Jira DOC-881: RC - Update REST API docs to reflect new UX (#1615)

* New UI placeholder

* JIRA DOC-694: RC - Update Quickstart for new UX (#1362)

* Updated checked for initial draft.

* Adding missing images

* Adding Delete subscription

* Jira DOC-579: RC - Update Subscription articles for new UX (#1366)

* First pass at 'Create fixed sub' update.

* Interim update; still in progress.

* Initial draft for New Flexible subscription.

* More changes for View Fixed subscription article.

* Initial draft of 'View Flexible subscription' article.

* Update high-availability.md

Fixing YAML block.

* Jira DOC 580: Update Database articles for new UX (#1382)

* Interim check-in

* Interim progress check-in.

* More interim updates

* Initial draft of 'Create database' article for new UX.

* Initial draft for View/Edit databases.

* Adding RoF comment to memory size discussion.

* Minor fixes

* Minor editorial updates. (#1400)

* Fixing typos and an incorrect more info link in RC quick start (#1415)

* Rrelledge rc typos (#1423) (#1424)

* RC subscriptions - fix typos and incorrect links

* RC databases - typo fixes

* RC concepts - typo fixes

* RC admin - fixes for typos and incorrect links

* RC security - fix typos and incorrect links

* Fixing typos.

* More typos

* Even more typos.

* Jira DOC-715: RC: Update Backup database article to reflect new UX (#1419)

* Initial draft of Backup database updates.

* Minor edits/updates

* Update back-up-data.md

Deleted the word "run" before "can perform"

* Update delete-database.md

Removed the 2nd instance of  "to delete a database" from the first sentence to avoid redundancy.

Co-authored-by: Rachel Elledge <86307637+rrelledge@users.noreply.github.com>

* Jira DOC-600: RC - Create "Billing and Payments" topic. (#1453)

* Synchronizing copies.

* Initial draft

* Typo fixes/edits

* Update billing-and-payments.md

Changed "If your billing address is different from your billing address" to "If your billing address is different from your account address".

Co-authored-by: Rachel Elledge <86307637+rrelledge@users.noreply.github.com>

* Merging from master, pt 2

* Initial draft.

* Initial updates to 'Manage API keys'

* Editorial feedback/fixes.

* Editorial feedback.

* More typos; more fixes.

Co-authored-by: Kyle Banker <kyle.banker@redislabs.com>
Co-authored-by: kaitlyn.michael <kaitlyn.michael@redislabs.com>
Co-authored-by: Rachel Elledge <86307637+rrelledge@users.noreply.github.com>

content/rc/api/get-started/_index.md

@@ -16,26 +16,27 @@ To use the Redis Enterprise Cloud REST API, you need to:
 
 - Enable the API
 - Create an account key
-- Create a secret key
+- Create a user key
+- Collect endpoint details
 
 {{< note >}}
 The Redis Cloud REST API is available only with Flexible or Annual subscriptions.  It is not supported for Fixed or Free subscriptions.
 {{< /note >}}
 
 To use the keys to authenticate and authorize your request, include the keys with the request headers:
 
-| Key name    | HTTP Header name   |Description                                            |
-| ----------- | -------------------| ----------------------------------------------------- |
-| Account key | `x-api-key`        | Account-level key assigned to all users of an account |
-| Secret key  | `x-api-secret-key` | Personal key associated with a specific user and possibly limited to certain IP ranges                      |
+| Key name         | HTTP&nbsp;header&nbsp;name   |Description                                            |
+| -----------      | -------------------| ----------------------------------------------------- |
+| Account&nbsp;key | `x-api-key`        | Account-level key assigned to all users of an account |
+| User key       | <nobr>`x-api-secret-key`</nobr> | Personal key associated with a specific user and possibly limited to certain IP ranges                      |
 
 ## Enable the API
 
-The API is disabled on all accounts by default. You must first [enable the API]({{< relref "/rc/api/get-started/enable-the-api.md" >}}) before you can use it.
+The API is disabled on all accounts by default. You must [enable the API]({{< relref "/rc/api/get-started/enable-the-api.md" >}}) before you can use it.
 
 ## Account key
 
-The account key identifies your specific account when you perform an API request.
+The account key identifies your specific account when you perform an API request.  This is the account responsible for your subscription.
 
 {{< note >}}
 An account key is an account-level secret. Do not share this key with anyone not authorized to use the account.
@@ -45,38 +46,42 @@ You create the account key once when enabling API access.
 
 If you need to change or delete your account key, please [contact support](https://redislabs.com/company/support/).
 
-## Secret key
+## User key
 
-The secret key is a personal key that belongs to a specific user having the **owner** role.
+The user key is a personal key that belongs to a specific user having the **owner** role.  User keys are assigned owners when they're created.  Keys cannot be assigned to users that aren't owners.  Keys can belong to only one owner; however, an owner may have multiple keys.
+
+You can view keys or copy their values _only_ during the [creation process]({{< relref "/rc/api/get-started/manage-api-keys.md" >}}).
 
 {{< note >}}
-The secret key is a personal secret. Do not share this key.
+User keys are personal secrets. Do not share them.
 {{< /note >}}
 
-A user can [generate multiple secret keys]({{< relref "/rc/api/get-started/manage-api-keys.md" >}})
-for themselves or for any other users defined as owners within the same account.
+Individual owners can [generate multiple user keys]({{< relref "/rc/api/get-started/manage-api-keys.md" >}})
+for themselves, for separate apps, or for other owners within the same account.
 
-Every secret key has a name. You can use this name to identify which user made a specific API request.
+Use key names to uniquely associate specific API requests to individual users or apps.
 
-For example, when you [audit create, update, and delete requests]({{< relref "/rc/api/examples/audit-system-logs.md" >}}) in the system log, you can easily see which secret key was used for each request.
+Doing so lets you [audit API requests]({{< relref "/rc/api/examples/audit-system-logs.md" >}}) using the system log, which tracks the key used to authenticate each request.
 
 ## Authentication using API keys
 
-You must authenticate using the **account key** and **secret key** on every API request.
+Every API request must use the **account key** and a **user key** to authenticate.
 
-You provide these keys as [HTTP request headers]({{< relref "/rc/api/get-started/use-rest-api.md#using-the-curl-http-client" >}}).
+The keys are provided as [HTTP request headers]({{< relref "/rc/api/get-started/use-rest-api.md#using-the-curl-http-client" >}}), shown earlier.
 
 ## Authenticate a request
 
-An API request will successfully authenticate if the following conditions are met:
+An API request successfully authenticates when:
+
+1. The account and user keys are valid and properly defined in the HTTP request headers.
+1. The user key is associated with the same account as the account key.
+1. The request originates from a valid source IP address, as defined in a [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) allow list associated with the user key.
 
-1. Both the **account key** and **secret key** are valid and properly defined in the HTTP request headers.
-1. The secret key is associated with the same account as the account key.
-1. The request originates from a valid source IP. This requirement holds when you have [defined sourced IP limitations]({{< relref "/rc/api/get-started/manage-api-keys.md#add-a-new-allowed-subnet" >}}) for your secret key.
+    This requirement applies when you've [defined a CIDR allow list]({{<relref "/rc/api/get-started/manage-api-keys#manage-cidr-allow-list">}}) for the secret key.
 
 ## More info
 
 To learn more, see:
 
-- [Managing API keys]({{< relref "/rc/api/get-started/manage-api-keys.md" >}})
+- [Manage API keys]({{< relref "/rc/api/get-started/manage-api-keys.md" >}})
 - [Use the API]({{< relref "/rc/api/get-started/use-rest-api.md" >}})

content/rc/api/get-started/enable-the-api.md

@@ -25,23 +25,25 @@ For security reasons, the Redis Cloud API is disabled by default.
 To enable the API:
 
 1. Sign in to your [Redis Cloud subscription](https://app.redislabs.com) as an account owner.
-1. From the menu, choose **Settings**.
-1. In the **Account** tab, locate the **Cloud API Access Key** in the **Misc** section.
+1. From the menu, choose **Access Management**.
+1. When the **Access Management** screen appears, select the **API Keys** tab.
 
-    {{<image filename="images/rc/settings-cloud-api-key.png" width="75%" alt="Cloud API Access Key setting in the Misc section of the Redis Cloud settings" >}}{{< /image >}}
+    {{<image filename="images/rc/access-management-api-keys-tab.png" width="75%" alt="Use the **API Keys** tab of the **Access Management** screen to manage your REST API keys." >}}{{< /image >}}
 
-    If you do not see the **Cloud API Access Key** setting, verify that you're signed into a Flexible (or Annual) subscription and that you are an account owner.
+1. If a **Copy** button appears to the right of the API account key, the API is enabled.  This button copies the account key to the Clipboard.
 
-1. If the setting contains a key, the API is already enabled.  
+    {{<image filename="images/rc/button-access-management-api-key-copy.png" alt="Use the **Copy** button to copy the access key to the Clipboard." >}}{{< /image >}}
 
-    If you see a **Generate** button, select it to generate your key.
+    If you see an **Enable API** button, select it to enable the API and generate your API account key.
 
-The generated key is the API access key. You need to combine this with a [secret key]({{< relref "/rc/api/get-started/manage-api-keys.md#secret" >}}) to make API calls.
+    {{<image filename="images/rc/button-access-management-enable-api.png" alt="Use the **Enable API** button to enable the REST API for your account." >}}{{< /image >}}
+
+To authenticate REST API calls, you need to combine the API account key with an [API user key]({{< relref "/rc/api/get-started/manage-api-keys.md#secret" >}}) to make API calls.
 
 Only account owners can see the access key in the account settings.
 
 {{< warning >}}
 Make sure that you keep your access keys secret. Anyone who sends an API request with a valid access key can make changes to your account.
 {{< /warning >}}
 
-To further manage your API keys and limit usage by subnet, see [Manage API keys]({{< relref "/rc/api/get-started/manage-api-keys.md" >}}).
+To manage your API keys or to limit IP addresses for user keys, see [Manage API keys]({{< relref "/rc/api/get-started/manage-api-keys.md" >}}).

content/rc/api/get-started/manage-api-keys.md

@@ -1,6 +1,6 @@
 ---
-Title: Create API keys
-description: How to use the Redis Cloud admin console to create and manage API Keys for your Account's team owners
+Title: Manage API keys
+description: How to use the Redis Cloud admin console to create and manage API user keys for your account's team owners
 weight: 20
 alwaysopen: false
 categories: ["RC"]
@@ -13,78 +13,118 @@ aliases: /rv/api/how-to/create-api-keys-for-your-team/
          /rc/api/get-started/manage-api-keys/
          /rc/api/get-started/manage-api-keys.md
 ---
-Every API request must include the following two API keys:
+Every REST API request must include the following API keys:
 
-1. **Account key**: Shown in the **Settings** > **Account**.
-    Before using the API, you must [enable API access for your account ]({{< relref  "/rc/api/get-started/enable-the-api.md" >}}).
-1. **Secret key**: Created by account owners for their use or for other owners on the same account.
+1. The **Account key** identifies the account associated with the Redis Enterprise Cloud subscription.
 
-Here, you'll learn how to manage access keys, including how to:
+2. The **User key** identifies the user and (optionally) the context of a request.  Generated by account owners.
 
-- Generate a key
-- Delete a key
-- Limit key access by subnet
-- Remove subnet access
+Use the **API Keys** tab of the **Access Management** screen to manage your keys:
 
-## Generate a key {#secret}
+1. Sign in to your [Redis Cloud subscription](https://app.redislabs.com) as an account owner.
 
-To generate a secret access key:
+1. From the menu, choose **Access Management** and then select the **API Keys** tab.
 
-1. Sign in to the admin console as an account owner.
-1. From the admin console menu, choose **Settings** and select **Cloud API Keys**.
+    {{<image filename="images/rc/access-management-api-keys-tab.png" width="75%" alt="Use the **API Keys** tab of the **Access Management** screen to manage your REST API keys." >}}{{< /image >}}
 
-    If **Cloud API Keys** is not shown, make sure you have [enabled your account to use the API]({{< relref "/rc/api/get-started/enable-the-api.md" >}}).
-1. To create a new key, select **Add new API secret key**.
-1. Enter the secret key properties:
-    1. User Name: Choose the user associated with the key.
+If an **Enable API** button appears, select it to [enable the REST API]({{< relref "/rc/api/get-started/enable-the-api.md" >}}) for your account.
 
-        API requests using this key will be associated with this user.
-    1. API Key Name: A descriptive name for the key.
+{{<image filename="images/rc/button-access-management-enable-api.png" alt="Use the **Enable API** button to enable the REST API for your account." >}}{{< /image >}}
 
-        Two keys associated with the same user must have different names. Key names must meet these requirements:
-        1. Between 10 and 50 characters
-        1. Only letters, digits, hyphens ('-'), and underscores ('_')
-        1. No spaces
-1. Choose **Generate API Key**.
+## API account key
 
-    A popup window displays the new secret key.
-1. Copy the secret key and store it in a safe location. This is the only time you will be able to retrieve the key.
+The **API account key** is used as the value of the `x-api-key` HTTP header in order to authenticate a REST API request.
 
-{{< note >}}
-The users list contains only verified users in the current account that have the **owner** role.
-{{< /note >}}
+By default, the **API account key** is masked; that is, it is obscured for security reasons.  You can use the **Show** button to display the key and the **Hide** button to mask it.
 
-## Delete an access key
+{{<image filename="images/rc/button-access-management-show-key.png" alt="The **Show** button displays the account key." >}}{{< /image >}} &nbsp; {{<image filename="images/rc/button-access-management-hide-key.png" alt="The **Hide** button masks the account key." >}}{{< /image >}}
 
-To delete an access key:
+The **Copy** button copies the account key to the Clipboard.
 
-1. [Sign in to the admin console](https://app.redislabs.com) as an account owner.
-1. Go to: **Settings** > **Cloud API Keys**
+{{<image filename="images/rc/button-access-management-api-key-copy.png" alt="The **Copy** button copies the account key to the Clipboard." >}}{{< /image >}}
 
-    If **Cloud API Keys** is not shown, make sure you have [enabled the API for your account]({{< relref "/rc/api/get-started/enable-the-api.md" >}})).
-1. Select **Delete**.
-1. Confirm that you want to delete the access key.
+## API user keys
 
-## Limit access by subnet
+**API user keys** (also known as _secret keys_) are used as the value of the `x-api-secret-key` HTTP header used to authenticate a REST API request.
 
-By default, API access is allowed from all IP addresses.
+In this context, _user_ refers to the account used to sign in to the admin console.  Users must be account owners.
 
-To limit API access to a specified range of source IP addresses:
+Users can have more than one user key; however, users should not share user keys.
 
-1. [Sign in to the admin console](https://app.redislabs.com) as an account owner.
-1. Go to **Settings** > **Cloud API Keys**
-1. Select **Manage IPs** for the access key that you want to limit.
-1. Select ![Add](/images/rs/icon_add.png#no-click "Add") to add a new whitelist subnet.
-1. Enter the subnet in [CIDR format](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation), for example: `10.2.5.0/24`
-1. Save the subnet.
+### Create a new user key {#secret}
 
-After you add the subnet, you can add additional subnets or select **OK**.
+Use the **Add** button to create a new user key.
 
-## Delete an allowed subnet
+{{<image filename="images/rc/button-access-management-add.png" alt="Use the **Add** button to begin creating a new user key." >}}{{< /image >}}
 
-1. [Sign in to the admin console](https://app.redislabs.com) as an account owner.
-1. Go to **Settings** > **Cloud API Keys**
-1. Select  **Manage IPs** for the access key that you want to change.
-1. Delete the subnet that you want to remove.
+When you do this, you're prompted for the **Key name** and the associated **User name**.
 
-After you delete the subnet, you can delete more subnets or select **OK**.
+{{<image filename="images/rc/access-management-user-key-add.png" alt="When you add a user key, you're prompted to specify the name of the key and the asscoiated user." >}}{{< /image >}}
+
+The key name:
+
+- Must be between 10 and 50 characters long
+- Can contain alphanumeric characters, hyphens, and underscores. Spaces are not allowed.
+
+The user name must be an account owner.
+
+Select **Create** to create the new key.  
+
+{{<image filename="images/rc/button-access-management-user-key-create.png" alt="Use the **Create** button to create the new user key." >}}{{< /image >}}
+
+When you do this, the **API user key** dialog appears.
+
+{{<image filename="images/rc/access-management-create-user-key.png" width="75%" alt="The **API user key** dialog lets you copy the value of the new key to the Clipboard." >}}{{< /image >}}<br/>
+
+{{<warning>}}
+This is the only time the value of the user key is available.  Save it to a secure location before closing the dialog box.  <br/><br/>
+If you lose the user key value, it cannot be retrieved.  If this happens, create a new key to replace the lost one.
+{{</warning>}}
+
+When you've saved the user key, use the **Finish** button to close the dialog box.
+
+(The **Finish** button is disabled until you copy the key to the Clipboard.)
+
+### Delete a user key
+
+To delete a user key:
+
+1.  Use the **API Keys** tab of the **Access Management** screen to locate the target key
+
+    {{<image filename="images/rc/access-management-api-user-key-delete.png" alt="The **Delete** button appears to the right of the selected user key." >}}{{< /image >}}<br/>
+
+2.  Select the **Delete** button displayed to the right.
+
+    {{<image filename="images/rc/button-access-management-api-user-key-delete.png" alt="Select the **Delete** button to begin deleting the selected user key." >}}{{< /image >}}
+
+3.  This displays the **Delete API secret key** dialog box.  
+
+    {{<image filename="images/rc/access-management-delete-api-secret-key.png" width="50%" alt="The **Delete** button appears to the right of the selected user key." >}}{{< /image >}}<br/>
+
+    Select the **Delete** button to confirm.
+
+### Manage CIDR allow list
+
+By default, REST API requests are allowed from all IP addresses.  To limit access to specific addresses, define a CIDR allow list for the user key.
+
+To manage the CIDR allow list:
+
+1.  Use the **API Keys** tab of the **Access Management** screen to locate the target key
+
+    {{<image filename="images/rc/access-management-api-user-key-delete.png" alt="The **Manage** link appears to the right of the user name for the selected user key." >}}{{< /image >}}
+
+2.  Select the **Manage** link in the **CIDR allow list** column; this displays the **Manage CIDR allow list** dialog box.
+
+    {{<image filename="images/rc/access-management-user-key-manage-cidr.png" width="50%" alt="Select the **Manage** link to define the **CIDR allow list** dialog." >}}{{< /image >}}
+
+3.  Enter each allowed IP address in [CIDR format](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation) (example: `127.1.0.0/24`) and then select the **Save** button.
+
+    {{<image filename="images/rc/button-access-management-cidr-rule-save.png" alt="Use the **Save** button to save a CIDR allow list rule." >}}{{< /image >}}
+
+    Use the **Add CIDR rule** button to add additional addresses to the list.
+
+    {{<image filename="images/rc/button-access-management-cidr-rule-add.png" alt="Use the **Add Rule** button to add a new address to the CIDR allow list." >}}{{< /image >}}
+
+    Use the **Edit** button to change the address for a rule or the **Delete button** to remove a rule.
+
+    {{<image filename="images/rc/button-access-management-cidr-rule-edit.png" alt="Use the **Edit** button to change the address for a CIDR allow list rule." >}}{{< /image >}} &nbsp; {{<image filename="images/rc/button-access-management-cidr-rule-delete.png" alt="Use the **Delete** button to remove an address from the CIDR allow list." >}}{{< /image >}}