| `actions`  | One or more actions associated with this permission.                                                                            |
 
 **Response**
 
@@ -548,12 +551,7 @@ HTTP 200 OK
 
 ```json
 {
-  "actions": [
-    "delete",
-    "create",
-    "update",
-    "read"
-  ],
+  "actions": ["delete", "create", "update", "read"],
   "created_at": 1557764438,
   "endpoint": "/services",
   "negative": false,
@@ -566,15 +564,14 @@ HTTP 200 OK
 
 ---
 
-
-
 ## Delete a Role Endpoint Permission
+
 **Endpoint**
 
 <div class="endpoint delete">/rbac/roles/{name_or_id}/endpoints/{worspace_name_or_id}/{endpoint}</div>
 
 | Attribute             | Description                                  |
-| ---------             | -----------                                  |
+| --------------------- | -------------------------------------------- |
 | `name_or_id`          | The RBAC role name or UUID.                  |
 | `worspace_name_or_id` | The worspace name or UUID.                   |
 | `endpoint`            | The endpoint associated with this permisson. |
@@ -587,20 +584,20 @@ HTTP 204 No Content
 
 ---
 
-
-
 ## Add a Role Entity Permission
+
 **Endpoint**
+
 <div class="endpoint post">/rbac/roles/{name_or_id}/entities</div>
 
 | Attribute    | Description                 |
-| ---------    | -----------                 |
+| ------------ | --------------------------- |
 | `name_or_id` | The RBAC role name or UUID. |
 
 **Request Body**
 
 | Attribute             | Description                                                                                                                     |
-| ---------             | -----------                                                                                                                     |
+| --------------------- | ------------------------------------------------------------------------------------------------------------------------------- |
 | `negative`            | If true, explicitly disallow the actions associated with the permissions tied to this resource. By default this value is false. |
 | `entity_id`           | id of the entity associated with this permission.                                                                               |
 | `actions`             | One or more actions associated with this permission.                                                                            |
@@ -612,7 +609,6 @@ workspace. Future entities belonging to that workspace will get the
 same permissions. A wildcard `*` will be interpreted as **all
 entities** in the system.
 
-
 **Response**
 
 ```
@@ -621,11 +617,7 @@ HTTP 201 Created
 
 ```json
 {
-  "actions": [
-    "delete",
-    "create",
-    "read"
-  ],
+  "actions": ["delete", "create", "read"],
   "created_at": 1557771505,
   "entity_id": "*",
   "entity_type": "wildcard",
@@ -639,13 +631,15 @@ HTTP 201 Created
 ---
 
 ## Retrieve a Role Entity Permission
+
 **Endpoint**
+
 <div class="endpoint get">/rbac/roles/{name_or_id}/entities/{entity_id}</div>
 
-| Attribute             | Description                                                                                                                     |
-| ---------             | -----------                                                                                                                     |
-| `name_or_id`          | The RBAC permission name or UUID.                                                                                                |
-| `entity_id`           | id of the entity associated with this permission.                                                                               |
+| Attribute    | Description                                       |
+| ------------ | ------------------------------------------------- |
+| `name_or_id` | The RBAC permission name or UUID.                 |
+| `entity_id`  | id of the entity associated with this permission. |
 
 **Response**
 
@@ -655,11 +649,7 @@ HTTP 200 Ok
 
 ```json
 {
-  "actions": [
-    "delete",
-    "create",
-    "read"
-  ],
+  "actions": ["delete", "create", "read"],
   "created_at": 1557771505,
   "entity_id": "*",
   "entity_type": "wildcard",
@@ -675,11 +665,12 @@ HTTP 200 Ok
 ## List Entity Permissons
 
 **Endpoint**
+
 <div class="endpoint get">/rbac/roles/{name_or_id}/entities</div>
 
-| Attribute             | Description                      |
-| ---------             | -----------                      |
-| `name_or_id`          | The RBAC permisson name or UUID. |
+| Attribute    | Description                      |
+| ------------ | -------------------------------- |
+| `name_or_id` | The RBAC permisson name or UUID. |
 
 **Response**
 
@@ -691,11 +682,7 @@ HTTP 200 Ok
 {
   "data": [
     {
-      "actions": [
-        "delete",
-        "create",
-        "read"
-      ],
+      "actions": ["delete", "create", "read"],
       "created_at": 1557771505,
       "entity_id": "*",
       "entity_type": "wildcard",
@@ -709,22 +696,24 @@ HTTP 200 Ok
 ```
 
 ---
+
 ## Update an Entity Permission
+
 **Endpoint**
 
 <div class="endpoint patch">/rbac/roles/{name_or_id}/entities/{entity_id}</div>
 
-| Attribute             | Description                 |
-| ---------             | -----------                 |
-| `name_or_id`          | The RBAC role name or UUID. |
-| `entity_id`           | The entity name or UUID.    |
+| Attribute    | Description                 |
+| ------------ | --------------------------- |
+| `name_or_id` | The RBAC role name or UUID. |
+| `entity_id`  | The entity name or UUID.    |
 
 **Request Body**
 
-| Attribute    | Description                 |
-| ---------    | -----------                 |
+| Attribute  | Description                                                                                                                     |
+| ---------- | ------------------------------------------------------------------------------------------------------------------------------- |
 | `negative` | If true, explicitly disallow the actions associated with the permissions tied to this resource. By default this value is false. |
-| `actions` | One or more actions associated with this permission. |
+| `actions`  | One or more actions associated with this permission.                                                                            |
 
 **Response**
 
@@ -734,9 +723,7 @@ HTTP 200 OK
 
 ```json
 {
-  "actions": [
-    "update"
-  ],
+  "actions": ["update"],
   "created_at": 1557771505,
   "entity_id": "*",
   "entity_type": "wildcard",
@@ -750,12 +737,13 @@ HTTP 200 OK
 ---
 
 ## Delete an Entity Permission
+
 **Endpoint**
 
 <div class="endpoint delete">/rbac/roles/{name_or_id}/entities/{entity_id}</div>
 
 | Attribute    | Description                 |
-| ---------    | -----------                 |
+| ------------ | --------------------------- |
 | `name_or_id` | The RBAC role name or UUID. |
 | `entity_id`  | The entity name or UUID.    |
 
@@ -768,39 +756,31 @@ HTTP 204 No Content
 ---
 
 ## List Role Permissions
+
 **Endpoint**
+
 <div class="endpoint get">/rbac/roles/{name_or_id}/permissions/</div>
 
 | Attribute    | Description                 |
-| ---------    | -----------                 |
+| ------------ | --------------------------- |
 | `name_or_id` | The RBAC role name or UUID. |
 
-
 **Response**
 
 ```
 HTTP 200 OK
 ```
+
 ```json
 {
   "endpoints": {
     "*": {
       "*": {
-        "actions": [
-          "delete",
-          "create",
-          "update",
-          "read"
-        ],
+        "actions": ["delete", "create", "update", "read"],
         "negative": false
       },
       "/*/rbac/*": {
-        "actions": [
-          "delete",
-          "create",
-          "update",
-          "read"
-        ],
+        "actions": ["delete", "create", "update", "read"],
         "negative": true
       }
     }
@@ -810,19 +790,19 @@ HTTP 200 OK
 ```
 
 ## Add a User to a Role
+
 **Endpoint**
 
 <div class="endpoint post">/rbac/users/{name_or_id}/roles</div>
 
 | Attribute    | Description                 |
-| ---------    | -----------                 |
+| ------------ | --------------------------- |
 | `name_or_id` | The RBAC role name or UUID. |
 
-
 **Request Body**
 
-| Attribute | Description |
-| --------- | ----------- |
+| Attribute | Description                                               |
+| --------- | --------------------------------------------------------- |
 | `roles`   | Comma-separated list of role names to assign to the user. |
 
 **Response**
@@ -830,6 +810,7 @@ HTTP 200 OK
 ```
 HTTP 201 Created
 ```
+
 ```json
 {
   "roles": [
@@ -852,23 +833,24 @@ HTTP 201 Created
 ```
 
 ---
+
 ## List a User's Roles
+
 **Endpoint**
 
 <div class="endpoint get">/rbac/users/{name_or_id}/roles</div>
 
 | Attribute    | Description                 |
-| ---------    | -----------                 |
+| ------------ | --------------------------- |
 | `name_or_id` | The RBAC role name or UUID. |
 
-
 **Response**
 
 ```
 HTTP 200 OK
 ```
-```json
 
+```json
 {
   "roles": [
     {
@@ -896,20 +878,21 @@ HTTP 200 OK
 ```
 
 ---
+
 ## Delete a Role from a User
+
 **Endpoint**
 
 <div class="endpoint delete">/rbac/users/{name_or_id}/roles</div>
 
 | Attribute    | Description                 |
-| ---------    | -----------                 |
+| ------------ | --------------------------- |
 | `name_or_id` | The RBAC role name or UUID. |
 
-
 **Request Body**
 
 | Attribute | Description                                               |
-| --------- | -----------                                               |
+| --------- | --------------------------------------------------------- |
 | `roles`   | Comma-separated list of role names to assign to the user. |
 
 **Response**
@@ -921,12 +904,13 @@ HTTP 204 No Content
 ---
 
 ## List a User's Permissions
+
 **Endpoint**
 
 <div class="endpoint get">/rbac/users/{name_or_id}/permissions</div>
 
 | Attribute    | Description                 |
-| ---------    | -----------                 |
+| ------------ | --------------------------- |
 | `name_or_id` | The RBAC role name or UUID. |
 
 **Response**
@@ -934,19 +918,17 @@ HTTP 204 No Content
 ```
 HTTP 200 OK
 ```
+
 ```json
 {
   "endpoints": {
     "*": {
       "*": {
-        "actions": [
-          "read"
-        ],
+        "actions": ["read"],
         "negative": false
       }
     }
   },
   "entities": {}
 }
-
 ```
diff --git a/app/enterprise/0.36-x/admin-api/vitals/vitals-prometheus-strategy.md b/app/enterprise/0.36-x/admin-api/vitals/vitals-prometheus-strategy.md
index d490f3a929fb..a075aaedf8ac 100644
--- a/app/enterprise/0.36-x/admin-api/vitals/vitals-prometheus-strategy.md
+++ b/app/enterprise/0.36-x/admin-api/vitals/vitals-prometheus-strategy.md
@@ -22,7 +22,8 @@ using default config that listens on port `9090`.
 
 The latest release of StatsD exporter can be found at the
 [Bintray](https://bintray.com/kong/statsd-exporter). The binary is distributed
-with some specific features like min/max gauges and Unix domain socket support.
+with some specific features like min/max gauges. Alternatively, a
+[Docker image](https://bintray.com/kong/statsd-exporter-docker) is also available.
 
 StatsD exporter needed to configured with a set of mapping rules to translate
 the StatsD UDP events to Prometheus metrics. A default set of mapping rules can
@@ -37,12 +38,15 @@ $ ./statsd_exporter --statsd.mapping-config=statsd.rules.yaml \
 
 The StatsD mapping rules file must be configured to match the metrics sent from
 Kong. To learn how to customize the StatsD events name, please refer to
-[Enable Vitals with Prometheus strategy in Kong](#enable-Vitals-with-prometheus-strategy-in-kong)
+[Enable Vitals with Prometheus strategy in Kong](#enable-vitals-with-prometheus-strategy-in-kong)
 section.
 
 StatsD exporter can run either on a separate node from Kong (to avoid resource
 competition with Kong), or on the same host with Kong (to reduce unnecessary
-network overhead).
+network overhead). Note that feeding metrics from multiple Kong nodes into a single
+StatsD exporter is currently not supported, as it would result in a metrics conflict.
+It's also recommended to match the number of Kong nodes to StatsD exporters for
+better scalability.
 
 In this guide, we assume StatsD exporter is running on hostname `statsd-node`,
 using default config that listens to UDP traffic on port `9125` and the metrics 
@@ -129,8 +133,8 @@ $ export KONG_VITALS_STATSD_PREFIX=kong-vitals
 ```yaml
 # in statsd.rules
 mappings:
-# by API
-- match: kong-vitals.api.*.request.count
+# by Service
+- match: kong.service.*.request.count
   name: "kong_requests_proxy"
   labels:
     job: "kong_metrics"
diff --git a/app/enterprise/0.36-x/admin-api/workspaces/examples.md b/app/enterprise/0.36-x/admin-api/workspaces/examples.md
index f7714120ebf3..3899c5337f49 100644
--- a/app/enterprise/0.36-x/admin-api/workspaces/examples.md
+++ b/app/enterprise/0.36-x/admin-api/workspaces/examples.md
@@ -488,4 +488,4 @@ Next: [RBAC Overview &rsaquo;](/enterprise/{{page.kong_version}}/rbac/overview)
 
 ---
 
-[services]: /{{page.kong_version}}/admin-api/#service-object
+[services]: /enterprise/{{page.kong_version}}/admin-api/#service-object
diff --git a/app/enterprise/0.36-x/admin-api/workspaces/reference.md b/app/enterprise/0.36-x/admin-api/workspaces/reference.md
index 46c1ab15e7d7..e11712fdfd4a 100644
--- a/app/enterprise/0.36-x/admin-api/workspaces/reference.md
+++ b/app/enterprise/0.36-x/admin-api/workspaces/reference.md
@@ -1,16 +1,18 @@
 ---
 title: Workspaces Reference
+redirect_from:
+  - /admin-api/workspaces
 book: workspaces
 
 workspace_body: |
-    Attribute | Description
-    ---:| ---
-    `name` | The **Workspace** name.
+  Attribute | Description
+  ---:| ---
+  `name` | The **Workspace** name.
 
 workspace_entities_body: |
-    Attribute | Description
-    ---:| ---
-    `entities`| Comma-delimited list of entity identifiers
+  Attribute | Description
+  ---:| ---
+  `entities`| Comma-delimited list of entity identifiers
 ---
 
 ## Introduction
@@ -149,22 +151,21 @@ HTTP 200 OK
 
 <div class="endpoint put">/workspaces/{id}</div>
 
-Attributes | Description
----:| ---
-`id`<br>**conditional** | The **Workspace's** unique ID, if replacing it.*
+|              Attributes | Description                                       |
+| ----------------------: | ------------------------------------------------- |
+| `id`<br>**conditional** | The **Workspace's** unique ID, if replacing it.\* |
 
-* The behavior of `PUT` endpoints is the following: if the request payload **does
-not** contain an entity's primary key (`id` for Workspaces), the entity will be
-created with the given payload. If the request payload **does** contain an
-entity's primary key, the payload will "replace" the entity specified by the
-given primary key. If the primary key is **not** that of an existing entity, `404
-NOT FOUND` will be returned.
+- The behavior of `PUT` endpoints is the following: if the request payload **does
+  not** contain an entity's primary key (`id` for Workspaces), the entity will be
+  created with the given payload. If the request payload **does** contain an
+  entity's primary key, the payload will "replace" the entity specified by the
+  given primary key. If the primary key is **not** that of an existing entity, `404 NOT FOUND` will be returned.
 
 #### Request Body
 
-Attribute | Description
----:| ---
-`name` | The **Workspace** name.
+| Attribute | Description             |
+| --------: | ----------------------- |
+|    `name` | The **Workspace** name. |
 
 **Response**
 
@@ -210,15 +211,17 @@ HTTP 200 OK
 }
 ```
 
+The behavior of `PUT` endpoints prevents the renaming of a **Workspace**.
+
 ### Retrieve a Workspace
 
 **Endpoint**
 
 <div class="endpoint get">/workspaces/{name or id}</div>
 
-Attributes | Description
----:| ---
-`name or id`<br>**required** | The unique identifier **or** the name of the **Workspace** to retrieve
+|                   Attributes | Description                                                            |
+| ---------------------------: | ---------------------------------------------------------------------- |
+| `name or id`<br>**required** | The unique identifier **or** the name of the **Workspace** to retrieve |
 
 **Response**
 
@@ -233,8 +236,8 @@ HTTP 200 OK
     "portal_developer_meta_fields": "[{\"label\":\"Full Name\",\"title\":\"full_name\",\"validator\":{\"required\":true,\"type\":\"string\"}}]"
   },
   "created_at": 1557504202,
-    "id": "c663cca5-c6f6-474a-ae44-01f62aba16a9",
-    "meta": { },
+  "id": "c663cca5-c6f6-474a-ae44-01f62aba16a9",
+  "meta": {},
   "name": "rocket-team"
 }
 ```
@@ -245,9 +248,9 @@ HTTP 200 OK
 
 <div class="endpoint get">/workspaces/{name or id}/meta</div>
 
-Attributes | Description
----:| ---
-`name or id`<br>**required** | The unique identifier **or** the name of the **Workspace** to retrieve
+|                   Attributes | Description                                                            |
+| ---------------------------: | ---------------------------------------------------------------------- |
+| `name or id`<br>**required** | The unique identifier **or** the name of the **Workspace** to retrieve |
 
 #### Response
 
@@ -288,11 +291,11 @@ HTTP 200 OK
 
 <div class="endpoint delete">/workspaces/{name or id}</div>
 
-Attributes | Description
----:| ---
-`name or id`<br>**required** | The unique identifier **or** the name of the **Workspace** to delete
+|                   Attributes | Description                                                          |
+| ---------------------------: | -------------------------------------------------------------------- |
+| `name or id`<br>**required** | The unique identifier **or** the name of the **Workspace** to delete |
 
-**Note:** All entities within a **Workspace** must be deleted before the 
+**Note:** All entities within a **Workspace** must be deleted before the
 **Workspace** itself can be.
 
 **Response**
@@ -307,15 +310,15 @@ HTTP 204 No Content
 
 <div class="endpoint patch">/workspaces/{name or id}</div>
 
-Attributes | Description
----:| ---
-`name or id`<br>**required** | The unique identifier **or** the name of the **Workspace** to patch
+|                   Attributes | Description                                                         |
+| ---------------------------: | ------------------------------------------------------------------- |
+| `name or id`<br>**required** | The unique identifier **or** the name of the **Workspace** to patch |
 
 #### Request Body
 
-Attributes | Description
----:| ---
-`comment` | A string describing the **Workspace**
+| Attributes | Description                           |
+| ---------: | ------------------------------------- |
+|  `comment` | A string describing the **Workspace** |
 
 The behavior of `PATCH` endpoints prevents the renaming of a **Workspace**.
 
@@ -431,7 +434,7 @@ HTTP 200 OK
 }
 ```
 
-In this case, the **Workspace** references two Services. 
+In this case, the **Workspace** references two Services.
 
 ### Delete entities from a Workspace
 
@@ -487,4 +490,4 @@ HTTP 204 No Content
 
 ---
 
-[Admin API]: /{{page.kong_version}}/admin-api/
+[Admin API]: /enterprise/{{page.kong_version}}/admin-api/
diff --git a/app/enterprise/0.36-x/auth.md b/app/enterprise/0.36-x/auth.md
new file mode 100644
index 000000000000..f190620128e8
--- /dev/null
+++ b/app/enterprise/0.36-x/auth.md
@@ -0,0 +1,215 @@
+---
+title: Authentication Reference
+---
+
+## Introduction
+
+Traffic to your upstream services (APIs or microservices) is typically controlled by the application and
+configuration of various Kong [authentication plugins][plugins]. Since Kong's Service entity represents
+a 1-to-1 mapping of your own upstream services, the simplest scenario is to configure authentication
+plugins on the Services of your choosing.
+
+## Generic authentication
+
+The most common scenario is to require authentication and to not allow access for any unauthenticated request.
+To achieve this any of the authentication plugins can be used. The generic scheme/flow of those plugins
+works as follows:
+
+1. Apply an auth plugin to a Service, or globally (you cannot apply one on consumers)
+2. Create a `consumer` entity
+3. Provide the consumer with authentication credentials for the specific authentication method
+4. Now whenever a request comes in Kong will check the provided credentials (depends on the auth type) and
+it will either block the request if it cannot validate, or add consumer and credential details
+in the headers and forward the request
+
+The generic flow above does not always apply, for example when using external authentication like LDAP,
+then there is no consumer to be identified, and only the credentials will be added in the forwarded headers.
+
+The authentication method specific elements and examples can be found in each [plugin's documentation][plugins].
+
+## Consumers
+
+The easiest way to think about consumers is to map them one-on-one to users. Yet, to Kong this does not matter.
+The core principle for consumers is that you can attach plugins to them, and hence customize request behaviour.
+So you might have mobile apps, and define one consumer for each app, or version of it. Or have a consumer per
+platform, e.g. an android consumer, an iOS consumer, etc.
+
+It is an opaque concept to Kong and hence they are called "consumers" and not "users".
+
+## Anonymous Access
+
+Kong has the ability to configure a given Service to allow **both** authenticated **and** anonymous access.
+You might use this configuration to grant access to anonymous users with a low rate-limit, and grant access
+to authenticated users with a higher rate limit.
+
+To configure a Service like this, you first apply your selected authentication plugin, then create a new
+consumer to represent anonymous users, then configure your authentication plugin to allow anonymous
+access. Here is an example, which assumes you have already configured a Service named `example-service` and
+the corresponding route:
+
+1. ### Create an example Service and a Route
+
+    Issue the following cURL request to create `example-service` pointing to mockbin.org, which will echo
+    the request:
+
+    ```bash
+    $ curl -i -X POST \
+      --url http://localhost:8001/services/ \
+      --data 'name=example-service' \
+      --data 'url=http://mockbin.org/request'
+    ```
+
+    Add a route to the Service:
+
+    ```bash
+    $ curl -i -X POST \
+      --url http://localhost:8001/services/example-service/routes \
+      --data 'paths[]=/auth-sample'
+    ```
+
+    The url `http://localhost:8000/auth-sample` will now echo whatever is being requested.
+
+2. ### Configure the key-auth Plugin for your Service
+
+    Issue the following cURL request to add a plugin to a Service:
+
+    ```bash
+    $ curl -i -X POST \
+      --url http://localhost:8001/services/example-service/plugins/ \
+      --data 'name=key-auth'
+    ```
+
+    Be sure to note the created Plugin `id` - you'll need it in step 5.
+
+3. ### Verify that the key-auth plugin is properly configured
+
+    Issue the following cURL request to verify that the [key-auth][key-auth]
+    plugin was properly configured on the Service:
+
+    ```bash
+    $ curl -i -X GET \
+      --url http://localhost:8000/auth-sample
+    ```
+
+    Since you did not specify the required `apikey` header or parameter, and you have not yet
+    enabled anonymous access, the response should be `403 Forbidden`:
+
+    ```http
+    HTTP/1.1 403 Forbidden
+    ...
+
+    {
+      "message": "No API key found in headers or querystring"
+    }
+    ```
+
+4. ### Create an anonymous Consumer
+
+    Every request proxied by Kong must be associated with a Consumer. You'll now create a Consumer
+    named `anonymous_users` (that Kong will utilize when proxying anonymous access) by issuing the
+    following request:
+
+    ```bash
+    $ curl -i -X POST \
+      --url http://localhost:8001/consumers/ \
+      --data "username=anonymous_users"
+    ```
+
+    You should see a response similar to the one below:
+
+    ```http
+    HTTP/1.1 201 Created
+    Content-Type: application/json
+    Connection: keep-alive
+
+    {
+      "username": "anonymous_users",
+      "created_at": 1428555626000,
+      "id": "bbdf1c48-19dc-4ab7-cae0-ff4f59d87dc9"
+    }
+    ```
+
+    Be sure to note the Consumer `id` - you'll need it in the next step.
+
+5. ### Enable anonymous access
+
+    You'll now re-configure the key-auth plugin to permit anonymous access by issuing the following
+    request (**replace the sample uuids below by the `id` values from step 2 and 4**):
+
+    ```bash
+    $ curl -i -X PATCH \
+      --url http://localhost:8001/plugins/<your-plugin-id> \
+      --data "config.anonymous=<your-consumer-id>"
+    ```
+
+    The `config.anonymous=<your-consumer-id>` parameter instructs the key-auth plugin on this Service to permit
+    anonymous access, and to associate such access with the Consumer `id` we received in the previous step. It is
+    required that you provide a valid and pre-existing Consumer `id` in this step - validity of the Consumer `id`
+    is not currently checked when configuring anonymous access, and provisioning of a Consumer `id` that doesn't already
+    exist will result in an incorrect configuration.
+
+6. ### Check anonymous access
+
+    Confirm that your Service now permits anonymous access by issuing the following request:
+
+    ```bash
+    $ curl -i -X GET \
+      --url http://localhost:8000/auth-sample
+    ```
+
+    This is the same request you made in step #3, however this time the request should succeed, because you
+    enabled anonymous access in step #5.
+
+    The response (which is the request as Mockbin received it) should have these elements:
+
+    ```json
+    {
+      ...
+      "headers": {
+        ...
+        "x-consumer-id": "713c592c-38b8-4f5b-976f-1bd2b8069494",
+        "x-consumer-username": "anonymous_users",
+        "x-anonymous-consumer": "true",
+        ...
+      },
+      ...
+    }
+    ```
+
+    It shows the request was successful, but anonymous.
+
+## Multiple Authentication
+
+Kong supports multiple authentication plugins for a given Service, allowing
+different clients to utilize different authentication methods to access a given Service or Route.
+
+The behaviour of the auth plugins can be set to do either a logical `AND`, or a logical `OR` when evaluating
+multiple authentication credentials. The key to the behaviour is the `config.anonymous` property.
+
+- `config.anonymous` not set <br/>
+  If this property is not set (empty) then the auth plugins will always perform authentication and return
+  a `40x` response if not validated. This results in a logical `AND` when multiple auth plugins are being
+  invoked.
+- `config.anonymous` set to a valid consumer id <br/>
+  In this case the auth plugin will only perform authentication if it was not already authenticated. When
+  authentication fails, it will not return a `40x` response, but set the anonymous consumer as the consumer. This
+  results in a logical `OR` + 'anonymous access' when multiple auth plugins are being invoked.
+
+**NOTE 1**: Either all or none of the auth plugins must be configured for anonymous access. The behaviour is
+undefined if they are mixed.
+
+**NOTE 2**: When using the `AND` method, the last plugin executed will be the one setting the credentials
+passed to the upstream service. With the `OR` method, it will be the first plugin that successfully authenticates
+the consumer, or the last plugin that will set its configured anonymous consumer.
+
+**NOTE 3**: When using the OAuth2 plugin in an `AND` fashion, then also the OAuth2 endpoints for requesting
+tokens etc. will require authentication by the other configured auth plugins.
+
+<div class="alert alert-warning">
+  When multiple authentication plugins are enabled in an <tt>OR</tt> fashion on a given Service, and it is desired that
+  anonymous access be forbidden, then the <a href="/plugins/request-termination"><tt>request-termination</tt> plugin</a> should be
+  configured on the anonymous consumer. Failure to do so will allow unauthorized requests.
+</div>
+
+[plugins]: https://konghq.com/plugins/
+[key-auth]: /plugins/key-authentication
diff --git a/app/enterprise/0.36-x/clustering.md b/app/enterprise/0.36-x/clustering.md
new file mode 100644
index 000000000000..fcf427def903
--- /dev/null
+++ b/app/enterprise/0.36-x/clustering.md
@@ -0,0 +1,297 @@
+---
+title: Clustering Reference
+---
+
+## Introduction
+
+A Kong cluster allows you to scale the system horizontally by adding more
+machines to handle more incoming requests. They will all share the same
+configuration since they point to the same database. Kong nodes pointing to the
+**same datastore** will be part of the same Kong cluster.
+
+You need a load-balancer in front of your Kong cluster to distribute traffic
+across your available nodes.
+
+## What a Kong cluster does and doesn't do
+
+**Having a Kong cluster does not mean that your clients traffic will be
+load-balanced across your Kong nodes out of the box.** You still need a
+load-balancer in front of your Kong nodes to distribute your traffic. Instead,
+a Kong cluster means that those nodes will share the same configuration.
+
+For performance reasons, Kong avoids database connections when proxying
+requests, and caches the contents of your database in memory. The cached
+entities include Services, Routes, Consumers, Plugins, Credentials, etc... Since those
+values are in memory, any change made via the Admin API of one of the nodes
+needs to be propagated to the other nodes.
+
+This document describes how those cached entities are being invalidated and how
+to configure your Kong nodes for your use case, which lies somewhere between
+performance and consistency.
+
+[Back to TOC](#table-of-contents)
+
+## Single node Kong clusters
+
+A single Kong node connected to a database (Cassandra or PostgreSQL) creates a
+Kong cluster of one node. Any changes applied via the Admin API of this node
+will instantly take effect. Example:
+
+Consider a single Kong node `A`. If we delete a previously registered Service:
+
+```bash
+$ curl -X DELETE http://127.0.0.1:8001/services/test-service
+```
+
+Then any subsequent request to `A` would instantly return `404 Not Found`, as
+the node purged it from its local cache:
+
+```bash
+$ curl -i http://127.0.0.1:8000/test-service
+```
+
+[Back to TOC](#table-of-contents)
+
+## Multiple nodes Kong clusters
+
+In a cluster of multiple Kong nodes, other nodes connected to the same database
+would not instantly be notified that the Service was deleted by node `A`.  While
+the Service is **not** in the database anymore (it was deleted by node `A`), it is
+**still** in node `B`'s memory.
+
+All nodes perform a periodic background job to synchronize with changes that
+may have been triggered by other nodes. The frequency of this job can be
+configured via:
+
+* [db_update_frequency][db_update_frequency] (default: 5 seconds)
+
+Every `db_update_frequency` seconds, all running Kong nodes will poll the
+database for any update, and will purge the relevant entities from their cache
+if necessary.
+
+If we delete a Service from node `A`, this change will not be effective in node
+`B` until node `B`s next database poll, which will occur up to
+`db_update_frequency` seconds later (though it could happen sooner).
+
+This makes Kong clusters **eventually consistent**.
+
+[Back to TOC](#table-of-contents)
+
+## What is being cached?
+
+All of the core entities such as Services, Routes, Plugins, Consumers, Credentials are
+cached in memory by Kong and depend on their invalidation via the polling
+mechanism to be updated.
+
+Additionally, Kong also caches **database misses**. This means that if you
+configure a Service with no plugin, Kong will cache this information. Example:
+
+On node `A`, we add a Service and a Route:
+
+```bash
+# node A
+$ curl -X POST http://127.0.0.1:8001/services \
+    --data "name=example-service" \
+    --data "url=http://example.com"
+
+$ curl -X POST http://127.0.0.1:8001/services/example-service/routes \
+    --data "paths[]=/example"
+```
+
+(Note that we used `/services/example-service/routes` as a shortcut: we
+could have used the `/routes` endpoint instead, but then we would need to
+pass `service_id` as an argument, with the UUID of the new Service.)
+
+A request to the Proxy port of both node `A` and `B` will cache this Service, and
+the fact that no plugin is configured on it:
+
+```bash
+# node A
+$ curl http://127.0.0.1:8000/example
+HTTP 200 OK
+...
+```
+
+```bash
+# node B
+$ curl http://127.0.0.2:8000/example
+HTTP 200 OK
+...
+```
+
+Now, say we add a plugin to this Service via node `A`'s Admin API:
+
+```bash
+# node A
+$ curl -X POST http://127.0.0.1:8001/services/example-service/plugins \
+    --data "name=example-plugin"
+```
+
+Because this request was issued via node `A`'s Admin API, node `A` will locally
+invalidate its cache and on subsequent requests, it will detect that this API
+has a plugin configured.
+
+However, node `B` hasn't run a database poll yet, and still caches that this
+API has no plugin to run. It will be so until node `B` runs its database
+polling job.
+
+**Conclusion**: all CRUD operations trigger cache invalidations. Creation
+(`POST`, `PUT`) will invalidate cached database misses, and update/deletion
+(`PATCH`, `DELETE`) will invalidate cached database hits.
+
+[Back to TOC](#table-of-contents)
+
+## How to configure database caching?
+
+You can configure 3 properties in the Kong configuration file, the most
+important one being `db_update_frequency`, which determine where your Kong
+nodes stand on the performance vs consistency trade off.
+
+Kong comes with default values tuned for consistency, in order to let you
+experiment with its clustering capabilities while avoiding "surprises". As you
+prepare a production setup, you should consider tuning those values to ensure
+that your performance constraints are respected.
+
+### 1. [db_update_frequency][db_update_frequency] (default: 5s)
+
+This value determines the frequency at which your Kong nodes will be polling
+the database for invalidation events. A lower value will mean that the polling
+job will be executed more frequently, but that your Kong nodes will keep up
+with changes you apply. A higher value will mean that your Kong nodes will
+spend less time running the polling jobs, and will focus on proxying your
+traffic.
+
+**Note**: changes propagate through the cluster in up to `db_update_frequency`
+seconds.
+
+[Back to TOC](#table-of-contents)
+
+### 2. [db_update_propagation][db_update_propagation] (default: 0s)
+
+If your database itself is eventually consistent (ie: Cassandra), you **must**
+configure this value. It is to ensure that the change has time to propagate
+across your database nodes. When set, Kong nodes receiving invalidation events
+from their polling jobs will delay the purging of their cache for
+`db_update_propagation` seconds.
+
+If a Kong node connected to an eventual consistent database was not delaying
+the event handling, it could purge its cache, only to cache the non-updated
+value again (because the change hasn't propagated through the database yet)!
+
+You should set this value to an estimate of the amount of time your database
+cluster takes to propagate changes.
+
+**Note**: when this value is set, changes propagate through the cluster in
+up to `db_update_frequency + db_update_propagation` seconds.
+
+[Back to TOC](#table-of-contents)
+
+### 3. [db_cache_ttl][db_cache_ttl] (default: 0s)
+
+The time (in seconds) for which Kong will cache database entities (both hits
+and misses). This Time-To-Live value acts as a safeguard in case a Kong node
+misses an invalidation event, to avoid it from running on stale data for too
+long. When the TTL is reached, the value will be purged from its cache, and the
+next database result will be cached again.
+
+By default no data is invalidated based on this TTL (the default value is `0`).
+This is usually fine: Kong nodes rely on invalidation events, which are handled
+at the db store level (Cassandra/PosgreSQL). If you are concerned that a Kong
+node might miss invalidation event for any reason, you should set a TTL. Otherwise
+the node might run with a stale value in its cache for an undefined amount of time,
+until the cache is manually purged, or the node is restarted.
+
+[Back to TOC](#table-of-contents)
+
+### 4. When using Cassandra
+
+If you use Cassandra as your Kong database, you **must** set
+[db_update_propagation][db_update_propagation] to a non-zero value. Since
+Cassandra is eventually consistent by nature, this will ensure that Kong nodes
+do not prematurely invalidate their cache, only to fetch and catch a
+not up-to-date entity again. Kong will present you a warning logs if you did
+not configure this value when using Cassandra.
+
+Additionally, you might want to configure `cassandra_consistency` to a value
+like `QUORUM` or `LOCAL_QUORUM`, to ensure that values being cached by your
+Kong nodes are up-to-date values from your database.
+
+[Back to TOC](#table-of-contents)
+
+## Interacting with the cache via the Admin API
+
+If for some reason, you wish to investigate the cached values, or manually
+invalidate a value cached by Kong (a cached hit or miss), you can do so via the
+Admin API `/cache` endpoint.
+
+### Inspect a cached value
+
+**Endpoint**
+
+<div class="endpoint get">/cache/{cache_key}</div>
+
+**Response**
+
+If a value with that key is cached:
+
+```
+HTTP 200 OK
+...
+{
+    ...
+}
+```
+
+Else:
+
+```
+HTTP 404 Not Found
+```
+
+**Note**: retrieving the `cache_key` for each entity being cached by Kong is
+currently an undocumented process. Future versions of the Admin API will make
+this process easier.
+
+[Back to TOC](#table-of-contents)
+
+### Purge a cached value
+
+**Endpoint**
+
+<div class="endpoint delete">/cache/{cache_key}</div>
+
+**Response**
+
+```
+HTTP 204 No Content
+...
+```
+
+**Note**: retrieving the `cache_key` for each entity being cached by Kong is
+currently an undocumented process. Future versions of the Admin API will make
+this process easier.
+
+[Back to TOC](#table-of-contents)
+
+### Purge a node's cache
+
+**Endpoint**
+
+<div class="endpoint delete">/cache</div>
+
+**Response**
+
+```
+HTTP 204 No Content
+```
+
+**Note**: be wary of using this endpoint on a warm, production running node.
+If the node is receiving a lot of traffic, purging its cache at the same time
+will trigger many requests to your database, and could cause a
+[dog-pile effect](https://en.wikipedia.org/wiki/Cache_stampede).
+
+[Back to TOC](#table-of-contents)
+
+[db_update_frequency]: /enterprise/{{page.kong_version}}/property-reference/#db_update_frequency
+[db_update_propagation]: /enterprise/{{page.kong_version}}/property-reference/#db_update_propagation
+[db_cache_ttl]: /enterprise/{{page.kong_version}}/property-reference/#db_cache_ttl
diff --git a/app/enterprise/0.36-x/deployment/installation/centos.md b/app/enterprise/0.36-x/deployment/installation/centos.md
index 4e02f192eca3..fd35f1006e8b 100644
--- a/app/enterprise/0.36-x/deployment/installation/centos.md
+++ b/app/enterprise/0.36-x/deployment/installation/centos.md
@@ -30,7 +30,7 @@ To complete this guide you will need:
     Copy the file to your home directory:
 
     ```
-    $ scp kong-enterprise-edition-0.35-1.el7.noarch.rpm <centos user>@<serverip:~
+    $ scp kong-enterprise-edition-0.36.el7.noarch.rpm <centos user>@<serverip:~
     ```
 
 2. Option 2. Download via **YUM**
@@ -67,7 +67,7 @@ To complete this guide you will need:
 1. Install Kong Enterprise
 
     ```
-    $ sudo yum install kong-enterprise-edition-0.35-1.el7.noarch.rpm
+    $ sudo yum install kong-enterprise-edition-0.36.el7.noarch.rpm
     ```
   >Note: Your version may be different based on when you obtained the rpm
 
@@ -235,5 +235,5 @@ setup reach out to your **Support contact** or head over to the
 ## Next Steps
 
 Work through Kong Enterprise's series of 
-[Getting Started](/enterprise/latest/getting-started) guides to get the most
+[Getting Started](/enterprise/{{page.kong_version}}/getting-started) guides to get the most
 out of Kong Enterprise.
diff --git a/app/enterprise/0.36-x/deployment/installation/ubuntu.md b/app/enterprise/0.36-x/deployment/installation/ubuntu.md
index 8f205f617217..2dbff2aedc66 100644
--- a/app/enterprise/0.36-x/deployment/installation/ubuntu.md
+++ b/app/enterprise/0.36-x/deployment/installation/ubuntu.md
@@ -30,7 +30,7 @@ To complete this guide you will need:
     Copy the file to your home directory:
 
     ```
-    $ scp kong-enterprise-edition-0.35.xxx.xxx.deb <ubuntu user>@<serverip:~
+    $ scp kong-enterprise-edition-36.xxx.xxx.deb <ubuntu user>@<serverip:~
     ```
 
 2. Obtain your Kong Enterprise license
@@ -59,7 +59,7 @@ To complete this guide you will need:
     ```
     $ sudo apt-get update
     $ sudo apt-get install openssl libpcre3 procps perl
-    $ sudo dpkg -i kong-enterprise-edition-0.35.xxx.xxx.deb
+    $ sudo dpkg -i kong-enterprise-edition-0.36.xxx.xxx.deb
     ```
   >Note: Your version may be different based on when you obtained the package
 
@@ -193,5 +193,5 @@ setup reach out to your **Support contact** or head over to the
 ## Next Steps
 
 Work through Kong Enterprise's series of 
-[Getting Started](/enterprise/latest/getting-started) guides to get the most
+[Getting Started](/enterprise/{{page.kong_version}}/getting-started) guides to get the most
 out of Kong Enterprise.
diff --git a/app/enterprise/0.36-x/deployment/migrations.md b/app/enterprise/0.36-x/deployment/migrations.md
index a5bb6ee97310..64cfc1a6ac75 100644
--- a/app/enterprise/0.36-x/deployment/migrations.md
+++ b/app/enterprise/0.36-x/deployment/migrations.md
@@ -15,7 +15,6 @@ title: Migrating to 0.36
 * Instances where the Portal and Files API are on different hostnames require that they at least share a common root, and that the `cookie_domain` setting of the Portal session configuration be that common root. For example, if the Portal itself is at `portal.kong.example` and the Files API is at `files.kong.example`, `cookie_domain=.kong.example`.
 * Portal-related `rbac_role_endpoints` will be updated to adhere to changes in the Dev Portal API. This only applies to Portal-related endpoints that were present in or set by Kong Manager; any user-generated endpoints will need to be updated manually.  The endpoints that will be updated automatically are as follows:
 
-
 ```
 '/portal/*'                     => '/developers/*', '/files/*'
 '/portal/developers'            => '/developers/*'
diff --git a/app/enterprise/0.36-x/developer-portal/configuration/authentication/oidc.md b/app/enterprise/0.36-x/developer-portal/configuration/authentication/oidc.md
index 2680d766a2d8..6e8f6effecb0 100644
--- a/app/enterprise/0.36-x/developer-portal/configuration/authentication/oidc.md
+++ b/app/enterprise/0.36-x/developer-portal/configuration/authentication/oidc.md
@@ -21,10 +21,14 @@ OIDC for the Dev Portal can be enabled in three ways:
 - via the [the command line](#enable-oidc-via-the-command-line)
 - via the [the Kong configuration file](#enable-oidc-via-the-kongconf)
 
+**Warning:** Configuring OIDC authentication for Dev Portal via Kong Manger or with the Admin API will take precedence over any kong.conf 'portal_auth_conf' configuration. Be sure to use only one of the configuration methods.  
+
 
 ### Portal Session Plugin Config
 
-Session Plugin Config does not apply when using OpenID Connect.
+Session Plugin Config does not apply when using OpenID Connect. Any session
+configuration is defined in the configuration object itself and not
+in a separate portal session configuration object as it is with other Dev Portal authentication options.
 
 ### Sample Configuration Object
 
@@ -40,8 +44,8 @@ Provder:
   "client_id": ["<CLIENT-ID>"],
   "login_action": "redirect",
   "logout_redirect_uri": ["http://localhost:8003 (http://localhost:8003/)"],
-  "ssl_verify": false,
   "consumer_claim": ["email"],
+  "redirect_uri": ["https://localhost:8004/auth"],
   "forbidden_redirect_uri": ["http://localhost:8003/unauthorized"],
   "client_secret": ["<CLIENT_SECRET>"],
   "issuer": "https://accounts.google.com/",
@@ -49,17 +53,8 @@ Provder:
   "login_redirect_uri": ["http://localhost:8003 (http://localhost:8003/)"],
   "login_redirect_mode": "query"
 }
-
 ```
 
-The values above can be replaced with their corresponding values for a custom
-OIDC configuration:
-
-  - `<CLIENT_ID>` - Client ID provided by IdP
-        * For Example, Google credentials can be found here:
-        https://console.cloud.google.com/projectselector/apis/credentials
-  - `<CLIENT_SECRET>` - Client secret provided by IdP
-
 If `portal_gui_host` and `portal_api_url` are set to share a domain but differ
 in regards to subdomain, `redirect_uri` and `session_cookie_domain` need to be
 configured to allow OpenID-Connect to apply the session correctly.
@@ -76,9 +71,8 @@ Example:
   "login_redirect_uri": ["https://example.portal.com (https://example.portal.com/)"],
   "login_action": "redirect",
   "logout_redirect_uri": ["https://example.portal.com (https://example.portal.com/)"],
-  "ssl_verify": false,
   "consumer_claim": ["email"],
-  "redirect_uri": ["https://exampleapi.portal.com/auth"],
+  "redirect_uri": ["https://example.portalapi.com/auth"],
   "session_cookie_domain": ".portal.com",
   "forbidden_redirect_uri": ["https://example.portal.com/unauthorized"],
   "client_secret": ["<CLIENT_SECRET"],
@@ -86,9 +80,15 @@ Example:
   "logout_methods": ["GET"],
   "login_redirect_mode": "query"
 }
-
 ```
 
+The values above must be replaced with their corresponding values for a custom
+OIDC configuration:
+* `<CLIENT_ID>` - Client ID provided by IdP. For Example, Google credentials can be found here: https://console.cloud.google.com/projectselector/apis/credentials
+* `<CLIENT_SECRET>` - Client secret provided by IdP
+* The `redirect_uri` the Portal API's '/auth' endpoint.
+* The `session_cookie_domain` is the shared domain of the portal GUI `portal_gui_host` and portal API `portal_api_url` if they have different subdomains.
+
 ### Enable OIDC via Kong Manager
 
 1. Navigate to the Dev Portal's **Settings** page
@@ -112,8 +112,8 @@ curl -X PATCH http://localhost:8001/workspaces/<WORKSPACE NAME> \
   "config.portal_auth_conf=<REPLACE WITH JSON CONFIG OBJECT>
 ```
 
->**Warning** This will automatically authenticate the Dev Portal with Key
->Auth. Anyone currently viewing the Dev Portal will lose access on the
+>**Warning** This will automatically authenticate the Dev Portal with OIDC
+>. Anyone currently viewing the Dev Portal will lose access on the
 >next page refresh.
 
 ### Enable OIDC via the Kong.conf
@@ -130,5 +130,5 @@ portal_auth="openid-connect"
 Then set `portal_auth_conf` property to your
 customized [**Configuration JSON Object**](#/sample-configuration-object)
 
-This will set every Dev Portal to use Key Authentication by default when
+This configuration will set every Dev Portal to use OIDC by default when
 initialized, regardless of Workspace.
diff --git a/app/enterprise/0.36-x/developer-portal/configuration/index.md b/app/enterprise/0.36-x/developer-portal/configuration/index.md
index 0b53bb50b892..fdd661eaecde 100644
--- a/app/enterprise/0.36-x/developer-portal/configuration/index.md
+++ b/app/enterprise/0.36-x/developer-portal/configuration/index.md
@@ -1,5 +1,7 @@
 ---
 title: Dev Portal Configuration
+redirect_from:
+  - /developer-portal/configuration/enable-the-dev-portal
 ---
 
 <div class="docs-grid">
diff --git a/app/enterprise/0.36-x/getting-started/add-consumer.md b/app/enterprise/0.36-x/getting-started/add-consumer.md
index 78a1e3cf29a3..5dc3769237bb 100644
--- a/app/enterprise/0.36-x/getting-started/add-consumer.md
+++ b/app/enterprise/0.36-x/getting-started/add-consumer.md
@@ -54,8 +54,8 @@ $ curl -i -X POST \
 ## 3. Verify Validity of Consumer Credentials 
 
 The authorization header must be base64 encoded. For example, if the credential 
-uses Aladdin as the username and OpenSesame as the password, then the field’s 
-value is the base64-encoding of Aladdin:OpenSesame, or QWxhZGRpbjpPcGVuU2VzYW1l.
+uses `Aladdin` as the username and `OpenSesame` as the password, then the field’s 
+value is the base64-encoding of `Aladdin:OpenSesame`, or `QWxhZGRpbjpPcGVuU2VzYW1l`.
 
 Then the Authorization (or Proxy-Authorization) header must appear as:
 
diff --git a/app/enterprise/0.36-x/getting-started/add-service.md b/app/enterprise/0.36-x/getting-started/add-service.md
index f18372ac4a41..27272b312b74 100644
--- a/app/enterprise/0.36-x/getting-started/add-service.md
+++ b/app/enterprise/0.36-x/getting-started/add-service.md
@@ -5,9 +5,7 @@ title: How to Add a Service and Route
 ### Introduction
 
 This guide walks through the creation and configuration of a 
-**Service and Route** via **Kong Manager** in **Kong Enterprise**. To do this with 
-via the **command line** read Kong's guide to 
-[Configuring a Service](/latest/getting-started/configuring-a-service/).
+**Service and Route** via **Kong Manager** in **Kong Enterprise**.
 
 For the purpose of this guide, we’ll create a **Service** pointing to the Mockbin 
 API. Mockbin is an “echo” type public website that returns requests back to
@@ -20,10 +18,9 @@ including adding **Services and Routes**, is made via requests on to the
 
 ### Prerequisites
 
-- **Kong Enterprise** is [installed](/enterprise/{{page.kong_version}}/deployment/installation)
-- **Kong Enterprise** is [started](/enterprise/{{page.kong_version}}/getting-started/start-kong)
-- **Super Admin** or [**Admin**](/enterprise/{{page.kong_version}}/getting-started/add-admin)
-access to **Kong Manager**
+* [`enforce_rbac = on`](/enterprise/{{page.kong_version}}/property-reference/#enforce_rbac)
+* Kong Enterprise has [started](/enterprise/{{page.kong_version}}/getting-started/start-kong)
+* Logged in to Kong Manager as a **Super Admin** 
 
 ### Step 1 - Create a New Service
 
diff --git a/app/enterprise/0.36-x/getting-started/enable-plugin.md b/app/enterprise/0.36-x/getting-started/enable-plugin.md
index b927c6a426b9..d45e9d926ce8 100644
--- a/app/enterprise/0.36-x/getting-started/enable-plugin.md
+++ b/app/enterprise/0.36-x/getting-started/enable-plugin.md
@@ -15,11 +15,10 @@ Plugin via the command line, checkout the
 
 ### Prerequisites
 
-- **Kong Enterprise** is [installed](/enterprise/{{page.kong_version}}/deployment/installation)
-- **Kong Enterprise** is [started](/enterprise/{{page.kong_version}}/getting-started/start-kong)
-- A [**Service and Route**](/enterprise/{{page.kong_version}}/getting-started/add-service)
-(optional)
-- **admin** or **super-admin** privileges
+* [`enforce_rbac = on`](/enterprise/{{page.kong_version}}/property-reference/#enforce_rbac)
+* Kong Enterprise has [started](/enterprise/{{page.kong_version}}/getting-started/start-kong)
+* Logged in to Kong Manager as a **Super Admin** 
+- _Optionally_ created a [**Service and Route**](/enterprise/{{page.kong_version}}/getting-started/add-service)
 
 ### How to Enable a Plugin in Kong Manager
 
diff --git a/app/enterprise/0.36-x/getting-started/index.md b/app/enterprise/0.36-x/getting-started/index.md
index 4e7c76ec73d2..90bb0c9c3363 100644
--- a/app/enterprise/0.36-x/getting-started/index.md
+++ b/app/enterprise/0.36-x/getting-started/index.md
@@ -10,9 +10,7 @@ guides is designed to help you familiarize yourself with Kong Enterprise's featu
 and capabilities, with practical steps to start Kong Enterprise securely, access
 Kong Manager as a **Super Admin**, and create new entities such as **Services**.
 
-Each guide also contains links to more in-depth material. Note that Kong
- Enterprise 0.35 includes Kong 1.0 at its core, so CLI commands and most Admin
- API endpoints are documented in standard [Kong documentation](/1.0.x/).
+Each guide also contains links to more in-depth material.
 
  If you have any issues or further questions, please
 [contact Support](https://support.konghq.com/support/s/) and they will be happy
diff --git a/app/enterprise/0.36-x/getting-started/start-kong.md b/app/enterprise/0.36-x/getting-started/start-kong.md
index 0fe368704b15..afcc51a015ba 100644
--- a/app/enterprise/0.36-x/getting-started/start-kong.md
+++ b/app/enterprise/0.36-x/getting-started/start-kong.md
@@ -94,7 +94,7 @@ $ kong start [-c /path/to/kong.conf]
 ```
 
 **Note:** the CLI accepts a configuration option (`-c /path/to/kong.conf`)
-allowing you to point to [your own configuration](/1.0.x/configuration/#configuration-loading).
+allowing you to point to [your own configuration](/enterprise/{{page.kong_version}}/property-reference/#configuration-loading).
 
 ## Step 4
 
diff --git a/app/enterprise/0.36-x/health-checks-circuit-breakers.md b/app/enterprise/0.36-x/health-checks-circuit-breakers.md
new file mode 100644
index 000000000000..42d16e52217b
--- /dev/null
+++ b/app/enterprise/0.36-x/health-checks-circuit-breakers.md
@@ -0,0 +1,321 @@
+---
+title: Health Checks and Circuit Breakers Reference
+---
+
+## Introduction
+
+You can make an API proxied by Kong use a [ring-balancer][ringbalancer], configured
+by adding an [upstream][upstream] entity that contains one or more [target][ringtarget]
+entities, each target pointing to a different IP address (or hostname) and
+port. The ring-balancer will balance load among the various targets, and based
+on the [upstream][upstream] configuration, will perform health checks on the targets,
+making them as healthy or unhealthy whether they are responsive or not. The
+ring-balancer will then only route traffic to healthy targets.
+
+Kong supports two kinds of health checks, which can be used separately or in
+conjunction:
+
+* **active checks**, where a specific HTTP or HTTPS endpoint in the target is
+periodically requested and the health of the target is determined based on its
+response;
+
+* **passive checks** (also known as **circuit breakers**), where Kong analyzes
+the ongoing traffic being proxied and determines the health of targets based
+on their behavior responding requests.
+
+## Healthy and unhealthy targets
+
+The objective of the health checks functionality is to dynamically mark
+targets as healthy or unhealthy, **for a given Kong node**. There is
+no cluster-wide synchronization of health information: each Kong node
+determines the health of its targets separately. This is desirable since at a
+given point one Kong node may be able to connect to a target successfully
+while another node is failing to reach it: the first node will consider
+it healthy, while the second will mark it as unhealthy and start routing
+traffic to other targets of the upstream.
+
+Either an active probe (on active health checks) or a proxied request
+(on passive health checks) produces data which is used to determine
+whether a target is healthy or unhealthy. A request may produce a TCP
+error, timeout, or produce an HTTP status code. Based on this
+information, the health checker updates a series of internal counters:
+
+* If the returned status code is one configured as "healthy", it will
+increment the "Successes" counter for the target and clear all its other
+counters;
+* If it fails to connect, it will increment the "TCP failures" counter
+for the target and clear the "Successes" counter;
+* If it times out, it will increment the "timeouts" counter
+for the target and clear the "Successes" counter;
+* If the returned status code is one configured as "unhealthy", it will
+increment the "HTTP failures" counter for the target and clear the "Successes" counter.
+
+If any of the "TCP failures", "HTTP failures" or "timeouts" counters reaches
+their configured threshold, the target will be marked as unhealthy.
+
+If the "Successes" counter reaches its configured threshold, the target will be
+marked as healthy.
+
+The list of which HTTP status codes are "healthy" or "unhealthy", and the
+individual thresholds for each of these counters are configurable on a
+per-upstream basis. Below, we have an example of a configuration for an
+Upstream entity, showcasing the default values of the various fields
+available for configuring health checks. A description of each
+field is included in the [Admin API][addupstream] reference documentation.
+
+```json
+{
+    "name": "service.v1.xyz",
+    "healthchecks": {
+        "active": {
+            "concurrency": 10,
+            "healthy": {
+                "http_statuses": [ 200, 302 ],
+                "interval": 0,
+                "successes": 0
+            },
+            "http_path": "/",
+            "timeout": 1,
+            "unhealthy": {
+                "http_failures": 0,
+                "http_statuses": [ 429, 404, 500, 501,
+                                   502, 503, 504, 505 ],
+                "interval": 0,
+                "tcp_failures": 0,
+                "timeouts": 0
+            }
+        },
+        "passive": {
+            "healthy": {
+                "http_statuses": [ 200, 201, 202, 203,
+                                   204, 205, 206, 207,
+                                   208, 226, 300, 301,
+                                   302, 303, 304, 305,
+                                   306, 307, 308 ],
+                "successes": 0
+            },
+            "unhealthy": {
+                "http_failures": 0,
+                "http_statuses": [ 429, 500, 503 ],
+                "tcp_failures": 0,
+                "timeouts": 0
+            }
+        }
+    },
+    "slots": 10
+}
+```
+
+If all targets of an upstream are unhealthy, Kong will respond to requests
+to the upstream with `503 Service Unavailable`.
+
+Note:
+
+1. health checks operate only on [*active* targets][targetobject] and do not
+   modify the *active* status of a target in the Kong database.
+2. unhealthy targets will not be removed from the loadbalancer, and hence will
+   not have any impact on the balancer layout when using the hashing algorithm
+   (they will just be skipped).
+3. The [DNS caveats][dnscaveats] and [balancer caveats][balancercaveats]
+   also apply to health checks. If using hostnames for the targets, then make
+   sure the DNS server always returns the full set of IP addresses for a name,
+   and does not limit the response. *Failing to do so might lead to health
+   checks not being executed.*
+
+## Types of health checks
+
+### Active health checks
+
+Active health checks, as the name implies, actively probe targets for
+their health. When active health checks are enabled in an upstream entity,
+Kong will periodically issue HTTP or HTTPS requests to a configured path at each target
+of the upstream. This allows Kong to automatically enable and disable targets
+in the balancer based on the [probe results](#healthy-and-unhealthy-targets).
+
+The periodicity of active health checks can be configured separately for
+when a target is healthy or unhealthy. If the `interval` value for either
+is set to zero, the checking is disabled at the corresponding scenario.
+When both are zero, active health checks are disabled altogether.
+
+<div class="alert alert-warning">
+<strong>Note:</strong> Active health checks currently only support HTTP/HTTPS targets. They
+do not apply to Upstreams assigned to Services with the protocol attribute set to "tcp" or "tls".
+</div>
+
+[Back to TOC](#table-of-contents)
+
+### Passive health checks (circuit breakers)
+
+Passive health checks, also known as circuit breakers, are
+checks performed based on the requests being proxied by Kong (HTTP/HTTPS/TCP),
+with no additional traffic being generated. When a target becomes
+unresponsive, the passive health checker will detect that and mark
+the target as unhealthy. The ring-balancer will start skipping this
+target, so no more traffic will be routed to it.
+
+Once the problem with a target is solved and it is ready to receive
+traffic again, the Kong administrator can manually inform the
+health checker that the target should be enabled again, via an
+Admin API endpoint:
+
+```bash
+$ curl -i -X POST http://localhost:8001/upstreams/my_upstream/targets/10.1.2.3:1234/healthy
+HTTP/1.1 204 No Content
+```
+
+This command will broadcast a cluster-wide message so that the "healthy"
+status is propagated to the whole [Kong cluster][clustering]. This will cause Kong nodes to
+reset the health counters of the health checkers running in all workers of the
+Kong node, allowing the ring-balancer to route traffic to the target again.
+
+Passive health checks have the advantage of not producing extra
+traffic, but they are unable to automatically mark a target as
+healthy again: the "circuit is broken", and the target needs to
+be re-enabled again by the system administrator.
+
+
+[Back to TOC](#table-of-contents)
+
+## Summary of pros and cons
+
+* Active health checks can automatically re-enable a target in the
+ring balancer as soon as it is healthy again. Passive health checks cannot.
+* Passive health checks do not produce additional traffic to the
+target. Active health checks do.
+* An active health checker demands a known URL with a reliable status response
+in the target to be configured as a probe endpoint (which may be as
+simple as `"/"`). Passive health checks do not demand such configuration.
+* By providing a custom probe endpoint for an active health checker,
+an application may determine its own health metrics and produce a status
+code to be consumed by Kong. Even though a target continues to serve
+traffic which looks healthy to the passive health checker,
+it would be able to respond to the active probe with a failure
+status, essentially requesting to be relieved from taking new traffic.
+
+It is possible to combine the two modes. For example, one can enable
+passive health checks to monitor the target health based solely on its
+traffic, and only use active health checks while the target is unhealthy,
+in order to re-enable it automatically.
+
+## Enabling and disabling health checks
+
+### Enabling active health checks
+
+To enable active health checks, you need to specify the configuration items
+under `healthchecks.active` in the [Upstream object][upstreamobjects] configuration. You
+need to specify the necessary information so that Kong can perform periodic
+probing on the target, and how to interpret the resulting information.
+
+You can use the `healthchecks.active.type` field to specify whether to perform
+HTTP or HTTPS probes (setting it to `"http"` or `"https"`), or by simply
+testing if the connection to a given host and port is successful
+(setting it to `"tcp"`).
+
+For configuring the probe, you need to specify:
+
+* `healthchecks.active.http_path` - The path that should be used when
+issuing the HTTP GET request to the target. The default value is `"/"`.
+* `healthchecks.active.timeout` - The connection timeout limit for the
+HTTP GET request of the probe. The default value is 1 second.
+* `healthchecks.active.concurrency` - Number of targets to check concurrently
+in active health checks.
+
+You also need to specify positive values for intervals, for running
+probes:
+
+* `healthchecks.active.healthy.interval` - Interval between active health
+checks for healthy targets (in seconds). A value of zero indicates that active
+probes for healthy targets should not be performed.
+* `healthchecks.active.unhealthy.interval` - Interval between active health
+checks for unhealthy targets (in seconds). A value of zero indicates that active
+probes for unhealthy targets should not be performed.
+
+This allows you to tune the behavior of the active health checks, whether you
+want probes for healthy and unhealthy targets to run at the same interval, or
+one to be more frequent than the other.
+
+If you are using HTTPS healthchecks, you can also specify the following
+fields:
+
+* `healthchecks.active.https_verify_certificate` - Whether to check the
+validity of the SSL certificate of the remote host when performing active
+health checks using HTTPS.
+* `healthchecks.active.https_sni` - The hostname to use as an SNI
+(Server Name Identification) when performing active health checks
+using HTTPS. This is particularly useful when Targets are configured
+using IPs, so that the target host's certificate can be verified
+with the proper SNI.
+
+Note that failed TLS verifications will increment the "TCP failures" counter;
+the "HTTP failures" refer only to HTTP status codes, whether probes are done
+through HTTP or HTTPS.
+
+Finally, you need to configure how Kong should interpret the probe, by setting
+the various thresholds on the [health
+counters](#healthy-and-unhealthy-targets), which, once reached will trigger a
+status change. The counter threshold fields are:
+
+* `healthchecks.active.healthy.successes` - Number of successes in active
+probes (as defined by `healthchecks.active.healthy.http_statuses`) to consider
+a target healthy.
+* `healthchecks.active.unhealthy.tcp_failures` - Number of TCP failures
+or TLS verification failures in active probes to consider a target unhealthy.
+* `healthchecks.active.unhealthy.timeouts` - Number of timeouts in active
+probes to consider a target unhealthy.
+* `healthchecks.active.unhealthy.http_failures` - Number of HTTP failures in
+active probes (as defined by `healthchecks.active.unhealthy.http_statuses`) to
+consider a target unhealthy.
+
+### Enabling passive health checks
+
+Passive health checks do not feature a probe, as they work by interpreting
+the ongoing traffic that flows from a target. This means that to enable
+passive checks you only need to configure its counter thresholds:
+
+* `healthchecks.passive.healthy.successes` - Number of successes in proxied
+traffic (as defined by `healthchecks.passive.healthy.http_statuses`) to
+consider a target healthy, as observed by passive health checks. This needs to
+be positive when passive checks are enabled so that healthy traffic resets the
+unhealthy counters.
+* `healthchecks.passive.unhealthy.tcp_failures` - Number of TCP failures in
+proxied traffic to consider a target unhealthy, as observed by passive health
+checks.
+* `healthchecks.passive.unhealthy.timeouts` - Number of timeouts in proxied
+traffic to consider a target unhealthy, as observed by passive health checks.
+* `healthchecks.passive.unhealthy.http_failures` - Number of HTTP failures in
+proxied traffic (as defined by `healthchecks.passive.unhealthy.http_statuses`)
+to consider a target unhealthy, as observed by passive health checks.
+
+### Disabling health checks
+
+In all counter thresholds and intervals specified in the `healthchecks`
+configuration, setting a value to zero means that the functionality the field
+represents is disabled. Setting a probe interval to zero disables a probe.
+Likewise, you can disable certain types of checks by setting their counter
+thresholds to zero. For example, to not consider timeouts when performing
+healthchecks, you can set both `timeouts` fields (for active and passive
+checks) to zero. This gives you a fine-grained control of the behavior of the
+health checker.
+
+In summary, to completely disable active health checks for an upstream, you
+need to set both `healthchecks.active.healthy.interval` and
+`healthchecks.active.unhealthy.interval` to `0`.
+
+To completely disable passive health checks, you need to set all counter
+thresholds under `healthchecks.passive` for its various counters to zero.
+
+All counter thresholds and intervals in `healthchecks` are zero by default,
+meaning that health checks are completely disabled by default in newly created
+upstreams.
+
+[Back to TOC](#table-of-contents)
+
+[ringbalancer]: /enterprise/{{page.kong_version}}/loadbalancing#ring-balancer
+[ringtarget]: /enterprise/{{page.kong_version}}/loadbalancing#target
+[upstream]: /enterprise/{{page.kong_version}}/loadbalancing#upstream
+[targetobject]: /enterprise/{{page.kong_version}}/admin-api#target-object
+[addupstream]: /enterprise/{{page.kong_version}}/admin-api#add-upstream
+[clustering]: /enterprise/{{page.kong_version}}/clustering
+[upstreamobjects]: /enterprise/{{page.kong_version}}/admin-api#upstream-objects
+[balancercaveats]: /enterprise/{{page.kong_version}}/loadbalancing#balancing-caveats
+[dnscaveats]: /enterprise/{{page.kong_version}}/loadbalancing#dns-caveats
diff --git a/app/enterprise/0.36-x/index.md b/app/enterprise/0.36-x/index.md
index 1676db937b91..38fba432894d 100644
--- a/app/enterprise/0.36-x/index.md
+++ b/app/enterprise/0.36-x/index.md
@@ -18,7 +18,7 @@ title: Kong Enterprise Documentation
   <div class="docs-grid-block">
     <h3><img src="/assets/images/icons/documentation/icn-window.svg" /><a href="/enterprise/{{page.kong_version}}/deployment/installation/overview">Install Kong Enterprise</a></h3>
     <p>Learn how to install Kong Enterprise with your chosen deployment method.</p>
-    <a href="/enterprise/{{page.kong_version}}/deployment/installation/overview">Chose Deployment Method &rarr;</a>
+    <a href="/enterprise/{{page.kong_version}}/deployment/installation/overview">Choose Deployment Method &rarr;</a>
   </div>
 
   <div class="docs-grid-block">
diff --git a/app/enterprise/0.36-x/kong-manager/reset-password.md b/app/enterprise/0.36-x/kong-manager/reset-password.md
index 48e6435bd099..6042296c723d 100644
--- a/app/enterprise/0.36-x/kong-manager/reset-password.md
+++ b/app/enterprise/0.36-x/kong-manager/reset-password.md
@@ -5,10 +5,10 @@ toc: false
 
 ### Table of contents
 
-* [Passwords and RBAC Tokens](passwords-and-rbac-tokens)
-* [How to Reset a Forgotten Password in Kong Manager](how-to-reset-a-forgotten-password-in-kong-manager)
-* [How to Reset a Password from within Kong Manager](how-to-reset-a-password-from-within-kong-manager)
-* [How to Reset an RBAC Token in Kong Manager](how-to-reset-an-rbac-token-in-kong-manager)
+* [Passwords and RBAC Tokens](#passwords-and-rbac-tokens)
+* [How to Reset a Forgotten Password in Kong Manager](#how-to-reset-a-forgotten-password-in-kong-manager)
+* [How to Reset a Password from within Kong Manager](#how-to-reset-a-password-from-within-kong-manager)
+* [How to Reset an RBAC Token in Kong Manager](#how-to-reset-an-rbac-token-in-kong-manager)
 
 ## Passwords and RBAC Tokens
 
@@ -32,10 +32,24 @@ Prerequisites:
 Steps:
 
 1. At the login page, click **Forgot Password** beneath the login field. 
+
+    <img src="https://doc-assets.konghq.com/0.35/kong-manager/how-to-reset-passwords-and-rbac/click-forgot-password.png">
+
 2. Enter the email address associated with the account.
+
+    <img src="https://doc-assets.konghq.com/0.35/kong-manager/how-to-reset-passwords-and-rbac/enter-email-address.png">
+
 3. Click the link from the email. 
+
+    <img src="https://doc-assets.konghq.com/0.35/kong-manager/how-to-reset-passwords-and-rbac/click-email-link.png">
+
 4. Reset the password. Note that you will need to provide it again immediately after the reset is complete. 
-5. Log in with the new password. 
+
+    <img src="https://doc-assets.konghq.com/0.35/kong-manager/how-to-reset-passwords-and-rbac/enter-new-password.png">
+
+5. Log in with the new password.
+
+    <img src="https://doc-assets.konghq.com/0.35/kong-manager/how-to-reset-passwords-and-rbac/reset-successful.png">
 
 ## How to Reset a Password from within Kong Manager
 
@@ -49,8 +63,13 @@ Prerequisites:
 Steps:
 
 1. At the **top right corner**, after hovering over the **account name**, select **Profile**. 
+
+    <img src="https://doc-assets.konghq.com/0.35/kong-manager/how-to-reset-passwords-and-rbac/hover-select-profile.png">
+
 2. In the **Reset Password** section, fill in the fields and click the **Reset Password** button.
 
+    <img src="https://doc-assets.konghq.com/0.35/kong-manager/how-to-reset-passwords-and-rbac/reset-password.png">
+
 ## How to Reset an RBAC Token in Kong Manager
 
 Prerequisites: 
@@ -63,7 +82,17 @@ Prerequisites:
 Steps:
 
 1. At the **top right corner**, after hovering over the **account name**, select **Profile**. 
+
+    <img src="https://doc-assets.konghq.com/0.35/kong-manager/how-to-reset-passwords-and-rbac/hover-select-profile.png">
+
 2. In the **Reset RBAC Token** section at the bottom, click **Reset Token**.
+
+    <img src="https://doc-assets.konghq.com/0.35/kong-manager/how-to-reset-passwords-and-rbac/click-reset-token.png">
+  
 3. Type in a new token and click **Reset**. 
+
+    <img src="https://doc-assets.konghq.com/0.35/kong-manager/how-to-reset-passwords-and-rbac/enter-new-token.png">
+  
 4. To copy the token, click the **Copy** button at the right.
 
+    <img src="https://doc-assets.konghq.com/0.35/kong-manager/how-to-reset-passwords-and-rbac/successful-reset.png">
diff --git a/app/enterprise/0.36-x/loadbalancing.md b/app/enterprise/0.36-x/loadbalancing.md
new file mode 100644
index 000000000000..ccb24bd8aa5c
--- /dev/null
+++ b/app/enterprise/0.36-x/loadbalancing.md
@@ -0,0 +1,374 @@
+---
+title: Loadbalancing reference
+---
+
+## Introduction
+
+Kong provides multiple ways of load balancing requests to multiple backend
+services: a straightforward DNS-based method, and a more dynamic ring-balancer
+that also allows for service registry without needing a DNS server.
+
+## DNS-based loadbalancing
+
+When using DNS-based load balancing, the registration of the backend services
+is done outside of Kong, and Kong only receives updates from the DNS server.
+
+Every Service that has been defined with a `host` containing a hostname
+(instead of an IP address) will automatically use DNS-based load balancing
+if the name resolves to multiple IP addresses, provided the hostname does not
+resolve to an `upstream` name or a name in your DNS hostsfile.
+
+The DNS record `ttl` setting (time to live) determines how often the information
+is refreshed. When using a `ttl` of 0, every request will be resolved using its
+own DNS query. Obviously this will have a performance penalty, but the latency of
+updates/changes will be very low.
+
+[Back to TOC](#table-of-contents)
+
+### A records
+
+An A record contains one or more IP addresses. Hence, when a hostname
+resolves to an A record, each backend service must have its own IP address.
+
+Because there is no `weight` information, all entries will be treated as equally
+weighted in the load balancer, and the balancer will do a straight forward
+round-robin.
+
+[Back to TOC](#table-of-contents)
+
+### SRV records
+
+An SRV record contains weight and port information for all of its IP addresses.
+A backend service can be identified by a unique combination of IP address
+and port number. Hence, a single IP address can host multiple instances of the
+same service on different ports.
+
+Because the `weight` information is available, each entry will get its own
+weight in the load balancer and it will perform a weighted round-robin.
+
+Similarly, any given port information will be overridden by the port information from
+the DNS server. If a Service has attributes `host=myhost.com` and `port=123`,
+and `myhost.com` resolves to an SRV record with `127.0.0.1:456`, then the request
+will be proxied to `http://127.0.0.1:456/somepath`, as port `123` will be
+overridden by `456`.
+
+[Back to TOC](#table-of-contents)
+
+### DNS priorities
+
+The DNS resolver will start resolving the following record types in order:
+
+  1. The last successful type previously resolved
+  2. SRV record
+  3. A record
+  4. CNAME record
+
+This order is configurable through the [`dns_order` configuration property][dns-order-config].
+
+[Back to TOC](#table-of-contents)
+
+### DNS caveats
+
+- Whenever the DNS record is refreshed a list is generated to handle the
+weighting properly. Try to keep the weights as multiples of each other to keep
+the algorithm performant, e.g., 2 weights of 17 and 31 would result in a structure
+with 527 entries, whereas weights 16 and 32 (or their smallest relative
+counterparts 1 and 2) would result in a structure with merely 3 entries,
+especially with a very small (or even 0) `ttl` value.
+
+- Some nameservers do not return all entries (due to UDP packet size) in those
+cases (for example Consul returns a maximum of 3) a given Kong node will only
+use the few upstream service instances provided by the nameserver. In this
+scenario, it is possible that the pool of upstream instances will be loaded
+inconsistently, because the Kong node is effectively unaware of some of the
+instances, due to the limited information provided by the nameserver.
+To mitigate this use a different nameserver, use IP
+addresses instead of names, or make sure you use enough Kong nodes to still
+have all upstream services being used.
+
+- When the nameserver returns a `3 name error`, then that is a valid response
+for Kong. If this is unexpected, first validate the correct name is being
+queried for, and second check your nameserver configuration.
+
+- The initial pick of an IP address from a DNS record (A or SRV) is not
+randomized. So when using records with a `ttl` of 0, the nameserver is
+expected to randomize the record entries.
+
+[Back to TOC](#table-of-contents)
+
+## Ring-balancer
+
+When using the ring-balancer, the adding and removing of backend services will
+be handled by Kong, and no DNS updates will be necessary. Kong will act as the
+service registry. Nodes can be added/deleted with a single HTTP request and
+will instantly start/stop receiving traffic.
+
+Configuring the ring-balancer is done through the `upstream` and `target`
+entities.
+
+  - `target`: an IP address or hostname with a port number where a backend
+    service resides, eg. "192.168.100.12:80". Each target gets an additional
+    `weight` to indicate the relative load it gets. IP addresses can be
+    in both IPv4 and IPv6 format.
+  - `upstream`: a 'virtual hostname' which can be used in a Route `host`
+    field, e.g., an upstream named `weather.v2.service` would get all requests
+    from a Service with `host=weather.v2.service`.
+
+[Back to TOC](#table-of-contents)
+
+### Upstream
+
+Each upstream gets its own ring-balancer. Each `upstream` can have many
+`target` entries attached to it, and requests proxied to the 'virtual hostname'
+will be load balanced over the targets. A ring-balancer has a pre-defined
+number of slots, and based on the target weights the slots get assigned to the
+targets of the upstream.
+
+Adding and removing targets can be done with a simple HTTP request on the
+Admin API. This operation is relatively cheap. Changing the upstream
+itself is more expensive as the balancer will need to be rebuilt when the
+number of slots change for example.
+
+The only occurrence where the balancer will be rebuilt automatically is when
+the target history is cleaned; other than that, it will only rebuild upon changes.
+
+Within the balancer there are the positions (from 1 to `slots`),
+which are __randomly distributed__ on the ring.
+The randomness is required to make invoking the ring-balancer cheap at
+runtime. A simple round-robin over the wheel (the positions) will do to
+provide a well distributed weighted round-robin over the `targets`, whilst
+also having cheap operations when inserting/deleting targets.
+
+The number of slots to use per target should (at least) be around 100 to make
+sure the slots are properly distributed. Eg. for an expected maximum of 8
+targets, the `upstream` should be defined with at least `slots=800`, even if
+the initial setup only features 2 targets.
+
+The tradeoff here is that the higher the number of slots, the better the random
+distribution, but the more expensive the changes are (add/removing targets)
+
+Detailed information on adding and manipulating
+upstreams is available in the `upstream` section of the
+[Admin API reference][upstream-object-reference].
+
+[Back to TOC](#table-of-contents)
+
+### Target
+
+Because the `upstream` maintains a history of changes, targets can only be
+added, not modified nor deleted. To change a target, just add a new entry for
+the target, and change the `weight` value. The last entry is the one that will
+be used. As such setting `weight=0` will disable a target, effectively
+deleting it from the balancer. Detailed information on adding and manipulating
+targets is available in the `target` section of the
+[Admin API reference][target-object-reference].
+
+The targets will be automatically cleaned when there are 10x more inactive
+entries than active ones. Cleaning will involve rebuilding the balancer, and
+hence is more expensive than just adding a target entry.
+
+A `target` can also have a hostname instead of an IP address. In that case
+the name will be resolved and all entries found will individually be added to
+the ring balancer, e.g., adding `api.host.com:123` with `weight=100`. The
+name 'api.host.com' resolves to an A record with 2 IP addresses. Then both
+ip addresses will be added as target, each getting `weight=100` and port 123.
+__NOTE__: the weight is used for the individual entries, not for the whole!
+
+Would it resolve to an SRV record, then also the `port` and `weight` fields
+from the DNS record would be picked up, and would overrule the given port `123`
+and `weight=100`.
+
+The balancer will honor the DNS record's `ttl` setting and requery and update
+the balancer when it expires.
+
+__Exception__: When a DNS record has `ttl=0`, the hostname will be added
+as a single target, with the specified weight. Upon every proxied request
+to this target it will query the nameserver again.
+
+[Back to TOC](#table-of-contents)
+
+### Balancing algorithms
+
+By default a ring-balancer will use a weighted-round-robin scheme. The alternative
+would be to use the hash-based algorithm. The input for the hash can be either
+`none`, `consumer`, `ip`, `header`, or `cookie`. When set to `none` the
+weighted-round-robin scheme will be used, and hashing will be disabled.
+
+There are two options, a primary and a fallback in case the primary fails
+(e.g., if the primary is set to `consumer`, but no consumer is authenticated)
+
+The different hashing options:
+
+- `none`: Do not use hashing, but use weighted-round-robin instead (default).
+
+- `consumer`: Use the consumer id as the hash input. This option will fallback
+  on the credential id if no consumer id is available (in case of external auth
+  like ldap).
+
+- `ip`: The remote (originating) IP address will be used as input. Review the
+  configuration settings for [determining the real IP][real-ip-config] when
+  using this.
+
+- `header`: Use a specified header (in either `hash_on_header` or `hash_fallback_header`
+  field) as input for the hash.
+
+- `cookie`: Use a specified cookie name (in the `hash_on_cookie` field) with a
+  specified path (in the `hash_on_cookie_path` field, default `"/"`) as input for
+  the hash. If the cookie is not present in the request, it will be set by the
+  response. Hence, the `hash_fallback` setting is invalid if `cookie` is the primary
+  hashing mechanism.
+
+The hashing algorithm is based on 'consistent-hashing' (or the 'ketama principle')
+which makes sure that when the balancer gets modified by changing the targets
+(adding, removing, failing, or changing weights) only the minimum number of
+hashing losses occur. This will maximize upstream cache hits.
+
+For more information on the exact settings see the `upstream` section of the
+[Admin API reference][upstream-object-reference].
+
+[Back to TOC](#table-of-contents)
+
+### Balancing caveats
+
+The ring-balancer is designed to work both with a single node as well as in a cluster.
+For the weighted-round-robin algorithm there isn't much difference, but when using
+the hash based algorithm it is important that all nodes build the exact same
+ring-balancer to make sure they all work identical. To do this the balancer
+must be build in a deterministic way.
+
+- Do not use hostnames in the balancer as the
+balancers might/will slowly diverge because the DNS ttl has only second precision
+and renewal is determined by when a name is actually requested. On top of this is
+the issue with some nameservers not returning all entries, which exacerbates
+this problem. So when using the hashing approach in a Kong cluster, add `target`
+entities only by their IP address, and never by name.
+
+- When picking your hash input make sure the input has enough variance to get
+to a well distributed hash. Hashes will be calculated using the CRC-32 digest.
+So for example, if your system has thousands of users, but only a few consumers, defined
+per platform (eg. 3 consumers: Web, iOS and Android) then picking the `consumer`
+hash input will not suffice, using the remote IP address by setting the hash to
+`ip` would provide more variance in the input and hence a better distribution
+in the hash output. However, if many clients will be behind the same NAT gateway (e.g. in
+call center), `cookie` will provide a better distribution than `ip`.
+
+[Back to TOC](#table-of-contents)
+
+# Blue-Green Deployments
+
+Using the ring-balancer a [blue-green deployment][blue-green-canary] can be easily orchestrated for
+a Service. Switching target infrastructure only requires a `PATCH` request on a
+Service, to change its `host` value.
+
+Set up the "Blue" environment, running version 1 of the address service:
+
+```bash
+# create an upstream
+$ curl -X POST http://kong:8001/upstreams \
+    --data "name=address.v1.service"
+
+# add two targets to the upstream
+$ curl -X POST http://kong:8001/upstreams/address.v1.service/targets \
+    --data "target=192.168.34.15:80"
+    --data "weight=100"
+$ curl -X POST http://kong:8001/upstreams/address.v1.service/targets \
+    --data "target=192.168.34.16:80"
+    --data "weight=50"
+
+# create a Service targeting the Blue upstream
+$ curl -X POST http://kong:8001/services/ \
+    --data "name=address-service" \
+    --data "host=address.v1.service" \
+    --data "path=/address"
+
+# finally, add a Route as an entry-point into the Service
+$ curl -X POST http://kong:8001/services/address-service/routes/ \
+    --data "hosts[]=address.mydomain.com"
+```
+
+Requests with host header set to `address.mydomain.com` will now be proxied
+by Kong to the two defined targets; 2/3 of the requests will go to
+`http://192.168.34.15:80/address` (`weight=100`), and 1/3 will go to
+`http://192.168.34.16:80/address` (`weight=50`).
+
+Before deploying version 2 of the address service, set up the "Green"
+environment:
+
+```bash
+# create a new Green upstream for address service v2
+$ curl -X POST http://kong:8001/upstreams \
+    --data "name=address.v2.service"
+
+# add targets to the upstream
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.17:80"
+    --data "weight=100"
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.18:80"
+    --data "weight=100"
+```
+
+To activate the Blue/Green switch, we now only need to update the Service:
+
+```bash
+# Switch the Service from Blue to Green upstream, v1 -> v2
+$ curl -X PATCH http://kong:8001/services/address-service \
+    --data "host=address.v2.service"
+```
+
+Incoming requests with host header set to `address.mydomain.com` will now be
+proxied by Kong to the new targets; 1/2 of the requests will go to
+`http://192.168.34.17:80/address` (`weight=100`), and the other 1/2 will go to
+`http://192.168.34.18:80/address` (`weight=100`).
+
+As always, the changes through the Kong Admin API are dynamic and will take
+effect immediately. No reload or restart is required, and no in progress
+requests will be dropped.
+
+[Back to TOC](#table-of-contents)
+
+# Canary Releases
+
+Using the ring-balancer, target weights can be adjusted granularly, allowing
+for a smooth, controlled [canary release][blue-green-canary].
+
+Using a very simple 2 target example:
+
+```bash
+# first target at 1000
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.17:80"
+    --data "weight=1000"
+
+# second target at 0
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.18:80"
+    --data "weight=0"
+```
+
+By repeating the requests, but altering the weights each time, traffic will
+slowly be routed towards the other target. For example, set it at 10%:
+
+```bash
+# first target at 900
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.17:80"
+    --data "weight=900"
+
+# second target at 100
+$ curl -X POST http://kong:8001/upstreams/address.v2.service/targets \
+    --data "target=192.168.34.18:80"
+    --data "weight=100"
+```
+
+The changes through the Kong Admin API are dynamic and will take
+effect immediately. No reload or restart is required, and no in progress
+requests will be dropped.
+
+[Back to TOC](#table-of-contents)
+
+[upstream-object-reference]: /enterprise/{{page.kong_version}}/admin-api#upstream-object
+[target-object-reference]: /enterprise/{{page.kong_version}}/admin-api#target-object
+[dns-order-config]: /enterprise/{{page.kong_version}}/property-reference/#dns_order
+[real-ip-config]: /enterprise/{{page.kong_version}}/property-reference/#real_ip_header
+[blue-green-canary]: http://blog.christianposta.com/deploy/blue-green-deployments-a-b-testing-and-canary-releases/
diff --git a/app/enterprise/0.36-x/logging.md b/app/enterprise/0.36-x/logging.md
new file mode 100644
index 000000000000..8b35b3f48477
--- /dev/null
+++ b/app/enterprise/0.36-x/logging.md
@@ -0,0 +1,151 @@
+---
+title: Logging Reference
+toc: false
+---
+
+## Removing Certain Elements From Your Kong Logs
+
+With new regulations surrounding protecting private data like GDPR, there is a chance you may need to change your logging habits. If you use Kong as your API Gateway, this can be done in a single location to take effect on all of your APIs. This guide will walk you through one approach to accomplishing this, but there are always different approaches for different needs. Please note, these changes will effect the output of the NGINX access logs. This will not have any effect on Kong's logging plugins.
+
+For this example, let’s say you want to remove any instances of an email address from your kong logs. The emails addresses may come through in different ways, for example something like `/apiname/v2/verify/alice@example.com` or `/v3/verify?alice@example.com`. In order to keep these from being added to the logs, we will need to use a custom NGINX template.
+
+## Log Levels
+
+Log levels are set in [Kong's configuration](/enterprise/{{page.kong_version}}/property-reference/#log_level). Following are the log levels in increasing order of their severity, `debug`, `info`,
+`notice`, `warn`, `error` and `crit`.
+
+- *`debug`:* It provides debug information about the plugin's runloop and each individual plugin or other components. Only to be used during debugging since it is too chatty.
+- *`info`/`notice`:* Kong does not make a big difference between both these levels. Provides information about normal behavior most of which can be ignored.
+- *`warn`:* To log any abnormal behavior that doesn't result in dropped transactions but requires further investigation, `warn` level should be used.
+- *`error`:* Used for logging errors that result in a request being dropped (for example getting  an HTTP 500 error). The rate of such logs need to be monitored.
+- *`crit`:* This level is used when Kong is working under critical conditions and not working properly thereby affecting several clients. Nginx also provides `alert` and `emerg` levels but currently Kong doesn't make use of these levels making `crit` the highest severity log level.
+
+By default `notice` is the log level that used and also recommended. However if the logs turn out to be too chatty they can be bumped up to a higher level like `warn`.
+
+## Removing Certain Elements From Your Kong Logs
+
+With new regulations surrounding protecting private data like GDPR, there is a chance you may need to change your logging habits. If you use Kong as your API Gateway, this can be done in a single location to take effect on all of your Services. This guide will walk you through one approach to accomplishing this, but there are always different approaches for different needs. Please note, these changes will effect the output of the NGINX access logs. This will not have any effect on Kong's logging plugins.
+
+For this example, let’s say you want to remove any instances of an email address from your kong logs. The emails addresses may come through in different ways, for example something like `/servicename/v2/verify/alice@example.com` or `/v3/verify?alice@example.com`. In order to keep these from being added to the logs, we will need to use a custom NGINX template.
+
+To start using a custom NGINX template, first get a copy of our template. This can be found [https://docs.konghq.com/latest/configuration/#custom-nginx-templates-embedding-kong](https://docs.konghq.com/latest/configuration/#custom-nginx-templates-embedding-kong) or copied from below
+
+```
+# ---------------------
+# custom_nginx.template
+# ---------------------
+
+worker_processes ${{NGINX_WORKER_PROCESSES}}; # can be set by kong.conf
+daemon ${{NGINX_DAEMON}};                     # can be set by kong.conf
+
+pid pids/nginx.pid;                      # this setting is mandatory
+error_log logs/error.log ${{LOG_LEVEL}}; # can be set by kong.conf
+
+events {
+    use epoll; # custom setting
+    multi_accept on;
+}
+
+http {
+    # include default Kong Nginx config
+    include 'nginx-kong.conf';
+
+    # custom server
+    server {
+        listen 8888;
+        server_name custom_server;
+
+        location / {
+          ... # etc
+        }
+    }
+}
+```
+
+In order to control what is placed in the logs, we will be using the NGINX map module in our template. For more detailed information abut using the map directive, please see [this guide](http://nginx.org/en/docs/http/ngx_http_map_module.html). This will create a new variable whose value depends on values of one or more of the source variables specified in the first parameter. The format is:
+
+```
+
+map $paramater_to_look_at $variable_name {
+    pattern_to_look_for 0;
+    second_pattern_to_look_for 0;
+
+    default 1;
+}
+```
+
+For this example, we will be mapping a new variable called `keeplog` which is dependent on certain values appearing in the `$request_uri`. We will be placing our map directive right at the start of the http block, this must be before `include 'nginx-kong.conf';`. So, for our example, we will add something along the lines of:
+
+```
+map $request_uri $keeplog {
+    ~.+\@.+\..+ 0;
+    ~/servicename/v2/verify 0;
+    ~/v3/verify 0;
+
+    default 1;
+}
+```
+
+You’ll probably notice that each of those lines start with a tilde. This is what tells NGINX to use RegEx when evaluating the line. We have three things to look for in this example:
+- The first line uses regex to look for any email address in the x@y.z format
+- The second line looks for any part of the URI which is /servicename/v2/verify
+- The third line looks at any part of the URI which contains /v3/verify
+
+Because all of those have a value of something other than 0, if a request has one of those elements, it will not be added to the log.
+
+Now, we need to set the log format for what we will keep in the logs. We will use the `log_format` module and assign our new logs a name of show_everything. The contents of the log can be customized for you needs, but for this example, I will simply change everything back to the Kong standards. To see the full list of options you can use, please refer to [this guide](https://nginx.org/en/docs/http/ngx_http_core_module.html#variables).
+
+```
+log_format show_everything '$remote_addr - $remote_user [$time_local] '
+    '$request_uri $status $body_bytes_sent '
+    '"$http_referer" "$http_user_agent"';
+```
+
+Now, our custom NGINX template is all ready to be used. If you have been following along, your file should now be look like this:
+
+```
+# ---------------------
+# custom_nginx.template
+# ---------------------
+
+worker_processes ${{NGINX_WORKER_PROCESSES}}; # can be set by kong.conf
+daemon ${{NGINX_DAEMON}};                     # can be set by kong.conf
+
+pid pids/nginx.pid;                      # this setting is mandatory
+error_log stderr ${{LOG_LEVEL}}; # can be set by kong.conf
+
+
+
+events {
+    use epoll; # custom setting
+    multi_accept on;
+}
+
+http {
+
+
+    map $request_uri $keeplog {
+        ~.+\@.+\..+ 0;
+        ~/v1/invitation/ 0;
+        ~/reset/v1/customer/password/token 0;
+        ~/v2/verify 0;
+
+        default 1;
+    }
+    log_format show_everything '$remote_addr - $remote_user [$time_local] '
+        '$request_uri $status $body_bytes_sent '
+        '"$http_referer" "$http_user_agent"';
+
+    include 'nginx-kong.conf';
+}
+```
+
+The last thing we need to do is tell Kong to use the newly created log, `show_everything`. To do this, we will be altering the Kong variable `prpxy_access_log`. Either by opening and editing `etc/kong/kong.conf` or by using an environmental variable `KONG_PROXY_ACCESS_LOG=` you will want to mend the default location to show
+
+```
+proxy_access_log=logs/access.log show_everything if=$keeplog
+```
+
+The final step in the process to make all the changes take effect is to restart kong. you can use the `kong restart` command to do so.
+
+Now, any requests made with an email address in it will no longer be logged. Of course, we can use this logic to remove anything we want from the logs on a conditional manner.
diff --git a/app/enterprise/0.36-x/network.md b/app/enterprise/0.36-x/network.md
new file mode 100644
index 000000000000..5266093c8ebb
--- /dev/null
+++ b/app/enterprise/0.36-x/network.md
@@ -0,0 +1,70 @@
+---
+title: Network & Firewall
+---
+
+## Introduction
+
+In this section you will find a summary about the recommended network and firewall settings for Kong.
+
+## Ports
+
+Kong uses multiple connections for different purposes.
+
+* proxy
+* admin api
+
+### Proxy
+
+The proxy ports is where Kong receives its incoming traffic. There are two ports with the following defaults:
+
+* `8000` for proxying HTTP traffic, and
+* `8443` for proxying HTTPS traffic
+
+See [proxy_listen] for more details on HTTP/HTTPS proxy listen options. For production environment it is common
+to change HTTP and HTTPS listen ports to `80` and `443`.
+
+Kong can also proxy TCP/TLS streams. The stream proxying is disabled by default. See [stream_listen] for
+additional details on stream proxy listen options, and how to enable it (if you plan to proxy anything other than
+HTTP/HTTPS traffic).
+
+In general the proxy ports are the **only ports** that should be made available to your clients.
+
+### Admin API
+
+This is the port where Kong exposes its management API. Hence in production this port should be firewalled to protect
+it from unauthorized access.
+
+* `8001` provides Kong's **Admin API** that you can use to operate Kong with HTTP. See [admin_listen].
+* `8444` provides the same Kong **Admin API** but using HTTPS. See [admin_listen] and the `ssl` suffix.
+
+## Firewall
+
+Below are the recommended firewall settings:
+
+* The upstream Services behind Kong will be available via the [proxy_listen] interface/port values.
+  Configure these values according to the access level you wish to grant to the upstream Services.
+* If you are binding the Admin API to a public-facing interface (via [admin_listen]), then **protect** it to only
+  allow trusted clients to access the Admin API. See also [Securing the Admin API][secure_admin_api].
+* Your proxy will need have rules added for any HTTP/HTTPS and TCP/TLS stream listeners that you configure.
+  For example, if you want Kong to manage traffic on port `4242`, your firewall will need to allow traffic
+  on said port.
+
+#### Transparent Proxying
+
+It is worth mentioning that the `transparent` listen option may be applied to [proxy_listen]
+and [stream_listen] configuration. With packet filtering such as `iptables` (Linux) or `pf` (macOS/BSDs)
+or with hardware routers/switches, you can specify pre-routing or redirection rules for TCP packets that
+allow you to mangle the original destination address and port. For example a HTTP request with a destination
+address of `10.0.0.1`, and a destination port of `80` can be redirected to `127.0.0.1` at port `8000`.
+To make this work, you need (with Linux) to add the `transparent` listen option to Kong proxy,
+`proxy_listen=8000 transparent`. This allows Kong to see the original destination for the request
+(`10.0.0.1:80`) even when Kong didn't actually listen to it directly. With this information,
+Kong can route the request correctly. The `transparent` listen option should only be used with Linux.
+macOS/BSDs allow transparent proxying without `transparent` listen option. With Linux you may also need
+to start Kong as a `root` user or set the needed capabilities for the executable.
+
+
+[proxy_listen]: /enterprise/{{page.kong_version}}/property-reference/#proxy_listen
+[stream_listen]: /enterprise/{{page.kong_version}}/property-reference/#stream_listen
+[admin_listen]: /enterprise/{{page.kong_version}}/property-reference/#admin_listen
+[secure_admin_api]: /enterprise/{{page.kong_version}}/secure-admin-api
diff --git a/app/enterprise/0.36-x/oasconfig.md b/app/enterprise/0.36-x/oasconfig.md
new file mode 100644
index 000000000000..3999c89ad0b6
--- /dev/null
+++ b/app/enterprise/0.36-x/oasconfig.md
@@ -0,0 +1,353 @@
+---
+title: OpenAPI Spec to Kong Entities 
+---
+
+## Introduction
+
+This Admin API endpoint allows you to read an OpenAPI Spec into Kong to create the appropriate Services and Routes in an automated way. For now, the functionality is in the early stages and is limited to creating Services and Routes in Kong. This endpoint is useful for testing or quick-start scenarios. In future releases, it may be expanded. 
+
+### Create Routes & Services using OAS
+**Endpoint**
+
+<div class="endpoint post">/oas-config</div>
+
+| Attribute   | Description |
+|-------------|---------------------------|
+| `spec` | JSON Body containing a stringified / escaped OAS Specification to generate Kong Routes & Services.|
+
+
+**Response**
+	
+Returns the Routes & Services generated by the given OAS file as JSON.
+```
+HTTP 201 Created
+```
+
+```json
+{
+    "routes": [
+        {
+            "created_at": 1568224673,
+            "https_redirect_status_code": 426,
+            "id": "a33f22b8-e81f-44ec-b8a2-a8b117800115",
+            "methods": [
+                "POST"
+            ],
+            "paths": [
+                "/user"
+            ],
+            "preserve_host": false,
+            "protocols": [
+                "http"
+            ],
+            "regex_priority": 0,
+            "service": {
+                "id": "bc64c34e-5c83-49f5-9a8f-65714ceaea65"
+            },
+            "strip_path": false,
+            "updated_at": 1568224673
+        },
+        {
+            "created_at": 1568224673,
+            "https_redirect_status_code": 426,
+            "id": "554bb6d3-ce80-435f-8ad2-41cd7ebca5b6",
+            "methods": [
+                "GET"
+            ],
+            "paths": [
+                "/store/inventory"
+            ],
+            "preserve_host": false,
+            "protocols": [
+                "http"
+            ],
+            "regex_priority": 0,
+            "service": {
+                "id": "bc64c34e-5c83-49f5-9a8f-65714ceaea65"
+            },
+            "strip_path": false,
+            "updated_at": 1568224673
+        },
+        {
+            "created_at": 1568224673,
+            "https_redirect_status_code": 426,
+            "id": "2dea6287-d856-4369-8e1b-b55cbf09386b",
+            "methods": [
+                "POST",
+                "PUT"
+            ],
+            "paths": [
+                "/pet"
+            ],
+            "preserve_host": false,
+            "protocols": [
+                "http"
+            ],
+            "regex_priority": 0,
+            "service": {
+                "id": "bc64c34e-5c83-49f5-9a8f-65714ceaea65"
+            },
+            "strip_path": false,
+            "updated_at": 1568224673
+        }
+    ],
+    "services": [
+        {
+            "connect_timeout": 60000,
+            "created_at": 1568224673,
+            "host": "petstore.swagger.io",
+            "id": "bc64c34e-5c83-49f5-9a8f-65714ceaea65",
+            "name": "swagger-petstore-1",
+            "path": "/v2",
+            "port": 80,
+            "protocol": "http",
+            "read_timeout": 60000,
+            "retries": 5,
+            "updated_at": 1568224673,
+            "write_timeout": 60000
+        }
+    ]
+}
+```
+### Update Routes & Services using OAS
+**Endpoint**
+
+<div class="endpoint patch">/oas-config</div>
+
+| Attribute   | Description |
+|-------------|---------------------------|
+| `spec` | JSON Body containing a stringified / escaped OAS Specification to generate Kong Routes & Services |
+| `recreate_routes` | `true` to update Service routes|
+
+
+**Response**
+
+Return Updated Routes & Services
+```
+HTTP 201 Created
+```
+```json
+}
+    "services": [
+        {
+            "connect_timeout": 60000,
+            "created_at": 1568224673,
+            "host": "petstore.swagger.io",
+            "id": "bc64c34e-5c83-49f5-9a8f-65714ceaea65",
+            "name": "swagger-petstore-1",
+            "path": "/v1",
+            "port": 80,
+            "protocol": "http",
+            "read_timeout": 60000,
+            "retries": 5,
+            "updated_at": 1568227806,
+            "write_timeout": 60000
+        }
+    ]
+}
+```
+
+## Example of how to use the OAS Config Endpoint
+
+1. Define your OAS File for the services and routes you wish to create. Please validate your OAS file prior to submitting. The below is an abbreviated version of the sample Petstore specification (https://petstore.swagger.io)[https://petstore.swagger.io].
+```json
+{
+    "swagger": "2.0",
+    "info": {
+      "description": "This is a sample server Petstore server.  You can find out more about Swagger at [http://swagger.io](http://swagger.io) or on [irc.freenode.net, #swagger](http://swagger.io/irc/).  For this sample, you can use the api key `special-key` to test the authorization filters.",
+      "version": "1.0.0",
+      "title": "Swagger Petstore",
+      "termsOfService": "http://swagger.io/terms/",
+      "contact": {
+        "email": "apiteam@swagger.io"
+      },
+      "license": {
+        "name": "Apache 2.0",
+        "url": "http://www.apache.org/licenses/LICENSE-2.0.html"
+      }
+    },
+    "host": "petstore.swagger.io",
+    "basePath": "/v2",
+    "tags": [
+      {
+        "name": "pet",
+        "description": "Everything about your Pets",
+        "externalDocs": {
+          "description": "Find out more",
+          "url": "http://swagger.io"
+        }
+      },
+      {
+        "name": "store",
+        "description": "Access to Petstore orders"
+      },
+      {
+        "name": "user",
+        "description": "Operations about user",
+        "externalDocs": {
+          "description": "Find out more about our store",
+          "url": "http://swagger.io"
+        }
+      }
+    ],
+    "schemes": [
+      "http"
+    ],
+    "paths": {
+      "/pet": {
+        "post": {
+          "tags": [
+            "pet"
+          ],
+          "summary": "Add a new pet to the store",
+          "description": "",
+          "operationId": "addPet",
+          "consumes": [
+            "application/json",
+            "application/xml"
+          ],
+          "produces": [
+            "application/xml",
+            "application/json"
+          ],
+          "parameters": [
+            {
+              "in": "body",
+              "name": "body",
+              "description": "Pet object that needs to be added to the store",
+              "required": true,
+              "schema": {
+                "$ref": "#/definitions/Pet"
+              }
+            }
+          ],
+          "responses": {
+            "405": {
+              "description": "Invalid input"
+            }
+          },
+          "security": [
+            {
+              "petstore_auth": [
+                "write:pets",
+                "read:pets"
+              ]
+            }
+          ]
+        },
+        "put": {
+          "tags": [
+            "pet"
+          ],
+          "summary": "Update an existing pet",
+          "description": "",
+          "operationId": "updatePet",
+          "consumes": [
+            "application/json",
+            "application/xml"
+          ],
+          "produces": [
+            "application/xml",
+            "application/json"
+          ],
+          "parameters": [
+            {
+              "in": "body",
+              "name": "body",
+              "description": "Pet object that needs to be added to the store",
+              "required": true,
+              "schema": {
+                "$ref": "#/definitions/Pet"
+              }
+            }
+          ],
+          "responses": {
+            "400": {
+              "description": "Invalid ID supplied"
+            },
+            "404": {
+              "description": "Pet not found"
+            },
+            "405": {
+              "description": "Validation exception"
+            }
+          },
+          "security": [
+            {
+              "petstore_auth": [
+                "write:pets",
+                "read:pets"
+              ]
+            }
+          ]
+        }
+      },
+      "/store/inventory": {
+        "get": {
+          "tags": [
+            "store"
+          ],
+          "summary": "Returns pet inventories by status",
+          "description": "Returns a map of status codes to quantities",
+          "operationId": "getInventory",
+          "produces": [
+            "application/json"
+          ],
+          "parameters": [],
+          "responses": {
+            "200": {
+              "description": "successful operation",
+              "schema": {
+                "type": "object",
+                "additionalProperties": {
+                  "type": "integer",
+                  "format": "int32"
+                }
+              }
+            }
+          },
+          "security": [
+            {
+              "api_key": []
+            }
+          ]
+        }
+      },
+      "/user": {
+        "post": {
+          "tags": [
+            "user"
+          ],
+          "summary": "Create user",
+          "description": "This can only be done by the logged in user.",
+          "operationId": "createUser",
+          "produces": [
+            "application/xml",
+            "application/json"
+          ],
+          "parameters": [
+            {
+              "in": "body",
+              "name": "body",
+              "description": "Created user object",
+              "required": true,
+              "schema": {
+                "$ref": "#/definitions/User"
+              }
+            }
+          ],
+          "responses": {
+            "default": {
+              "description": "successful operation"
+            }
+          }
+        }
+      }
+    }
+  }
+```
+
+2. Use the OAS config endpoint to create the Kong Routes and Services based on the above file.
+```
+http POST http://kong:8001/oas-config spec=@petstore.json
+```
diff --git a/app/enterprise/0.36-x/pdk/index.md b/app/enterprise/0.36-x/pdk/index.md
new file mode 100644
index 000000000000..2f951970b6c4
--- /dev/null
+++ b/app/enterprise/0.36-x/pdk/index.md
@@ -0,0 +1,176 @@
+---
+title: PDK
+pdk: true
+toc: true
+---
+
+## Plugin Development Kit
+
+The Plugin Development Kit (or "PDK") is set of Lua functions and variables
+ that can be used by plugins to implement their own logic.  The PDK is a
+ [Semantically Versioned](https://semver.org/) component, originally
+ released in Kong 0.14.0. The PDK will be guaranteed to be forward-compatible
+ from its 1.0.0 release and on.
+
+ As of this release, the PDK has not yet reached 1.0.0, but plugin authors
+ can already depend on it for a safe and reliable way of interacting with the
+ request, response, or the core components.
+
+ The Plugin Development Kit is accessible from the `kong` global variable,
+ and various functionalities are namespaced under this table, such as
+ `kong.request`, `kong.log`, etc...
+
+
+
+
+### kong.version
+
+A human-readable string containing the version number of the currently
+ running node.
+
+**Usage**
+
+``` lua
+print(kong.version) -- "0.14.0"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.version_num
+
+An integral number representing the version number of the currently running
+ node, useful for comparison and feature-existence checks.
+
+**Usage**
+
+``` lua
+if kong.version_num < 13000 then -- 000.130.00 -> 0.13.0
+  -- no support for Routes & Services
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.pdk_major_version
+
+A number representing the major version of the current PDK (e.g.
+ `1`). Useful for feature-existence checks or backwards-compatible behavior
+ as users of the PDK.
+
+
+**Usage**
+
+``` lua
+if kong.pdk_version_num < 2 then
+  -- PDK is below version 2
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.pdk_version
+
+A human-readable string containing the version number of the current PDK.
+
+**Usage**
+
+``` lua
+print(kong.pdk_version) -- "1.0.0"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.configuration
+
+A read-only table containing the configuration of the current Kong node,
+ based on the configuration file and environment variables.
+
+ See [kong.conf.default](https://github.com/Kong/kong/blob/master/kong.conf.default)
+ for details.
+
+ Comma-separated lists in that file get promoted to arrays of strings in this
+ table.
+
+
+**Usage**
+
+``` lua
+print(kong.configuration.prefix) -- "/usr/local/kong"
+-- this table is read-only; the following throws an error:
+kong.configuration.prefix = "foo"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+
+
+### kong.db
+
+Instance of Kong's DAO (the `kong.db` module).  Contains accessor objects
+ to various entities.
+
+ A more thorough documentation of this DAO and new schema definitions is to
+ be made available in the future.
+
+
+**Usage**
+
+``` lua
+kong.db.services:insert()
+kong.db.routes:select()
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.dns
+
+Instance of Kong's DNS resolver, a client object from the
+ [lua-resty-dns-client](https://github.com/kong/lua-resty-dns-client) module.
+
+ **Note:** usage of this module is currently reserved to the core or to
+ advanced users.
+
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.worker_events
+
+Instance of Kong's IPC module for inter-workers communication from the
+ [lua-resty-worker-events](https://github.com/Kong/lua-resty-worker-events)
+ module.
+
+ **Note:** usage of this module is currently reserved to the core or to
+ advanced users.
+
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.cluster_events
+
+Instance of Kong's cluster events module for inter-nodes communication.
+
+ **Note:** usage of this module is currently reserved to the core or to
+ advanced users.
+
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.cache
+
+Instance of Kong's database caching object, from the `kong.cache` module.
+
+ **Note:** usage of this module is currently reserved to the core or to
+ advanced users.
+
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.36-x/pdk/kong.client.md b/app/enterprise/0.36-x/pdk/kong.client.md
new file mode 100644
index 000000000000..947beb0aedbd
--- /dev/null
+++ b/app/enterprise/0.36-x/pdk/kong.client.md
@@ -0,0 +1,286 @@
+---
+title: kong.client
+pdk: true
+toc: true
+---
+
+## kong.client
+
+Client information module
+ A set of functions to retrieve information about the client connecting to
+ Kong in the context of a given request.
+
+ See also:
+ [nginx.org/en/docs/http/ngx_http_realip_module.html](http://nginx.org/en/docs/http/ngx_http_realip_module.html)
+
+
+
+### kong.client.get_ip()
+
+Returns the remote address of the client making the request.  This will
+ **always** return the address of the client directly connecting to Kong.
+ That is, in cases when a load balancer is in front of Kong, this function
+ will return the load balancer's address, and **not** that of the
+ downstream client.
+
+
+**Phases**
+
+* certificate, rewrite, access, header_filter, body_filter, log
+
+**Returns**
+
+* `string` ip The remote address of the client making the request
+
+
+**Usage**
+
+``` lua
+-- Given a client with IP 127.0.0.1 making connection through
+-- a load balancer with IP 10.0.0.1 to Kong answering the request for
+-- https://example.com:1234/v1/movies
+kong.client.get_ip() -- "10.0.0.1"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.client.get_forwarded_ip()
+
+Returns the remote address of the client making the request.  Unlike
+ `kong.client.get_ip`, this function will consider forwarded addresses in
+ cases when a load balancer is in front of Kong. Whether this function
+ returns a forwarded address or not depends on several Kong configuration
+ parameters:
+
+ * [trusted\_ips](/enterprise/{{page.kong_version}}/property-reference/#trusted_ips)
+ * [real\_ip\_header](/enterprise/{{page.kong_version}}/property-reference/#real_ip_header)
+ * [real\_ip\_recursive](/enterprise/{{page.kong_version}}/property-reference/#real_ip_recursive)
+
+
+**Phases**
+
+* certificate, rewrite, access, header_filter, body_filter, log
+
+**Returns**
+
+* `string`  ip The remote address of the client making the request,
+ considering forwarded addresses
+
+
+
+**Usage**
+
+``` lua
+-- Given a client with IP 127.0.0.1 making connection through
+-- a load balancer with IP 10.0.0.1 to Kong answering the request for
+-- https://username:password@example.com:1234/v1/movies
+
+kong.request.get_forwarded_ip() -- "127.0.0.1"
+
+-- Note: assuming that 10.0.0.1 is one of the trusted IPs, and that
+-- the load balancer adds the right headers matching with the configuration
+-- of `real_ip_header`, e.g. `proxy_protocol`.
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.client.get_port()
+
+Returns the remote port of the client making the request.  This will
+ **always** return the port of the client directly connecting to Kong. That
+ is, in cases when a load balancer is in front of Kong, this function will
+ return load balancer's port, and **not** that of the downstream client.
+
+**Phases**
+
+* certificate, rewrite, access, header_filter, body_filter, log
+
+**Returns**
+
+* `number` The remote client port
+
+
+**Usage**
+
+``` lua
+-- [client]:40000 <-> 80:[balancer]:30000 <-> 80:[kong]:20000 <-> 80:[service]
+kong.client.get_port() -- 30000
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.client.get_forwarded_port()
+
+Returns the remote port of the client making the request.  Unlike
+ `kong.client.get_port`, this function will consider forwarded ports in cases
+ when a load balancer is in front of Kong. Whether this function returns a
+ forwarded port or not depends on several Kong configuration parameters:
+
+ * [trusted\_ips](/enterprise/{{page.kong_version}}/property-reference/#trusted_ips)
+ * [real\_ip\_header](/enterprise/{{page.kong_version}}/property-reference/#real_ip_header)
+ * [real\_ip\_recursive](/enterprise/{{page.kong_version}}/property-reference/#real_ip_recursive)
+
+**Phases**
+
+* certificate, rewrite, access, header_filter, body_filter, log
+
+**Returns**
+
+* `number` The remote client port, considering forwarded ports
+
+
+**Usage**
+
+``` lua
+-- [client]:40000 <-> 80:[balancer]:30000 <-> 80:[kong]:20000 <-> 80:[service]
+kong.client.get_forwarded_port() -- 40000
+
+-- Note: assuming that [balancer] is one of the trusted IPs, and that
+-- the load balancer adds the right headers matching with the configuration
+-- of `real_ip_header`, e.g. `proxy_protocol`.
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.client.get_credential()
+
+Returns the credentials of the currently authenticated consumer.
+ If not set yet, it returns `nil`.
+
+**Phases**
+
+* access, header_filter, body_filter, log
+
+**Returns**
+
+*  the authenticated credential
+
+
+**Usage**
+
+``` lua
+local credential = kong.client.get_credential()
+if credential then
+  consumer_id = credential.consumer_id
+else
+  -- request not authenticated yet
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.client.get_consumer()
+
+Returns the `consumer` entity of the currently authenticated consumer.
+ If not set yet, it returns `nil`.
+
+**Phases**
+
+* access, header_filter, body_filter, log
+
+**Returns**
+
+* `table` the authenticated consumer entity
+
+
+**Usage**
+
+``` lua
+local consumer = kong.client.get_consumer()
+if consumer then
+  consumer_id = consumer.id
+else
+  -- request not authenticated yet, or a credential
+  -- without a consumer (external auth)
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.client.authenticate(consumer, credential)
+
+Sets the authenticated consumer and/or credential for the current request.
+ While both `consumer` and `credential` can be `nil`, it is required
+ that at least one of them exists. Otherwise this function will throw an
+ error.
+
+**Phases**
+
+* access
+
+**Parameters**
+
+* **consumer** (table|nil):  The consumer to set. Note: if no
+ value is provided, then any existing value will be cleared!
+* **credential** (table|nil):  The credential to set. Note: if
+ no value is provided, then any existing value will be cleared!
+
+**Usage**
+
+``` lua
+-- assuming `credential` and `consumer` have been set by some authentication code
+kong.client.authenticate(consumer, credentials)
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.client.get_subsystem()
+
+Returns the Nginx subsystem used by the client.  It can be
+ "http" or "stream"
+
+
+**Phases**
+
+* access, header_filter, body_filter, log
+
+**Returns**
+
+* `string` a string with either `"http"` or `"stream"`
+
+
+**Usage**
+
+``` lua
+kong.client.get_subsystem() -- "http"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### _CLIENT.get_protocol(allow_terminated)
+
+Returns the protocol matched by the current route (`"http"`, `"https"`, `"tcp"` or
+ `"tls"`), or `nil`, if no route has been matched, which can happen when dealing with
+ erroneous requests.
+
+**Phases**
+
+* access, header_filter, body_filter, log
+
+**Parameters**
+
+* **allow_terminated** ([opt]):  boolean. If set, the `X-Forwarded-Proto` header will be checked when checking for https
+
+**Returns**
+
+1.  `string|nil` `"http"`, `"https"`, `"tcp"`, `"tls"` or `nil` in case of failure
+
+1.  `nil|err` an error message when a failure happens. `nil` otherwise
+
+
+**Usage**
+
+``` lua
+kong.client.get_protocol() -- "http"
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.36-x/pdk/kong.ctx.md b/app/enterprise/0.36-x/pdk/kong.ctx.md
new file mode 100644
index 000000000000..c44dc7e8a776
--- /dev/null
+++ b/app/enterprise/0.36-x/pdk/kong.ctx.md
@@ -0,0 +1,106 @@
+---
+title: kong.ctx
+pdk: true
+toc: true
+---
+
+## kong.ctx
+
+Current request context data
+
+
+
+### kong.ctx.shared
+
+A table that has the lifetime of the current request and is shared between
+ all plugins.  It can be used to share data between several plugins in a given
+ request.
+
+ Since only relevant in the context of a request, this table cannot be
+ accessed from the top-level chunk of Lua modules. Instead, it can only be
+ accessed in request phases, which are represented by the `rewrite`,
+ `access`, `header_filter`, `body_filter`, and `log` phases of the plugin
+ interfaces.  Accessing this table in those functions (and their callees) is
+ fine.
+
+ Values inserted in this table by a plugin will be visible by all other
+ plugins.  One must use caution when interacting with its values, as a naming
+ conflict could result in the overwrite of data.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log
+
+**Usage**
+
+``` lua
+-- Two plugins A and B, and if plugin A has a higher priority than B's
+-- (it executes before B):
+
+-- plugin A handler.lua
+function plugin_a_handler:access(conf)
+  kong.ctx.shared.foo = "hello world"
+
+  kong.ctx.shared.tab = {
+    bar = "baz"
+  }
+end
+
+-- plugin B handler.lua
+function plugin_b_handler:access(conf)
+  kong.log(kong.ctx.shared.foo) -- "hello world"
+  kong.log(kong.ctx.shared.tab.bar) -- "baz"
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.ctx.plugin
+
+A table that has the lifetime of the current request - Unlike
+ `kong.ctx.shared`, this table is **not** shared between plugins.   Instead,
+ it is only visible for the current plugin _instance_. That is, if several
+ instances of the rate-limiting plugin are configured (e.g. on different
+ Services), each instance has its own table, for every request.
+
+ Because of its namespaced nature, this table is safer for a plugin to use
+ than `kong.ctx.shared` since it avoids potential naming conflicts, which
+ could lead to several plugins unknowingly overwrite each other's data.
+
+ Since only relevant in the context of a request, this table cannot be
+ accessed from the top-level chunk of Lua modules. Instead, it can only be
+ accessed in request phases, which are represented by the `rewrite`,
+ `access`, `header_filter`, `body_filter`, and `log` phases of the plugin
+ interfaces.  Accessing this table in those functions (and their callees) is
+ fine.
+
+ Values inserted in this table by a plugin will be visible in successful
+ phases of this plugin's instance only. For example, if a plugin wants to
+ save some value for post-processing during the `log` phase:
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log
+
+**Usage**
+
+``` lua
+-- plugin handler.lua
+
+function plugin_handler:access(conf)
+  kong.ctx.plugin.val_1 = "hello"
+  kong.ctx.plugin.val_2 = "world"
+end
+
+function plugin_handler:log(conf)
+  local value = kong.ctx.plugin.val_1 .. " " .. kong.ctx.plugin.val_2
+
+  kong.log(value) -- "hello world"
+end
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.36-x/pdk/kong.ip.md b/app/enterprise/0.36-x/pdk/kong.ip.md
new file mode 100644
index 000000000000..86c74d21942e
--- /dev/null
+++ b/app/enterprise/0.36-x/pdk/kong.ip.md
@@ -0,0 +1,51 @@
+---
+title: kong.ip
+pdk: true
+toc: true
+---
+
+## kong.ip
+
+Trusted IPs module
+
+ This module can be used to determine whether or not a given IP address is
+ in the range of trusted IP addresses defined by the `trusted_ips` configuration
+ property.
+
+ Trusted IP addresses are those that are known to send correct replacement
+ addresses for clients (as per the chosen header field, e.g. X-Forwarded-*).
+
+ See [docs.konghq.com/latest/configuration/#trusted_ips](https://docs.konghq.com/latest/configuration/#trusted_ips)
+
+
+
+
+### kong.ip.is_trusted(address)
+
+Depending on the `trusted_ips` configuration property,
+ this function will return whether a given ip is trusted or not  Both ipv4 and ipv6 are supported.
+
+
+**Phases**
+
+* init_worker, certificate, rewrite, access, header_filter, body_filter, log
+
+**Parameters**
+
+* **address** (string):  A string representing an IP address
+
+**Returns**
+
+* `boolean` `true` if the IP is trusted, `false` otherwise
+
+
+**Usage**
+
+``` lua
+if kong.ip.is_trusted("1.1.1.1") then
+  kong.log("The IP is trusted")
+end
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.36-x/pdk/kong.log.md b/app/enterprise/0.36-x/pdk/kong.log.md
new file mode 100644
index 000000000000..1914b5d02f3c
--- /dev/null
+++ b/app/enterprise/0.36-x/pdk/kong.log.md
@@ -0,0 +1,261 @@
+---
+title: kong.log
+pdk: true
+toc: true
+---
+
+## kong.log
+
+This namespace contains an instance of a "logging facility", which is a
+ table containing all of the methods described below.
+
+ This instance is namespaced per plugin, and Kong will make sure that before
+ executing a plugin, it will swap this instance with a logging facility
+ dedicated to the plugin. This allows the logs to be prefixed with the
+ plugin's name for debugging purposes.
+
+
+
+
+### kong.log(...)
+
+Write a log line to the location specified by the current Nginx
+ configuration block's `error_log` directive, with the `notice` level (similar
+ to `print()`).
+
+ The Nginx `error_log` directive is set via the `log_level`, `proxy_error_log`
+ and `admin_error_log` Kong configuration properties.
+
+ Arguments given to this function will be concatenated similarly to
+ `ngx.log()`, and the log line will report the Lua file and line number from
+ which it was invoked. Unlike `ngx.log()`, this function will prefix error
+ messages with `[kong]` instead of `[lua]`.
+
+ Arguments given to this function can be of any type, but table arguments
+ will be converted to strings via `tostring` (thus potentially calling a
+ table's `__tostring` metamethod if set). This behavior differs from
+ `ngx.log()` (which only accepts table arguments if they define the
+ `__tostring` metamethod) with the intent to simplify its usage and be more
+ forgiving and intuitive.
+
+ Produced log lines have the following format when logging is invoked from
+ within the core:
+
+ ``` plain
+ [kong] %file_src:%line_src %message
+ ```
+
+ In comparison, log lines produced by plugins have the following format:
+
+ ``` plain
+ [kong] %file_src:%line_src [%namespace] %message
+ ```
+
+ Where:
+
+ * `%namespace`: is the configured namespace (the plugin name in this case).
+ * `%file_src`: is the file name from where the log was called from.
+ * `%line_src`: is the line number from where the log was called from.
+ * `%message`: is the message, made of concatenated arguments given by the caller.
+
+ For example, the following call:
+
+ ``` lua
+ kong.log("hello ", "world")
+ ```
+
+ would, within the core, produce a log line similar to:
+
+ ``` plain
+ 2017/07/09 19:36:25 [notice] 25932#0: *1 [kong] some_file.lua:54 hello world, client: 127.0.0.1, server: localhost, request: "GET /log HTTP/1.1", host: "localhost"
+ ```
+
+ If invoked from within a plugin (e.g. `key-auth`) it would include the
+ namespace prefix, like so:
+
+ ``` plain
+ 2017/07/09 19:36:25 [notice] 25932#0: *1 [kong] some_file.lua:54 [key-auth] hello world, client: 127.0.0.1, server: localhost, request: "GET /log HTTP/1.1", host: "localhost"
+ ```
+
+
+**Phases**
+
+* init_worker, certificate, rewrite, access, header_filter, body_filter, log
+
+**Parameters**
+
+* **...** :  all params will be concatenated and stringified before being sent to the log
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.log("hello ", "world") -- alias to kong.log.notice()
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.log.LEVEL(...)
+
+Similar to `kong.log()`, but the produced log will have the severity given by
+ `<level>`, instead of `notice`.  The supported levels are:
+
+ * `kong.log.alert()`
+ * `kong.log.crit()`
+ * `kong.log.err()`
+ * `kong.log.warn()`
+ * `kong.log.notice()`
+ * `kong.log.info()`
+ * `kong.log.debug()`
+
+ Logs have the same format as that of `kong.log()`. For
+ example, the following call:
+
+ ``` lua
+  kong.log.err("hello ", "world")
+ ```
+
+ would, within the core, produce a log line similar to:
+
+ ``` plain
+ 2017/07/09 19:36:25 [error] 25932#0: *1 [kong] some_file.lua:54 hello world, client: 127.0.0.1, server: localhost, request: "GET /log HTTP/1.1", host: "localhost"
+ ```
+
+ If invoked from within a plugin (e.g. `key-auth`) it would include the
+ namespace prefix, like so:
+
+ ``` plain
+ 2017/07/09 19:36:25 [error] 25932#0: *1 [kong] some_file.lua:54 [key-auth] hello world, client: 127.0.0.1, server: localhost, request: "GET /log HTTP/1.1", host: "localhost"
+ ```
+
+
+**Phases**
+
+* init_worker, certificate, rewrite, access, header_filter, body_filter, log
+
+**Parameters**
+
+* **...** :  all params will be concatenated and stringified before being sent to the log
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.log.warn("something require attention")
+kong.log.err("something failed: ", err)
+kong.log.alert("something requires immediate action")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.log.inspect(...)
+
+Like `kong.log()`, this function will produce a log with the `notice` level,
+ and accepts any number of arguments as well.  If inspect logging is disabled
+ via `kong.log.inspect.off()`, then this function prints nothing, and is
+ aliased to a "NOP" function in order to save CPU cycles.
+
+ ``` lua
+ kong.log.inspect("...")
+ ```
+
+ This function differs from `kong.log()` in the sense that arguments will be
+ concatenated with a space(`" "`), and each argument will be
+ "pretty-printed":
+
+ * numbers will printed (e.g. `5` -> `"5"`)
+ * strings will be quoted (e.g. `"hi"` -> `'"hi"'`)
+ * array-like tables will be rendered (e.g. `{1,2,3}` -> `"{1, 2, 3}"`)
+ * dictionary-like tables will be rendered on multiple lines
+
+ This function is intended for use with debugging purposes in mind, and usage
+ in production code paths should be avoided due to the expensive formatting
+ operations it can perform. Existing statements can be left in production code
+ but nopped by calling `kong.log.inspect.off()`.
+
+ When writing logs, `kong.log.inspect()` always uses its own format, defined
+ as:
+
+ ``` plain
+ %file_src:%func_name:%line_src %message
+ ```
+
+ Where:
+
+ * `%file_src`: is the file name from where the log was called from.
+ * `%func_name`: is the name of the function from where the log was called
+   from.
+ * `%line_src`: is the line number from where the log was called from.
+ * `%message`: is the message, made of concatenated, pretty-printed arguments
+   given by the caller.
+
+ This function uses the [inspect.lua](https://github.com/kikito/inspect.lua)
+ library to pretty-print its arguments.
+
+
+**Phases**
+
+* init_worker, certificate, rewrite, access, header_filter, body_filter, log
+
+**Parameters**
+
+* **...** :  Parameters will be concatenated with spaces between them and
+ rendered as described
+
+**Usage**
+
+``` lua
+kong.log.inspect("some value", a_variable)
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.log.inspect.on()
+
+Enables inspect logs for this logging facility.  Calls to
+ `kong.log.inspect` will be writing log lines with the appropriate
+ formatting of arguments.
+
+
+**Phases**
+
+* init_worker, certificate, rewrite, access, header_filter, body_filter, log
+
+**Usage**
+
+``` lua
+kong.log.inspect.on()
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.log.inspect.off()
+
+Disables inspect logs for this logging facility.  All calls to
+ `kong.log.inspect()` will be nopped.
+
+
+**Phases**
+
+* init_worker, certificate, rewrite, access, header_filter, body_filter, log
+
+**Usage**
+
+``` lua
+kong.log.inspect.off()
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.36-x/pdk/kong.node.md b/app/enterprise/0.36-x/pdk/kong.node.md
new file mode 100644
index 000000000000..b712a6340fd1
--- /dev/null
+++ b/app/enterprise/0.36-x/pdk/kong.node.md
@@ -0,0 +1,29 @@
+---
+title: kong.node
+pdk: true
+toc: true
+---
+
+## kong.node
+
+Node-level utilities
+
+
+
+### kong.node.get_id()
+
+Returns the id used by this node to describe itself.
+
+**Returns**
+
+* `string` The v4 UUID used by this node as its id
+
+
+**Usage**
+
+``` lua
+local id = kong.node.get_id()
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.36-x/pdk/kong.request.md b/app/enterprise/0.36-x/pdk/kong.request.md
new file mode 100644
index 000000000000..4f86f01fec99
--- /dev/null
+++ b/app/enterprise/0.36-x/pdk/kong.request.md
@@ -0,0 +1,599 @@
+---
+title: kong.request
+pdk: true
+toc: true
+---
+
+## kong.request
+
+Client request module
+ A set of functions to retrieve information about the incoming requests made
+ by clients.
+
+
+
+### kong.request.get_scheme()
+
+Returns the scheme component of the request's URL.  The returned value is
+ normalized to lower-case form.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` a string like `"http"` or `"https"`
+
+
+**Usage**
+
+``` lua
+-- Given a request to https://example.com:1234/v1/movies
+
+kong.request.get_scheme() -- "https"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_host()
+
+Returns the host component of the request's URL, or the value of the
+ "Host" header.  The returned value is normalized to lower-case form.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` the host
+
+
+**Usage**
+
+``` lua
+-- Given a request to https://example.com:1234/v1/movies
+
+kong.request.get_host() -- "example.com"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_port()
+
+Returns the port component of the request's URL.  The value is returned
+ as a Lua number.
+
+
+**Phases**
+
+* certificate, rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `number` the port
+
+
+**Usage**
+
+``` lua
+-- Given a request to https://example.com:1234/v1/movies
+
+kong.request.get_port() -- 1234
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_forwarded_scheme()
+
+Returns the scheme component of the request's URL, but also considers
+ `X-Forwarded-Proto` if it comes from a trusted source.  The returned
+ value is normalized to lower-case.
+
+ Whether this function considers `X-Forwarded-Proto` or not depends on
+ several Kong configuration parameters:
+
+ * [trusted\_ips](/enterprise/{{page.kong_version}}/property-reference/#trusted_ips)
+ * [real\_ip\_header](/enterprise/{{page.kong_version}}/property-reference/#real_ip_header)
+ * [real\_ip\_recursive](/enterprise/{{page.kong_version}}/property-reference/#real_ip_recursive)
+
+ **Note**: support for the Forwarded HTTP Extension (RFC 7239) is not
+ offered yet since it is not supported by ngx\_http\_realip\_module.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` the forwarded scheme
+
+
+**Usage**
+
+``` lua
+kong.request.get_forwarded_scheme() -- "https"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_forwarded_host()
+
+Returns the host component of the request's URL or the value of the "host"
+ header.  Unlike `kong.request.get_host()`, this function will also consider
+ `X-Forwarded-Host` if it comes from a trusted source. The returned value
+ is normalized to lower-case.
+
+ Whether this function considers `X-Forwarded-Proto` or not depends on
+ several Kong configuration parameters:
+
+ * [trusted\_ips](/enterprise/{{page.kong_version}}/property-reference/#trusted_ips)
+ * [real\_ip\_header](/enterprise/{{page.kong_version}}/property-reference/#real_ip_header)
+ * [real\_ip\_recursive](/enterprise/{{page.kong_version}}/property-reference/#real_ip_recursive)
+
+ **Note**: we do not currently offer support for Forwarded HTTP Extension
+ (RFC 7239) since it is not supported by ngx_http_realip_module.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` the forwarded host
+
+
+**Usage**
+
+``` lua
+kong.request.get_forwarded_host() -- "example.com"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_forwareded_port()
+
+Returns the port component of the request's URL, but also considers
+ `X-Forwarded-Host` if it comes from a trusted source.  The value
+ is returned as a Lua number.
+
+ Whether this function considers `X-Forwarded-Proto` or not depends on
+ several Kong configuration parameters:
+
+ * [trusted\_ips](/enterprise/{{page.kong_version}}/property-reference/#trusted_ips)
+ * [real\_ip\_header](/enterprise/{{page.kong_version}}/property-reference/#real_ip_header)
+ * [real\_ip\_recursive](/enterprise/{{page.kong_version}}/property-reference/#real_ip_recursive)
+
+ **Note**: we do not currently offer support for Forwarded HTTP Extension
+ (RFC 7239) since it is not supported by ngx_http_realip_module.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `number` the forwared port
+
+
+**Usage**
+
+``` lua
+kong.request.get_forwarded_port() -- 1234
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_http_version()
+
+Returns the HTTP version used by the client in the request as a Lua
+ number, returning values such as `1`, `1.1`, `2.0`, or `nil` for
+ unrecognized values.
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `number|nil` the http version
+
+
+**Usage**
+
+``` lua
+kong.request.get_http_version() -- 1.1
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_method()
+
+Returns the HTTP method of the request.  The value is normalized to
+ upper-case.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` the request method
+
+
+**Usage**
+
+``` lua
+kong.request.get_method() -- "GET"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_path()
+
+Returns the path component of the request's URL.  It is not normalized in
+ any way and does not include the querystring.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` the path
+
+
+**Usage**
+
+``` lua
+-- Given a request to https://example.com:1234/v1/movies?movie=foo
+
+kong.request.get_path() -- "/v1/movies"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_path_with_query()
+
+Returns the path, including the querystring if any.  No
+ transformations/normalizations are done.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` the path with the querystring
+
+
+**Usage**
+
+``` lua
+-- Given a request to https://example.com:1234/v1/movies?movie=foo
+
+kong.request.get_path_with_query() -- "/v1/movies?movie=foo"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_raw_query()
+
+Returns the query component of the request's URL.  It is not normalized in
+ any way (not even URL-decoding of special characters) and does not
+ include the leading `?` character.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+*  string the query component of the request's URL
+
+
+**Usage**
+
+``` lua
+-- Given a request to https://example.com/foo?msg=hello%20world&bla=&bar
+
+kong.request.get_raw_query() -- "msg=hello%20world&bla=&bar"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_query_arg()
+
+Returns the value of the specified argument, obtained from the query
+ arguments of the current request.
+
+ The returned value is either a `string`, a boolean `true` if an
+ argument was not given a value, or `nil` if no argument with `name` was
+ found.
+
+ If an argument with the same name is present multiple times in the
+ querystring, this function will return the value of the first occurrence.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string|boolean|nil` the value of the argument
+
+
+**Usage**
+
+``` lua
+-- Given a request GET /test?foo=hello%20world&bar=baz&zzz&blo=&bar=bla&bar
+
+kong.request.get_query_arg("foo") -- "hello world"
+kong.request.get_query_arg("bar") -- "baz"
+kong.request.get_query_arg("zzz") -- true
+kong.request.get_query_arg("blo") -- ""
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_query([max_args])
+
+Returns the table of query arguments obtained from the querystring.  Keys
+ are query argument names. Values are either a string with the argument
+ value, a boolean `true` if an argument was not given a value, or an array
+ if an argument was given in the query string multiple times. Keys and
+ values are unescaped according to URL-encoded escaping rules.
+
+ Note that a query string `?foo&bar` translates to two boolean `true`
+ arguments, and `?foo=&bar=` translates to two string arguments containing
+ empty strings.
+
+ By default, this function returns up to **100** arguments. The optional
+ `max_args` argument can be specified to customize this limit, but must be
+ greater than **1** and not greater than **1000**.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Parameters**
+
+* **max_args** (number, _optional_):  set a limit on the maximum number of parsed
+ arguments
+
+**Returns**
+
+* `table` A table representation of the query string
+
+
+**Usage**
+
+``` lua
+-- Given a request GET /test?foo=hello%20world&bar=baz&zzz&blo=&bar=bla&bar
+
+for k, v in pairs(kong.request.get_query()) do
+  kong.log.inspect(k, v)
+end
+
+-- Will print
+-- "foo" "hello world"
+-- "bar" {"baz", "bla", true}
+-- "zzz" true
+-- "blo" ""
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_header(name)
+
+Returns the value of the specified request header.
+
+ The returned value is either a `string`, or can be `nil` if a header with
+ `name` was not found in the request. If a header with the same name is
+ present multiple times in the request, this function will return the value
+ of the first occurrence of this header.
+
+ Header names in are case-insensitive and are normalized to lowercase, and
+ dashes (`-`) can be written as underscores (`_`); that is, the header
+ `X-Custom-Header` can also be retrieved as `x_custom_header`.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Parameters**
+
+* **name** (string):  the name of the header to be returned
+
+**Returns**
+
+* `string|nil` the value of the header or nil if not present
+
+
+**Usage**
+
+``` lua
+-- Given a request with the following headers:
+
+-- Host: foo.com
+-- X-Custom-Header: bla
+-- X-Another: foo bar
+-- X-Another: baz
+
+kong.request.get_header("Host")            -- "foo.com"
+kong.request.get_header("x-custom-header") -- "bla"
+kong.request.get_header("X-Another")       -- "foo bar"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_headers([max_headers])
+
+Returns a Lua table holding the request headers.  Keys are header names.
+ Values are either a string with the header value, or an array of strings
+ if a header was sent multiple times. Header names in this table are
+ case-insensitive and are normalized to lowercase, and dashes (`-`) can be
+ written as underscores (`_`); that is, the header `X-Custom-Header` can
+ also be retrieved as `x_custom_header`.
+
+ By default, this function returns up to **100** headers. The optional
+ `max_headers` argument can be specified to customize this limit, but must
+ be greater than **1** and not greater than **1000**.
+
+
+**Phases**
+
+* rewrite, access, header_filter, body_filter, log, admin_api
+
+**Parameters**
+
+* **max_headers** (number, _optional_):  set a limit on the maximum number of
+ parsed headers
+
+**Returns**
+
+* `table` the request headers in table form
+
+
+**Usage**
+
+``` lua
+-- Given a request with the following headers:
+
+-- Host: foo.com
+-- X-Custom-Header: bla
+-- X-Another: foo bar
+-- X-Another: baz
+local headers = kong.request.get_headers()
+
+headers.host            -- "foo.com"
+headers.x_custom_header -- "bla"
+headers.x_another[1]    -- "foo bar"
+headers["X-Another"][2] -- "baz"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_raw_body()
+
+Returns the plain request body.
+
+ If the body has no size (empty), this function returns an empty string.
+
+ If the size of the body is greater than the Nginx buffer size (set by
+ `client_body_buffer_size`), this function will fail and return an error
+ message explaining this limitation.
+
+
+**Phases**
+
+* rewrite, access, admin_api
+
+**Returns**
+
+* `string` the plain request body
+
+
+**Usage**
+
+``` lua
+-- Given a body with payload "Hello, Earth!":
+
+kong.request.get_raw_body():gsub("Earth", "Mars") -- "Hello, Mars!"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.request.get_body([mimetype[, max_args]])
+
+Returns the request data as a key/value table.
+ A high-level convenience function.
+ The body is parsed with the most appropriate format:
+
+ * If `mimetype` is specified:
+   * Decodes the body with the requested content type (if supported).
+ * If the request content type is `application/x-www-form-urlencoded`:
+   * Returns the body as form-encoded.
+ * If the request content type is `multipart/form-data`:
+   * Decodes the body as multipart form data
+     (same as `multipart(kong.request.get_raw_body(),
+     kong.request.get_header("Content-Type")):get_all()` ).
+ * If the request content type is `application/json`:
+   * Decodes the body as JSON
+     (same as `json.decode(kong.request.get_raw_body())`).
+   * JSON types are converted to matching Lua types.
+ * If none of the above, returns `nil` and an error message indicating the
+   body could not be parsed.
+
+ The optional argument `mimetype` can be one of the following strings:
+
+ * `application/x-www-form-urlencoded`
+ * `application/json`
+ * `multipart/form-data`
+
+ The optional argument `max_args` can be used to set a limit on the number
+ of form arguments parsed for `application/x-www-form-urlencoded` payloads.
+
+ The third return value is string containing the mimetype used to parsed
+ the body (as per the `mimetype` argument), allowing the caller to identify
+ what MIME type the body was parsed as.
+
+
+**Phases**
+
+* rewrite, access, admin_api
+
+**Parameters**
+
+* **mimetype** (string, _optional_):  the MIME type
+* **max_args** (number, _optional_):  set a limit on the maximum number of parsed
+ arguments
+
+**Returns**
+
+1.  `table|nil` a table representation of the body
+
+1.  `string|nil` an error message
+
+1.  `string|nil` mimetype the MIME type used
+
+
+**Usage**
+
+``` lua
+local body, err, mimetype = kong.request.get_body()
+body.name -- "John Doe"
+body.age  -- "42"
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.36-x/pdk/kong.response.md b/app/enterprise/0.36-x/pdk/kong.response.md
new file mode 100644
index 000000000000..34e0288186a0
--- /dev/null
+++ b/app/enterprise/0.36-x/pdk/kong.response.md
@@ -0,0 +1,469 @@
+---
+title: kong.response
+pdk: true
+toc: true
+---
+
+## kong.response
+
+Client response module
+
+ The downstream response module contains a set of functions for producing and
+ manipulating responses sent back to the client ("downstream").  Responses can
+ be produced by Kong (e.g. an authentication plugin rejecting a request), or
+ proxied back from an Service's response body.
+
+ Unlike `kong.service.response`, this module allows mutating the response
+ before sending it back to the client.
+
+
+
+
+### kong.response.get_status()
+
+Returns the HTTP status code currently set for the downstream response (as
+ a Lua number).
+
+ If the request was proxied (as per `kong.response.get_source()`), the
+ return value will be that of the response from the Service (identical to
+ `kong.service.response.get_status()`).
+
+ If the request was _not_ proxied, and the response was produced by Kong
+ itself (i.e. via `kong.response.exit()`), the return value will be
+ returned as-is.
+
+
+**Phases**
+
+* header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `number` status The HTTP status code currently set for the
+ downstream response
+
+
+**Usage**
+
+``` lua
+kong.response.get_status() -- 200
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.get_header(name)
+
+Returns the value of the specified response header, as would be seen by
+ the client once received.
+
+ The list of headers returned by this function can consist of both response
+ headers from the proxied Service _and_ headers added by Kong (e.g. via
+ `kong.response.add_header()`).
+
+ The return value is either a `string`, or can be `nil` if a header with
+ `name` was not found in the response. If a header with the same name is
+ present multiple times in the request, this function will return the value
+ of the first occurrence of this header.
+
+
+**Phases**
+
+* header_filter, body_filter, log, admin_api
+
+**Parameters**
+
+* **name** (string):  The name of the header
+
+ Header names are case-insensitive and dashes (`-`) can be written as
+ underscores (`_`); that is, the header `X-Custom-Header` can also be
+ retrieved as `x_custom_header`.
+
+
+**Returns**
+
+* `string|nil` The value of the header
+
+
+**Usage**
+
+``` lua
+-- Given a response with the following headers:
+-- X-Custom-Header: bla
+-- X-Another: foo bar
+-- X-Another: baz
+
+kong.response.get_header("x-custom-header") -- "bla"
+kong.response.get_header("X-Another")       -- "foo bar"
+kong.response.get_header("X-None")          -- nil
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.get_headers([max_headers])
+
+Returns a Lua table holding the response headers.  Keys are header names.
+ Values are either a string with the header value, or an array of strings
+ if a header was sent multiple times. Header names in this table are
+ case-insensitive and are normalized to lowercase, and dashes (`-`) can be
+ written as underscores (`_`); that is, the header `X-Custom-Header` can
+ also be retrieved as `x_custom_header`.
+
+ A response initially has no headers until a plugin short-circuits the
+ proxying by producing one (e.g. an authentication plugin rejecting a
+ request), or the request has been proxied, and one of the latter execution
+ phases is currently running.
+
+ Unlike `kong.service.response.get_headers()`, this function returns *all*
+ headers as the client would see them upon reception, including headers
+ added by Kong itself.
+
+ By default, this function returns up to **100** headers. The optional
+ `max_headers` argument can be specified to customize this limit, but must
+ be greater than **1** and not greater than **1000**.
+
+
+**Phases**
+
+* header_filter, body_filter, log, admin_api
+
+**Parameters**
+
+* **max_headers** (number, _optional_):  Limits how many headers are parsed
+
+**Returns**
+
+1.  `table`  headers A table representation of the headers in the
+ response
+
+
+1.  `string` err If more headers than `max_headers` were present, a
+ string with the error `"truncated"`.
+
+
+**Usage**
+
+``` lua
+-- Given an response from the Service with the following headers:
+-- X-Custom-Header: bla
+-- X-Another: foo bar
+-- X-Another: baz
+
+local headers = kong.response.get_headers()
+
+headers.x_custom_header -- "bla"
+headers.x_another[1]    -- "foo bar"
+headers["X-Another"][2] -- "baz"
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.get_source()
+
+This function helps determining where the current response originated
+ from.   Kong being a reverse proxy, it can short-circuit a request and
+ produce a response of its own, or the response can come from the proxied
+ Service.
+
+ Returns a string with three possible values:
+
+ * "exit" is returned when, at some point during the processing of the
+   request, there has been a call to `kong.response.exit()`. In other
+   words, when the request was short-circuited by a plugin or by Kong
+   itself (e.g.  invalid credentials)
+ * "error" is returned when an error has happened while processing the
+   request - for example, a timeout while connecting to the upstream
+   service.
+ * "service" is returned when the response was originated by successfully
+   contacting the proxied Service.
+
+
+**Phases**
+
+* header_filter, body_filter, log, admin_api
+
+**Returns**
+
+* `string` the source.
+
+
+**Usage**
+
+``` lua
+if kong.response.get_source() == "service" then
+  kong.log("The response comes from the Service")
+elseif kong.response.get_source() == "error" then
+  kong.log("There was an error while processing the request")
+elseif kong.response.get_source() == "exit" then
+  kong.log("There was an early exit while processing the request")
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.set_status(status)
+
+Allows changing the downstream response HTTP status code before sending it
+ to the client.
+
+ This function should be used in the `header_filter` phase, as Kong is
+ preparing headers to be sent back to the client.
+
+
+**Phases**
+
+* rewrite, access, header_filter, admin_api
+
+**Parameters**
+
+* **status** (number):  The new status
+
+**Returns**
+
+*  Nothing; throws an error on invalid input.
+
+
+**Usage**
+
+``` lua
+kong.response.set_status(404)
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.set_header(name, value)
+
+Sets a response header with the given value.  This function overrides any
+ existing header with the same name.
+
+ This function should be used in the `header_filter` phase, as Kong is
+ preparing headers to be sent back to the client.
+
+**Phases**
+
+* rewrite, access, header_filter, admin_api
+
+**Parameters**
+
+* **name** (string):  The name of the header
+* **value** (string|number|boolean):  The new value for the header
+
+**Returns**
+
+*  Nothing; throws an error on invalid input.
+
+
+**Usage**
+
+``` lua
+kong.response.set_header("X-Foo", "value")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.add_header(name, value)
+
+Adds a response header with the given value.  Unlike
+ `kong.response.set_header()`, this function does not remove any existing
+ header with the same name. Instead, another header with the same name will
+ be added to the response. If no header with this name already exists on
+ the response, then it is added with the given value, similarly to
+ `kong.response.set_header().`
+
+ This function should be used in the `header_filter` phase, as Kong is
+ preparing headers to be sent back to the client.
+
+**Phases**
+
+* rewrite, access, header_filter, admin_api
+
+**Parameters**
+
+* **name** (string):  The header name
+* **value** (string|number|boolean):  The header value
+
+**Returns**
+
+*  Nothing; throws an error on invalid input.
+
+
+**Usage**
+
+``` lua
+kong.response.add_header("Cache-Control", "no-cache")
+kong.response.add_header("Cache-Control", "no-store")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.clear_header(name)
+
+Removes all occurrences of the specified header in the response sent to
+ the client.
+
+ This function should be used in the `header_filter` phase, as Kong is
+ preparing headers to be sent back to the client.
+
+
+**Phases**
+
+* rewrite, access, header_filter, admin_api
+
+**Parameters**
+
+* **name** (string):  The name of the header to be cleared
+
+**Returns**
+
+*  Nothing; throws an error on invalid input.
+
+
+**Usage**
+
+``` lua
+kong.response.set_header("X-Foo", "foo")
+kong.response.add_header("X-Foo", "bar")
+
+kong.response.clear_header("X-Foo")
+-- from here onwards, no X-Foo headers will exist in the response
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.set_headers(headers)
+
+Sets the headers for the response.  Unlike `kong.response.set_header()`,
+ the `headers` argument must be a table in which each key is a string
+ (corresponding to a header's name), and each value is a string, or an
+ array of strings.
+
+ This function should be used in the `header_filter` phase, as Kong is
+ preparing headers to be sent back to the client.
+
+ The resulting headers are produced in lexicographical order. The order of
+ entries with the same name (when values are given as an array) is
+ retained.
+
+ This function overrides any existing header bearing the same name as those
+ specified in the `headers` argument. Other headers remain unchanged.
+
+
+**Phases**
+
+* rewrite, access, header_filter, admin_api
+
+**Parameters**
+
+* **headers** (table):
+
+**Returns**
+
+*  Nothing; throws an error on invalid input.
+
+
+**Usage**
+
+``` lua
+kong.response.set_headers({
+  ["Bla"] = "boo",
+  ["X-Foo"] = "foo3",
+  ["Cache-Control"] = { "no-store", "no-cache" }
+})
+
+-- Will add the following headers to the response, in this order:
+-- X-Bar: bar1
+-- Bla: boo
+-- Cache-Control: no-store
+-- Cache-Control: no-cache
+-- X-Foo: foo3
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.response.exit(status[, body[, headers]])
+
+This function interrupts the current processing and produces a response.
+ It is typical to see plugins using it to produce a response before Kong
+ has a chance to proxy the request (e.g. an authentication plugin rejecting
+ a request, or a caching plugin serving a cached response).
+
+ It is recommended to use this function in conjunction with the `return`
+ operator, to better reflect its meaning:
+
+ ```lua
+ return kong.response.exit(200, "Success")
+ ```
+
+ Calling `kong.response.exit()` will interrupt the execution flow of
+ plugins in the current phase. Subsequent phases will still be invoked.
+ E.g. if a plugin called `kong.response.exit()` in the `access` phase, no
+ other plugin will be executed in that phase, but the `header_filter`,
+ `body_filter`, and `log` phases will still be executed, along with their
+ plugins. Plugins should thus be programmed defensively against cases when
+ a request was **not** proxied to the Service, but instead was produced by
+ Kong itself.
+
+ The first argument `status` will set the status code of the response that
+ will be seen by the client.
+
+ The second, optional, `body` argument will set the response body. If it is
+ a string, no special processing will be done, and the body will be sent
+ as-is.  It is the caller's responsibility to set the appropriate
+ Content-Type header via the third argument.  As a convenience, `body` can
+ be specified as a table; in which case, it will be JSON-encoded and the
+ `application/json` Content-Type header will be set.
+
+ The third, optional, `headers` argument can be a table specifying response
+ headers to send. If specified, its behavior is similar to
+ `kong.response.set_headers()`.
+
+ Unless manually specified, this method will automatically set the
+ Content-Length header in the produced response for convenience.
+
+**Phases**
+
+* rewrite, access, admin_api, header_filter (only if `body` is nil)
+
+**Parameters**
+
+* **status** (number):  The status to be used
+* **body** (table|string, _optional_):  The body to be used
+* **headers** (table, _optional_):  The headers to be used
+
+**Returns**
+
+*  Nothing; throws an error on invalid input.
+
+
+**Usage**
+
+``` lua
+return kong.response.exit(403, "Access Forbidden", {
+  ["Content-Type"] = "text/plain",
+  ["WWW-Authenticate"] = "Basic"
+})
+
+---
+
+return kong.response.exit(403, [[{"message":"Access Forbidden"}]], {
+  ["Content-Type"] = "application/json",
+  ["WWW-Authenticate"] = "Basic"
+})
+
+---
+
+return kong.response.exit(403, { message = "Access Forbidden" }, {
+  ["WWW-Authenticate"] = "Basic"
+})
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.36-x/pdk/kong.router.md b/app/enterprise/0.36-x/pdk/kong.router.md
new file mode 100644
index 000000000000..c30ceb5fca48
--- /dev/null
+++ b/app/enterprise/0.36-x/pdk/kong.router.md
@@ -0,0 +1,68 @@
+---
+title: kong.router
+pdk: true
+toc: true
+---
+
+## kong.router
+
+Router module
+ A set of functions to access the routing properties of the request.
+
+
+
+### kong.router.get_route()
+
+Returns the current `route` entity.  The request was matched against this
+ route.
+
+
+**Phases**
+
+* access, header_filter, body_filter, log
+
+**Returns**
+
+* `table` the `route` entity.
+
+
+**Usage**
+
+``` lua
+if kong.router.get_route() then
+  -- routed by route & service entities
+else
+  -- routed by a legacy API entity
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.router.get_service()
+
+Returns the current `service` entity.  The request will be targetted to this
+ upstream service.
+
+
+**Phases**
+
+* access, header_filter, body_filter, log
+
+**Returns**
+
+* `table` the `service` entity.
+
+
+**Usage**
+
+``` lua
+if kong.router.get_service() then
+  -- routed by route & service entities
+else
+  -- routed by a legacy API entity
+end
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.36-x/pdk/kong.service.md b/app/enterprise/0.36-x/pdk/kong.service.md
new file mode 100644
index 000000000000..dce94eb96192
--- /dev/null
+++ b/app/enterprise/0.36-x/pdk/kong.service.md
@@ -0,0 +1,89 @@
+---
+title: kong.service
+pdk: true
+toc: true
+---
+
+## kong.service
+
+The service module contains a set of functions to manipulate the connection
+ aspect of the request to the Service, such as connecting to a given host, IP
+ address/port, or choosing a given Upstream entity for load-balancing and
+ healthchecking.
+
+
+
+### kong.service.set_upstream(host)
+
+Sets the desired Upstream entity to handle the load-balancing step for
+ this request.  Using this method is equivalent to creating a Service with a
+ `host` property equal to that of an Upstream entity (in which case, the
+ request would be proxied to one of the Targets associated with that
+ Upstream).
+
+ The `host` argument should receive a string equal to that of one of the
+ Upstream entities currently configured.
+
+
+**Phases**
+
+* access
+
+**Parameters**
+
+* **host** (string):
+
+**Returns**
+
+1.  `boolean|nil` `true` on success, or `nil` if no upstream entities
+ where found
+
+1.  `string|nil`  An error message describing the error if there was
+ one.
+
+
+
+**Usage**
+
+``` lua
+local ok, err = kong.service.set_upstream("service.prod")
+if not ok then
+  kong.log.err(err)
+  return
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.set_target(host, port)
+
+Sets the host and port on which to connect to for proxying the request.  ]]
+ Using this method is equivalent to ask Kong to not run the load-balancing
+ phase for this request, and consider it manually overridden.
+ Load-balancing components such as retries and health-checks will also be
+ ignored for this request.
+
+ The `host` argument expects a string containing the IP address of the
+ upstream server (IPv4/IPv6), and the `port` argument must contain a number
+ representing the port on which to connect to.
+
+
+**Phases**
+
+* access
+
+**Parameters**
+
+* **host** (string):
+* **port** (number):
+
+**Usage**
+
+``` lua
+kong.service.set_target("service.local", 443)
+kong.service.set_target("192.168.130.1", 80)
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.36-x/pdk/kong.service.request.md b/app/enterprise/0.36-x/pdk/kong.service.request.md
new file mode 100644
index 000000000000..c47d45e974b6
--- /dev/null
+++ b/app/enterprise/0.36-x/pdk/kong.service.request.md
@@ -0,0 +1,437 @@
+---
+title: kong.service.request
+pdk: true
+toc: true
+---
+
+## kong.service.request
+
+Manipulation of the request to the Service
+
+
+
+### kong.service.request.set_scheme(scheme)
+
+Sets the protocol to use when proxying the request to the Service.
+
+**Phases**
+
+* `access`
+
+**Parameters**
+
+* **scheme** (string):  The scheme to be used. Supported values are `"http"` or `"https"`
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_scheme("https")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_path(path)
+
+Sets the path component for the request to the service.  It is not
+ normalized in any way and should **not** include the querystring.
+
+**Phases**
+
+* `access`
+
+**Parameters**
+
+* **path** :  The path string. Example: "/v2/movies"
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_path("/v2/movies")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_raw_query(query)
+
+Sets the querystring of the request to the Service.  The `query` argument is a
+ string (without the leading `?` character), and will not be processed in any
+ way.
+
+ For a higher-level function to set the query string from a Lua table of
+ arguments, see `kong.service.request.set_query()`.
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **query** (string):  The raw querystring. Example: "foo=bar&bla&baz=hello%20world"
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_raw_query("zzz&bar=baz&bar=bla&bar&blo=&foo=hello%20world")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_method(method)
+
+Sets the HTTP method for the request to the service.
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **method** :  The method string, which should be given in all
+ uppercase. Supported values are: `"GET"`, `"HEAD"`, `"PUT"`, `"POST"`,
+ `"DELETE"`, `"OPTIONS"`, `"MKCOL"`, `"COPY"`, `"MOVE"`, `"PROPFIND"`,
+ `"PROPPATCH"`, `"LOCK"`, `"UNLOCK"`, `"PATCH"`, `"TRACE"`.
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_method("DELETE")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_query(args)
+
+Set the querystring of the request to the Service.
+
+ Unlike `kong.service.request.set_raw_query()`, the `query` argument must be a
+ table in which each key is a string (corresponding to an arguments name), and
+ each value is either a boolean, a string or an array of strings or booleans.
+ Additionally, all string values will be URL-encoded.
+
+ The resulting querystring will contain keys in their lexicographical order. The
+ order of entries within the same key (when values are given as an array) is
+ retained.
+
+ If further control of the querystring generation is needed, a raw querystring
+ can be given as a string with `kong.service.request.set_raw_query()`.
+
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **args** (table):  A table where each key is a string (corresponding to an
+   argument name), and each value is either a boolean, a string or an array of
+   strings or booleans. Any string values given are URL-encoded.
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_query({
+  foo = "hello world",
+  bar = {"baz", "bla", true},
+  zzz = true,
+  blo = ""
+})
+-- Will produce the following query string:
+-- bar=baz&bar=bla&bar&blo=&foo=hello%20world&zzz
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_header(header, value)
+
+Sets a header in the request to the Service with the given value.  Any existing header
+ with the same name will be overridden.
+
+ If the `header` argument is `"host"` (case-insensitive), then this is
+ will also set the SNI of the request to the Service.
+
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **header** (string):  The header name. Example: "X-Foo"
+* **value** (string|boolean|number):  The header value. Example: "hello world"
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_header("X-Foo", "value")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.add_header(header, value)
+
+Adds a request header with the given value to the request to the Service.  Unlike
+ `kong.service.request.set_header()`, this function will not remove any existing
+ headers with the same name. Instead, several occurences of the header will be
+ present in the request. The order in which headers are added is retained.
+
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **header** (string):  The header name. Example: "Cache-Control"
+* **value** (string|number|boolean):  The header value. Example: "no-cache"
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.add_header("Cache-Control", "no-cache")
+kong.service.request.add_header("Cache-Control", "no-store")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.clear_header(header)
+
+Removes all occurrences of the specified header in the request to the Service.
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **header** (string):  The header name. Example: "X-Foo"
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+   The function does not throw an error if no header was removed.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_header("X-Foo", "foo")
+kong.service.request.add_header("X-Foo", "bar")
+kong.service.request.clear_header("X-Foo")
+-- from here onwards, no X-Foo headers will exist in the request
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_headers(headers)
+
+Sets the headers of the request to the Service.  Unlike
+ `kong.service.request.set_header()`, the `headers` argument must be a table in
+ which each key is a string (corresponding to a header's name), and each value
+ is a string, or an array of strings.
+
+ The resulting headers are produced in lexicographical order. The order of
+ entries with the same name (when values are given as an array) is retained.
+
+ This function overrides any existing header bearing the same name as those
+ specified in the `headers` argument. Other headers remain unchanged.
+
+ If the `"Host"` header is set (case-insensitive), then this is
+ will also set the SNI of the request to the Service.
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **headers** (table):  A table where each key is a string containing a header name
+   and each value is either a string or an array of strings.
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_header("X-Foo", "foo1")
+kong.service.request.add_header("X-Foo", "foo2")
+kong.service.request.set_header("X-Bar", "bar1")
+kong.service.request.set_headers({
+  ["X-Foo"] = "foo3",
+  ["Cache-Control"] = { "no-store", "no-cache" },
+  ["Bla"] = "boo"
+})
+
+-- Will add the following headers to the request, in this order:
+-- X-Bar: bar1
+-- Bla: boo
+-- Cache-Control: no-store
+-- Cache-Control: no-cache
+-- X-Foo: foo3
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_raw_body(body)
+
+Sets the body of the request to the Service.
+
+ The `body` argument must be a string and will not be processed in any way.
+ This function also sets the `Content-Length` header appropriately. To set an
+ empty body, one can give an empty string `""` to this function.
+
+ For a higher-level function to set the body based on the request content type,
+ see `kong.service.request.set_body()`.
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **body** (string):  The raw body
+
+**Returns**
+
+*  Nothing; throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.request.set_raw_body("Hello, world!")
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.request.set_body(args[, mimetype])
+
+Sets the body of the request to the Service.  Unlike
+ `kong.service.request.set_raw_body()`, the `args` argument must be a table, and
+ will be encoded with a MIME type.  The encoding MIME type can be specified in
+ the optional `mimetype` argument, or if left unspecified, will be chosen based
+ on the `Content-Type` header of the client's request.
+
+ If the MIME type is `application/x-www-form-urlencoded`:
+
+ * Encodes the arguments as form-encoded: keys are produced in lexicographical
+   order. The order of entries within the same key (when values are
+   given as an array) is retained. Any string values given are URL-encoded.
+
+ If the MIME type is `multipart/form-data`:
+
+ * Encodes the arguments as multipart form data.
+
+ If the MIME type is `application/json`:
+
+ * Encodes the arguments as JSON (same as
+   `kong.service.request.set_raw_body(json.encode(args))`)
+ * Lua types are converted to matching JSON types.mej
+
+ If none of the above, returns `nil` and an error message indicating the
+ body could not be encoded.
+
+ The optional argument `mimetype` can be one of:
+
+ * `application/x-www-form-urlencoded`
+ * `application/json`
+ * `multipart/form-data`
+
+ If the `mimetype` argument is specified, the `Content-Type` header will be
+ set accordingly in the request to the Service.
+
+ If further control of the body generation is needed, a raw body can be given as
+ a string with `kong.service.request.set_raw_body()`.
+
+
+**Phases**
+
+* `rewrite`, `access`
+
+**Parameters**
+
+* **args** (table):  A table with data to be converted to the appropriate format
+ and stored in the body.
+* **mimetype** (string, _optional_):  can be one of:
+
+**Returns**
+
+1.  `boolean|nil` `true` on success, `nil` otherwise
+
+1.  `string|nil` `nil` on success, an error message in case of error.
+ Throws an error on invalid inputs.
+
+
+**Usage**
+
+``` lua
+kong.service.set_header("application/json")
+local ok, err = kong.service.request.set_body({
+  name = "John Doe",
+  age = 42,
+  numbers = {1, 2, 3}
+})
+
+-- Produces the following JSON body:
+-- { "name": "John Doe", "age": 42, "numbers":[1, 2, 3] }
+
+local ok, err = kong.service.request.set_body({
+  foo = "hello world",
+  bar = {"baz", "bla", true},
+  zzz = true,
+  blo = ""
+}, "application/x-www-form-urlencoded")
+
+-- Produces the following body:
+-- bar=baz&bar=bla&bar&blo=&foo=hello%20world&zzz
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.36-x/pdk/kong.service.response.md b/app/enterprise/0.36-x/pdk/kong.service.response.md
new file mode 100644
index 000000000000..feede11b266e
--- /dev/null
+++ b/app/enterprise/0.36-x/pdk/kong.service.response.md
@@ -0,0 +1,132 @@
+---
+title: kong.service.response
+pdk: true
+toc: true
+---
+
+## kong.service.response
+
+Manipulation of the response from the Service
+
+
+
+### kong.service.response.get_status()
+
+Returns the HTTP status code of the response from the Service as a Lua number.
+
+**Phases**
+
+* `header_filter`, `body_filter`, `log`
+
+**Returns**
+
+* `number|nil`  the status code from the response from the Service, or `nil`
+ if the request was not proxied (i.e. `kong.response.get_source()` returned
+ anything other than `"service"`.
+
+
+**Usage**
+
+``` lua
+kong.log.inspect(kong.service.response.get_status()) -- 418
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.response.get_headers([max_headers])
+
+Returns a Lua table holding the headers from the response from the Service.  Keys are
+ header names. Values are either a string with the header value, or an array of
+ strings if a header was sent multiple times. Header names in this table are
+ case-insensitive and dashes (`-`) can be written as underscores (`_`); that is,
+ the header `X-Custom-Header` can also be retrieved as `x_custom_header`.
+
+ Unlike `kong.response.get_headers()`, this function will only return headers that
+ were present in the response from the Service (ignoring headers added by Kong itself).
+ If the request was not proxied to a Service (e.g. an authentication plugin rejected
+ a request and produced an HTTP 401 response), then the returned `headers` value
+ might be `nil`, since no response from the Service has been received.
+
+ By default, this function returns up to **100** headers. The optional
+ `max_headers` argument can be specified to customize this limit, but must be
+ greater than **1** and not greater than **1000**.
+
+**Phases**
+
+* `header_filter`, `body_filter`, `log`
+
+**Parameters**
+
+* **max_headers** (number, _optional_):  customize the headers to parse
+
+**Returns**
+
+1.  `table` the response headers in table form
+
+1.  `string` err If more headers than `max_headers` were present, a
+ string with the error `"truncated"`.
+
+
+**Usage**
+
+``` lua
+-- Given a response with the following headers:
+-- X-Custom-Header: bla
+-- X-Another: foo bar
+-- X-Another: baz
+local headers = kong.service.response.get_headers()
+if headers then
+  kong.log.inspect(headers.x_custom_header) -- "bla"
+  kong.log.inspect(headers.x_another[1])    -- "foo bar"
+  kong.log.inspect(headers["X-Another"][2]) -- "baz"
+end
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.service.response.get_header(name)
+
+Returns the value of the specified response header.
+
+ Unlike `kong.response.get_header()`, this function will only return a header
+ if it was present in the response from the Service (ignoring headers added by Kong
+ itself).
+
+
+**Phases**
+
+* `header_filter`, `body_filter`, `log`
+
+**Parameters**
+
+* **name** (string):  The name of the header.
+
+ Header names in are case-insensitive and are normalized to lowercase, and
+ dashes (`-`) can be written as underscores (`_`); that is, the header
+ `X-Custom-Header` can also be retrieved as `x_custom_header`.
+
+
+**Returns**
+
+* `string|nil`  The value of the header, or `nil` if a header with
+ `name` was not found in the response. If a header with the same name is present
+ multiple times in the response, this function will return the value of the
+ first occurrence of this header.
+
+
+**Usage**
+
+``` lua
+-- Given a response with the following headers:
+-- X-Custom-Header: bla
+-- X-Another: foo bar
+-- X-Another: baz
+
+kong.log.inspect(kong.service.response.get_header("x-custom-header")) -- "bla"
+kong.log.inspect(kong.service.response.get_header("X-Another"))       -- "foo bar"
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.36-x/pdk/kong.table.md b/app/enterprise/0.36-x/pdk/kong.table.md
new file mode 100644
index 000000000000..7e62db9eed94
--- /dev/null
+++ b/app/enterprise/0.36-x/pdk/kong.table.md
@@ -0,0 +1,67 @@
+---
+title: kong.table
+pdk: true
+toc: true
+---
+
+## kong.table
+
+Utilities for Lua tables
+
+
+
+### kong.table.new([narr[, nrec]])
+
+Returns a table with pre-allocated number of slots in its array and hash
+ parts.
+
+**Parameters**
+
+* **narr** (number, _optional_):  specifies the number of slots to pre-allocate
+ in the array part.
+* **nrec** (number, _optional_):  specifies the number of slots to pre-allocate in
+ the hash part.
+
+**Returns**
+
+* `table` the newly created table
+
+
+**Usage**
+
+``` lua
+local tab = kong.table.new(4, 4)
+```
+
+[Back to TOC](#table-of-contents)
+
+
+### kong.table.clear(tab)
+
+Clears a table from all of its array and hash parts entries.
+
+**Parameters**
+
+* **tab** (table):  the table which will be cleared
+
+**Returns**
+
+*  Nothing
+
+
+**Usage**
+
+``` lua
+local tab = {
+  "hello",
+  foo = "bar"
+}
+
+kong.table.clear(tab)
+
+kong.log(tab[1]) -- nil
+kong.log(tab.foo) -- nil
+```
+
+[Back to TOC](#table-of-contents)
+
diff --git a/app/enterprise/0.36-x/plugin-development/access-the-datastore.md b/app/enterprise/0.36-x/plugin-development/access-the-datastore.md
new file mode 100644
index 000000000000..f783a00d90a5
--- /dev/null
+++ b/app/enterprise/0.36-x/plugin-development/access-the-datastore.md
@@ -0,0 +1,75 @@
+---
+title: Plugin Development - Accessing the Datastore
+book: plugin_dev
+chapter: 5
+---
+
+## Introduction
+
+Kong interacts with the model layer through classes we refer to as "DAOs". This
+chapter will detail the available API to interact with the datastore.
+
+Kong supports two primary datastores: [Cassandra
+{{site.data.kong_latest.dependencies.cassandra}}](http://cassandra.apache.org/)
+and [PostgreSQL
+{{site.data.kong_latest.dependencies.postgres}}](http://www.postgresql.org/).
+
+## kong.db
+
+All entities in Kong are represented by:
+
+- A schema that describes which table the entity relates to in the datastore,
+  constraints on its fields such as foreign keys, non-null constraints etc.
+  This schema is a table described in the [plugin configuration]({{page.book.chapters.plugin-configuration}})
+  chapter.
+- An instance of the `DAO` class mapping to the database currently in use
+  (Cassandra or Postgres). This class' methods consume the schema and expose
+  methods to insert, update, select and delete entities of that type.
+
+The core entities in Kong are: Services, Routes, Consumers and Plugins.
+All of them are accessible as Data Access Objects (DAOs),
+through the `kong.db` global singleton:
+
+
+```lua
+-- Core DAOs
+local services  = kong.db.services
+local routes    = kong.db.routes
+local consumers = kong.db.consumers
+local plugins   = kong.db.plugins
+```
+
+Both core entities from Kong and custom entities from plugins are
+available through `kong.db.*`.
+
+---
+
+## The DAO Lua API
+
+The DAO class is responsible for the operations executed on a given table in
+the datastore, generally mapping to an entity in Kong. All the underlying
+supported databases (currently Cassandra and Postgres) comply to the same
+interface, thus making the DAO compatible with all of them.
+
+For example, inserting a Service and a Plugin is as easy as:
+
+```lua
+local inserted_service, err = kong.db.services:insert({
+  name = "mockbin",
+  url  = "http://mockbin.org",
+})
+
+local inserted_plugin, err = kong.db.plugins:insert({
+  name    = "key-auth",
+  service = inserted_service,
+})
+```
+
+For a real-life example of the DAO being used in a plugin, see the
+[Key-Auth plugin source code](https://github.com/Kong/kong/blob/master/kong/plugins/key-auth/handler.lua).
+
+---
+
+Next: [Storing Custom Entities &rsaquo;]({{page.book.next}})
+
+[Plugin Development Kit]: /enterprise/{{page.kong_version}}/pdk
diff --git a/app/enterprise/0.36-x/plugin-development/admin-api.md b/app/enterprise/0.36-x/plugin-development/admin-api.md
new file mode 100644
index 000000000000..f5a1211f6d9c
--- /dev/null
+++ b/app/enterprise/0.36-x/plugin-development/admin-api.md
@@ -0,0 +1,174 @@
+---
+title: Plugin Development - Extending the Admin API
+book: plugin_dev
+chapter: 8
+---
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> This chapter assumes that you have a relative
+  knowledge of <a href="http://leafo.net/lapis/">Lapis</a>.
+</div>
+
+## Introduction
+
+Kong can be configured using a REST interface referred to as the [Admin API].
+Plugins can extend it by adding their own endpoints to accommodate custom
+entities or other personalized management needs. A typical example of this is
+the creation, retrieval, and deletion (commonly referred to as "CRUD
+operations") of API keys.
+
+The Admin API is a [Lapis](http://leafo.net/lapis/) application, and Kong's
+level of abstraction makes it easy for you to add endpoints.
+
+## Module
+
+```
+kong.plugins.<plugin_name>.api
+```
+
+## Adding endpoints to the Admin API
+
+Kong will detect and load your endpoints if they are defined in a module named:
+
+```
+"kong.plugins.<plugin_name>.api"
+```
+
+This module is bound to return a table with one or more entries with the following structure:
+
+``` lua
+{
+  ["<path>"] = {
+     schema = <schema>,
+     methods = {
+       before = function(self) ... end,
+       on_error = function(self) ... end,
+       GET = function(self) ... end,
+       PUT = function(self) ... end,
+       ...
+     }
+  },
+  ...
+}
+```
+
+Where:
+
+- `<path>` should be a string representing a route like `/users` (See [Lapis routes & URL
+  Patterns](http://leafo.net/lapis/reference/actions.html#routes--url-patterns)) for details.
+  Notice that the path can contain interpolation parameters, like `/users/:users/new`.
+- `<schema>` is a schema definition. Schemas for core and custom plugin entities are available
+  via `kong.db.<entity>.schema`. The schema is used to parse certain fields according to their
+  types; for example if a field is marked as an integer, it will be parsed as such when it is
+  passed to a function (by default form fields are all strings).
+- The `methods` subtable contains functions, indexed by a string.
+  - The `before` key is optional and can hold a function. If present, the function will be executed
+    on every request that hits `path`, before any other function is invoked.
+  - One or more functions can be indexed with HTTP method names, like `GET` or `PUT`. These functions
+    will be executed when the appropriate HTTP method and `path` is matched. If a `before` function is
+    present on the `path`, it will be executed first. Keep in mind that `before` functions can
+    use `kong.response.exit` to finish early, effectively cancelling the "regular" http method function.
+  - The `on_error` key is optional and can hold a function. If present, the function will be executed
+    when the code from other functions (either from a `before` or a "http method") throws an error. If
+    not present, then Kong will use a default error handler to return the errors.
+
+For example:
+
+``` lua
+local endpoints = require "kong.api.endpoints"
+
+local credentials_schema = kong.db.keyauth_credentials.schema
+local consumers_schema = kong.db.consumers.schema
+
+return {
+  ["/consumers/:consumers/key-auth"] = {
+    schema = credentials_schema,
+    methods = {
+      GET = endpoints.get_collection_endpoint(
+              credentials_schema, consumers_schema, "consumer"),
+
+      POST = endpoints.post_collection_endpoint(
+              credentials_schema, consumers_schema, "consumer"),
+    },
+  },
+}
+```
+
+This code will create two Admin API endpoints in `/consumers/:consumers/key-auth`, to
+obtain (`GET`) and create (`POST`) credentials associated to a given consumer. On this example
+the functions are provided by the `kong.api.endpoints` library. If you want to see a more
+complete example, with custom code in functions, see
+[the `api.lua` file from the key-auth plugin](https://github.com/Kong/kong/blob/master/kong/plugins/key-auth/api.lua).
+
+The `endpoints` module currently contains the default implementation for the most usual CRUD
+operations used in Kong. This module provides you with helpers for any insert, retrieve,
+update or delete operations and performs the necessary DAO operations and replies with
+the appropriate HTTP status codes. It also provides you with functions to retrieve parameters from
+the path, such as an Service's name or id, or a Consumer's username or id.
+
+If `endpoints`-provided are functions not enough, a regular Lua function can be used instead. From there you can use:
+
+- Several functions provided by the `endpoints` module.
+- All the functionality provided by the [PDK](../../pdk)
+- The `self` parameter, which is the [Lapis request object](http://leafo.net/lapis/reference/actions.html#request-object).
+- And of course you can `require` any Lua modules if needed. Make sure they are compatible with OpenResty if you choose this route.
+
+``` lua
+local endpoints = require "kong.api.endpoints"
+
+local credentials_schema = kong.db.keyauth_credentials.schema
+local consumers_schema = kong.db.consumers.schema
+
+return {
+  ["/consumers/:consumers/key-auth/:keyauth_credentials"] = {
+    schema = credentials_schema,
+    methods = {
+      before = function(self, db, helpers)
+        local consumer, _, err_t = endpoints.select_entity(self, db, consumers_schema)
+        if err_t then
+          return endpoints.handle_error(err_t)
+        end
+        if not consumer then
+          return kong.response.exit(404, { message = "Not found" })
+        end
+
+        self.consumer = consumer
+
+        if self.req.method ~= "PUT" then
+          local cred, _, err_t = endpoints.select_entity(self, db, credentials_schema)
+          if err_t then
+            return endpoints.handle_error(err_t)
+          end
+
+          if not cred or cred.consumer.id ~= consumer.id then
+            return kong.response.exit(404, { message = "Not found" })
+          end
+          self.keyauth_credential = cred
+          self.params.keyauth_credentials = cred.id
+        end
+      end,
+      GET  = endpoints.get_entity_endpoint(credentials_schema),
+      PUT  = function(self, db, helpers)
+        self.args.post.consumer = { id = self.consumer.id }
+        return endpoints.put_entity_endpoint(credentials_schema)(self, db, helpers)
+      end,
+    },
+  },
+}
+```
+
+On the previous example, the `/consumers/:consumers/key-auth/:keyauth_credentials` path gets
+three functions:
+- The `before` function is a custom Lua function which uses several `endpoints`-provided utilities
+  (`endpoints.handle_error`) as well as PDK functions (`kong.response.exit`). It also populates
+  `self.consumer` for the subsequent functions to use.
+- The `GET` function is built entirely using `endpoints`. This is possible because the `before` has
+  "prepared" things in advance, like `self.consumer`.
+- The `PUT` function populates `self.args.post.consumer` before calling the `endpoints`-provided
+  `put_entity_endpoint` function.
+
+---
+
+Next: [Write tests for your plugin]({{page.book.next}})
+
+[Admin API]: /enterprise/{{page.kong_version}}/admin-api/
diff --git a/app/enterprise/0.36-x/plugin-development/custom-entities.md b/app/enterprise/0.36-x/plugin-development/custom-entities.md
new file mode 100644
index 000000000000..c8272133ce83
--- /dev/null
+++ b/app/enterprise/0.36-x/plugin-development/custom-entities.md
@@ -0,0 +1,645 @@
+---
+title: Plugin Development - Storing Custom Entities
+book: plugin_dev
+chapter: 6
+---
+
+## Introduction
+
+While not all plugins need it, your plugin might need to store more than
+its configuration in the database. In that case, Kong provides you with
+an abstraction on top of its primary datastores which allows you to store
+custom entities.
+
+As explained in the [previous chapter]({{page.book.previous}}), Kong interacts
+with the model layer through classes we refer to as "DAOs", and available on a
+singleton often referred to as the "DAO Factory". This chapter will explain how
+to to provide an abstraction for your own entities.
+
+## Modules
+
+```
+kong.plugins.<plugin_name>.daos
+kong.plugins.<plugin_name>.migrations.init
+kong.plugins.<plugin_name>.migrations.000_base_<plugin_name>
+kong.plugins.<plugin_name>.migrations.001_<from-version>_to_<to_version>
+kong.plugins.<plugin_name>.migrations.002_<from-version>_to_<to_version>
+```
+
+## Create the migrations folder
+
+Once you have defined your model, you must create your migration modules which
+will be executed by Kong to create the table in which your records of your
+entity will be stored.
+
+If your plugin is intended to support both Cassandra and Postgres, then both
+migrations must be written.
+
+If your plugin doesn't have it already, you should add a `<plugin_name>/migrations`
+folder to it. If there is no `init.lua` file inside already, you should create one.
+This is where all the migrations for your plugin will be referenced.
+
+The initial version of your `migrations/init.lua` file will point to a single migration.
+
+In this case we have called it `000_base_my_plugin`.
+
+``` lua
+-- `migrations/init.lua`
+return {
+  "000_base_my_plugin",
+}
+```
+
+This means that there will be a file in `<plugin_name>/migrations/000_base_my_plugin.lua`
+containing the initial migrations. We'll see how this is done in a minute.
+
+## Adding a new migration to an existing plugin
+
+Sometimes it is necessary to introduce changes after a version of a plugin has already been
+released. A new functionality might be needed. A database table row might need changing.
+
+When this happens, *you must* create a new migrations file. You *must not* of modify the
+existing migration files once they are published (you can still make them more robust and
+bulletproof if you want, e.g. always try to write the migrations reentrant).
+
+While there is no strict rule for naming your migration files, there is a convention that the
+initial one is prefixed by `000`, the next one by `001`, and so on.
+
+Following with our previous example, if we wanted to release a new version of the plugin with
+changes in the database (for example, a table was needed called `foo`) we would insert it by
+adding a file called `<plugin_name>/migrations/001_100_to_110.lua`, and referencing it on the
+migrations init file like so (where `100` is the previous version of the plugin `1.0.0` and
+`110` is the version to which plugin is migrated to `1.1.0`:
+
+
+``` lua
+-- `<plugin_name>/migrations/init.lua`
+return {
+  "000_base_my_plugin",
+  "001_100_to_110",
+}
+```
+
+## Migration File syntax
+
+While Kong's core migrations support both Postgres and Cassandra, custom plugins
+can choose to support either both of them or just one.
+
+A migration file is a Lua file which returns a table with the following structure:
+
+``` lua
+-- `<plugin_name>/migrations/000_base_my_plugin.lua`
+return {
+  postgresql = {
+    up = [[
+      CREATE TABLE IF NOT EXISTS "my_plugin_table" (
+        "id"           UUID                         PRIMARY KEY,
+        "created_at"   TIMESTAMP WITHOUT TIME ZONE,
+        "col1"         TEXT
+      );
+    
+      DO $$
+      BEGIN
+        CREATE INDEX IF NOT EXISTS "my_plugin_table_col1"
+                                ON "my_plugin_table" ("col1");
+      EXCEPTION WHEN UNDEFINED_COLUMN THEN
+        -- Do nothing, accept existing state
+      END$$;
+    ]],
+  },
+
+  cassandra = {
+    up = [[
+      CREATE TABLE IF NOT EXISTS my_plugin_table (
+        id          uuid PRIMARY KEY,
+        created_at  timestamp,
+        col1        text
+      );
+      
+      CREATE INDEX IF NOT EXISTS ON my_plugin_table (col1);
+    ]],
+  }
+}
+
+-- `<plugin_name>/migrations/001_100_to_110.lua`
+return {
+  postgresql = {
+    up = [[
+      DO $$
+      BEGIN
+        ALTER TABLE IF EXISTS ONLY "my_plugin_table" ADD "cache_key" TEXT UNIQUE;
+      EXCEPTION WHEN DUPLICATE_COLUMN THEN
+        -- Do nothing, accept existing state
+      END;
+    $$;
+    ]],
+    teardown = function(connector, helpers)
+      assert(connector:connect_migrations())
+      assert(connector:query([[
+        DO $$
+        BEGIN
+          ALTER TABLE IF EXISTS ONLY "my_plugin_table" DROP "col1";
+        EXCEPTION WHEN UNDEFINED_COLUMN THEN
+          -- Do nothing, accept existing state
+        END$$;
+      ]])
+    end,
+  },
+
+  cassandra = {
+    up = [[
+      ALTER TABLE my_plugin_table ADD cache_key text;
+      CREATE INDEX IF NOT EXISTS ON my_plugin_table (cache_key);
+    ]],
+    teardown = function(connector, helpers)
+      assert(connector:connect_migrations())
+      assert(connector:query("ALTER TABLE my_plugin_table DROP col1"))
+    end,
+  }
+}
+```
+
+If a plugin only supports Postgres or Cassandra, only the section for one strategy is
+needed. Each strategy section has two parts, `up` and `teardown`.
+
+* `up` is an optional string of raw SQL/CQL statements. Those statements will be executed
+  when `kong migrations up` is executed.
+* `teardown` is an optional Lua function, which takes a `connector` parameter. Such connector
+  can invoke the `query` method to execute SQL/CQL queries. Teardown is triggered by
+  `kong migrations finish`
+
+It is recommended that all the non-destructive operations, such as creation of new tables and
+addition of new records is done on the `up` sections, while destructive operations (such as
+removal of data, changing row types, insertion of new data) is done on the `teardown` sections.
+
+In both cases, it is recommended that all the SQL/CQL statements are written so that they are
+as reentrant as possible. `DROP TABLE IF EXISTS` instead of `DROP TABLE`,
+`CREATE INDEX IF NOT EXIST` instead of `CREATE INDEX`, etc. If a migration fails for some
+reason, it is expected that the first attempt at fixing the problem will be simply
+re-running the migrations.
+
+While Postgres does, Cassandra does not support constraints such as "NOT
+NULL", "UNIQUE" or "FOREIGN KEY", but Kong provides you with such features when
+you define your model's schema. Bear in mind that this schema will be the same
+for both Postgres and Cassandra, hence, you might trade-off a pure SQL schema
+for one that works with Cassandra too.
+
+**IMPORTANT**: if your `schema` uses a `unique` constraint, then Kong will
+enforce it for Cassandra, but for Postgres you must set this constraint in
+the migrations.
+
+To see a real-life example, give a look at the [Key-Auth plugin migrations](https://github.com/Kong/kong/tree/{{page.kong_version}}/kong/plugins/key-auth/migrations).
+
+---
+
+## Defining a Schema
+
+The first step to using custom entities in a custom plugin is defining one
+or more *schemas*.
+
+A schema is a Lua table which describes entities. There's structural information
+like how are the different fields of the entity named and what are their types,
+which is similar to the fields describing your [plugin
+configuration]({{page.book.chapters.plugin-configuration}})).
+Compared to plugin configuration schemas, custom entity schemas require
+additional metadata (e.g. which field, or fields, constitute the entities'
+primary key).
+
+Schemas are to be defined in a module named:
+
+```
+kong.plugins.<plugin_name>.daos
+```
+
+Meaning that there should be a file called `<plugin_name>/daos.lua` inside your
+plugin folder. The `daos.lua` file should return a table containing one or more
+schemas. For example:
+
+```lua
+-- daos.lua
+local typedefs = require "kong.db.schema.typedefs"
+
+
+return {
+  -- this plugin only results in one custom DAO, named `keyauth_credentials`:
+  keyauth_credentials = {
+    name               = "keyauth_credentials", -- the actual table in the database
+    endpoint_key       = "key",
+    primary_key        = { "id" },
+    cache_key          = { "key" },
+    generate_admin_api = true,
+    fields = {
+      {
+        -- a value to be inserted by the DAO itself
+        -- (think of serial id and the uniqueness of such required here)
+        id = typedefs.uuid,
+      },
+      {
+        -- also interted by the DAO itself
+        created_at = typedefs.auto_timestamp_s,
+      },
+      {
+        -- a foreign key to a consumer's id
+        consumer = {
+          type      = "foreign",
+          reference = "consumers",
+          default   = ngx.null,
+          on_delete = "cascade",
+        },
+      },
+      {
+        -- a unique API key
+        key = {
+          type      = "string",
+          required  = false,
+          unique    = true,
+          auto      = true,
+        },
+      },
+    },
+  },
+}
+```
+
+This example `daos.lua` file introduces a single schema called `keyauth_credentials`.
+
+Here is a description of some top-level properties:
+
+<table>
+<tbody>
+<tr><th>Name</th><th>Type</th><th>Description</th></tr>
+<tr>
+  <td><code>name</code></td>
+  <td><code>string</code> (required)</td>
+  <td>It will be used to determine the DAO name (<code>kong.db.[name]</code>).</td>
+</tr>
+<tr>
+  <td><code>primary_key</code></td>
+  <td><code>table</code> (required)</td>
+  <td>
+    Field names forming the entity's primary key.
+    Schemas support composite keys, even if most Kong core entities currently use an UUID named
+    <code>id</code>. If you are using Cassandra and need a composite key, it should have the same
+    fields as the partition key.
+  </td>
+</tr>
+<tr>
+<td><code>endpoint_key</code></td>
+  <td><code>string</code> (optional)</td>
+  <td>
+    The name of the field used as an alternative identifier on the Admin API.
+    On the example above, <code>key</code> is the endpoint_key. This means that a credential with
+    <code>id = 123</code> and <code>key = "foo"</code> could be referenced as both
+    <code>/keyauth_credentials/123</code> and <code>/keyauth_credentials/foo</code>.
+  </td>
+</tr>
+<tr>
+  <td><code>cache_key</code></td>
+  <td><code>table</code> (optional)</td>
+  <td>
+    Contains the name of the fields used for generating the <code>cache_key</code>, a string which must
+    unequivocally identify the entity inside Kong's cache. A unique field, like <code>key</code> in your example,
+    is usually good candidate. In other cases a combination of several fields is preferable.
+  </td>
+</tr>
+<tr>
+  <td><code>fields</code></td>
+  <td><code>table</code></td>
+  <td>
+    Each field definition is a table with a single key, which is the field's name. The table value is
+    a subtable containing the field's <em>attributes</em>, some of which will be explained below.
+  </td>
+</tr>
+</tbody>
+</table>
+
+Many field attributes encode *validation rules*. When attempting to insert or update entities using
+the DAO, these validations will be checked, and an error returned if the provided input doesn't conform
+to them.
+
+The `typedefs` variable (obtained by requiring `kong.db.schema.typedefs`) is a table containing
+a lot of useful type definitions and aliases, including `typedefs.uuid`, the most usual type for the primary key,
+and `typedefs.auto_timestamp_s`, for `created_at` fields. It is used extensively when defining fields.
+
+Here's a non-exhaustive explanation of some of the field attributes available:
+
+<table>
+<tbody>
+<tr><th>Attribute name</th><th>type</th><th>Description</th></tr>
+<tr>
+  <td><code>type</code></td>
+  <td><code>string</code></td>
+  <td>
+    Schemas support the following scalar types: <code>"string"</code>, <code>"integer"</code>, <code>"number"</code> and
+    <code>"boolean"</code>. Compound types like <code>"array"</code>, <code>"record"</code>, or <code>"set"</code> are
+    also supported.<br><br>
+
+    In additon to these values, the <code>type</code> attribute can also take the special <code>"foreign"</code> value,
+    which denotes a foreign relationship.<br><br>
+
+    Each field will need to be backed by database fields of appropriately similar types, created via migrations.<br><br>
+
+    <code>type</code> is the only required attribute for all field definitions.
+  </td>
+</tr>
+<tr>
+  <td><code>default</code></td>
+  <td><code>any</code> (matching with <code>type</code> attribute)</td>
+  <td>
+    Specifies the value the field will have when attempting to insert it, if no value was provided.
+    Default values are always set via Lua, never by the underlying database. It is thus not recommended to set
+    any default values on fields in migrations.
+  </td>
+</tr>
+<tr>
+  <td><code>required</code></td>
+  <td><code>boolean</code></td>
+  <td>
+    When set to <code>true</code> on a field, an error will be thrown when attempting to insert an entity lacking a value
+    for said field (unless the field in question has a default value).
+  </td>
+</tr>
+<tr>
+  <td><code>unique</code></td>
+  <td><code>boolean</code></td>
+  <td>
+  <p>When set to <code>true</code> on a field, an error will be thrown when attempting to insert an entity on the database,
+    but another entity already has the given value on said field.</p>
+
+  <p>This attribute <em>must</em> be backed up by declaring fields as <code>UNIQUE</code> in migrations when using
+    PostgreSQL. The Cassandra strategy does a check in Lua before attempting inserts, so it doesn't require any special treatment.
+  </p>
+  </td>
+</tr>
+<tr>
+  <td><code>auto</code></td>
+  <td><code>boolean</code></td>
+  <td>
+  When attempting to insert an entity without providing a value for this a field where <code>auto</code> is set to <code>true</code>,
+  <br><br>
+  <ul>
+    <li>If <code>type == "uuid"</code>, the field will take a random UUID as value.</li>
+    <li>If <code>type == "string"</code>, the field will take a random string.</li>
+    <li>If the field name is <code>created_at</code> or <code>updated_at</code>, the field will take the current time when
+    inserting / updating, as appropriate.</li>
+  </ul>
+  </td>
+</tr>
+<tr>
+  <td><code>reference</code></td>
+  <td><code>string</code></td>
+  <td>Required for fields of type <code>foreign</code>. The given string <em>must</em> be the name of an existing schema,
+    to which the foreign key will "point to". This means that if a schema B has a foreign key pointing to schema A,
+    then A needs to be loaded before B.
+  </td>
+</tr>
+<tr>
+  <td><code>on_delete</code></td>
+  <td><code>string</code></td>
+  <td>
+    Optional and exclusive for fields of type <code>foreign</code>. It dictates what must happen
+    with entities linked by a foreign key when the entity being referenced is deleted. It can have three possible
+    values:<br><br>
+
+    <ul>
+      <li><code>"cascade"</code>: When the linked entity is deleted, all the dependent entities must also be deleted.</li>
+      <li><code>"null"</code>: When the linked entity is deleted, all the dependent entities will have their foreign key
+      field set to <code>null</code>.</li>
+      <li><code>"restrict"</code>: Attempting to delete an entity with linked entities will result in an error.</li>
+    </ul>
+
+    <br><br>
+    In Cassandra this is handled with pure Lua code, but in PostgreSQL it will be necessary to declare the references
+    as <code>ON DELETE CASCADE/NULL/RESTRICT</code> in a migration.
+  </td>
+</tr>
+</tbody>
+</table>
+
+
+To learn more about schemas, see:
+
+* The source code of [typedefs.lua](https://github.com/Kong/kong/blob/{{page.kong_version | replace: "x", "0"}}/kong/db/schema/typedefs.lua)
+  to get an idea of what's provided there by default.
+* [The Core Schemas](https://github.com/Kong/kong/tree/{{page.kong_version | replace: "x", "0"}}/kong/db/schema/entities)
+  to see examples of some other field attributes not discussed here.
+* [All the `daos.lua` files for embedded plugins](https://github.com/search?utf8=%E2%9C%93&q=repo%3Akong%2Fkong+path%3A%2Fkong%2Fplugins+filename%3Adaos.lua),
+  especially [the key-auth one](https://github.com/Kong/kong/blob/{{page.kong_version | replace: "x", "0"}}/kong/plugins/key-auth/daos.lua),
+  which was used for this guide as an example.
+
+---
+
+## The custom DAO
+
+The schemas are not used directly to interact with the database. Instead, a DAO
+is built for each valid schema. A DAO takes the name of the schema it wraps, and is
+accessible through the `kong.db` interface.
+
+For the example schema above, the DAO generated would be available for plugins
+via `kong.db.keyauth_credentials`.
+
+### Selecting an entity
+
+``` lua
+local entity, err, err_t = kong.db.<name>:select(primary_key)
+```
+
+Attempts to find an entity in the database and return it. Three things can happen:
+
+* The entity was found. In this case, it is returned as a regular Lua table.
+* An error occurred - for example the connection with the database was lost. In that
+  case the first returned value will be `nil`, the second one will be a string
+  describing the error, and the last one will be the same error in table form.
+* An error does not occur but the entity is not found. Then the function will
+  just return `nil`, with no error.
+
+Example of usage:
+
+``` lua
+local entity, err = kong.db.keyauth_credentials:select({
+  id = "c77c50d2-5947-4904-9f37-fa36182a71a9"
+})
+
+if err then
+  kong.log.err("Error when inserting keyauth credential: " .. err)
+  return nil
+end
+
+if not entity then
+  kong.log.err("Could not find credential.")
+  return nil
+end
+```
+
+### Iterating over all the entities
+
+``` lua
+for entity, err on kong.db.<name>:each(entities_per_page) do
+  if err then
+    ...
+  end
+  ...
+end
+```
+
+This method efficiently iterates over all the entities in the database by making paginated
+requests. The `entities_per_page` parameter, which defaults to `100`, controls how many
+entities per page are returned.
+
+On each iteration, a new `entity` will be returned or, if there is any error, the `err`
+variable will be filled up with an error. The recommended way to iterate is checking `err` first,
+and otherwise assume that `entity` is present.
+
+Example of usage:
+
+``` lua
+for credential, err on kong.db.keyauth_credentials:each(1000) do
+  if err then
+    kong.log.err("Error when iterating over keyauth credentials: " .. err)
+    return nil
+  end
+
+  kong.log("id: " .. credential.id)
+end
+```
+
+This example iterates over the credentials in pages of 1000 items, logging their ids unless
+an error happens.
+
+### Inserting an entity
+
+``` lua
+local entity, err, err_t = kong.db.<name>:insert(<values>)
+```
+
+Inserts an entity in the database, and returns a copy of the inserted entity, or
+`nil`, an error message (a string) and a table describing the error in table form.
+
+When the insert is successful, the returned entity contains the extra values produced by
+`default` and `auto`.
+
+The following example uses the `keyauth_credentials` DAO to insert a credential for a given
+Consumer, setting its `key` to `"secret"`. Notice the syntax for referencing foreign keys.
+
+``` lua
+local entity, err = kong.db.keyauth_credentials:insert({
+  consumer = { id = "c77c50d2-5947-4904-9f37-fa36182a71a9" },
+  key = "secret",
+})
+
+if not entity then
+  kong.log.err("Error when inserting keyauth credential: " .. err)
+  return nil
+end
+```
+
+The returned entity, assuming no error happened will have `auto`-filled fields, like `id` and `created_at`.
+
+### Updating an entity
+
+``` lua
+local entity, err, err_t = kong.db.<name>:update(primary_key, <values>)
+```
+
+Updates an existing entity, provided it can be found using the provided primary key and a set of values.
+
+The returned entity will be the entity after the update takes place, or `nil` + an error message + an error table.
+
+The following example modifies the `key` field of an existing credential given the credential's id:
+
+``` lua
+local entity, err = kong.db.keyauth_credentials:update({
+  { id = "2b6a2022-770a-49df-874d-11e2bf2634f5" },
+  { key = "updated_secret" },
+})
+
+if not entity then
+  kong.log.err("Error when updating keyauth credential: " .. err)
+  return nil
+end
+```
+
+Notice how the syntax for specifying a primary key is similar to the one used to specify a foreign key.
+
+### Upserting an entity
+
+``` lua
+local entity, err, err_t = kong.db.<name>:upsert(primary_key, <values>)
+```
+
+`upsert` is a mixture of `insert` and `update`:
+
+* When the provided `primary_key` identifies an existing entity, it works like `update`.
+* When the provided `primary_key` does not identify an existing entity, it works like `insert`
+
+Given this code:
+
+``` lua
+local entity, err = kong.db.keyauth_credentials:upsert({
+  { id = "2b6a2022-770a-49df-874d-11e2bf2634f5" },
+  { consumer = { id = "a96145fb-d71e-4c88-8a5a-2c8b1947534c" } },
+})
+
+if not entity then
+  kong.log.err("Error when upserting keyauth credential: " .. err)
+  return nil
+end
+```
+
+Two things can happen:
+
+* If a credential with id `2b6a2022-770a-49df-874d-11e2bf2634f5` exists,
+  then this code will attempt to set its Consumer to the provided one.
+* If the credential does not exist, then this code is attempting to create
+  a new credential, with the given id and Consumer.
+
+### Deleting an entity
+
+``` lua
+local ok, err, err_t = kong.db.<name>:delete(primary_key)
+```
+
+Attempts to delete the entity identified by `primary_key`. It returns `true`
+if the entity *doesn't exist* after calling this method, or `nil` + error +
+error table if an error is detected.
+
+Notice that calling `delete` will succeed if the entity didn't exist *before
+calling it*. This is for performance reasons - we want to avoid doing a
+read-before-delete if we can avoid it. If you want to do this check, you
+must do it manually, by checking with `select` before invoking `delete`.
+
+Example:
+
+``` lua
+local ok, err = kong.db.keyauth_credentials:delete({
+  { id = "2b6a2022-770a-49df-874d-11e2bf2634f5" }
+})
+
+if not ok then
+  kong.log.err("Error when deleting keyauth credential: " .. err)
+  return nil
+end
+```
+
+---
+
+## Caching custom entities
+
+Sometimes custom entities are required on every request/response, which in turn
+triggers a query on the datastore every time. This is very inefficient because
+querying the datastore adds latency and slows the request/response down, and
+the resulting increased load on the datastore could affect the datastore
+performance itself and, in turn, other Kong nodes.
+
+When a custom entity is required on every request/response it is good practice
+to cache it in-memory by leveraging the in-memory cache API provided by Kong.
+
+The next chapter will focus on caching custom entities, and invalidating them
+when they change in the datastore: [Caching custom entities]({{page.book.next}}).
+
+---
+
+Next: [Caching custom entities &rsaquo;]({{page.book.next}})
+
+[Admin API]: /enterprise/{{page.kong_version}}/admin-api/
+[Plugin Development Kit]: /enterprise/{{page.kong_version}}/pdk
diff --git a/app/enterprise/0.36-x/plugin-development/custom-logic.md b/app/enterprise/0.36-x/plugin-development/custom-logic.md
new file mode 100644
index 000000000000..fdb5f54c64bf
--- /dev/null
+++ b/app/enterprise/0.36-x/plugin-development/custom-logic.md
@@ -0,0 +1,303 @@
+---
+title: Plugin Development - Implementing Custom Logic
+book: plugin_dev
+chapter: 3
+---
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> This chapter assumes that you are familiar with
+  <a href="http://www.lua.org/">Lua</a>.
+</div>
+
+## Introduction
+
+A Kong plugin allows you to inject custom logic (in Lua) at several
+entry-points in the life-cycle of a request/response or a tcp stream
+connection as it is proxied by Kong. To do so, one must implement one
+or several of the methods of the `base_plugin.lua` interface. Those
+methods are to be implemented in a module namespaced under:
+`kong.plugins.<plugin_name>.handler`
+
+## Module
+
+```
+kong.plugins.<plugin_name>.handler
+```
+
+## Available contexts
+
+The plugins interface allows you to override any of the following methods in
+your `handler.lua` file to implement custom logic at various entry-points
+of the execution life-cycle of Kong:
+
+- **[HTTP Module]** *is used for plugins written for HTTP/HTTPS requests*
+
+| Function name      | Phase             | Description
+|--------------------|-------------------|------------
+| `:init_worker()`   | [init_worker]     | Executed upon every Nginx worker process's startup.
+| `:certificate()`   | [ssl_certificate] | Executed during the SSL certificate serving phase of the SSL handshake.
+| `:rewrite()`       | [rewrite]         | Executed for every request upon its reception from a client as a rewrite phase handler. *NOTE* in this phase neither the `Service` nor the `Consumer` have been identified, hence this handler will only be executed if the plugin was configured as a global plugin!
+| `:access()`        | [access]          | Executed for every request from a client and before it is being proxied to the upstream service.
+| `:header_filter()` | [header_filter]   | Executed when all response headers bytes have been received from the upstream service.
+| `:body_filter()`   | [body_filter]     | Executed for each chunk of the response body received from the upstream service. Since the response is streamed back to the client, it can exceed the buffer size and be streamed chunk by chunk. hence this method can be called multiple times if the response is large. See the [lua-nginx-module] documentation for more details.
+| `:log()`           | [log]             | Executed when the last response byte has been sent to the client.
+
+- **[Stream Module]** *is used for plugins written for TCP stream connections*
+
+| Function name      | Phase                                                                        | Description
+|--------------------|------------------------------------------------------------------------------|------------
+| `:init_worker()`   | [init_worker]                                                                | Executed upon every Nginx worker process's startup.
+| `:preread()`       | [preread]                                                                    | Executed once for every connection.
+| `:log()`           | [log](https://github.com/openresty/stream-lua-nginx-module#log_by_lua_block) | Executed once for each connection after it has been closed.
+
+All of those functions, except `init_worker`, take one parameter which is given
+by Kong upon its invocation: the configuration of your plugin. This parameter
+is a Lua table, and contains values defined by your users, according to your
+plugin's schema (described in the `schema.lua` module). More on plugins schemas
+in the [next chapter]({{page.book.next}}).
+
+[HTTP Module]: https://github.com/openresty/lua-nginx-module
+[Stream Module]: https://github.com/openresty/stream-lua-nginx-module
+[init_worker]: https://github.com/openresty/lua-nginx-module#init_worker_by_lua_by_lua_block
+[ssl_certificate]: https://github.com/openresty/lua-nginx-module#ssl_certificate_by_lua_block
+[rewrite]: https://github.com/openresty/lua-nginx-module#rewrite_by_lua_block
+[access]: https://github.com/openresty/lua-nginx-module#access_by_lua_block
+[header_filter]: https://github.com/openresty/lua-nginx-module#header_filter_by_lua_block
+[body_filter]: https://github.com/openresty/lua-nginx-module#body_filter_by_lua_block
+[log]: https://github.com/openresty/lua-nginx-module#log_by_lua_block
+[preread]: https://github.com/openresty/stream-lua-nginx-module#preread_by_lua_block
+
+---
+
+## handler.lua specifications
+
+The `handler.lua` file must return a table implementing the functions you wish
+to be executed. In favor of brevity, here is a commented example module
+implementing all the available methods of both modules (please note some
+of them are shared between modules, like `log`):
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> Kong uses the
+  <a href="https://github.com/rxi/classic">rxi/classic</a> module to simulate
+  classes in Lua and ease the inheritance pattern.
+</div>
+
+```lua
+-- Extending the Base Plugin handler is optional, as there is no real
+-- concept of interface in Lua, but the Base Plugin handler's methods
+-- can be called from your child implementation and will print logs
+-- in your `error.log` file (where all logs are printed).
+local BasePlugin = require "kong.plugins.base_plugin"
+
+
+local CustomHandler = BasePlugin:extend()
+
+
+CustomHandler.VERSION  = "1.0.0"
+CustomHandler.PRIORITY = 10
+
+
+-- Your plugin handler's constructor. If you are extending the
+-- Base Plugin handler, it's only role is to instantiate itself
+-- with a name. The name is your plugin name as it will be printed in the logs.
+function CustomHandler:new()
+  CustomHandler.super.new(self, "my-custom-plugin")
+end
+
+function CustomHandler:init_worker()
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.init_worker(self)
+
+  -- Implement any custom logic here
+end
+
+
+function CustomHandler:preread(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.preread(self)
+
+  -- Implement any custom logic here
+end
+
+
+function CustomHandler:certificate(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.certificate(self)
+
+  -- Implement any custom logic here
+end
+
+function CustomHandler:rewrite(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.rewrite(self)
+
+  -- Implement any custom logic here
+end
+
+function CustomHandler:access(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.access(self)
+
+  -- Implement any custom logic here
+end
+
+function CustomHandler:header_filter(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.header_filter(self)
+
+  -- Implement any custom logic here
+end
+
+function CustomHandler:body_filter(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.body_filter(self)
+
+  -- Implement any custom logic here
+end
+
+function CustomHandler:log(config)
+  -- Eventually, execute the parent implementation
+  -- (will log that your plugin is entering this context)
+  CustomHandler.super.log(self)
+
+  -- Implement any custom logic here
+end
+
+-- This module needs to return the created table, so that Kong
+-- can execute those functions.
+return CustomHandler
+```
+
+Of course, the logic of your plugin itself can be abstracted away in another
+module, and called from your `handler` module. Many existing plugins have
+already chosen this pattern when their logic is verbose, but it is purely
+optional:
+
+```lua
+local BasePlugin = require "kong.plugins.base_plugin"
+
+-- The actual logic is implemented in those modules
+local access = require "kong.plugins.my-custom-plugin.access"
+local body_filter = require "kong.plugins.my-custom-plugin.body_filter"
+
+
+local CustomHandler = BasePlugin:extend()
+
+
+CustomHandler.VERSION  = "1.0.0"
+CustomHandler.PRIORITY = 10 
+
+
+function CustomHandler:new()
+  CustomHandler.super.new(self, "my-custom-plugin")
+end
+
+function CustomHandler:access(config)
+  CustomHandler.super.access(self)
+
+  -- Execute any function from the module loaded in `access`,
+  -- for example, `execute()` and passing it the plugin's configuration.
+  access.execute(config)
+end
+
+function CustomHandler:body_filter(config)
+  CustomHandler.super.body_filter(self)
+
+  -- Execute any function from the module loaded in `body_filter`,
+  -- for example, `execute()` and passing it the plugin's configuration.
+  body_filter.execute(config)
+end
+
+
+return CustomHandler
+```
+
+See [the source code of the Key-Auth plugin](https://github.com/Kong/kong/blob/master/kong/plugins/key-auth/handler.lua)
+for an example of a real-life handler code.
+
+---
+
+## Plugin Development Kit
+
+Logic implemented in those phases will most likely have to interact with the
+request/response objects or core components (e.g. access the cache, and
+database). Kong provides a [Plugin Development Kit][pdk] (or "PDK") for such
+purposes: a set of Lua functions and variables that can be used by plugins to
+execute various gateway operations in a way that is guaranteed to be
+forward-compatible with future releases of Kong.
+
+When you are trying to implement some logic that needs to interact with Kong
+(e.g. retrieving request headers, producing a response from a plugin, logging
+some error or debug information), you should consult the [Plugin Development
+Kit Reference][pdk].
+
+---
+
+## Plugins execution order
+
+Some plugins might depend on the execution of others to perform some
+operations. For example, plugins relying on the identity of the consumer have
+to run **after** authentication plugins. Considering this, Kong defines
+**priorities** between plugins execution to ensure that order is respected.
+
+Your plugin's priority can be configured via a property accepting a number in
+the returned handler table:
+
+```lua
+CustomHandler.PRIORITY = 10
+```
+
+The higher the priority, the sooner your plugin's phases will be executed in
+regard to other plugins' phases (such as `:access()`, `:log()`, etc.).
+
+The current order of execution for the bundled plugins is:
+
+Plugin                      | Priority
+----------------------------|----------
+pre-function                | `+inf`
+zipkin                      | 100000
+ip-restriction              | 3000
+bot-detection               | 2500
+cors                        | 2000
+session                     | 1900
+kubernetes-sidecar-injector | 1006
+jwt                         | 1005
+oauth2                      | 1004
+key-auth                    | 1003
+ldap-auth                   | 1002
+basic-auth                  | 1001
+hmac-auth                   | 1000
+request-size-limiting       | 951
+acl                         | 950
+rate-limiting               | 901
+response-ratelimiting       | 900
+request-transformer         | 801
+response-transformer        | 800
+aws-lambda                  | 750
+azure-functions             | 749
+prometheus                  | 13
+http-log                    | 12
+statsd                      | 11
+datadog                     | 10
+file-log                    | 9
+udp-log                     | 8
+tcp-log                     | 7
+loggly                      | 6
+syslog                      | 4
+request-termination         | 2
+correlation-id              | 1
+post-function               | -1000
+
+---
+
+Next: [Plugin configuration &rsaquo;]({{page.book.next}})
+
+[lua-nginx-module]: https://github.com/openresty/lua-nginx-module
+[pdk]: /enterprise/{{page.kong_version}}/pdk
diff --git a/app/enterprise/0.36-x/plugin-development/distribution.md b/app/enterprise/0.36-x/plugin-development/distribution.md
new file mode 100644
index 000000000000..6e847f49326f
--- /dev/null
+++ b/app/enterprise/0.36-x/plugin-development/distribution.md
@@ -0,0 +1,306 @@
+---
+title: Plugin Development - (un)Installing your plugin
+book: plugin_dev
+chapter: 10
+---
+
+## Introduction
+
+Custom plugins for Kong consist of Lua source files that need to be in the file
+system of each of your Kong nodes. This guide will provide you with
+step-by-step instructions that will make a Kong node aware of your custom
+plugin(s).
+
+These steps should be applied to each node in your Kong cluster, to ensure the
+custom plugin(s) are available on each one of them.
+
+## Packaging sources
+
+You can either use a regular packing strategy (e.g. `tar`), or use the LuaRocks
+package manager to do it for you. We recommend LuaRocks as it is installed
+along with Kong when using one of the official distribution packages.
+
+When using LuaRocks, you must create a `rockspec` file, which specifies the
+package contents. For an example see the [Kong plugin
+template][plugin-template], for more info about the format see the LuaRocks
+[documentation on rockspecs][rockspec].
+
+Pack your rock using the following command (from the plugin repo):
+
+    # install it locally (based on the `.rockspec` in the current directory)
+    $ luarocks make
+
+    # pack the installed rock
+    $ luarocks pack <plugin-name> <version>
+
+Assuming your plugin rockspec is called
+`kong-plugin-my-plugin-0.1.0-1.rockspec`, the above would become;
+
+    $ luarocks pack kong-plugin-my-plugin 0.1.0-1
+
+The LuaRocks `pack` command has now created a `.rock` file (this is simply a
+zip file containing everything needed to install the rock).
+
+If you do not or cannot use LuaRocks, then use `tar` to pack the
+`.lua` files of which your plugin consists into a `.tar.gz` archive. You can
+also include the `.rockspec` file if you do have LuaRocks on the target
+systems.
+
+The contents of this archive should be close to the following:
+
+    $ tree <plugin-name>
+    <plugin-name>
+    ├── INSTALL.txt
+    ├── README.md
+    ├── kong
+    │   └── plugins
+    │       └── <plugin-name>
+    │           ├── handler.lua
+    │           └── schema.lua
+    └── <plugin-name>-<version>.rockspec
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Installing the plugin
+
+For a Kong node to be able to use the custom plugin, the custom plugin's Lua
+sources must be installed on your host's file system. There are multiple ways
+of doing so: via LuaRocks, or manually. Choose one, and jump to section 3.
+
+1. Via LuaRocks from the created 'rock'
+
+    The `.rock` file is a self contained package that can be installed locally
+    or from a remote server.
+
+    If the `luarocks` utility is installed in your system (this is likely the
+    case if you used one of the official installation packages), you can
+    install the 'rock' in your LuaRocks tree (a directory in which LuaRocks
+    installs Lua modules).
+
+    It can be installed by doing:
+
+        $ luarocks install <rock-filename>
+
+    The filename can be a local name, or any of the supported methods, eg.
+    `http://myrepository.lan/rocks/my-plugin-0.1.0-1.all.rock`
+
+2. Via LuaRocks from the source archive
+
+    If the `luarocks` utility is installed in your system (this is likely the
+    case if you used one of the official installation packages), you can
+    install the Lua sources in your LuaRocks tree (a directory in which
+    LuaRocks installs Lua modules).
+
+    You can do so by changing the current directory to the extracted archive,
+    where the rockspec file is:
+
+        $ cd <plugin-name>
+
+    And then run the following:
+
+        $ luarocks make
+
+    This will install the Lua sources in `kong/plugins/<plugin-name>` in your
+    system's LuaRocks tree, where all the Kong sources are already present.
+
+3. Manually
+
+    A more conservative way of installing your plugin's sources is
+    to avoid "polluting" the LuaRocks tree, and instead, point Kong
+    to the directory containing them.
+
+    This is done by tweaking the `lua_package_path` property of your Kong
+    configuration. Under the hood, this property is an alias to the `LUA_PATH`
+    variable of the Lua VM, if you are familiar with it.
+
+    Those properties contain a semicolon-separated list of directories in
+    which to search for Lua sources. It should be set like so in your Kong
+    configuration file:
+
+        lua_package_path = /<path-to-plugin-location>/?.lua;;
+
+    Where:
+
+    * `/<path-to-plugin-location>` is the path to the directory containing the
+      extracted archive. It should be the location of the `kong` directory
+      from the archive.
+    * `?` is a placeholder that will be replaced by
+      `kong.plugins.<plugin-name>` when Kong will try to load your plugin. Do
+      not change it.
+    * `;;` a placeholder for the "the default Lua path". Do not change it.
+
+    Example:
+
+    The plugin `something` being located on the file system such that the
+    handler file is:
+
+        /usr/local/custom/kong/plugins/<something>/handler.lua
+
+    The location of the `kong` directory is: `/usr/local/custom`, hence the
+    proper path setup would be:
+
+        lua_package_path = /usr/local/custom/?.lua;;
+
+    Multiple plugins:
+
+    If you wish to install two or more custom plugins this way, you can set
+    the variable to something like:
+
+        lua_package_path = /path/to/plugin1/?.lua;/path/to/plugin2/?.lua;;
+
+    * `;` is the separator between directories.
+    * `;;` still means "the default Lua path".
+
+    Note: you can also set this property via its environment variable
+    equivalent: `KONG_LUA_PACKAGE_PATH`.
+
+Reminder: regardless of which method you are using to install your plugin's
+sources, you must still do so for each node in your Kong cluster.
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Load the plugin
+
+You must now add the custom plugin's name to the `plugins` list in your
+Kong configuration (on each Kong node):
+
+    plugins = bundled,<plugin-name>
+
+Or, if you don't want to include the bundled plugins:
+
+    plugins = <plugin-name>
+
+
+If you are using two or more custom plugins, insert commas in between, like so:
+
+    plugins = bundled,plugin1,plugin2
+
+Or
+
+    plugins = plugin1,plugin2
+
+Note: you can also set this property via its environment variable equivalent:
+`KONG_PLUGINS`.
+
+Reminder: don't forget to update the `plugins` directive for each node
+in your Kong cluster.
+
+Reminder: the plugin will take effect after restart kong:
+    
+    kong restart
+
+But, if you want to apply plugin while kong never stop, you can use this:
+
+    kong prepare
+    kong reload
+    
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Verify loading the plugin
+
+You should now be able to start Kong without any issue. Consult your custom
+plugin's instructions on how to enable/configure your plugin
+on a Service, Route, or Consumer entity.
+
+To make sure your plugin is being loaded by Kong, you can start Kong with a
+`debug` log level:
+
+    log_level = debug
+
+or:
+
+    KONG_LOG_LEVEL=debug
+
+Then, you should see the following log for each plugin being loaded:
+
+    [debug] Loading plugin <plugin-name>
+
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Removing a plugin
+
+There are three steps to completely remove a plugin.
+
+1. Remove the plugin from your Kong Service or Route configuration. Make sure
+   that it is no longer applied globally nor for any Service, Route, or
+   consumer. This has to be done only once for the entire Kong cluster, no
+   restart/reload required.  This step in itself will make that the plugin is
+   no longer in use. But it remains available and it is still possible to
+   re-apply the plugin.
+
+2. Remove the plugin from the `plugins` directive (on each Kong node).
+   Make sure to have completed step 1 before doing so. After this step
+   it will be impossible for anyone to re-apply the plugin to any Kong
+   Service, Route, Consumer, or even globally. This step requires to
+   restart/reload the Kong node to take effect.
+
+3. To remove the plugin thoroughly, delete the plugin-related files from
+   each of the Kong nodes. Make sure to have completed step 2, including
+   restarting/reloading Kong, before deleting the files. If you used LuaRocks
+   to install the plugin, you can do `luarocks remove <plugin-name>` to remove
+   it.
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Distributing your plugin
+
+The preferred way to do so is to use [LuaRocks](https://luarocks.org/), a
+package manager for Lua modules. It calls such modules "rocks". **Your module
+does not have to live inside the Kong repository**, but it can be if that's
+how you'd like to maintain your Kong setup.
+
+By defining your modules (and their eventual dependencies) in a [rockspec]
+file, you can install those modules on your platform via LuaRocks. You can
+also upload your module on LuaRocks and make it available to everyone!
+
+Here is an example rockspec which would use the "builtin" build type to define
+modules in Lua notation and their corresponding file:
+
+
+For an example see the [Kong plugin template][plugin-template], for more info
+about the format see the LuaRocks [documentation on rockspecs][rockspec].
+
+[Back to TOC](#table-of-contents)
+
+---
+
+## Troubleshooting
+
+Kong can fail to start because of a misconfigured custom plugin for several
+reasons:
+
+* "plugin is in use but not enabled" -> You configured a custom plugin from
+  another node, and that the plugin configuration is in the database, but the
+  current node you are trying to start does not have it in its `plugins`
+  directive. To resolve, add the plugin's name to the node's `plugins`
+  directive.
+
+* "plugin is enabled but not installed" -> The plugin's name is present in the
+  `plugins` directive, but that Kong is unable to load the `handler.lua`
+  source file from the file system. To resolve, make sure that the
+  [lua_package_path](/enterprise/{{page.kong_version}}/property-reference/#development-miscellaneous-section)
+  directive is properly set to load this plugin's Lua sources.
+
+* "no configuration schema found for plugin" -> The plugin is installed,
+  enabled in the `plugins` directive, but Kong is unable to load the
+  `schema.lua` source file from the file system. To resolve, make sure that
+  the `schema.lua` file is present alongside the plugin's `handler.lua` file.
+
+[Back to TOC](#table-of-contents)
+
+---
+
+[rockspec]: https://github.com/keplerproject/luarocks/wiki/Creating-a-rock
+[plugin-template]: https://github.com/Kong/kong-plugin
diff --git a/app/enterprise/0.36-x/plugin-development/entities-cache.md b/app/enterprise/0.36-x/plugin-development/entities-cache.md
new file mode 100644
index 000000000000..677e9227597e
--- /dev/null
+++ b/app/enterprise/0.36-x/plugin-development/entities-cache.md
@@ -0,0 +1,349 @@
+---
+title: Plugin Development - Caching Custom Entities
+book: plugin_dev
+chapter: 7
+---
+
+## Introduction
+
+Your plugin may need to frequently access custom entities (explained in the
+[previous chapter]({{page.book.previous}})) on every request and/or response.
+Usually, loading them once and caching them in-memory dramatically improves
+the performance while making sure the datastore is not stressed with an
+increased load.
+
+Think of an api-key authentication plugin that needs to validate the api-key on
+every request, thus loading the custom credential object from the datastore on
+every request. When the client provides an api-key along with the request,
+normally you would query the datastore to check if that key exists, and then
+either block the request or retrieve the Consumer ID to identify the user. This
+would happen on every request, and it would be very inefficient:
+
+* Querying the datastore adds latency on every request, making the request
+  processing slower.
+* The datastore would also be affected by an increase of load, potentially
+  crashing or slowing down, which in turn would affect every Kong
+  node.
+
+To avoid querying the datastore every time, we can cache custom entities
+in-memory on the node, so that frequent entity lookups don't trigger a
+datastore query every time (only the first time), but happen in-memory, which
+is much faster and reliable that querying it from the datastore (especially
+under heavy load).
+
+## Modules
+
+```
+kong.plugins.<plugin_name>.daos
+```
+
+## Caching custom entities
+
+Once you have defined your custom entities, you can cache them in-memory in
+your code by using the [kong.cache](/enterprise/{{page.kong_version}}/pdk/#kong-cache)
+module provided by the [Plugin Development Kit]:
+
+```
+local cache = kong.cache
+```
+
+There are 2 levels of cache:
+
+1. L1: Lua memory cache - local to an Nginx worker process.
+   This can hold any type of Lua value.
+2. L2: Shared memory cache (SHM) - local to an Nginx node, but shared between
+   all the workers. This can only hold scalar values, and hence requires
+   (de)serialization of a more complex types such as Lua tables.
+
+When data is fetched from the database, it will be stored in both caches. 
+If the same worker process requests the data again, it will retrieve the
+previously deserialized data from the Lua memory cache. If a different
+worker within the same Nginx node requests that data, it will find the data
+in the SHM, deserialize it (and store it in its own Lua memory cache) and
+then return it.
+
+This module exposes the following functions:
+
+Function name                                 | Description
+----------------------------------------------|---------------------------
+`value, err = cache:get(key, opts?, cb, ...)` | Retrieves the value from the cache. If the cache does not have value (miss), invokes `cb` in protected mode. `cb` must return one (and only one) value that will be cached. It *can* throw errors, as those will be caught and properly logged by Kong, at the `ngx.ERR` level. This function **does** cache negative results (`nil`). As such, one must rely on its second argument `err` when checking for errors.
+`ttl, err, value = cache:probe(key)`          | Checks if a value is cached. If it is, returns its remaining ttl. It not, returns `nil`. The value being cached can also be a negative caching. The third return value is the value being cached itself.
+`cache:invalidate_local(key)`                 | Evicts a value from the node's cache.
+`cache:invalidate(key)`                       | Evicts a value from the node's cache **and** propagates the eviction events to all other nodes in the cluster.
+`cache:purge()`                               | Evicts **all** values from the node's cache.
+
+Bringing back our authentication plugin example, to lookup a credential with a
+specific api-key, we would write something similar to:
+
+```lua
+-- handler.lua
+local BasePlugin = require "kong.plugins.base_plugin"
+
+
+local kong = kong
+
+
+local function load_credential(key)
+  local credential, err = kong.db.keyauth_credentials:select_by_key(key)
+  if not credential then
+    return nil, err
+  end
+  return credential
+end
+
+
+local CustomHandler = BasePlugin:extend()
+
+
+CustomHandler.VERSION  = "1.0.0"
+CustomHandler.PRIORITY = 1010
+
+
+function CustomHandler:new()
+  CustomHandler.super.new(self, "my-custom-plugin")
+end
+
+
+function CustomHandler:access(config)
+  CustomHandler.super.access(self)
+  
+  -- retrieve the apikey from the request querystring
+  local key = kong.request.get_query_arg("apikey")
+
+  local credential_cache_key = kong.db.keyauth_credentials:cache_key(key)
+
+  -- We are using cache.get to first check if the apikey has been already
+  -- stored into the in-memory cache. If it's not, then we lookup the datastore
+  -- and return the credential object. Internally cache.get will save the value
+  -- in-memory, and then return the credential.
+  local credential, err = kong.cache:get(credential_cache_key, nil,
+                                         load_credential, credential_cache_key)
+  if err then
+    kong.log.err(err)
+    return kong.response.exit(500, {
+      message = "Unexpected error"
+    })
+  end
+    
+  if not credential then
+    -- no credentials in cache nor datastore
+    return kong.response.exit(401, {
+      message = "Invalid authentication credentials"
+    })
+  end
+    
+  -- set an upstream header if the credential exists and is valid
+  kong.service.request.set_header("X-API-Key", credential.apikey)
+end
+
+
+return CustomHandler
+```
+
+Note that in the above example, we use various components from the [Plugin
+Development Kit] to interact with the request, cache module, or even produce a
+response from our plugin.
+
+Now, with the above mechanism in place, once a Consumer has made a request with
+their API key, the cache will be considered warm and subsequent requests won't
+result in a database query.
+
+The cache is used in several places in the [Key-Auth plugin handler](https://github.com/Kong/kong/blob/master/kong/plugins/key-auth/handler.lua).
+Give that file a look in order to see how an official plugin uses the cache.
+
+### Updating or deleting a custom entity
+
+Every time a cached custom entity is updated or deleted in the datastore (i.e.
+using the Admin API), it creates an inconsistency between the data in the
+datastore, and the data cached in the Kong nodes' memory. To avoid this
+inconsistency, we need to evict the cached entity from the in-memory store and
+force Kong to request it again from the datastore. We refer to this process as
+cache invalidation.
+
+---
+
+## Cache invalidation for your entities
+
+If you wish that your cached entities be invalidated upon a CRUD operation
+rather than having to wait for them to reach their TTL, you have to follow a
+few steps. This process can be automated for most entities, but manually
+subscribing to some CRUD events might be required to invalidate some entities
+with more complex relationships.
+
+### Automatic cache invalidation
+
+Cache invalidation can be provided out of the box for your entities if you rely
+on the `cache_key` property of your entity's schema. For example, in the
+following schema:
+
+```lua
+local typedefs = require "kong.db.schema.typedefs"
+
+
+return {
+  -- this plugin only results in one custom DAO, named `keyauth_credentials`:
+  keyauth_credentials = {
+    name               = "keyauth_credentials", -- the actual table in the database
+    endpoint_key       = "key",
+    primary_key        = { "id" },
+    cache_key          = { "key" },
+    generate_admin_api = true,
+    fields = {
+      {
+        -- a value to be inserted by the DAO itself
+        -- (think of serial id and the uniqueness of such required here)
+        id = typedefs.uuid,
+      },
+      {
+        -- also interted by the DAO itself
+        created_at = typedefs.auto_timestamp_s,
+      },
+      {
+        -- a foreign key to a consumer's id
+        consumer = {
+          type      = "foreign",
+          reference = "consumers",
+          default   = ngx.null,
+          on_delete = "cascade",
+        },
+      },
+      {
+        -- a unique API key
+        key = {
+          type      = "string",
+          required  = false,
+          unique    = true,
+          auto      = true,
+        },
+      },
+    },
+  },
+}
+```
+
+We can see that we declare the cache key of this API key entity to be its
+`key` attribute. We use `key` here because it has a unique constraints
+applied to it. Hence, the attributes added to `cache_key` should result in
+a unique combination, so that no two entities could yield the same cache key.
+
+Adding this value allows you to use the following function on the DAO of that
+entity:
+
+```lua
+cache_key = kong.db.<dao>:cache_key(arg1, arg2, arg3, ...)
+```
+
+Where the arguments must be the attributes specified in your schema's
+`cache_key` property, in the order they were specified. This function then
+computes a string value `cache_key` that is ensured to be unique.
+
+For example, if we were to generate the cache_key of an API key:
+
+```lua
+local cache_key = kong.db.keyauth_credentials:cache_key("abcd")
+```
+
+This would produce a cache_key for the API key `"abcd"` (retrieved from one
+of the query's arguments) that we can the use to retrieve the key from the
+cache (or fetch from the database if the cache is a miss):
+
+```lua
+local key       = kong.request.get_query_arg("apikey")
+local cache_key = kong.db.keyauth_credentials:cache_key(key)
+
+local credential, err = kong.cache:get(cache_key, nil, load_entity_key, apikey)
+if err then
+  kong.log.err(err)
+  return kong.response.exit(500, { message = "Unexpected error" })
+end
+
+if not credential then
+  return kong.response.exit(401, { message = "Invalid authentication credentials" })
+end
+
+
+-- do something with the credential
+```
+
+If the `cache_key` is generated like so and specified in an entity's schema,
+cache invalidation will be an automatic process: every CRUD operation that
+affects this API key will be make Kong generate the affected `cache_key`, and
+broadcast it to all of the other nodes on the cluster so they can evict
+that particular value from their cache, and fetch the fresh value from the
+datastore on the next request.
+
+When a parent entity is receiving a CRUD operation (e.g. the Consumer owning
+this API key, as per our schema's `consumer_id` attribute), Kong performs the
+cache invalidation mechanism for both the parent and the child entity.
+
+**Note**: Be aware of the negative caching that Kong provides. In the above
+example, if there is no API key in the datastore for a given key, the cache
+module will store the miss just as if it was a hit. This means that a
+"Create" event (one that would create an API key with this given key) is also
+propagated by Kong so that all nodes that stored the miss can evict it, and
+properly fetch the newly created API key from the datastore.
+
+See the [Clustering Guide](/enterprise/{{page.kong_version}}/clustering/) to ensure
+that you have properly configured your cluster for such invalidation events.
+
+### Manual cache invalidation
+
+In some cases, the `cache_key` property of an entity's schema is not flexible
+enough, and one must manually invalidate its cache. Reasons for this could be
+that the plugin is not defining a relationship with another entity via the
+traditional `foreign = "parent_entity:parent_attribute"` syntax, or because
+it is not using the `cache_key` method from its DAO, or even because it is
+somehow abusing the caching mechanism.
+
+In those cases, you can manually setup your own subscriber to the same
+invalidation channels Kong is listening to, and perform your own, custom
+invalidation work.
+
+To listen on invalidation channels inside of Kong, implement the following in
+your plugin's `init_worker` handler:
+
+```lua
+function MyCustomHandler:init_worker()
+  -- listen to all CRUD operations made on Consumers
+  kong.worker_events.register(function(data)
+
+  end, "crud", "consumers")
+
+  -- or, listen to a specific CRUD operation only
+  kong.worker_events.register(function(data)
+    kong.log.inspect(data.operation)  -- "update"
+    kong.log.inspect(data.old_entity) -- old entity table (only for "update")
+    kong.log.inspect(data.entity)     -- new entity table
+    kong.log.inspect(data.schema)     -- entity's schema
+  end, "crud", "consumers:update")
+end
+```
+
+Once the above listeners are in place for the desired entities, you can perform
+manual invalidations of any entity that your plugin has cached as you wish so.
+For instance:
+
+```lua
+kong.worker_events.register(function(data)
+  if data.operation == "delete" then
+    local cache_key = data.entity.id
+    kong.cache:invalidate("prefix:" .. cache_key)
+  end
+end, "crud", "consumers")
+```
+
+## Extending the Admin API
+
+As you are probably aware, the [Admin API] is where Kong users communicate with
+Kong to setup their APIs and plugins. It is likely that they also need to be
+able to interact with the custom entities you implemented for your plugin (for
+example, creating and deleting API keys). The way you would do this is by
+extending the Admin API, which we will detail in the next chapter:
+[Extending the Admin API]({{page.book.next}}).
+
+---
+
+Next: [Extending the Admin API &rsaquo;]({{page.book.next}})
+
+[Admin API]: /enterprise/{{page.kong_version}}/admin-api/
+[Plugin Development Kit]: /enterprise/{{page.kong_version}}/pdk
diff --git a/app/enterprise/0.36-x/plugin-development/file-structure.md b/app/enterprise/0.36-x/plugin-development/file-structure.md
new file mode 100644
index 000000000000..240f31bd261e
--- /dev/null
+++ b/app/enterprise/0.36-x/plugin-development/file-structure.md
@@ -0,0 +1,124 @@
+---
+title: Plugin Development - File Structure
+book: plugin_dev
+chapter: 2
+---
+
+<div class="alert alert-warning">
+  <strong>Note:</strong> This chapter assumes that you are familiar with
+  <a href="http://www.lua.org/">Lua</a>.
+</div>
+
+## Introduction
+
+Consider your plugin as a set of [Lua
+modules](http://www.lua.org/manual/5.1/manual.html#6.3). Each file described in
+this chapter is to be considered as a separate module. Kong will detect and
+load your plugin's modules if their names follow this convention:
+
+```
+kong.plugins.<plugin_name>.<module_name>
+```
+
+> Your modules of course need to be accessible through your
+> [package.path](http://www.lua.org/manual/5.1/manual.html#pdf-package.path)
+> variable, which can be tweaked to your needs via the
+> [lua_package_path](/enterprise/{{page.kong_version}}/property-reference/#lua_package_path)
+> configuration property.
+> However, the preferred way of installing plugins is through
+> [LuaRocks](https://luarocks.org/), which Kong natively integrates with.
+> More on LuaRocks-installed plugins later in this guide.
+
+To make Kong aware that it has to look for your plugin's modules, you'll have
+to add it to the
+[plugins](/enterprise/{{page.kong_version}}/property-reference/#plugins) property in
+your configuration file, which is a comma-separated list. For example:
+
+```yaml
+plugins = bundled,my-custom-plugin # your plugin name here
+```
+
+Or, if you don't want to load any of the bundled plugins:
+
+```yaml
+plugins = my-custom-plugin # your plugin name here
+```
+
+Now, Kong will try to load several Lua modules from the following namespace:
+
+```
+kong.plugins.my-custom-plugin.<module_name>
+```
+
+Some of these modules are mandatory (e.g. `handler.lua`), and some are
+optional, and will allow the plugin to implement some extra-functionalities
+(e.g. `api.lua` to extend the Admin API endpoints).
+
+Now let's describe exactly what are the modules you can implement and what
+their purpose is.
+
+---
+
+## Basic plugin modules
+
+In its purest form, a plugin consists of two mandatory modules:
+
+```
+simple-plugin
+├── handler.lua
+└── schema.lua
+```
+
+- **[handler.lua]**: the core of your plugin. It is an interface to implement, in
+  which each function will be run at the desired moment in the lifecycle of a
+  request / connection.
+- **[schema.lua]**: your plugin probably has to retain some configuration entered
+  by the user. This module holds the *schema* of that configuration and defines
+  rules on it, so that the user can only enter valid configuration values.
+
+---
+
+## Advanced plugin modules
+
+Some plugins might have to integrate deeper with Kong: have their own table in
+the database, expose endpoints in the Admin API, etc. Each of those can be
+done by adding a new module to your plugin. Here is what the structure of a
+plugin would look like if it was implementing all of the optional modules:
+
+```
+complete-plugin
+├── api.lua
+├── daos.lua
+├── handler.lua
+├── migrations
+│   ├── init.lua
+│   └── 000_base_complete_plugin.lua
+└── schema.lua
+```
+
+Here is the complete list of possible modules to implement and a brief
+description of what their purpose is. This guide will go in details to let you
+master each one of them.
+
+| Module name            | Required   | Description
+|:-----------------------|------------|------------
+| **[api.lua]**          | No         | Defines a list of endpoints to be available in the Admin API to interact with the custom entities handled by your plugin.
+| **[daos.lua]**         | No         | Defines a list of DAOs (Database Access Objects) that are abstractions of custom entities needed by your plugin and stored in the datastore.
+| **[handler.lua]**      | Yes        | An interface to implement. Each function is to be run by Kong at the desired moment in the lifecycle of a request / connection.
+| **[migrations/*.lua]** | No         | The database migrations (e.g. creation of tables). Migrations are only necessary when your plugin has to store custom entities in the database and interact with them through one of the DAOs defined by [daos.lua].
+| **[schema.lua]**       | Yes        | Holds the schema of your plugin's configuration, so that the user can only enter valid configuration values.
+
+The [Key-Auth plugin] is an example of plugin with this file structure.
+See [its source code] for more details.
+
+---
+
+Next: [Write custom logic &rsaquo;]({{page.book.next}})
+
+[api.lua]: {{page.book.chapters.admin-api}}
+[daos.lua]: {{page.book.chapters.custom-entities}}
+[handler.lua]: {{page.book.chapters.custom-logic}}
+[schema.lua]: {{page.book.chapters.plugin-configuration}}
+[migrations/*.lua]: {{page.book.chapters.custom-entities}}
+[Key-Auth plugin]: /hub/kong-inc/key-auth/
+[its source code]: https://github.com/Kong/kong/tree/master/kong/plugins/key-auth
diff --git a/app/enterprise/0.36-x/plugin-development/index.md b/app/enterprise/0.36-x/plugin-development/index.md
new file mode 100644
index 000000000000..2dfd5555482b
--- /dev/null
+++ b/app/enterprise/0.36-x/plugin-development/index.md
@@ -0,0 +1,37 @@
+---
+title: Plugin Development - Introduction
+book: plugin_dev
+chapter: 1
+---
+
+# What are plugins and how do they integrate with Kong?
+
+Before going further, it is necessary to briefly explain how Kong is built,
+especially how it integrates with Nginx and what Lua has to do with it.
+
+[lua-nginx-module] enables Lua scripting capabilities in Nginx. Instead of
+compiling Nginx with this module, Kong is distributed along with
+[OpenResty](https://openresty.org/), which already includes lua-nginx-module.
+OpenResty is *not* a fork of Nginx, but a bundle of modules extending its
+capabilities.
+
+Hence, Kong is a Lua application designed to load and execute Lua modules
+(which we more commonly refer to as "*plugins*") and provides an entire
+development environment for them, including an SDK, database abstractions,
+migrations, and more.
+
+Plugins consist of Lua modules interacting with the request/response objects or
+streams via the **Plugin Development Kit** (or "PDK") to implement arbitrary logic.
+The PDK is a set of Lua functions that a plugin can use to facilitate interactions
+between plugins and the core (or other components) of Kong.
+
+This guide will explore in detail the structure of plugins, what they can
+extend, and how to distribute and install them. For a complete reference of the
+PDK, see the [Plugin Development Kit] reference.
+
+---
+
+Next: [File structure of a plugin &rsaquo;]({{page.book.next}})
+
+[lua-nginx-module]: https://github.com/openresty/lua-nginx-module
+[Plugin Development Kit]: /enterprise/{{page.kong_version}}/pdk
diff --git a/app/enterprise/0.36-x/plugin-development/plugin-configuration.md b/app/enterprise/0.36-x/plugin-development/plugin-configuration.md
new file mode 100644
index 000000000000..22ea06965947
--- /dev/null
+++ b/app/enterprise/0.36-x/plugin-development/plugin-configuration.md
@@ -0,0 +1,420 @@
+---
+title: Plugin Development - Plugin Configuration
+book: plugin_dev
+chapter: 4
+---
+
+## Introduction
+
+Most of the time, it makes sense for your plugin to be configurable to answer
+all of your users' needs. Your plugin's configuration is stored in the
+datastore for Kong to retrieve it and pass it to your
+[handler.lua]({{page.book.chapters.custom-logic}}) methods when the plugin is
+being executed.
+
+The configuration consists of a Lua table in Kong that we call a **schema**. It
+contains key/value properties that the user will set when enabling the plugin
+through the [Admin API]. Kong provides you with a way of validating the user's
+configuration for your plugin.
+
+Your plugin's configuration is being verified against your schema when a user
+issues a request to the [Admin API] to enable or update a plugin on a given
+Service, Route and/or Consumer.
+
+For example, a user performs the following request:
+
+```bash
+$ curl -X POST http://kong:8001/services/<service-name-or-id>/plugins \
+    -d "name=my-custom-plugin" \
+    -d "config.foo=bar"
+```
+
+If all properties of the `config` object are valid according to your schema,
+then the API would return `201 Created` and the plugin would be stored in the
+database along with its configuration:
+```lua
+{
+  foo = "bar"
+}
+ ```
+ 
+If the configuration is not valid, the Admin API would return `400 Bad Request`
+and the appropriate error messages.
+
+## Module
+
+```
+kong.plugins.<plugin_name>.schema
+```
+
+## schema.lua specifications
+
+This module is to return a Lua table with properties that will define how your
+plugins can later be configured by users. Available properties are:
+
+| Property name   | Lua type   | Description
+|-----------------|------------|------------
+| `name`          | `string`   | Name of the plugin, e.g. `key-auth`.
+| `fields`        | `table`    | Array of field definitions.
+| `entity_checks` | `function` | Array of conditional entity level validation checks.
+
+
+All the plugins inherit some default fields which are:
+
+| Field name      | Lua type   | Description
+|-----------------|------------|------------
+| `id`            | `string`   | Auto-generated plugin id.
+| `name`          | `string`   | Name of the plugin, e.g. `key-auth`.
+| `created_at`    | `number`   | Creation time of the plugin configuration (seconds from epoch).
+| `route`         | `table`    | Route to which plugin is bound, if any.
+| `service`       | `table`    | Service to which plugin is bound, if any.
+| `consumer`      | `table`    | Consumer to which plugin is bound when possible, if any.
+| `run_on`        | `string`   | Determines on which node the plugin should run on service mesh.
+| `protocols`     | `table`    | The plugin will run on specified protocol(s).
+| `enabled`       | `boolean`  | Whether or not the plugin is enabled.
+| `tags`          | `table`    | The tags for the plugin.
+
+In most of the cases you can ignore most of those and use the defaults. Or let the user
+specify value when enabling a plugin.
+
+Here is an example of a potential `schema.lua` file (with some overrides applied):
+
+```lua
+local typedefs = require "kong.db.schema.typedefs"
+
+
+return {
+  name = "<plugin-name>",
+  fields = {
+    {
+      -- this plugin will only be applied to Services or Routes
+      consumer = typedefs.no_consumer
+    },
+    {
+      -- this plugin will only be executed on the first Kong node
+      -- if a request comes from a service mesh (when acting as
+      -- a non-service mesh gateway, the nodes are always considered
+      -- to be "first".
+      run_on = typedefs.run_on_first
+    },
+    {
+      -- this plugin will only run within Nginx HTTP module
+      protocols = typedefs.protocols_http
+    },
+    {
+      config = {
+        type = "record",
+        fields = {
+          -- Describe your plugin's configuration's schema here.        
+        },
+      },
+    },
+  },
+  entity_checks = {
+    -- Describe your plugin's entity validation rules
+  },
+}
+```
+
+## Describing your configuration schema
+
+The `config.fields` property of your `schema.lua` file describes the schema of your
+plugin's configuration. It is a flexible array of field definitions where each field
+is a valid configuration property for your plugin, describing the rules for that
+property. For example:
+
+```lua
+{
+  name = "<plugin-name>",
+  fields = {
+    config = {
+      type = "record",
+      fields = {
+        {
+          some_string = {
+            type = "string",
+            required = false,
+          },
+        },
+        {
+          some_boolean = {
+            type = "boolean",
+            default = false,
+          },
+        },
+        {
+          some_array = {
+            type = "array",
+            elements = {
+              type = "string",
+              one_of = {
+                "GET",
+                "POST",
+                "PUT",
+                "DELETE",
+              },
+            },
+          },
+        },
+      },
+    },
+  },
+}
+```
+
+Here is the list of some common (not all) accepted rules for a property (see the fields table above for examples):
+
+| Rule               | Description
+|--------------------|----------------------------
+| `type`             | The type of a property.
+| `required`         | Whether or not the property is required 
+| `default`          | The default value for the property when not specified
+| `elements`         | Field definition of `array` or `set` elements.
+| `keys`             | Field definition of `map` keys.
+| `values`           | Field definition of `map` values.
+| `fields`           | Field definition(s) of `record` fields.
+
+There are many more, but the above are commonly used.
+
+You can also add field validators, to mention a few:
+
+| Rule               | Description
+|--------------------|----------------------------
+| `between`          | Checks that the input number is between allowed values.
+| `eq`               | Checks the equality of the input to allowed value.
+| `ne`               | Checks the inequality of the input to allowed value.
+| `gt`               | Checks that the number is greater than given value. 
+| `len_eq`           | Checks that the input string length is equal to the given value. 
+| `len_min`          | Checks that the input string length is at least the given value.
+| `len_max`          | Checks that the input string length is at most the given value.
+| `match`            | Checks that the input string matches the given Lua pattern.
+| `not_match`        | Checks that the input string doesn't match the given Lua pattern.
+| `match_all`        | Checks that the input string matches all the given Lua patterns.
+| `match_none`       | Checks that the input string doesn't match any of the given Lua patterns.
+| `match_any`        | Checks that the input string matches any of the given Lua patterns.
+| `starts_with`      | Checks that the input string starts with a given value.
+| `one_of`           | Checks that the input string is one of the accepted values.
+| `contains`         | Checks that the input array contains the given value.
+| `is_regex`         | Checks that the input string is a valid regex pattern.  
+| `custom_validator` | A custom validation function written in Lua.
+
+There are some additional validators, but you get a good idea how you can specify validation
+rules on fields from the above table.
+
+---
+
+### Examples
+
+This `schema.lua` file is for the [key-auth](/hub/kong-inc/key-auth/) plugin:
+
+```lua
+-- schema.lua
+local typedefs = require "kong.db.schema.typedefs"
+
+
+return {
+  name = "key-auth",
+  fields = {
+    {
+      consumer = typedefs.no_consumer
+    },
+    {
+      run_on = typedefs.run_on_first
+    },
+    {
+      protocols = typedefs.protocols_http
+    },
+    {
+      config = {
+        type = "record",
+        fields = {
+          {
+            key_names = {
+              type = "array",
+              required = true,
+              elements = typedefs.header_name,
+              default = {
+                "apikey",
+              },
+            },
+          },
+          {
+            hide_credentials = {
+              type = "boolean",
+              default = false,
+            },
+          },
+          {
+            anonymous = {
+              type = "string",
+              uuid = true,
+              legacy = true,
+            },
+          },
+          {
+            key_in_body = {
+              type = "boolean",
+              default = false,
+            },
+          },
+          {
+            run_on_preflight = {
+              type = "boolean",
+              default = true,
+            },
+          },
+        },
+      },
+    },
+  },
+}
+```
+
+Hence, when implementing the `access()` function of your plugin in
+[handler.lua]({{page.book.chapters.custom-logic}}) and given that the user
+enabled the plugin with the default values, you'd have access to:
+
+```lua
+-- handler.lua
+local BasePlugin = require "kong.plugins.base_plugin"
+
+
+local kong = kong
+
+
+local CustomHandler = BasePlugin:extend()
+
+
+CustomHandler.VERSION  = "1.0.0"
+CustomHandler.PRIORITY = 10
+
+
+function CustomHandler:new()
+  CustomHandler.super.new(self, "my-custom-plugin")
+end
+
+
+function CustomHandler:access(config)
+  CustomHandler.super.access(self)
+
+  kong.log.inspect(config.key_names)        -- { "apikey" }
+  kong.log.inspect(config.hide_credentials) -- false
+end
+
+
+return CustomHandler
+```
+
+Note that the above example uses the
+[kong.log.inspect](http://localhost:3000/docs/0.14.x/pdk/kong.log/#kong_log_inspect)
+function of the [Plugin Development Kit] to print out those values to the Kong
+logs.
+
+---
+
+A more complex example, which could be used for an eventual logging plugin:
+
+```lua
+-- schema.lua
+local typedefs = require "kong.db.schema.typedefs"
+
+
+return {
+  name = "my-custom-plugin",
+  fields = {
+    {
+      config = {
+        type = "record",
+        fields = {
+          {
+            environment = {
+              type = "string",
+              required = true,
+              one_of = {
+                "production",
+                "development",
+              },
+            },
+          },
+          {
+            server = {
+              type = "record",
+              fields = {
+                {
+                  host = typedefs.host {
+                    default = "example.com",
+                  },
+                },
+                {
+                  port = {
+                    type = "number",
+                    default = 80,
+                    between = {
+                      0,
+                      65534
+                    },
+                  },
+                },  
+              },
+            },
+          },
+        },
+      },
+    },
+  },
+}
+```
+
+Such a configuration will allow a user to post the configuration to your plugin
+as follows:
+
+```bash
+$ curl -X POST http://kong:8001/services/<service-name-or-id>/plugins \
+    -d "name=my-custom-plugin" \
+    -d "config.environment=development" \
+    -d "config.server.host=http://localhost"
+```
+
+And the following will be available in
+[handler.lua]({{page.book.chapters.custom-logic}}):
+
+```lua
+-- handler.lua
+local BasePlugin = require "kong.plugins.base_plugin"
+
+
+local kong = kong
+
+
+local CustomHandler = BasePlugin:extend()
+
+
+CustomHandler.VERSION  = "1.0.0"
+CustomHandler.PRIORITY = 10
+
+
+function CustomHandler:new()
+  CustomHandler.super.new(self, "my-custom-plugin")
+end
+
+function CustomHandler:access(config)
+  CustomHandler.super.access(self)
+
+  kong.log.inspect(config.environment) -- "development"
+  kong.log.inspect(config.server.host) -- "http://localhost"
+  kong.log.inspect(config.server.port) -- 80
+end
+
+
+return CustomHandler
+```
+
+You can also see a real-world example of schema in [the Key-Auth plugin source code].
+
+---
+
+Next: [Accessing the Datastore &rsaquo;]({{page.book.next}})
+
+[Admin API]: /enterprise/{{page.kong_version}}/admin-api
+[Plugin Development Kit]: /enterprise/{{page.kong_version}}/pdk
+[the Key-Auth plugin source code]: https://github.com/Kong/kong/blob/master/kong/plugins/key-auth/schema.lua
diff --git a/app/enterprise/0.36-x/plugin-development/tests.md b/app/enterprise/0.36-x/plugin-development/tests.md
new file mode 100644
index 000000000000..398b641d6150
--- /dev/null
+++ b/app/enterprise/0.36-x/plugin-development/tests.md
@@ -0,0 +1,108 @@
+---
+title: Plugin Development - Writing tests
+book: plugin_dev
+chapter: 9
+toc: false
+---
+
+## Introduction
+
+If you are serious about your plugins, you probably want to write tests for it.
+Unit testing Lua is easy, and [many testing
+frameworks](http://lua-users.org/wiki/UnitTesting) are available. However, you
+might also want to write integration tests. Again, Kong has your back.
+
+## Write integration tests
+
+The preferred testing framework for Kong is
+[busted](http://olivinelabs.com/busted/) running with the
+[resty-cli](https://github.com/openresty/resty-cli) interpreter, though you are
+free to use another one if you wish. In the Kong repository, the busted
+executable can be found at `bin/busted`.
+
+Kong provides you with a helper to start and stop it from Lua in your test
+suite: `spec.helpers`. This helper also provides you with ways to insert
+fixtures in your datastore before running your tests, as well as dropping it,
+and various other helpers.
+
+If you are writing your plugin in your own repository, you will need to copy
+the following files until the Kong testing framework is released:
+
+- `bin/busted`: the busted executable running with the resty-cli interpreter
+- `spec/helpers.lua`: helper functions to start/stop Kong from busted
+- `spec/kong_tests.conf`: a configuration file for your running your test Kong instances with the helpers module
+
+Assuming that the `spec.helpers` module is available in your `LUA_PATH`, you
+can use the following Lua code in busted to start and stop Kong:
+
+```lua
+local helpers = require "spec.helpers"
+
+for _, strategy in helpers.each_strategy() do
+  describe("my plugin", function()
+
+    local bp = helpers.get_db_utils(strategy)
+
+    setup(function()
+      local service = bp.services:insert {
+        name = "test-service",
+        host = "httpbin.org"
+      }
+
+      bp.routes:insert({
+        hosts = { "test.com" },
+        service = { id = service.id }
+      })
+
+      -- start Kong with your testing Kong configuration (defined in "spec.helpers")
+      assert(helpers.start_kong( { plugins = "bundled,my-plugin" }))
+
+      admin_client = helpers.admin_client()
+    end)
+
+    teardown(function()
+      if admin_client then
+        admin_client:close()
+      end
+
+      helpers.stop_kong()
+    end)
+
+    before_each(function()
+      proxy_client = helpers.proxy_client()
+    end)
+
+    after_each(function()
+      if proxy_client then
+        proxy_client:close()
+      end
+    end)
+
+    describe("thing", function()
+      it("should do thing", function()
+        -- send requests through Kong
+        local res = proxy_client:get("/get", {
+          headers = {
+            ["Host"] = "test.com"
+          }
+        })
+
+        local body = assert.res_status(200, res)
+
+        -- body is a string containing the response
+      end)
+    end)
+  end)
+end
+```
+
+> Reminder: With the test Kong configuration file, Kong is running with
+its proxy listening on port 9000 (HTTP), 9443 (HTTPS)
+and Admin API on port 9001.
+
+If you want to see a real-world example, give a look at the
+[Key-Auth plugin specs](https://github.com/Kong/kong/tree/master/spec/03-plugins/10-key-auth)
+
+---
+
+Next: [Distribute your plugin &rsaquo;]({{page.book.next}})
diff --git a/app/enterprise/0.36-x/plugins/index.md b/app/enterprise/0.36-x/plugins/index.md
new file mode 100644
index 000000000000..6284586b59df
--- /dev/null
+++ b/app/enterprise/0.36-x/plugins/index.md
@@ -0,0 +1,3 @@
+---
+redirect_to: /hub
+---
\ No newline at end of file
diff --git a/app/enterprise/0.36-x/plugins/oidc-azuread.md b/app/enterprise/0.36-x/plugins/oidc-azuread.md
new file mode 100644
index 000000000000..5ae264aea899
--- /dev/null
+++ b/app/enterprise/0.36-x/plugins/oidc-azuread.md
@@ -0,0 +1,88 @@
+---
+title: OpenID Connect with Azure AD
+---
+## Introduction
+
+This guide covers an example OpenID Connect plugin configuration to authenticate browser clients using an Azure AD identity provider.
+
+## Prerequisites
+
+Because OpenID Connect deals with user credentials, all transactions should take place over HTTPS. Although user passwords for third party identity providers are only submitted to those providers and not Kong, authentication tokens do grant access to a subset of user account data and protected APIs, and should be secured. As such, you should make Kong's proxy available via a fully-qualified domain name and [add a certificate][add-certificate] for it.
+
+## Kong Configuration
+
+If you have not yet [added a **Route** and a **Service**][add-service], go ahead and do so. Again, note that you should be able to secure this route with HTTPS, so use a hostname you have a certificate for. Add a location handled by your route as an authorized redirect URI in Azure (under the **Authentication** section of your app registration).
+
+## Azure AD IDP Configuration
+
+You must [register an app][azure-create-app] in your Azure AD configuration and [add a client secret credential][azure-client-secret] that Kong will use to access it. You must also configure a redirect URI that is handled by your Route.
+
+Azure AD provides two interfaces for its OAuth2/OIDC-related endpoints, v1.0 and v2.0. Support for some legacy v1.0 behavior is still available on v2.0, including use of v1.0 tokens by default, which is not compatible with Kong's OIDC implementation. To force Azure AD to use v2.0 tokens, [edit your application manifest][azure-manifest] and set `accessTokenAcceptedVersion` to `2` and include a `YOUR_CLIENT_ID/.default` scope in your plugin configuration as shown below.
+
+## Plugin Configuration
+
+Add a plugin with the configuration below to your route using an HTTP client or [Kong Manager][enable-plugin].
+
+```bash
+$ curl -i -X POST https://admin.kong.example/routes/ROUTE_ID/plugins --data name="openid-connect" \
+  --data config.issuer="https://login.microsoftonline.com/YOUR_DIRECTORY_ID/v2.0/.well-known/openid-configuration" \
+  --data config.client_id="YOUR_CLIENT_ID" \
+  --data config.client_secret="YOUR_CLIENT_SECRET" \
+  --data config.redirect_uri="https://example.com/api" \
+  --data config.scopes="openid" \
+  --data config.scopes="email" \
+  --data config.scopes="profile" \
+  --data config.scopes="YOUR_CLIENT_ID/.default" \
+  --data config.verify_parameters="false" 
+```
+
+Several pieces of configuration above must use values specific to your environment:
+
+* The `issuer` URL can be retrieved by pressing the **Endpoints** button on your app registration's **Overview** page.
+* `redirect_uri` should be the URI you specified earlier when configuring your app. You can add one via the **Authentication** section of the app settings if you did not add one initially.
+* For `client_id` and `scopes` replace `YOUR_CLIENT_ID` with the client ID shown on the app **Overview** page.
+* For `client_secret` replace `YOUR_CLIENT_SECRET` with the URL-encoded representation of the secret you created earlier in the **Certificates & secrets** section. Azure AD secrets often include reserved URL characters, which cURL may handle incorrectly if they are not URL-encoded.
+
+Visiting a URL matched by that route in a browser will now redirect to Microsoft's authentication site and return you to the redirect URI after authenticating.
+
+### Access Restrictions
+
+The configuration above allows users to authenticate and access the Route even though no consumer was created for them: any user with a valid account in the directory will have access to the Route. The OIDC plugin allows this as the simplest authentication option, but you may wish to restrict access further. There are several options for this:
+
+#### Domain Restrictions
+
+Azure AD does not provide identity tokens with the `hd` claim, and as such the OIDC plugin's `domains` configuration cannot restrict users based on their domain. Using a [single-tenant][azure-tenant] application will restrict access to users in your directory only. Multi-tenant apps allow users with Microsoft accounts from other directories and optionally any Microsoft account (e.g. live.com or Xbox accounts) to sign in.
+
+#### Consumer Mapping
+
+If you need to interact with other Kong plugins using consumer information, you can add configuration that maps account data received from the identity provider to a Kong consumer. For this example, the user's Azure AD account GUID is mapped to a consumer by setting it as the `custom_id` on their consumer, e.g.
+
+```bash
+$ curl -i -X POST http://admin.kong.example/consumers/ \
+  --data username="Yoda" \
+  --data custom_id="e5634b31-d67f-4661-a6fb-b6cb77849bcf"
+
+$ curl -i -X PATCH http://admin.kong.example/plugins/OIDC_PLUGIN_ID \
+  --data config.consumer_by="custom_id" \
+  --data config.consumer_claim="oid"
+```
+
+Now, if a user logs into an Azure AD account with the GUID `e5634b31-d67f-4661-a6fb-b6cb77849bcf`, Kong will apply configuration associated with the consumer `Yoda` to their requests. 
+
+This also requires that clients login using an account mapped to some consumer, which may not be desirable (e.g. you apply OpenID Connect to a service, but only use plugins requiring a consumer on some routes). To deal with this, you can set the `anonymous` parameter in your OIDC plugin configuration to the ID of a generic consumer, which will then be used for all authenticated users that cannot be mapped to some other consumer. You can alternately set `consumer_optional` to `true` to allow similar logins without mapping an anonymous consumer.
+
+#### Pseudo-Consumer Mapping
+
+For plugins that typically require consumers, the OIDC plugin can provide a consumer ID based on the value of a claim without mapping to an actual consumer. Setting `credential_claim` to a claim [in your plugin configuration][credential-claim] will extract the value of that claim and use it where Kong would normally use a consumer ID. Note that this may not work with all consumer-related functionality.
+
+Similarly, setting `authenticated_groups_claim` will extract that claim's value and use it as a group for the ACL plugin.
+
+[azure-client-secret]: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application
+[azure-create-app]: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
+[azure-manifest]: https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest#configure-the-app-manifest
+[azure-tenants]: https://docs.microsoft.com/en-us/azure/active-directory/develop/single-and-multi-tenant-apps
+[add-certificate]: /1.2.x/admin-api/#add-certificate
+[add-service]: /enterprise/{{page.kong_version}}/getting-started/add-service
+[oidc-id-token]: http://openid.net/specs/openid-connect-core-1_0.html#IDToken
+[credential-claim]: https://docs.konghq.com/hub/kong-inc/openid-connect/#configcredential_claim
+[enable-plugin]: /enterprise/{{page.kong_version}}/getting-started/enable-plugin/
diff --git a/app/enterprise/0.36-x/plugins/oidc-google.md b/app/enterprise/0.36-x/plugins/oidc-google.md
index a90b3d3cb40d..665a77a3b55e 100644
--- a/app/enterprise/0.36-x/plugins/oidc-google.md
+++ b/app/enterprise/0.36-x/plugins/oidc-google.md
@@ -58,7 +58,7 @@ standardized][oidc-standard-claims], however--if a provider returns an `email` c
 This also requires that clients login using an account mapped to some consumer, which may not be desirable (e.g. you apply OpenID Connect to a service, but only use plugins requiring a consumer on some routes). To deal with this, you can set the `anonymous` parameter in your OIDC plugin configuration to the ID of a generic consumer, which will then be used for all authenticated users that cannot be mapped to some other consumer.
 
 
-[add-certificate]: /1.0.x/admin-api/#add-certificate
+[add-certificate]: /enterprise/{{page.kong_version}}/admin-api/#add-certificate
 [google-oidc]: https://developers.google.com/identity/protocols/OpenIDConnect
 [google-create-credentials]: https://console.developers.google.com/apis/credentials
 [add-service]: /enterprise/{{page.kong_version}}/getting-started/add-service
diff --git a/app/enterprise/0.36-x/plugins/oidc-okta.md b/app/enterprise/0.36-x/plugins/oidc-okta.md
new file mode 100644
index 000000000000..6d9d57ce4f9c
--- /dev/null
+++ b/app/enterprise/0.36-x/plugins/oidc-okta.md
@@ -0,0 +1,108 @@
+---
+title: OpenID Connect with Okta
+---
+## Introduction
+
+This guide covers an example OpenID Connect plugin configuration to authenticate browser clients using an Okta identity provider.
+
+## Prerequisites
+
+Because OpenID Connect deals with user credentials, all transactions should take place over HTTPS. Although user passwords for third party identity providers are only submitted to those providers and not Kong, authentication tokens grant access to a subset of user account data and protected APIs, and should be secured. As such, you should make Kong's proxy available via a fully-qualified domain name and [add a certificate][add-certificate] for it.
+
+## Kong Configuration
+
+If you have not yet [added a **Route** and a **Service**][add-service], go ahead and do so. Again, note that you should be able to secure this route with HTTPS, so use a hostname you have a certificate for. Add a location handled by your route as an authorized redirect URI in Okta (under the **Authentication** section of your app registration).
+
+## Okta IDP Configuration
+
+### Sample Okta Configuration Steps
+
+1. [Register an Application][okta-register-app]. Select the **Applications** page, click **Add Application**.
+
+    <img src="https://doc-assets.konghq.com/0.35/plugins/oidc-okta/01-add-application.png">
+
+2. Select **Web** as the platform.
+
+    <img src="https://doc-assets.konghq.com/0.35/plugins/oidc-okta/02-web-app.png">
+
+3. Fill out the Application's Settings
+
+    **Login re-direct URIs** is a URI that corresponds to a Route you have configured in Kong that will use Okta to authenticate. **Group Assignment** defines who is allowed to use this application. **Grant Type Allowed** indicates the Grant types to allow for your application.
+
+    <img src="https://doc-assets.konghq.com/0.35/plugins/oidc-okta/03-app-settings.png">
+
+4. After submitting the Application configuration, the client credentials will display on the **General** page.
+
+    <img src="https://doc-assets.konghq.com/0.35/plugins/oidc-okta/04-client-id-secret.png">
+
+5. [Define and configure an Authorization server][okta-authorization-server]. Select the **API** page and add an Authorization Server if you don't have an existing one to use.
+
+    <img src="https://doc-assets.konghq.com/0.35/plugins/oidc-okta/05-auth-server.png">
+
+    <img src="https://doc-assets.konghq.com/0.35/plugins/oidc-okta/06-name-auth.png">
+
+6. Click **Save** and view your Authorization Server Settings.
+
+    <img src="https://doc-assets.konghq.com/0.35/plugins/oidc-okta/07-auth-server-settings.png">
+
+## Plugin Configuration
+
+Add a plugin with the configuration below to your route using an HTTP client or [Kong Manager][enable-plugin].
+
+```bash
+$ curl -i -X POST https://admin.kong.example/routes/ROUTE_ID/plugins --data name="openid-connect" \
+  --data config.issuer="https://YOUR_OKTA_DOMAIN/oauth2/YOUR_AUTH_SERVER/.well-known/openid-configuration" \
+  --data config.client_id="YOUR_CLIENT_ID" \
+  --data config.client_secret="YOUR_CLIENT_SECRET" \
+  --data config.redirect_uri="https://kong.com/api" \
+  --data config.scopes="openid" \
+  --data config.scopes="email" \
+  --data config.scopes="profile"
+```
+
+Several pieces of configuration above must use values specific to your environment:
+
+* The `issuer` URL can be found from your Authorization Server settings.
+* `redirect_uri` should be the URI you specified earlier when configuring your app. You can view and edit this from the **General** page for your application.
+* For `client_id` and `client_secret` replace `YOUR_CLIENT_ID` and `YOUR_CLIENT_SECRET` with the client ID and secret shown in your Okta application's **General** page.
+
+Visiting a URL matched by that route in a browser will now redirect to Okta's authentication site and return you to the redirect URI after authenticating.
+
+Additional plugin parameter to consider:
+
+* The `auth_methods` parameter defines a lists of all the authentication methods that you want the plugin to accept. By default value is a list of all the supported methods. It is advisable to define this parameter with only the methods you wish to allow.
+
+### Access Restrictions
+
+The configuration above allows users to authenticate and access the Route even though no consumer was created for them: any user with a valid account in the directory will have access to the Route. The OIDC plugin allows this as the simplest authentication option, but you may wish to restrict access further. There are several options for this:
+
+#### Consumer Mapping
+
+If you need to interact with other Kong plugins using consumer information, you can add configuration that maps account data received from the identity provider to a Kong consumer. For this example, the user's Okta's AD account GUID is mapped to a consumer by setting it as the `custom_id` on their consumer, e.g.
+
+```bash
+$ curl -i -X POST http://admin.kong.example/consumers/ \
+  --data username="Yoda" \
+  --data custom_id="e5634b31-d67f-4661-a6fb-b6cb77849bcf"
+
+$ curl -i -X PATCH http://admin.kong.example/plugins/OIDC_PLUGIN_ID \
+  --data config.consumer_by="custom_id" \
+  --data config.consumer_claim="sub"
+```
+
+Now, if a user logs into an Okta account with the GUID `e5634b31-d67f-4661-a6fb-b6cb77849bcf`, Kong will apply configuration associated with the consumer `Yoda` to their requests. 
+
+This also requires that clients login using an account mapped to some consumer, which may not be desirable (e.g. you apply OpenID Connect to a service, but only use plugins requiring a consumer on some routes). To deal with this, you can set the `anonymous` parameter in your OIDC plugin configuration to the ID of a generic consumer, which will then be used for all authenticated users that cannot be mapped to some other consumer. You can alternately set `consumer_optional` to `true` to allow similar logins without mapping an anonymous consumer.
+
+#### Pseudo-consumers
+
+For plugins that typically require consumers, the OIDC plugin can provide a consumer ID based on the value of a claim without mapping to an actual consumer. Setting `credential_claim` to a claim [in your plugin configuration][credential-claim] will extract the value of that claim and use it where Kong would normally use a consumer ID. Note that this may not work with all consumer-related functionality.
+
+Similarly, setting `authenticated_groups_claim` will extract that claim's value and use it as a group for the ACL plugin.
+
+[okta-authorization-server]: https://developer.okta.com/docs/guides/customize-authz-server/create-authz-server/
+[okta-register-app]: https://developer.okta.com/docs/guides/add-an-external-idp/openidconnect/register-app-in-okta/
+[add-certificate]: /1.0.x/admin-api/#add-certificate
+[add-service]: /enterprise/{{page.kong_version}}/getting-started/add-service
+[credential-claim]: https://docs.konghq.com/hub/kong-inc/openid-connect/#configcredential_claim
+[enable-plugin]: /enterprise/{{page.kong_version}}/getting-started/enable-plugin/
diff --git a/app/enterprise/0.36-x/plugins/statsd.rules.yaml b/app/enterprise/0.36-x/plugins/statsd.rules.yaml
index d59063017be1..d5bdcc664e26 100644
--- a/app/enterprise/0.36-x/plugins/statsd.rules.yaml
+++ b/app/enterprise/0.36-x/plugins/statsd.rules.yaml
@@ -1,40 +1,4 @@
 mappings:
-# by API
-- match: kong.api.*.request.count
-  name: "kong_requests_proxy"
-  labels:
-    job: "kong_metrics"
-
-- match: kong.api.*.status.*
-  name: "kong_status_code"
-  action: drop
-
-- match: kong.api.*.kong_latency
-  name: "kong_latency_proxy_request"
-  timer_type: histogram
-  buckets: [1]
-  min_max: true
-  labels:
-    job: "kong_metrics"
-
-- match: kong.api.*.upstream_latency
-  name: "kong_latency_upstream"
-  timer_type: histogram
-  buckets: [1]
-  min_max: true
-  labels:
-    job: "kong_metrics"
-
-- match: kong.api.*.cache_datastore_hits_total
-  name: "kong_cache_datastore_hits_total"
-  labels:
-    job: "kong_metrics"
-
-- match: kong.api.*.cache_datastore_misses_total
-  name: "kong_cache_datastore_misses_total"
-  labels:
-    job: "kong_metrics"
-
 # by Service
 - match: kong.service.*.request.count
   name: "kong_requests_proxy"
diff --git a/app/enterprise/0.36-x/property-reference.md b/app/enterprise/0.36-x/property-reference.md
index 40e1d0b75c7e..08b30ea2a5e7 100644
--- a/app/enterprise/0.36-x/property-reference.md
+++ b/app/enterprise/0.36-x/property-reference.md
@@ -5,7 +5,8 @@ toc: false
 
 ## Table of Contents
 
-* [General](#general)
+* [Configuration Loading](#configuration-loading)
+* [General Properties](#general-properties)
 * [NGINX](#nginx)
 * [Datastore](#datastore)
 * [Datastore Cache](#datastore-cache)
@@ -21,7 +22,84 @@ toc: false
 * [Data & Admin Audit](#data-&-admin-audit)
 * [Granular Tracing](#granular-tracing)
 
-## General
+## Configuration Loading
+
+Kong comes with a default configuration file that can be found at
+`/etc/kong/kong.conf.default` if you installed Kong via one of the official
+packages. To start configuring Kong, you can copy this file:
+
+```bash
+$ cp /etc/kong/kong.conf.default /etc/kong/kong.conf
+```
+
+Kong will operate with default settings should all the values in your
+configuration be commented out. Upon starting, Kong looks for several
+default locations that might contain a configuration file:
+
+```
+/etc/kong/kong.conf
+/etc/kong.conf
+```
+
+You can override this behavior by specifying a custom path for your
+configuration file using the `-c / --conf` argument in the CLI:
+
+```bash
+$ kong start --conf /path/to/kong.conf
+```
+
+The configuration format is straightforward: simply uncomment any property
+(comments are defined by the `#` character) and modify it to your needs.
+Boolean values can be specified as `on`/`off` or `true`/`false` for convenience.
+
+### Verifying Configuration
+
+You can verify the integrity of your settings with the `check` command:
+
+```bash
+$ kong check <path/to/kong.conf>
+configuration at <path/to/kong.conf> is valid
+```
+
+This command will take into account the environment variables you have
+currently set, and will error out in case your settings are invalid.
+
+Additionally, you can also use the CLI in debug mode to have more insight
+as to what properties Kong is being started with:
+
+```bash
+$ kong start -c <kong.conf> --vv
+2016/08/11 14:53:36 [verbose] no config file found at /etc/kong.conf
+2016/08/11 14:53:36 [verbose] no config file found at /etc/kong/kong.conf
+2016/08/11 14:53:36 [debug] admin_listen = "0.0.0.0:8001"
+2016/08/11 14:53:36 [debug] database = "postgres"
+2016/08/11 14:53:36 [debug] log_level = "notice"
+[...]
+```
+
+### Environment Variables
+
+When loading properties out of a configuration file, Kong will also look for
+environment variables of the same name. This allows you to fully configure Kong
+via environment variables, which is very convenient for container-based
+infrastructures, for example.
+
+To override a setting using an environment variable, declare an environment
+variable with the name of the setting, prefixed with `KONG_` and capitalized.
+
+For example:
+
+```
+log_level = debug # in kong.conf
+```
+
+can be overridden with:
+
+```bash
+$ export KONG_LOG_LEVEL=error
+```
+
+## General Properties
 
 
 ### prefix
@@ -1832,6 +1910,16 @@ portal_emails_reply_to: noreply@example.com
 
 ⚠️ **IMPORTANT:** Some SMTP servers may require valid email addresses
 
+### portal_email_verification
+
+**Default:** `off`
+
+**Description:**
+
+When enabled Developers will receive an email upon registration to verify their account.  Developers will not be able to use the Developer Portal until they verify their account.
+
+**Note:** SMTP must be turned on in order to use this feature.
+
 
 ## Admin SMTP Configuration
 
diff --git a/app/enterprise/0.36-x/proxy.md b/app/enterprise/0.36-x/proxy.md
new file mode 100644
index 000000000000..ccdc9aa8cdf8
--- /dev/null
+++ b/app/enterprise/0.36-x/proxy.md
@@ -0,0 +1,1130 @@
+---
+title: Proxy Reference
+---
+
+## Introduction
+
+In this document we will cover Kong's **proxying capabilities**  by explaining
+its routing capabilities and internal workings in details.
+
+Kong exposes several interfaces which can be tweaked by two configuration
+properties:
+
+- `proxy_listen`, which defines a list of addresses/ports on which Kong will
+  accept **public traffic** from clients and proxy it to your upstream services
+  (`8000` by default).
+- `admin_listen`, which also defines a list of addresses and ports, but those
+  should be restricted to only be accessed by administrators, as they expose
+  Kong's configuration capabilities: the **Admin API** (`8001` by default).
+
+<div class="alert alert-warning">
+<p><strong>Note:</strong> Starting with Kong 1.0.0 and Kong Enterprise 0.35, the API entity has been removed.
+This document will cover proxying with the new Routes and
+Services entities.</p>
+<p>See an older version of this document if you are using 0.12 or
+below.</p>
+</div>
+
+## Terminology
+
+- `client`: Refers to the *downstream* client making requests to Kong's
+  proxy port.
+- `upstream service`: Refers to your own API/service sitting behind Kong, to
+  which client requests are forwarded.
+- `Service`: Service entities, as the name implies, are abstractions of each of
+  your own upstream services. Examples of Services would be a data
+  transformation microservice, a billing API, etc.
+- `Route`: This refers to the Kong Routes entity. Routes are entrypoints into
+  Kong, and defining rules for a request to be matched, and routed to a given
+  Service.
+- `Plugin`: This refers to Kong "plugins", which are pieces of business logic
+  that run in the proxying lifecycle. Plugins can be configured through the
+  Admin API - either globally (all incoming traffic) or on specific Routes
+  and Services.
+
+[Back to TOC](#table-of-contents)
+
+## Overview
+
+From a high-level perspective, Kong listens for HTTP traffic on its configured
+proxy port(s) (`8000` and `8443` by default). Kong will evaluate any incoming
+HTTP request against the Routes you have configured and try to find a matching
+one. If a given request matches the rules of a specific Route, Kong will
+process proxying the request. Because each Route is linked to a Service, Kong
+will run the plugins you have configured on your Route and its associated
+Service, and then proxy the request upstream.
+
+You can manage Routes via Kong's Admin API. The `hosts`, `paths`, and `methods`
+attributes of Routes define rules for matching incoming HTTP requests.
+
+If Kong receives a request that it cannot match against any of the configured
+Routes (or if no Routes are configured), it will respond with:
+
+```http
+HTTP/1.1 404 Not Found
+Content-Type: application/json
+Server: kong/<x.x.x>
+
+{
+    "message": "no route and no Service found with those values"
+}
+```
+
+[Back to TOC](#table-of-contents)
+
+## Reminder: How to configure a Service
+
+The [Configuring a Service][configuring-a-service] quickstart guide explains
+how Kong is configured via the [Admin API][API].
+
+Adding a Service to Kong is done by sending an HTTP request to the Admin API:
+
+```bash
+$ curl -i -X POST http://localhost:8001/services/ \
+    -d 'name=foo-service' \
+    -d 'url=http://foo-service.com'
+HTTP/1.1 201 Created
+...
+
+{
+    "connect_timeout": 60000,
+    "created_at": 1515537771,
+    "host": "foo-service.com",
+    "id": "d54da06c-d69f-4910-8896-915c63c270cd",
+    "name": "foo-service",
+    "path": "/",
+    "port": 80,
+    "protocol": "http",
+    "read_timeout": 60000,
+    "retries": 5,
+    "updated_at": 1515537771,
+    "write_timeout": 60000
+}
+```
+
+This request instructs Kong to register a Service named "foo-service", which
+points to `http://foo-service.com` (your upstream).
+
+**Note:** the `url` argument is a shorthand argument to populate the
+`protocol`, `host`, `port`, and `path` attributes at once.
+
+Now, in order to send traffic to this Service through Kong, we need to specify
+a Route, which acts as an entrypoint to Kong:
+
+```bash
+$ curl -i -X POST http://localhost:8001/routes/ \
+    -d 'hosts[]=example.com' \
+    -d 'paths[]=/foo' \
+    -d 'service.id=d54da06c-d69f-4910-8896-915c63c270cd'
+HTTP/1.1 201 Created
+...
+
+{
+    "created_at": 1515539858,
+    "hosts": [
+        "example.com"
+    ],
+    "id": "ee794195-6783-4056-a5cc-a7e0fde88c81",
+    "methods": null,
+    "paths": [
+        "/foo"
+    ],
+    "preserve_host": false,
+    "priority": 0,
+    "protocols": [
+        "http",
+        "https"
+    ],
+    "service": {
+        "id": "d54da06c-d69f-4910-8896-915c63c270cd"
+    },
+    "strip_path": true,
+    "updated_at": 1515539858
+}
+```
+
+We have now configured a Route to match incoming requests matching the given
+`hosts` and `paths`, and forward them to the `foo-service` we configured, thus
+proxying this traffic to `http://foo-service.com`.
+
+Kong is a transparent proxy, and it will by default forward the request to your
+upstream service untouched, with the exception of various headers such as
+`Connection`, `Date`, and others as required by the HTTP specifications.
+
+[Back to TOC](#table-of-contents)
+
+## Routes and matching capabilities
+
+Let's now discuss how Kong matches a request against the configured `hosts`,
+`paths` and `methods` properties (or fields) of a Route. Note that all three of
+these fields are **optional**, but at least **one of them** must be specified.
+
+For a request to match a Route:
+
+- The request **must** include **all** of the configured fields
+- The values of the fields in the request **must** match at least one of the
+  configured values (While the field configurations accepts one or more values,
+  a request needs only one of the values to be considered a match)
+
+Let's go through a few examples. Consider a Route configured like this:
+
+```json
+{
+    "hosts": ["example.com", "foo-service.com"],
+    "paths": ["/foo", "/bar"],
+    "methods": ["GET"]
+}
+```
+
+Some of the possible requests matching this Route would look like:
+
+```http
+GET /foo HTTP/1.1
+Host: example.com
+```
+
+```http
+GET /bar HTTP/1.1
+Host: foo-service.com
+```
+
+```http
+GET /foo/hello/world HTTP/1.1
+Host: example.com
+```
+
+All three of these requests satisfy all the conditions set in the Route
+definition.
+
+However, the following requests would **not** match the configured conditions:
+
+```http
+GET / HTTP/1.1
+Host: example.com
+```
+
+```http
+POST /foo HTTP/1.1
+Host: example.com
+```
+
+```http
+GET /foo HTTP/1.1
+Host: foo.com
+```
+
+All three of these requests satisfy only two of configured conditions. The
+first request's path is not a match for any of the configured `paths`, same for
+the second request's HTTP method, and the third request's Host header.
+
+Now that we understand how the `hosts`, `paths`, and `methods` properties work
+together, let's explore each property individually.
+
+[Back to TOC](#table-of-contents)
+
+### Request Host header
+
+Routing a request based on its Host header is the most straightforward way to
+proxy traffic through Kong, especially since this is the intended usage of the
+HTTP Host header. Kong makes it easy to do via the `hosts` field of the Route
+entity.
+
+`hosts` accepts multiple values, which must be comma-separated when specifying
+them via the Admin API:
+
+`hosts` accepts multiple values, which is straightforward to represent in a
+JSON payload:
+
+```bash
+$ curl -i -X POST http://localhost:8001/routes/ \
+    -H 'Content-Type: application/json' \
+    -d '{"hosts":["example.com", "foo-service.com"]}'
+HTTP/1.1 201 Created
+...
+```
+
+But since the Admin API also supports form-urlencoded content types, you
+can specify an array via the `[]` notation:
+
+```bash
+$ curl -i -X POST http://localhost:8001/routes/ \
+    -d 'hosts[]=example.com' \
+    -d 'hosts[]=foo-service.com'
+HTTP/1.1 201 Created
+...
+```
+
+To satisfy the `hosts` condition of this Route, any incoming request from a
+client must now have its Host header set to one of:
+
+```
+Host: example.com
+```
+
+or:
+
+```
+Host: foo-service.com
+```
+
+[Back to TOC](#table-of-contents)
+
+#### Using wildcard hostnames
+
+To provide flexibility, Kong allows you to specify hostnames with wildcards in
+the `hosts` field. Wildcard hostnames allow any matching Host header to satisfy
+the condition, and thus match a given Route.
+
+Wildcard hostnames **must** contain **only one** asterisk at the leftmost
+**or** rightmost label of the domain. Examples:
+
+- `*.example.com` would allow Host values such as `a.example.com` and
+  `x.y.example.com` to match.
+- `example.*` would allow Host values such as `example.com` and `example.org`
+  to match.
+
+A complete example would look like this:
+
+```json
+{
+    "hosts": ["*.example.com", "service.com"]
+}
+```
+
+Which would allow the following requests to match this Route:
+
+```http
+GET / HTTP/1.1
+Host: an.example.com
+```
+
+```http
+GET / HTTP/1.1
+Host: service.com
+```
+
+[Back to TOC](#table-of-contents)
+
+#### The `preserve_host` property
+
+When proxying, Kong's default behavior is to set the upstream request's Host
+header to the hostname specified in the Service's `host`. The
+`preserve_host` field accepts a boolean flag instructing Kong not to do so.
+
+For example, when the `preserve_host` property is not changed and a Route is
+configured like so:
+
+```json
+{
+    "hosts": ["service.com"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+A possible request from a client to Kong could be:
+
+```http
+GET / HTTP/1.1
+Host: service.com
+```
+
+Kong would extract the Host header value from the Service's `host` property, ,
+and would send the following upstream request:
+
+```http
+GET / HTTP/1.1
+Host: <my-service-host.com>
+```
+
+However, by explicitly configuring a Route with `preserve_host=true`:
+
+```json
+{
+    "hosts": ["service.com"],
+    "preserve_host": true,
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+And assuming the same request from the client:
+
+```http
+GET / HTTP/1.1
+Host: service.com
+```
+
+Kong would preserve the Host on the client request and would send the following
+upstream request instead:
+
+```http
+GET / HTTP/1.1
+Host: service.com
+```
+
+[Back to TOC](#table-of-contents)
+
+### Request path
+
+Another way for a Route to be matched is via request paths. To satisfy this
+routing condition, a client request's path **must** be prefixed with one of the
+values of the `paths` attribute.
+
+For example, with a Route configured like so:
+
+```json
+{
+    "paths": ["/service", "/hello/world"]
+}
+```
+
+The following requests would be matched:
+
+```http
+GET /service HTTP/1.1
+Host: example.com
+```
+
+```http
+GET /service/resource?param=value HTTP/1.1
+Host: example.com
+```
+
+```http
+GET /hello/world/resource HTTP/1.1
+Host: anything.com
+```
+
+For each of these requests, Kong detects that their URL path is prefixed with
+one of the Routes's `paths` values. By default, Kong would then proxy the
+request upstream without changing the URL path.
+
+When proxying with path prefixes, **the longest paths get evaluated first**.
+This allow you to define two Routes with two paths: `/service` and
+`/service/resource`, and ensure that the former does not "shadow" the latter.
+
+[Back to TOC](#table-of-contents)
+
+#### Using regexes in paths
+
+Kong supports regular expression pattern matching for an Route's `paths` field
+via [PCRE](http://pcre.org/) (Perl Compatible Regular Expression). You can
+assign paths as both prefixes and regexes to a Route at the same time.
+
+For example, if we consider the following Route:
+
+```json
+{
+    "paths": ["/users/\d+/profile", "/following"]
+}
+```
+
+The following requests would be matched by this Route:
+
+```http
+GET /following HTTP/1.1
+Host: ...
+```
+
+```http
+GET /users/123/profile HTTP/1.1
+Host: ...
+```
+
+The provided regexes are evaluated with the `a` PCRE flag (`PCRE_ANCHORED`),
+meaning that they will be constrained to match at the first matching point
+in the path (the root `/` character).
+
+[Back to TOC](#table-of-contents)
+
+##### Evaluation order
+
+As previously mentioned, Kong evaluates prefix paths by length: the longest
+prefix paths are evaluated first. However, Kong will evaluate regex paths based
+on the `regex_priority` attribute of Routes from highest priority to lowest.
+Regex paths are furthermore evaluated before prefix paths.
+
+Consider the following Routes:
+
+```json
+[
+    {
+        "paths": ["/status/\d+"],
+        "regex_priority": 0
+    },
+    {
+        "paths": ["/version/\d+/status/\d+"],
+        "regex_priority": 6
+    },
+    {
+        "paths": ["/version"],
+    },
+    {
+        "paths": ["/version/any/"],
+    }
+]
+```
+
+In this scenario, Kong will evaluate incoming requests against the following
+defined URIs, in this order:
+
+1. `/version/\d+/status/\d+`
+2. `/status/\d+`
+3. `/version/any/`
+4. `/version`
+
+Take care to avoid writing regex rules that are overly broad and may consume
+traffic intended for a prefix rule. Adding a rule with the path `/version/.*` to
+the ruleset above would likely consume some traffic intended for the `/version`
+prefix path. If you see unexpected behavior, sending `X-Kong-Debug: 1` in your
+request headers will indicate the matched Route ID in the response headers for
+troubleshooting purposes.
+
+As usual, a request must still match a Route's `hosts` and `methods` properties
+as well, and Kong will traverse your Routes until it finds one that [matches
+the most rules](#matching-priorities).
+
+[Back to TOC](#table-of-contents)
+
+##### Capturing groups
+
+Capturing groups are also supported, and the matched group will be extracted
+from the path and available for plugins consumption. If we consider the
+following regex:
+
+```
+/version/(?<version>\d+)/users/(?<user>\S+)
+```
+
+And the following request path:
+
+```
+/version/1/users/john
+```
+
+Kong will consider the request path a match, and if the overall Route is
+matched (considering the `hosts` and `methods` fields), the extracted capturing
+groups will be available from the plugins in the `ngx.ctx` variable:
+
+```lua
+local router_matches = ngx.ctx.router_matches
+
+-- router_matches.uri_captures is:
+-- { "1", "john", version = "1", user = "john" }
+```
+
+[Back to TOC](#table-of-contents)
+
+##### Escaping special characters
+
+Next, it is worth noting that characters found in regexes are often
+reserved characters according to
+[RFC 3986](https://tools.ietf.org/html/rfc3986) and as such,
+should be percent-encoded. **When configuring Routes with regex paths via the
+Admin API, be sure to URL encode your payload if necessary**. For example,
+with `curl` and using an `application/x-www-form-urlencoded` MIME type:
+
+```bash
+$ curl -i -X POST http://localhost:8001/routes \
+    --data-urlencode 'uris[]=/status/\d+'
+HTTP/1.1 201 Created
+...
+```
+
+Note that `curl` does not automatically URL encode your payload, and note the
+usage of `--data-urlencode`, which prevents the `+` character to be URL decoded
+and interpreted as a space ` ` by Kong's Admin API.
+
+[Back to TOC](#table-of-contents)
+
+#### The `strip_path` property
+
+It may be desirable to specify a path prefix to match a Route, but not
+include it in the upstream request. To do so, use the `strip_path` boolean
+property by configuring a Route like so:
+
+```json
+{
+    "paths": ["/service"],
+    "strip_path": true,
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+Enabling this flag instructs Kong that when matching this Route, and proceeding
+with the proxying to a Service, it should **not** include the matched part of
+the URL path in the upstream request's URL. For example, the following
+client's request to the above Route:
+
+```http
+GET /service/path/to/resource HTTP/1.1
+Host: ...
+```
+
+Will cause Kong to send the following upstream request:
+
+```http
+GET /path/to/resource HTTP/1.1
+Host: ...
+```
+
+The same way, if a regex path is defined on a Route that has `strip_path`
+enabled, the entirety of the request URL matching sequence will be stripped.
+Example:
+
+```json
+{
+    "paths": ["/version/\d+/service"],
+    "strip_path": true,
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+The following HTTP request matching the provided regex path:
+
+```http
+GET /version/1/service/path/to/resource HTTP/1.1
+Host: ...
+```
+
+Will be proxied upstream by Kong as:
+
+```http
+GET /path/to/resource HTTP/1.1
+Host: ...
+```
+
+[Back to TOC](#table-of-contents)
+
+### Request HTTP method
+
+The `methods` field allows matching the requests depending on their HTTP
+method.  It accepts multiple values. Its default value is empty (the HTTP
+method is not used for routing).
+
+The following Route allows routing via `GET` and `HEAD`:
+
+```json
+{
+    "methods": ["GET", "HEAD"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+Such a Route would be matched with the following requests:
+
+```http
+GET / HTTP/1.1
+Host: ...
+```
+
+```http
+HEAD /resource HTTP/1.1
+Host: ...
+```
+
+But it would not match a `POST` or `DELETE` request. This allows for much more
+granularity when configuring plugins on Routes. For example, one could imagine
+two Routes pointing to the same service: one with unlimited unauthenticated
+`GET` requests, and a second one allowing only authenticated and rate-limited
+`POST` requests (by applying the authentication and rate limiting plugins to
+such requests).
+
+[Back to TOC](#table-of-contents)
+
+## Matching priorities
+
+A Route may define matching rules based on its `hosts`, `paths`, and `methods`
+fields. For Kong to match an incoming request to a Route, all existing fields
+must be satisfied. However, Kong allows for quite some flexibility by allowing
+two or more Routes to be configured with fields containing the same values -
+when this occurs, Kong applies a priority rule.
+
+The rule is: **when evaluating a request, Kong will first try to match the
+Routes with the most rules**.
+
+For example, if two Routes are configured like so:
+
+```json
+{
+    "hosts": ["example.com"],
+    "service": {
+        "id": "..."
+    }
+},
+{
+    "hosts": ["example.com"],
+    "methods": ["POST"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+The second Route has a `hosts` field **and** a `methods` field, so it will be
+evaluated first by Kong. By doing so, we avoid the first Route "shadowing"
+calls intended for the second one.
+
+Thus, this request will match the first Route
+
+```http
+GET / HTTP/1.1
+Host: example.com
+```
+
+And this request will match the second one:
+
+```http
+POST / HTTP/1.1
+Host: example.com
+```
+
+Following this logic, if a third Route was to be configured with a `hosts`
+field, a `methods` field, and a `uris` field, it would be evaluated first by
+Kong.
+
+[Back to TOC](#table-of-contents)
+
+## Proxying behavior
+
+The proxying rules above detail how Kong forwards incoming requests to your
+upstream services. Below, we detail what happens internally between the time
+Kong *matches* an HTTP request with a registered Route, and the actual
+*forwarding* of the request.
+
+[Back to TOC](#table-of-contents)
+
+### 1. Load balancing
+
+Kong implements load balancing capabilities to distribute proxied
+requests across a pool of instances of an upstream service.
+
+You can find more information about configuring load balancing by consulting
+the [Load Balancing Reference][load-balancing-reference].
+
+[Back to TOC](#table-of-contents)
+
+### 2. Plugins execution
+
+Kong is extensible via "plugins" that hook themselves in the request/response
+lifecycle of the proxied requests. Plugins can perform a variety of operations
+in your environment and/or transformations on the proxied request.
+
+Plugins can be configured to run globally (for all proxied traffic) or on
+specific Routes and Services. In both cases, you must create a [plugin
+configuration][plugin-configuration-object] via the Admin API.
+
+Once a Route has been matched (and its associated Service entity), Kong will
+run plugins associated to either of those entities. Plugins configured on a
+Route run before plugins configured on a Service, but otherwise, the usual
+rules of [plugins association][plugin-association-rules] apply.
+
+These configured plugins will run their `access` phase, which you can find more
+information about in the [Plugin development guide][plugin-development-guide].
+
+[Back to TOC](#table-of-contents)
+
+### 3. Proxying & upstream timeouts
+
+Once Kong has executed all the necessary logic (including plugins), it is ready
+to forward the request to your upstream service. This is done via Nginx's
+[ngx_http_proxy_module][ngx-http-proxy-module]. You can configure the desired
+timeouts for the connection between Kong and a given upstream, via the following
+properties of a Service:
+
+- `upstream_connect_timeout`: defines in milliseconds the timeout for
+  establishing a connection to your upstream service. Defaults to `60000`.
+- `upstream_send_timeout`: defines in milliseconds a timeout between two
+  successive write operations for transmitting a request to your upstream
+  service.  Defaults to `60000`.
+- `upstream_read_timeout`: defines in milliseconds a timeout between two
+  successive read operations for receiving a request from your upstream
+  service.  Defaults to `60000`.
+
+Kong will send the request over HTTP/1.1, and set the following headers:
+
+- `Host: <your_upstream_host>`, as previously described in this document.
+- `Connection: keep-alive`, to allow for reusing the upstream connections.
+- `X-Real-IP: <remote_addr>`, where `$remote_addr` is the variable bearing
+  the same name provided by
+  [ngx_http_core_module][ngx-remote-addr-variable]. Please note that the
+  `$remote_addr` is likely overridden by
+  [ngx_http_realip_module][ngx-http-realip-module].
+- `X-Forwarded-For: <address>`, where `<address>` is the content of
+  `$realip_remote_addr` provided by
+  [ngx_http_realip_module][ngx-http-realip-module] appended to the request
+  header with the same name.
+- `X-Forwarded-Proto: <protocol>`, where `<protocol>` is the protocol used by
+  the client. In the case where `$realip_remote_addr` is one of the **trusted**
+  addresses, the request header with the same name gets forwarded if provided.
+  Otherwise, the value of the `$scheme` variable provided by
+  [ngx_http_core_module][ngx-scheme-variable] will be used.
+- `X-Forwarded-Host: <host>`, where `<host>` is the host name sent by
+  the client. In the case where `$realip_remote_addr` is one of the **trusted**
+  addresses, the request header with the same name gets forwarded if provided.
+  Otherwise, the value of the `$host` variable provided by
+  [ngx_http_core_module][ngx-host-variable] will be used.
+- `X-Forwarded-Port: <port>`, where `<port>` is the port of the server which
+  accepted a request. In the case where `$realip_remote_addr` is one of the
+  **trusted** addresses, the request header with the same name gets forwarded
+  if provided. Otherwise, the value of the `$server_port` variable provided by
+  [ngx_http_core_module][ngx-server-port-variable] will be used.
+
+All the other request headers are forwarded as-is by Kong.
+
+One exception to this is made when using the WebSocket protocol. If so, Kong
+will set the following headers to allow for upgrading the protocol between the
+client and your upstream services:
+
+- `Connection: Upgrade`
+- `Upgrade: websocket`
+
+More information on this topic is covered in the
+[Proxy WebSocket traffic][proxy-websocket] section.
+
+[Back to TOC](#table-of-contents)
+
+### 4. Errors & retries
+
+Whenever an error occurs during proxying, Kong will use the underlying
+Nginx [retries][ngx-http-proxy-retries] mechanism to pass the request on to
+the next upstream.
+
+There are two configurable elements here:
+
+1. The number of retries: this can be configured per Service using the
+   `retries` property. See the [Admin API][API] for more details on this.
+
+2. What exactly constitutes an error: here Kong uses the Nginx defaults, which
+   means an error or timeout occurring while establishing a connection with the
+   server, passing a request to it, or reading the response headers.
+
+The second option is based on Nginx's
+[proxy_next_upstream][proxy_next_upstream] directive. This option is not
+directly configurable through Kong, but can be added using a custom Nginx
+configuration. See the [configuration reference][configuration-reference] for
+more details.
+
+[Back to TOC](#table-of-contents)
+
+### 5. Response
+
+Kong receives the response from the upstream service and sends it back to the
+downstream client in a streaming fashion. At this point Kong will execute
+subsequent plugins added to the Route and/or Service that implement a hook in
+the `header_filter` phase.
+
+Once the `header_filter` phase of all registered plugins has been executed, the
+following headers will be added by Kong and the full set of headers be sent to
+the client:
+
+- `Via: kong/x.x.x`, where `x.x.x` is the Kong version in use
+- `X-Kong-Proxy-Latency: <latency>`, where `latency` is the time in milliseconds
+  between Kong receiving the request from the client and sending the request to
+  your upstream service.
+- `X-Kong-Upstream-Latency: <latency>`, where `latency` is the time in
+  milliseconds that Kong was waiting for the first byte of the upstream service
+  response.
+
+Once the headers are sent to the client, Kong will start executing
+registered plugins for the Route and/or Service that implement the
+`body_filter` hook. This hook may be called multiple times, due to the
+streaming nature of Nginx. Each chunk of the upstream response that is
+successfully processed by such `body_filter` hooks is sent back to the client.
+You can find more information about the `body_filter` hook in the [Plugin
+development guide][plugin-development-guide].
+
+[Back to TOC](#table-of-contents)
+
+## Configuring a fallback Route
+
+As a practical use-case and example of the flexibility offered by Kong's
+proxying capabilities, let's try to implement a "fallback Route", so that in
+order to avoid Kong responding with an HTTP `404`, "no route found", we can
+catch such requests and proxy them to a special upstream service, or apply a
+plugin to it (such a plugin could, for example, terminate the request with a
+different status code or response without proxying the request).
+
+Here is an example of such a fallback Route:
+
+```json
+{
+    "paths": ["/"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+As you can guess, any HTTP request made to Kong would actually match this
+Route, since all URIs are prefixed by the root character `/`. As we know from
+the [Request path][proxy-request-path] section, the longest URL paths are
+evaluated first by Kong, so the `/` path will eventually be evaluated last by
+Kong, and effectively provide a "fallback" Route, only matched as a last
+resort. You can then send traffic to a special Service or apply any plugin you
+wish on this Route.
+
+[Back to TOC](#table-of-contents)
+
+## Configuring SSL for a Route
+
+Kong provides a way to dynamically serve SSL certificates on a per-connection
+basis. SSL certificates are directly handled by the core, and configurable via
+the Admin API. Clients connecting to Kong over TLS must support the [Server
+Name Indication][SNI] extension to make use of this feature.
+
+SSL certificates are handled by two resources in the Kong Admin API:
+
+- `/certificates`, which stores your keys and certificates.
+- `/snis`, which associates a registered certificate with a Server Name
+  Indication.
+
+You can find the documentation for those two resources in the
+[Admin API Reference][API].
+
+Here is how to configure an SSL certificate on a given Route: first, upload
+your SSL certificate and key via the Admin API:
+
+```bash
+$ curl -i -X POST http://localhost:8001/certificates \
+    -F "cert=@/path/to/cert.pem" \
+    -F "key=@/path/to/cert.key" \
+    -F "snis=*.ssl-example.com,other-ssl-example.com"
+HTTP/1.1 201 Created
+...
+```
+
+The `snis` form parameter is a sugar parameter, directly inserting an SNI and
+associating the uploaded certificate to it.
+
+Note that one of the SNI names defined in `snis` above contains a wildcard
+(`*.ssl-example.com`). An SNI may contain a single wildcard in the leftmost (prefix) or
+rightmost (suffix) postion. This can be useful when maintaining multiple subdomains. A
+single `sni` configured with a wildcard name can be used to match multiple 
+subdomains, instead of creating an SNI for each. 
+
+Valid wildcard positions are `mydomain.*`, `*.mydomain.com`, and `*.www.mydomain.com`.
+
+Matching of `snis` respects the following priority:
+
+ 1. plain (no wildcard)
+ 2. prefix
+ 3. suffix
+
+You must now register the following Route within Kong. We will match requests
+to this Route using only the Host header for convenience:
+
+```bash
+$ curl -i -X POST http://localhost:8001/routes \
+    -d 'hosts=prefix.ssl-example.com,other-ssl-example.com' \
+    -d 'service.id=d54da06c-d69f-4910-8896-915c63c270cd'
+HTTP/1.1 201 Created
+...
+```
+
+You can now expect the Route to be served over HTTPS by Kong:
+
+```bash
+$ curl -i https://localhost:8443/ \
+  -H "Host: prefix.ssl-example.com"
+HTTP/1.1 200 OK
+...
+```
+
+When establishing the connection and negotiating the SSL handshake, if your
+client sends `prefix.ssl-example.com` as part of the SNI extension, Kong will serve
+the `cert.pem` certificate previously configured.
+
+[Back to TOC](#table-of-contents)
+
+### Restricting the client protocol (HTTP/HTTPS/TCP/TLS)
+
+Routes have a `protocols` property to restrict the client protocol they should
+listen for. This attribute accepts a set of values, which can be `"http"`,
+`"https"`, `"tcp"` or `"tls"`.
+
+A Route with `http` and `https` will accept traffic in both protocols.
+
+```json
+{
+    "hosts": ["..."],
+    "paths": ["..."],
+    "methods": ["..."],
+    "protocols": ["http", "https"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+Not specifying any protocol has the same effect, since routes default to
+`["http", "https"]`.
+
+However, a Route with *only* `https` would _only_ accept traffic over HTTPS. It
+would _also_ accept unencrypted traffic _if_ SSL termination previously
+occurred from a trusted IP. SSL termination is considered valid when the
+request comes from one of the configured IPs in
+[trusted_ips][configuration-trusted-ips] and if the `X-Forwarded-Proto: https`
+header is set:
+
+```json
+{
+    "hosts": ["..."],
+    "paths": ["..."],
+    "methods": ["..."],
+    "protocols": ["https"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+If a Route such as the above matches a request, but that request is in
+plain-text without valid prior SSL termination, Kong responds with:
+
+```http
+HTTP/1.1 426 Upgrade Required
+Content-Type: application/json; charset=utf-8
+Transfer-Encoding: chunked
+Connection: Upgrade
+Upgrade: TLS/1.2, HTTP/1.1
+Server: kong/x.y.z
+
+{"message":"Please use HTTPS protocol"}
+```
+
+Since Kong 1.0 and Kong Enterprise 0.35, it's possible to create routes for raw TCP (not necessarily HTTP)
+connections by using `"tcp"` in the `protocols` attribute:
+
+```json
+{
+    "hosts": ["..."],
+    "paths": ["..."],
+    "methods": ["..."],
+    "protocols": ["tcp"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+Similarly, we can create routes which accept raw TLS traffic (not necessarily HTTPS) with
+the `"tls"` value:
+
+```json
+{
+    "hosts": ["..."],
+    "paths": ["..."],
+    "methods": ["..."],
+    "protocols": ["tls"],
+    "service": {
+        "id": "..."
+    }
+}
+```
+
+A Route with *only* `TLS` would _only_ accept traffic over TLS.
+
+It is also possible to accept both TCP and TLS simultaneously:
+
+```
+{
+    "hosts": ["..."],
+    "paths": ["..."],
+    "methods": ["..."],
+    "protocols": ["tcp", "tls"],
+    "service": {
+        "id": "..."
+    }
+}
+
+```
+
+
+[Back to TOC](#table-of-contents)
+
+## Proxy WebSocket traffic
+
+Kong supports WebSocket traffic thanks to the underlying Nginx implementation.
+When you wish to establish a WebSocket connection between a client and your
+upstream services *through* Kong, you must establish a WebSocket handshake.
+This is done via the HTTP Upgrade mechanism. This is what your client request
+made to Kong would look like:
+
+```http
+GET / HTTP/1.1
+Connection: Upgrade
+Host: my-websocket-api.com
+Upgrade: WebSocket
+```
+
+This will make Kong forward the `Connection` and `Upgrade` headers to your
+upstream service, instead of dismissing them due to the hop-by-hop nature of a
+standard HTTP proxy.
+
+[Back to TOC](#table-of-contents)
+
+### WebSocket and TLS
+
+Kong will accept `ws` and `wss` connections on its respective `http` and
+`https` ports. To enforce TLS connections from clients, set the `protocols`
+property of the [Route][route-entity] to `https` only.
+
+When setting up the [Service][service-entity] to point to your upstream
+WebSocket service, you should carefully pick the protocol you want to use
+between Kong and the upstream. If you want to use TLS (`wss`), then the
+upstream WebSocket service must be defined using the `https` protocol in the
+Service `protocol` property, and the proper port (usually 443). To connect
+without TLS (`ws`), then the `http` protocol and port (usually 80) should be
+used in `protocol` instead.
+
+If you want Kong to terminate SSL/TLS, you can accept `wss` only from the
+client, but proxy to the upstream service over plain text, or `ws`.
+
+[Back to TOC](#table-of-contents)
+
+## Conclusion
+
+Through this guide, we hope you gained knowledge of the underlying proxying
+mechanism of Kong, from how does a request match a Route to be routed to its
+associated Service, on to how to allow for using the WebSocket protocol or
+setup dynamic SSL certificates.
+
+This website is Open-Source and can be found at
+[github.com/Kong/docs.konghq.com](https://github.com/Kong/docs.konghq.com/).
+Feel free to provide feedback to this document there, or propose improvements!
+
+If you haven't already, we suggest that you also read the [Load balancing
+Reference][load-balancing-reference], as it closely relates to the topic we
+just covered.
+
+[Back to TOC](#table-of-contents)
+
+[plugin-configuration-object]: /enterprise/{{page.kong_version}}/admin-api#plugin-object
+[plugin-development-guide]: /enterprise/{{page.kong_version}}/plugin-development
+[plugin-association-rules]: /enterprise/{{page.kong_version}}/admin-api/#precedence
+[load-balancing-reference]: /enterprise/{{page.kong_version}}/loadbalancing
+[configuration-reference]: /enterprise/{{page.kong_version}}/property-reference-reference
+[configuration-trusted-ips]: /enterprise/{{page.kong_version}}/property-reference/#trusted_ips
+[configuring-a-service]: /enterprise/{{page.kong_version}}/getting-started/add-service
+[API]: /enterprise/{{page.kong_version}}/admin-api
+[service-entity]: /enterprise/{{page.kong_version}}/admin-api/#add-service
+[route-entity]: /enterprise/{{page.kong_version}}/admin-api/#add-route
+
+[ngx-http-proxy-module]: http://nginx.org/en/docs/http/ngx_http_proxy_module.html
+[ngx-http-realip-module]: http://nginx.org/en/docs/http/ngx_http_realip_module.html
+[ngx-remote-addr-variable]: http://nginx.org/en/docs/http/ngx_http_core_module.html#var_remote_addr
+[ngx-scheme-variable]: http://nginx.org/en/docs/http/ngx_http_core_module.html#var_scheme
+[ngx-host-variable]: http://nginx.org/en/docs/http/ngx_http_core_module.html#var_host
+[ngx-server-port-variable]: http://nginx.org/en/docs/http/ngx_http_core_module.html#var_server_port
+[ngx-http-proxy-retries]: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream_tries
+[SNI]: https://en.wikipedia.org/wiki/Server_Name_Indication
diff --git a/app/enterprise/0.36-x/secure-admin-api.md b/app/enterprise/0.36-x/secure-admin-api.md
new file mode 100644
index 000000000000..8986a17b7116
--- /dev/null
+++ b/app/enterprise/0.36-x/secure-admin-api.md
@@ -0,0 +1,159 @@
+---
+title: Securing the Admin API
+---
+
+## Introduction
+
+Kong's Admin API provides a RESTful interface for administration and
+configuration of Services, Routes, Plugins, Consumers, and Credentials. Because this
+API allows full control of Kong, it is important to secure this API against
+unwanted access. This document describes a few possible approaches to securing
+the Admin API.
+
+## Network Layer Access Restrictions
+
+### Minimal Listening Footprint
+
+By default since its 0.12.0 release, Kong will only accept requests from the
+local interface, as specified in its default `admin_listen` value:
+
+```
+admin_listen = 127.0.0.1:8001
+```
+
+If you change this value, always ensure to keep the listening footprint to a
+minimum, in order to avoid exposing your Admin API to third-parties, which
+could seriously compromise the security of your Kong cluster as a whole.
+For example, **avoid binding Kong to all of your interfaces**, by using
+values such as `0.0.0.0:8001`.
+
+[Back to TOC](#table-of-contents)
+
+### Layer 3/4 Network Controls
+
+In cases where the Admin API must be exposed beyond a localhost interface,
+network security best practices dictate that network-layer access be restricted
+as much as possible. Consider an environment in which Kong listens on a private
+network interface, but should only be accessed by a small subset of an IP range.
+In such a case, host-based firewalls (e.g. iptables) are useful in limiting
+input traffic ranges. For example:
+
+
+```bash
+# assume that Kong is listening on the address defined below, as defined as a
+# /24 CIDR block, and only a select few hosts in this range should have access
+
+$ grep admin_listen /etc/kong/kong.conf
+admin_listen 10.10.10.3:8001
+
+# explicitly allow TCP packets on port 8001 from the Kong node itself
+# this is not necessary if Admin API requests are not sent from the node
+$ iptables -A INPUT -s 10.10.10.3 -m tcp -p tcp --dport 8001 -j ACCEPT
+
+# explicitly allow TCP packets on port 8001 from the following addresses
+$ iptables -A INPUT -s 10.10.10.4 -m tcp -p tcp --dport 8001 -j ACCEPT
+$ iptables -A INPUT -s 10.10.10.5 -m tcp -p tcp --dport 8001 -j ACCEPT
+
+# drop all TCP packets on port 8001 not in the above IP list
+$ iptables -A INPUT -m tcp -p tcp --dport 8001 -j DROP
+
+```
+
+Additional controls, such as similar ACLs applied at a network device level, are
+encouraged, but fall outside the scope of this document.
+
+[Back to TOC](#table-of-contents)
+
+## Kong API Loopback
+
+Kong's routing design allows it to serve as a proxy for the Admin API itself. In
+this manner, Kong itself can be used to provide fine-grained access control to
+the Admin API. Such an environment requires bootstrapping a new Service that defines
+the `admin_listen` address as the Service's `url`. For example:
+
+```bash
+# assume that Kong has defined admin_listen as 127.0.0.1:8001, and we want to
+# reach the Admin API via the url `/admin-api`
+
+$ curl -X POST http://localhost:8001/services \
+  --data name=admin-api \
+  --data host=localhost \
+  --data port=8001
+
+$ curl -X POST http://localhost:8001/services/admin-api/routes \
+  --data paths[]=/admin-api
+
+# we can now transparently reach the Admin API through the proxy server
+$ curl localhost:8000/admin-api/apis
+{
+   "data":[
+      {
+         "uris":[
+            "\/admin-api"
+         ],
+         "id":"653b21bd-4d81-4573-ba00-177cc0108dec",
+         "upstream_read_timeout":60000,
+         "preserve_host":false,
+         "created_at":1496351805000,
+         "upstream_connect_timeout":60000,
+         "upstream_url":"http:\/\/localhost:8001",
+         "strip_uri":true,
+         "https_only":false,
+         "name":"admin-api",
+         "http_if_terminated":true,
+         "upstream_send_timeout":60000,
+         "retries":5
+      }
+   ],
+   "total":1
+}
+```
+
+From here, simply apply desired Kong-specific security controls (such as
+[basic][basic-auth] or [key authentication][key-auth],
+[IP restrictions][ip-restriction], or [access control lists][acl]) as you would
+normally to any other Kong API.
+
+[Back to TOC](#table-of-contents)
+
+## Custom Nginx Configuration
+
+Kong is tightly coupled with Nginx as an HTTP daemon, and can thus be integrated
+into environments with custom Nginx configurations. In this manner, use cases
+with complex security/access control requirements can use the full power of
+Nginx/OpenResty to build server/location blocks to house the Admin API as
+necessary. This allows such environments to leverage native Nginx authorization
+and authentication mechanisms, ACL modules, etc., in addition to providing the
+OpenResty environment on which custom/complex security controls can be built.
+
+For more information on integrating Kong into custom Nginx configurations, see
+[Custom Nginx configuration & embedding Kong][custom-configuration].
+
+[Back to TOC](#table-of-contents)
+
+## Role Based Access Control ##
+
+<div class="alert alert-warning">
+  <strong>Enterprise-Only</strong> This feature is only available with an
+  Enterprise Subscription.
+</div>
+
+Enterprise users can configure role-based access control to secure access to the
+Admin API. RBAC allows for fine-grained control over resource access based on
+a model of user roles and permissions. Users are assigned to one or more roles,
+which each in turn possess one or more permissions granting or denying access
+to a particular resource. In this way, fine-grained control over specific Admin
+API resources can be enforced, while scaling to allow complex, case-specific
+uses.
+
+If you are not a Kong Enterprise customer, you can inquire about our
+Enterprise offering by [contacting us](/enterprise).
+
+[Back to TOC](#table-of-contents)
+
+
+[acl]: /plugins/acl
+[basic-auth]: /plugins/basic-authentication/
+[custom-configuration]: /enterprise/{{page.kong_version}}/property-reference/#custom-nginx-configuration
+[ip-restriction]: /plugins/ip-restriction
+[key-auth]: /plugins/key-authentication
diff --git a/app/enterprise/changelog.md b/app/enterprise/changelog.md
index 98af0e0091cd..ea06d28b3434 100644
--- a/app/enterprise/changelog.md
+++ b/app/enterprise/changelog.md
@@ -6,71 +6,209 @@ layout: changelog
 ## 0.36-2
 **Release Date:** 2019/8/30
 
-### Notifications
-- **Kong Enterprise 0.36** inherits from **Kong 1.2.1**; read the
-[Kong Changelog](https://github.com/Kong/kong/blob/1.3.0rc1/CHANGELOG.md#121)
-for details.
-
 ### Features
 
 #### Dev Portal
-  - Add `custom_id` field to developers to allow easier mapping 
+- Adds `custom_id` field to developers to allow easier mapping 
 
 #### Plugins
-  - **Request-transformer**
-    - Allow rendering values from kong.ctx.shared
+- **Request-transformer**
+  - Allows rendering values from kong.ctx.shared
 
 ### Fixes
 
 #### Plugins
-  - **Rate Limiting Advanced**
-    - Fix an issue where user failed to import Rate Limiting Advanced
-    declarative YAML file via `kong config db_import`
+- **Rate Limiting Advanced**
+  - Fixes an issue where user failed to import Rate Limiting Advanced
+  declarative YAML file via `kong config db_import`
 
 #### Core
-  - **Workspaces**
-    - Fix and issue where user can rename a workspace with `PUT` request
-  - **Migrations**
-    - Fix an issue where migration from 0.35-x to 0.36-x making plugin `protocols`
-    field mandtory durin `PATCH` request.
-    - Fix an issue where unique fields of entites are not migrated properly when
-    migrating from Kong CE to EE using CLI `kong migrations migrate-community-to-enterprise`
-  - **Vitals**
-    - Fix an issue where Kong fails to remove old stats table when they are not part of public
-    schema 
-  
+- **Workspaces**
+  - Fixes an issue where user can rename a workspace with `PUT` request
+- **Migrations**
+  - Fixes an issue where migration from 0.35-x to 0.36-x making plugin `protocols`
+  field mandtory durin `PATCH` request.
+  - Fixes an issue where unique fields of entites are not migrated properly when
+  migrating from Kong CE to EE using CLI `kong migrations migrate-community-to-enterprise`
+- **Vitals**
+  - Fixes an issue where Kong fails to remove old stats table when they are not part of public
+  schema 
+
 
 ## 0.36-1
 **Release Date:** 2019/8/19
 
-### Notifications
-- **Kong Enterprise 0.36** inherits from **Kong 1.2.1**; read the
-[Kong Changelog](https://github.com/Kong/kong/blob/1.3.0rc1/CHANGELOG.md#121)
-for details.
-
 ### Fixes
 
-- Fixes for NGINX CVEs: [CVE-2018-16843](https://nvd.nist.gov/vuln/detail/CVE-2018-16843), [CVE-2018-16844](https://nvd.nist.gov/vuln/detail/CVE-2018-16844), [CVE-2019-9511](https://nvd.nist.gov/vuln/detail/CVE-2019-9511), [CVE-2019-9513](https://nvd.nist.gov/vuln/detail/CVE-2019-9513), and [CVE-2019-9516](https://nvd.nist.gov/vuln/detail/CVE-2019-9516)
-- Fix: Enterprise will not start if configured with a stream listen directive
-- Fix: LuaPath not correctly configured and prevents use of Luarocks
-
+- Fixes NGINX CVEs:
+  * [CVE-2018-16843](https://nvd.nist.gov/vuln/detail/CVE-2018-16843)
+  * [CVE-2018-16844](https://nvd.nist.gov/vuln/detail/CVE-2018-16844)
+  * [CVE-2019-9511](https://nvd.nist.gov/vuln/detail/CVE-2019-9511)
+  * [CVE-2019-9513](https://nvd.nist.gov/vuln/detail/CVE-2019-9513)
+  * [CVE-2019-9516](https://nvd.nist.gov/vuln/detail/CVE-2019-9516)
+- Fixes issue in which Enterprise will not start if configured with a stream listen directive
+- Fixes issue in which LuaPath is not correctly configured and prevents use of Luarocks
 
 ## 0.36
-**Release Date:** 2019/8/5
 
-### Notifications
-- **Kong Enterprise 0.36** inherits from **Kong 1.2.1**; read the
-[Kong Changelog](https://github.com/Kong/kong/blob/1.3.0rc1/CHANGELOG.md#121)
-for details.
+**Release Date:** 2019/8/5
 
 ### Features
 
+##### Core
+
+- Support for **wildcard SNI matching**: the
+  `ssl_certificate_by_lua` phase and the stream `preread` phase) is now able to
+  match a client hello SNI against any registered wildcard SNI. This is
+  particularly helpful for deployments serving a certificate for multiple
+  subdomains.
+- **HTTPS Routes can now be matched by SNI**: the `snis` Route
+  attribute (previously only available for `tls` Routes) can now be set for
+  `https` Routes and is evaluated by the HTTP router.
+- **Native support for HTTPS redirects**: Routes have a new
+  `https_redirect_status_code` attribute specifying the status code to send
+  back to the client if a plain text request was sent to an `https` Route.
+- Schema fields can now be marked as immutable.
+- Support for loading custom DAO strategies from plugins.
+- Support for IPv6 to `tcp` and `tls` Routes.
+- **Transparent proxying** - the `service` attribute on
+  Routes is now optional; a Route without an assigned Service will
+  proxy transparently
+- Support for **tags** in entities
+  - Every core entity now adds a `tags` field
+- New `protocols` field in the Plugin entity, allowing plugin instances
+  to be set for specific protocols only (`http`, `https`, `tcp` or `tls`).
+  - It filters out plugins during execution according to their `protocols` field
+  - It throws an error when trying to associate a Plugin to a Route
+    which is not compatible, protocols-wise, or to a Service with no
+    compatible routes.
+
+##### Configuration
+
+- **Asynchronous router updates**: a new configuration property
+  `router_consistency` accepts two possible values: `strict` and `eventual`.
+  The former is the default setting and makes router rebuilds highly
+  consistent between Nginx workers. It can result in long tail latency if
+  frequent Routes and Services updates are expected. The latter helps
+  preventing long tail latency issues by instructing Kong to rebuild the router
+  asynchronously (with eventual consistency between Nginx workers).
+- **Database cache warmup**: Kong can now preload entities during
+  its initialization. A new configuration property (`db_cache_warmup_entities`)
+  was introduced, allowing users to specify which entities should be preloaded.
+  DB cache warmup allows for ahead-of-time DNS resolution for Services with a
+  hostname. This feature reduces first requests latency, improving the overall
+  P99 latency tail.
+- Improved PostgreSQL connection management: two new configuration properties
+  have been added: `pg_max_concurrent_queries` sets the maximum number of
+  concurrent queries to the database, and `pg_semaphore_timeout` allows for
+  tuning the timeout when acquiring access to a database connection. The
+  default behavior remains the same, with no concurrency limitation.
+- New option in `kong.conf`: `pg_schema` to specify Postgres schema
+  to be used
+- The Stream subsystem now supports Nginx directive injections
+  - `nginx_stream_*` (or `KONG_NGINX_STREAM_*` environment variables)
+    for injecting entries to the `stream` block
+  - `nginx_sproxy_*` (or `KONG_NGINX_SPROXY_*` environment variables)
+    for injecting entries to the `server` block inside `stream`
+
+##### Admin API
+
+- Add a **schema validation endpoint for entities**: a new
+  endpoint `/schemas/:entity_name/validate` can be used to validate an instance
+  of any entity type in Kong without creating the entity itself.
+- Add **memory statistics** to the `/status` endpoint. The response
+  now includes a `memory` field, which contains the `lua_shared_dicts` and
+  `workers_lua_vms` fields with statistics on shared dictionaries and workers
+  Lua VM memory usage.
+  - When using the new `database=off` configuration option,
+    the Admin API endpoints for entities (such as `/routes` and
+    `/services`) are read-only, since the configuration can only
+    be updated via `/config`
+- Admin API endpoints now support searching by tag
+  (for example, `/consumers?tags=example_tag`)
+  - You can search by multiple tags:
+     - `/services?tags=serv1,mobile` to search for services matching tags `serv1` and `mobile`
+     - `/services?tags=serv1/serv2` to search for services matching tags `serv1` or `serv2`
+- New Admin API endpoint `/tags/` for listing entities by tag: `/tags/example_tag`
+
+##### PDK
+
+- New function `kong.node.get_memory_stats()`. This function returns statistics
+  on shared dictionaries and workers Lua VM memory usage, and powers the memory
+  statistics newly exposed by the `/status` endpoint.
+- New PDK function: `kong.client.get_protocol` for obtaining the protocol
+  in use during the current request
+- New PDK function: `kong.nginx.get_subsystem`, so plugins can detect whether
+  they are running on the HTTP or Stream subsystem
+
+#### Plugins
+
+- Logging plugins: log request TLS version, cipher, and verification status.
+- Plugin development: inheriting from `BasePlugin` is now optional. Avoiding
+  the inheritance paradigm improves plugins' performance.
+- Support for ACL **authenticated groups**, so that authentication plugins
+  that use a 3rd party (other than Kong) to store credentials can benefit
+  from using a central ACL plugin to do authorization for them.
+- The Kubernetes Sidecar Injection plugin is now bundled into Kong for a 
+  smoother K8s experience.
+- AWS Lambda now includes the AWS China region.
+
+#### CLI
+
+- **Bulk database import** using the same declarative
+  configuration format as the in-memory mode, using the new command:
+  `kong config db_import kong.yml`. This command upserts all
+  entities specified in the given `kong.yml` file in bulk
+- New command: `kong config init` to generate a template `kong.yml`
+  file to get you started
+- New command: `kong config parse kong.yml` to verify the syntax of
+  the `kong.yml` file before using it
+- New option `--wait` in `kong quit` to ease graceful termination when using orchestration tools.
+
+### Fixes
+
 #### Core
 
-- Adds support for [`db_cache_warmup_entities`](/1.2.x/configuration/#db_cache_warmup_entities), 
-which allows Kong to pre-load all necessary entries into Kong nodes' memory on start.
+- Resolve hostnames properly during initialization of Cassandra contact points
+- Fix health checks for Targets that need two-level DNS resolution
+  (e.g. SRV → A → IP)
+- Fix serialization of map types in the Cassandra backend
+- Fix target cleanup and cascade-delete for Targets
+- Avoid crash when failing to obtain list of Upstreams
+- Disallow invalid timeout value of 0ms for attributes in Services
+- DAO fix for foreign fields used as primary keys
+- Cassandra: ensures serial consistency is `LOCAL_SERIAL` when a
+  datacenter-aware load balancing policy is in use. This fixes unavailability
+  exceptions sometimes experienced when connecting to a multi-datacenter
+  cluster with cross-datacenter connectivity issues.
+- Schemas: fixes an issue in the schema validator that would not allow specifying
+  `false` in some schema rules, such a `{ type = "boolean", eq = false }`.
+- Fixes an underlying issue with regards to database entities cache keys
+  generation.
+- Ensure the migration path for Cassandra does not corrupt the
+  database schema.
+- Allow the `kong config init` command to run without a pointing to a prefix
+  directory.
+- Adds support for [`db_cache_warmup_entities`](/enterprise/0.36-x/property-reference/#db_cache_warmup_entities), 
+  which allows Kong to pre-load all necessary entries into Kong nodes' memory on start.
 - Provides support in declarative configuration for **Workspaces** and **RBAC**.
 - Provides support for the Redis Cluster library.
+- Active healthchecks: `http` checks are not performed for `tcp` and `tls`
+  Services anymore; only `tcp` healthchecks are performed against such
+  Services.
+- Fix an issue where updates in migrations would not correctly populate default
+  values.
+- Improvements in the reentrancy of Cassandra migrations.
+- Fix an issue causing the PostgreSQL strategy to not bootstrap the schema when
+  using a PostgreSQL account with limited permissions.
+- Address issue where field type "record" nested values reset on update
+- Correctly manage primary keys of type "foreign"
+
+#### Admin API
+
+- Proper support for `PUT /{entities}/{entity}/plugins/{plugin}`
+- Fix Admin API inferencing of map types using form-encoded
+- Accept UUID-like values in `/consumers?custom_id=`
 
 #### Dev Portal
 
@@ -100,10 +238,30 @@ requesting access to a Dev Portal.
   - New `custom_claims_forward` configuration list of additional claims. The 
   **introspection endpoint request** will return this list to forward as headers 
   to the **upstream service request**.
-
-
-
-### Fixes
+- basic-auth, ldap-auth, key-auth, jwt, hmac-auth: fixed
+  status code for unauthorized requests: they now return HTTP 401
+  instead of 403
+- tcp-log: remove spurious trailing carriage return
+- jwt: fix `typ` handling for supporting JOSE (JSON Object
+  Signature and Validation)
+- Fixes to the best-effort auto-converter for legacy plugin schemas
+- Ensures the `cassandra_local_datacenter` configuration property is specified
+  when a datacenter-aware Cassandra load balancing policy is in use.
+- request-transformer: fixes an issue that would prevent adding a body to
+  requests without one.
+- kubernetes-sidecar-injector: fixes an issue causing mutating webhook calls to
+  fail.
+- basic-auth: ignore password if nil on basic auth credential patch
+- http-log: Simplify queueing mechanism. Fixed a bug where traces were lost
+  in some cases.
+- request-transformer: validate header values in plugin configuration.
+- rate-limiting: added index on rate-limiting metrics.
+- **Upstream-tls**
+  - Fixes an issue where bundled **certificates** in PEM format were not loaded into 
+  the certificate store correctly.
+- ldap-auth: ensure TLS connections are reused.
+- oauth2: ensured access tokens preserve their `token_expiration` value when
+  migrating from previous Kong versions.
 
 #### Workspaces
 
@@ -124,11 +282,13 @@ not able to access the **Workspace** that the **Role** was assigned to.
 - Fixes a bug in the sign-up meta fields that caused data to disappear when a **Developer** is updated.
 - Fixes an issue where clicking on a **Developer** after clicking the credentials section ACL causes a 500 error.
 
-#### Plugins
+#### CLI
 
-- **Upstream-tls**
-  - Fixes an issue where bundled **certificates** in PEM format were not loaded into 
-  the certificate store correctly.
+- Fix `kong db_import` to support inserting entities without specifying a UUID
+  for their primary key. Entities with a unique identifier (e.g. `name` for
+  Services) can have their primary key omitted.
+- The `kong migrations [up|finish] -f` commands does not run anymore if there
+  are no previously executed migrations.
 
 ### Changes
 
diff --git a/app/enterprise/references/index.md b/app/enterprise/references/index.md
new file mode 100644
index 000000000000..8dbe1a67f9d7
--- /dev/null
+++ b/app/enterprise/references/index.md
@@ -0,0 +1,13 @@
+---
+title: Guides and References
+---
+
+![Welcome to the Kong Enterprise](https://konghq.com/wp-content/themes/konghq/assets/img/home/buildings.svg)
+
+<div class="docs-grid">
+
+  <div class="docs-grid-block">
+    <h3><img src="/assets/images/icons/documentation/icn-window.svg" /><a href="/enterprise/references/rate-limiting">Rate Limiting Library</a></h3>
+  </div>
+
+</div>
diff --git a/app/enterprise/references/rate-limiting.md b/app/enterprise/references/rate-limiting.md
new file mode 100644
index 000000000000..aaa478f03564
--- /dev/null
+++ b/app/enterprise/references/rate-limiting.md
@@ -0,0 +1,138 @@
+---
+title: Enterprise Rate Limiting Library
+layout: reference
+---
+
+## Overview
+
+This library is designed to provide an efficient, scalable, eventually-consistent sliding window rate limiting library. It relies on atomic operations in shared ngx memory zones to track window counters within a given node, periodically syncing this data to a central data store (current Cassandra, Postgres, and Redis).
+
+A sliding window rate limiting implementation tracks the number of hits assigned to a specific key (such as an IP address, Consumer, Credential, etc) within a given time window, taking into account previous hit rates to smooth out a calculated rate, while still providing a familiar windowing interface that modern developers are used to (e.g., n hits per second/minute/hour). This is similar to a fixed window implementation, in which request rates reset at the beginning of the window, but without the "reset bump" from which fixed window implementations suffer, while providing a more intuitive interface beyond what leaky bucket or token bucket implementations can offer. Note that we use the term "hit" instead of "request" when referring to incrementing values for rate limit keys, because this library provides an abstract rate limiting interface; a sliding window implementation may have uses outside of HTTP request rate limiting, thus, we describe this library in a more abstract sense.
+
+A sliding window takes into account a weighted value of the previous window when calculating the current rate for a given key. A window is defined as a period of time, starting at a given "floor" timestamp, where the floor is calculated based on the size of the window. For window sizes of 60 seconds, the floor always falls at the 0th second (e.g., at the beginning of any given minute). Likewise, windows with a size of 30 seconds will begin at the 0th and 30th seconds of each minute.
+
+Consider a rate limit of 10 hits per minute. In this configuration, this library will calculate the hit rate of a given key based on the number of hits for the current window (starting at the beginning of the current minute), and a weighted percentage of all hits of the previous window (e.g., the previous minute). This weight is calculated based on the current timestamp with respect to the window size in question; the farther away the current time is from the start of the previous window, the lower the weight percentage. This value is best expressed through an example:
+
+```
+current window rate: 10
+previous window rate: 40
+window size: 60
+window position: 30 (seconds past the start of the current window)
+weight = .5 (60 second window size - 30 seconds past the window start)
+
+rate = 'current rate' + 'previous weight' * 'weight'
+     = 10             + 40                * ('window size' - 'window position') / 'window size'
+     = 10             + 40                * (60 - 30) / 60
+     = 10             + 40                * .5
+     = 30
+```
+Strictly speaking, the formula used to define the weighting percentage is as follows:
+
+`weight = (window_size - (time() % window_size)) / window_size`
+
+Where `time()` is the value of the current Unix timestamp.
+
+Each node in the Kong cluster relies on its own in-memory data store as the source of truth for rate limiting counters. Periodically, each node pushes a counter increment for each key it saw to the cluster, which is expected to atomically apply this diff to the appropriate key. The node then retrieves this key's value from the data store, along with other relevant keys for this data sync cycle. In this manner, each node shares the relevant portions of data with the cluster, while relying on a very high-performance method of tracking data during each request. This cycle of converge -> diverge -> reconverge among nodes in the cluster provides our eventually-consistent model.
+
+he periodic rate at which nodes converge is configurable; shorter sync intervals will result in less divergence of data points when traffic is spread across multiple nodes in the cluster (e.g., when sitting behind a round robin balancer), whereas longer sync intervals put less r/w pressure on the datastore, and less overhead on each node to calculate diffs and fetch new synced values. The desirable value here depends on use case; when using cluster syncing to refresh nodes periodically (e.g., to inform new cluster nodes of counter data), a value of 10-30 seconds may be desirable, to minimize data store traffic. Contrarily, environments demanding stronger consistency between nodes (such as orchestrated deployments involving a high churn rate among cluster membership, or cases where strict rate limiting policies must be applied to node sitting behind a non-hashing load balancer) should use a lower sync period, on the order of milliseconds. The minimum possible value is 0.001 (1 millisecond), though practically this value is limited by network performance between Kong nodes and the configured data store.
+
+In addition to periodic data sync behavior, this library can implement rate limiting counter in a synchronous pattern by defining its `sync_rate` as `0`. In such a case, the given counter will be applied directly to the datastore. This behavior is desirable in cases where stronger consistency among the cluster is desired; such a configuration comes with the cost of needing to communicate with the datastore (or Redis) on every request, which can induce noticeable latency into the request ("noticeable" being a relative term of typically a few milliseconds, depending on the performance of the storage mechanism in question; for comparison, Kong typically processes requests on the order of tens of microseconds).
+
+This library can also forgo syncing counter data entirely, and only apply incremental counters to its local memory zone, by defining a `sync_rate` value of less than `0`. This behavior is useful when cluster-wide syncing of data is unnecessary, such as environments using only a single Kong node, or where Kong nodes live behind a hashing load balancer and are treated as isolated instances.
+
+Module configuration data, such as sync rate, shared dictionary name, storage policy, etc, is kept in a per-worker public configuration table. Multiple configurations can be defined as stored as arbitrary `namespaces` (more on this below).
+
+## Developer Notes
+### Public Functions
+The following public functions are provided by this library:
+
+`ratelimiting.new`
+
+_syntax: ok = ratelimiting.new(opts)_
+
+Define configurations for a new namespace. The following options are accepted:
+
+- dict: Name of the shared dictionary to use
+- sync_rate: Rate, in seconds, to sync data diffs to the storage server.
+- strategy: Storage strategy to use. currently cassandra, postgres, and redis are supported. Strategies must provide several public—functions defined below.
+- strategy_opts: A table of options used by the storage strategy. Currently only applicable for the 'redis' strategy.
+- namespace: String defining these config values. A namespace may only be defined once; if a namespace has already been defined on this worker, an error is thrown. If no namespace is defined, the literal string "default" will be used.
+- window_sizes: A list of window sizes used by this configuration.
+
+`ratelimiting.increment`
+
+_syntax: rate = ratelimiting.increment(key, window_size, value, namespace?)_
+
+Increment a given key for window_size by value. If namespace is undefined, the "default" namespace is used. value can be any number Lua type (but ensure that the storage strategy in use for this namespace can support decimal values if a non-integer value is provided). This function returns the sliding rate for this key/window_size after the increment of value has been applied.
+
+`ratelimit.sliding_window`
+
+_syntax: rate = ratelimit.sliding_window(key, window_size, cur_diff?, namespace?)_
+
+Return the current sliding rate for this key/window_size. An optional cur_diff value can be provided that overrides the current stored diff for this key. If `namespace` is undefined, the "default" namespace is used.
+
+`ratelimiting.sync`
+
+_syntax: ratelimiting.sync(premature, namespace?)_
+
+Sync all currently stored key diffs in this worker with the storage server, and retrieve the newly synced value. If namespace is undefined, the "default" `namespace` is used. Before the diffs are pushed, another sync call for the given namespace is scheduled at `sync_rate` seconds in the future. Given this, this function should typically be called during the `init_worker` phase to initialize the recurring timer. This function is intended to be called in an `ngx.timer` context; hence, the first variable represents the injected `premature` param.
+
+`ratelimiting.fetch`
+
+_syntax: ratelimiting.fetch(premature, namespace, time, timeout?)_
+
+Retrieve all relevant counters for the given namespace at the given time. This 
+function establishes a shm mutex such that only one worker will fetch and 
+populate the shm per execution. If timeout is defined, the mutex will expire 
+based on the given timeout value; otherwise, the mutex is unlocked immediately 
+following the dictionary update. This function can be called in an `ngx.timer` 
+context; hence, the first variable represents the injected `premature` param.
+
+### Strategy Functions
+
+Storage strategies must provide the following interfaces:
+
+#### strategy_class.new
+_syntax: strategy = strategy_class.new(dao_factory, opts)_
+
+Implement a new strategy object. `opts` is expected to be a table type, and can be used to pass opaque/arbitrary options to the strategy class.
+
+#### strategy:push_diffs
+_syntax: strategy:push_diffs(diffs)_
+
+Push a table of key diffs to the storage server. diffs is a table provided in the following format:
+
+```
+[1] = {
+    key = "1.2.3.4",
+    windows = {
+      {
+        window    = 12345610,
+        size      = 60,
+        diff      = 5,
+        namespace = foo,
+      },
+      {
+        window    = 12345670,
+        size      = 60,
+        diff      = 5,
+        namespace = foo,
+      },
+    }
+  },
+  ...
+  ["1.2.3.4"] = 1,
+  ...
+  ```
+
+#### strategy:get_counters
+
+_syntax: rows = strategy:get_counters(namespace, window_sizes, time?)_
+
+Return an iterator for each key stored in the datastore/redis for a given `namepsace` and list of window sizes. 'time' is an optional unix second- precision timestamp; if not provided, this value will be set via `ngx.time()`. It is encouraged to pass this via a previous defined timestamp, depending on the context (e.g., if previous calls in the same thread took a nontrivial amount of time to run).
+
+#### strategy:get_window
+
+_syntax: window = strategy:get_window(key, namespace, window_start, window_size)_
+
+Retrieve a single key from the data store based on the values provided.
diff --git a/app/install/aws-linux.md b/app/install/aws-linux.md
index ad9a37ca4bd8..d1352f642c7c 100644
--- a/app/install/aws-linux.md
+++ b/app/install/aws-linux.md
@@ -12,7 +12,7 @@ breadcrumbs:
 
 Start by downloading the following package specifically built for the Amazon Linux AMI:
 
-- [Download]({{ site.links.download }}/kong-rpm/download_file?file_path=amazonlinux/amazonlinux/kong-{{site.data.kong_latest.version}}.aws.rpm)
+- [Download]({{ site.links.download }}/kong-rpm/download_file?file_path=amazonlinux/amazonlinux/kong-{{site.data.kong_latest.version}}.aws.amd64.rpm)
 
 **Enterprise trial users** should download their package from their welcome email and save their license to `/etc/kong/license.json` after step 1.
 
diff --git a/app/install/centos.md b/app/install/centos.md
index a977ab991c58..6262d05a28da 100644
--- a/app/install/centos.md
+++ b/app/install/centos.md
@@ -11,8 +11,8 @@ breadcrumbs:
 
 Start by downloading the corresponding package for your configuration:
 
-- [CentOS 6]({{ site.links.download }}/kong-rpm/download_file?file_path=centos/6/kong-{{site.data.kong_latest.version}}.el6.noarch.rpm)
-- [CentOS 7]({{ site.links.download }}/kong-rpm/download_file?file_path=centos/7/kong-{{site.data.kong_latest.version}}.el7.noarch.rpm)
+- [CentOS 6]({{ site.links.download }}/kong-rpm/download_file?file_path=centos/6/kong-{{site.data.kong_latest.version}}.el6.amd64.rpm)
+- [CentOS 7]({{ site.links.download }}/kong-rpm/download_file?file_path=centos/7/kong-{{site.data.kong_latest.version}}.el7.amd64.rpm)
 
 **Enterprise trial users** should download their package from their welcome email and save their license to `/etc/kong/license.json` after step 1.
 
diff --git a/app/install/debian.md b/app/install/debian.md
index 8717e944931f..455c80f13aff 100644
--- a/app/install/debian.md
+++ b/app/install/debian.md
@@ -11,9 +11,9 @@ breadcrumbs:
 
 Start by downloading the corresponding package for your configuration:
 
-- [7 Wheezy]({{ site.links.download }}/kong-deb/download_file?file_path=kong-{{site.data.kong_latest.version}}.wheezy.all.deb)
-- [8 Jessie]({{ site.links.download }}/kong-deb/download_file?file_path=kong-{{site.data.kong_latest.version}}.jessie.all.deb)
-- [9 Stretch]({{ site.links.download }}/kong-deb/download_file?file_path=kong-{{site.data.kong_latest.version}}.stretch.all.deb)
+- [7 Wheezy]({{ site.links.download }}/kong-deb/download_file?file_path=kong-{{site.data.kong_latest.version}}.wheezy.amd64.deb)
+- [8 Jessie]({{ site.links.download }}/kong-deb/download_file?file_path=kong-{{site.data.kong_latest.version}}.jessie.amd64.deb)
+- [9 Stretch]({{ site.links.download }}/kong-deb/download_file?file_path=kong-{{site.data.kong_latest.version}}.stretch.amd64.deb)
 
 **Enterprise trial users** should download their package from their welcome email and save their license to `/etc/kong/license.json` after step 1.
 
diff --git a/app/install/kubernetes.md b/app/install/kubernetes.md
index bfa9e4f436a7..f032ceb4d0ab 100644
--- a/app/install/kubernetes.md
+++ b/app/install/kubernetes.md
@@ -76,7 +76,7 @@ The next step depends on whether you are going to use Kong with Cassandra, Postg
 
 For Cassandra, continue to [Cassandra Backed Kong](#cassandra-backed-kong)
 
-For Postgres, continue to [Postgres Backed Kong](#postgres-backed-kong)
+For Postgres, continue to [Postgres Backed Kong](#postgresql-backed-kong)
 
 For DB-less mode, continue to [Using Kong without a Database](#using-kong-without-a-database)
 
@@ -129,7 +129,7 @@ plane node
 $ kubectl -n kong apply -f kong-ingress-data-plane-postgres.yaml
 ```
 
-Continue to [Using Datastore Backed Kong](#using-datastore-backed-kong)
+If you are using installing the Kong Enterprise Trial, you will need to continue to [Additional PostgreSQL Steps for Kong Enterprise Trial Users](#additional-postgresql-steps-for-kong-enterprise-trial-users). Otherwise, continue to [Using Datastore Backed Kong](#using-datastore-backed-kong)
 
 ### Using Datastore Backed Kong
 
@@ -149,7 +149,7 @@ $ export HOST=$(kubectl get nodes --namespace default -o jsonpath='{.items[0].st
 $ export ADMIN_PORT=$(kubectl get svc --namespace kong kong-control-plane  -o jsonpath='{.spec.ports[0].nodePort}')
 ```
 
-Continue to [configuring a service](/latest/getting-started/configuring-a-service/).
+If you are installing the Kong Enterprise Trial, you will need to continue to [Final Steps for Kong Enterprise Trial Users](#final-steps-for-kong-enterprise-trial-users). Otherwise, continue to [configuring a service](/latest/getting-started/configuring-a-service/).
 
 ### Using Kong without a Database
 
@@ -188,7 +188,7 @@ $ export ADMIN_PORT=$(kubectl get svc --namespace kong kong-control-plane  -o js
 
 Continue to [db-less and declarative configuration documentation page](/latest/db-less-and-declarative-config/)
 
-## Additional Steps for Kong Enterprise Trial Users
+## Additional PostgreSQL Steps for Kong Enterprise Trial Users
 
 1. **Publish a Kong Enterprise Docker image to your container registry**
 
@@ -214,18 +214,46 @@ Continue to [db-less and declarative configuration documentation page](/latest/d
 
     ```yaml
     - name: KONG_LICENSE_DATA
-    value: '{"license":{"signature":"alongstringofcharacters","payload":{"customer":"Test Company","license_creation_date":"2018-03-06","product_subscription":"Kong Only","admin_seats":"5","support_plan":"Premier","license_expiration_date":"2018-06-04","license_key":"anotherstringofcharacters"},"version":1}}'
+      value: '{"license":{"signature":"alongstringofcharacters","payload":{"customer":"Test Company","license_creation_date":"2018-03-06","product_subscription":"Kong Only","admin_seats":"5","support_plan":"Premier","license_expiration_date":"2018-06-04","license_key":"anotherstringofcharacters"},"version":1}}'
     ```
 
 3. **Use the Kong Enterprise image**
 
     Edit `kong_trial_postgres.yaml` and `kong_trial_migration_postgres.yaml` and replace
-    `image: kong` with `image: gcr.io/<project ID>/kong-ee`, using the same project ID as above.
+    `image: kong` with `image: gcr.io/<project ID>/kong-ee`, using the same project ID as above.    
+
+4. **Updating Postgres configuration (Optional)**
+
+    The migration job assumes that your Postgres instance is located in the default namespace. If you followed the steps above, you can skip this step. If you used a different namespace, you will need to update the configuration. Update `kong_trial_migration_postgres.yaml` and set the `KONG_PG_HOST` env variable to `postgres.{namespace}.svc.cluster.local` so it looks like:
+    
+    ```yaml
+    - name: KONG_PG_HOST
+      value: postgres.{namespace}.svc.cluster.local
+    ```
+    
+Continue to [Using Datastore Backed Kong](#using-datastore-backed-kong)
+    
+## Final Steps for Kong Enterprise Trial Users
 
-4. **Deploy Kong Enterprise**
+1. **Deploy Kong Enterprise**
 
-    Continue from step 4 in the **Kong or Kong Enterprise via Manifest Files**
-    instruction above, using the `kong_trial_*` YAML files in the
+    You will need to deploy the `kong_trial_*` YAML files in the
     [Kong Enterprise Trial directory](https://github.com/Kong/kong-dist-kubernetes/tree/master/ee-trial).
-    Once Kong Enterprise is running, you should be able to access the Kong Admin GUI
-    at `<kong-admin-ip-address>:8002` or `https://<kong-ssl-admin-ip-address>:8445`.
+    using:
+    
+    ```yaml
+    kubectl apply -n kong -f ee-trial/kong_trial_migration_postgres.yaml
+    kubectl apply -n kong -f ee-trial/kong_trial_postgres.yaml
+    ```
+    
+2. **Access the Enterprise Dashboard**
+
+    Once Kong Enterprise is running, you should be able to access the Kong Admin UI. Use the BASH script below to obtain the URL's.
+    
+    ```bash
+    hostname="$(kubectl get service kong-admin -n kong -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"
+    sslhostname="$(kubectl get service kong-admin-ssl -n kong -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"
+    echo "Access the Admin UI at http://$hostname:8002 or https://$sslhostname:8445."
+    ```
+    
+Continue to [configuring a service](/latest/getting-started/configuring-a-service/).
diff --git a/app/install/redhat.md b/app/install/redhat.md
index 5f82c1fd434b..013387f3600c 100644
--- a/app/install/redhat.md
+++ b/app/install/redhat.md
@@ -13,8 +13,8 @@ breadcrumbs:
 
 Start by downloading the corresponding package for your configuration:
 
-- [RHEL 6]({{ site.links.download }}/kong-rpm/download_file?file_path=rhel/6/kong-{{site.data.kong_latest.version}}.rhel6.noarch.rpm)
-- [RHEL 7]({{ site.links.download }}/kong-rpm/download_file?file_path=rhel/7/kong-{{site.data.kong_latest.version}}.rhel7.noarch.rpm)
+- [RHEL 6]({{ site.links.download }}/kong-rpm/download_file?file_path=rhel/6/kong-{{site.data.kong_latest.version}}.rhel6.amd64.rpm)
+- [RHEL 7]({{ site.links.download }}/kong-rpm/download_file?file_path=rhel/7/kong-{{site.data.kong_latest.version}}.rhel7.amd64.rpm)
 
 **Enterprise trial users** should download their package from their welcome email and save their license to `/etc/kong/license.json` after step 1.
 
diff --git a/app/install/ubuntu.md b/app/install/ubuntu.md
index 53d615ace517..5759176d884b 100644
--- a/app/install/ubuntu.md
+++ b/app/install/ubuntu.md
@@ -11,11 +11,11 @@ breadcrumbs:
 
 Start by downloading the corresponding package for your configuration:
 
-- [12.04 Precise]({{ site.links.download }}/kong-deb/download_file?file_path=kong-{{site.data.kong_latest.version}}.precise.all.deb)
-- [14.04 Trusty]({{ site.links.download }}/kong-deb/download_file?file_path=kong-{{site.data.kong_latest.version}}.trusty.all.deb)
-- [16.04 Xenial]({{ site.links.download }}/kong-deb/download_file?file_path=kong-{{site.data.kong_latest.version}}.xenial.all.deb)
-- [17.04 Zesty]({{ site.links.download }}/kong-deb/download_file?file_path=kong-{{site.data.kong_latest.version}}.zesty.all.deb)
-- [18.04 Bionic]({{ site.links.download }}/kong-deb/download_file?file_path=kong-{{site.data.kong_latest.version}}.bionic.all.deb)
+- [12.04 Precise]({{ site.links.download }}/kong-deb/download_file?file_path=kong-{{site.data.kong_latest.version}}.precise.amd64.deb)
+- [14.04 Trusty]({{ site.links.download }}/kong-deb/download_file?file_path=kong-{{site.data.kong_latest.version}}.trusty.amd64.deb)
+- [16.04 Xenial]({{ site.links.download }}/kong-deb/download_file?file_path=kong-{{site.data.kong_latest.version}}.xenial.amd64.deb)
+- [17.04 Zesty]({{ site.links.download }}/kong-deb/download_file?file_path=kong-{{site.data.kong_latest.version}}.zesty.amd64.deb)
+- [18.04 Bionic]({{ site.links.download }}/kong-deb/download_file?file_path=kong-{{site.data.kong_latest.version}}.bionic.amd64.deb)
 
 **Enterprise trial users** should download their package from their welcome email and save their license to `/etc/kong/license.json` after step 1.
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 02328496ce2d..da6ddd20dc11 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,7 +3,7 @@ version: '3.4'
 services:
   jekyll:
     build: .
-    user: jekyll
+    command: ${COMMAND:-make run}
     volumes:
       - .:/srv/jekyll
     ports:
diff --git a/entrypoint.sh b/entrypoint.sh
index 5c0fb71f33bf..a9c940326eab 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,7 +1,5 @@
 #!/bin/bash
 
-npm install -g yarn
-npm install -g gulp
 bundle install
 yarn --ignore-engines
 gulp clean
diff --git a/gulpfile.js b/gulpfile.js
index d5ac6e7d2939..9d9398067a16 100644
--- a/gulpfile.js
+++ b/gulpfile.js
@@ -43,94 +43,127 @@ var dest = {
   js: paths.dist + 'assets/app.js'
 }
 
-gulp.task('copycss', function () {
-  gulp.src(paths.assets + 'css/*.css')
+var reload = browserSync.reload
+
+
+/* Functions
+--------------------------------------- */
+
+// Basic Tasks
+function css() {
+  return gulp.src(paths.assets + 'css/*.css')
     .pipe(gulp.dest(paths.dist + 'assets'))
-})
+}
 
-gulp.task('styles', function () {
+function styles() {
   return gulp.src(paths.assets + 'stylesheets/index.less')
     .pipe($.plumber())
     .pipe($.if(dev, $.sourcemaps.init()))
     .pipe($.less())
     .pipe($.autoprefixer())
-    .pipe($.purifycss([dest.html], {
-      whitelist: [
-        '.affix',
-        '.alert',
-        '.close',
-        '.collaps',
-        '.fade',
-        '.has',
-        '.help',
-        '.in',
-        '.modal',
-        '.open',
-        '.popover',
-        '.tooltip'
-      ]
-    }))
+    // .pipe($.purifycss([dest.html], {
+    //   whitelist: [
+    //     '.affix',
+    //     '.alert',
+    //     '.close',
+    //     '.collaps',
+    //     '.fade',
+    //     '.has',
+    //     '.help',
+    //     '.in',
+    //     '.modal',
+    //     '.open',
+    //     '.popover',
+    //     '.tooltip'
+    //   ]
+    // }))
     .pipe($.cleanCss({ compatibility: 'ie8' }))
     .pipe($.rename('styles.css'))
     .pipe($.if(dev, $.sourcemaps.write()))
     .pipe(gulp.dest(paths.dist + 'assets'))
     .pipe($.size())
     .pipe(browserSync.stream())
-})
+}
 
-gulp.task('javascripts', function () {
+function js() {
   return gulp.src(sources.js)
     .pipe($.plumber())
     .pipe($.if(dev, $.sourcemaps.init()))
-    .pipe($.minify({
-      noSource: true,
-      ext: {
-        min: '.js'
-      }
-    }))
     .pipe($.concat('app.js'))
     .pipe($.if(dev, $.sourcemaps.write()))
     .pipe(gulp.dest('dist/assets'))
-    .pipe($.size())
     .pipe(browserSync.stream())
-})
+}
 
-gulp.task('images', function () {
+function js_min() {
+  return gulp.src(sources.js)
+  .pipe($.plumber())
+  .pipe($.if(dev, $.sourcemaps.init()))
+  .pipe($.minify({
+    noSource: true,
+    ext: {
+      min: '.js'
+    }
+  }))
+  .pipe($.concat('app.js'))
+  .pipe($.if(dev, $.sourcemaps.write()))
+  .pipe(gulp.dest('dist/assets'))
+  .pipe($.size())
+  .pipe(browserSync.stream())
+}
+
+function images() {
   return gulp.src(sources.images)
     .pipe($.plumber())
-    .pipe($.imagemin())
     .pipe(gulp.dest(paths.dist + 'assets/images'))
-    .pipe($.size())
-})
+}
+
+function images_min() {
+  return gulp.src(sources.images)
+  .pipe($.plumber())
+  .pipe($.imagemin())
+  .pipe(gulp.dest(paths.dist + 'assets/images'))
+  .pipe($.size())
+}
 
-gulp.task('fonts', function () {
+function fonts() {
   return gulp.src(sources.fonts)
     .pipe($.plumber())
     .pipe(gulp.dest(paths.dist + 'assets/fonts'))
     .pipe($.size())
     .pipe(browserSync.stream())
-})
+}
+
+function jekyll(cb) {
+  var command = 'bundle exec jekyll build --config jekyll.yml --profile --destination ' + paths.dist
+
+  childProcess.exec(command, function (err, stdout, stderr) {
+    log(stdout)
+    log(stderr)
+    cb(err)
+  })
+}
 
-gulp.task('jekyll', function (cb) {
-  var command = 'bundle exec jekyll build --config jekyll.yml --destination ' + paths.dist
+function jekyll_dev(cb) {
+  var command = 'bundle exec jekyll build --config jekyll-dev.yml --profile --destination ' + paths.dist
 
   childProcess.exec(command, function (err, stdout, stderr) {
     log(stdout)
     log(stderr)
     cb(err)
   })
-})
+}
 
-gulp.task('html', ['jekyll'], function () {
+function html() {
   return gulp.src(paths.dist + '/**/*.html')
     .pipe($.plumber())
-    // Prefetch static assets
-    // .pipe($.resourceHints())
     .pipe(gulp.dest(paths.dist))
     .pipe($.size())
-})
+}
+
 
-gulp.task('pdk-docs', function (cb) {
+// Lua Tasks
+function pdk_docs(cb) {
   var KONG_PATH, KONG_VERSION,
     navFilepath, doc, pdkRegex, newNav, newDoc,
     cmd, obj, errLog,
@@ -231,9 +264,9 @@ gulp.task('pdk-docs', function (cb) {
   confFilepath = 'app/_data/pdk_info.yml'
   fs.writeFileSync(confFilepath, 'sha1: ' + gitSha1 + '\n')
   log('git SHA-1 (' + gitSha1 + ') written to ' + confFilepath)
-})
+}
 
-gulp.task('admin-api-docs', function (cb) {
+function admin_api_docs(cb) {
   var KONG_PATH, KONG_VERSION, cmd, obj, errLog
 
   // 0 Obtain "env-var params"
@@ -256,9 +289,9 @@ gulp.task('admin-api-docs', function (cb) {
   }
 
   log('Re-generated Admin API docs for ' + KONG_VERSION)
-})
+}
 
-gulp.task('cli-docs', function (cb) {
+function cli_docs(cb) {
   var KONG_PATH, KONG_VERSION, cmd, obj, errLog
 
   // 0 Obtain "env-var params"
@@ -281,9 +314,9 @@ gulp.task('cli-docs', function (cb) {
   }
 
   log('Re-generated CLI docs for ' + KONG_VERSION)
-})
+}
 
-gulp.task('conf-docs', function (cb) {
+function conf_docs(cb) {
   var KONG_PATH, KONG_VERSION, cmd, obj, errLog
 
   // 0 Obtain "env-var params"
@@ -306,9 +339,9 @@ gulp.task('conf-docs', function (cb) {
   }
 
   log('Re-generated Conf docs for ' + KONG_VERSION)
-})
+}
 
-gulp.task('nav-docs', function (cb) {
+function nav_docs(cb) {
   var KONG_VERSION, cmd, obj, errLog
 
   // 0 Obtain "env-var params"
@@ -326,18 +359,10 @@ gulp.task('nav-docs', function (cb) {
   }
 
   log('Re-generated navigation file for ' + KONG_VERSION)
-})
-
-gulp.task('clean', function () {
-  ghPages.clean()
-  return del(['dist', '.gh-pages'])
-})
-
-gulp.task('build', ['javascripts', 'images', 'fonts', 'copycss'], function (cb) {
-  sequence('html', 'styles', cb)
-})
+}
 
-gulp.task('browser-sync', function () {
+// Custom Tasks
+function browser_sync(done) {
   browserSync.init({
     logPrefix: ' ▶ ',
     minify: false,
@@ -345,9 +370,10 @@ gulp.task('browser-sync', function () {
     server: 'dist',
     open: false
   })
-})
+  done()
+}
 
-gulp.task('gh-pages', function (cb) {
+function gh_pages(cb) {
   var cmd = 'git rev-parse --short HEAD'
 
   childProcess.exec(cmd, function (err, stdout, stderr) {
@@ -359,9 +385,9 @@ gulp.task('gh-pages', function (cb) {
       message: 'Deploying ' + stdout + '(' + new Date().toISOString() + ')'
     }, cb)
   })
-})
+}
 
-gulp.task('cloudflare', function (cb) {
+function cloudflare(cb) {
   // configure cloudflare
   var cloudflare = require('cloudflare').createClient({
     email: process.env.MASHAPE_CLOUDFLARE_EMAIL,
@@ -375,39 +401,61 @@ gulp.task('cloudflare', function (cb) {
 
     cb()
   })
-})
-
-gulp.task('deploy', function (cb) {
-  sequence('build', 'gh-pages', cb)
-})
-
-gulp.task('watch', function () {
-  gulp.watch(sources.content, ['html-watch'])
-  gulp.watch(sources.styles, ['styles'])
-  gulp.watch(sources.images, ['images-watch'])
-  gulp.watch(sources.js, ['javascripts'])
-  gulp.watch(paths.assets + 'css/hub.css', ['copycss'])
-})
-
-gulp.task('html-watch', ['html'], function (cb) {
-  browserSync.reload()
-  cb()
-})
+}
 
-gulp.task('images-watch', ['images'], function (cb) {
-  browserSync.reload()
-  cb()
-})
+function clean() {
+  ghPages.clean()
+  return del(['dist', '.gh-pages'])
+}
 
-gulp.task('default', ['clean'], function (cb) {
-  sequence('build', 'browser-sync', 'copycss', 'watch', cb)
-})
+function watch_files() {
+  gulp.watch(sources.content, gulp.series(jekyll_dev, html, reload))
+  gulp.watch(sources.styles, styles)
+  gulp.watch(sources.images, gulp.series(images, reload))
+  gulp.watch(sources.js, gulp.series(js, reload))
+  gulp.watch(paths.assets + 'css/hub.css', css)
+}
 
-gulp.task('setdev', function (cb) {
+function set_dev(cb) {
   dev = true
   cb()
-})
+}
+
+/*----------------------------------------*/
+
+// Basic Tasks
+gulp.task("js", js)
+gulp.task("js_min", js_min)
+gulp.task("css", css)
+gulp.task("styles", styles)
+gulp.task("images", images)
+gulp.task("images_min", images_min)
+gulp.task("fonts", fonts)
+gulp.task("jekyll", jekyll)
+gulp.task("jekyll_dev", jekyll_dev)
+gulp.task("html", html)
+
+// Lua Tasks
+gulp.task("pdk_docs", pdk_docs)
+gulp.task("admin_api_docs", admin_api_docs)
+gulp.task("cli_docs", cli_docs)
+gulp.task("conf_docs", conf_docs)
+gulp.task("nav_docs", nav_docs)
+
+// Custom Tasks
+gulp.task("browser_sync", browser_sync)
+gulp.task("gh_pages", gh_pages)
+gulp.task("cloudflare", cloudflare)
+gulp.task("set_dev", set_dev)
+
+
+// Gulp Commands
+gulp.task("build", gulp.series(gulp.parallel(js, images, fonts, css), jekyll, html, styles))
+
+gulp.task("watch", gulp.series(browser_sync, watch_files))
+
+gulp.task("dev", gulp.series(set_dev, clean, gulp.parallel(js, images, fonts, css), jekyll, html, styles, browser_sync, watch_files))
+
+gulp.task('default', gulp.series(clean, gulp.parallel(js, images, fonts, css), jekyll_dev, html, styles, browser_sync, watch_files))
 
-gulp.task('dev', ['setdev'], function (cb) {
-  sequence('default', cb)
-})
+gulp.task("deploy", gulp.series(gulp.parallel(js_min, images_min, fonts, css), jekyll, html, styles, gh_pages))
diff --git a/jekyll-dev.yml b/jekyll-dev.yml
new file mode 100644
index 000000000000..6f1209d7c662
--- /dev/null
+++ b/jekyll-dev.yml
@@ -0,0 +1,110 @@
+# Build settings
+source: app
+destination: dist
+permalink: pretty
+timezone: America/San_Francisco
+markdown: kramdown
+incremental: true
+
+kramdown:
+  syntax_highlighter_opts:
+    disable : true
+
+keep_files:
+  - assets
+
+# Site settings
+name: Kong
+title: Open-Source API Management and Microservice Management
+description: "Secure, Manage &amp; Extend your APIs or Microservices with plugins for authentication, logging, rate-limiting, transformations and more."
+links:
+  web: https://docs.konghq.com
+  share: https://docs.konghq.com # legacy link, must maintain for social sharing counters
+  download: https://bintray.com/kong
+  instaclustr: "https://www.instaclustr.com/products/kong/?utm_source=partnership&utm_medium=link&utm_campaign=mashape"
+repos:
+  kong: https://github.com/Kong/kong
+  docs: https://github.com/Kong/docs.konghq.com
+  vagrant: https://github.com/Kong/kong-vagrant
+  homebrew: https://github.com/Kong/homebrew-kong
+  cloudformation: https://github.com/Kong/kong-dist-cloudformation
+  oauth2_hello_world: https://github.com/Kong/kong-oauth2-hello-world
+
+collections:
+  hub:
+    output: true
+    layout: extension
+
+# for Kong platform extensions (not Jekyll)
+extensions:
+  categories:
+    - name: Authentication
+      slug: authentication
+      desc: Protect your services with an authentication layer
+    - name: Security
+      slug: security
+      desc: Protect your services with additional security layer
+    - name: Traffic Control
+      slug: traffic-control
+      desc: Manage, throttle and restrict inbound and outbound API traffic
+    - name: Serverless
+      slug: serverless
+      desc: Invoke serverless functions in combination with other plugins
+    - name: Analytics & Monitoring
+      slug: analytics-monitoring
+      desc: Visualize, inspect and monitor APIs and microservices traffic
+    - name: Transformations
+      slug: transformations
+      desc: Transform request and responses on the fly on Kong
+    - name: Logging
+      slug: logging
+      desc: Log request and response data using the best transport for your infrastructure
+    - name: Deployment
+      slug: deployment
+      desc: Deploy and configure Kong in many environments
+  types:
+    - name: plugin
+      slug: plugin
+    - name: integration
+      slug: integration
+    # - name: dev portal extension
+    #   slug: dev-mod
+
+exclude:
+  - node_modules
+  - jekyll-cache
+
+# location vars
+icons_dir: assets/images/icons
+
+plugins:
+  - jekyll-redirect-from
+
+defaults:
+  - scope:
+      path: ''
+    values:
+      layout: 'docs'
+
+  - scope:
+      path: 'install'
+    values:
+      layout: 'install'
+
+  - scope:
+      path: 'docs/ee'
+    values:
+      layout: 'docs'
+
+  - scope:
+      path: 'about'
+    values:
+      layout: 'about'
+      header_html: '<a class="github-button" href="https://github.com/Kong/kong" data-style="mega" data-count-href="/Kong/kong/stargazers" data-count-api="/repos/Kong/kong#stargazers_count" data-count-aria-label="# stargazers on GitHub" aria-label="Star Kong/kong on GitHub">Star</a>&nbsp;<a class="github-button" href="https://github.com/Kong/kong/fork" data-icon="octicon-repo-forked" data-style="mega" data-count-href="/Kong/kong/network" data-count-api="/repos/Kong/kong#forks_count" data-count-aria-label="# forks on GitHub" aria-label="Fork Kong/kong on GitHub">Fork</a>'
+      breadcrumbs: null
+
+  - scope:
+      type: hub
+    values:
+      layout: extension
+      permalink: /:collection/:path
diff --git a/package-lock.json b/package-lock.json
index a92b0607d55b..3d0b0dbe8677 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4,6 +4,57 @@
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
+    "@babel/code-frame": {
+      "version": "7.5.5",
+      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.5.5.tgz",
+      "integrity": "sha512-27d4lZoomVyo51VegxI20xZPuSHusqbQag/ztrBC7wegWoQ1nLREPVSKSW8byhTlzTKyNE4ifaTA6lCp7JjpFw==",
+      "dev": true,
+      "requires": {
+        "@babel/highlight": "^7.0.0"
+      }
+    },
+    "@babel/highlight": {
+      "version": "7.5.0",
+      "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.5.0.tgz",
+      "integrity": "sha512-7dV4eu9gBxoM0dAnj/BCFDW9LFU0zvTrkq0ugM7pnHEgguOEeOz1so2ZghEdzviYzQEED0r4EAgpsBChKy1TRQ==",
+      "dev": true,
+      "requires": {
+        "chalk": "^2.0.0",
+        "esutils": "^2.0.2",
+        "js-tokens": "^4.0.0"
+      },
+      "dependencies": {
+        "ansi-styles": {
+          "version": "3.2.1",
+          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
+          "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
+          "dev": true,
+          "requires": {
+            "color-convert": "^1.9.0"
+          }
+        },
+        "chalk": {
+          "version": "2.4.2",
+          "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
+          "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
+          "dev": true,
+          "requires": {
+            "ansi-styles": "^3.2.1",
+            "escape-string-regexp": "^1.0.5",
+            "supports-color": "^5.3.0"
+          }
+        },
+        "supports-color": {
+          "version": "5.5.0",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+          "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+          "dev": true,
+          "requires": {
+            "has-flag": "^3.0.0"
+          }
+        }
+      }
+    },
     "@gulp-sourcemaps/identity-map": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/@gulp-sourcemaps/identity-map/-/identity-map-1.0.2.tgz",
@@ -17,6 +68,12 @@
         "through2": "^2.0.3"
       },
       "dependencies": {
+        "acorn": {
+          "version": "5.7.3",
+          "resolved": "https://registry.npmjs.org/acorn/-/acorn-5.7.3.tgz",
+          "integrity": "sha512-T/zvzYRfbVojPWahDsE5evJdHb3oJoQfFbsrKM7w5Zcs++Tr257tia3BmMP8XYVjp1S9RZXQMh7gao96BlqZOw==",
+          "dev": true
+        },
         "source-map": {
           "version": "0.6.1",
           "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
@@ -35,22 +92,32 @@
         "through2": "^2.0.3"
       }
     },
-    "@mrmlnc/readdir-enhanced": {
-      "version": "2.2.1",
-      "resolved": "https://registry.npmjs.org/@mrmlnc/readdir-enhanced/-/readdir-enhanced-2.2.1.tgz",
-      "integrity": "sha512-bPHp6Ji8b41szTOcaP63VlnbbO5Ny6dwAATtY6JTjh5N2OLrb5Qk/Th5cRkRQhkWCt+EJsYrNB0MiL+Gpn6e3g==",
+    "@nodelib/fs.scandir": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.2.tgz",
+      "integrity": "sha512-wrIBsjA5pl13f0RN4Zx4FNWmU71lv03meGKnqRUoCyan17s4V3WL92f3w3AIuWbNnpcrQyFBU5qMavJoB8d27w==",
       "dev": true,
       "requires": {
-        "call-me-maybe": "^1.0.1",
-        "glob-to-regexp": "^0.3.0"
+        "@nodelib/fs.stat": "2.0.2",
+        "run-parallel": "^1.1.9"
       }
     },
     "@nodelib/fs.stat": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-1.1.3.tgz",
-      "integrity": "sha512-shAmDyaQC4H92APFoIaVDHCx5bStIocgvbwQyxPRrbUY20V1EYTbSDchWbuwlMG3V17cprZhA6+78JfB+3DTPw==",
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.2.tgz",
+      "integrity": "sha512-z8+wGWV2dgUhLqrtRYa03yDx4HWMvXKi1z8g3m2JyxAx8F7xk74asqPk5LAETjqDSGLFML/6CDl0+yFunSYicw==",
       "dev": true
     },
+    "@nodelib/fs.walk": {
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.3.tgz",
+      "integrity": "sha512-l6t8xEhfK9Sa4YO5mIRdau7XSOADfmh3jCr0evNHdY+HNkW6xuQhgMH7D73VV6WpZOagrW0UludvMTiifiwTfA==",
+      "dev": true,
+      "requires": {
+        "@nodelib/fs.scandir": "2.1.2",
+        "fastq": "^1.6.0"
+      }
+    },
     "@sindresorhus/is": {
       "version": "0.7.0",
       "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-0.7.0.tgz",
@@ -81,9 +148,9 @@
       "dev": true
     },
     "@types/node": {
-      "version": "12.0.4",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-12.0.4.tgz",
-      "integrity": "sha512-j8YL2C0fXq7IONwl/Ud5Kt0PeXw22zGERt+HSSnwbKOJVsAGkEz3sFCYwaF9IOuoG1HOtE0vKCj6sXF7Q0+Vaw==",
+      "version": "12.7.5",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-12.7.5.tgz",
+      "integrity": "sha512-9fq4jZVhPNW8r+UYKnxF1e2HkDWOWKM5bC2/7c9wPV835I0aOrVbS/Hw/pWPk2uKrNXQqg9Z959Kz+IYDd5p3w==",
       "dev": true
     },
     "@types/q": {
@@ -93,6 +160,12 @@
       "dev": true,
       "optional": true
     },
+    "abbrev": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz",
+      "integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==",
+      "dev": true
+    },
     "accepts": {
       "version": "1.3.7",
       "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.7.tgz",
@@ -121,9 +194,9 @@
       }
     },
     "accord": {
-      "version": "0.28.0",
-      "resolved": "https://registry.npmjs.org/accord/-/accord-0.28.0.tgz",
-      "integrity": "sha512-sPF34gqHegaCSryKf5wHJ8wREK1dTZnHmC9hsB7D8xjntRdd30DXDPKf0YVIcSvnXJmcYu5SCvZRz28H++kFhQ==",
+      "version": "0.29.0",
+      "resolved": "https://registry.npmjs.org/accord/-/accord-0.29.0.tgz",
+      "integrity": "sha512-3OOR92FTc2p5/EcOzPcXp+Cbo+3C15nV9RXHlOUBCBpHhcB+0frbSNR9ehED/o7sTcyGVtqGJpguToEdlXhD0w==",
       "dev": true,
       "requires": {
         "convert-source-map": "^1.5.0",
@@ -140,34 +213,18 @@
         "semver": "^5.3.0",
         "uglify-js": "^2.8.22",
         "when": "^3.7.8"
-      },
-      "dependencies": {
-        "glob": {
-          "version": "7.1.2",
-          "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.2.tgz",
-          "integrity": "sha512-MJTUg1kjuLeQCJ+ccE4Vpa6kKVXkPYJ2mOCQyUuKLcLQsdrMCpBPUi8qVE6+YuaJkozeA9NusTAw3hLr8Xe5EQ==",
-          "dev": true,
-          "requires": {
-            "fs.realpath": "^1.0.0",
-            "inflight": "^1.0.4",
-            "inherits": "2",
-            "minimatch": "^3.0.4",
-            "once": "^1.3.0",
-            "path-is-absolute": "^1.0.0"
-          }
-        }
       }
     },
     "acorn": {
-      "version": "5.7.3",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-5.7.3.tgz",
-      "integrity": "sha512-T/zvzYRfbVojPWahDsE5evJdHb3oJoQfFbsrKM7w5Zcs++Tr257tia3BmMP8XYVjp1S9RZXQMh7gao96BlqZOw==",
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.0.0.tgz",
+      "integrity": "sha512-PaF/MduxijYYt7unVGRuds1vBC9bFxbNf+VWqhOClfdgy7RlVkQqt610ig1/yxTgsDIfW1cWDel5EBbOy3jdtQ==",
       "dev": true
     },
     "acorn-jsx": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.0.1.tgz",
-      "integrity": "sha512-HJ7CfNHrfJLlNTzIEUTj43LNWGkqpRLxm3YjAlcD0ACydk9XynzYsCBHxut+iqt+1aBXkx9UP/w/ZqMr13XIzg==",
+      "version": "5.0.2",
+      "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.0.2.tgz",
+      "integrity": "sha512-tiNTrP1MP0QrChmD2DdupCr6HWSFeKVw5d/dHTu4Y7rkAkRhU/Dt7dphAfIUyxtHpl/eBVip5uTNSpQJHylpAw==",
       "dev": true
     },
     "after": {
@@ -177,39 +234,43 @@
       "dev": true
     },
     "agent-base": {
-      "version": "4.2.1",
-      "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-4.2.1.tgz",
-      "integrity": "sha512-JVwXMr9nHYTUXsBFKUqhJwvlcYU/blreOEUkhNR2eXZIvwd+c+o5V4MgDPKWnMS/56awN3TRzIP+KoPn+roQtg==",
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-4.3.0.tgz",
+      "integrity": "sha512-salcGninV0nPrwpGNn4VTXBb1SOuXQBiqbrNXoeizJsHrsL6ERFM2Ne3JUSBWRE6aeNJI2ROP/WEEIDUiDe3cg==",
       "dev": true,
       "requires": {
         "es6-promisify": "^5.0.0"
       }
     },
-    "ajv": {
-      "version": "4.11.8",
-      "resolved": "https://registry.npmjs.org/ajv/-/ajv-4.11.8.tgz",
-      "integrity": "sha1-gv+wKynmYq5TvcIK8VlHcGc5xTY=",
+    "aggregate-error": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.0.0.tgz",
+      "integrity": "sha512-yKD9kEoJIR+2IFqhMwayIBgheLYbB3PS2OBhWae1L/ODTd/JF/30cW0bc9TqzRL3k4U41Dieu3BF4I29p8xesA==",
       "dev": true,
-      "optional": true,
       "requires": {
-        "co": "^4.6.0",
-        "json-stable-stringify": "^1.0.1"
+        "clean-stack": "^2.0.0",
+        "indent-string": "^3.2.0"
       },
       "dependencies": {
-        "co": {
-          "version": "4.6.0",
-          "resolved": "https://registry.npmjs.org/co/-/co-4.6.0.tgz",
-          "integrity": "sha1-bqa989hTrlTMuOR7+gvz+QMfsYQ=",
-          "dev": true,
-          "optional": true
+        "indent-string": {
+          "version": "3.2.0",
+          "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-3.2.0.tgz",
+          "integrity": "sha1-Sl/W0nzDMvN+VBmlBNu4NxBckok=",
+          "dev": true
         }
       }
     },
-    "ajv-keywords": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.4.0.tgz",
-      "integrity": "sha512-aUjdRFISbuFOl0EIZc+9e4FfZp0bDZgAdOOf30bJmw8VM9v84SHyVyxDfbWxpGYbdZD/9XoKxfHVNmxPkhwyGw==",
-      "dev": true
+    "ajv": {
+      "version": "6.10.2",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.10.2.tgz",
+      "integrity": "sha512-TXtUUEYHuaTEbLZWIKUr5pmBuhDLy+8KYtPYdcV8qC+pOZL+NKqYwvWSRrVXHn+ZmRRAu8vJTAznH7Oag6RVRw==",
+      "dev": true,
+      "requires": {
+        "fast-deep-equal": "^2.0.1",
+        "fast-json-stable-stringify": "^2.0.0",
+        "json-schema-traverse": "^0.4.1",
+        "uri-js": "^4.2.2"
+      }
     },
     "align-text": {
       "version": "0.1.4",
@@ -298,6 +359,15 @@
         "normalize-path": "^2.1.1"
       }
     },
+    "append-buffer": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/append-buffer/-/append-buffer-1.0.2.tgz",
+      "integrity": "sha1-2CIM9GYIFSXv6lBhTz3mUU36WPE=",
+      "dev": true,
+      "requires": {
+        "buffer-equal": "^1.0.0"
+      }
+    },
     "arch": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/arch/-/arch-2.1.1.tgz",
@@ -344,24 +414,36 @@
       "integrity": "sha1-1kYQdP6/7HHn4VI1dhoyml3HxSA=",
       "dev": true
     },
+    "arr-filter": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/arr-filter/-/arr-filter-1.1.2.tgz",
+      "integrity": "sha1-Q/3d0JHo7xGqTEXZzcGOLf8XEe4=",
+      "dev": true,
+      "requires": {
+        "make-iterator": "^1.0.0"
+      }
+    },
     "arr-flatten": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/arr-flatten/-/arr-flatten-1.1.0.tgz",
       "integrity": "sha512-L3hKV5R/p5o81R7O02IGnwpDmkp6E982XhtbuwSe3O4qOtMMMtodicASA1Cny2U+aCXcNpml+m4dPsvsJ3jatg==",
       "dev": true
     },
+    "arr-map": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/arr-map/-/arr-map-2.0.2.tgz",
+      "integrity": "sha1-Onc0X/wc814qkYJWAfnljy4kysQ=",
+      "dev": true,
+      "requires": {
+        "make-iterator": "^1.0.0"
+      }
+    },
     "arr-union": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/arr-union/-/arr-union-3.1.0.tgz",
       "integrity": "sha1-45sJrqne+Gao8gbiiK9jkZuuOcQ=",
       "dev": true
     },
-    "array-differ": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/array-differ/-/array-differ-1.0.0.tgz",
-      "integrity": "sha1-7/UuN1gknTO+QCuLuOVkuytdQDE=",
-      "dev": true
-    },
     "array-each": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/array-each/-/array-each-1.0.1.tgz",
@@ -384,12 +466,66 @@
         "es-abstract": "^1.7.0"
       }
     },
+    "array-initial": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/array-initial/-/array-initial-1.1.0.tgz",
+      "integrity": "sha1-L6dLJnOTccOUe9enrcc74zSz15U=",
+      "dev": true,
+      "requires": {
+        "array-slice": "^1.0.0",
+        "is-number": "^4.0.0"
+      },
+      "dependencies": {
+        "is-number": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/is-number/-/is-number-4.0.0.tgz",
+          "integrity": "sha512-rSklcAIlf1OmFdyAqbnWTLVelsQ58uvZ66S/ZyawjWqIviTWCjg2PzVGw8WUA+nNuPTqb4wgA+NszrJ+08LlgQ==",
+          "dev": true
+        }
+      }
+    },
+    "array-last": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/array-last/-/array-last-1.3.0.tgz",
+      "integrity": "sha512-eOCut5rXlI6aCOS7Z7kCplKRKyiFQ6dHFBem4PwlwKeNFk2/XxTrhRh5T9PyaEWGy/NHTZWbY+nsZlNFJu9rYg==",
+      "dev": true,
+      "requires": {
+        "is-number": "^4.0.0"
+      },
+      "dependencies": {
+        "is-number": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/is-number/-/is-number-4.0.0.tgz",
+          "integrity": "sha512-rSklcAIlf1OmFdyAqbnWTLVelsQ58uvZ66S/ZyawjWqIviTWCjg2PzVGw8WUA+nNuPTqb4wgA+NszrJ+08LlgQ==",
+          "dev": true
+        }
+      }
+    },
     "array-slice": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/array-slice/-/array-slice-1.1.0.tgz",
       "integrity": "sha512-B1qMD3RBP7O8o0H2KbrXDyB0IccejMF15+87Lvlor12ONPRHP6gTjXMNkt/d3ZuOGbAe66hFmaCfECI24Ufp6w==",
       "dev": true
     },
+    "array-sort": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/array-sort/-/array-sort-1.0.0.tgz",
+      "integrity": "sha512-ihLeJkonmdiAsD7vpgN3CRcx2J2S0TiYW+IS/5zHBI7mKUq3ySvBdzzBfD236ubDBQFiiyG3SWCPc+msQ9KoYg==",
+      "dev": true,
+      "requires": {
+        "default-compare": "^1.0.0",
+        "get-value": "^2.0.6",
+        "kind-of": "^5.0.2"
+      },
+      "dependencies": {
+        "kind-of": {
+          "version": "5.1.0",
+          "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz",
+          "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==",
+          "dev": true
+        }
+      }
+    },
     "array-union": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/array-union/-/array-union-1.0.2.tgz",
@@ -406,9 +542,9 @@
       "dev": true
     },
     "array-unique": {
-      "version": "0.2.1",
-      "resolved": "https://registry.npmjs.org/array-unique/-/array-unique-0.2.1.tgz",
-      "integrity": "sha1-odl8yvy8JiXMcPrc6zalDFiwGlM=",
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/array-unique/-/array-unique-0.3.2.tgz",
+      "integrity": "sha1-qJS3XUvE9s1nnvMkSp/Y9Gri1Cg=",
       "dev": true
     },
     "arraybuffer.slice": {
@@ -417,12 +553,6 @@
       "integrity": "sha512-wGUIVQXuehL5TCqQun8OW81jGzAWycqzFF8lFp+GOM5BXLYj3bKNsYC4daB7n6XjCqxQA/qgTJ+8ANR3acjrog==",
       "dev": true
     },
-    "arrify": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz",
-      "integrity": "sha1-iYUI2iIm84DfkEcoRWhJwVAaSw0=",
-      "dev": true
-    },
     "asap": {
       "version": "2.0.6",
       "resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz",
@@ -431,16 +561,19 @@
       "optional": true
     },
     "asn1": {
-      "version": "0.2.3",
-      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.3.tgz",
-      "integrity": "sha1-2sh4dxPJlmhJ/IGAd36+nB3fO4Y=",
+      "version": "0.2.4",
+      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz",
+      "integrity": "sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==",
       "dev": true,
-      "optional": true
+      "optional": true,
+      "requires": {
+        "safer-buffer": "~2.1.0"
+      }
     },
     "assert-plus": {
-      "version": "0.2.0",
-      "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-0.2.0.tgz",
-      "integrity": "sha1-104bh+ev/A24qttwIfP+SBAasjQ=",
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
+      "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU=",
       "dev": true,
       "optional": true
     },
@@ -450,12 +583,30 @@
       "integrity": "sha1-WWZ/QfrdTyDMvCu5a41Pf3jsA2c=",
       "dev": true
     },
+    "astral-regex": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/astral-regex/-/astral-regex-1.0.0.tgz",
+      "integrity": "sha512-+Ryf6g3BKoRc7jfp7ad8tM4TtMiaWvbF/1/sQcZPkkS7ag3D5nMBCe2UfOTONtAkaG0tO0ij3C5Lwmf1EiyjHg==",
+      "dev": true
+    },
     "async": {
       "version": "1.5.2",
       "resolved": "https://registry.npmjs.org/async/-/async-1.5.2.tgz",
       "integrity": "sha1-7GphrlZIDAw8skHJVhjiCJL5Zyo=",
       "dev": true
     },
+    "async-done": {
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/async-done/-/async-done-1.3.2.tgz",
+      "integrity": "sha512-uYkTP8dw2og1tu1nmza1n1CMW0qb8gWWlwqMmLb7MhBVs4BXrFziT6HXUd+/RlRA/i4H9AkofYloUbs1fwMqlw==",
+      "dev": true,
+      "requires": {
+        "end-of-stream": "^1.1.0",
+        "once": "^1.3.2",
+        "process-nextick-args": "^2.0.0",
+        "stream-exhaust": "^1.0.1"
+      }
+    },
     "async-each": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/async-each/-/async-each-1.0.3.tgz",
@@ -474,6 +625,15 @@
       "integrity": "sha512-jp/uFnooOiO+L211eZOoSyzpOITMXx1rBITauYykG3BRYPu8h0UcxsPNB04RR5vo4Tyz3+ay17tR6JVf9qzYWg==",
       "dev": true
     },
+    "async-settle": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/async-settle/-/async-settle-1.0.0.tgz",
+      "integrity": "sha1-HQqRS7Aldb7IqPOnTlCA9yssDGs=",
+      "dev": true,
+      "requires": {
+        "async-done": "^1.2.2"
+      }
+    },
     "asynckit": {
       "version": "0.4.0",
       "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
@@ -494,18 +654,18 @@
       "dev": true
     },
     "autoprefixer": {
-      "version": "9.6.0",
-      "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-9.6.0.tgz",
-      "integrity": "sha512-kuip9YilBqhirhHEGHaBTZKXL//xxGnzvsD0FtBQa6z+A69qZD6s/BAX9VzDF1i9VKDquTJDQaPLSEhOnL6FvQ==",
+      "version": "9.6.1",
+      "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-9.6.1.tgz",
+      "integrity": "sha512-aVo5WxR3VyvyJxcJC3h4FKfwCQvQWb1tSI5VHNibddCVWrcD1NvlxEweg3TSgiPztMnWfjpy2FURKA2kvDE+Tw==",
       "dev": true,
       "requires": {
-        "browserslist": "^4.6.1",
-        "caniuse-lite": "^1.0.30000971",
+        "browserslist": "^4.6.3",
+        "caniuse-lite": "^1.0.30000980",
         "chalk": "^2.4.2",
         "normalize-range": "^0.1.2",
         "num2fraction": "^1.2.2",
-        "postcss": "^7.0.16",
-        "postcss-value-parser": "^3.3.1"
+        "postcss": "^7.0.17",
+        "postcss-value-parser": "^4.0.0"
       },
       "dependencies": {
         "ansi-styles": {
@@ -540,16 +700,16 @@
       }
     },
     "aws-sign2": {
-      "version": "0.6.0",
-      "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.6.0.tgz",
-      "integrity": "sha1-FDQt0428yU0OW4fXY81jYSwOeU8=",
+      "version": "0.7.0",
+      "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz",
+      "integrity": "sha1-tG6JCTSpWR8tL2+G1+ap8bP+dqg=",
       "dev": true,
       "optional": true
     },
     "aws4": {
-      "version": "1.7.0",
-      "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.7.0.tgz",
-      "integrity": "sha512-32NDda82rhwD9/JBCCkB+MRYDp0oSvlo2IL6rQWA10PQi7tDUM3eqMSltXmY+Oyl/7N3P3qNtAlv7X0d9bI28w==",
+      "version": "1.8.0",
+      "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.8.0.tgz",
+      "integrity": "sha512-ReZxvNHIOv88FlT7rxcXIIC0fPt4KZqZbOlivyWtXLt8ESx84zd3kMC6iK5jVeS2qt+g7ftS7ye4fi06X5rtRQ==",
       "dev": true,
       "optional": true
     },
@@ -571,15 +731,21 @@
         }
       }
     },
-    "babel-code-frame": {
-      "version": "6.26.0",
-      "resolved": "https://registry.npmjs.org/babel-code-frame/-/babel-code-frame-6.26.0.tgz",
-      "integrity": "sha1-Y/1D99weO7fONZR9uP42mj9Yx0s=",
+    "bach": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/bach/-/bach-1.2.0.tgz",
+      "integrity": "sha1-Szzpa/JxNPeaG0FKUcFONMO9mIA=",
       "dev": true,
       "requires": {
-        "chalk": "^1.1.3",
-        "esutils": "^2.0.2",
-        "js-tokens": "^3.0.2"
+        "arr-filter": "^1.1.1",
+        "arr-flatten": "^1.0.1",
+        "arr-map": "^2.0.0",
+        "array-each": "^1.0.0",
+        "array-initial": "^1.0.0",
+        "array-last": "^1.1.1",
+        "async-done": "^1.2.2",
+        "async-settle": "^1.0.0",
+        "now-and-later": "^2.0.0"
       }
     },
     "backo2": {
@@ -686,21 +852,15 @@
       "dev": true
     },
     "bcrypt-pbkdf": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.1.tgz",
-      "integrity": "sha1-Y7xdy2EzG5K8Bf1SiVPDNGKgb40=",
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz",
+      "integrity": "sha1-pDAdOJtqQ/m2f/PKEaP2Y342Dp4=",
       "dev": true,
       "optional": true,
       "requires": {
         "tweetnacl": "^0.14.3"
       }
     },
-    "beeper": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/beeper/-/beeper-1.1.1.tgz",
-      "integrity": "sha1-5tXqjF2tABMEpwsiY4RH9pyy+Ak=",
-      "dev": true
-    },
     "better-assert": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/better-assert/-/better-assert-1.0.2.tgz",
@@ -710,6 +870,42 @@
         "callsite": "1.0.0"
       }
     },
+    "bhttp": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/bhttp/-/bhttp-1.2.4.tgz",
+      "integrity": "sha1-/tDCT3ZbNa/ElAsIqzIUgT44848=",
+      "dev": true,
+      "requires": {
+        "bluebird": "^2.8.2",
+        "concat-stream": "^1.4.7",
+        "debug": "^2.1.1",
+        "dev-null": "^0.1.1",
+        "errors": "^0.2.0",
+        "extend": "^2.0.0",
+        "form-data2": "^1.0.0",
+        "form-fix-array": "^1.0.0",
+        "lodash": "^2.4.1",
+        "stream-length": "^1.0.2",
+        "string": "^3.0.0",
+        "through2-sink": "^1.0.0",
+        "through2-spy": "^1.2.0",
+        "tough-cookie": "^2.3.1"
+      },
+      "dependencies": {
+        "extend": {
+          "version": "2.0.2",
+          "resolved": "https://registry.npmjs.org/extend/-/extend-2.0.2.tgz",
+          "integrity": "sha512-AgFD4VU+lVLP6vjnlNfF7OeInLTyeyckCNPEsuxz1vi786UuK/nk6ynPuhn/h+Ju9++TQyr5EpLRI14fc1QtTQ==",
+          "dev": true
+        },
+        "lodash": {
+          "version": "2.4.2",
+          "resolved": "https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz",
+          "integrity": "sha1-+t2DS5aDBz2hebPq5tnA0VBT9z4=",
+          "dev": true
+        }
+      }
+    },
     "bin-build": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/bin-build/-/bin-build-3.0.0.tgz",
@@ -801,9 +997,9 @@
       },
       "dependencies": {
         "semver": {
-          "version": "5.7.0",
-          "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.0.tgz",
-          "integrity": "sha512-Ya52jSX2u7QKghxeoFGpLwCtGlt7j0oY9DYb5apt9nPlJ42ID+ulTXESnt/qAQcoSERyZ5sl3LDIOw0nAn/5DA==",
+          "version": "5.7.1",
+          "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
+          "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==",
           "dev": true,
           "optional": true
         }
@@ -937,6 +1133,7 @@
           "resolved": "https://registry.npmjs.org/p-timeout/-/p-timeout-2.0.1.tgz",
           "integrity": "sha512-88em58dDVB/KzPEx1X0N3LwFfYZPyDc4B6eF38M1rk9VTZMbxXXgjugz8mmwpS9Ox4BDZ+t6t3QP5+/gazweIA==",
           "dev": true,
+          "optional": true,
           "requires": {
             "p-finally": "^1.0.0"
           }
@@ -989,21 +1186,18 @@
       "integrity": "sha512-gaqbzQPqOoamawKg0LGVd7SzLgXS+JH61oWprSLH+P+abTczqJbhTR8CmJ2u9/bUYNmHTGJx/UEmn6doAvvuig==",
       "dev": true
     },
+    "bluebird": {
+      "version": "2.11.0",
+      "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-2.11.0.tgz",
+      "integrity": "sha1-U0uQM8AiyVecVro7Plpcqvu2UOE=",
+      "dev": true
+    },
     "boolbase": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz",
       "integrity": "sha1-aN/1++YMUes3cl6p4+0xDcwed24=",
       "dev": true
     },
-    "boom": {
-      "version": "2.10.1",
-      "resolved": "https://registry.npmjs.org/boom/-/boom-2.10.1.tgz",
-      "integrity": "sha1-OciRjO/1eZ+D+UkqhI9iWt0Mdm8=",
-      "dev": true,
-      "requires": {
-        "hoek": "2.x.x"
-      }
-    },
     "bootstrap": {
       "version": "3.4.1",
       "resolved": "https://registry.npmjs.org/bootstrap/-/bootstrap-3.4.1.tgz",
@@ -1055,6 +1249,36 @@
         }
       }
     },
+    "broken-link-checker": {
+      "version": "0.7.8",
+      "resolved": "https://registry.npmjs.org/broken-link-checker/-/broken-link-checker-0.7.8.tgz",
+      "integrity": "sha512-/zH4/nLMNKDeDH5nVuf/R6WYd0Yjnar1NpcdAO2+VlwjGKzJa6y42C03UO+imBSHwe6BefSkVi82fImE2Rb7yg==",
+      "dev": true,
+      "requires": {
+        "bhttp": "^1.2.1",
+        "calmcard": "~0.1.1",
+        "chalk": "^1.1.3",
+        "char-spinner": "^1.0.1",
+        "condense-whitespace": "^1.0.0",
+        "default-user-agent": "^1.0.0",
+        "errno": "~0.1.4",
+        "extend": "^3.0.0",
+        "http-equiv-refresh": "^1.0.0",
+        "humanize-duration": "^3.9.1",
+        "is-stream": "^1.0.1",
+        "is-string": "^1.0.4",
+        "limited-request-queue": "^2.0.0",
+        "link-types": "^1.1.0",
+        "maybe-callback": "^2.1.0",
+        "nopter": "~0.3.0",
+        "parse5": "^3.0.2",
+        "robot-directives": "~0.3.0",
+        "robots-txt-guard": "~0.1.0",
+        "robots-txt-parse": "~0.0.4",
+        "urlcache": "~0.7.0",
+        "urlobj": "0.0.11"
+      }
+    },
     "browser-sync": {
       "version": "2.26.7",
       "resolved": "https://registry.npmjs.org/browser-sync/-/browser-sync-2.26.7.tgz",
@@ -1120,14 +1344,14 @@
       }
     },
     "browserslist": {
-      "version": "4.6.1",
-      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.6.1.tgz",
-      "integrity": "sha512-1MC18ooMPRG2UuVFJTHFIAkk6mpByJfxCrnUyvSlu/hyQSFHMrlhM02SzNuCV+quTP4CKmqtOMAIjrifrpBJXQ==",
+      "version": "4.7.0",
+      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.7.0.tgz",
+      "integrity": "sha512-9rGNDtnj+HaahxiVV38Gn8n8Lr8REKsel68v1sPFfIGEK6uSXTY3h9acgiT1dZVtOOUtifo/Dn8daDQ5dUgVsA==",
       "dev": true,
       "requires": {
-        "caniuse-lite": "^1.0.30000971",
-        "electron-to-chromium": "^1.3.137",
-        "node-releases": "^1.1.21"
+        "caniuse-lite": "^1.0.30000989",
+        "electron-to-chromium": "^1.3.247",
+        "node-releases": "^1.1.29"
       }
     },
     "bs-recipes": {
@@ -1174,6 +1398,12 @@
       "integrity": "sha1-DTM+PwDqxQqhRUq9MO+MKl2ackI=",
       "dev": true
     },
+    "buffer-equal": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/buffer-equal/-/buffer-equal-1.0.0.tgz",
+      "integrity": "sha1-WWFrSYME1Var1GaWayLu2j7KX74=",
+      "dev": true
+    },
     "buffer-fill": {
       "version": "0.1.1",
       "resolved": "https://registry.npmjs.org/buffer-fill/-/buffer-fill-0.1.1.tgz",
@@ -1246,12 +1476,6 @@
         }
       }
     },
-    "call-me-maybe": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/call-me-maybe/-/call-me-maybe-1.0.1.tgz",
-      "integrity": "sha1-JtII6onje1y95gJQoV8DHBak1ms=",
-      "dev": true
-    },
     "caller-path": {
       "version": "0.1.0",
       "resolved": "https://registry.npmjs.org/caller-path/-/caller-path-0.1.0.tgz",
@@ -1259,6 +1483,14 @@
       "dev": true,
       "requires": {
         "callsites": "^0.2.0"
+      },
+      "dependencies": {
+        "callsites": {
+          "version": "0.2.0",
+          "resolved": "https://registry.npmjs.org/callsites/-/callsites-0.2.0.tgz",
+          "integrity": "sha1-r6uWJikQp/M8GaV3WCXGnzTjUMo=",
+          "dev": true
+        }
       }
     },
     "callsite": {
@@ -1268,9 +1500,15 @@
       "dev": true
     },
     "callsites": {
-      "version": "0.2.0",
-      "resolved": "https://registry.npmjs.org/callsites/-/callsites-0.2.0.tgz",
-      "integrity": "sha1-r6uWJikQp/M8GaV3WCXGnzTjUMo=",
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz",
+      "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==",
+      "dev": true
+    },
+    "calmcard": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/calmcard/-/calmcard-0.1.1.tgz",
+      "integrity": "sha1-NawrZkkrDtOa0GqJOg/25hEk5Ek=",
       "dev": true
     },
     "camelcase": {
@@ -1298,15 +1536,15 @@
       }
     },
     "caniuse-lite": {
-      "version": "1.0.30000971",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30000971.tgz",
-      "integrity": "sha512-TQFYFhRS0O5rdsmSbF1Wn+16latXYsQJat66f7S7lizXW1PVpWJeZw9wqqVLIjuxDRz7s7xRUj13QCfd8hKn6g==",
+      "version": "1.0.30000989",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30000989.tgz",
+      "integrity": "sha512-vrMcvSuMz16YY6GSVZ0dWDTJP8jqk3iFQ/Aq5iqblPwxSVVZI+zxDyTX0VPqtQsDnfdrBDcsmhgTEOh5R8Lbpw==",
       "dev": true
     },
     "capture-stack-trace": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/capture-stack-trace/-/capture-stack-trace-1.0.0.tgz",
-      "integrity": "sha1-Sm+gc5nCa7pH8LJJa00PtAjFVQ0=",
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/capture-stack-trace/-/capture-stack-trace-1.0.1.tgz",
+      "integrity": "sha512-mYQLZnx5Qt1JgB1WEiMCf2647plpGeQ2NMR/5L0HNZzGQo4fuSPnK+wjfPnKZV0aiJDgzmWqqkV/g7JD+DW0qw==",
       "dev": true
     },
     "caseless": {
@@ -1321,6 +1559,7 @@
       "resolved": "https://registry.npmjs.org/caw/-/caw-2.0.1.tgz",
       "integrity": "sha512-Cg8/ZSBEa8ZVY9HspcGUYaK63d/bN7rqS3CYCzEGUxuYv6UlmcjzDUz2fCFFHyTvUW5Pk0I+3hkA3iXlIj6guA==",
       "dev": true,
+      "optional": true,
       "requires": {
         "get-proxy": "^2.0.0",
         "isurl": "^1.0.0-alpha5",
@@ -1351,10 +1590,16 @@
         "supports-color": "^2.0.0"
       }
     },
+    "char-spinner": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/char-spinner/-/char-spinner-1.0.1.tgz",
+      "integrity": "sha1-5upnvSR+EHESmDt6sEee02KAAIE=",
+      "dev": true
+    },
     "chardet": {
-      "version": "0.4.2",
-      "resolved": "https://registry.npmjs.org/chardet/-/chardet-0.4.2.tgz",
-      "integrity": "sha1-tUc7M9yXxCTl2Y3IfVXU2KKci/I=",
+      "version": "0.7.0",
+      "resolved": "https://registry.npmjs.org/chardet/-/chardet-0.7.0.tgz",
+      "integrity": "sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA==",
       "dev": true
     },
     "cheerio": {
@@ -1461,12 +1706,6 @@
         }
       }
     },
-    "circular-json": {
-      "version": "0.3.3",
-      "resolved": "https://registry.npmjs.org/circular-json/-/circular-json-0.3.3.tgz",
-      "integrity": "sha512-UZK3NBx2Mca+b5LsG7bY183pHWt5Y1xts4P3Pz7ENTwGVnJOUWbRb3ocjvX7hx9tq/yTAdclXm9sZ38gNuem4A==",
-      "dev": true
-    },
     "class-utils": {
       "version": "0.3.6",
       "resolved": "https://registry.npmjs.org/class-utils/-/class-utils-0.3.6.tgz",
@@ -1496,14 +1735,11 @@
         }
       }
     },
-    "clean-css": {
-      "version": "4.1.11",
-      "resolved": "https://registry.npmjs.org/clean-css/-/clean-css-4.1.11.tgz",
-      "integrity": "sha1-Ls3xRaujj1R0DybO/Q/z4D4SXWo=",
-      "dev": true,
-      "requires": {
-        "source-map": "0.5.x"
-      }
+    "clean-stack": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz",
+      "integrity": "sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==",
+      "dev": true
     },
     "cli-cursor": {
       "version": "2.1.0",
@@ -1514,6 +1750,15 @@
         "restore-cursor": "^2.0.0"
       }
     },
+    "cli-table": {
+      "version": "0.3.1",
+      "resolved": "https://registry.npmjs.org/cli-table/-/cli-table-0.3.1.tgz",
+      "integrity": "sha1-9TsFJmqLGguTSz0IIebi3FkUriM=",
+      "dev": true,
+      "requires": {
+        "colors": "1.0.3"
+      }
+    },
     "cli-width": {
       "version": "2.2.0",
       "resolved": "https://registry.npmjs.org/cli-width/-/cli-width-2.2.0.tgz",
@@ -1532,9 +1777,9 @@
       }
     },
     "clone": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/clone/-/clone-1.0.4.tgz",
-      "integrity": "sha1-2jCcwmPfFZlMaIypAheco8fNfH4=",
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/clone/-/clone-2.1.2.tgz",
+      "integrity": "sha1-G39Ln1kfHo+DZwQBYANFoCiHQ18=",
       "dev": true
     },
     "clone-buffer": {
@@ -1553,9 +1798,9 @@
       }
     },
     "clone-stats": {
-      "version": "0.0.1",
-      "resolved": "https://registry.npmjs.org/clone-stats/-/clone-stats-0.0.1.tgz",
-      "integrity": "sha1-uI+UqCzzi4eR1YBG6kAprYjKmdE=",
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/clone-stats/-/clone-stats-1.0.0.tgz",
+      "integrity": "sha1-s3gt/4u1R04Yuba/D9/ngvh3doA=",
       "dev": true
     },
     "cloneable-readable": {
@@ -1570,9 +1815,9 @@
       }
     },
     "cloudflare": {
-      "version": "2.4.1",
-      "resolved": "https://registry.npmjs.org/cloudflare/-/cloudflare-2.4.1.tgz",
-      "integrity": "sha512-L1KMiguQ4J1GlHwPD1iSNU+Yw6R7cuYasdXWb1d1Vkx7LftdbfLVqekoe9RaN0gnPURSckC34+fuc8cyTbDkOg==",
+      "version": "2.6.0",
+      "resolved": "https://registry.npmjs.org/cloudflare/-/cloudflare-2.6.0.tgz",
+      "integrity": "sha512-P4NgBBckLEmXkq1IVb1NgIcmqcW1PDV3YySXcDbDGJ3LsgzWzt3UHQ5P53ZO2KL2DWyhiAieeR0NFYEkf9quOg==",
       "dev": true,
       "requires": {
         "autocreate": "^1.1.0",
@@ -1602,18 +1847,6 @@
             "unzip-response": "^2.0.1",
             "url-parse-lax": "^1.0.0"
           }
-        },
-        "timed-out": {
-          "version": "4.0.1",
-          "resolved": "https://registry.npmjs.org/timed-out/-/timed-out-4.0.1.tgz",
-          "integrity": "sha1-8y6srFoXW+ol1/q1Zas+2HQe9W8=",
-          "dev": true
-        },
-        "unzip-response": {
-          "version": "2.0.1",
-          "resolved": "https://registry.npmjs.org/unzip-response/-/unzip-response-2.0.1.tgz",
-          "integrity": "sha1-0vD3N9FrBhXnKmk17QQhRXLVb5c=",
-          "dev": true
         }
       }
     },
@@ -1669,6 +1902,17 @@
       "integrity": "sha1-DQcLTQQ6W+ozovGkDi7bPZpMz3c=",
       "dev": true
     },
+    "collection-map": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/collection-map/-/collection-map-1.0.0.tgz",
+      "integrity": "sha1-rqDwb40mx4DCt1SUOFVEsiVa8Yw=",
+      "dev": true,
+      "requires": {
+        "arr-map": "^2.0.2",
+        "for-own": "^1.0.0",
+        "make-iterator": "^1.0.0"
+      }
+    },
     "collection-visit": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/collection-visit/-/collection-visit-1.0.0.tgz",
@@ -1700,15 +1944,33 @@
       "integrity": "sha512-qiBjkpbMLO/HL68y+lh4q0/O1MZFj2RX6X/KmMa3+gJD3z+WwI1ZzDHysvqHGS3mP6mznPckpXmw1nI9cJjyRg==",
       "dev": true
     },
+    "colors": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/colors/-/colors-1.0.3.tgz",
+      "integrity": "sha1-BDP0TYCWgP3rYO0mDxsMJi6CpAs=",
+      "dev": true
+    },
     "combined-stream": {
-      "version": "1.0.6",
-      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.6.tgz",
-      "integrity": "sha1-cj599ugBrFYTETp+RFqbactjKBg=",
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
+      "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
       "dev": true,
+      "optional": true,
       "requires": {
         "delayed-stream": "~1.0.0"
       }
     },
+    "combined-stream2": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/combined-stream2/-/combined-stream2-1.1.2.tgz",
+      "integrity": "sha1-9uFLegFWZvjHsKH6xQYkAWSsNXA=",
+      "dev": true,
+      "requires": {
+        "bluebird": "^2.8.1",
+        "debug": "^2.1.1",
+        "stream-length": "^1.0.1"
+      }
+    },
     "commander": {
       "version": "2.15.1",
       "resolved": "https://registry.npmjs.org/commander/-/commander-2.15.1.tgz",
@@ -1739,6 +2001,18 @@
       "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=",
       "dev": true
     },
+    "concat-stream": {
+      "version": "1.6.2",
+      "resolved": "https://registry.npmjs.org/concat-stream/-/concat-stream-1.6.2.tgz",
+      "integrity": "sha512-27HBghJxjiZtIk3Ycvn/4kbJk/1uZuJFfuPEns6LaEvpvG1f0hTea8lilrouyo9mVc2GWdcEZ8OLoGmSADlrCw==",
+      "dev": true,
+      "requires": {
+        "buffer-from": "^1.0.0",
+        "inherits": "^2.0.3",
+        "readable-stream": "^2.2.2",
+        "typedarray": "^0.0.6"
+      }
+    },
     "concat-with-sourcemaps": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/concat-with-sourcemaps/-/concat-with-sourcemaps-1.1.0.tgz",
@@ -1756,6 +2030,12 @@
         }
       }
     },
+    "condense-whitespace": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/condense-whitespace/-/condense-whitespace-1.0.0.tgz",
+      "integrity": "sha1-g3bZjvAo5sss0kaOKM5CxcZasak=",
+      "dev": true
+    },
     "config-chain": {
       "version": "1.1.11",
       "resolved": "https://registry.npmjs.org/config-chain/-/config-chain-1.1.11.tgz",
@@ -1823,6 +2103,16 @@
       "integrity": "sha1-Z29us8OZl8LuGsOpJP1hJHSPV40=",
       "dev": true
     },
+    "copy-props": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/copy-props/-/copy-props-2.0.4.tgz",
+      "integrity": "sha512-7cjuUME+p+S3HZlbllgsn2CDwS+5eCCX16qBgNC4jgSTf49qR1VKy/Zhl400m0IQXl/bPGEVqncgUUMjrr4s8A==",
+      "dev": true,
+      "requires": {
+        "each-props": "^1.3.0",
+        "is-plain-object": "^2.0.1"
+      }
+    },
     "core-util-is": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
@@ -1861,16 +2151,6 @@
         }
       }
     },
-    "cryptiles": {
-      "version": "2.0.5",
-      "resolved": "https://registry.npmjs.org/cryptiles/-/cryptiles-2.0.5.tgz",
-      "integrity": "sha1-O9/s3GCBR8HGcgL6KR59ylnqo7g=",
-      "dev": true,
-      "optional": true,
-      "requires": {
-        "boom": "2.x.x"
-      }
-    },
     "css": {
       "version": "2.2.3",
       "resolved": "https://registry.npmjs.org/css/-/css-2.2.3.tgz",
@@ -1920,23 +2200,16 @@
       "optional": true
     },
     "css-tree": {
-      "version": "1.0.0-alpha.28",
-      "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-1.0.0-alpha.28.tgz",
-      "integrity": "sha512-joNNW1gCp3qFFzj4St6zk+Wh/NBv0vM5YbEreZk0SD4S23S+1xBKb6cLDg2uj4P4k/GUMlIm6cKIDqIG+vdt0w==",
+      "version": "1.0.0-alpha.33",
+      "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-1.0.0-alpha.33.tgz",
+      "integrity": "sha512-SPt57bh5nQnpsTBsx/IXbO14sRc9xXu5MtMAVuo0BaQQmyf0NupNPPSoMaqiAF5tDFafYsTkfeH4Q/HCKXkg4w==",
       "dev": true,
       "optional": true,
       "requires": {
-        "mdn-data": "~1.1.0",
+        "mdn-data": "2.0.4",
         "source-map": "^0.5.3"
       }
     },
-    "css-url-regex": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/css-url-regex/-/css-url-regex-1.1.0.tgz",
-      "integrity": "sha1-g4NCMMyfdMRX3lnuvRVD/uuDt+w=",
-      "dev": true,
-      "optional": true
-    },
     "css-what": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/css-what/-/css-what-1.0.0.tgz",
@@ -1963,6 +2236,13 @@
             "mdn-data": "~1.1.0",
             "source-map": "^0.5.3"
           }
+        },
+        "mdn-data": {
+          "version": "1.1.4",
+          "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-1.1.4.tgz",
+          "integrity": "sha512-FSYbp3lyKjyj3E7fMl6rYvUdX0FBXaluGqlFoYESWQlyUTq8R+wp0rkFxoYFqZlHCvsUXGjyJmLQSnXToYhOSA==",
+          "dev": true,
+          "optional": true
         }
       }
     },
@@ -1992,23 +2272,8 @@
       "optional": true,
       "requires": {
         "assert-plus": "^1.0.0"
-      },
-      "dependencies": {
-        "assert-plus": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
-          "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU=",
-          "dev": true,
-          "optional": true
-        }
       }
     },
-    "dateformat": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/dateformat/-/dateformat-2.2.0.tgz",
-      "integrity": "sha1-QGXiATz5+5Ft39gu+1Bq1MZ2kGI=",
-      "dev": true
-    },
     "debug": {
       "version": "2.6.9",
       "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
@@ -2069,6 +2334,7 @@
       "resolved": "https://registry.npmjs.org/decompress/-/decompress-4.2.0.tgz",
       "integrity": "sha1-eu3YVCflqS2s/lVnSnxQXpbQH50=",
       "dev": true,
+      "optional": true,
       "requires": {
         "decompress-tar": "^4.0.0",
         "decompress-tarbz2": "^4.0.0",
@@ -2094,6 +2360,7 @@
       "resolved": "https://registry.npmjs.org/decompress-tar/-/decompress-tar-4.1.1.tgz",
       "integrity": "sha512-JdJMaCrGpB5fESVyxwpCx4Jdj2AagLmv3y58Qy4GE6HMVjWz1FeVQk1Ct4Kye7PftcdOo/7U7UKzYBJgqnGeUQ==",
       "dev": true,
+      "optional": true,
       "requires": {
         "file-type": "^5.2.0",
         "is-stream": "^1.1.0",
@@ -2104,7 +2371,8 @@
           "version": "5.2.0",
           "resolved": "https://registry.npmjs.org/file-type/-/file-type-5.2.0.tgz",
           "integrity": "sha1-LdvqfHP/42No365J3DOMBYwritY=",
-          "dev": true
+          "dev": true,
+          "optional": true
         }
       }
     },
@@ -2113,6 +2381,7 @@
       "resolved": "https://registry.npmjs.org/decompress-tarbz2/-/decompress-tarbz2-4.1.1.tgz",
       "integrity": "sha512-s88xLzf1r81ICXLAVQVzaN6ZmX4A6U4z2nMbOwobxkLoIIfjVMBg7TeguTUXkKeXni795B6y5rnvDw7rxhAq9A==",
       "dev": true,
+      "optional": true,
       "requires": {
         "decompress-tar": "^4.1.0",
         "file-type": "^6.1.0",
@@ -2125,7 +2394,8 @@
           "version": "6.2.0",
           "resolved": "https://registry.npmjs.org/file-type/-/file-type-6.2.0.tgz",
           "integrity": "sha512-YPcTBDV+2Tm0VqjybVd32MHdlEGAtuxS3VAYsumFokDSMG+ROT5wawGlnHDoz7bfMcMDt9hxuXvXwoKUx2fkOg==",
-          "dev": true
+          "dev": true,
+          "optional": true
         }
       }
     },
@@ -2134,6 +2404,7 @@
       "resolved": "https://registry.npmjs.org/decompress-targz/-/decompress-targz-4.1.1.tgz",
       "integrity": "sha512-4z81Znfr6chWnRDNfFNqLwPvm4db3WuZkqV+UgXQzSngG3CEKdBkw5jrv3axjjL96glyiiKjsxJG3X6WBZwX3w==",
       "dev": true,
+      "optional": true,
       "requires": {
         "decompress-tar": "^4.1.1",
         "file-type": "^5.2.0",
@@ -2144,7 +2415,8 @@
           "version": "5.2.0",
           "resolved": "https://registry.npmjs.org/file-type/-/file-type-5.2.0.tgz",
           "integrity": "sha1-LdvqfHP/42No365J3DOMBYwritY=",
-          "dev": true
+          "dev": true,
+          "optional": true
         }
       }
     },
@@ -2153,6 +2425,7 @@
       "resolved": "https://registry.npmjs.org/decompress-unzip/-/decompress-unzip-4.0.1.tgz",
       "integrity": "sha1-3qrM39FK6vhVePczroIQ+bSEj2k=",
       "dev": true,
+      "optional": true,
       "requires": {
         "file-type": "^3.8.0",
         "get-stream": "^2.2.0",
@@ -2164,13 +2437,15 @@
           "version": "3.9.0",
           "resolved": "https://registry.npmjs.org/file-type/-/file-type-3.9.0.tgz",
           "integrity": "sha1-JXoHg4TR24CHvESdEH1SpSZyuek=",
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "get-stream": {
           "version": "2.3.1",
           "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-2.3.1.tgz",
           "integrity": "sha1-Xzj5PzRgCWZu4BUKBUFn+Rvdld4=",
           "dev": true,
+          "optional": true,
           "requires": {
             "object-assign": "^4.0.1",
             "pinkie-promise": "^2.0.0"
@@ -2190,13 +2465,36 @@
       "integrity": "sha1-s2nW+128E+7PUk+RsHD+7cNXzzQ=",
       "dev": true
     },
-    "defaults": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/defaults/-/defaults-1.0.3.tgz",
-      "integrity": "sha1-xlYFHpgX2f8I7YgUd/P+QBnz730=",
+    "default-compare": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/default-compare/-/default-compare-1.0.0.tgz",
+      "integrity": "sha512-QWfXlM0EkAbqOCbD/6HjdwT19j7WCkMyiRhWilc4H9/5h/RzTF9gv5LYh1+CmDV5d1rki6KAWLtQale0xt20eQ==",
+      "dev": true,
+      "requires": {
+        "kind-of": "^5.0.2"
+      },
+      "dependencies": {
+        "kind-of": {
+          "version": "5.1.0",
+          "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz",
+          "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==",
+          "dev": true
+        }
+      }
+    },
+    "default-resolution": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/default-resolution/-/default-resolution-2.0.0.tgz",
+      "integrity": "sha1-vLgrqnKtebQmp2cy8aga1t8m1oQ=",
+      "dev": true
+    },
+    "default-user-agent": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/default-user-agent/-/default-user-agent-1.0.0.tgz",
+      "integrity": "sha1-FsRu/cq6PtxF8k8r1IaLAbfCrcY=",
       "dev": true,
       "requires": {
-        "clone": "^1.0.2"
+        "os-name": "~1.0.3"
       }
     },
     "define-properties": {
@@ -2262,58 +2560,45 @@
       }
     },
     "deglob": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/deglob/-/deglob-2.1.1.tgz",
-      "integrity": "sha512-2kjwuGGonL7gWE1XU4Fv79+vVzpoQCl0V+boMwWtOQJV2AGDabCwez++nB1Nli/8BabAfZQ/UuHPlp6AymKdWw==",
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/deglob/-/deglob-4.0.1.tgz",
+      "integrity": "sha512-/g+RDZ7yf2HvoW+E5Cy+K94YhgcFgr6C8LuHZD1O5HoNPkf3KY6RfXJ0DBGlB/NkLi5gml+G9zqRzk9S0mHZCg==",
       "dev": true,
       "requires": {
         "find-root": "^1.0.0",
         "glob": "^7.0.5",
-        "ignore": "^3.0.9",
+        "ignore": "^5.0.0",
         "pkg-config": "^1.1.0",
         "run-parallel": "^1.1.2",
         "uniq": "^1.0.1"
       }
     },
     "del": {
-      "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/del/-/del-4.1.1.tgz",
-      "integrity": "sha512-QwGuEUouP2kVwQenAsOof5Fv8K9t3D8Ca8NxcXKrIpEHjTXK5J2nXLdP+ALI1cgv8wj7KuwBhTwBkOZSJKM5XQ==",
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/del/-/del-5.1.0.tgz",
+      "integrity": "sha512-wH9xOVHnczo9jN2IW68BabcecVPxacIA3g/7z6vhSU/4stOKQzeCRK0yD0A24WiAAUJmmVpWqrERcTxnLo3AnA==",
       "dev": true,
       "requires": {
-        "@types/glob": "^7.1.1",
-        "globby": "^6.1.0",
-        "is-path-cwd": "^2.0.0",
-        "is-path-in-cwd": "^2.0.0",
-        "p-map": "^2.0.0",
-        "pify": "^4.0.1",
-        "rimraf": "^2.6.3"
+        "globby": "^10.0.1",
+        "graceful-fs": "^4.2.2",
+        "is-glob": "^4.0.1",
+        "is-path-cwd": "^2.2.0",
+        "is-path-inside": "^3.0.1",
+        "p-map": "^3.0.0",
+        "rimraf": "^3.0.0",
+        "slash": "^3.0.0"
       },
       "dependencies": {
-        "glob": {
-          "version": "7.1.4",
-          "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.4.tgz",
-          "integrity": "sha512-hkLPepehmnKk41pUGm3sYxoFs/umurYfYJCerbXEyFIWcAzvpipAgVkBqqT9RBKMGjnq6kMuyYwha6csxbiM1A==",
-          "dev": true,
-          "requires": {
-            "fs.realpath": "^1.0.0",
-            "inflight": "^1.0.4",
-            "inherits": "2",
-            "minimatch": "^3.0.4",
-            "once": "^1.3.0",
-            "path-is-absolute": "^1.0.0"
-          }
-        },
-        "pify": {
-          "version": "4.0.1",
-          "resolved": "https://registry.npmjs.org/pify/-/pify-4.0.1.tgz",
-          "integrity": "sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==",
+        "graceful-fs": {
+          "version": "4.2.2",
+          "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.2.tgz",
+          "integrity": "sha512-IItsdsea19BoLC7ELy13q1iJFNmd7ofZH5+X/pJr90/nRoPEX0DJo1dHDbgtYWOhJhcCgMDTOw84RZ72q6lB+Q==",
           "dev": true
         },
         "rimraf": {
-          "version": "2.6.3",
-          "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.6.3.tgz",
-          "integrity": "sha512-mwqeW5XsA2qAejG46gYdENaxXjx9onRNCfn7L0duuP4hCuTIi/QO7PDK07KJfp1d+izWPrzEJDcSqBa0OZQriA==",
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.0.tgz",
+          "integrity": "sha512-NDGVxTsjqfunkds7CqsOiEnxln4Bo7Nddl3XhS4pXg5OzwkLqJ971ZVAAnB+DDLnF76N+VnDEiBHaVV8I06SUg==",
           "dev": true,
           "requires": {
             "glob": "^7.1.3"
@@ -2325,7 +2610,8 @@
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
       "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=",
-      "dev": true
+      "dev": true,
+      "optional": true
     },
     "depd": {
       "version": "1.1.2",
@@ -2333,12 +2619,6 @@
       "integrity": "sha1-m81S4UwJd2PnSbJ0xDRu0uVgtak=",
       "dev": true
     },
-    "deprecated": {
-      "version": "0.0.1",
-      "resolved": "https://registry.npmjs.org/deprecated/-/deprecated-0.0.1.tgz",
-      "integrity": "sha1-+cmvVGSvoeepcUWKi97yqpTVuxk=",
-      "dev": true
-    },
     "destroy": {
       "version": "1.0.4",
       "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz",
@@ -2363,37 +2643,33 @@
       "integrity": "sha1-p2o+0YVb56ASu4rBbLgPPADcKPA=",
       "dev": true
     },
+    "dev-null": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/dev-null/-/dev-null-0.1.1.tgz",
+      "integrity": "sha1-WiBc48Ky73e2I41roXnrdMag6Bg=",
+      "dev": true
+    },
     "dir-glob": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-2.0.0.tgz",
-      "integrity": "sha512-37qirFDz8cA5fimp9feo43fSuRo2gHwaIn6dXL8Ber1dGwUosDrGZeCCXq57WnIqE4aQ+u3eQZzsk1yOzhdwag==",
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz",
+      "integrity": "sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==",
       "dev": true,
       "requires": {
-        "arrify": "^1.0.1",
-        "path-type": "^3.0.0"
+        "path-type": "^4.0.0"
       },
       "dependencies": {
         "path-type": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/path-type/-/path-type-3.0.0.tgz",
-          "integrity": "sha512-T2ZUsdZFHgA3u4e5PfPbjd7HDDpxPnQb5jN0SrDsjNSuVXHJqtwTnWqG0B1jZrgmJ/7lj1EmVIByWt1gxGkWvg==",
-          "dev": true,
-          "requires": {
-            "pify": "^3.0.0"
-          }
-        },
-        "pify": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz",
-          "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY=",
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz",
+          "integrity": "sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==",
           "dev": true
         }
       }
     },
     "doctrine": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.1.0.tgz",
-      "integrity": "sha512-35mSku4ZXK0vfCuHEDAwt55dg2jNajHZ1odvF+8SSr82EsZY4QmXfuWso8oEd8zRhVObSN18aM0CjSdoBX7zIw==",
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz",
+      "integrity": "sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w==",
       "dev": true,
       "requires": {
         "esutils": "^2.0.2"
@@ -2508,41 +2784,6 @@
       "integrity": "sha1-rOb/gIwc5mtX0ev5eXessCM0z8E=",
       "dev": true
     },
-    "duplexer2": {
-      "version": "0.0.2",
-      "resolved": "https://registry.npmjs.org/duplexer2/-/duplexer2-0.0.2.tgz",
-      "integrity": "sha1-xhTc9n4vsUmVqRcR5aYX6KYKMds=",
-      "dev": true,
-      "requires": {
-        "readable-stream": "~1.1.9"
-      },
-      "dependencies": {
-        "isarray": {
-          "version": "0.0.1",
-          "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz",
-          "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8=",
-          "dev": true
-        },
-        "readable-stream": {
-          "version": "1.1.14",
-          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.1.14.tgz",
-          "integrity": "sha1-fPTFTvZI44EwhMY23SB54WbAgdk=",
-          "dev": true,
-          "requires": {
-            "core-util-is": "~1.0.0",
-            "inherits": "~2.0.1",
-            "isarray": "0.0.1",
-            "string_decoder": "~0.10.x"
-          }
-        },
-        "string_decoder": {
-          "version": "0.10.31",
-          "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz",
-          "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ=",
-          "dev": true
-        }
-      }
-    },
     "duplexer3": {
       "version": "0.1.4",
       "resolved": "https://registry.npmjs.org/duplexer3/-/duplexer3-0.1.4.tgz",
@@ -2550,14 +2791,14 @@
       "dev": true
     },
     "duplexify": {
-      "version": "3.6.0",
-      "resolved": "https://registry.npmjs.org/duplexify/-/duplexify-3.6.0.tgz",
-      "integrity": "sha512-fO3Di4tBKJpYTFHAxTU00BcfWMY9w24r/x21a6rZRbsD/ToUgGxsMbiGRmB7uVAXeGKXD9MwiLZa5E97EVgIRQ==",
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/duplexify/-/duplexify-4.1.1.tgz",
+      "integrity": "sha512-DY3xVEmVHTv1wSzKNbwoU6nVjzI369Y6sPoqfYr0/xlx3IdX2n94xIszTcjPO8W8ZIv0Wb0PXNcjuZyT4wiICA==",
       "dev": true,
       "requires": {
-        "end-of-stream": "^1.0.0",
-        "inherits": "^2.0.1",
-        "readable-stream": "^2.0.0",
+        "end-of-stream": "^1.4.1",
+        "inherits": "^2.0.3",
+        "readable-stream": "^3.1.1",
         "stream-shift": "^1.0.0"
       },
       "dependencies": {
@@ -2569,9 +2810,30 @@
           "requires": {
             "once": "^1.4.0"
           }
+        },
+        "readable-stream": {
+          "version": "3.4.0",
+          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.4.0.tgz",
+          "integrity": "sha512-jItXPLmrSR8jmTRmRWJXCnGJsfy85mB3Wd/uINMXA65yrnFo0cPClFIUWzo2najVNSl+mx7/4W8ttlLWJe99pQ==",
+          "dev": true,
+          "requires": {
+            "inherits": "^2.0.3",
+            "string_decoder": "^1.1.1",
+            "util-deprecate": "^1.0.1"
+          }
         }
       }
     },
+    "each-props": {
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/each-props/-/each-props-1.3.2.tgz",
+      "integrity": "sha512-vV0Hem3zAGkJAyU7JSjixeU66rwdynTAa1vofCrSA5fEln+m67Az9CcnkVD776/fsN/UjIWmBDoNRS6t6G9RfA==",
+      "dev": true,
+      "requires": {
+        "is-plain-object": "^2.0.1",
+        "object.defaults": "^1.1.0"
+      }
+    },
     "easy-extender": {
       "version": "2.3.4",
       "resolved": "https://registry.npmjs.org/easy-extender/-/easy-extender-2.3.4.tgz",
@@ -2591,13 +2853,14 @@
       }
     },
     "ecc-jsbn": {
-      "version": "0.1.1",
-      "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.1.tgz",
-      "integrity": "sha1-D8c6ntXw1Tw4GTOYUj735UN3dQU=",
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz",
+      "integrity": "sha1-OoOpBOVDUyh4dMVkt1SThoSamMk=",
       "dev": true,
       "optional": true,
       "requires": {
-        "jsbn": "~0.1.0"
+        "jsbn": "~0.1.0",
+        "safer-buffer": "^2.1.0"
       }
     },
     "echint": {
@@ -2659,9 +2922,9 @@
       "dev": true
     },
     "electron-to-chromium": {
-      "version": "1.3.144",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.144.tgz",
-      "integrity": "sha512-jNRFJpfNrYm5uJ4x0q9oYMOfbL0JPOlkNli8GS/5zEmCjnE5jAtoCo4BYajHiqSPqEeAjtTdItL4p7EZw+jSfg==",
+      "version": "1.3.253",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.253.tgz",
+      "integrity": "sha512-LAwFRWViiiCSxQ2Lj3mnyEP8atkpAoHSPUnkFoy4mNabbnPHxtfseWvPCGGhewjHQI+ky/V4LdlTyyI0d3YPXA==",
       "dev": true
     },
     "email-addresses": {
@@ -2670,6 +2933,12 @@
       "integrity": "sha512-kUlSC06PVvvjlMRpNIl3kR1NRXLEe86VQ7N0bQeaCZb2g+InShCeHQp/JvyYNTugMnRN2NvJhHlc3q12MWbbpg==",
       "dev": true
     },
+    "emoji-regex": {
+      "version": "7.0.3",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-7.0.3.tgz",
+      "integrity": "sha512-CwBLREIQ7LvYFB0WyRvwhq5N5qPhc6PMjD6bYggFlI5YyDgl+0vxq5VHbMOFqLg7hfWzmu8T5Z1QofhmTIhItA==",
+      "dev": true
+    },
     "encodeurl": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
@@ -2677,23 +2946,12 @@
       "dev": true
     },
     "end-of-stream": {
-      "version": "0.1.5",
-      "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-0.1.5.tgz",
-      "integrity": "sha1-jhdyBsPICDfYVjLouTWd/osvbq8=",
+      "version": "1.4.1",
+      "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.1.tgz",
+      "integrity": "sha512-1MkrZNvWTKCaigbn+W15elq2BB/L22nqrSY5DKlo3X6+vclJm8Bb5djXJBmEX6fS3+zCh/F4VBK5Z2KxJt4s2Q==",
       "dev": true,
       "requires": {
-        "once": "~1.3.0"
-      },
-      "dependencies": {
-        "once": {
-          "version": "1.3.3",
-          "resolved": "https://registry.npmjs.org/once/-/once-1.3.3.tgz",
-          "integrity": "sha1-suJhVXzkwxTsgwTz+oJmPkKXyiA=",
-          "dev": true,
-          "requires": {
-            "wrappy": "1"
-          }
-        }
+        "once": "^1.4.0"
       }
     },
     "engine.io": {
@@ -2781,12 +3039,17 @@
       "integrity": "sha1-blwtClYhtdra7O+AuQ7ftc13cvA=",
       "dev": true
     },
+    "eol": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/eol/-/eol-0.2.0.tgz",
+      "integrity": "sha1-L22whqJDpG4+Xb0OE0Ncfr6/Cd0=",
+      "dev": true
+    },
     "errno": {
       "version": "0.1.7",
       "resolved": "https://registry.npmjs.org/errno/-/errno-0.1.7.tgz",
       "integrity": "sha512-MfrRBDWzIWifgq6tJj60gkAwtLNb6sQPlcFrSOflcP1aFmmruKQ2wRnze/8V6kgyz7H3FF8Npzv78mZ7XLLflg==",
       "dev": true,
-      "optional": true,
       "requires": {
         "prr": "~1.0.1"
       }
@@ -2800,6 +3063,12 @@
         "is-arrayish": "^0.2.1"
       }
     },
+    "errors": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/errors/-/errors-0.2.0.tgz",
+      "integrity": "sha1-D1Hoidqj4RsZ5xhtEfEEqmbrJAM=",
+      "dev": true
+    },
     "es-abstract": {
       "version": "1.13.0",
       "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.13.0.tgz",
@@ -2854,9 +3123,9 @@
       }
     },
     "es6-promise": {
-      "version": "4.2.6",
-      "resolved": "https://registry.npmjs.org/es6-promise/-/es6-promise-4.2.6.tgz",
-      "integrity": "sha512-aRVgGdnmW2OiySVPUC9e6m+plolMAJKjZnQlCwNSuK5yQ0JN61DZSO1X1Ufd1foqWRAlig0rhduTCHe7sVtK5Q==",
+      "version": "4.2.8",
+      "resolved": "https://registry.npmjs.org/es6-promise/-/es6-promise-4.2.8.tgz",
+      "integrity": "sha512-HJDGx5daxeIvxdBxvG2cb9g4tEvwIk3i8+nhX0yGrYmZUzbkdg8QbDevheDB8gd0//uPj4c1EQua8Q+MViT0/w==",
       "dev": true
     },
     "es6-promisify": {
@@ -2903,67 +3172,54 @@
       "dev": true
     },
     "eslint": {
-      "version": "5.4.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-5.4.0.tgz",
-      "integrity": "sha512-UIpL91XGex3qtL6qwyCQJar2j3osKxK9e3ano3OcGEIRM4oWIpCkDg9x95AXEC2wMs7PnxzOkPZ2gq+tsMS9yg==",
+      "version": "6.4.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-6.4.0.tgz",
+      "integrity": "sha512-WTVEzK3lSFoXUovDHEbkJqCVPEPwbhCq4trDktNI6ygs7aO41d4cDT0JFAT5MivzZeVLWlg7vHL+bgrQv/t3vA==",
       "dev": true,
       "requires": {
-        "ajv": "^6.5.0",
-        "babel-code-frame": "^6.26.0",
+        "@babel/code-frame": "^7.0.0",
+        "ajv": "^6.10.0",
         "chalk": "^2.1.0",
         "cross-spawn": "^6.0.5",
-        "debug": "^3.1.0",
-        "doctrine": "^2.1.0",
-        "eslint-scope": "^4.0.0",
-        "eslint-utils": "^1.3.1",
-        "eslint-visitor-keys": "^1.0.0",
-        "espree": "^4.0.0",
+        "debug": "^4.0.1",
+        "doctrine": "^3.0.0",
+        "eslint-scope": "^5.0.0",
+        "eslint-utils": "^1.4.2",
+        "eslint-visitor-keys": "^1.1.0",
+        "espree": "^6.1.1",
         "esquery": "^1.0.1",
         "esutils": "^2.0.2",
-        "file-entry-cache": "^2.0.0",
+        "file-entry-cache": "^5.0.1",
         "functional-red-black-tree": "^1.0.1",
-        "glob": "^7.1.2",
+        "glob-parent": "^5.0.0",
         "globals": "^11.7.0",
-        "ignore": "^4.0.2",
+        "ignore": "^4.0.6",
+        "import-fresh": "^3.0.0",
         "imurmurhash": "^0.1.4",
-        "inquirer": "^5.2.0",
-        "is-resolvable": "^1.1.0",
-        "js-yaml": "^3.11.0",
+        "inquirer": "^6.4.1",
+        "is-glob": "^4.0.0",
+        "js-yaml": "^3.13.1",
         "json-stable-stringify-without-jsonify": "^1.0.1",
         "levn": "^0.3.0",
-        "lodash": "^4.17.5",
+        "lodash": "^4.17.14",
         "minimatch": "^3.0.4",
         "mkdirp": "^0.5.1",
         "natural-compare": "^1.4.0",
         "optionator": "^0.8.2",
-        "path-is-inside": "^1.0.2",
-        "pluralize": "^7.0.0",
         "progress": "^2.0.0",
-        "regexpp": "^2.0.0",
-        "require-uncached": "^1.0.3",
-        "semver": "^5.5.0",
-        "strip-ansi": "^4.0.0",
-        "strip-json-comments": "^2.0.1",
-        "table": "^4.0.3",
-        "text-table": "^0.2.0"
+        "regexpp": "^2.0.1",
+        "semver": "^6.1.2",
+        "strip-ansi": "^5.2.0",
+        "strip-json-comments": "^3.0.1",
+        "table": "^5.2.3",
+        "text-table": "^0.2.0",
+        "v8-compile-cache": "^2.0.3"
       },
       "dependencies": {
-        "ajv": {
-          "version": "6.10.0",
-          "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.10.0.tgz",
-          "integrity": "sha512-nffhOpkymDECQyR0mnsUtoCE8RlX38G0rYP+wgLWFyZuUyuuojSSvi/+euOiQBIn63whYwYVIIH1TvE3tu4OEg==",
-          "dev": true,
-          "requires": {
-            "fast-deep-equal": "^2.0.1",
-            "fast-json-stable-stringify": "^2.0.0",
-            "json-schema-traverse": "^0.4.1",
-            "uri-js": "^4.2.2"
-          }
-        },
         "ansi-regex": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz",
-          "integrity": "sha1-7QMXwyIGT3lGbAKWa922Bas32Zg=",
+          "version": "4.1.0",
+          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz",
+          "integrity": "sha512-1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg==",
           "dev": true
         },
         "ansi-styles": {
@@ -2997,17 +3253,34 @@
             "semver": "^5.5.0",
             "shebang-command": "^1.2.0",
             "which": "^1.2.9"
+          },
+          "dependencies": {
+            "semver": {
+              "version": "5.7.1",
+              "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
+              "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==",
+              "dev": true
+            }
           }
         },
         "debug": {
-          "version": "3.2.6",
-          "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.6.tgz",
-          "integrity": "sha512-mel+jf7nrtEl5Pn1Qx46zARXKDpBbvzezse7p7LqINmdoIk8PYP5SySaxEmYv6TZ0JyEKA1hsCId6DIhgITtWQ==",
+          "version": "4.1.1",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz",
+          "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==",
           "dev": true,
           "requires": {
             "ms": "^2.1.1"
           }
         },
+        "glob-parent": {
+          "version": "5.0.0",
+          "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.0.0.tgz",
+          "integrity": "sha512-Z2RwiujPRGluePM6j699ktJYxmPpJKCfpGA13jz2hmFZC7gKetzrWvg5KN3+OsIFmydGyZ1AVwERCq1w/ZZwRg==",
+          "dev": true,
+          "requires": {
+            "is-glob": "^4.0.1"
+          }
+        },
         "ignore": {
           "version": "4.0.6",
           "resolved": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz",
@@ -3020,13 +3293,19 @@
           "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
           "dev": true
         },
+        "semver": {
+          "version": "6.3.0",
+          "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
+          "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+          "dev": true
+        },
         "strip-ansi": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz",
-          "integrity": "sha1-qEeQIusaw2iocTibY1JixQXuNo8=",
+          "version": "5.2.0",
+          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz",
+          "integrity": "sha512-DuRs1gKbBqsMKIZlrffwlug8MHkcnpjs5VPmL1PAh+mA30U0DTotfDZ0d2UUsXpPmPmMMJ6W773MaA3J+lbiWA==",
           "dev": true,
           "requires": {
-            "ansi-regex": "^3.0.0"
+            "ansi-regex": "^4.1.0"
           }
         },
         "supports-color": {
@@ -3041,15 +3320,15 @@
       }
     },
     "eslint-config-standard": {
-      "version": "12.0.0",
-      "resolved": "https://registry.npmjs.org/eslint-config-standard/-/eslint-config-standard-12.0.0.tgz",
-      "integrity": "sha512-COUz8FnXhqFitYj4DTqHzidjIL/t4mumGZto5c7DrBpvWoie+Sn3P4sLEzUGeYhRElWuFEf8K1S1EfvD1vixCQ==",
+      "version": "14.1.0",
+      "resolved": "https://registry.npmjs.org/eslint-config-standard/-/eslint-config-standard-14.1.0.tgz",
+      "integrity": "sha512-EF6XkrrGVbvv8hL/kYa/m6vnvmUT+K82pJJc4JJVMM6+Qgqh0pnwprSxdduDLB9p/7bIxD+YV5O0wfb8lmcPbA==",
       "dev": true
     },
     "eslint-config-standard-jsx": {
-      "version": "6.0.2",
-      "resolved": "https://registry.npmjs.org/eslint-config-standard-jsx/-/eslint-config-standard-jsx-6.0.2.tgz",
-      "integrity": "sha512-D+YWAoXw+2GIdbMBRAzWwr1ZtvnSf4n4yL0gKGg7ShUOGXkSOLerI17K4F6LdQMJPNMoWYqepzQD/fKY+tXNSg==",
+      "version": "8.1.0",
+      "resolved": "https://registry.npmjs.org/eslint-config-standard-jsx/-/eslint-config-standard-jsx-8.1.0.tgz",
+      "integrity": "sha512-ULVC8qH8qCqbU792ZOO6DaiaZyHNS/5CZt3hKqHkEhVlhPEPN3nfBqqxJCyp59XrjIBZPu1chMYe9T2DXZ7TMw==",
       "dev": true
     },
     "eslint-import-resolver-node": {
@@ -3063,9 +3342,9 @@
       }
     },
     "eslint-module-utils": {
-      "version": "2.4.0",
-      "resolved": "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.4.0.tgz",
-      "integrity": "sha512-14tltLm38Eu3zS+mt0KvILC3q8jyIAH518MlG+HO0p+yK885Lb1UHTY/UgR91eOyGdmxAPb+OLoW4znqIT6Ndw==",
+      "version": "2.4.1",
+      "resolved": "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.4.1.tgz",
+      "integrity": "sha512-H6DOj+ejw7Tesdgbfs4jeS4YMFrT8uI8xwd1gtQqXssaR0EQ26L+2O/w6wkYFy2MymON0fTwHmXBvvfLNZVZEw==",
       "dev": true,
       "requires": {
         "debug": "^2.6.8",
@@ -3073,31 +3352,40 @@
       }
     },
     "eslint-plugin-es": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-es/-/eslint-plugin-es-1.4.0.tgz",
-      "integrity": "sha512-XfFmgFdIUDgvaRAlaXUkxrRg5JSADoRC8IkKLc/cISeR3yHVMefFHQZpcyXXEUUPHfy5DwviBcrfqlyqEwlQVw==",
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-es/-/eslint-plugin-es-2.0.0.tgz",
+      "integrity": "sha512-f6fceVtg27BR02EYnBhgWLFQfK6bN4Ll0nQFrBHOlCsAyxeZkn0NHns5O0YZOPrV1B3ramd6cgFwaoFLcSkwEQ==",
       "dev": true,
       "requires": {
-        "eslint-utils": "^1.3.0",
-        "regexpp": "^2.0.1"
-      }
-    },
-    "eslint-plugin-import": {
-      "version": "2.14.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.14.0.tgz",
-      "integrity": "sha512-FpuRtniD/AY6sXByma2Wr0TXvXJ4nA/2/04VPlfpmUDPOpOY264x+ILiwnrk/k4RINgDAyFZByxqPUbSQ5YE7g==",
+        "eslint-utils": "^1.4.2",
+        "regexpp": "^3.0.0"
+      },
+      "dependencies": {
+        "regexpp": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/regexpp/-/regexpp-3.0.0.tgz",
+          "integrity": "sha512-Z+hNr7RAVWxznLPuA7DIh8UNX1j9CDrUQxskw9IrBE1Dxue2lyXT+shqEIeLUjrokxIP8CMy1WkjgG3rTsd5/g==",
+          "dev": true
+        }
+      }
+    },
+    "eslint-plugin-import": {
+      "version": "2.18.2",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.18.2.tgz",
+      "integrity": "sha512-5ohpsHAiUBRNaBWAF08izwUGlbrJoJJ+W9/TBwsGoR1MnlgfwMIKrFeSjWbt6moabiXW9xNvtFz+97KHRfI4HQ==",
       "dev": true,
       "requires": {
+        "array-includes": "^3.0.3",
         "contains-path": "^0.1.0",
-        "debug": "^2.6.8",
+        "debug": "^2.6.9",
         "doctrine": "1.5.0",
-        "eslint-import-resolver-node": "^0.3.1",
-        "eslint-module-utils": "^2.2.0",
-        "has": "^1.0.1",
-        "lodash": "^4.17.4",
-        "minimatch": "^3.0.3",
+        "eslint-import-resolver-node": "^0.3.2",
+        "eslint-module-utils": "^2.4.0",
+        "has": "^1.0.3",
+        "minimatch": "^3.0.4",
+        "object.values": "^1.1.0",
         "read-pkg-up": "^2.0.0",
-        "resolve": "^1.6.0"
+        "resolve": "^1.11.0"
       },
       "dependencies": {
         "doctrine": {
@@ -3137,6 +3425,12 @@
             "strip-bom": "^3.0.0"
           }
         },
+        "path-parse": {
+          "version": "1.0.6",
+          "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz",
+          "integrity": "sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw==",
+          "dev": true
+        },
         "path-type": {
           "version": "2.0.0",
           "resolved": "https://registry.npmjs.org/path-type/-/path-type-2.0.0.tgz",
@@ -3167,6 +3461,15 @@
             "read-pkg": "^2.0.0"
           }
         },
+        "resolve": {
+          "version": "1.12.0",
+          "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.12.0.tgz",
+          "integrity": "sha512-B/dOmuoAik5bKcD6s6nXDCjzUKnaDvdkRyAk6rsmsKLipWj4797iothd7jmmUhWTfinVMU+wc56rYKsit2Qy4w==",
+          "dev": true,
+          "requires": {
+            "path-parse": "^1.0.6"
+          }
+        },
         "strip-bom": {
           "version": "3.0.0",
           "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz",
@@ -3176,25 +3479,19 @@
       }
     },
     "eslint-plugin-node": {
-      "version": "7.0.1",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-node/-/eslint-plugin-node-7.0.1.tgz",
-      "integrity": "sha512-lfVw3TEqThwq0j2Ba/Ckn2ABdwmL5dkOgAux1rvOk6CO7A6yGyPI2+zIxN6FyNkp1X1X/BSvKOceD6mBWSj4Yw==",
+      "version": "10.0.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-node/-/eslint-plugin-node-10.0.0.tgz",
+      "integrity": "sha512-1CSyM/QCjs6PXaT18+zuAXsjXGIGo5Rw630rSKwokSs2jrYURQc4R5JZpoanNCqwNmepg+0eZ9L7YiRUJb8jiQ==",
       "dev": true,
       "requires": {
-        "eslint-plugin-es": "^1.3.1",
-        "eslint-utils": "^1.3.1",
-        "ignore": "^4.0.2",
+        "eslint-plugin-es": "^2.0.0",
+        "eslint-utils": "^1.4.2",
+        "ignore": "^5.1.1",
         "minimatch": "^3.0.4",
-        "resolve": "^1.8.1",
-        "semver": "^5.5.0"
+        "resolve": "^1.10.1",
+        "semver": "^6.1.0"
       },
       "dependencies": {
-        "ignore": {
-          "version": "4.0.6",
-          "resolved": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz",
-          "integrity": "sha512-cyFDKrqc/YdcWFniJhzI42+AzS+gNwmUzOSFcRCQYwySuBBBy/KjuxWLZ/FHEH6Moq1NizMOBWyTcv8O4OZIMg==",
-          "dev": true
-        },
         "path-parse": {
           "version": "1.0.6",
           "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz",
@@ -3202,45 +3499,81 @@
           "dev": true
         },
         "resolve": {
-          "version": "1.11.1",
-          "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.11.1.tgz",
-          "integrity": "sha512-vIpgF6wfuJOZI7KKKSP+HmiKggadPQAdsp5HiC1mvqnfp0gF1vdwgBWZIdrVft9pgqoMFQN+R7BSWZiBxx+BBw==",
+          "version": "1.12.0",
+          "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.12.0.tgz",
+          "integrity": "sha512-B/dOmuoAik5bKcD6s6nXDCjzUKnaDvdkRyAk6rsmsKLipWj4797iothd7jmmUhWTfinVMU+wc56rYKsit2Qy4w==",
           "dev": true,
           "requires": {
             "path-parse": "^1.0.6"
           }
+        },
+        "semver": {
+          "version": "6.3.0",
+          "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
+          "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+          "dev": true
         }
       }
     },
     "eslint-plugin-promise": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-promise/-/eslint-plugin-promise-4.0.1.tgz",
-      "integrity": "sha512-Si16O0+Hqz1gDHsys6RtFRrW7cCTB6P7p3OJmKp3Y3dxpQE2qwOA7d3xnV+0mBmrPoi0RBnxlCKvqu70te6wjg==",
+      "version": "4.2.1",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-promise/-/eslint-plugin-promise-4.2.1.tgz",
+      "integrity": "sha512-VoM09vT7bfA7D+upt+FjeBO5eHIJQBUWki1aPvB+vbNiHS3+oGIJGIeyBtKQTME6UPXXy3vV07OL1tHd3ANuDw==",
       "dev": true
     },
     "eslint-plugin-react": {
-      "version": "7.11.1",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-react/-/eslint-plugin-react-7.11.1.tgz",
-      "integrity": "sha512-cVVyMadRyW7qsIUh3FHp3u6QHNhOgVrLQYdQEB1bPWBsgbNCHdFAeNMquBMCcZJu59eNthX053L70l7gRt4SCw==",
+      "version": "7.14.3",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-react/-/eslint-plugin-react-7.14.3.tgz",
+      "integrity": "sha512-EzdyyBWC4Uz2hPYBiEJrKCUi2Fn+BJ9B/pJQcjw5X+x/H2Nm59S4MJIvL4O5NEE0+WbnQwEBxWY03oUk+Bc3FA==",
       "dev": true,
       "requires": {
         "array-includes": "^3.0.3",
         "doctrine": "^2.1.0",
         "has": "^1.0.3",
-        "jsx-ast-utils": "^2.0.1",
-        "prop-types": "^15.6.2"
+        "jsx-ast-utils": "^2.1.0",
+        "object.entries": "^1.1.0",
+        "object.fromentries": "^2.0.0",
+        "object.values": "^1.1.0",
+        "prop-types": "^15.7.2",
+        "resolve": "^1.10.1"
+      },
+      "dependencies": {
+        "doctrine": {
+          "version": "2.1.0",
+          "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.1.0.tgz",
+          "integrity": "sha512-35mSku4ZXK0vfCuHEDAwt55dg2jNajHZ1odvF+8SSr82EsZY4QmXfuWso8oEd8zRhVObSN18aM0CjSdoBX7zIw==",
+          "dev": true,
+          "requires": {
+            "esutils": "^2.0.2"
+          }
+        },
+        "path-parse": {
+          "version": "1.0.6",
+          "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz",
+          "integrity": "sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw==",
+          "dev": true
+        },
+        "resolve": {
+          "version": "1.12.0",
+          "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.12.0.tgz",
+          "integrity": "sha512-B/dOmuoAik5bKcD6s6nXDCjzUKnaDvdkRyAk6rsmsKLipWj4797iothd7jmmUhWTfinVMU+wc56rYKsit2Qy4w==",
+          "dev": true,
+          "requires": {
+            "path-parse": "^1.0.6"
+          }
+        }
       }
     },
     "eslint-plugin-standard": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-standard/-/eslint-plugin-standard-4.0.0.tgz",
-      "integrity": "sha512-OwxJkR6TQiYMmt1EsNRMe5qG3GsbjlcOhbGUBY4LtavF9DsLaTcoR+j2Tdjqi23oUwKNUqX7qcn5fPStafMdlA==",
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-standard/-/eslint-plugin-standard-4.0.1.tgz",
+      "integrity": "sha512-v/KBnfyaOMPmZc/dmc6ozOdWqekGp7bBGq4jLAecEfPGmfKiWS4sA8sC0LqiV9w5qmXAtXVn4M3p1jSyhY85SQ==",
       "dev": true
     },
     "eslint-scope": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-4.0.3.tgz",
-      "integrity": "sha512-p7VutNr1O/QrxysMo3E45FjYDTeXBy0iTltPFNSqKAIfjDSXC+4dj+qfyuD8bfAXrW/y6lW3O76VaYNPKfpKrg==",
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.0.0.tgz",
+      "integrity": "sha512-oYrhJW7S0bxAFDvWqzvMPRm6pcgcnWc4QnofCAqRTRfQC0JcwenzGglTtsLyIuuWFfkqDG9vz67cnttSd53djw==",
       "dev": true,
       "requires": {
         "esrecurse": "^4.1.0",
@@ -3248,34 +3581,29 @@
       }
     },
     "eslint-utils": {
-      "version": "1.3.1",
-      "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-1.3.1.tgz",
-      "integrity": "sha512-Z7YjnIldX+2XMcjr7ZkgEsOj/bREONV60qYeB/bjMAqqqZ4zxKyWX+BOUkdmRmA9riiIPVvo5x86m5elviOk0Q==",
-      "dev": true
+      "version": "1.4.2",
+      "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-1.4.2.tgz",
+      "integrity": "sha512-eAZS2sEUMlIeCjBeubdj45dmBHQwPHWyBcT1VSYB7o9x9WRRqKxyUoiXlRjyAwzN7YEzHJlYg0NmzDRWx6GP4Q==",
+      "dev": true,
+      "requires": {
+        "eslint-visitor-keys": "^1.0.0"
+      }
     },
     "eslint-visitor-keys": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.0.0.tgz",
-      "integrity": "sha512-qzm/XxIbxm/FHyH341ZrbnMUpe+5Bocte9xkmFMzPMjRaZMcXww+MpBptFvtU+79L362nqiLhekCxCxDPaUMBQ==",
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.1.0.tgz",
+      "integrity": "sha512-8y9YjtM1JBJU/A9Kc+SbaOV4y29sSWckBwMHa+FGtVj5gN/sbnKDf6xJUl+8g7FAij9LVaP8C24DUiH/f/2Z9A==",
       "dev": true
     },
     "espree": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/espree/-/espree-4.1.0.tgz",
-      "integrity": "sha512-I5BycZW6FCVIub93TeVY1s7vjhP9CY6cXCznIRfiig7nRviKZYdRnj/sHEWC6A7WE9RDWOFq9+7OsWSYz8qv2w==",
+      "version": "6.1.1",
+      "resolved": "https://registry.npmjs.org/espree/-/espree-6.1.1.tgz",
+      "integrity": "sha512-EYbr8XZUhWbYCqQRW0duU5LxzL5bETN6AjKBGy1302qqzPaCH10QbRg3Wvco79Z8x9WbiE8HYB4e75xl6qUYvQ==",
       "dev": true,
       "requires": {
-        "acorn": "^6.0.2",
-        "acorn-jsx": "^5.0.0",
-        "eslint-visitor-keys": "^1.0.0"
-      },
-      "dependencies": {
-        "acorn": {
-          "version": "6.1.1",
-          "resolved": "https://registry.npmjs.org/acorn/-/acorn-6.1.1.tgz",
-          "integrity": "sha512-jPTiwtOxaHNaAPg/dmrJ/beuzLRnXtB0kQPQ8JpotKJgTB6rX6c8mlf315941pyjBSaPg8NHXS9fhP4u17DpGA==",
-          "dev": true
-        }
+        "acorn": "^7.0.0",
+        "acorn-jsx": "^5.0.2",
+        "eslint-visitor-keys": "^1.1.0"
       }
     },
     "esprima": {
@@ -3303,15 +3631,15 @@
       }
     },
     "estraverse": {
-      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.2.0.tgz",
-      "integrity": "sha1-De4/7TH81GlhjOc0IJn8GvoL2xM=",
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz",
+      "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==",
       "dev": true
     },
     "esutils": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.2.tgz",
-      "integrity": "sha1-Cr9PHKpbyx96nYrMbepPqqBLrJs=",
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz",
+      "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==",
       "dev": true
     },
     "etag": {
@@ -3448,9 +3776,9 @@
       }
     },
     "extend": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.1.tgz",
-      "integrity": "sha1-p1Xqe8Gt/MWjHOfnYtuq3F5jZEQ=",
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
+      "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==",
       "dev": true
     },
     "extend-shallow": {
@@ -3475,13 +3803,13 @@
       }
     },
     "external-editor": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/external-editor/-/external-editor-2.2.0.tgz",
-      "integrity": "sha512-bSn6gvGxKt+b7+6TKEv1ZycHleA7aHhRHyAqJyp5pbUFuYYNIzpZnQDk7AsYckyWdEnTeAnay0aCy2aV6iTk9A==",
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/external-editor/-/external-editor-3.1.0.tgz",
+      "integrity": "sha512-hMQ4CX1p1izmuLYyZqLMO/qGNw10wSv9QDCPfzXfyFrOaCSSoRfqE1Kf1s5an66J5JZC62NewG+mK49jOCtQew==",
       "dev": true,
       "requires": {
-        "chardet": "^0.4.0",
-        "iconv-lite": "^0.4.17",
+        "chardet": "^0.7.0",
+        "iconv-lite": "^0.4.24",
         "tmp": "^0.0.33"
       }
     },
@@ -3566,7 +3894,8 @@
       "version": "1.3.0",
       "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz",
       "integrity": "sha1-lpGEQOMEGnpBT4xS48V06zw+HgU=",
-      "dev": true
+      "dev": true,
+      "optional": true
     },
     "fancy-log": {
       "version": "1.3.3",
@@ -3587,17 +3916,71 @@
       "dev": true
     },
     "fast-glob": {
-      "version": "2.2.7",
-      "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-2.2.7.tgz",
-      "integrity": "sha512-g1KuQwHOZAmOZMuBtHdxDtju+T2RT8jgCC9aANsbpdiDDTSnjgfuVsIBNKbUeJI3oKMRExcfNDtJl4OhbffMsw==",
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.0.4.tgz",
+      "integrity": "sha512-wkIbV6qg37xTJwqSsdnIphL1e+LaGz4AIQqr00mIubMaEhv1/HEmJ0uuCGZRNRUkZZmOB5mJKO0ZUTVq+SxMQg==",
       "dev": true,
       "requires": {
-        "@mrmlnc/readdir-enhanced": "^2.2.1",
-        "@nodelib/fs.stat": "^1.1.2",
-        "glob-parent": "^3.1.0",
-        "is-glob": "^4.0.0",
+        "@nodelib/fs.stat": "^2.0.1",
+        "@nodelib/fs.walk": "^1.2.1",
+        "glob-parent": "^5.0.0",
+        "is-glob": "^4.0.1",
         "merge2": "^1.2.3",
-        "micromatch": "^3.1.10"
+        "micromatch": "^4.0.2"
+      },
+      "dependencies": {
+        "braces": {
+          "version": "3.0.2",
+          "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
+          "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+          "dev": true,
+          "requires": {
+            "fill-range": "^7.0.1"
+          }
+        },
+        "fill-range": {
+          "version": "7.0.1",
+          "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
+          "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+          "dev": true,
+          "requires": {
+            "to-regex-range": "^5.0.1"
+          }
+        },
+        "glob-parent": {
+          "version": "5.0.0",
+          "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.0.0.tgz",
+          "integrity": "sha512-Z2RwiujPRGluePM6j699ktJYxmPpJKCfpGA13jz2hmFZC7gKetzrWvg5KN3+OsIFmydGyZ1AVwERCq1w/ZZwRg==",
+          "dev": true,
+          "requires": {
+            "is-glob": "^4.0.1"
+          }
+        },
+        "is-number": {
+          "version": "7.0.0",
+          "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
+          "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
+          "dev": true
+        },
+        "micromatch": {
+          "version": "4.0.2",
+          "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.2.tgz",
+          "integrity": "sha512-y7FpHSbMUMoyPbYUSzO6PaZ6FyRnQOpHuKwbo1G+Knck95XVU4QAiKdGEnj5wwoS7PlOgthX/09u5iFJ+aYf5Q==",
+          "dev": true,
+          "requires": {
+            "braces": "^3.0.1",
+            "picomatch": "^2.0.5"
+          }
+        },
+        "to-regex-range": {
+          "version": "5.0.1",
+          "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
+          "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
+          "dev": true,
+          "requires": {
+            "is-number": "^7.0.0"
+          }
+        }
       }
     },
     "fast-json-stable-stringify": {
@@ -3612,6 +3995,15 @@
       "integrity": "sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc=",
       "dev": true
     },
+    "fastq": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.6.0.tgz",
+      "integrity": "sha512-jmxqQ3Z/nXoeyDmWAzF9kH1aGZSis6e/SbfPmJpUnyZ0ogr6iscHQaml4wsEepEWSdtmpy+eVXmCRIMpxaXqOA==",
+      "dev": true,
+      "requires": {
+        "reusify": "^1.0.0"
+      }
+    },
     "fd-slicer": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/fd-slicer/-/fd-slicer-1.0.1.tgz",
@@ -3632,19 +4024,18 @@
       }
     },
     "file-entry-cache": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-2.0.0.tgz",
-      "integrity": "sha1-w5KZDD5oR4PYOLjISkXYoEhFg2E=",
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-5.0.1.tgz",
+      "integrity": "sha512-bCg29ictuBaKUwwArK4ouCaqDgLZcysCFLmM/Yn/FDoqndh/9vNuQfXRDvTuXKLxfD/JtZQGKFT8MGcJBK644g==",
       "dev": true,
       "requires": {
-        "flat-cache": "^1.2.1",
-        "object-assign": "^4.0.1"
+        "flat-cache": "^2.0.1"
       }
     },
     "file-type": {
-      "version": "10.11.0",
-      "resolved": "https://registry.npmjs.org/file-type/-/file-type-10.11.0.tgz",
-      "integrity": "sha512-uzk64HRpUZyTGZtVuvrjP0FYxzQrBf4rojot6J65YMEbwBLB0CWm0CLojVpwpmFmxcE/lkvYICgfcGozbBq6rw==",
+      "version": "12.3.0",
+      "resolved": "https://registry.npmjs.org/file-type/-/file-type-12.3.0.tgz",
+      "integrity": "sha512-4E4Esq9KLwjYCY32E7qSmd0h7LefcniZHX+XcdJ4Wfx1uGJX7QCigiqw/U0yT7WOslm28yhxl87DJ0wHYv0RAA==",
       "dev": true
     },
     "filename-reserved-regex": {
@@ -3712,12 +4103,6 @@
         "unpipe": "~1.0.0"
       }
     },
-    "find-index": {
-      "version": "0.1.1",
-      "resolved": "https://registry.npmjs.org/find-index/-/find-index-0.1.1.tgz",
-      "integrity": "sha1-Z101iyyjiS15Whq0cjL4tuLg3eQ=",
-      "dev": true
-    },
     "find-root": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/find-root/-/find-root-1.1.0.tgz",
@@ -3755,361 +4140,90 @@
       }
     },
     "findup-sync": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/findup-sync/-/findup-sync-2.0.0.tgz",
-      "integrity": "sha1-kyaxSIwi0aYIhlCoaQGy2akKLLw=",
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/findup-sync/-/findup-sync-3.0.0.tgz",
+      "integrity": "sha512-YbffarhcicEhOrm4CtrwdKBdCuz576RLdhJDsIfvNtxUuhdRet1qZcsMjqbePtAseKdAnDyM/IyXbu7PRPRLYg==",
       "dev": true,
       "requires": {
         "detect-file": "^1.0.0",
-        "is-glob": "^3.1.0",
+        "is-glob": "^4.0.0",
         "micromatch": "^3.0.4",
         "resolve-dir": "^1.0.1"
+      }
+    },
+    "fined": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/fined/-/fined-1.2.0.tgz",
+      "integrity": "sha512-ZYDqPLGxDkDhDZBjZBb+oD1+j0rA4E0pXY50eplAAOPg2N/gUBSSk5IM1/QhPfyVo19lJ+CvXpqfvk+b2p/8Ng==",
+      "dev": true,
+      "requires": {
+        "expand-tilde": "^2.0.2",
+        "is-plain-object": "^2.0.3",
+        "object.defaults": "^1.1.0",
+        "object.pick": "^1.2.0",
+        "parse-filepath": "^1.0.1"
+      }
+    },
+    "flagged-respawn": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/flagged-respawn/-/flagged-respawn-1.0.1.tgz",
+      "integrity": "sha512-lNaHNVymajmk0OJMBn8fVUAU1BtDeKIqKoVhk4xAALB57aALg6b4W0MfJ/cUE0g9YBXy5XhSlPIpYIJ7HaY/3Q==",
+      "dev": true
+    },
+    "flat-cache": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-2.0.1.tgz",
+      "integrity": "sha512-LoQe6yDuUMDzQAEH8sgmh4Md6oZnc/7PjtwjNFSzveXqSHt6ka9fPBuso7IGf9Rz4uqnSnWiFH2B/zj24a5ReA==",
+      "dev": true,
+      "requires": {
+        "flatted": "^2.0.0",
+        "rimraf": "2.6.3",
+        "write": "1.0.3"
       },
       "dependencies": {
-        "arr-diff": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/arr-diff/-/arr-diff-4.0.0.tgz",
-          "integrity": "sha1-1kYQdP6/7HHn4VI1dhoyml3HxSA=",
-          "dev": true
-        },
-        "array-unique": {
-          "version": "0.3.2",
-          "resolved": "https://registry.npmjs.org/array-unique/-/array-unique-0.3.2.tgz",
-          "integrity": "sha1-qJS3XUvE9s1nnvMkSp/Y9Gri1Cg=",
-          "dev": true
-        },
-        "braces": {
-          "version": "2.3.2",
-          "resolved": "https://registry.npmjs.org/braces/-/braces-2.3.2.tgz",
-          "integrity": "sha512-aNdbnj9P8PjdXU4ybaWLK2IF3jc/EoDYbC7AazW6to3TRsfXxscC9UXOB5iDiEQrkyIbWp2SLQda4+QAa7nc3w==",
+        "rimraf": {
+          "version": "2.6.3",
+          "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.6.3.tgz",
+          "integrity": "sha512-mwqeW5XsA2qAejG46gYdENaxXjx9onRNCfn7L0duuP4hCuTIi/QO7PDK07KJfp1d+izWPrzEJDcSqBa0OZQriA==",
           "dev": true,
           "requires": {
-            "arr-flatten": "^1.1.0",
-            "array-unique": "^0.3.2",
-            "extend-shallow": "^2.0.1",
-            "fill-range": "^4.0.0",
-            "isobject": "^3.0.1",
-            "repeat-element": "^1.1.2",
-            "snapdragon": "^0.8.1",
-            "snapdragon-node": "^2.0.1",
-            "split-string": "^3.0.2",
-            "to-regex": "^3.0.1"
-          },
-          "dependencies": {
-            "extend-shallow": {
-              "version": "2.0.1",
-              "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz",
-              "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=",
-              "dev": true,
-              "requires": {
-                "is-extendable": "^0.1.0"
-              }
-            }
+            "glob": "^7.1.3"
           }
-        },
-        "expand-brackets": {
-          "version": "2.1.4",
-          "resolved": "https://registry.npmjs.org/expand-brackets/-/expand-brackets-2.1.4.tgz",
-          "integrity": "sha1-t3c14xXOMPa27/D4OwQVGiJEliI=",
+        }
+      }
+    },
+    "flatted": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/flatted/-/flatted-2.0.1.tgz",
+      "integrity": "sha512-a1hQMktqW9Nmqr5aktAux3JMNqaucxGcjtjWnZLHX7yyPCmlSV3M54nGYbqT8K+0GhF3NBgmJCc3ma+WOgX8Jg==",
+      "dev": true
+    },
+    "flush-write-stream": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/flush-write-stream/-/flush-write-stream-1.1.1.tgz",
+      "integrity": "sha512-3Z4XhFZ3992uIq0XOqb9AreonueSYphE6oYbpt5+3u06JWklbsPkNv3ZKkP9Bz/r+1MWCaMoSQ28P85+1Yc77w==",
+      "dev": true,
+      "requires": {
+        "inherits": "^2.0.3",
+        "readable-stream": "^2.3.6"
+      }
+    },
+    "follow-redirects": {
+      "version": "1.5.10",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.5.10.tgz",
+      "integrity": "sha512-0V5l4Cizzvqt5D44aTXbFZz+FtyXV1vrDN6qrelxtfYQKW0KO0W2T/hkE8xvGa/540LkZlkaUjO4ailYTFtHVQ==",
+      "dev": true,
+      "requires": {
+        "debug": "=3.1.0"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "3.1.0",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
+          "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
           "dev": true,
           "requires": {
-            "debug": "^2.3.3",
-            "define-property": "^0.2.5",
-            "extend-shallow": "^2.0.1",
-            "posix-character-classes": "^0.1.0",
-            "regex-not": "^1.0.0",
-            "snapdragon": "^0.8.1",
-            "to-regex": "^3.0.1"
-          },
-          "dependencies": {
-            "define-property": {
-              "version": "0.2.5",
-              "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz",
-              "integrity": "sha1-w1se+RjsPJkPmlvFe+BKrOxcgRY=",
-              "dev": true,
-              "requires": {
-                "is-descriptor": "^0.1.0"
-              }
-            },
-            "extend-shallow": {
-              "version": "2.0.1",
-              "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz",
-              "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=",
-              "dev": true,
-              "requires": {
-                "is-extendable": "^0.1.0"
-              }
-            },
-            "is-accessor-descriptor": {
-              "version": "0.1.6",
-              "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz",
-              "integrity": "sha1-qeEss66Nh2cn7u84Q/igiXtcmNY=",
-              "dev": true,
-              "requires": {
-                "kind-of": "^3.0.2"
-              },
-              "dependencies": {
-                "kind-of": {
-                  "version": "3.2.2",
-                  "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz",
-                  "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=",
-                  "dev": true,
-                  "requires": {
-                    "is-buffer": "^1.1.5"
-                  }
-                }
-              }
-            },
-            "is-data-descriptor": {
-              "version": "0.1.4",
-              "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz",
-              "integrity": "sha1-C17mSDiOLIYCgueT8YVv7D8wG1Y=",
-              "dev": true,
-              "requires": {
-                "kind-of": "^3.0.2"
-              },
-              "dependencies": {
-                "kind-of": {
-                  "version": "3.2.2",
-                  "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz",
-                  "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=",
-                  "dev": true,
-                  "requires": {
-                    "is-buffer": "^1.1.5"
-                  }
-                }
-              }
-            },
-            "is-descriptor": {
-              "version": "0.1.6",
-              "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.6.tgz",
-              "integrity": "sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==",
-              "dev": true,
-              "requires": {
-                "is-accessor-descriptor": "^0.1.6",
-                "is-data-descriptor": "^0.1.4",
-                "kind-of": "^5.0.0"
-              }
-            },
-            "kind-of": {
-              "version": "5.1.0",
-              "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz",
-              "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==",
-              "dev": true
-            }
-          }
-        },
-        "extglob": {
-          "version": "2.0.4",
-          "resolved": "https://registry.npmjs.org/extglob/-/extglob-2.0.4.tgz",
-          "integrity": "sha512-Nmb6QXkELsuBr24CJSkilo6UHHgbekK5UiZgfE6UHD3Eb27YC6oD+bhcT+tJ6cl8dmsgdQxnWlcry8ksBIBLpw==",
-          "dev": true,
-          "requires": {
-            "array-unique": "^0.3.2",
-            "define-property": "^1.0.0",
-            "expand-brackets": "^2.1.4",
-            "extend-shallow": "^2.0.1",
-            "fragment-cache": "^0.2.1",
-            "regex-not": "^1.0.0",
-            "snapdragon": "^0.8.1",
-            "to-regex": "^3.0.1"
-          },
-          "dependencies": {
-            "define-property": {
-              "version": "1.0.0",
-              "resolved": "https://registry.npmjs.org/define-property/-/define-property-1.0.0.tgz",
-              "integrity": "sha1-dp66rz9KY6rTr56NMEybvnm/sOY=",
-              "dev": true,
-              "requires": {
-                "is-descriptor": "^1.0.0"
-              }
-            },
-            "extend-shallow": {
-              "version": "2.0.1",
-              "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz",
-              "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=",
-              "dev": true,
-              "requires": {
-                "is-extendable": "^0.1.0"
-              }
-            }
-          }
-        },
-        "fill-range": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-4.0.0.tgz",
-          "integrity": "sha1-1USBHUKPmOsGpj3EAtJAPDKMOPc=",
-          "dev": true,
-          "requires": {
-            "extend-shallow": "^2.0.1",
-            "is-number": "^3.0.0",
-            "repeat-string": "^1.6.1",
-            "to-regex-range": "^2.1.0"
-          },
-          "dependencies": {
-            "extend-shallow": {
-              "version": "2.0.1",
-              "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz",
-              "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=",
-              "dev": true,
-              "requires": {
-                "is-extendable": "^0.1.0"
-              }
-            }
-          }
-        },
-        "is-accessor-descriptor": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-1.0.0.tgz",
-          "integrity": "sha512-m5hnHTkcVsPfqx3AKlyttIPb7J+XykHvJP2B9bZDjlhLIoEq4XoK64Vg7boZlVWYK6LUY94dYPEE7Lh0ZkZKcQ==",
-          "dev": true,
-          "requires": {
-            "kind-of": "^6.0.0"
-          }
-        },
-        "is-data-descriptor": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-1.0.0.tgz",
-          "integrity": "sha512-jbRXy1FmtAoCjQkVmIVYwuuqDFUbaOeDjmed1tOGPrsMhtJA4rD9tkgA0F1qJ3gRFRXcHYVkdeaP50Q5rE/jLQ==",
-          "dev": true,
-          "requires": {
-            "kind-of": "^6.0.0"
-          }
-        },
-        "is-descriptor": {
-          "version": "1.0.2",
-          "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-1.0.2.tgz",
-          "integrity": "sha512-2eis5WqQGV7peooDyLmNEPUrps9+SXX5c9pL3xEB+4e9HnGuDa7mB7kHxHw4CbqS9k1T2hOH3miL8n8WtiYVtg==",
-          "dev": true,
-          "requires": {
-            "is-accessor-descriptor": "^1.0.0",
-            "is-data-descriptor": "^1.0.0",
-            "kind-of": "^6.0.2"
-          }
-        },
-        "is-extglob": {
-          "version": "2.1.1",
-          "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
-          "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=",
-          "dev": true
-        },
-        "is-glob": {
-          "version": "3.1.0",
-          "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-3.1.0.tgz",
-          "integrity": "sha1-e6WuJCF4BKxwcHuWkiVnSGzD6Eo=",
-          "dev": true,
-          "requires": {
-            "is-extglob": "^2.1.0"
-          }
-        },
-        "is-number": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/is-number/-/is-number-3.0.0.tgz",
-          "integrity": "sha1-JP1iAaR4LPUFYcgQJ2r8fRLXEZU=",
-          "dev": true,
-          "requires": {
-            "kind-of": "^3.0.2"
-          },
-          "dependencies": {
-            "kind-of": {
-              "version": "3.2.2",
-              "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz",
-              "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=",
-              "dev": true,
-              "requires": {
-                "is-buffer": "^1.1.5"
-              }
-            }
-          }
-        },
-        "isobject": {
-          "version": "3.0.1",
-          "resolved": "https://registry.npmjs.org/isobject/-/isobject-3.0.1.tgz",
-          "integrity": "sha1-TkMekrEalzFjaqH5yNHMvP2reN8=",
-          "dev": true
-        },
-        "kind-of": {
-          "version": "6.0.2",
-          "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz",
-          "integrity": "sha512-s5kLOcnH0XqDO+FvuaLX8DDjZ18CGFk7VygH40QoKPUQhW4e2rvM0rwUq0t8IQDOwYSeLK01U90OjzBTme2QqA==",
-          "dev": true
-        },
-        "micromatch": {
-          "version": "3.1.10",
-          "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-3.1.10.tgz",
-          "integrity": "sha512-MWikgl9n9M3w+bpsY3He8L+w9eF9338xRl8IAO5viDizwSzziFEyUzo2xrrloB64ADbTf8uA8vRqqttDTOmccg==",
-          "dev": true,
-          "requires": {
-            "arr-diff": "^4.0.0",
-            "array-unique": "^0.3.2",
-            "braces": "^2.3.1",
-            "define-property": "^2.0.2",
-            "extend-shallow": "^3.0.2",
-            "extglob": "^2.0.4",
-            "fragment-cache": "^0.2.1",
-            "kind-of": "^6.0.2",
-            "nanomatch": "^1.2.9",
-            "object.pick": "^1.3.0",
-            "regex-not": "^1.0.0",
-            "snapdragon": "^0.8.1",
-            "to-regex": "^3.0.2"
-          }
-        }
-      }
-    },
-    "fined": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/fined/-/fined-1.1.0.tgz",
-      "integrity": "sha1-s33IRLdqL15wgeiE98CuNE8VNHY=",
-      "dev": true,
-      "requires": {
-        "expand-tilde": "^2.0.2",
-        "is-plain-object": "^2.0.3",
-        "object.defaults": "^1.1.0",
-        "object.pick": "^1.2.0",
-        "parse-filepath": "^1.0.1"
-      }
-    },
-    "first-chunk-stream": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/first-chunk-stream/-/first-chunk-stream-1.0.0.tgz",
-      "integrity": "sha1-Wb+1DNkF9g18OUzT2ayqtOatk04=",
-      "dev": true
-    },
-    "flagged-respawn": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/flagged-respawn/-/flagged-respawn-1.0.0.tgz",
-      "integrity": "sha1-Tnmumy6zi/hrO7Vr8+ClaqX8q9c=",
-      "dev": true
-    },
-    "flat-cache": {
-      "version": "1.3.4",
-      "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-1.3.4.tgz",
-      "integrity": "sha512-VwyB3Lkgacfik2vhqR4uv2rvebqmDvFu4jlN/C1RzWoJEo8I7z4Q404oiqYCkq41mni8EzQnm95emU9seckwtg==",
-      "dev": true,
-      "requires": {
-        "circular-json": "^0.3.1",
-        "graceful-fs": "^4.1.2",
-        "rimraf": "~2.6.2",
-        "write": "^0.2.1"
-      }
-    },
-    "follow-redirects": {
-      "version": "1.5.10",
-      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.5.10.tgz",
-      "integrity": "sha512-0V5l4Cizzvqt5D44aTXbFZz+FtyXV1vrDN6qrelxtfYQKW0KO0W2T/hkE8xvGa/540LkZlkaUjO4ailYTFtHVQ==",
-      "dev": true,
-      "requires": {
-        "debug": "=3.1.0"
-      },
-      "dependencies": {
-        "debug": {
-          "version": "3.1.0",
-          "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
-          "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
-          "dev": true,
-          "requires": {
-            "ms": "2.0.0"
+            "ms": "2.0.0"
           }
         }
       }
@@ -4126,6 +4240,15 @@
       "integrity": "sha1-gQaNKVqBQuwKxybG4iAMMPttXoA=",
       "dev": true
     },
+    "for-own": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/for-own/-/for-own-1.0.0.tgz",
+      "integrity": "sha1-xjMy9BXO3EsE2/5wz4NklMU8tEs=",
+      "dev": true,
+      "requires": {
+        "for-in": "^1.0.1"
+      }
+    },
     "forever-agent": {
       "version": "0.6.1",
       "resolved": "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz",
@@ -4140,17 +4263,51 @@
       "dev": true
     },
     "form-data": {
-      "version": "2.1.4",
-      "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.1.4.tgz",
-      "integrity": "sha1-M8GDrPGTJ27KqYFDpp6Uv+4XUNE=",
+      "version": "2.3.3",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.3.3.tgz",
+      "integrity": "sha512-1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ==",
       "dev": true,
       "optional": true,
       "requires": {
         "asynckit": "^0.4.0",
-        "combined-stream": "^1.0.5",
+        "combined-stream": "^1.0.6",
         "mime-types": "^2.1.12"
       }
     },
+    "form-data2": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/form-data2/-/form-data2-1.0.3.tgz",
+      "integrity": "sha1-y6XiNgGmlE2Vq31xEf+Tl6XLKk0=",
+      "dev": true,
+      "requires": {
+        "bluebird": "^2.8.2",
+        "combined-stream2": "^1.0.2",
+        "debug": "^2.1.1",
+        "lodash": "^2.4.1",
+        "mime": "^1.2.11",
+        "uuid": "^2.0.1"
+      },
+      "dependencies": {
+        "lodash": {
+          "version": "2.4.2",
+          "resolved": "https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz",
+          "integrity": "sha1-+t2DS5aDBz2hebPq5tnA0VBT9z4=",
+          "dev": true
+        },
+        "uuid": {
+          "version": "2.0.3",
+          "resolved": "https://registry.npmjs.org/uuid/-/uuid-2.0.3.tgz",
+          "integrity": "sha1-Z+LoY3lyFVMN/zGOW/nc6/1Hsho=",
+          "dev": true
+        }
+      }
+    },
+    "form-fix-array": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/form-fix-array/-/form-fix-array-1.0.0.tgz",
+      "integrity": "sha1-oTR6R+UxF6t7zb8+Lz7JHGZ2m8g=",
+      "dev": true
+    },
     "fragment-cache": {
       "version": "0.2.1",
       "resolved": "https://registry.npmjs.org/fragment-cache/-/fragment-cache-0.2.1.tgz",
@@ -4193,6 +4350,16 @@
         "universalify": "^0.1.0"
       }
     },
+    "fs-mkdirp-stream": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/fs-mkdirp-stream/-/fs-mkdirp-stream-1.0.0.tgz",
+      "integrity": "sha1-C3gV/DIBxqaeFNuYzgmMFpNSWes=",
+      "dev": true,
+      "requires": {
+        "graceful-fs": "^4.1.11",
+        "through2": "^2.0.3"
+      }
+    },
     "fs.realpath": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
@@ -4221,7 +4388,8 @@
           "version": "2.1.1",
           "resolved": false,
           "integrity": "sha1-w7M6te42DYbg5ijwRorn7yfWVN8=",
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "aproba": {
           "version": "1.2.0",
@@ -4245,13 +4413,15 @@
           "version": "1.0.0",
           "resolved": false,
           "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c=",
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "brace-expansion": {
           "version": "1.1.11",
           "resolved": false,
           "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
           "dev": true,
+          "optional": true,
           "requires": {
             "balanced-match": "^1.0.0",
             "concat-map": "0.0.1"
@@ -4268,19 +4438,22 @@
           "version": "1.1.0",
           "resolved": false,
           "integrity": "sha1-DQcLTQQ6W+ozovGkDi7bPZpMz3c=",
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "concat-map": {
           "version": "0.0.1",
           "resolved": false,
           "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=",
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "console-control-strings": {
           "version": "1.1.0",
           "resolved": false,
           "integrity": "sha1-PXz0Rk22RG6mRL9LOVB/mFEAjo4=",
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "core-util-is": {
           "version": "1.0.2",
@@ -4411,7 +4584,8 @@
           "version": "2.0.3",
           "resolved": false,
           "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=",
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "ini": {
           "version": "1.3.5",
@@ -4425,6 +4599,7 @@
           "resolved": false,
           "integrity": "sha1-754xOG8DGn8NZDr4L95QxFfvAMs=",
           "dev": true,
+          "optional": true,
           "requires": {
             "number-is-nan": "^1.0.0"
           }
@@ -4441,6 +4616,7 @@
           "resolved": false,
           "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
           "dev": true,
+          "optional": true,
           "requires": {
             "brace-expansion": "^1.1.7"
           }
@@ -4449,13 +4625,15 @@
           "version": "0.0.8",
           "resolved": false,
           "integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=",
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "minipass": {
           "version": "2.3.5",
           "resolved": false,
           "integrity": "sha512-Gi1W4k059gyRbyVUZQ4mEqLm0YIUiGYfvxhF6SIlk3ui1WVxMTGfGdQ2SInh3PDrRTVvPKgULkpJtT4RH10+VA==",
           "dev": true,
+          "optional": true,
           "requires": {
             "safe-buffer": "^5.1.2",
             "yallist": "^3.0.0"
@@ -4476,6 +4654,7 @@
           "resolved": false,
           "integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=",
           "dev": true,
+          "optional": true,
           "requires": {
             "minimist": "0.0.8"
           }
@@ -4564,7 +4743,8 @@
           "version": "1.0.1",
           "resolved": false,
           "integrity": "sha1-CXtgK1NCKlIsGvuHkDGDNpQaAR0=",
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "object-assign": {
           "version": "4.1.1",
@@ -4578,6 +4758,7 @@
           "resolved": false,
           "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=",
           "dev": true,
+          "optional": true,
           "requires": {
             "wrappy": "1"
           }
@@ -4673,7 +4854,8 @@
           "version": "5.1.2",
           "resolved": false,
           "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==",
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "safer-buffer": {
           "version": "2.1.2",
@@ -4715,6 +4897,7 @@
           "resolved": false,
           "integrity": "sha1-EYvfW4zcUaKn5w0hHgfisLmxB9M=",
           "dev": true,
+          "optional": true,
           "requires": {
             "code-point-at": "^1.0.0",
             "is-fullwidth-code-point": "^1.0.0",
@@ -4736,6 +4919,7 @@
           "resolved": false,
           "integrity": "sha1-ajhfuIU9lS1f8F0Oiq+UJ43GPc8=",
           "dev": true,
+          "optional": true,
           "requires": {
             "ansi-regex": "^2.0.0"
           }
@@ -4784,13 +4968,15 @@
           "version": "1.0.2",
           "resolved": false,
           "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=",
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "yallist": {
           "version": "3.0.3",
           "resolved": false,
           "integrity": "sha512-S+Zk8DEWE6oKpV+vI3qWkaK+jSbIK86pCwe2IF/xwIpQ8jEuxpw9NyaGjmp9+BoJv5FV2piqCDcoCtStppiq2A==",
-          "dev": true
+          "dev": true,
+          "optional": true
         }
       }
     },
@@ -4806,15 +4992,6 @@
       "integrity": "sha1-GwqzvVU7Kg1jmdKcDj6gslIHgyc=",
       "dev": true
     },
-    "gaze": {
-      "version": "0.5.2",
-      "resolved": "https://registry.npmjs.org/gaze/-/gaze-0.5.2.tgz",
-      "integrity": "sha1-QLcJU30k0dRXZ9takIaJ3+aaxE8=",
-      "dev": true,
-      "requires": {
-        "globule": "~0.1.0"
-      }
-    },
     "get-caller-file": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-1.0.2.tgz",
@@ -4826,6 +5003,7 @@
       "resolved": "https://registry.npmjs.org/get-proxy/-/get-proxy-2.1.0.tgz",
       "integrity": "sha512-zmZIaQTWnNQb4R4fJUEp/FC51eZsc6EkErspy3xtIYStaq8EB/hDIWipxsal+E8rz0qD7f2sL/NA9Xee4RInJw==",
       "dev": true,
+      "optional": true,
       "requires": {
         "npm-conf": "^1.1.0"
       }
@@ -4856,21 +5034,12 @@
       "optional": true,
       "requires": {
         "assert-plus": "^1.0.0"
-      },
-      "dependencies": {
-        "assert-plus": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
-          "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU=",
-          "dev": true,
-          "optional": true
-        }
       }
     },
     "gh-pages": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/gh-pages/-/gh-pages-2.0.1.tgz",
-      "integrity": "sha512-uFlk3bukljeiWKQ2XvPfjcSi/ou7IfoDf2p+Fj672saLAr8bnOdFVqI/JSgrSgInKpCg5BksxEwGUl++dbg8Dg==",
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/gh-pages/-/gh-pages-2.1.1.tgz",
+      "integrity": "sha512-yNW2SFp9xGRP/8Sk2WXuLI/Gn92oOL4HBgudn6PsqAnuWT90Y1tozJoTfX1WdrDSW5Rb90kLVOf5mm9KJ/2fDw==",
       "dev": true,
       "requires": {
         "async": "^2.6.1",
@@ -4884,12 +5053,12 @@
       },
       "dependencies": {
         "async": {
-          "version": "2.6.2",
-          "resolved": "https://registry.npmjs.org/async/-/async-2.6.2.tgz",
-          "integrity": "sha512-H1qVYh1MYhEEFLsP97cVKqCGo7KfCyTt6uEWqsTBr9SO84oK9Uwbyd/yCW+6rKJLHksBNUVWZDAjfS+Ccx0Bbg==",
+          "version": "2.6.3",
+          "resolved": "https://registry.npmjs.org/async/-/async-2.6.3.tgz",
+          "integrity": "sha512-zflvls11DCy+dQWzTW2dzuilv8Z5X/pjfmZOWba6TNIVDm+2UDaJmXSOXlasHKfNBs8oo3M0aT50fDEWfKZjXg==",
           "dev": true,
           "requires": {
-            "lodash": "^4.17.11"
+            "lodash": "^4.17.14"
           }
         },
         "commander": {
@@ -4909,20 +5078,6 @@
             "universalify": "^0.1.0"
           }
         },
-        "glob": {
-          "version": "7.1.4",
-          "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.4.tgz",
-          "integrity": "sha512-hkLPepehmnKk41pUGm3sYxoFs/umurYfYJCerbXEyFIWcAzvpipAgVkBqqT9RBKMGjnq6kMuyYwha6csxbiM1A==",
-          "dev": true,
-          "requires": {
-            "fs.realpath": "^1.0.0",
-            "inflight": "^1.0.4",
-            "inherits": "2",
-            "minimatch": "^3.0.4",
-            "once": "^1.3.0",
-            "path-is-absolute": "^1.0.0"
-          }
-        },
         "globby": {
           "version": "6.1.0",
           "resolved": "https://registry.npmjs.org/globby/-/globby-6.1.0.tgz",
@@ -5549,98 +5704,35 @@
       }
     },
     "glob-stream": {
-      "version": "3.1.18",
-      "resolved": "https://registry.npmjs.org/glob-stream/-/glob-stream-3.1.18.tgz",
-      "integrity": "sha1-kXCl8St5Awb9/lmPMT+PeVT9FDs=",
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/glob-stream/-/glob-stream-6.1.0.tgz",
+      "integrity": "sha1-cEXJlBOz65SIjYOrRtC0BMx73eQ=",
       "dev": true,
       "requires": {
-        "glob": "^4.3.1",
-        "glob2base": "^0.0.12",
-        "minimatch": "^2.0.1",
-        "ordered-read-streams": "^0.1.0",
-        "through2": "^0.6.1",
-        "unique-stream": "^1.0.0"
-      },
-      "dependencies": {
-        "glob": {
-          "version": "4.5.3",
-          "resolved": "https://registry.npmjs.org/glob/-/glob-4.5.3.tgz",
-          "integrity": "sha1-xstz0yJsHv7wTePFbQEvAzd+4V8=",
-          "dev": true,
-          "requires": {
-            "inflight": "^1.0.4",
-            "inherits": "2",
-            "minimatch": "^2.0.1",
-            "once": "^1.3.0"
-          }
-        },
-        "isarray": {
-          "version": "0.0.1",
-          "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz",
-          "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8=",
-          "dev": true
-        },
-        "minimatch": {
-          "version": "2.0.10",
-          "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-2.0.10.tgz",
-          "integrity": "sha1-jQh8OcazjAAbl/ynzm0OHoCvusc=",
-          "dev": true,
-          "requires": {
-            "brace-expansion": "^1.0.0"
-          }
-        },
-        "readable-stream": {
-          "version": "1.0.34",
-          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.0.34.tgz",
-          "integrity": "sha1-Elgg40vIQtLyqq+v5MKRbuMsFXw=",
-          "dev": true,
-          "requires": {
-            "core-util-is": "~1.0.0",
-            "inherits": "~2.0.1",
-            "isarray": "0.0.1",
-            "string_decoder": "~0.10.x"
-          }
-        },
-        "string_decoder": {
-          "version": "0.10.31",
-          "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz",
-          "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ=",
-          "dev": true
-        },
-        "through2": {
-          "version": "0.6.5",
-          "resolved": "https://registry.npmjs.org/through2/-/through2-0.6.5.tgz",
-          "integrity": "sha1-QaucZ7KdVyCQcUEOHXp6lozTrUg=",
-          "dev": true,
-          "requires": {
-            "readable-stream": ">=1.0.33-1 <1.1.0-0",
-            "xtend": ">=4.0.0 <4.1.0-0"
-          }
-        }
+        "extend": "^3.0.0",
+        "glob": "^7.1.1",
+        "glob-parent": "^3.1.0",
+        "is-negated-glob": "^1.0.0",
+        "ordered-read-streams": "^1.0.0",
+        "pumpify": "^1.3.5",
+        "readable-stream": "^2.1.5",
+        "remove-trailing-separator": "^1.0.1",
+        "to-absolute-glob": "^2.0.0",
+        "unique-stream": "^2.0.2"
       }
     },
-    "glob-to-regexp": {
-      "version": "0.3.0",
-      "resolved": "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.3.0.tgz",
-      "integrity": "sha1-jFoUlNIGbFcMw7/kSWF1rMTVAqs=",
-      "dev": true
-    },
     "glob-watcher": {
-      "version": "0.0.6",
-      "resolved": "https://registry.npmjs.org/glob-watcher/-/glob-watcher-0.0.6.tgz",
-      "integrity": "sha1-uVtKjfdLOcgymLDAXJeLTZo7cQs=",
-      "dev": true,
-      "requires": {
-        "gaze": "^0.5.1"
-      }
-    },
-    "glob2base": {
-      "version": "0.0.12",
-      "resolved": "https://registry.npmjs.org/glob2base/-/glob2base-0.0.12.tgz",
-      "integrity": "sha1-nUGbPijxLoOjYhZKJ3BVkiycDVY=",
+      "version": "5.0.3",
+      "resolved": "https://registry.npmjs.org/glob-watcher/-/glob-watcher-5.0.3.tgz",
+      "integrity": "sha512-8tWsULNEPHKQ2MR4zXuzSmqbdyV5PtwwCaWSGQ1WwHsJ07ilNeN1JB8ntxhckbnpSHaf9dXFUHzIWvm1I13dsg==",
       "dev": true,
       "requires": {
-        "find-index": "^0.1.1"
+        "anymatch": "^2.0.0",
+        "async-done": "^1.2.0",
+        "chokidar": "^2.0.0",
+        "is-negated-glob": "^1.0.0",
+        "just-debounce": "^1.0.0",
+        "object.defaults": "^1.1.0"
       }
     },
     "global-modules": {
@@ -5674,96 +5766,33 @@
       "dev": true
     },
     "globby": {
-      "version": "6.1.0",
-      "resolved": "https://registry.npmjs.org/globby/-/globby-6.1.0.tgz",
-      "integrity": "sha1-9abXDoOV4hyFj7BInWTfAkJNUGw=",
-      "dev": true,
-      "requires": {
-        "array-union": "^1.0.1",
-        "glob": "^7.0.3",
-        "object-assign": "^4.0.1",
-        "pify": "^2.0.0",
-        "pinkie-promise": "^2.0.0"
-      },
-      "dependencies": {
-        "glob": {
-          "version": "7.1.4",
-          "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.4.tgz",
-          "integrity": "sha512-hkLPepehmnKk41pUGm3sYxoFs/umurYfYJCerbXEyFIWcAzvpipAgVkBqqT9RBKMGjnq6kMuyYwha6csxbiM1A==",
-          "dev": true,
-          "requires": {
-            "fs.realpath": "^1.0.0",
-            "inflight": "^1.0.4",
-            "inherits": "2",
-            "minimatch": "^3.0.4",
-            "once": "^1.3.0",
-            "path-is-absolute": "^1.0.0"
-          }
-        }
-      }
-    },
-    "globule": {
-      "version": "0.1.0",
-      "resolved": "https://registry.npmjs.org/globule/-/globule-0.1.0.tgz",
-      "integrity": "sha1-2cjt3h2nnRJaFRt5UzuXhnY0auU=",
+      "version": "10.0.1",
+      "resolved": "https://registry.npmjs.org/globby/-/globby-10.0.1.tgz",
+      "integrity": "sha512-sSs4inE1FB2YQiymcmTv6NWENryABjUNPeWhOvmn4SjtKybglsyPZxFB3U1/+L1bYi0rNZDqCLlHyLYDl1Pq5A==",
       "dev": true,
       "requires": {
-        "glob": "~3.1.21",
-        "lodash": "~1.0.1",
-        "minimatch": "~0.2.11"
+        "@types/glob": "^7.1.1",
+        "array-union": "^2.1.0",
+        "dir-glob": "^3.0.1",
+        "fast-glob": "^3.0.3",
+        "glob": "^7.1.3",
+        "ignore": "^5.1.1",
+        "merge2": "^1.2.3",
+        "slash": "^3.0.0"
       },
       "dependencies": {
-        "glob": {
-          "version": "3.1.21",
-          "resolved": "https://registry.npmjs.org/glob/-/glob-3.1.21.tgz",
-          "integrity": "sha1-0p4KBV3qUTj00H7UDomC6DwgZs0=",
-          "dev": true,
-          "requires": {
-            "graceful-fs": "~1.2.0",
-            "inherits": "1",
-            "minimatch": "~0.2.11"
-          }
-        },
-        "graceful-fs": {
-          "version": "1.2.3",
-          "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-1.2.3.tgz",
-          "integrity": "sha1-FaSAaldUfLLS2/J/QuiajDRRs2Q=",
-          "dev": true
-        },
-        "inherits": {
-          "version": "1.0.2",
-          "resolved": "https://registry.npmjs.org/inherits/-/inherits-1.0.2.tgz",
-          "integrity": "sha1-ykMJ2t7mtUzAuNJH6NfHoJdb3Js=",
-          "dev": true
-        },
-        "lodash": {
-          "version": "1.0.2",
-          "resolved": "https://registry.npmjs.org/lodash/-/lodash-1.0.2.tgz",
-          "integrity": "sha1-j1dWDIO1n8JwvT1WG2kAQ0MOJVE=",
-          "dev": true
-        },
-        "lru-cache": {
-          "version": "2.7.3",
-          "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-2.7.3.tgz",
-          "integrity": "sha1-bUUk6LlV+V1PW1iFHOId1y+06VI=",
+        "array-union": {
+          "version": "2.1.0",
+          "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz",
+          "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==",
           "dev": true
-        },
-        "minimatch": {
-          "version": "0.2.14",
-          "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-0.2.14.tgz",
-          "integrity": "sha1-x054BXT2PG+aCQ6Q775u9TpqdWo=",
-          "dev": true,
-          "requires": {
-            "lru-cache": "2",
-            "sigmund": "~1.0.0"
-          }
         }
       }
     },
     "glogg": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/glogg/-/glogg-1.0.1.tgz",
-      "integrity": "sha512-ynYqXLoluBKf9XGR1gA59yEJisIL7YHEH4xr3ZziHB5/yl4qWfaK8Js9jGe6gBGCSCKVqiyO30WnRZADvemUNw==",
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/glogg/-/glogg-1.0.2.tgz",
+      "integrity": "sha512-5mwUoSuBk44Y4EshyiqcH95ZntbDdTQqA3QYSrxmzj28Ai0vXBGMH1ApSANH14j2sIRtqCEyg6PfsuP7ElOEDA==",
       "dev": true,
       "requires": {
         "sparkles": "^1.0.0"
@@ -5805,44 +5834,85 @@
       "dev": true
     },
     "gulp": {
-      "version": "3.9.1",
-      "resolved": "https://registry.npmjs.org/gulp/-/gulp-3.9.1.tgz",
-      "integrity": "sha1-VxzkWSjdQK9lFPxAEYZgFsE4RbQ=",
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/gulp/-/gulp-4.0.2.tgz",
+      "integrity": "sha512-dvEs27SCZt2ibF29xYgmnwwCYZxdxhQ/+LFWlbAW8y7jt68L/65402Lz3+CKy0Ov4rOs+NERmDq7YlZaDqUIfA==",
       "dev": true,
       "requires": {
-        "archy": "^1.0.0",
-        "chalk": "^1.0.0",
-        "deprecated": "^0.0.1",
-        "gulp-util": "^3.0.0",
-        "interpret": "^1.0.0",
-        "liftoff": "^2.1.0",
-        "minimist": "^1.1.0",
-        "orchestrator": "^0.3.0",
-        "pretty-hrtime": "^1.0.0",
-        "semver": "^4.1.0",
-        "tildify": "^1.0.0",
-        "v8flags": "^2.0.2",
-        "vinyl-fs": "^0.3.0"
+        "glob-watcher": "^5.0.3",
+        "gulp-cli": "^2.2.0",
+        "undertaker": "^1.2.1",
+        "vinyl-fs": "^3.0.0"
       },
       "dependencies": {
-        "semver": {
-          "version": "4.3.6",
-          "resolved": "https://registry.npmjs.org/semver/-/semver-4.3.6.tgz",
-          "integrity": "sha1-MAvG4OhjdPe6YQaLWx7NV/xlMto=",
-          "dev": true
+        "gulp-cli": {
+          "version": "2.2.0",
+          "resolved": "https://registry.npmjs.org/gulp-cli/-/gulp-cli-2.2.0.tgz",
+          "integrity": "sha512-rGs3bVYHdyJpLqR0TUBnlcZ1O5O++Zs4bA0ajm+zr3WFCfiSLjGwoCBqFs18wzN+ZxahT9DkOK5nDf26iDsWjA==",
+          "dev": true,
+          "requires": {
+            "ansi-colors": "^1.0.1",
+            "archy": "^1.0.0",
+            "array-sort": "^1.0.0",
+            "color-support": "^1.1.3",
+            "concat-stream": "^1.6.0",
+            "copy-props": "^2.0.1",
+            "fancy-log": "^1.3.2",
+            "gulplog": "^1.0.0",
+            "interpret": "^1.1.0",
+            "isobject": "^3.0.1",
+            "liftoff": "^3.1.0",
+            "matchdep": "^2.0.0",
+            "mute-stdout": "^1.0.0",
+            "pretty-hrtime": "^1.0.0",
+            "replace-homedir": "^1.0.0",
+            "semver-greatest-satisfied-range": "^1.1.0",
+            "v8flags": "^3.0.1",
+            "yargs": "^7.1.0"
+          }
+        },
+        "yargs": {
+          "version": "7.1.0",
+          "resolved": "https://registry.npmjs.org/yargs/-/yargs-7.1.0.tgz",
+          "integrity": "sha1-a6MY6xaWFyf10oT46gA+jWFU0Mg=",
+          "dev": true,
+          "requires": {
+            "camelcase": "^3.0.0",
+            "cliui": "^3.2.0",
+            "decamelize": "^1.1.1",
+            "get-caller-file": "^1.0.1",
+            "os-locale": "^1.4.0",
+            "read-pkg-up": "^1.0.1",
+            "require-directory": "^2.1.1",
+            "require-main-filename": "^1.0.1",
+            "set-blocking": "^2.0.0",
+            "string-width": "^1.0.2",
+            "which-module": "^1.0.0",
+            "y18n": "^3.2.1",
+            "yargs-parser": "^5.0.0"
+          }
+        },
+        "yargs-parser": {
+          "version": "5.0.0",
+          "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-5.0.0.tgz",
+          "integrity": "sha1-J17PDX/+Bcd+ZOfIbkzZS/DhIoo=",
+          "dev": true,
+          "requires": {
+            "camelcase": "^3.0.0"
+          }
         }
       }
     },
     "gulp-autoprefixer": {
-      "version": "6.1.0",
-      "resolved": "https://registry.npmjs.org/gulp-autoprefixer/-/gulp-autoprefixer-6.1.0.tgz",
-      "integrity": "sha512-Ti/BUFe+ekhbDJfspZIMiOsOvw51KhI9EncsDfK7NaxjqRm+v4xS9v99kPxEoiDavpWqQWvG8Y6xT1mMlB3aXA==",
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/gulp-autoprefixer/-/gulp-autoprefixer-7.0.0.tgz",
+      "integrity": "sha512-ZGMA/9iPF7kfZIVhznd3eylivBcyLCgcV32cWtvM7j2IjEQzoRg1XaKgCeO5ytutq8XW3Rip+iM4EsVbNshoZw==",
       "dev": true,
       "requires": {
-        "autoprefixer": "^9.5.1",
+        "autoprefixer": "^9.6.1",
         "fancy-log": "^1.3.2",
         "plugin-error": "^1.0.1",
-        "postcss": "^7.0.2",
+        "postcss": "^7.0.17",
         "through2": "^3.0.1",
         "vinyl-sourcemaps-apply": "^0.2.1"
       },
@@ -5942,32 +6012,43 @@
       }
     },
     "gulp-if": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/gulp-if/-/gulp-if-2.0.2.tgz",
-      "integrity": "sha1-pJe351cwBQQcqivIt92jyARE1ik=",
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/gulp-if/-/gulp-if-3.0.0.tgz",
+      "integrity": "sha512-fCUEngzNiEZEK2YuPm+sdMpO6ukb8+/qzbGfJBXyNOXz85bCG7yBI+pPSl+N90d7gnLvMsarthsAImx0qy7BAw==",
       "dev": true,
       "requires": {
-        "gulp-match": "^1.0.3",
-        "ternary-stream": "^2.0.1",
-        "through2": "^2.0.1"
+        "gulp-match": "^1.1.0",
+        "ternary-stream": "^3.0.0",
+        "through2": "^3.0.1"
+      },
+      "dependencies": {
+        "through2": {
+          "version": "3.0.1",
+          "resolved": "https://registry.npmjs.org/through2/-/through2-3.0.1.tgz",
+          "integrity": "sha512-M96dvTalPT3YbYLaKaCuwu+j06D/8Jfib0o/PxbVt6Amhv3dUAtW6rTV1jPgJSBG83I/e04Y6xkVdVhSRhi0ww==",
+          "dev": true,
+          "requires": {
+            "readable-stream": "2 || 3"
+          }
+        }
       }
     },
     "gulp-imagemin": {
-      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/gulp-imagemin/-/gulp-imagemin-6.0.0.tgz",
-      "integrity": "sha512-gLTncXROP0UVFE/GXSpfXcotRl0o+7W/Hjuoz9FaHwasdD6K18VTNJjuA8Ks/w3fNwxo6aWRJGYM22mqFoemvw==",
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/gulp-imagemin/-/gulp-imagemin-6.1.0.tgz",
+      "integrity": "sha512-0TPkak5BsiRfw+kfcKwIcODbOHHcTyvBM9arlRSwXdUVzrGAcq/7urZoOQD5n4uWvKhjg+l9/yn1GDZsDuWUow==",
       "dev": true,
       "requires": {
         "chalk": "^2.4.1",
         "fancy-log": "^1.3.2",
-        "imagemin": "^6.1.0",
+        "imagemin": "^7.0.0",
         "imagemin-gifsicle": "^6.0.1",
         "imagemin-jpegtran": "^6.0.0",
-        "imagemin-optipng": "^6.0.0",
+        "imagemin-optipng": "^7.0.0",
         "imagemin-svgo": "^7.0.0",
         "plugin-error": "^1.0.1",
         "plur": "^3.0.1",
-        "pretty-bytes": "^5.1.0",
+        "pretty-bytes": "^5.3.0",
         "through2-concurrent": "^2.0.0"
       },
       "dependencies": {
@@ -6003,13 +6084,13 @@
       }
     },
     "gulp-less": {
-      "version": "3.5.0",
-      "resolved": "https://registry.npmjs.org/gulp-less/-/gulp-less-3.5.0.tgz",
-      "integrity": "sha512-FQLY7unaHdTOXG0jlwxeBQcWoPPrTMQZRA7HfYwSNi9IPVx5l7GJEN72mG4ri2yigp/f/VNGUAJnFMJHBmH3iw==",
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/gulp-less/-/gulp-less-4.0.1.tgz",
+      "integrity": "sha512-hmM2k0FfQp7Ptm3ZaqO2CkMX3hqpiIOn4OHtuSsCeFym63F7oWlEua5v6u1cIjVUKYsVIs9zPg9vbqTEb/udpA==",
       "dev": true,
       "requires": {
-        "accord": "^0.28.0",
-        "less": "2.6.x || ^2.7.1",
+        "accord": "^0.29.0",
+        "less": "2.6.x || ^3.7.1",
         "object-assign": "^4.0.1",
         "plugin-error": "^0.1.2",
         "replace-ext": "^1.0.0",
@@ -6066,351 +6147,100 @@
             "arr-union": "^2.0.1",
             "extend-shallow": "^1.1.2"
           }
-        },
-        "replace-ext": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/replace-ext/-/replace-ext-1.0.0.tgz",
-          "integrity": "sha1-3mMSg3P8v3w8z6TeWkgMRaZ5WOs=",
-          "dev": true
         }
       }
     },
     "gulp-load-plugins": {
-      "version": "1.6.0",
-      "resolved": "https://registry.npmjs.org/gulp-load-plugins/-/gulp-load-plugins-1.6.0.tgz",
-      "integrity": "sha512-HlCODki0WHJvQIgAsJYOTkyo0c7TsDCetvfhrdGz9JYPL6A4mFRMGmKfoi6JmXjA/vvzg+fkT91c9FBh7rnkyg==",
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/gulp-load-plugins/-/gulp-load-plugins-2.0.1.tgz",
+      "integrity": "sha512-WTYIvfEg3j9dRUUkLSE0+MIliU2Jvvc3J7f7fb66ifqSEPS/Ki2xwGfcl68dJN8b+ZGl+9CE3sOl4hfiLmcUIQ==",
       "dev": true,
       "requires": {
-        "array-unique": "^0.2.1",
+        "array-unique": "^0.3.2",
         "fancy-log": "^1.2.0",
-        "findup-sync": "^3.0.0",
+        "findup-sync": "^4.0.0",
         "gulplog": "^1.0.0",
         "has-gulplog": "^0.1.0",
-        "micromatch": "^3.1.10",
-        "resolve": "^1.1.7"
+        "micromatch": "^4.0.2",
+        "resolve": "^1.12.0"
       },
       "dependencies": {
-        "arr-diff": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/arr-diff/-/arr-diff-4.0.0.tgz",
-          "integrity": "sha1-1kYQdP6/7HHn4VI1dhoyml3HxSA=",
-          "dev": true
-        },
         "braces": {
-          "version": "2.3.2",
-          "resolved": "https://registry.npmjs.org/braces/-/braces-2.3.2.tgz",
-          "integrity": "sha512-aNdbnj9P8PjdXU4ybaWLK2IF3jc/EoDYbC7AazW6to3TRsfXxscC9UXOB5iDiEQrkyIbWp2SLQda4+QAa7nc3w==",
-          "dev": true,
-          "requires": {
-            "arr-flatten": "^1.1.0",
-            "array-unique": "^0.3.2",
-            "extend-shallow": "^2.0.1",
-            "fill-range": "^4.0.0",
-            "isobject": "^3.0.1",
-            "repeat-element": "^1.1.2",
-            "snapdragon": "^0.8.1",
-            "snapdragon-node": "^2.0.1",
-            "split-string": "^3.0.2",
-            "to-regex": "^3.0.1"
-          },
-          "dependencies": {
-            "array-unique": {
-              "version": "0.3.2",
-              "resolved": "https://registry.npmjs.org/array-unique/-/array-unique-0.3.2.tgz",
-              "integrity": "sha1-qJS3XUvE9s1nnvMkSp/Y9Gri1Cg=",
-              "dev": true
-            },
-            "extend-shallow": {
-              "version": "2.0.1",
-              "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz",
-              "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=",
-              "dev": true,
-              "requires": {
-                "is-extendable": "^0.1.0"
-              }
-            }
-          }
-        },
-        "expand-brackets": {
-          "version": "2.1.4",
-          "resolved": "https://registry.npmjs.org/expand-brackets/-/expand-brackets-2.1.4.tgz",
-          "integrity": "sha1-t3c14xXOMPa27/D4OwQVGiJEliI=",
-          "dev": true,
-          "requires": {
-            "debug": "^2.3.3",
-            "define-property": "^0.2.5",
-            "extend-shallow": "^2.0.1",
-            "posix-character-classes": "^0.1.0",
-            "regex-not": "^1.0.0",
-            "snapdragon": "^0.8.1",
-            "to-regex": "^3.0.1"
-          },
-          "dependencies": {
-            "define-property": {
-              "version": "0.2.5",
-              "resolved": "https://registry.npmjs.org/define-property/-/define-property-0.2.5.tgz",
-              "integrity": "sha1-w1se+RjsPJkPmlvFe+BKrOxcgRY=",
-              "dev": true,
-              "requires": {
-                "is-descriptor": "^0.1.0"
-              }
-            },
-            "extend-shallow": {
-              "version": "2.0.1",
-              "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz",
-              "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=",
-              "dev": true,
-              "requires": {
-                "is-extendable": "^0.1.0"
-              }
-            },
-            "is-accessor-descriptor": {
-              "version": "0.1.6",
-              "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-0.1.6.tgz",
-              "integrity": "sha1-qeEss66Nh2cn7u84Q/igiXtcmNY=",
-              "dev": true,
-              "requires": {
-                "kind-of": "^3.0.2"
-              },
-              "dependencies": {
-                "kind-of": {
-                  "version": "3.2.2",
-                  "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz",
-                  "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=",
-                  "dev": true,
-                  "requires": {
-                    "is-buffer": "^1.1.5"
-                  }
-                }
-              }
-            },
-            "is-data-descriptor": {
-              "version": "0.1.4",
-              "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-0.1.4.tgz",
-              "integrity": "sha1-C17mSDiOLIYCgueT8YVv7D8wG1Y=",
-              "dev": true,
-              "requires": {
-                "kind-of": "^3.0.2"
-              },
-              "dependencies": {
-                "kind-of": {
-                  "version": "3.2.2",
-                  "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz",
-                  "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=",
-                  "dev": true,
-                  "requires": {
-                    "is-buffer": "^1.1.5"
-                  }
-                }
-              }
-            },
-            "is-descriptor": {
-              "version": "0.1.6",
-              "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-0.1.6.tgz",
-              "integrity": "sha512-avDYr0SB3DwO9zsMov0gKCESFYqCnE4hq/4z3TdUlukEy5t9C0YRq7HLrsN52NAcqXKaepeCD0n+B0arnVG3Hg==",
-              "dev": true,
-              "requires": {
-                "is-accessor-descriptor": "^0.1.6",
-                "is-data-descriptor": "^0.1.4",
-                "kind-of": "^5.0.0"
-              }
-            },
-            "kind-of": {
-              "version": "5.1.0",
-              "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz",
-              "integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==",
-              "dev": true
-            }
-          }
-        },
-        "extglob": {
-          "version": "2.0.4",
-          "resolved": "https://registry.npmjs.org/extglob/-/extglob-2.0.4.tgz",
-          "integrity": "sha512-Nmb6QXkELsuBr24CJSkilo6UHHgbekK5UiZgfE6UHD3Eb27YC6oD+bhcT+tJ6cl8dmsgdQxnWlcry8ksBIBLpw==",
-          "dev": true,
-          "requires": {
-            "array-unique": "^0.3.2",
-            "define-property": "^1.0.0",
-            "expand-brackets": "^2.1.4",
-            "extend-shallow": "^2.0.1",
-            "fragment-cache": "^0.2.1",
-            "regex-not": "^1.0.0",
-            "snapdragon": "^0.8.1",
-            "to-regex": "^3.0.1"
-          },
-          "dependencies": {
-            "array-unique": {
-              "version": "0.3.2",
-              "resolved": "https://registry.npmjs.org/array-unique/-/array-unique-0.3.2.tgz",
-              "integrity": "sha1-qJS3XUvE9s1nnvMkSp/Y9Gri1Cg=",
-              "dev": true
-            },
-            "define-property": {
-              "version": "1.0.0",
-              "resolved": "https://registry.npmjs.org/define-property/-/define-property-1.0.0.tgz",
-              "integrity": "sha1-dp66rz9KY6rTr56NMEybvnm/sOY=",
-              "dev": true,
-              "requires": {
-                "is-descriptor": "^1.0.0"
-              }
-            },
-            "extend-shallow": {
-              "version": "2.0.1",
-              "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz",
-              "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=",
-              "dev": true,
-              "requires": {
-                "is-extendable": "^0.1.0"
-              }
-            }
-          }
-        },
-        "fill-range": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-4.0.0.tgz",
-          "integrity": "sha1-1USBHUKPmOsGpj3EAtJAPDKMOPc=",
-          "dev": true,
-          "requires": {
-            "extend-shallow": "^2.0.1",
-            "is-number": "^3.0.0",
-            "repeat-string": "^1.6.1",
-            "to-regex-range": "^2.1.0"
-          },
-          "dependencies": {
-            "extend-shallow": {
-              "version": "2.0.1",
-              "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz",
-              "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=",
-              "dev": true,
-              "requires": {
-                "is-extendable": "^0.1.0"
-              }
-            }
-          }
-        },
-        "findup-sync": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/findup-sync/-/findup-sync-3.0.0.tgz",
-          "integrity": "sha512-YbffarhcicEhOrm4CtrwdKBdCuz576RLdhJDsIfvNtxUuhdRet1qZcsMjqbePtAseKdAnDyM/IyXbu7PRPRLYg==",
+          "version": "3.0.2",
+          "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
+          "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
           "dev": true,
           "requires": {
-            "detect-file": "^1.0.0",
-            "is-glob": "^4.0.0",
-            "micromatch": "^3.0.4",
-            "resolve-dir": "^1.0.1"
+            "fill-range": "^7.0.1"
           }
         },
-        "is-accessor-descriptor": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/is-accessor-descriptor/-/is-accessor-descriptor-1.0.0.tgz",
-          "integrity": "sha512-m5hnHTkcVsPfqx3AKlyttIPb7J+XykHvJP2B9bZDjlhLIoEq4XoK64Vg7boZlVWYK6LUY94dYPEE7Lh0ZkZKcQ==",
+        "fill-range": {
+          "version": "7.0.1",
+          "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
+          "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
           "dev": true,
           "requires": {
-            "kind-of": "^6.0.0"
+            "to-regex-range": "^5.0.1"
           }
         },
-        "is-data-descriptor": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/is-data-descriptor/-/is-data-descriptor-1.0.0.tgz",
-          "integrity": "sha512-jbRXy1FmtAoCjQkVmIVYwuuqDFUbaOeDjmed1tOGPrsMhtJA4rD9tkgA0F1qJ3gRFRXcHYVkdeaP50Q5rE/jLQ==",
+        "findup-sync": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/findup-sync/-/findup-sync-4.0.0.tgz",
+          "integrity": "sha512-6jvvn/12IC4quLBL1KNokxC7wWTvYncaVUYSoxWw7YykPLuRrnv4qdHcSOywOI5RpkOVGeQRtWM8/q+G6W6qfQ==",
           "dev": true,
           "requires": {
-            "kind-of": "^6.0.0"
+            "detect-file": "^1.0.0",
+            "is-glob": "^4.0.0",
+            "micromatch": "^4.0.2",
+            "resolve-dir": "^1.0.1"
           }
         },
-        "is-descriptor": {
-          "version": "1.0.2",
-          "resolved": "https://registry.npmjs.org/is-descriptor/-/is-descriptor-1.0.2.tgz",
-          "integrity": "sha512-2eis5WqQGV7peooDyLmNEPUrps9+SXX5c9pL3xEB+4e9HnGuDa7mB7kHxHw4CbqS9k1T2hOH3miL8n8WtiYVtg==",
+        "is-number": {
+          "version": "7.0.0",
+          "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
+          "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
+          "dev": true
+        },
+        "micromatch": {
+          "version": "4.0.2",
+          "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.2.tgz",
+          "integrity": "sha512-y7FpHSbMUMoyPbYUSzO6PaZ6FyRnQOpHuKwbo1G+Knck95XVU4QAiKdGEnj5wwoS7PlOgthX/09u5iFJ+aYf5Q==",
           "dev": true,
           "requires": {
-            "is-accessor-descriptor": "^1.0.0",
-            "is-data-descriptor": "^1.0.0",
-            "kind-of": "^6.0.2"
+            "braces": "^3.0.1",
+            "picomatch": "^2.0.5"
           }
         },
-        "is-extglob": {
-          "version": "2.1.1",
-          "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
-          "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=",
+        "path-parse": {
+          "version": "1.0.6",
+          "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz",
+          "integrity": "sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw==",
           "dev": true
         },
-        "is-glob": {
-          "version": "4.0.1",
-          "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.1.tgz",
-          "integrity": "sha512-5G0tKtBTFImOqDnLB2hG6Bp2qcKEFduo4tZu9MT/H6NQv/ghhy30o55ufafxJ/LdH79LLs2Kfrn85TLKyA7BUg==",
+        "resolve": {
+          "version": "1.12.0",
+          "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.12.0.tgz",
+          "integrity": "sha512-B/dOmuoAik5bKcD6s6nXDCjzUKnaDvdkRyAk6rsmsKLipWj4797iothd7jmmUhWTfinVMU+wc56rYKsit2Qy4w==",
           "dev": true,
           "requires": {
-            "is-extglob": "^2.1.1"
+            "path-parse": "^1.0.6"
           }
         },
-        "is-number": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/is-number/-/is-number-3.0.0.tgz",
-          "integrity": "sha1-JP1iAaR4LPUFYcgQJ2r8fRLXEZU=",
+        "to-regex-range": {
+          "version": "5.0.1",
+          "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
+          "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
           "dev": true,
           "requires": {
-            "kind-of": "^3.0.2"
-          },
-          "dependencies": {
-            "kind-of": {
-              "version": "3.2.2",
-              "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz",
-              "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=",
-              "dev": true,
-              "requires": {
-                "is-buffer": "^1.1.5"
-              }
-            }
-          }
-        },
-        "isobject": {
-          "version": "3.0.1",
-          "resolved": "https://registry.npmjs.org/isobject/-/isobject-3.0.1.tgz",
-          "integrity": "sha1-TkMekrEalzFjaqH5yNHMvP2reN8=",
-          "dev": true
-        },
-        "kind-of": {
-          "version": "6.0.2",
-          "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz",
-          "integrity": "sha512-s5kLOcnH0XqDO+FvuaLX8DDjZ18CGFk7VygH40QoKPUQhW4e2rvM0rwUq0t8IQDOwYSeLK01U90OjzBTme2QqA==",
-          "dev": true
-        },
-        "micromatch": {
-          "version": "3.1.10",
-          "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-3.1.10.tgz",
-          "integrity": "sha512-MWikgl9n9M3w+bpsY3He8L+w9eF9338xRl8IAO5viDizwSzziFEyUzo2xrrloB64ADbTf8uA8vRqqttDTOmccg==",
-          "dev": true,
-          "requires": {
-            "arr-diff": "^4.0.0",
-            "array-unique": "^0.3.2",
-            "braces": "^2.3.1",
-            "define-property": "^2.0.2",
-            "extend-shallow": "^3.0.2",
-            "extglob": "^2.0.4",
-            "fragment-cache": "^0.2.1",
-            "kind-of": "^6.0.2",
-            "nanomatch": "^1.2.9",
-            "object.pick": "^1.3.0",
-            "regex-not": "^1.0.0",
-            "snapdragon": "^0.8.1",
-            "to-regex": "^3.0.2"
-          },
-          "dependencies": {
-            "array-unique": {
-              "version": "0.3.2",
-              "resolved": "https://registry.npmjs.org/array-unique/-/array-unique-0.3.2.tgz",
-              "integrity": "sha1-qJS3XUvE9s1nnvMkSp/Y9Gri1Cg=",
-              "dev": true
-            }
+            "is-number": "^7.0.0"
           }
         }
       }
     },
     "gulp-match": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/gulp-match/-/gulp-match-1.0.3.tgz",
-      "integrity": "sha1-kcfA1/Kb7NZgbVfYCn+Hdqh6uo4=",
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/gulp-match/-/gulp-match-1.1.0.tgz",
+      "integrity": "sha512-DlyVxa1Gj24DitY2OjEsS+X6tDpretuxD6wTfhXE/Rw2hweqc1f6D/XtsJmoiCwLWfXgR87W9ozEityPCVzGtQ==",
       "dev": true,
       "requires": {
         "minimatch": "^3.0.3"
@@ -6578,33 +6408,6 @@
         }
       }
     },
-    "gulp-purifycss": {
-      "version": "0.2.0",
-      "resolved": "https://registry.npmjs.org/gulp-purifycss/-/gulp-purifycss-0.2.0.tgz",
-      "integrity": "sha1-GCxLrejsmXip+BNmPmkhr8GjUKM=",
-      "dev": true,
-      "requires": {
-        "glob": "^5.0.10",
-        "gulp-util": "^3.0.5",
-        "purify-css": "^1.0.8",
-        "through2": "^2.0.0"
-      },
-      "dependencies": {
-        "glob": {
-          "version": "5.0.15",
-          "resolved": "https://registry.npmjs.org/glob/-/glob-5.0.15.tgz",
-          "integrity": "sha1-G8k2ueAvSmA/zCIuz3Yz0wuLk7E=",
-          "dev": true,
-          "requires": {
-            "inflight": "^1.0.4",
-            "inherits": "2",
-            "minimatch": "2 || 3",
-            "once": "^1.3.0",
-            "path-is-absolute": "^1.0.0"
-          }
-        }
-      }
-    },
     "gulp-rename": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/gulp-rename/-/gulp-rename-1.4.0.tgz",
@@ -6744,6 +6547,12 @@
         "through2": "2.X"
       },
       "dependencies": {
+        "acorn": {
+          "version": "5.7.3",
+          "resolved": "https://registry.npmjs.org/acorn/-/acorn-5.7.3.tgz",
+          "integrity": "sha512-T/zvzYRfbVojPWahDsE5evJdHb3oJoQfFbsrKM7w5Zcs++Tr257tia3BmMP8XYVjp1S9RZXQMh7gao96BlqZOw==",
+          "dev": true
+        },
         "source-map": {
           "version": "0.6.1",
           "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
@@ -6752,40 +6561,6 @@
         }
       }
     },
-    "gulp-util": {
-      "version": "3.0.8",
-      "resolved": "https://registry.npmjs.org/gulp-util/-/gulp-util-3.0.8.tgz",
-      "integrity": "sha1-AFTh50RQLifATBh8PsxQXdVLu08=",
-      "dev": true,
-      "requires": {
-        "array-differ": "^1.0.0",
-        "array-uniq": "^1.0.2",
-        "beeper": "^1.0.0",
-        "chalk": "^1.0.0",
-        "dateformat": "^2.0.0",
-        "fancy-log": "^1.1.0",
-        "gulplog": "^1.0.0",
-        "has-gulplog": "^0.1.0",
-        "lodash._reescape": "^3.0.0",
-        "lodash._reevaluate": "^3.0.0",
-        "lodash._reinterpolate": "^3.0.0",
-        "lodash.template": "^3.0.0",
-        "minimist": "^1.1.0",
-        "multipipe": "^0.1.2",
-        "object-assign": "^3.0.0",
-        "replace-ext": "0.0.1",
-        "through2": "^2.0.0",
-        "vinyl": "^0.5.0"
-      },
-      "dependencies": {
-        "object-assign": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-3.0.0.tgz",
-          "integrity": "sha1-m+3VygiXlJvKR+f/QIBi1Un1h/I=",
-          "dev": true
-        }
-      }
-    },
     "gulplog": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/gulplog/-/gulplog-1.0.0.tgz",
@@ -6814,21 +6589,21 @@
       }
     },
     "har-schema": {
-      "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/har-schema/-/har-schema-1.0.5.tgz",
-      "integrity": "sha1-0mMTX0MwfALGAq/I/pWXDAFRNp4=",
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/har-schema/-/har-schema-2.0.0.tgz",
+      "integrity": "sha1-qUwiJOvKwEeCoNkDVSHyRzW37JI=",
       "dev": true,
       "optional": true
     },
     "har-validator": {
-      "version": "4.2.1",
-      "resolved": "https://registry.npmjs.org/har-validator/-/har-validator-4.2.1.tgz",
-      "integrity": "sha1-M0gdDxu/9gDdID11gSpqX7oALio=",
+      "version": "5.1.3",
+      "resolved": "https://registry.npmjs.org/har-validator/-/har-validator-5.1.3.tgz",
+      "integrity": "sha512-sNvOCzEQNr/qrvJgc3UG/kD4QtlHycrzwS+6mfTrrSq97BvaYcPZZI1ZSqGSPR73Cxn4LKTD4PttRwfU7jWq5g==",
       "dev": true,
       "optional": true,
       "requires": {
-        "ajv": "^4.9.1",
-        "har-schema": "^1.0.5"
+        "ajv": "^6.5.5",
+        "har-schema": "^2.0.0"
       }
     },
     "has": {
@@ -6960,29 +6735,10 @@
         }
       }
     },
-    "hawk": {
-      "version": "3.1.3",
-      "resolved": "https://registry.npmjs.org/hawk/-/hawk-3.1.3.tgz",
-      "integrity": "sha1-B4REvXwWQLD+VA0sm3PVlnjo4cQ=",
-      "dev": true,
-      "optional": true,
-      "requires": {
-        "boom": "2.x.x",
-        "cryptiles": "2.x.x",
-        "hoek": "2.x.x",
-        "sntp": "1.x.x"
-      }
-    },
-    "hoek": {
-      "version": "2.16.3",
-      "resolved": "https://registry.npmjs.org/hoek/-/hoek-2.16.3.tgz",
-      "integrity": "sha1-ILt0A9POo5jpHcRxCo/xuCdKJe0=",
-      "dev": true
-    },
     "homedir-polyfill": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/homedir-polyfill/-/homedir-polyfill-1.0.1.tgz",
-      "integrity": "sha1-TCu8inWJmP7r9e1oWA921GdotLw=",
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/homedir-polyfill/-/homedir-polyfill-1.0.3.tgz",
+      "integrity": "sha512-eSmmWE5bZTK2Nou4g0AI3zZ9rswp7GRKoKXS1BLUkvPviOqs4YTN1djQIqrXy9k5gEtdLPy86JjRwsNM9tnDcA==",
       "dev": true,
       "requires": {
         "parse-passwd": "^1.0.0"
@@ -7033,6 +6789,12 @@
       "integrity": "sha512-5ai2iksyV8ZXmnZhHH4rWPoxxistEexSi5936zIQ1bnNTW5VnA85B6P/VpXiRM017IgRvb2kKo1a//y+0wSp3w==",
       "dev": true
     },
+    "http-equiv-refresh": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/http-equiv-refresh/-/http-equiv-refresh-1.0.0.tgz",
+      "integrity": "sha1-jsU4hmBCvl8/evpzfRmNlL6xsHs=",
+      "dev": true
+    },
     "http-errors": {
       "version": "1.7.2",
       "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.7.2.tgz",
@@ -7065,24 +6827,24 @@
       }
     },
     "http-signature": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.1.1.tgz",
-      "integrity": "sha1-33LiZwZs0Kxn+3at+OE0qPvPkb8=",
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz",
+      "integrity": "sha1-muzZJRFHcvPZW2WmCruPfBj7rOE=",
       "dev": true,
       "optional": true,
       "requires": {
-        "assert-plus": "^0.2.0",
+        "assert-plus": "^1.0.0",
         "jsprim": "^1.2.2",
         "sshpk": "^1.7.0"
       }
     },
     "https-proxy-agent": {
-      "version": "2.2.1",
-      "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-2.2.1.tgz",
-      "integrity": "sha512-HPCTS1LW51bcyMYbxUIOO4HEOlQ1/1qRaFWcyxvwaqUS9TY88aoEuHUY33kuAh1YhVVaDQhLZsnPd+XNARWZlQ==",
+      "version": "2.2.2",
+      "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-2.2.2.tgz",
+      "integrity": "sha512-c8Ndjc9Bkpfx/vCJueCPy0jlP4ccCCSNDp8xwCZzPjKJUm+B+u9WX2x98Qx4n1PiMNTWo3D7KK5ifNV/yJyRzg==",
       "dev": true,
       "requires": {
-        "agent-base": "^4.1.0",
+        "agent-base": "^4.3.0",
         "debug": "^3.1.0"
       },
       "dependencies": {
@@ -7096,13 +6858,19 @@
           }
         },
         "ms": {
-          "version": "2.1.1",
-          "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz",
-          "integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==",
+          "version": "2.1.2",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
+          "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
           "dev": true
         }
       }
     },
+    "humanize-duration": {
+      "version": "3.20.1",
+      "resolved": "https://registry.npmjs.org/humanize-duration/-/humanize-duration-3.20.1.tgz",
+      "integrity": "sha512-r2FR5Tkwo482oDmoutbX22KLzmz83UlWD8KgfQuM+EvxxDS10m2tRgHsKU+M6nFxaDU72YCKmLKi3lYB0CPMnw==",
+      "dev": true
+    },
     "humanize-url": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/humanize-url/-/humanize-url-1.0.1.tgz",
@@ -7153,9 +6921,9 @@
       "dev": true
     },
     "ignore": {
-      "version": "3.3.8",
-      "resolved": "https://registry.npmjs.org/ignore/-/ignore-3.3.8.tgz",
-      "integrity": "sha512-pUh+xUQQhQzevjRHHFqqcTy0/dP/kS9I8HSrUydhihjuD09W6ldVWFtIrwhXdUJHis3i2rZNqEHpZH/cbinFbg==",
+      "version": "5.1.4",
+      "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.1.4.tgz",
+      "integrity": "sha512-MzbUSahkTW1u7JpKKjY7LCARd1fU5W2rLdxlM4kdkayuCwZImjkpluF9CM1aLewYJguPDqewLam18Y6AU69A8A==",
       "dev": true
     },
     "image-size": {
@@ -7166,52 +6934,32 @@
       "optional": true
     },
     "imagemin": {
-      "version": "6.1.0",
-      "resolved": "https://registry.npmjs.org/imagemin/-/imagemin-6.1.0.tgz",
-      "integrity": "sha512-8ryJBL1CN5uSHpiBMX0rJw79C9F9aJqMnjGnrd/1CafegpNuA81RBAAru/jQQEOWlOJJlpRnlcVFF6wq+Ist0A==",
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/imagemin/-/imagemin-7.0.0.tgz",
+      "integrity": "sha512-TXvCSSIYl4KQUASur9S0+E4olVECzvxvZABU9rNqsza7vzIrUQMRTjyczGf8OmtcgvZ9jOYyinXW3epOpd/04A==",
       "dev": true,
       "requires": {
-        "file-type": "^10.7.0",
-        "globby": "^8.0.1",
-        "make-dir": "^1.0.0",
-        "p-pipe": "^1.1.0",
-        "pify": "^4.0.1",
+        "file-type": "^12.0.0",
+        "globby": "^10.0.0",
+        "junk": "^3.1.0",
+        "make-dir": "^3.0.0",
+        "p-pipe": "^3.0.0",
         "replace-ext": "^1.0.0"
       },
       "dependencies": {
-        "globby": {
-          "version": "8.0.2",
-          "resolved": "https://registry.npmjs.org/globby/-/globby-8.0.2.tgz",
-          "integrity": "sha512-yTzMmKygLp8RUpG1Ymu2VXPSJQZjNAZPD4ywgYEaG7e4tBJeUQBO8OpXrf1RCNcEs5alsoJYPAMiIHP0cmeC7w==",
+        "make-dir": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-3.0.0.tgz",
+          "integrity": "sha512-grNJDhb8b1Jm1qeqW5R/O63wUo4UXo2v2HMic6YT9i/HBlF93S8jkMgH7yugvY9ABDShH4VZMn8I+U8+fCNegw==",
           "dev": true,
           "requires": {
-            "array-union": "^1.0.1",
-            "dir-glob": "2.0.0",
-            "fast-glob": "^2.0.2",
-            "glob": "^7.1.2",
-            "ignore": "^3.3.5",
-            "pify": "^3.0.0",
-            "slash": "^1.0.0"
-          },
-          "dependencies": {
-            "pify": {
-              "version": "3.0.0",
-              "resolved": "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz",
-              "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY=",
-              "dev": true
-            }
+            "semver": "^6.0.0"
           }
         },
-        "pify": {
-          "version": "4.0.1",
-          "resolved": "https://registry.npmjs.org/pify/-/pify-4.0.1.tgz",
-          "integrity": "sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==",
-          "dev": true
-        },
-        "replace-ext": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/replace-ext/-/replace-ext-1.0.0.tgz",
-          "integrity": "sha1-3mMSg3P8v3w8z6TeWkgMRaZ5WOs=",
+        "semver": {
+          "version": "6.3.0",
+          "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
+          "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
           "dev": true
         }
       }
@@ -7241,15 +6989,15 @@
       }
     },
     "imagemin-optipng": {
-      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/imagemin-optipng/-/imagemin-optipng-6.0.0.tgz",
-      "integrity": "sha512-FoD2sMXvmoNm/zKPOWdhKpWdFdF9qiJmKC17MxZJPH42VMAp17/QENI/lIuP7LCUnLVAloO3AUoTSNzfhpyd8A==",
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/imagemin-optipng/-/imagemin-optipng-7.0.0.tgz",
+      "integrity": "sha512-N40bmLgiyv5H8xFp/RYmWKdg6Z19MGqzcNW+IWXG7VPrLV75NbcOn8y6A7eZcSHOCNW+DqBx+b95yw+Tf6Sl/g==",
       "dev": true,
       "optional": true,
       "requires": {
         "exec-buffer": "^3.0.0",
-        "is-png": "^1.0.0",
-        "optipng-bin": "^5.0.0"
+        "is-png": "^2.0.0",
+        "optipng-bin": "^6.0.0"
       }
     },
     "imagemin-svgo": {
@@ -7269,6 +7017,16 @@
       "integrity": "sha1-wkOZUUVbs5kT2vKBN28VMOEErfM=",
       "dev": true
     },
+    "import-fresh": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.1.0.tgz",
+      "integrity": "sha512-PpuksHKGt8rXfWEr9m9EHIpgyyaltBy8+eF6GJM0QCAxMgxCfucMF3mjecK2QsJr0amJW7gTqh5/wht0z2UhEQ==",
+      "dev": true,
+      "requires": {
+        "parent-module": "^1.0.0",
+        "resolve-from": "^4.0.0"
+      }
+    },
     "import-lazy": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/import-lazy/-/import-lazy-3.1.0.tgz",
@@ -7325,23 +7083,23 @@
       "dev": true
     },
     "inquirer": {
-      "version": "5.2.0",
-      "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-5.2.0.tgz",
-      "integrity": "sha512-E9BmnJbAKLPGonz0HeWHtbKf+EeSP93paWO3ZYoUpq/aowXvYGjjCSuashhXPpzbArIjBbji39THkxTz9ZeEUQ==",
+      "version": "6.5.2",
+      "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-6.5.2.tgz",
+      "integrity": "sha512-cntlB5ghuB0iuO65Ovoi8ogLHiWGs/5yNrtUcKjFhSSiVeAIVpD7koaSU9RM8mpXw5YDi9RdYXGQMaOURB7ycQ==",
       "dev": true,
       "requires": {
-        "ansi-escapes": "^3.0.0",
-        "chalk": "^2.0.0",
+        "ansi-escapes": "^3.2.0",
+        "chalk": "^2.4.2",
         "cli-cursor": "^2.1.0",
         "cli-width": "^2.0.0",
-        "external-editor": "^2.1.0",
+        "external-editor": "^3.0.3",
         "figures": "^2.0.0",
-        "lodash": "^4.3.0",
+        "lodash": "^4.17.12",
         "mute-stream": "0.0.7",
         "run-async": "^2.2.0",
-        "rxjs": "^5.5.2",
+        "rxjs": "^6.4.0",
         "string-width": "^2.1.0",
-        "strip-ansi": "^4.0.0",
+        "strip-ansi": "^5.1.0",
         "through": "^2.3.6"
       },
       "dependencies": {
@@ -7386,6 +7144,15 @@
           "integrity": "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8=",
           "dev": true
         },
+        "rxjs": {
+          "version": "6.5.3",
+          "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-6.5.3.tgz",
+          "integrity": "sha512-wuYsAYYFdWTAnAaPoKGNhfpWwKZbJW+HgAJ+mImp+Epl7BG8oNWBCTyRM8gba9k4lk8BgWdoYm21Mo/RYhhbgA==",
+          "dev": true,
+          "requires": {
+            "tslib": "^1.9.0"
+          }
+        },
         "string-width": {
           "version": "2.1.1",
           "resolved": "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz",
@@ -7394,15 +7161,34 @@
           "requires": {
             "is-fullwidth-code-point": "^2.0.0",
             "strip-ansi": "^4.0.0"
+          },
+          "dependencies": {
+            "strip-ansi": {
+              "version": "4.0.0",
+              "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz",
+              "integrity": "sha1-qEeQIusaw2iocTibY1JixQXuNo8=",
+              "dev": true,
+              "requires": {
+                "ansi-regex": "^3.0.0"
+              }
+            }
           }
         },
         "strip-ansi": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz",
-          "integrity": "sha1-qEeQIusaw2iocTibY1JixQXuNo8=",
+          "version": "5.2.0",
+          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz",
+          "integrity": "sha512-DuRs1gKbBqsMKIZlrffwlug8MHkcnpjs5VPmL1PAh+mA30U0DTotfDZ0d2UUsXpPmPmMMJ6W773MaA3J+lbiWA==",
           "dev": true,
           "requires": {
-            "ansi-regex": "^3.0.0"
+            "ansi-regex": "^4.1.0"
+          },
+          "dependencies": {
+            "ansi-regex": {
+              "version": "4.1.0",
+              "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz",
+              "integrity": "sha512-1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg==",
+              "dev": true
+            }
           }
         },
         "supports-color": {
@@ -7417,9 +7203,9 @@
       }
     },
     "interpret": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/interpret/-/interpret-1.1.0.tgz",
-      "integrity": "sha1-ftGxQQxqDg94z5XTuEQMY/eLhhQ=",
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/interpret/-/interpret-1.2.0.tgz",
+      "integrity": "sha512-mT34yGKMNceBQUoVn7iCDKDntA7SC6gycMAWzGx1z/CMCTV7b2AAtXlo3nRyHZ1FelRkQbQjprHSYGwzLtkVbw==",
       "dev": true
     },
     "into-stream": {
@@ -7478,6 +7264,12 @@
         "binary-extensions": "^1.0.0"
       }
     },
+    "is-browser": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/is-browser/-/is-browser-2.1.0.tgz",
+      "integrity": "sha512-F5rTJxDQ2sW81fcfOR1GnCXT6sVJC104fCyfj+mjpwNEwaPYSn5fte5jiHmBg3DHsIoL/l8Kvw5VN5SsTRcRFQ==",
+      "dev": true
+    },
     "is-buffer": {
       "version": "1.1.6",
       "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.6.tgz",
@@ -7577,6 +7369,15 @@
       "optional": true,
       "requires": {
         "file-type": "^10.4.0"
+      },
+      "dependencies": {
+        "file-type": {
+          "version": "10.11.0",
+          "resolved": "https://registry.npmjs.org/file-type/-/file-type-10.11.0.tgz",
+          "integrity": "sha512-uzk64HRpUZyTGZtVuvrjP0FYxzQrBf4rojot6J65YMEbwBLB0CWm0CLojVpwpmFmxcE/lkvYICgfcGozbBq6rw==",
+          "dev": true,
+          "optional": true
+        }
       }
     },
     "is-glob": {
@@ -7599,6 +7400,13 @@
       "version": "4.0.1",
       "resolved": "https://registry.npmjs.org/is-natural-number/-/is-natural-number-4.0.1.tgz",
       "integrity": "sha1-q5124dtM7VHjXeDHLr7PCfc0zeg=",
+      "dev": true,
+      "optional": true
+    },
+    "is-negated-glob": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/is-negated-glob/-/is-negated-glob-1.0.0.tgz",
+      "integrity": "sha1-aRC8pdqMleeEtXUbl2z1oQ/uNtI=",
       "dev": true
     },
     "is-number": {
@@ -7643,28 +7451,16 @@
       }
     },
     "is-path-cwd": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/is-path-cwd/-/is-path-cwd-2.1.0.tgz",
-      "integrity": "sha512-Sc5j3/YnM8tDeyCsVeKlm/0p95075DyLmDEIkSgQ7mXkrOX+uTCtmQFm0CYzVyJwcCCmO3k8qfJt17SxQwB5Zw==",
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/is-path-cwd/-/is-path-cwd-2.2.0.tgz",
+      "integrity": "sha512-w942bTcih8fdJPJmQHFzkS76NEP8Kzzvmw92cXsazb8intwLqPibPPdXf4ANdKV3rYMuuQYGIWtvz9JilB3NFQ==",
       "dev": true
     },
-    "is-path-in-cwd": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/is-path-in-cwd/-/is-path-in-cwd-2.1.0.tgz",
-      "integrity": "sha512-rNocXHgipO+rvnP6dk3zI20RpOtrAM/kzbB258Uw5BWr3TpXi861yzjo16Dn4hUox07iw5AyeMLHWsujkjzvRQ==",
-      "dev": true,
-      "requires": {
-        "is-path-inside": "^2.1.0"
-      }
-    },
     "is-path-inside": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-2.1.0.tgz",
-      "integrity": "sha512-wiyhTzfDWsvwAW53OBWF5zuvaOGlZ6PwYxAbPVDhpm+gM09xKQGjBq/8uYN12aDvMxnAnq3dxTyoSoRNmg5YFg==",
-      "dev": true,
-      "requires": {
-        "path-is-inside": "^1.0.2"
-      }
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.1.tgz",
+      "integrity": "sha512-CKstxrctq1kUesU6WhtZDbYKzzYBuRH0UYInAVrkc/EYdB9ltbfE0gOoayG9nhohG6447sOOVGhHqsdmBvkbNg==",
+      "dev": true
     },
     "is-plain-obj": {
       "version": "1.1.0",
@@ -7690,9 +7486,9 @@
       }
     },
     "is-png": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/is-png/-/is-png-1.1.0.tgz",
-      "integrity": "sha1-1XSxK/J1wDUEVVcLDltXqwYgd84=",
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/is-png/-/is-png-2.0.0.tgz",
+      "integrity": "sha512-4KPGizaVGj2LK7xwJIz8o5B2ubu1D/vcQsgOGFEDlpcvgZHto4gBnyd0ig7Ws+67ixmwKoNmu0hYnpo6AaKb5g==",
       "dev": true,
       "optional": true
     },
@@ -7726,12 +7522,6 @@
         "is-unc-path": "^1.0.0"
       }
     },
-    "is-resolvable": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/is-resolvable/-/is-resolvable-1.1.0.tgz",
-      "integrity": "sha512-qgDYXFSR5WvEfuS5dMj6oTMEbrrSaM0CrFk2Yiq/gXnBvD9pMa2jGXxyhGLfvhZpuMZe18CJpFxAt3CRs42NMg==",
-      "dev": true
-    },
     "is-retry-allowed": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/is-retry-allowed/-/is-retry-allowed-1.1.0.tgz",
@@ -7744,6 +7534,12 @@
       "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=",
       "dev": true
     },
+    "is-string": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/is-string/-/is-string-1.0.4.tgz",
+      "integrity": "sha1-zDqbaYV9Yh6WNyWiTK7shzuCbmQ=",
+      "dev": true
+    },
     "is-svg": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/is-svg/-/is-svg-3.0.0.tgz",
@@ -7785,6 +7581,12 @@
       "integrity": "sha1-Sw2hRCEE0bM2NA6AeX6GXPOffXI=",
       "dev": true
     },
+    "is-valid-glob": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/is-valid-glob/-/is-valid-glob-1.0.0.tgz",
+      "integrity": "sha1-Kb8+/3Ab4tTTFdusw5vDn+j2Aao=",
+      "dev": true
+    },
     "is-windows": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz",
@@ -7803,6 +7605,12 @@
       "integrity": "sha1-o32U7ZzaLVmGXJ92/llu4fM4dB4=",
       "dev": true
     },
+    "isbot": {
+      "version": "2.4.1",
+      "resolved": "https://registry.npmjs.org/isbot/-/isbot-2.4.1.tgz",
+      "integrity": "sha512-aYmlG6ztVRersWtRyniFXgOhyMI9IuehRL0zUa3QIRPrZSFSB8G1O3MOKK5nWw7ozpyQdbEtUF3prTaQSf6zqg==",
+      "dev": true
+    },
     "isexe": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
@@ -8375,9 +8183,9 @@
       }
     },
     "js-tokens": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-3.0.2.tgz",
-      "integrity": "sha1-mGbfOVECEw449/mWvOtlRDIJwls=",
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
+      "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==",
       "dev": true
     },
     "js-yaml": {
@@ -8422,16 +8230,6 @@
       "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==",
       "dev": true
     },
-    "json-stable-stringify": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/json-stable-stringify/-/json-stable-stringify-1.0.1.tgz",
-      "integrity": "sha1-mnWdOcXy/1A/1TAGRu1EX4jE+a8=",
-      "dev": true,
-      "optional": true,
-      "requires": {
-        "jsonify": "~0.0.0"
-      }
-    },
     "json-stable-stringify-without-jsonify": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz",
@@ -8454,13 +8252,6 @@
         "graceful-fs": "^4.1.6"
       }
     },
-    "jsonify": {
-      "version": "0.0.0",
-      "resolved": "https://registry.npmjs.org/jsonify/-/jsonify-0.0.0.tgz",
-      "integrity": "sha1-LHS27kHZPKUbe1qu6PUDYx0lKnM=",
-      "dev": true,
-      "optional": true
-    },
     "jsprim": {
       "version": "1.4.1",
       "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.4.1.tgz",
@@ -8471,27 +8262,31 @@
         "assert-plus": "1.0.0",
         "extsprintf": "1.3.0",
         "json-schema": "0.2.3",
-        "verror": "1.10.0"
-      },
-      "dependencies": {
-        "assert-plus": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
-          "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU=",
-          "dev": true,
-          "optional": true
-        }
+        "verror": "1.10.0"
       }
     },
     "jsx-ast-utils": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/jsx-ast-utils/-/jsx-ast-utils-2.1.0.tgz",
-      "integrity": "sha512-yDGDG2DS4JcqhA6blsuYbtsT09xL8AoLuUR2Gb5exrw7UEM19sBcOTq+YBBhrNbl0PUC4R4LnFu+dHg2HKeVvA==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/jsx-ast-utils/-/jsx-ast-utils-2.2.1.tgz",
+      "integrity": "sha512-v3FxCcAf20DayI+uxnCuw795+oOIkVu6EnJ1+kSzhqqTZHNkTZ7B66ZgLp4oLJ/gbA64cI0B7WRoHZMSRdyVRQ==",
       "dev": true,
       "requires": {
-        "array-includes": "^3.0.3"
+        "array-includes": "^3.0.3",
+        "object.assign": "^4.1.0"
       }
     },
+    "junk": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/junk/-/junk-3.1.0.tgz",
+      "integrity": "sha512-pBxcB3LFc8QVgdggvZWyeys+hnrNWg4OcZIU/1X59k5jQdLBlCsYGRQaz234SqoRLTCgMH00fY0xRJH+F9METQ==",
+      "dev": true
+    },
+    "just-debounce": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/just-debounce/-/just-debounce-1.0.0.tgz",
+      "integrity": "sha1-h/zPrv/AtozRnVX2cilD+SnqNeo=",
+      "dev": true
+    },
     "keyv": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/keyv/-/keyv-3.0.0.tgz",
@@ -8510,12 +8305,31 @@
         "is-buffer": "^1.1.5"
       }
     },
+    "last-run": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/last-run/-/last-run-1.1.1.tgz",
+      "integrity": "sha1-RblpQsF7HHnHchmCWbqUO+v4yls=",
+      "dev": true,
+      "requires": {
+        "default-resolution": "^2.0.0",
+        "es6-weak-map": "^2.0.1"
+      }
+    },
     "lazy-cache": {
       "version": "1.0.4",
       "resolved": "https://registry.npmjs.org/lazy-cache/-/lazy-cache-1.0.4.tgz",
       "integrity": "sha1-odePw6UEdMuAhF07O24dpJpEbo4=",
       "dev": true
     },
+    "lazystream": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/lazystream/-/lazystream-1.0.0.tgz",
+      "integrity": "sha1-9plf4PggOS9hOWvolGJAe7dxaOQ=",
+      "dev": true,
+      "requires": {
+        "readable-stream": "^2.0.5"
+      }
+    },
     "lcid": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/lcid/-/lcid-1.0.0.tgz",
@@ -8525,20 +8339,39 @@
         "invert-kv": "^1.0.0"
       }
     },
+    "lead": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/lead/-/lead-1.0.0.tgz",
+      "integrity": "sha1-bxT5mje+Op3XhPVJVpDlkDRm7kI=",
+      "dev": true,
+      "requires": {
+        "flush-write-stream": "^1.0.2"
+      }
+    },
     "less": {
-      "version": "2.7.3",
-      "resolved": "https://registry.npmjs.org/less/-/less-2.7.3.tgz",
-      "integrity": "sha512-KPdIJKWcEAb02TuJtaLrhue0krtRLoRoo7x6BNJIBelO00t/CCdJQUnHW5V34OnHMWzIktSalJxRO+FvytQlCQ==",
+      "version": "3.10.3",
+      "resolved": "https://registry.npmjs.org/less/-/less-3.10.3.tgz",
+      "integrity": "sha512-vz32vqfgmoxF1h3K4J+yKCtajH0PWmjkIFgbs5d78E/c/e+UQTnI+lWK+1eQRE95PXM2mC3rJlLSSP9VQHnaow==",
       "dev": true,
       "requires": {
+        "clone": "^2.1.2",
         "errno": "^0.1.1",
         "graceful-fs": "^4.1.2",
         "image-size": "~0.5.0",
-        "mime": "^1.2.11",
+        "mime": "^1.4.1",
         "mkdirp": "^0.5.0",
         "promise": "^7.1.1",
-        "request": "2.81.0",
-        "source-map": "^0.5.3"
+        "request": "^2.83.0",
+        "source-map": "~0.6.0"
+      },
+      "dependencies": {
+        "source-map": {
+          "version": "0.6.1",
+          "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+          "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+          "dev": true,
+          "optional": true
+        }
       }
     },
     "levn": {
@@ -8552,13 +8385,13 @@
       }
     },
     "liftoff": {
-      "version": "2.5.0",
-      "resolved": "https://registry.npmjs.org/liftoff/-/liftoff-2.5.0.tgz",
-      "integrity": "sha1-IAkpG7Mc6oYbvxCnwVooyvdcMew=",
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/liftoff/-/liftoff-3.1.0.tgz",
+      "integrity": "sha512-DlIPlJUkCV0Ips2zf2pJP0unEoT1kwYhiiPUGF3s/jtxTCjziNLoiVVh+jqWOWeFi6mmwQ5fNxvAUyPad4Dfog==",
       "dev": true,
       "requires": {
         "extend": "^3.0.0",
-        "findup-sync": "^2.0.0",
+        "findup-sync": "^3.0.0",
         "fined": "^1.0.1",
         "flagged-respawn": "^1.0.0",
         "is-plain-object": "^2.0.4",
@@ -8567,12 +8400,28 @@
         "resolve": "^1.1.7"
       }
     },
+    "limited-request-queue": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/limited-request-queue/-/limited-request-queue-2.0.0.tgz",
+      "integrity": "sha1-FMfBILE4BgsZoqEDCrr2aTVyZQ0=",
+      "dev": true,
+      "requires": {
+        "is-browser": "^2.0.1",
+        "parse-domain": "~0.2.0"
+      }
+    },
     "limiter": {
       "version": "1.1.4",
       "resolved": "https://registry.npmjs.org/limiter/-/limiter-1.1.4.tgz",
       "integrity": "sha512-XCpr5bElgDI65vVgstP8TWjv6/QKWm9GU5UG0Pr5sLQ3QLo8NVKsioe+Jed5/3vFOe3IQuqE7DKwTvKQkjTHvg==",
       "dev": true
     },
+    "link-types": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/link-types/-/link-types-1.1.0.tgz",
+      "integrity": "sha1-r2XlnbUucMH/sYrEw8sFa/55aDA=",
+      "dev": true
+    },
     "lintspaces": {
       "version": "0.6.3",
       "resolved": "https://registry.npmjs.org/lintspaces/-/lintspaces-0.6.3.tgz",
@@ -8712,63 +8561,9 @@
       }
     },
     "lodash": {
-      "version": "4.17.13",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.13.tgz",
-      "integrity": "sha512-vm3/XWXfWtRua0FkUyEHBZy8kCPjErNBT9fJx8Zvs+U6zjqPbTUOpkaoum3O5uiA8sm+yNMHXfYkTUHFoMxFNA==",
-      "dev": true
-    },
-    "lodash._basecopy": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/lodash._basecopy/-/lodash._basecopy-3.0.1.tgz",
-      "integrity": "sha1-jaDmqHbPNEwK2KVIghEd08XHyjY=",
-      "dev": true
-    },
-    "lodash._basetostring": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/lodash._basetostring/-/lodash._basetostring-3.0.1.tgz",
-      "integrity": "sha1-0YYdh3+CSlL2aYMtyvPuFVZqB9U=",
-      "dev": true
-    },
-    "lodash._basevalues": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/lodash._basevalues/-/lodash._basevalues-3.0.0.tgz",
-      "integrity": "sha1-W3dXYoAr3j0yl1A+JjAIIP32Ybc=",
-      "dev": true
-    },
-    "lodash._getnative": {
-      "version": "3.9.1",
-      "resolved": "https://registry.npmjs.org/lodash._getnative/-/lodash._getnative-3.9.1.tgz",
-      "integrity": "sha1-VwvH3t5G1hzc3mh9ZdPuy6o6r/U=",
-      "dev": true
-    },
-    "lodash._isiterateecall": {
-      "version": "3.0.9",
-      "resolved": "https://registry.npmjs.org/lodash._isiterateecall/-/lodash._isiterateecall-3.0.9.tgz",
-      "integrity": "sha1-UgOte6Ql+uhCRg5pbbnPPmqsBXw=",
-      "dev": true
-    },
-    "lodash._reescape": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/lodash._reescape/-/lodash._reescape-3.0.0.tgz",
-      "integrity": "sha1-Kx1vXf4HyKNVdT5fJ/rH8c3hYWo=",
-      "dev": true
-    },
-    "lodash._reevaluate": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/lodash._reevaluate/-/lodash._reevaluate-3.0.0.tgz",
-      "integrity": "sha1-WLx0xAZklTrgsSTYBpltrKQx4u0=",
-      "dev": true
-    },
-    "lodash._reinterpolate": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/lodash._reinterpolate/-/lodash._reinterpolate-3.0.0.tgz",
-      "integrity": "sha1-DM8tiRZq8Ds2Y8eWU4t1rG4RTZ0=",
-      "dev": true
-    },
-    "lodash._root": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/lodash._root/-/lodash._root-3.0.1.tgz",
-      "integrity": "sha1-+6HEUkwZ7ppfgTa0YJ8BfPTe1pI=",
+      "version": "4.17.15",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
+      "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
       "dev": true
     },
     "lodash.clone": {
@@ -8783,50 +8578,18 @@
       "integrity": "sha1-0JF4cW/+pN3p5ft7N/bwgCJ0WAw=",
       "dev": true
     },
-    "lodash.escape": {
-      "version": "3.2.0",
-      "resolved": "https://registry.npmjs.org/lodash.escape/-/lodash.escape-3.2.0.tgz",
-      "integrity": "sha1-mV7g3BjBtIzJLv+ucaEKq1tIdpg=",
-      "dev": true,
-      "requires": {
-        "lodash._root": "^3.0.0"
-      }
-    },
     "lodash.flatten": {
       "version": "4.4.0",
       "resolved": "https://registry.npmjs.org/lodash.flatten/-/lodash.flatten-4.4.0.tgz",
       "integrity": "sha1-8xwiIlqWMtK7+OSt2+8kCqdlph8=",
       "dev": true
     },
-    "lodash.isarguments": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/lodash.isarguments/-/lodash.isarguments-3.1.0.tgz",
-      "integrity": "sha1-L1c9hcaiQon/AGY7SRwdM4/zRYo=",
-      "dev": true
-    },
-    "lodash.isarray": {
-      "version": "3.0.4",
-      "resolved": "https://registry.npmjs.org/lodash.isarray/-/lodash.isarray-3.0.4.tgz",
-      "integrity": "sha1-eeTriMNqgSKvhvhEqpvNhRtfu1U=",
-      "dev": true
-    },
     "lodash.isfinite": {
       "version": "3.3.2",
       "resolved": "https://registry.npmjs.org/lodash.isfinite/-/lodash.isfinite-3.3.2.tgz",
       "integrity": "sha1-+4m2WpqAKBgz8LdHizpRBPiY67M=",
       "dev": true
     },
-    "lodash.keys": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/lodash.keys/-/lodash.keys-3.1.2.tgz",
-      "integrity": "sha1-TbwEcrFWvlCgsoaFXRvQsMZWCYo=",
-      "dev": true,
-      "requires": {
-        "lodash._getnative": "^3.0.0",
-        "lodash.isarguments": "^3.0.0",
-        "lodash.isarray": "^3.0.0"
-      }
-    },
     "lodash.merge": {
       "version": "4.6.2",
       "resolved": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz",
@@ -8845,39 +8608,6 @@
       "integrity": "sha1-UvBWEP/53tQiYRRB7R/BI6AwAbM=",
       "dev": true
     },
-    "lodash.restparam": {
-      "version": "3.6.1",
-      "resolved": "https://registry.npmjs.org/lodash.restparam/-/lodash.restparam-3.6.1.tgz",
-      "integrity": "sha1-k2pOMJ7zMKdkXtQUWYbIWuWyCAU=",
-      "dev": true
-    },
-    "lodash.template": {
-      "version": "3.6.2",
-      "resolved": "https://registry.npmjs.org/lodash.template/-/lodash.template-3.6.2.tgz",
-      "integrity": "sha1-+M3sxhaaJVvpCYrosMU9N4kx0U8=",
-      "dev": true,
-      "requires": {
-        "lodash._basecopy": "^3.0.0",
-        "lodash._basetostring": "^3.0.0",
-        "lodash._basevalues": "^3.0.0",
-        "lodash._isiterateecall": "^3.0.0",
-        "lodash._reinterpolate": "^3.0.0",
-        "lodash.escape": "^3.0.0",
-        "lodash.keys": "^3.0.0",
-        "lodash.restparam": "^3.0.0",
-        "lodash.templatesettings": "^3.0.0"
-      }
-    },
-    "lodash.templatesettings": {
-      "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/lodash.templatesettings/-/lodash.templatesettings-3.1.1.tgz",
-      "integrity": "sha1-+zB4RHU7Zrnxr6VOJix0UwfbqOU=",
-      "dev": true,
-      "requires": {
-        "lodash._reinterpolate": "^3.0.0",
-        "lodash.escape": "^3.0.0"
-      }
-    },
     "lodash.uniq": {
       "version": "4.5.0",
       "resolved": "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz",
@@ -8937,6 +8667,16 @@
         "meow": "^3.3.0"
       }
     },
+    "lru-cache": {
+      "version": "4.1.5",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-4.1.5.tgz",
+      "integrity": "sha512-sWZlbEP2OsHNkXrMl5GYk/jKk70MBng6UU4YI/qGDYbgf6YbP4EvmqISbXCoJiRKs+1bSpFHVgQxvJ17F2li5g==",
+      "dev": true,
+      "requires": {
+        "pseudomap": "^1.0.2",
+        "yallist": "^2.1.2"
+      }
+    },
     "lru-queue": {
       "version": "0.1.0",
       "resolved": "https://registry.npmjs.org/lru-queue/-/lru-queue-0.1.0.tgz",
@@ -9001,21 +8741,54 @@
         "object-visit": "^1.0.0"
       }
     },
-    "mdn-data": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-1.1.4.tgz",
-      "integrity": "sha512-FSYbp3lyKjyj3E7fMl6rYvUdX0FBXaluGqlFoYESWQlyUTq8R+wp0rkFxoYFqZlHCvsUXGjyJmLQSnXToYhOSA==",
-      "dev": true
-    },
-    "mem": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/mem/-/mem-1.1.0.tgz",
-      "integrity": "sha1-Xt1StIXKHZAP5kiVUFOZoN+kX3Y=",
+    "matchdep": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/matchdep/-/matchdep-2.0.0.tgz",
+      "integrity": "sha1-xvNINKDY28OzfCfui7yyfHd1WC4=",
       "dev": true,
       "requires": {
-        "mimic-fn": "^1.0.0"
+        "findup-sync": "^2.0.0",
+        "micromatch": "^3.0.4",
+        "resolve": "^1.4.0",
+        "stack-trace": "0.0.10"
+      },
+      "dependencies": {
+        "findup-sync": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/findup-sync/-/findup-sync-2.0.0.tgz",
+          "integrity": "sha1-kyaxSIwi0aYIhlCoaQGy2akKLLw=",
+          "dev": true,
+          "requires": {
+            "detect-file": "^1.0.0",
+            "is-glob": "^3.1.0",
+            "micromatch": "^3.0.4",
+            "resolve-dir": "^1.0.1"
+          }
+        },
+        "is-glob": {
+          "version": "3.1.0",
+          "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-3.1.0.tgz",
+          "integrity": "sha1-e6WuJCF4BKxwcHuWkiVnSGzD6Eo=",
+          "dev": true,
+          "requires": {
+            "is-extglob": "^2.1.0"
+          }
+        }
       }
     },
+    "maybe-callback": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/maybe-callback/-/maybe-callback-2.1.0.tgz",
+      "integrity": "sha1-ivoLp7aRp6sSPn8S9l4yu10fgkM=",
+      "dev": true
+    },
+    "mdn-data": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.4.tgz",
+      "integrity": "sha512-iV3XNKw06j5Q7mi6h+9vbx23Tv7JkjEVgKHW4pimwyDGWm0OIQntJJ+u1C6mg6mK1EaTv42XQ7w76yuzH7M2cA==",
+      "dev": true,
+      "optional": true
+    },
     "memoizeasync": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/memoizeasync/-/memoizeasync-1.1.0.tgz",
@@ -9069,18 +8842,15 @@
       }
     },
     "merge-stream": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-1.0.1.tgz",
-      "integrity": "sha1-QEEgLVCKNCugAXQAjfDCUbjBNeE=",
-      "dev": true,
-      "requires": {
-        "readable-stream": "^2.0.1"
-      }
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz",
+      "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==",
+      "dev": true
     },
     "merge2": {
-      "version": "1.2.3",
-      "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.2.3.tgz",
-      "integrity": "sha512-gdUU1Fwj5ep4kplwcmftruWofEFt6lfpkkr3h860CXbAB9c3hGb55EOL2ali0Td5oebvW0E1+3Sr+Ur7XfKpRA==",
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.2.4.tgz",
+      "integrity": "sha512-FYE8xI+6pjFOhokZu0We3S5NKCirLbCzSh2Usf3qEyr4X8U+0jNg9P8RZ4qz+V2UoECLVwSyzU3LxXBaLGtD3A==",
       "dev": true
     },
     "micromatch": {
@@ -9173,9 +8943,9 @@
       "dev": true
     },
     "mixin-deep": {
-      "version": "1.3.1",
-      "resolved": "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.1.tgz",
-      "integrity": "sha512-8ZItLHeEgaqEvd5lYBXfm4EZSFCX29Jb9K+lAHhDKzReKBQKj3R+7NOF6tjqYi9t4oI8VUfaWITJQm86wnXGNQ==",
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.2.tgz",
+      "integrity": "sha512-WRoDn//mXBiJ1H40rqa3vH0toePwSsGb45iInWlTySa+Uu4k3tYUSxa2v1KqAiLtvlrSzaExqS1gtk96A9zvEA==",
       "dev": true,
       "requires": {
         "for-in": "^1.0.2",
@@ -9216,14 +8986,11 @@
       "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=",
       "dev": true
     },
-    "multipipe": {
-      "version": "0.1.2",
-      "resolved": "https://registry.npmjs.org/multipipe/-/multipipe-0.1.2.tgz",
-      "integrity": "sha1-Ko8t33Du1WTf8tV/HhoTfZ8FB4s=",
-      "dev": true,
-      "requires": {
-        "duplexer2": "0.0.2"
-      }
+    "mute-stdout": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/mute-stdout/-/mute-stdout-1.0.1.tgz",
+      "integrity": "sha512-kDcwXR4PS7caBpuRYYBUz9iVixUk3anO3f5OYFiIPwK/20vCzKCHyKoulbiDY1S53zD2bxUpxN/IJ+TnXjfvxg==",
+      "dev": true
     },
     "mute-stream": {
       "version": "0.0.7",
@@ -9278,12 +9045,6 @@
         }
       }
     },
-    "natives": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/natives/-/natives-1.1.3.tgz",
-      "integrity": "sha512-BZGSYV4YOLxzoTK73l0/s/0sH9l8SHs2ocReMH1f8JYSh5FUWu4ZrKCpJdRkWXV6HFR/pZDz7bwWOVAY07q77g==",
-      "dev": true
-    },
     "natural-compare": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz",
@@ -9309,14 +9070,102 @@
       "dev": true
     },
     "node-releases": {
-      "version": "1.1.22",
-      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-1.1.22.tgz",
-      "integrity": "sha512-O6XpteBuntW1j86mw6LlovBIwTe+sO2+7vi9avQffNeIW4upgnaCVm6xrBWH+KATz7mNNRNNeEpuWB7dT6Cr3w==",
+      "version": "1.1.30",
+      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-1.1.30.tgz",
+      "integrity": "sha512-BHcr1g6NeUH12IL+X3Flvs4IOnl1TL0JczUhEZjDE+FXXPQcVCNr8NEPb01zqGxzhTpdyJL5GXemaCW7aw6Khw==",
       "dev": true,
       "requires": {
         "semver": "^5.3.0"
       }
     },
+    "nopt": {
+      "version": "3.0.6",
+      "resolved": "https://registry.npmjs.org/nopt/-/nopt-3.0.6.tgz",
+      "integrity": "sha1-xkZdvwirzU2zWTF/eaxopkayj/k=",
+      "dev": true,
+      "requires": {
+        "abbrev": "1"
+      }
+    },
+    "nopter": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/nopter/-/nopter-0.3.0.tgz",
+      "integrity": "sha1-uWkOb6uPJWs35OfM0j4rOEUMxx8=",
+      "dev": true,
+      "requires": {
+        "caller-path": "~0.1.0",
+        "camelcase": "^1.0.2",
+        "chalk": "~0.5.1",
+        "cli-table": "~0.3.1",
+        "eol": "~0.2.0",
+        "nopt": "^3.0.1",
+        "object-assign": "^2.0.0",
+        "splitargs": "~0.0.3"
+      },
+      "dependencies": {
+        "ansi-regex": {
+          "version": "0.2.1",
+          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-0.2.1.tgz",
+          "integrity": "sha1-DY6UaWej2BQ/k+JOKYUl/BsiNfk=",
+          "dev": true
+        },
+        "ansi-styles": {
+          "version": "1.1.0",
+          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-1.1.0.tgz",
+          "integrity": "sha1-6uy/Zs1waIJ2Cy9GkVgrj1XXp94=",
+          "dev": true
+        },
+        "camelcase": {
+          "version": "1.2.1",
+          "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-1.2.1.tgz",
+          "integrity": "sha1-m7UwTS4LVmmLLHWLCKPqqdqlijk=",
+          "dev": true
+        },
+        "chalk": {
+          "version": "0.5.1",
+          "resolved": "https://registry.npmjs.org/chalk/-/chalk-0.5.1.tgz",
+          "integrity": "sha1-Zjs6ZItotV0EaQ1JFnqoN4WPIXQ=",
+          "dev": true,
+          "requires": {
+            "ansi-styles": "^1.1.0",
+            "escape-string-regexp": "^1.0.0",
+            "has-ansi": "^0.1.0",
+            "strip-ansi": "^0.3.0",
+            "supports-color": "^0.2.0"
+          }
+        },
+        "has-ansi": {
+          "version": "0.1.0",
+          "resolved": "https://registry.npmjs.org/has-ansi/-/has-ansi-0.1.0.tgz",
+          "integrity": "sha1-hPJlqujA5qiKEtcCKJS3VoiUxi4=",
+          "dev": true,
+          "requires": {
+            "ansi-regex": "^0.2.0"
+          }
+        },
+        "object-assign": {
+          "version": "2.1.1",
+          "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-2.1.1.tgz",
+          "integrity": "sha1-Q8NuXVaf+OSBbE76i+AtJpZ8GKo=",
+          "dev": true
+        },
+        "strip-ansi": {
+          "version": "0.3.0",
+          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-0.3.0.tgz",
+          "integrity": "sha1-JfSOoiynkYfzF0pNuHWTR7sSYiA=",
+          "dev": true,
+          "requires": {
+            "ansi-regex": "^0.2.1"
+          }
+        },
+        "supports-color": {
+          "version": "0.2.0",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-0.2.0.tgz",
+          "integrity": "sha1-2S3iaU6z9nMjlz1649i1W0wiGQo=",
+          "dev": true
+        }
+      }
+    },
     "normalize-package-data": {
       "version": "2.4.0",
       "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.4.0.tgz",
@@ -9372,6 +9221,15 @@
         }
       }
     },
+    "now-and-later": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/now-and-later/-/now-and-later-2.0.1.tgz",
+      "integrity": "sha512-KGvQ0cB70AQfg107Xvs/Fbu+dGmZoTRJp2TaPwcwQm3/7PteUyN2BCgk8KBMPGBUXZdVwyWS8fDCGFygBm19UQ==",
+      "dev": true,
+      "requires": {
+        "once": "^1.3.2"
+      }
+    },
     "npm-conf": {
       "version": "1.1.3",
       "resolved": "https://registry.npmjs.org/npm-conf/-/npm-conf-1.1.3.tgz",
@@ -9421,9 +9279,9 @@
       "dev": true
     },
     "oauth-sign": {
-      "version": "0.8.2",
-      "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.8.2.tgz",
-      "integrity": "sha1-Rqarfwrq2N6unsBWV4C31O/rnUM=",
+      "version": "0.9.0",
+      "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz",
+      "integrity": "sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ==",
       "dev": true,
       "optional": true
     },
@@ -9490,6 +9348,18 @@
         }
       }
     },
+    "object.assign": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.0.tgz",
+      "integrity": "sha512-exHJeq6kBKj58mqGyTQ9DFvrZC/eR6OwxzoM9YRoGBqrXYonaFyGiFMuc9VZrXf7DarreEwMpurG3dd+CNyW5w==",
+      "dev": true,
+      "requires": {
+        "define-properties": "^1.1.2",
+        "function-bind": "^1.1.1",
+        "has-symbols": "^1.0.0",
+        "object-keys": "^1.0.11"
+      }
+    },
     "object.defaults": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/object.defaults/-/object.defaults-1.1.0.tgz",
@@ -9500,23 +9370,30 @@
         "array-slice": "^1.0.0",
         "for-own": "^1.0.0",
         "isobject": "^3.0.0"
-      },
-      "dependencies": {
-        "for-own": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/for-own/-/for-own-1.0.0.tgz",
-          "integrity": "sha1-xjMy9BXO3EsE2/5wz4NklMU8tEs=",
-          "dev": true,
-          "requires": {
-            "for-in": "^1.0.1"
-          }
-        },
-        "isobject": {
-          "version": "3.0.1",
-          "resolved": "https://registry.npmjs.org/isobject/-/isobject-3.0.1.tgz",
-          "integrity": "sha1-TkMekrEalzFjaqH5yNHMvP2reN8=",
-          "dev": true
-        }
+      }
+    },
+    "object.entries": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/object.entries/-/object.entries-1.1.0.tgz",
+      "integrity": "sha512-l+H6EQ8qzGRxbkHOd5I/aHRhHDKoQXQ8g0BYt4uSweQU1/J6dZUOyWh9a2Vky35YCKjzmgxOzta2hH6kf9HuXA==",
+      "dev": true,
+      "requires": {
+        "define-properties": "^1.1.3",
+        "es-abstract": "^1.12.0",
+        "function-bind": "^1.1.1",
+        "has": "^1.0.3"
+      }
+    },
+    "object.fromentries": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/object.fromentries/-/object.fromentries-2.0.0.tgz",
+      "integrity": "sha512-9iLiI6H083uiqUuvzyY6qrlmc/Gz8hLQFOcb/Ri/0xXFkSNS3ctV+CbE6yM2+AnkYfOB3dGjdzC0wrMLIhQICA==",
+      "dev": true,
+      "requires": {
+        "define-properties": "^1.1.2",
+        "es-abstract": "^1.11.0",
+        "function-bind": "^1.1.1",
+        "has": "^1.0.1"
       }
     },
     "object.getownpropertydescriptors": {
@@ -9538,17 +9415,6 @@
       "requires": {
         "for-own": "^1.0.0",
         "make-iterator": "^1.0.0"
-      },
-      "dependencies": {
-        "for-own": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/for-own/-/for-own-1.0.0.tgz",
-          "integrity": "sha1-xjMy9BXO3EsE2/5wz4NklMU8tEs=",
-          "dev": true,
-          "requires": {
-            "for-in": "^1.0.1"
-          }
-        }
       }
     },
     "object.pick": {
@@ -9568,12 +9434,21 @@
         }
       }
     },
+    "object.reduce": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/object.reduce/-/object.reduce-1.0.1.tgz",
+      "integrity": "sha1-b+NI8qx/oPlcpiEiZZkJaCW7A60=",
+      "dev": true,
+      "requires": {
+        "for-own": "^1.0.0",
+        "make-iterator": "^1.0.0"
+      }
+    },
     "object.values": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/object.values/-/object.values-1.1.0.tgz",
       "integrity": "sha512-8mf0nKLAoFX6VlNVdhGj31SVYpaNFtUnuoOXWyFEstsWRgU837AK+JYM0iAxwkSzGRbwn8cbFmgbyxj1j4VbXg==",
       "dev": true,
-      "optional": true,
       "requires": {
         "define-properties": "^1.1.3",
         "es-abstract": "^1.12.0",
@@ -9646,9 +9521,9 @@
       }
     },
     "optipng-bin": {
-      "version": "5.1.0",
-      "resolved": "https://registry.npmjs.org/optipng-bin/-/optipng-bin-5.1.0.tgz",
-      "integrity": "sha512-9baoqZTNNmXQjq/PQTWEXbVV3AMO2sI/GaaqZJZ8SExfAzjijeAP7FEeT+TtyumSw7gr0PZtSUYB/Ke7iHQVKA==",
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/optipng-bin/-/optipng-bin-6.0.0.tgz",
+      "integrity": "sha512-95bB4y8IaTsa/8x6QH4bLUuyvyOoGBCLDA7wOgDL8UFqJpSUh1Hob8JRJhit+wC1ZLN3tQ7mFt7KuBj0x8F2Wg==",
       "dev": true,
       "optional": true,
       "requires": {
@@ -9657,23 +9532,15 @@
         "logalot": "^2.0.0"
       }
     },
-    "orchestrator": {
-      "version": "0.3.8",
-      "resolved": "https://registry.npmjs.org/orchestrator/-/orchestrator-0.3.8.tgz",
-      "integrity": "sha1-FOfp4nZPcxX7rBhOUGx6pt+UrX4=",
+    "ordered-read-streams": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/ordered-read-streams/-/ordered-read-streams-1.0.1.tgz",
+      "integrity": "sha1-d8DLN8QVJdZBZtmQ/61+xqDhNj4=",
       "dev": true,
       "requires": {
-        "end-of-stream": "~0.1.5",
-        "sequencify": "~0.0.7",
-        "stream-consume": "~0.1.0"
+        "readable-stream": "^2.0.1"
       }
     },
-    "ordered-read-streams": {
-      "version": "0.1.0",
-      "resolved": "https://registry.npmjs.org/ordered-read-streams/-/ordered-read-streams-0.1.0.tgz",
-      "integrity": "sha1-/VZamvjrRHO6abbtijQ1LLVS8SY=",
-      "dev": true
-    },
     "os-filter-obj": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/os-filter-obj/-/os-filter-obj-2.0.0.tgz",
@@ -9684,12 +9551,6 @@
         "arch": "^2.1.0"
       }
     },
-    "os-homedir": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/os-homedir/-/os-homedir-1.0.2.tgz",
-      "integrity": "sha1-/7xJiDNuDoM94MFox+8VISGqf7M=",
-      "dev": true
-    },
     "os-locale": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/os-locale/-/os-locale-1.4.0.tgz",
@@ -9699,12 +9560,31 @@
         "lcid": "^1.0.0"
       }
     },
+    "os-name": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/os-name/-/os-name-1.0.3.tgz",
+      "integrity": "sha1-GzefZINa98Wn9JizV8uVIVwVnt8=",
+      "dev": true,
+      "requires": {
+        "osx-release": "^1.0.0",
+        "win-release": "^1.0.0"
+      }
+    },
     "os-tmpdir": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz",
       "integrity": "sha1-u+Z0BseaqFxc/sdm/lc0VV36EnQ=",
       "dev": true
     },
+    "osx-release": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/osx-release/-/osx-release-1.1.0.tgz",
+      "integrity": "sha1-8heRGigTaUmvG/kwiyQeJzfTzWw=",
+      "dev": true,
+      "requires": {
+        "minimist": "^1.1.0"
+      }
+    },
     "p-cancelable": {
       "version": "0.3.0",
       "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-0.3.0.tgz",
@@ -9733,9 +9613,9 @@
       "dev": true
     },
     "p-limit": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-1.2.0.tgz",
-      "integrity": "sha512-Y/OtIaXtUPr4/YpMv1pCL5L5ed0rumAaAeBSj12F+bSlMdys7i8oQF/GUJmfpTS/QoaRrS/k6pma29haJpsMng==",
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-1.3.0.tgz",
+      "integrity": "sha512-vvcXsLAJ9Dr5rQOPk7toZQZJApBl2K4J6dANSsEuh6QI41JYcsS/qhTGa9ErIUUgK3WNQoJYvylxvjqmiqEA9Q==",
       "dev": true,
       "requires": {
         "p-try": "^1.0.0"
@@ -9751,10 +9631,13 @@
       }
     },
     "p-map": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/p-map/-/p-map-2.1.0.tgz",
-      "integrity": "sha512-y3b8Kpd8OAN444hxfBbFfj1FY/RjtTd8tzYwhUqNYXx0fXx2iX4maP4Qr6qhIKbQXI02wTLAda4fYUbDagTUFw==",
-      "dev": true
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/p-map/-/p-map-3.0.0.tgz",
+      "integrity": "sha512-d3qXVTF/s+W+CdJ5A29wywV2n8CQQYahlgz2bFiA+4eVNJbHJodPZ+/gXwPGh0bOqA+j8S+6+ckmvLGPk1QpxQ==",
+      "dev": true,
+      "requires": {
+        "aggregate-error": "^3.0.0"
+      }
     },
     "p-map-series": {
       "version": "1.0.0",
@@ -9766,9 +9649,9 @@
       }
     },
     "p-pipe": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/p-pipe/-/p-pipe-1.2.0.tgz",
-      "integrity": "sha1-SxoROZoRUgpneQ7loMHViB1r7+k=",
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/p-pipe/-/p-pipe-3.0.0.tgz",
+      "integrity": "sha512-gwwdRFmaxsT3IU+Tl3vYKVRdjfhg8Bbdjw7B+E0y6F7Yz6l+eaQLn0BRmGMXIhcPDONPtOkMoNwx1etZh4zPJA==",
       "dev": true
     },
     "p-reduce": {
@@ -9792,6 +9675,21 @@
       "integrity": "sha1-y8ec26+P1CKOE/Yh8rGiN8GyB7M=",
       "dev": true
     },
+    "parent-module": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz",
+      "integrity": "sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==",
+      "dev": true,
+      "requires": {
+        "callsites": "^3.0.0"
+      }
+    },
+    "parse-domain": {
+      "version": "0.2.2",
+      "resolved": "https://registry.npmjs.org/parse-domain/-/parse-domain-0.2.2.tgz",
+      "integrity": "sha1-GImJseLnOYv/PE9P19yhV+tR+sE=",
+      "dev": true
+    },
     "parse-filepath": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/parse-filepath/-/parse-filepath-1.0.2.tgz",
@@ -9824,6 +9722,15 @@
       "integrity": "sha1-bVuTSkVpk7I9N/QKOC1vFmao5cY=",
       "dev": true
     },
+    "parse5": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/parse5/-/parse5-3.0.3.tgz",
+      "integrity": "sha512-rgO9Zg5LLLkfJF9E6CCmXlSE4UVceloys8JrFqCcHloC3usd/kJCyPDwH2SOlzix2j3xaP9sUX3e8+kvkuleAA==",
+      "dev": true,
+      "requires": {
+        "@types/node": "*"
+      }
+    },
     "parseqs": {
       "version": "0.0.5",
       "resolved": "https://registry.npmjs.org/parseqs/-/parseqs-0.0.5.tgz",
@@ -9881,12 +9788,6 @@
       "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=",
       "dev": true
     },
-    "path-is-inside": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/path-is-inside/-/path-is-inside-1.0.2.tgz",
-      "integrity": "sha1-NlQX3t5EQw0cEa9hAn+s8HS9/FM=",
-      "dev": true
-    },
     "path-key": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/path-key/-/path-key-2.0.1.tgz",
@@ -9932,12 +9833,18 @@
       "dev": true
     },
     "performance-now": {
-      "version": "0.2.0",
-      "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-0.2.0.tgz",
-      "integrity": "sha1-M+8wxcd9TqIcWlOGnZG1bY8lVeU=",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz",
+      "integrity": "sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns=",
       "dev": true,
       "optional": true
     },
+    "picomatch": {
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.0.7.tgz",
+      "integrity": "sha512-oLHIdio3tZ0qH76NybpeneBhYVj0QFTfXEFTc/B3zKQspYfYYkWYgFsmzo+4kvId/bQRcNkVeguI3y+CD22BtA==",
+      "dev": true
+    },
     "pify": {
       "version": "2.3.0",
       "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz",
@@ -9960,36 +9867,77 @@
       }
     },
     "pkg-conf": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/pkg-conf/-/pkg-conf-2.1.0.tgz",
-      "integrity": "sha1-ISZRTKbyq/69FoWW3xi6V4Z/AFg=",
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/pkg-conf/-/pkg-conf-3.1.0.tgz",
+      "integrity": "sha512-m0OTbR/5VPNPqO1ph6Fqbj7Hv6QU7gR/tQW40ZqrL1rjgCU85W6C1bJn0BItuJqnR98PWzw7Z8hHeChD1WrgdQ==",
       "dev": true,
       "requires": {
-        "find-up": "^2.0.0",
-        "load-json-file": "^4.0.0"
+        "find-up": "^3.0.0",
+        "load-json-file": "^5.2.0"
       },
       "dependencies": {
         "find-up": {
-          "version": "2.1.0",
-          "resolved": "https://registry.npmjs.org/find-up/-/find-up-2.1.0.tgz",
-          "integrity": "sha1-RdG35QbHF93UgndaK3eSCjwMV6c=",
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/find-up/-/find-up-3.0.0.tgz",
+          "integrity": "sha512-1yD6RmLI1XBfxugvORwlck6f75tYL+iR0jqwsOrOxMZyGYqUuDhJ0l4AXdO1iX/FTs9cBAMEk1gWSEx1kSbylg==",
           "dev": true,
           "requires": {
-            "locate-path": "^2.0.0"
+            "locate-path": "^3.0.0"
           }
         },
+        "graceful-fs": {
+          "version": "4.2.2",
+          "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.2.tgz",
+          "integrity": "sha512-IItsdsea19BoLC7ELy13q1iJFNmd7ofZH5+X/pJr90/nRoPEX0DJo1dHDbgtYWOhJhcCgMDTOw84RZ72q6lB+Q==",
+          "dev": true
+        },
         "load-json-file": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/load-json-file/-/load-json-file-4.0.0.tgz",
-          "integrity": "sha1-L19Fq5HjMhYjT9U62rZo607AmTs=",
+          "version": "5.3.0",
+          "resolved": "https://registry.npmjs.org/load-json-file/-/load-json-file-5.3.0.tgz",
+          "integrity": "sha512-cJGP40Jc/VXUsp8/OrnyKyTZ1y6v/dphm3bioS+RrKXjK2BB6wHUd6JptZEFDGgGahMT+InnZO5i1Ei9mpC8Bw==",
           "dev": true,
           "requires": {
-            "graceful-fs": "^4.1.2",
+            "graceful-fs": "^4.1.15",
             "parse-json": "^4.0.0",
-            "pify": "^3.0.0",
-            "strip-bom": "^3.0.0"
+            "pify": "^4.0.1",
+            "strip-bom": "^3.0.0",
+            "type-fest": "^0.3.0"
+          }
+        },
+        "locate-path": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-3.0.0.tgz",
+          "integrity": "sha512-7AO748wWnIhNqAuaty2ZWHkQHRSNfPVIsPIfwEOWO22AmaoVrWavlOcMR5nzTLNYvp36X220/maaRsrec1G65A==",
+          "dev": true,
+          "requires": {
+            "p-locate": "^3.0.0",
+            "path-exists": "^3.0.0"
           }
         },
+        "p-limit": {
+          "version": "2.2.1",
+          "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.2.1.tgz",
+          "integrity": "sha512-85Tk+90UCVWvbDavCLKPOLC9vvY8OwEX/RtKF+/1OADJMVlFfEHOiMTPVyxg7mk/dKa+ipdHm0OUkTvCpMTuwg==",
+          "dev": true,
+          "requires": {
+            "p-try": "^2.0.0"
+          }
+        },
+        "p-locate": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-3.0.0.tgz",
+          "integrity": "sha512-x+12w/To+4GFfgJhBEpiDcLozRJGegY+Ei7/z0tSLkMmxGZNybVMSfWj9aJn8Z5Fc7dBUNJOOVgPv2H7IwulSQ==",
+          "dev": true,
+          "requires": {
+            "p-limit": "^2.0.0"
+          }
+        },
+        "p-try": {
+          "version": "2.2.0",
+          "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz",
+          "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==",
+          "dev": true
+        },
         "parse-json": {
           "version": "4.0.0",
           "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-4.0.0.tgz",
@@ -10000,10 +9948,16 @@
             "json-parse-better-errors": "^1.0.1"
           }
         },
-        "pify": {
+        "path-exists": {
           "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz",
-          "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY=",
+          "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz",
+          "integrity": "sha1-zg6+ql94yxiSXqfYENe1mwEP1RU=",
+          "dev": true
+        },
+        "pify": {
+          "version": "4.0.1",
+          "resolved": "https://registry.npmjs.org/pify/-/pify-4.0.1.tgz",
+          "integrity": "sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==",
           "dev": true
         },
         "strip-bom": {
@@ -10074,12 +10028,6 @@
         "irregular-plurals": "^2.0.0"
       }
     },
-    "pluralize": {
-      "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/pluralize/-/pluralize-7.0.0.tgz",
-      "integrity": "sha512-ARhBOdzS3e41FbkW/XWrTEtukqqLoK5+Z/4UeDaLuSW+39JPeFgs4gCGqsrJHVZX0fUrx//4OF0K1CUGwlIFow==",
-      "dev": true
-    },
     "portscanner": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/portscanner/-/portscanner-2.1.1.tgz",
@@ -10097,9 +10045,9 @@
       "dev": true
     },
     "postcss": {
-      "version": "7.0.16",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-7.0.16.tgz",
-      "integrity": "sha512-MOo8zNSlIqh22Uaa3drkdIAgUGEL+AD1ESiSdmElLUmE2uVDo1QloiT/IfW9qRw8Gw+Y/w69UVMGwbufMSftxA==",
+      "version": "7.0.18",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-7.0.18.tgz",
+      "integrity": "sha512-/7g1QXXgegpF+9GJj4iN7ChGF40sYuGYJ8WZu8DZWnmhQ/G36hfdk3q9LBJmoK+lZ+yzZ5KYpOoxq7LF1BxE8g==",
       "dev": true,
       "requires": {
         "chalk": "^2.4.2",
@@ -10156,9 +10104,9 @@
       }
     },
     "postcss-value-parser": {
-      "version": "3.3.1",
-      "resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-3.3.1.tgz",
-      "integrity": "sha512-pISE66AbVkp4fDQ7VHBwRNXzAAKJjw4Vw7nWI/+Q3vuly7SNfgYXvm6i5IgFylHGK5sP/xHAbB7N49OS4gWNyQ==",
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.0.2.tgz",
+      "integrity": "sha512-LmeoohTpp/K4UiyQCwuGWlONxXamGzCMtFxLq4W1nZVGIQLYvMCJx3yAF9qyyuFpflABI9yVdtJAqbihOsCsJQ==",
       "dev": true
     },
     "prelude-ls": {
@@ -10174,9 +10122,9 @@
       "dev": true
     },
     "pretty-bytes": {
-      "version": "5.2.0",
-      "resolved": "https://registry.npmjs.org/pretty-bytes/-/pretty-bytes-5.2.0.tgz",
-      "integrity": "sha512-ujANBhiUsl9AhREUDUEY1GPOharMGm8x8juS7qOHybcLi7XsKfrYQ88hSly1l2i0klXHTDYrlL8ihMCG55Dc3w==",
+      "version": "5.3.0",
+      "resolved": "https://registry.npmjs.org/pretty-bytes/-/pretty-bytes-5.3.0.tgz",
+      "integrity": "sha512-hjGrh+P926p4R4WbaB6OckyRtO0F0/lQBiT+0gnxjV+5kjPBrfVBFCsCLbMqVQeydvIoouYTCmmEURiH3R1Bdg==",
       "dev": true
     },
     "pretty-hrtime": {
@@ -10228,8 +10176,7 @@
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/prr/-/prr-1.0.1.tgz",
       "integrity": "sha1-0/wRS6BplaRexok/SEzrHXj19HY=",
-      "dev": true,
-      "optional": true
+      "dev": true
     },
     "pseudomap": {
       "version": "1.0.2",
@@ -10237,6 +10184,12 @@
       "integrity": "sha1-8FKijacOYYkX7wqKw0wa5aaChrM=",
       "dev": true
     },
+    "psl": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/psl/-/psl-1.4.0.tgz",
+      "integrity": "sha512-HZzqCGPecFLyoRj5HLfuDSKYTJkAfB5thKBIkRHtGjWwY7p1dAyveIbXIq4tO0KYfDF2tHqPUgY9SDnGm00uFw==",
+      "dev": true
+    },
     "pump": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz",
@@ -10244,213 +10197,61 @@
       "dev": true,
       "requires": {
         "end-of-stream": "^1.1.0",
-        "once": "^1.3.1"
-      },
-      "dependencies": {
-        "end-of-stream": {
-          "version": "1.4.1",
-          "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.1.tgz",
-          "integrity": "sha512-1MkrZNvWTKCaigbn+W15elq2BB/L22nqrSY5DKlo3X6+vclJm8Bb5djXJBmEX6fS3+zCh/F4VBK5Z2KxJt4s2Q==",
-          "dev": true,
-          "requires": {
-            "once": "^1.4.0"
-          }
-        }
-      }
-    },
-    "punycode": {
-      "version": "1.4.1",
-      "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz",
-      "integrity": "sha1-wNWmOycYgArY4esPpSachN1BhF4=",
-      "dev": true,
-      "optional": true
-    },
-    "purify-css": {
-      "version": "1.2.5",
-      "resolved": "https://registry.npmjs.org/purify-css/-/purify-css-1.2.5.tgz",
-      "integrity": "sha512-Vy4jRnV2w/kUjTyxzQOKbFkqwUe6RNLuZgIWR/IRQ8nCqRwiFgwC9XiO9+8poq5KL053uWAQnCSbsfihq77zPg==",
-      "dev": true,
-      "requires": {
-        "clean-css": "^4.0.12",
-        "glob": "^7.1.1",
-        "rework": "^1.0.1",
-        "uglify-js": "^3.0.6",
-        "yargs": "^8.0.1"
-      },
-      "dependencies": {
-        "ansi-regex": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz",
-          "integrity": "sha1-7QMXwyIGT3lGbAKWa922Bas32Zg=",
-          "dev": true
-        },
-        "camelcase": {
-          "version": "4.1.0",
-          "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-4.1.0.tgz",
-          "integrity": "sha1-1UVjW+HjPFQmScaRc+Xeas+uNN0=",
-          "dev": true
-        },
-        "find-up": {
-          "version": "2.1.0",
-          "resolved": "https://registry.npmjs.org/find-up/-/find-up-2.1.0.tgz",
-          "integrity": "sha1-RdG35QbHF93UgndaK3eSCjwMV6c=",
-          "dev": true,
-          "requires": {
-            "locate-path": "^2.0.0"
-          }
-        },
-        "glob": {
-          "version": "7.1.2",
-          "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.2.tgz",
-          "integrity": "sha512-MJTUg1kjuLeQCJ+ccE4Vpa6kKVXkPYJ2mOCQyUuKLcLQsdrMCpBPUi8qVE6+YuaJkozeA9NusTAw3hLr8Xe5EQ==",
-          "dev": true,
-          "requires": {
-            "fs.realpath": "^1.0.0",
-            "inflight": "^1.0.4",
-            "inherits": "2",
-            "minimatch": "^3.0.4",
-            "once": "^1.3.0",
-            "path-is-absolute": "^1.0.0"
-          }
-        },
-        "is-fullwidth-code-point": {
-          "version": "2.0.0",
-          "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz",
-          "integrity": "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8=",
-          "dev": true
-        },
-        "load-json-file": {
-          "version": "2.0.0",
-          "resolved": "https://registry.npmjs.org/load-json-file/-/load-json-file-2.0.0.tgz",
-          "integrity": "sha1-eUfkIUmvgNaWy/eXvKq8/h/inKg=",
-          "dev": true,
-          "requires": {
-            "graceful-fs": "^4.1.2",
-            "parse-json": "^2.2.0",
-            "pify": "^2.0.0",
-            "strip-bom": "^3.0.0"
-          }
-        },
-        "os-locale": {
-          "version": "2.1.0",
-          "resolved": "https://registry.npmjs.org/os-locale/-/os-locale-2.1.0.tgz",
-          "integrity": "sha512-3sslG3zJbEYcaC4YVAvDorjGxc7tv6KVATnLPZONiljsUncvihe9BQoVCEs0RZ1kmf4Hk9OBqlZfJZWI4GanKA==",
-          "dev": true,
-          "requires": {
-            "execa": "^0.7.0",
-            "lcid": "^1.0.0",
-            "mem": "^1.1.0"
-          }
-        },
-        "path-type": {
-          "version": "2.0.0",
-          "resolved": "https://registry.npmjs.org/path-type/-/path-type-2.0.0.tgz",
-          "integrity": "sha1-8BLMuEFbcJb8LaoQVMPXI4lZTHM=",
-          "dev": true,
-          "requires": {
-            "pify": "^2.0.0"
-          }
-        },
-        "read-pkg": {
-          "version": "2.0.0",
-          "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-2.0.0.tgz",
-          "integrity": "sha1-jvHAYjxqbbDcZxPEv6xGMysjaPg=",
-          "dev": true,
-          "requires": {
-            "load-json-file": "^2.0.0",
-            "normalize-package-data": "^2.3.2",
-            "path-type": "^2.0.0"
-          }
-        },
-        "read-pkg-up": {
-          "version": "2.0.0",
-          "resolved": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-2.0.0.tgz",
-          "integrity": "sha1-a3KoBImE4MQeeVEP1en6mbO1Sb4=",
-          "dev": true,
-          "requires": {
-            "find-up": "^2.0.0",
-            "read-pkg": "^2.0.0"
-          }
-        },
-        "source-map": {
-          "version": "0.6.1",
-          "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
-          "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
-          "dev": true
-        },
-        "string-width": {
-          "version": "2.1.1",
-          "resolved": "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz",
-          "integrity": "sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw==",
-          "dev": true,
-          "requires": {
-            "is-fullwidth-code-point": "^2.0.0",
-            "strip-ansi": "^4.0.0"
-          }
-        },
-        "strip-ansi": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz",
-          "integrity": "sha1-qEeQIusaw2iocTibY1JixQXuNo8=",
-          "dev": true,
-          "requires": {
-            "ansi-regex": "^3.0.0"
-          }
-        },
-        "strip-bom": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz",
-          "integrity": "sha1-IzTBjpx1n3vdVv3vfprj1YjmjtM=",
-          "dev": true
-        },
-        "uglify-js": {
-          "version": "3.3.23",
-          "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.3.23.tgz",
-          "integrity": "sha512-Ks+KqLGDsYn4z+pU7JsKCzC0T3mPYl+rU+VcPZiQOazjE4Uqi4UCRY3qPMDbJi7ze37n1lDXj3biz1ik93vqvw==",
+        "once": "^1.3.1"
+      },
+      "dependencies": {
+        "end-of-stream": {
+          "version": "1.4.1",
+          "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.1.tgz",
+          "integrity": "sha512-1MkrZNvWTKCaigbn+W15elq2BB/L22nqrSY5DKlo3X6+vclJm8Bb5djXJBmEX6fS3+zCh/F4VBK5Z2KxJt4s2Q==",
           "dev": true,
           "requires": {
-            "commander": "~2.15.0",
-            "source-map": "~0.6.1"
+            "once": "^1.4.0"
           }
-        },
-        "which-module": {
-          "version": "2.0.0",
-          "resolved": "https://registry.npmjs.org/which-module/-/which-module-2.0.0.tgz",
-          "integrity": "sha1-2e8H3Od7mQK4o6j6SzHD4/fm6Ho=",
-          "dev": true
-        },
-        "yargs": {
-          "version": "8.0.2",
-          "resolved": "https://registry.npmjs.org/yargs/-/yargs-8.0.2.tgz",
-          "integrity": "sha1-YpmpBVsc78lp/355wdkY3Osiw2A=",
+        }
+      }
+    },
+    "pumpify": {
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/pumpify/-/pumpify-1.5.1.tgz",
+      "integrity": "sha512-oClZI37HvuUJJxSKKrC17bZ9Cu0ZYhEAGPsPUy9KlMUmv9dKX2o77RUmq7f3XjIxbwyGwYzbzQ1L2Ks8sIradQ==",
+      "dev": true,
+      "requires": {
+        "duplexify": "^3.6.0",
+        "inherits": "^2.0.3",
+        "pump": "^2.0.0"
+      },
+      "dependencies": {
+        "duplexify": {
+          "version": "3.7.1",
+          "resolved": "https://registry.npmjs.org/duplexify/-/duplexify-3.7.1.tgz",
+          "integrity": "sha512-07z8uv2wMyS51kKhD1KsdXJg5WQ6t93RneqRxUHnskXVtlYYkLqM0gqStQZ3pj073g687jPCHrqNfCzawLYh5g==",
           "dev": true,
           "requires": {
-            "camelcase": "^4.1.0",
-            "cliui": "^3.2.0",
-            "decamelize": "^1.1.1",
-            "get-caller-file": "^1.0.1",
-            "os-locale": "^2.0.0",
-            "read-pkg-up": "^2.0.0",
-            "require-directory": "^2.1.1",
-            "require-main-filename": "^1.0.1",
-            "set-blocking": "^2.0.0",
-            "string-width": "^2.0.0",
-            "which-module": "^2.0.0",
-            "y18n": "^3.2.1",
-            "yargs-parser": "^7.0.0"
+            "end-of-stream": "^1.0.0",
+            "inherits": "^2.0.1",
+            "readable-stream": "^2.0.0",
+            "stream-shift": "^1.0.0"
           }
         },
-        "yargs-parser": {
-          "version": "7.0.0",
-          "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-7.0.0.tgz",
-          "integrity": "sha1-jQrELxbqVd69MyyvTEA4s+P139k=",
+        "pump": {
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/pump/-/pump-2.0.1.tgz",
+          "integrity": "sha512-ruPMNRkN3MHP1cWJc9OWr+T/xDP0jhXYCLfJcBuX54hhfIBnaQmAUMfDcG4DM5UMWByBbJY69QSphm3jtDKIkA==",
           "dev": true,
           "requires": {
-            "camelcase": "^4.1.0"
+            "end-of-stream": "^1.1.0",
+            "once": "^1.3.1"
           }
         }
       }
     },
+    "punycode": {
+      "version": "1.4.1",
+      "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz",
+      "integrity": "sha1-wNWmOycYgArY4esPpSachN1BhF4=",
+      "dev": true
+    },
     "q": {
       "version": "1.5.1",
       "resolved": "https://registry.npmjs.org/q/-/q-1.5.1.tgz",
@@ -10491,6 +10292,17 @@
         "http-errors": "1.7.2",
         "iconv-lite": "0.4.24",
         "unpipe": "1.0.0"
+      },
+      "dependencies": {
+        "iconv-lite": {
+          "version": "0.4.24",
+          "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
+          "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
+          "dev": true,
+          "requires": {
+            "safer-buffer": ">= 2.1.2 < 3"
+          }
+        }
       }
     },
     "rc": {
@@ -10514,9 +10326,9 @@
       }
     },
     "react-is": {
-      "version": "16.8.6",
-      "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.8.6.tgz",
-      "integrity": "sha512-aUk3bHfZ2bRSVFFbbeVS4i+lNPZr3/WM5jT2J5omUVV1zzcs1nAaf3l51ctA5FFvCRbhrH0bdAsRRQddFJZPtA==",
+      "version": "16.9.0",
+      "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.9.0.tgz",
+      "integrity": "sha512-tJBzzzIgnnRfEm046qRcURvwQnZVXmuCbscxUO5RWrGTXpon2d4c8mI0D8WE6ydVIm29JiLB6+RslkIvym9Rjw==",
       "dev": true
     },
     "read-pkg": {
@@ -10609,6 +10421,27 @@
       "integrity": "sha512-lv0M6+TkDVniA3aD1Eg0DVpfU/booSu7Eev3TDO/mZKHBfVjgCGTV4t4buppESEYDtkArYFOxTJWv6S5C+iaNw==",
       "dev": true
     },
+    "remove-bom-buffer": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/remove-bom-buffer/-/remove-bom-buffer-3.0.0.tgz",
+      "integrity": "sha512-8v2rWhaakv18qcvNeli2mZ/TMTL2nEyAKRvzo1WtnZBl15SHyEhrCu2/xKlJyUFKHiHgfXIyuY6g2dObJJycXQ==",
+      "dev": true,
+      "requires": {
+        "is-buffer": "^1.1.5",
+        "is-utf8": "^0.2.1"
+      }
+    },
+    "remove-bom-stream": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/remove-bom-stream/-/remove-bom-stream-1.2.0.tgz",
+      "integrity": "sha1-BfGlk/FuQuH7kOv1nejlaVJflSM=",
+      "dev": true,
+      "requires": {
+        "remove-bom-buffer": "^3.0.0",
+        "safe-buffer": "^5.1.0",
+        "through2": "^2.0.3"
+      }
+    },
     "remove-trailing-separator": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/remove-trailing-separator/-/remove-trailing-separator-1.1.0.tgz",
@@ -10637,58 +10470,88 @@
       }
     },
     "replace-ext": {
-      "version": "0.0.1",
-      "resolved": "https://registry.npmjs.org/replace-ext/-/replace-ext-0.0.1.tgz",
-      "integrity": "sha1-KbvZIHinOfC8zitO5B6DeVNSKSQ=",
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/replace-ext/-/replace-ext-1.0.0.tgz",
+      "integrity": "sha1-3mMSg3P8v3w8z6TeWkgMRaZ5WOs=",
       "dev": true
     },
+    "replace-homedir": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/replace-homedir/-/replace-homedir-1.0.0.tgz",
+      "integrity": "sha1-6H9tUTuSjd6AgmDBK+f+xv9ueYw=",
+      "dev": true,
+      "requires": {
+        "homedir-polyfill": "^1.0.1",
+        "is-absolute": "^1.0.0",
+        "remove-trailing-separator": "^1.1.0"
+      }
+    },
     "request": {
-      "version": "2.81.0",
-      "resolved": "https://registry.npmjs.org/request/-/request-2.81.0.tgz",
-      "integrity": "sha1-xpKJRqDgbF+Nb4qTM0af/aRimKA=",
+      "version": "2.88.0",
+      "resolved": "https://registry.npmjs.org/request/-/request-2.88.0.tgz",
+      "integrity": "sha512-NAqBSrijGLZdM0WZNsInLJpkJokL72XYjUpnB0iwsRgxh7dB6COrHnTBNwN0E+lHDAJzu7kLAkDeY08z2/A0hg==",
       "dev": true,
       "optional": true,
       "requires": {
-        "aws-sign2": "~0.6.0",
-        "aws4": "^1.2.1",
+        "aws-sign2": "~0.7.0",
+        "aws4": "^1.8.0",
         "caseless": "~0.12.0",
-        "combined-stream": "~1.0.5",
-        "extend": "~3.0.0",
+        "combined-stream": "~1.0.6",
+        "extend": "~3.0.2",
         "forever-agent": "~0.6.1",
-        "form-data": "~2.1.1",
-        "har-validator": "~4.2.1",
-        "hawk": "~3.1.3",
-        "http-signature": "~1.1.0",
+        "form-data": "~2.3.2",
+        "har-validator": "~5.1.0",
+        "http-signature": "~1.2.0",
         "is-typedarray": "~1.0.0",
         "isstream": "~0.1.2",
         "json-stringify-safe": "~5.0.1",
-        "mime-types": "~2.1.7",
-        "oauth-sign": "~0.8.1",
-        "performance-now": "^0.2.0",
-        "qs": "~6.4.0",
-        "safe-buffer": "^5.0.1",
-        "stringstream": "~0.0.4",
-        "tough-cookie": "~2.3.0",
+        "mime-types": "~2.1.19",
+        "oauth-sign": "~0.9.0",
+        "performance-now": "^2.1.0",
+        "qs": "~6.5.2",
+        "safe-buffer": "^5.1.2",
+        "tough-cookie": "~2.4.3",
         "tunnel-agent": "^0.6.0",
-        "uuid": "^3.0.0"
+        "uuid": "^3.3.2"
       },
       "dependencies": {
-        "qs": {
-          "version": "6.4.0",
-          "resolved": "https://registry.npmjs.org/qs/-/qs-6.4.0.tgz",
-          "integrity": "sha1-E+JtKK1rD/qpExLNO/cI7TUecjM=",
+        "extend": {
+          "version": "3.0.2",
+          "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
+          "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==",
           "dev": true,
           "optional": true
         },
-        "tunnel-agent": {
-          "version": "0.6.0",
-          "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz",
-          "integrity": "sha1-J6XeoGs2sEoKmWZ3SykIaPD8QP0=",
+        "mime-db": {
+          "version": "1.40.0",
+          "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.40.0.tgz",
+          "integrity": "sha512-jYdeOMPy9vnxEqFRRo6ZvTZ8d9oPb+k18PKoYNYUe2stVEBPPwsln/qWzdbmaIvnhZ9v2P+CuecK+fpUfsV2mA==",
+          "dev": true,
+          "optional": true
+        },
+        "mime-types": {
+          "version": "2.1.24",
+          "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.24.tgz",
+          "integrity": "sha512-WaFHS3MCl5fapm3oLxU4eYDw77IQM2ACcxQ9RIxfaC3ooc6PFuBMGZZsYpvoXS5D5QTWPieo1jjLdAm3TBP3cQ==",
           "dev": true,
           "optional": true,
           "requires": {
-            "safe-buffer": "^5.0.1"
+            "mime-db": "1.40.0"
           }
+        },
+        "qs": {
+          "version": "6.5.2",
+          "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz",
+          "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==",
+          "dev": true,
+          "optional": true
+        },
+        "uuid": {
+          "version": "3.3.3",
+          "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.3.3.tgz",
+          "integrity": "sha512-pW0No1RGHgzlpHJO1nsVrHKpOEIxkGg1xB+v0ZmdNH5OAeAwzAVrCnI2/6Mtx+Uys6iaylxa+D3g4j63IKKjSQ==",
+          "dev": true,
+          "optional": true
         }
       }
     },
@@ -10704,16 +10567,6 @@
       "integrity": "sha1-l/cXtp1IeE9fUmpsWqj/3aBVpNE=",
       "dev": true
     },
-    "require-uncached": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/require-uncached/-/require-uncached-1.0.3.tgz",
-      "integrity": "sha1-Tg1W1slmL9MeQwEcS5WqSZVUIdM=",
-      "dev": true,
-      "requires": {
-        "caller-path": "^0.1.0",
-        "resolve-from": "^1.0.0"
-      }
-    },
     "requires-port": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz",
@@ -10740,11 +10593,20 @@
       }
     },
     "resolve-from": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-1.0.1.tgz",
-      "integrity": "sha1-Jsv+k10a7uq7Kbw/5a6wHpPUQiY=",
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz",
+      "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==",
       "dev": true
     },
+    "resolve-options": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/resolve-options/-/resolve-options-1.1.0.tgz",
+      "integrity": "sha1-MrueOcBtZzONyTeMDW1gdFZq0TE=",
+      "dev": true,
+      "requires": {
+        "value-or-function": "^3.0.0"
+      }
+    },
     "resolve-url": {
       "version": "0.2.1",
       "resolved": "https://registry.npmjs.org/resolve-url/-/resolve-url-0.2.1.tgz",
@@ -10786,23 +10648,11 @@
       "integrity": "sha512-TTlYpa+OL+vMMNG24xSlQGEJ3B/RzEfUlLct7b5G/ytav+wPrplCpVMFuwzXbkecJrb6IYo1iFb0S9v37754mg==",
       "dev": true
     },
-    "rework": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/rework/-/rework-1.0.1.tgz",
-      "integrity": "sha1-MIBqhBNCtUUQqkEQhQzUhTQUSqc=",
-      "dev": true,
-      "requires": {
-        "convert-source-map": "^0.3.3",
-        "css": "^2.0.0"
-      },
-      "dependencies": {
-        "convert-source-map": {
-          "version": "0.3.5",
-          "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-0.3.5.tgz",
-          "integrity": "sha1-8dgClQr33SYxof6+BZZVDIarMZA=",
-          "dev": true
-        }
-      }
+    "reusify": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz",
+      "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==",
+      "dev": true
     },
     "right-align": {
       "version": "0.1.3",
@@ -10838,6 +10688,34 @@
         }
       }
     },
+    "robot-directives": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/robot-directives/-/robot-directives-0.3.0.tgz",
+      "integrity": "sha1-F0+x/8KpuXh3MB6HyJs5X0KdH2U=",
+      "dev": true,
+      "requires": {
+        "isbot": "^2.0.0",
+        "useragent": "^2.1.8"
+      }
+    },
+    "robots-txt-guard": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/robots-txt-guard/-/robots-txt-guard-0.1.1.tgz",
+      "integrity": "sha512-6+nGkE6c2dI9/dmhmNcoMKVwJxlA6sgN/XNo0rm6LLdA0hnj4YkpgrZdhMPl58gJkAqeiHlf4+8tJcLM1tv1Ew==",
+      "dev": true
+    },
+    "robots-txt-parse": {
+      "version": "0.0.4",
+      "resolved": "https://registry.npmjs.org/robots-txt-parse/-/robots-txt-parse-0.0.4.tgz",
+      "integrity": "sha1-99HzI/eZIdfpxsS70lBI9umBDXE=",
+      "dev": true,
+      "requires": {
+        "bluebird": "^2.3.5",
+        "split": "^0.3.0",
+        "stream-combiner": "^0.2.1",
+        "through": "^2.3.4"
+      }
+    },
     "run-async": {
       "version": "2.3.0",
       "resolved": "https://registry.npmjs.org/run-async/-/run-async-2.3.0.tgz",
@@ -10985,6 +10863,15 @@
       "integrity": "sha512-4SJ3dm0WAwWy/NVeioZh5AntkdJoWKxHxcmyP622fOkgHa4z3R0TdBJICINyaSDE6uNwVc8gZr+ZinwZAH4xIA==",
       "dev": true
     },
+    "semver-greatest-satisfied-range": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/semver-greatest-satisfied-range/-/semver-greatest-satisfied-range-1.1.0.tgz",
+      "integrity": "sha1-E+jCZYq5aRywzXEJMkAoDTb3els=",
+      "dev": true,
+      "requires": {
+        "sver-compat": "^1.5.0"
+      }
+    },
     "semver-regex": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/semver-regex/-/semver-regex-2.0.0.tgz",
@@ -11048,12 +10935,6 @@
         }
       }
     },
-    "sequencify": {
-      "version": "0.0.7",
-      "resolved": "https://registry.npmjs.org/sequencify/-/sequencify-0.0.7.tgz",
-      "integrity": "sha1-kM/xnQLgcCf9dn9erT57ldHnOAw=",
-      "dev": true
-    },
     "serve-index": {
       "version": "1.9.1",
       "resolved": "https://registry.npmjs.org/serve-index/-/serve-index-1.9.1.tgz",
@@ -11120,9 +11001,9 @@
       "dev": true
     },
     "set-value": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/set-value/-/set-value-2.0.0.tgz",
-      "integrity": "sha512-hw0yxk9GT/Hr5yJEYnHNKYXkIA8mVJgd9ditYZCe16ZczcaELYYcfvaXesNACk2O8O0nTiPQcQhGUQj8JLzeeg==",
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/set-value/-/set-value-2.0.1.tgz",
+      "integrity": "sha512-JxHc1weCN68wRY0fhCoXpyK55m/XPHafOmK4UWD7m2CI14GMcFypt4w/0+NV5f/ZMby2F6S2wwA7fgynh9gWSw==",
       "dev": true,
       "requires": {
         "extend-shallow": "^2.0.1",
@@ -11188,20 +11069,31 @@
       "dev": true
     },
     "slash": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/slash/-/slash-1.0.0.tgz",
-      "integrity": "sha1-xB8vbDn8FtHNF61LXYlhFK5HDVU=",
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz",
+      "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==",
       "dev": true
     },
     "slice-ansi": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-1.0.0.tgz",
-      "integrity": "sha512-POqxBK6Lb3q6s047D/XsDVNPnF9Dl8JSaqe9h9lURl0OdNqy/ujDrOiIHtsqXMGbWWTIomRzAMaTyawAU//Reg==",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-2.1.0.tgz",
+      "integrity": "sha512-Qu+VC3EwYLldKa1fCxuuvULvSJOKEgk9pi8dZeCVK7TqBfUNTH4sFkk4joj8afVSfAYgJoSOetjx9QWOJ5mYoQ==",
       "dev": true,
       "requires": {
+        "ansi-styles": "^3.2.0",
+        "astral-regex": "^1.0.0",
         "is-fullwidth-code-point": "^2.0.0"
       },
       "dependencies": {
+        "ansi-styles": {
+          "version": "3.2.1",
+          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
+          "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
+          "dev": true,
+          "requires": {
+            "color-convert": "^1.9.0"
+          }
+        },
         "is-fullwidth-code-point": {
           "version": "2.0.0",
           "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz",
@@ -11318,16 +11210,6 @@
         "kind-of": "^3.2.0"
       }
     },
-    "sntp": {
-      "version": "1.0.9",
-      "resolved": "https://registry.npmjs.org/sntp/-/sntp-1.0.9.tgz",
-      "integrity": "sha1-ZUEYTMkK7qbG57NeJlkIJEPGYZg=",
-      "dev": true,
-      "optional": true,
-      "requires": {
-        "hoek": "2.x.x"
-      }
-    },
     "socket.io": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/socket.io/-/socket.io-2.1.1.tgz",
@@ -11531,9 +11413,9 @@
       "dev": true
     },
     "sparkles": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/sparkles/-/sparkles-1.0.0.tgz",
-      "integrity": "sha1-Gsu/tZJDbRC76PeFt8xvgoFQEsM=",
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/sparkles/-/sparkles-1.0.1.tgz",
+      "integrity": "sha512-dSO0DDYUahUt/0/pD/Is3VIm5TGJjludZ0HVymmhYF6eNA53PVLhnUk0znSYbH8IYBuJdCE+1luR22jNLMaQdw==",
       "dev": true
     },
     "spdx-correct": {
@@ -11568,6 +11450,15 @@
       "integrity": "sha512-2+EPwgbnmOIl8HjGBXXMd9NAu02vLjOO1nWw4kmeRDFyHn+M/ETfHxQUK0oXg8ctgVnl9t3rosNVsZ1jG61nDA==",
       "dev": true
     },
+    "split": {
+      "version": "0.3.3",
+      "resolved": "https://registry.npmjs.org/split/-/split-0.3.3.tgz",
+      "integrity": "sha1-zQ7qXmOiEd//frDwkcQTPi0N0o8=",
+      "dev": true,
+      "requires": {
+        "through": "2"
+      }
+    },
     "split-string": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/split-string/-/split-string-3.1.0.tgz",
@@ -11577,6 +11468,12 @@
         "extend-shallow": "^3.0.0"
       }
     },
+    "splitargs": {
+      "version": "0.0.7",
+      "resolved": "https://registry.npmjs.org/splitargs/-/splitargs-0.0.7.tgz",
+      "integrity": "sha1-/p965lc3GzOxDLgNoUPPgknPazs=",
+      "dev": true
+    },
     "sprintf-js": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
@@ -11595,9 +11492,9 @@
       }
     },
     "sshpk": {
-      "version": "1.14.1",
-      "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.14.1.tgz",
-      "integrity": "sha1-Ew9Zde3a2WPx1W+SuaxsUfqfg+s=",
+      "version": "1.16.1",
+      "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.16.1.tgz",
+      "integrity": "sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==",
       "dev": true,
       "optional": true,
       "requires": {
@@ -11608,16 +11505,8 @@
         "ecc-jsbn": "~0.1.1",
         "getpass": "^0.1.1",
         "jsbn": "~0.1.0",
+        "safer-buffer": "^2.0.2",
         "tweetnacl": "~0.14.0"
-      },
-      "dependencies": {
-        "assert-plus": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
-          "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU=",
-          "dev": true,
-          "optional": true
-        }
       }
     },
     "stable": {
@@ -11627,39 +11516,45 @@
       "dev": true,
       "optional": true
     },
+    "stack-trace": {
+      "version": "0.0.10",
+      "resolved": "https://registry.npmjs.org/stack-trace/-/stack-trace-0.0.10.tgz",
+      "integrity": "sha1-VHxws0fo0ytOEI6hoqFZ5f3eGcA=",
+      "dev": true
+    },
     "standard": {
-      "version": "12.0.1",
-      "resolved": "https://registry.npmjs.org/standard/-/standard-12.0.1.tgz",
-      "integrity": "sha512-UqdHjh87OG2gUrNCSM4QRLF5n9h3TFPwrCNyVlkqu31Hej0L/rc8hzKqVvkb2W3x0WMq7PzZdkLfEcBhVOR6lg==",
-      "dev": true,
-      "requires": {
-        "eslint": "~5.4.0",
-        "eslint-config-standard": "12.0.0",
-        "eslint-config-standard-jsx": "6.0.2",
-        "eslint-plugin-import": "~2.14.0",
-        "eslint-plugin-node": "~7.0.1",
-        "eslint-plugin-promise": "~4.0.0",
-        "eslint-plugin-react": "~7.11.1",
+      "version": "14.3.0",
+      "resolved": "https://registry.npmjs.org/standard/-/standard-14.3.0.tgz",
+      "integrity": "sha512-F3Su3IAxDrOW+v4O/WiPFp6SZ0FWj+H4NEtGrEI1iaCf5LWD0nIfcXh0GIyKQgpmswQFWBIAvgONihT8U5UM4w==",
+      "dev": true,
+      "requires": {
+        "eslint": "~6.4.0",
+        "eslint-config-standard": "14.1.0",
+        "eslint-config-standard-jsx": "8.1.0",
+        "eslint-plugin-import": "~2.18.0",
+        "eslint-plugin-node": "~10.0.0",
+        "eslint-plugin-promise": "~4.2.1",
+        "eslint-plugin-react": "~7.14.2",
         "eslint-plugin-standard": "~4.0.0",
-        "standard-engine": "~9.0.0"
+        "standard-engine": "^12.0.0"
       }
     },
     "standard-engine": {
-      "version": "9.0.0",
-      "resolved": "https://registry.npmjs.org/standard-engine/-/standard-engine-9.0.0.tgz",
-      "integrity": "sha512-ZfNfCWZ2Xq67VNvKMPiVMKHnMdvxYzvZkf1AH8/cw2NLDBm5LRsxMqvEJpsjLI/dUosZ3Z1d6JlHDp5rAvvk2w==",
+      "version": "12.0.0",
+      "resolved": "https://registry.npmjs.org/standard-engine/-/standard-engine-12.0.0.tgz",
+      "integrity": "sha512-gJIIRb0LpL7AHyGbN9+hJ4UJns37lxmNTnMGRLC8CFrzQ+oB/K60IQjKNgPBCB2VP60Ypm6f8DFXvhVWdBOO+g==",
       "dev": true,
       "requires": {
-        "deglob": "^2.1.0",
-        "get-stdin": "^6.0.0",
+        "deglob": "^4.0.0",
+        "get-stdin": "^7.0.0",
         "minimist": "^1.1.0",
-        "pkg-conf": "^2.0.0"
+        "pkg-conf": "^3.1.0"
       },
       "dependencies": {
         "get-stdin": {
-          "version": "6.0.0",
-          "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-6.0.0.tgz",
-          "integrity": "sha512-jp4tHawyV7+fkkSKyvjuLZswblUtz+SQKzSWnBbii16BuZksJlU1wuBYXY75r+duh/llF1ur6oNwi+2ZzjKZ7g==",
+          "version": "7.0.0",
+          "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-7.0.0.tgz",
+          "integrity": "sha512-zRKcywvrXlXsA0v0i9Io4KDRaAw7+a1ZpjRwl9Wox8PFlVCCHra7E9c4kqXCoCM9nR5tBkaTTZRBoCm60bFqTQ==",
           "dev": true
         }
       }
@@ -11691,11 +11586,15 @@
       "integrity": "sha1-+vUbnrdKrvOzrPStX2Gr8ky3uT4=",
       "dev": true
     },
-    "stream-consume": {
-      "version": "0.1.1",
-      "resolved": "https://registry.npmjs.org/stream-consume/-/stream-consume-0.1.1.tgz",
-      "integrity": "sha512-tNa3hzgkjEP7XbCkbRXe1jpg+ievoa0O4SCFlMOYEscGSS4JJsckGL8swUyAa/ApGU3Ae4t6Honor4HhL+tRyg==",
-      "dev": true
+    "stream-combiner": {
+      "version": "0.2.2",
+      "resolved": "https://registry.npmjs.org/stream-combiner/-/stream-combiner-0.2.2.tgz",
+      "integrity": "sha1-rsjLrBd7Vrb0+kec7YwZEs7lKFg=",
+      "dev": true,
+      "requires": {
+        "duplexer": "~0.1.1",
+        "through": "~2.3.4"
+      }
     },
     "stream-counter": {
       "version": "1.0.0",
@@ -11703,6 +11602,21 @@
       "integrity": "sha1-kc8lac5NxQYf6816yyY5SloRR1E=",
       "dev": true
     },
+    "stream-exhaust": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/stream-exhaust/-/stream-exhaust-1.0.2.tgz",
+      "integrity": "sha512-b/qaq/GlBK5xaq1yrK9/zFcyRSTNxmcZwFLGSTG0mXgZl/4Z6GgiyYOXOvY7N3eEvFRAG1bkDRz5EPGSvPYQlw==",
+      "dev": true
+    },
+    "stream-length": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/stream-length/-/stream-length-1.0.2.tgz",
+      "integrity": "sha1-gnfzy+5JpNqrz9tOL0qbXp8snwA=",
+      "dev": true,
+      "requires": {
+        "bluebird": "^2.6.2"
+      }
+    },
     "stream-shift": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.0.tgz",
@@ -11725,6 +11639,12 @@
       "integrity": "sha1-J5siXfHVgrH1TmWt3UNS4Y+qBxM=",
       "dev": true
     },
+    "string": {
+      "version": "3.3.3",
+      "resolved": "https://registry.npmjs.org/string/-/string-3.3.3.tgz",
+      "integrity": "sha1-XqIRzZLSKOGEKUmQpsyXs2anfLA=",
+      "dev": true
+    },
     "string-width": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/string-width/-/string-width-1.0.2.tgz",
@@ -11745,13 +11665,6 @@
         "safe-buffer": "~5.1.0"
       }
     },
-    "stringstream": {
-      "version": "0.0.5",
-      "resolved": "https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz",
-      "integrity": "sha1-TkhM1N5aC7vuGORjB3EKioFiGHg=",
-      "dev": true,
-      "optional": true
-    },
     "strip-ansi": {
       "version": "3.0.1",
       "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz",
@@ -11781,6 +11694,7 @@
       "resolved": "https://registry.npmjs.org/strip-dirs/-/strip-dirs-2.1.0.tgz",
       "integrity": "sha512-JOCxOeKLm2CAS73y/U4ZeZPTkE+gNVCzKt7Eox84Iej1LT/2pTWYpZKJuxwQpvX1LiZb1xokNR7RLfuBAa7T3g==",
       "dev": true,
+      "optional": true,
       "requires": {
         "is-natural-number": "^4.0.1"
       }
@@ -11801,9 +11715,9 @@
       }
     },
     "strip-json-comments": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz",
-      "integrity": "sha1-PFMZQukIwml8DsNEhYwobHygpgo=",
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.0.1.tgz",
+      "integrity": "sha512-VTyMAUfdm047mwKl+u79WIdrZxtFtn+nBxHeb844XBQ9uMNTuTHdx2hc5RiAJYqwTj3wc/xe5HLSdJSkJ+WfZw==",
       "dev": true
     },
     "strip-outer": {
@@ -11827,10 +11741,20 @@
       "integrity": "sha1-U10EXOa2Nj+kARcIRimZXp3zJMc=",
       "dev": true
     },
+    "sver-compat": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/sver-compat/-/sver-compat-1.5.0.tgz",
+      "integrity": "sha1-PPh9/rTQe0o/FIJ7wYaz/QxkXNg=",
+      "dev": true,
+      "requires": {
+        "es6-iterator": "^2.0.1",
+        "es6-symbol": "^3.1.1"
+      }
+    },
     "svgo": {
-      "version": "1.2.2",
-      "resolved": "https://registry.npmjs.org/svgo/-/svgo-1.2.2.tgz",
-      "integrity": "sha512-rAfulcwp2D9jjdGu+0CuqlrAUin6bBWrpoqXWwKDZZZJfXcUXQSxLJOFJCQCSA0x0pP2U0TxSlJu2ROq5Bq6qA==",
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/svgo/-/svgo-1.3.0.tgz",
+      "integrity": "sha512-MLfUA6O+qauLDbym+mMZgtXCGRfIxyQoeH6IKVcFslyODEe/ElJNwr0FohQ3xG4C6HK6bk3KYPPXwHVJk3V5NQ==",
       "dev": true,
       "optional": true,
       "requires": {
@@ -11838,8 +11762,7 @@
         "coa": "^2.0.2",
         "css-select": "^2.0.0",
         "css-select-base-adapter": "^0.1.1",
-        "css-tree": "1.0.0-alpha.28",
-        "css-url-regex": "^1.1.0",
+        "css-tree": "1.0.0-alpha.33",
         "csso": "^3.5.1",
         "js-yaml": "^3.13.1",
         "mkdirp": "~0.5.1",
@@ -11950,57 +11873,23 @@
       "dev": true
     },
     "table": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/table/-/table-4.0.3.tgz",
-      "integrity": "sha512-S7rnFITmBH1EnyKcvxBh1LjYeQMmnZtCXSEbHcH6S0NoKit24ZuFO/T1vDcLdYsLQkM188PVVhQmzKIuThNkKg==",
+      "version": "5.4.6",
+      "resolved": "https://registry.npmjs.org/table/-/table-5.4.6.tgz",
+      "integrity": "sha512-wmEc8m4fjnob4gt5riFRtTu/6+4rSe12TpAELNSqHMfF3IqnA+CH37USM6/YR3qRZv7e56kAEAtd6nKZaxe0Ug==",
       "dev": true,
       "requires": {
-        "ajv": "^6.0.1",
-        "ajv-keywords": "^3.0.0",
-        "chalk": "^2.1.0",
-        "lodash": "^4.17.4",
-        "slice-ansi": "1.0.0",
-        "string-width": "^2.1.1"
+        "ajv": "^6.10.2",
+        "lodash": "^4.17.14",
+        "slice-ansi": "^2.1.0",
+        "string-width": "^3.0.0"
       },
       "dependencies": {
-        "ajv": {
-          "version": "6.10.0",
-          "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.10.0.tgz",
-          "integrity": "sha512-nffhOpkymDECQyR0mnsUtoCE8RlX38G0rYP+wgLWFyZuUyuuojSSvi/+euOiQBIn63whYwYVIIH1TvE3tu4OEg==",
-          "dev": true,
-          "requires": {
-            "fast-deep-equal": "^2.0.1",
-            "fast-json-stable-stringify": "^2.0.0",
-            "json-schema-traverse": "^0.4.1",
-            "uri-js": "^4.2.2"
-          }
-        },
         "ansi-regex": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz",
-          "integrity": "sha1-7QMXwyIGT3lGbAKWa922Bas32Zg=",
+          "version": "4.1.0",
+          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz",
+          "integrity": "sha512-1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg==",
           "dev": true
         },
-        "ansi-styles": {
-          "version": "3.2.1",
-          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
-          "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
-          "dev": true,
-          "requires": {
-            "color-convert": "^1.9.0"
-          }
-        },
-        "chalk": {
-          "version": "2.4.2",
-          "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
-          "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
-          "dev": true,
-          "requires": {
-            "ansi-styles": "^3.2.1",
-            "escape-string-regexp": "^1.0.5",
-            "supports-color": "^5.3.0"
-          }
-        },
         "is-fullwidth-code-point": {
           "version": "2.0.0",
           "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz",
@@ -12008,31 +11897,23 @@
           "dev": true
         },
         "string-width": {
-          "version": "2.1.1",
-          "resolved": "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz",
-          "integrity": "sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw==",
+          "version": "3.1.0",
+          "resolved": "https://registry.npmjs.org/string-width/-/string-width-3.1.0.tgz",
+          "integrity": "sha512-vafcv6KjVZKSgz06oM/H6GDBrAtz8vdhQakGjFIvNrHA6y3HCF1CInLy+QLq8dTJPQ1b+KDUqDFctkdRW44e1w==",
           "dev": true,
           "requires": {
+            "emoji-regex": "^7.0.1",
             "is-fullwidth-code-point": "^2.0.0",
-            "strip-ansi": "^4.0.0"
-          }
-        },
-        "strip-ansi": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz",
-          "integrity": "sha1-qEeQIusaw2iocTibY1JixQXuNo8=",
-          "dev": true,
-          "requires": {
-            "ansi-regex": "^3.0.0"
-          }
-        },
-        "supports-color": {
-          "version": "5.5.0",
-          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
-          "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+            "strip-ansi": "^5.1.0"
+          }
+        },
+        "strip-ansi": {
+          "version": "5.2.0",
+          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz",
+          "integrity": "sha512-DuRs1gKbBqsMKIZlrffwlug8MHkcnpjs5VPmL1PAh+mA30U0DTotfDZ0d2UUsXpPmPmMMJ6W773MaA3J+lbiWA==",
           "dev": true,
           "requires": {
-            "has-flag": "^3.0.0"
+            "ansi-regex": "^4.1.0"
           }
         }
       }
@@ -12080,15 +11961,26 @@
       }
     },
     "ternary-stream": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/ternary-stream/-/ternary-stream-2.0.1.tgz",
-      "integrity": "sha1-Bk5Im0tb9gumpre8fy9cJ07Pgmk=",
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/ternary-stream/-/ternary-stream-3.0.0.tgz",
+      "integrity": "sha512-oIzdi+UL/JdktkT+7KU5tSIQjj8pbShj3OASuvDEhm0NT5lppsm7aXWAmAq4/QMaBIyfuEcNLbAQA+HpaISobQ==",
       "dev": true,
       "requires": {
-        "duplexify": "^3.5.0",
+        "duplexify": "^4.1.1",
         "fork-stream": "^0.0.4",
-        "merge-stream": "^1.0.0",
-        "through2": "^2.0.1"
+        "merge-stream": "^2.0.0",
+        "through2": "^3.0.1"
+      },
+      "dependencies": {
+        "through2": {
+          "version": "3.0.1",
+          "resolved": "https://registry.npmjs.org/through2/-/through2-3.0.1.tgz",
+          "integrity": "sha512-M96dvTalPT3YbYLaKaCuwu+j06D/8Jfib0o/PxbVt6Amhv3dUAtW6rTV1jPgJSBG83I/e04Y6xkVdVhSRhi0ww==",
+          "dev": true,
+          "requires": {
+            "readable-stream": "2 || 3"
+          }
+        }
       }
     },
     "terser": {
@@ -12167,13 +12059,118 @@
         "through2": "^2.0.0"
       }
     },
-    "tildify": {
+    "through2-filter": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/through2-filter/-/through2-filter-3.0.0.tgz",
+      "integrity": "sha512-jaRjI2WxN3W1V8/FMZ9HKIBXixtiqs3SQSX4/YGIiP3gL6djW48VoZq9tDqeCWs3MT8YY5wb/zli8VW8snY1CA==",
+      "dev": true,
+      "requires": {
+        "through2": "~2.0.0",
+        "xtend": "~4.0.0"
+      }
+    },
+    "through2-sink": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/through2-sink/-/through2-sink-1.0.0.tgz",
+      "integrity": "sha1-XxBruh1zMNrTy6XAqxhjkjJWw5k=",
+      "dev": true,
+      "requires": {
+        "through2": "~0.5.1",
+        "xtend": "~3.0.0"
+      },
+      "dependencies": {
+        "isarray": {
+          "version": "0.0.1",
+          "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz",
+          "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8=",
+          "dev": true
+        },
+        "readable-stream": {
+          "version": "1.0.34",
+          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.0.34.tgz",
+          "integrity": "sha1-Elgg40vIQtLyqq+v5MKRbuMsFXw=",
+          "dev": true,
+          "requires": {
+            "core-util-is": "~1.0.0",
+            "inherits": "~2.0.1",
+            "isarray": "0.0.1",
+            "string_decoder": "~0.10.x"
+          }
+        },
+        "string_decoder": {
+          "version": "0.10.31",
+          "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz",
+          "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ=",
+          "dev": true
+        },
+        "through2": {
+          "version": "0.5.1",
+          "resolved": "https://registry.npmjs.org/through2/-/through2-0.5.1.tgz",
+          "integrity": "sha1-390BLrnHAOIyP9M084rGIqs3Lac=",
+          "dev": true,
+          "requires": {
+            "readable-stream": "~1.0.17",
+            "xtend": "~3.0.0"
+          }
+        },
+        "xtend": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/xtend/-/xtend-3.0.0.tgz",
+          "integrity": "sha1-XM50B7r2Qsunvs2laBEcST9ZZlo=",
+          "dev": true
+        }
+      }
+    },
+    "through2-spy": {
       "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/tildify/-/tildify-1.2.0.tgz",
-      "integrity": "sha1-3OwD9V3Km3qj5bBPIYF+tW5jWIo=",
+      "resolved": "https://registry.npmjs.org/through2-spy/-/through2-spy-1.2.0.tgz",
+      "integrity": "sha1-nIkcqcpA4eHkzzHhrFf5TMnSSMs=",
       "dev": true,
       "requires": {
-        "os-homedir": "^1.0.0"
+        "through2": "~0.5.1",
+        "xtend": "~3.0.0"
+      },
+      "dependencies": {
+        "isarray": {
+          "version": "0.0.1",
+          "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz",
+          "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8=",
+          "dev": true
+        },
+        "readable-stream": {
+          "version": "1.0.34",
+          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.0.34.tgz",
+          "integrity": "sha1-Elgg40vIQtLyqq+v5MKRbuMsFXw=",
+          "dev": true,
+          "requires": {
+            "core-util-is": "~1.0.0",
+            "inherits": "~2.0.1",
+            "isarray": "0.0.1",
+            "string_decoder": "~0.10.x"
+          }
+        },
+        "string_decoder": {
+          "version": "0.10.31",
+          "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz",
+          "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ=",
+          "dev": true
+        },
+        "through2": {
+          "version": "0.5.1",
+          "resolved": "https://registry.npmjs.org/through2/-/through2-0.5.1.tgz",
+          "integrity": "sha1-390BLrnHAOIyP9M084rGIqs3Lac=",
+          "dev": true,
+          "requires": {
+            "readable-stream": "~1.0.17",
+            "xtend": "~3.0.0"
+          }
+        },
+        "xtend": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/xtend/-/xtend-3.0.0.tgz",
+          "integrity": "sha1-XM50B7r2Qsunvs2laBEcST9ZZlo=",
+          "dev": true
+        }
       }
     },
     "time-stamp": {
@@ -12207,6 +12204,16 @@
         "os-tmpdir": "~1.0.2"
       }
     },
+    "to-absolute-glob": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/to-absolute-glob/-/to-absolute-glob-2.0.2.tgz",
+      "integrity": "sha1-GGX0PZ50sIItufFFt4z/fQ98hJs=",
+      "dev": true,
+      "requires": {
+        "is-absolute": "^1.0.0",
+        "is-negated-glob": "^1.0.0"
+      }
+    },
     "to-array": {
       "version": "0.1.4",
       "resolved": "https://registry.npmjs.org/to-array/-/to-array-0.1.4.tgz",
@@ -12261,6 +12268,15 @@
         }
       }
     },
+    "to-through": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/to-through/-/to-through-2.0.0.tgz",
+      "integrity": "sha1-/JKtq6ByZHvAtn1rA2ZKoZUJOvY=",
+      "dev": true,
+      "requires": {
+        "through2": "^2.0.3"
+      }
+    },
     "toidentifier": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.0.tgz",
@@ -12268,12 +12284,12 @@
       "dev": true
     },
     "tough-cookie": {
-      "version": "2.3.4",
-      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.3.4.tgz",
-      "integrity": "sha512-TZ6TTfI5NtZnuyy/Kecv+CnoROnyXn2DN97LontgQpCwsX2XyLYCC0ENhYkehSOwAp8rTQKc/NUIF7BkQ5rKLA==",
+      "version": "2.4.3",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.4.3.tgz",
+      "integrity": "sha512-Q5srk/4vDM54WJsJio3XNn6K2sCG+CQ8G5Wz6bZhRZoAe/+TxjWB/GlFAnYEbkYVlON9FMk/fE3h2RLpPXo4lQ==",
       "dev": true,
-      "optional": true,
       "requires": {
+        "psl": "^1.1.24",
         "punycode": "^1.4.1"
       }
     },
@@ -12292,11 +12308,18 @@
         "escape-string-regexp": "^1.0.2"
       }
     },
+    "tslib": {
+      "version": "1.10.0",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.10.0.tgz",
+      "integrity": "sha512-qOebF53frne81cf0S9B41ByenJ3/IuH8yJKngAX35CmiZySA0khhkovshKK+jGCaMnVomla7gVlIcc3EvKPbTQ==",
+      "dev": true
+    },
     "tunnel-agent": {
       "version": "0.6.0",
       "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz",
       "integrity": "sha1-J6XeoGs2sEoKmWZ3SykIaPD8QP0=",
       "dev": true,
+      "optional": true,
       "requires": {
         "safe-buffer": "^5.0.1"
       }
@@ -12317,6 +12340,18 @@
         "prelude-ls": "~1.1.2"
       }
     },
+    "type-fest": {
+      "version": "0.3.1",
+      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.3.1.tgz",
+      "integrity": "sha512-cUGJnCdr4STbePCgqNFbpVNCepa+kAVohJs1sLhxzdH+gnEoOd8VhbYa7pD3zZYGiURWM2xzEII3fQcRizDkYQ==",
+      "dev": true
+    },
+    "typedarray": {
+      "version": "0.0.6",
+      "resolved": "https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz",
+      "integrity": "sha1-hnrHTjhkGHsdPUfZlqeOxciDB3c=",
+      "dev": true
+    },
     "ua-parser-js": {
       "version": "0.7.17",
       "resolved": "https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-0.7.17.tgz",
@@ -12400,39 +12435,39 @@
       "integrity": "sha1-5z3T17DXxe2G+6xrCufYxqadUPo=",
       "dev": true
     },
+    "undertaker": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/undertaker/-/undertaker-1.2.1.tgz",
+      "integrity": "sha512-71WxIzDkgYk9ZS+spIB8iZXchFhAdEo2YU8xYqBYJ39DIUIqziK78ftm26eecoIY49X0J2MLhG4hr18Yp6/CMA==",
+      "dev": true,
+      "requires": {
+        "arr-flatten": "^1.0.1",
+        "arr-map": "^2.0.0",
+        "bach": "^1.0.0",
+        "collection-map": "^1.0.0",
+        "es6-weak-map": "^2.0.1",
+        "last-run": "^1.1.0",
+        "object.defaults": "^1.0.0",
+        "object.reduce": "^1.0.0",
+        "undertaker-registry": "^1.0.0"
+      }
+    },
+    "undertaker-registry": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/undertaker-registry/-/undertaker-registry-1.0.1.tgz",
+      "integrity": "sha1-XkvaMI5KiirlhPm5pDWaSZglzFA=",
+      "dev": true
+    },
     "union-value": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/union-value/-/union-value-1.0.0.tgz",
-      "integrity": "sha1-XHHDTLW61dzr4+oM0IIHulqhrqQ=",
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/union-value/-/union-value-1.0.1.tgz",
+      "integrity": "sha512-tJfXmxMeWYnczCVs7XAEvIV7ieppALdyepWMkHkwciRpZraG/xwT+s2JN8+pr1+8jCRf80FFzvr+MpQeeoF4Xg==",
       "dev": true,
       "requires": {
         "arr-union": "^3.1.0",
         "get-value": "^2.0.6",
         "is-extendable": "^0.1.1",
-        "set-value": "^0.4.3"
-      },
-      "dependencies": {
-        "extend-shallow": {
-          "version": "2.0.1",
-          "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz",
-          "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=",
-          "dev": true,
-          "requires": {
-            "is-extendable": "^0.1.0"
-          }
-        },
-        "set-value": {
-          "version": "0.4.3",
-          "resolved": "https://registry.npmjs.org/set-value/-/set-value-0.4.3.tgz",
-          "integrity": "sha1-fbCPnT0i3H945Trzw79GZuzfzPE=",
-          "dev": true,
-          "requires": {
-            "extend-shallow": "^2.0.1",
-            "is-extendable": "^0.1.1",
-            "is-plain-object": "^2.0.1",
-            "to-object-path": "^0.3.0"
-          }
-        }
+        "set-value": "^2.0.1"
       }
     },
     "uniq": {
@@ -12442,10 +12477,14 @@
       "dev": true
     },
     "unique-stream": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/unique-stream/-/unique-stream-1.0.0.tgz",
-      "integrity": "sha1-1ZpKdUJ0R9mqbJHnAmP40mpLEEs=",
-      "dev": true
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/unique-stream/-/unique-stream-2.3.1.tgz",
+      "integrity": "sha512-2nY4TnBE70yoxHkDli7DMazpWiP7xMdCYqU2nBRO0UB+ZpEkGsSija7MvmvnZFUeC+mrgiUfcHSr3LmRFIg4+A==",
+      "dev": true,
+      "requires": {
+        "json-stable-stringify-without-jsonify": "^1.0.1",
+        "through2-filter": "^3.0.0"
+      }
     },
     "universalify": {
       "version": "0.1.2",
@@ -12518,6 +12557,12 @@
         }
       }
     },
+    "unzip-response": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/unzip-response/-/unzip-response-2.0.1.tgz",
+      "integrity": "sha1-0vD3N9FrBhXnKmk17QQhRXLVb5c=",
+      "dev": true
+    },
     "upath": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/upath/-/upath-1.1.2.tgz",
@@ -12568,6 +12613,26 @@
       "integrity": "sha1-FQWgOiiaSMvXpDTvuu7FBV9WM6k=",
       "dev": true
     },
+    "urlcache": {
+      "version": "0.7.0",
+      "resolved": "https://registry.npmjs.org/urlcache/-/urlcache-0.7.0.tgz",
+      "integrity": "sha512-xOW4t6wJDT07+VunsHwePemyXXRidCSOZ/1RIILJi2XnB+81FA5H0MRvS63/7joTWjGLajcJJGvR5odpbkV6hw==",
+      "dev": true,
+      "requires": {
+        "urlobj": "0.0.11"
+      }
+    },
+    "urlobj": {
+      "version": "0.0.11",
+      "resolved": "https://registry.npmjs.org/urlobj/-/urlobj-0.0.11.tgz",
+      "integrity": "sha512-Ncck0WWtuFBbZhSYwKjK1AU2V51V98P/KHUPkaEc+mFy4xkpAHFNyVQT+S5SgtsJAr94e4wiKUucJSfasV2kBw==",
+      "dev": true,
+      "requires": {
+        "is-object": "^1.0.1",
+        "is-string": "^1.0.4",
+        "object-assign": "^4.1.1"
+      }
+    },
     "use": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/use/-/use-3.1.0.tgz",
@@ -12585,11 +12650,15 @@
         }
       }
     },
-    "user-home": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/user-home/-/user-home-1.1.1.tgz",
-      "integrity": "sha1-K1viOjK2Onyd640PKNSFcko98ZA=",
-      "dev": true
+    "useragent": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/useragent/-/useragent-2.3.0.tgz",
+      "integrity": "sha512-4AoH4pxuSvHCjqLO04sU6U/uE65BYza8l/KKBS0b0hnUPWi+cQ2BpeTEwejCSx9SPV5/U03nniDTrWx5NrmKdw==",
+      "dev": true,
+      "requires": {
+        "lru-cache": "4.1.x",
+        "tmp": "0.0.x"
+      }
     },
     "util-deprecate": {
       "version": "1.0.2",
@@ -12620,13 +12689,19 @@
       "integrity": "sha512-jZnMwlb9Iku/O3smGWvZhauCf6cvvpKi4BKRiliS3cxnI+Gz9j5MEpTz2UFuXiKPJocb7gnsLHwiS05ige5BEA==",
       "dev": true
     },
+    "v8-compile-cache": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.1.0.tgz",
+      "integrity": "sha512-usZBT3PW+LOjM25wbqIlZwPeJV+3OSz3M1k1Ws8snlW39dZyYL9lOGC5FgPVHfk0jKmjiDV8Z0mIbVQPiwFs7g==",
+      "dev": true
+    },
     "v8flags": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/v8flags/-/v8flags-2.1.1.tgz",
-      "integrity": "sha1-qrGh+jDUX4jdMhFIh1rALAtV5bQ=",
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/v8flags/-/v8flags-3.1.3.tgz",
+      "integrity": "sha512-amh9CCg3ZxkzQ48Mhcb8iX7xpAfYJgePHxWMQCBWECpOSqJUXgY26ncA61UTV0BkPqfhcy6mzwCIoP4ygxpW8w==",
       "dev": true,
       "requires": {
-        "user-home": "^1.1.1"
+        "homedir-polyfill": "^1.0.1"
       }
     },
     "validate-npm-package-license": {
@@ -12639,6 +12714,12 @@
         "spdx-expression-parse": "^3.0.0"
       }
     },
+    "value-or-function": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/value-or-function/-/value-or-function-3.0.0.tgz",
+      "integrity": "sha1-HCQ6ULWVwb5Up1S/7OhWO5/42BM=",
+      "dev": true
+    },
     "verror": {
       "version": "1.10.0",
       "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz",
@@ -12649,113 +12730,60 @@
         "assert-plus": "^1.0.0",
         "core-util-is": "1.0.2",
         "extsprintf": "^1.2.0"
-      },
-      "dependencies": {
-        "assert-plus": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
-          "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU=",
-          "dev": true,
-          "optional": true
-        }
       }
     },
     "vinyl": {
-      "version": "0.5.3",
-      "resolved": "https://registry.npmjs.org/vinyl/-/vinyl-0.5.3.tgz",
-      "integrity": "sha1-sEVbOPxeDPMNQyUTLkYZcMIJHN4=",
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/vinyl/-/vinyl-2.2.0.tgz",
+      "integrity": "sha512-MBH+yP0kC/GQ5GwBqrTPTzEfiiLjta7hTtvQtbxBgTeSXsmKQRQecjibMbxIXzVT3Y9KJK+drOz1/k+vsu8Nkg==",
       "dev": true,
       "requires": {
-        "clone": "^1.0.0",
-        "clone-stats": "^0.0.1",
-        "replace-ext": "0.0.1"
+        "clone": "^2.1.1",
+        "clone-buffer": "^1.0.0",
+        "clone-stats": "^1.0.0",
+        "cloneable-readable": "^1.0.0",
+        "remove-trailing-separator": "^1.0.1",
+        "replace-ext": "^1.0.0"
       }
     },
     "vinyl-fs": {
-      "version": "0.3.14",
-      "resolved": "https://registry.npmjs.org/vinyl-fs/-/vinyl-fs-0.3.14.tgz",
-      "integrity": "sha1-mmhRzhysHBzqX+hsCTHWIMLPqeY=",
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/vinyl-fs/-/vinyl-fs-3.0.3.tgz",
+      "integrity": "sha512-vIu34EkyNyJxmP0jscNzWBSygh7VWhqun6RmqVfXePrOwi9lhvRs//dOaGOTRUQr4tx7/zd26Tk5WeSVZitgng==",
+      "dev": true,
+      "requires": {
+        "fs-mkdirp-stream": "^1.0.0",
+        "glob-stream": "^6.1.0",
+        "graceful-fs": "^4.0.0",
+        "is-valid-glob": "^1.0.0",
+        "lazystream": "^1.0.0",
+        "lead": "^1.0.0",
+        "object.assign": "^4.0.4",
+        "pumpify": "^1.3.5",
+        "readable-stream": "^2.3.3",
+        "remove-bom-buffer": "^3.0.0",
+        "remove-bom-stream": "^1.2.0",
+        "resolve-options": "^1.1.0",
+        "through2": "^2.0.0",
+        "to-through": "^2.0.0",
+        "value-or-function": "^3.0.0",
+        "vinyl": "^2.0.0",
+        "vinyl-sourcemap": "^1.1.0"
+      }
+    },
+    "vinyl-sourcemap": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/vinyl-sourcemap/-/vinyl-sourcemap-1.1.0.tgz",
+      "integrity": "sha1-kqgAWTo4cDqM2xHYswCtS+Y7PhY=",
       "dev": true,
       "requires": {
-        "defaults": "^1.0.0",
-        "glob-stream": "^3.1.5",
-        "glob-watcher": "^0.0.6",
-        "graceful-fs": "^3.0.0",
-        "mkdirp": "^0.5.0",
-        "strip-bom": "^1.0.0",
-        "through2": "^0.6.1",
-        "vinyl": "^0.4.0"
-      },
-      "dependencies": {
-        "clone": {
-          "version": "0.2.0",
-          "resolved": "https://registry.npmjs.org/clone/-/clone-0.2.0.tgz",
-          "integrity": "sha1-xhJqkK1Pctv1rNskPMN3JP6T/B8=",
-          "dev": true
-        },
-        "graceful-fs": {
-          "version": "3.0.11",
-          "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-3.0.11.tgz",
-          "integrity": "sha1-dhPHeKGv6mLyXGMKCG1/Osu92Bg=",
-          "dev": true,
-          "requires": {
-            "natives": "^1.1.0"
-          }
-        },
-        "isarray": {
-          "version": "0.0.1",
-          "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz",
-          "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8=",
-          "dev": true
-        },
-        "readable-stream": {
-          "version": "1.0.34",
-          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.0.34.tgz",
-          "integrity": "sha1-Elgg40vIQtLyqq+v5MKRbuMsFXw=",
-          "dev": true,
-          "requires": {
-            "core-util-is": "~1.0.0",
-            "inherits": "~2.0.1",
-            "isarray": "0.0.1",
-            "string_decoder": "~0.10.x"
-          }
-        },
-        "string_decoder": {
-          "version": "0.10.31",
-          "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz",
-          "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ=",
-          "dev": true
-        },
-        "strip-bom": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-1.0.0.tgz",
-          "integrity": "sha1-hbiGLzhEtabV7IRnqTWYFzo295Q=",
-          "dev": true,
-          "requires": {
-            "first-chunk-stream": "^1.0.0",
-            "is-utf8": "^0.2.0"
-          }
-        },
-        "through2": {
-          "version": "0.6.5",
-          "resolved": "https://registry.npmjs.org/through2/-/through2-0.6.5.tgz",
-          "integrity": "sha1-QaucZ7KdVyCQcUEOHXp6lozTrUg=",
-          "dev": true,
-          "requires": {
-            "readable-stream": ">=1.0.33-1 <1.1.0-0",
-            "xtend": ">=4.0.0 <4.1.0-0"
-          }
-        },
-        "vinyl": {
-          "version": "0.4.6",
-          "resolved": "https://registry.npmjs.org/vinyl/-/vinyl-0.4.6.tgz",
-          "integrity": "sha1-LzVsh6VQolVGHza76ypbqL94SEc=",
-          "dev": true,
-          "requires": {
-            "clone": "^0.2.0",
-            "clone-stats": "^0.0.1"
-          }
-        }
+        "append-buffer": "^1.0.2",
+        "convert-source-map": "^1.5.0",
+        "graceful-fs": "^4.1.6",
+        "normalize-path": "^2.1.1",
+        "now-and-later": "^2.0.0",
+        "remove-bom-buffer": "^3.0.0",
+        "vinyl": "^2.0.0"
       }
     },
     "vinyl-sourcemaps-apply": {
@@ -12788,6 +12816,15 @@
       "integrity": "sha1-u6Y8qGGUiZT/MHc2CJ47lgJsKk8=",
       "dev": true
     },
+    "win-release": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/win-release/-/win-release-1.1.1.tgz",
+      "integrity": "sha1-X6VeAr58qTTt/BJmVjLoSbcuUgk=",
+      "dev": true,
+      "requires": {
+        "semver": "^5.0.1"
+      }
+    },
     "window-size": {
       "version": "0.2.0",
       "resolved": "https://registry.npmjs.org/window-size/-/window-size-0.2.0.tgz",
@@ -12817,9 +12854,9 @@
       "dev": true
     },
     "write": {
-      "version": "0.2.1",
-      "resolved": "https://registry.npmjs.org/write/-/write-0.2.1.tgz",
-      "integrity": "sha1-X8A4KOJkzqP+kUVUdvejxWbLB1c=",
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/write/-/write-1.0.3.tgz",
+      "integrity": "sha512-/lg70HAjtkUgWPVZhZcm+T4hkL8Zbtp1nFNOn3lRrxnlv50SRBv7cR7RqR+GMsd3hUXy9hWBo4CHTbFTcOYwig==",
       "dev": true,
       "requires": {
         "mkdirp": "^0.5.1"
diff --git a/package.json b/package.json
index 56057f010a97..27e891832c9e 100644
--- a/package.json
+++ b/package.json
@@ -44,35 +44,35 @@
   },
   "devDependencies": {
     "bootstrap": "3.4.1",
+    "broken-link-checker": "^0.7.8",
     "browser-sync": "2.26.7",
-    "cloudflare": "2.4.1",
-    "del": "4.1.1",
+    "cloudflare": "2.6.0",
+    "del": "5.1.0",
     "echint": "4.0.2",
     "fancy-log": "1.3.3",
     "font-awesome": "4.7.0",
-    "gh-pages": "2.0.1",
+    "gh-pages": "2.1.1",
     "gifsicle": "4.0.1",
     "glob": "7.1.4",
-    "gulp": "3.9.1",
-    "gulp-autoprefixer": "6.1.0",
+    "gulp": "4.0.2",
+    "gulp-autoprefixer": "7.0.0",
     "gulp-clean-css": "4.2.0",
     "gulp-concat": "2.6.1",
-    "gulp-if": "2.0.2",
-    "gulp-imagemin": "6.0.0",
-    "gulp-less": "3.5.0",
-    "gulp-load-plugins": "1.6.0",
+    "gulp-if": "3.0.0",
+    "gulp-imagemin": "6.1.0",
+    "gulp-less": "4.0.1",
+    "gulp-load-plugins": "2.0.1",
     "gulp-minify": "3.1.0",
     "gulp-plumber": "1.2.1",
-    "gulp-purifycss": "0.2.0",
     "gulp-rename": "1.4.0",
     "gulp-resource-hints": "0.2.1",
     "gulp-size": "3.0.0",
     "gulp-sourcemaps": "2.6.5",
     "jpegtran": "1.0.6",
     "list-assets": "0.0.2",
-    "lodash": "4.17.13",
+    "lodash": "4.17.15",
     "run-sequence": "2.2.1",
     "skeleton-css": "2.0.4",
-    "standard": "12.0.1"
+    "standard": "14.3.0"
   }
 }