docs: add additional details for debugging (#517)

* docs: add additional details for debugging

* Add security note to deploying

README.md

@@ -127,6 +127,8 @@ Unleash Edge adheres to Semantic Versioning (SemVer) on the API and CLI layers.
 
 ## Debugging
 
+You can inspect the internal state of edge by looking at http://<your-edge-url>/internal-backstage/tokens to see the tokens that edge knows about and  http://<your-edge-url>/internal-backstage/features to see the current state of features (note that `/internal-backstage/*` should not be exposed to the public).
+
 To enable verbose logging, adjust the `RUST_LOG` environment variable. For example, to see logs originating directly from Edge but not its dependencies, you can raise the default log level from `error` to `warning` and set Edge to `debug`, like this:
 
 ```sh

docs/deploying.md

@@ -1,5 +1,9 @@
 # Deploying
 
+## Security considerations
+
+Anything under /internal-backstage should be protected from public access as it exposes internal state of unleash-edge.
+
 ## Running Unleash Edge
 
 Edge provides a range of powerful ways in which you can run it. For a standard production configuration we recommend the
@@ -114,4 +118,4 @@ $ echo $?
 
 If you're hosting Edge with a self-signed certificate using the tls cli arguments, you should use
 the `--ca-certificate-file <file_containing_your_ca_and_key_in_pem_format>` flag (or the CA_CERTIFICATE_FILE environment
-variable) to allow the health checker to trust the self signed certificate.
+variable) to allow the health checker to trust the self signed certificate.