Merge pull request #1902 from SEKOIA-IO/update-api-keys

Update API keys content

docs/getting_started/manage_api_keys.md

@@ -8,52 +8,54 @@ An API key serves as both a unique identifier and a secret token for authenticat
 
 ### Uses of API Keys
 
-- **Automation**: Automate various tasks and workflows within the platform, enhancing efficiency and productivity
-- **Technical access**: Provide technical access for integrations and interactions without relying on the UI
-- **Specific access control**: Grant precise permissions and access levels specific to the API key’s associated identity, ensuring that only authorized actions are performed
+- **Automation**: Streamline various tasks and workflows within the platform, enhancing efficiency and productivity.
+- **Technical access**: Facilitate technical access for integrations and interactions without relying on the UI.
+- **Specific access control**: Grant precise permissions and access levels specific to the API key’s associated identity, ensuring that only authorized actions are performed.
+
 
 ### Required for certain features
 
 Some features within the app require the creation of an API key, including:
 
-- CTI interconnection: Connect with third-party tools for Cyber Threat Intelligence (CTI) sharing and integration
+- CTI interconnection: Connect with third-party tools for Cyber Threat Intelligence (CTI) sharing and integration.
 - Playbooks: Utilize API keys within playbooks to execute automated responses and processes.
 
-By using API keys, users can seamlessly integrate with Sekoia.io and leverage its capabilities to their full extent, ensuring secure and efficient operations.
+By leveraging API keys, users can seamlessly integrate with Sekoia.io and fully exploit its capabilities, ensuring secure and efficient operations.
 
+!!! Note
+    Sekoia API keys are permissions-based, not role-based.
 
 ## API keys listing
 
 To access the list of generated API keys in your community, you have to go to Settings > Workspace > API Keys.
 
-On this view, you can:
+In this view, you can:
 
-- Search for an API key by using the search bar on top of the table
-- Filter your API keys by status: `Active`, `Revoked`, `All`
+- Search for an API key using the search bar on top of the table
+- Filter your API keys by status: `Active`, `Revoked`, `Expired`, `All`
 - Add a new API Key by clicking on the button `+ API key`
 
+API keys are listed by creation date (Most recently created). 
+
 !!! note 
     Only users with admin roles and permissions have the right to create API keys. 
 
 ## Create an API key
 
-!!! Note
-    API keys can't be assigned built-in roles.
-
-!!! Note
-    One MUST first create a custom role before creating API keys.
-
-
-To create a new API key, you’ll have to:
+To create a new API key, follow these steps:
 
 1. Click on the `+ API key` button
 2. Give a name and a description to your key (description should be more than 10 characters and less than 100 characters)
-3. Select one or more **custom roles** to associate with your key depending on your need. For instance, if you want to use your key to retrieve information from the Intelligence Center, please select a custom role using one of the permissions `View Intelligence` or `View Intelligence with limited access`
-4. Click on `Save`
+3. Set an **expiration date**: Choose the desired expiration period from the available options (30 days, 180 days, 365 days, custom up to 1 year, or no expiration)
+4. **Select permissions**: Specify the permissions you want to assign to the API key to ensure it has only the necessary access
+5. Click on `Save`
 
 !!! Note
     The key will only be displayed once. We recommend you to save it into a vault.
 
+!!! Note 
+    The length of the API key will not exceed 100 characters. 
+
 ## Revoke an API Key
 
 Revoking an API key will make it unusable. It’s rather easy to do but keep in mind that it’s an action that cannot be reversed.