Add more clarity around how to generate the bearer token

www/docs/api-reference/auth-apis/oauth.md

@@ -4,6 +4,9 @@ title: OAuth 2.0
 sidebar_label: OAuth 2.0
 ---
 
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
 Vectara supports OAuth 2.0 via the
 [client credentials grant](https://oauth.net/2/grant-types/client-credentials/).
 This looks a lot like an API key or username/password authentication if you've
@@ -13,36 +16,61 @@ Fundamentally, you provide an OAuth 2.0 authentication provider with a
 "client ID" which is *like* a username and a "client secret" which is *like*
 a password, and a successful authentication returns a
 [JWT token](https://jwt.io/), which you can then pass into subsequent requests
-as an authenticated application.
+as an authenticated application. After you create an app client, you will use
+the values for the authentication URL, `client_id`, and `client_secret` to 
+obtain a JWT token, also known as a Bearer Token, via the 
+`client-credentials` grant.
 
 OAuth 2.0 has several advantages over API keys or simple usernames/passwords:
 - OAuth 2.0 has built in revocation flows in case a key is compromised
-- OAuth 2.0 doesn't suffer from information leakage e.g. of the username that created the client
-- OAuth 2.0 has built-in token expiry, so if a JWT token ever does get posted to a public place, it's less likely to be valid by the time an attacker discovers it
+- OAuth 2.0 doesn't suffer from information leakage e.g. of the username 
+  that created the client
+- OAuth 2.0 has built-in token expiry, so if a JWT token ever does get posted 
+  to a public place, it's less likely to be valid by the time an attacker 
+  discovers it
 - OAuth 2.0 is inherently more tightly scoped than API keys
-- JWT tokens are detected by many security scanning tools, allowing them to more easily be flagged in the case of accidental publication
+- JWT tokens are detected by many security scanning tools, allowing them to 
+  more easily be flagged in the case of accidental publication
 
 :::warning
 
-:lock: Always keep your OAuth tokens private. Do not share them through email, Slack, Discord, forums, or other public channels because it can lead to unauthorized access. Treat these tokens with the same confidentiality as your personal credentials. 
+:lock: Always keep your OAuth tokens private. Do not share them through email, 
+Slack, Discord, forums, or other public channels because it can lead to 
+unauthorized access. Treat these tokens with the same confidentiality as your 
+personal credentials. 
 
 :::
 
 ## Create an application client
-Go to [https://console.vectara.com/console/authentication/app-client](https://console.vectara.com/console/authentication/app-client)
+Go to [https://console.vectara.com/console/apiAccess/appClients](https://console.vectara.com/console/apiAccess/appClients)
 to create a new application client.  Most applications will want to use the
-`Client Credentials` grant.
+`client credentials` grant. When you create the app client, you can then copy the 
+`client_id` and `client_secret` that you need for the credentials grant.
+
+1. Click **Create app client**.
+2. Enter a **Name** and **Description** for the app client.
+3. Select the appropriate roles for the client from **Account Admin**, 
+   **Corpus Admin**, and **Billing Admin**.
+4. Click **Create**.
+   The new app client appears in the list.
+
+   ![Copy the Client ID and Secret](/img/copy_client_id_and_secret.png)
+5. Click the **Copy** icon to copy the `client_id` and then save this value.
+6. Select the drop-down menu, click **Copy Secret** and save the `client_secret` value.
+7. Click the **Copy** icon to the right of the _OAuth 2.0 authentication URL_ and save the value.
+
+When you create your client credentials request, you need 
+the OAuth 2.0 Authentication URL, `client_id`, and `client_secret` values to
+generate the token correctly.
+
+## How to obtain a JWT Token
 
-## Obtain a JWT Token
-Before continuing, you'll need the OAuth 2.0 token endpoint.  You can obtain that
-by navigating to the [Authentication page](https://console.vectara.com/authentication)
-and then selecting the App Client tab.  Append `/oauth2/token` to this URL and
-your account's authentication URL will typically look like:
+Before continuing, you'll need the OAuth 2.0 token endpoint which is the OAuth 
+2.0 authentication URL. You can copy the URL from the [API access](https://console.vectara.com/console/apiAccess/appClients)
+page and then selecting the App Client tab. Your account's authentication URL will typically look like:
 `https://vectara-prod-YOUR_VECTARA_CUSTOMER_ID.auth.us-west-2.amazoncognito.com/oauth2/token`
 where `YOUR_VECTARA_CUSTOMER_ID` is your customer ID.
 
-![Authentication Domain](/img/auth_domain.png)
-
 Nearly every modern high-level programming language has libraries to obtain a
 JWT token from an OAuth 2.0 server via the `client_credentials` grant type.
 
@@ -53,5 +81,50 @@ of the HTTP authorization header: this is per the OAuth 2.0 standard.
 The **grant type** should be `client_credentials` for App Clients. This auth
 flow is commonly used for servers that must communicate with the platform. It
 should be `authorization_code` for authentication from apps installed on a
-device, such as web browsers. Finally, `refresh_token` is used to referesh
-an expired token.
+device, such as web browsers. Finally, `refresh_token` is used to refresh
+an expired token.
+
+### Generate the JWT token
+
+Now that you have the OAuth 2.0 authentication URL, 
+`client_id`, and `client_secret`, you can generate the JWT token with 
+a `client_credentials` grant. You can then use the resulting value in 
+the [API Playground](/docs/rest-api/) to test your API calls.
+
+The following examples show how to generate the JWT token. Make sure to 
+substitute your values for the `customer_id` in the URL, `client_id`, and `client_secret`.
+
+<Tabs>
+<TabItem value="nodejs-example" label="NodeJS">
+
+```js title="NodeJS Example"
+const { access_token } = await axios.post(
+  "https://vectara-prod-123456789.auth.us-west-2.amazoncognito.com/oauth2/token",
+  {
+    grant_type: "client_credentials",
+    client_id: "...nft9ga72pf",
+    client_secret: "abcdefghijklmnop1234567890"
+  }
+ );
+```
+</TabItem>
+<TabItem value="curl-example" label="cURL" default>
+
+```js title="cURL Example"
+curl -XPOST -H "Content-type: application/x-www-form-urlencoded" -d 
+"grant_type=client_credentials&client_id=...nft9ga72pf&client_secret=abcdefghijklmnop1234567890" 
+https://vectara-prod-123456789.auth.us-west-2.amazoncognito.com/oauth2/token | jq -r ".access_token"
+
+```
+</TabItem>
+
+</Tabs>
+
+After you generate the token and copy the value, go to a section of the API 
+Playground such as [ListCorpora](/docs/rest-api/list-corpora) and paste the 
+the resulting value into the **Bearer Token** field along with other required 
+fields such as `customer_id`:
+
+![API Playground Example](/img/api_playground_listcorpora.png)
+
+Finally, click **Send API Request** to test the API call.

www/docs/rest-api/core-index.api.mdx

@@ -22,7 +22,10 @@ import TabItem from "@theme/TabItem";
 
 ## CoreIndex
 
-
+This operation authenticates with either an API Key or OAuth 2.0 Bearer 
+Token. Review the [API Keys](/docs/common-use-cases/app-authn-authz/api-keys) and [OAuth 2.0](/docs/api-reference/auth-apis/oauth-2) sections
+for more details. We also provide [client credentials grant examples](/docs/getting-started-samples/JWTFetcher.cs) 
+and [REST examples](/docs/getting-started-samples/RestApiKeyQueries.cs) in different programming languages.
 
 Low level indexing API
 

www/docs/rest-api/create-corpus.api.mdx

@@ -22,6 +22,11 @@ import TabItem from "@theme/TabItem";
 
 ## CreateCorpus
 
+This operation authenticates with an OAuth 2.0 Bearer 
+Token (also known as a JWT token) via the client credentials grant. 
+Review the [OAuth 2.0 section](/docs/api-reference/auth-apis/oauth-2) about 
+how to generate JWT token. We also provide [client credentials grant examples](/docs/getting-started-samples/JWTFetcher.cs)
+in different programming languages.
 
 
 Create Corpus

www/docs/rest-api/delete-corpus.api.mdx

@@ -22,7 +22,11 @@ import TabItem from "@theme/TabItem";
 
 ## DeleteCorpus
 
-
+This operation authenticates with an OAuth 2.0 Bearer 
+Token (also known as a JWT token) via the client credentials grant. 
+Review the [OAuth 2.0 section](/docs/api-reference/auth-apis/oauth-2) about 
+how to generate JWT token. We also provide [client credentials grant examples](/docs/getting-started-samples/JWTFetcher.cs)
+in different programming languages.
 
 Delete Corpus
 

www/docs/rest-api/delete.api.mdx

@@ -22,7 +22,10 @@ import TabItem from "@theme/TabItem";
 
 ## Delete
 
-
+This operation authenticates with either an API Key or OAuth 2.0 Bearer 
+Token. Review the [API Keys](/docs/common-use-cases/app-authn-authz/api-keys) and [OAuth 2.0](/docs/api-reference/auth-apis/oauth-2) sections
+for more details. We also provide [client credentials grant examples](/docs/getting-started-samples/JWTFetcher.cs) 
+and [REST examples](/docs/getting-started-samples/RestApiKeyQueries.cs) in different programming languages.
 
 Delete
 

www/docs/rest-api/file-upload.api.mdx

@@ -22,7 +22,10 @@ import TabItem from "@theme/TabItem";
 
 ## FileUpload
 
-
+This operation authenticates with either an API Key or OAuth 2.0 Bearer 
+Token. Review the [API Keys](/docs/common-use-cases/app-authn-authz/api-keys) and [OAuth 2.0](/docs/api-reference/auth-apis/oauth-2) sections
+for more details. We also provide [client credentials grant examples](/docs/getting-started-samples/JWTFetcher.cs) 
+and [REST examples](/docs/getting-started-samples/RestApiKeyQueries.cs) in different programming languages.
 
 File Upload
 

www/docs/rest-api/index.api.mdx

@@ -22,7 +22,10 @@ import TabItem from "@theme/TabItem";
 
 ## Index
 
-
+This operation authenticates with either an API Key or OAuth 2.0 Bearer 
+Token. Review the [API Keys](/docs/common-use-cases/app-authn-authz/api-keys) and [OAuth 2.0](/docs/api-reference/auth-apis/oauth-2) sections
+for more details. We also provide [client credentials grant examples](/docs/getting-started-samples/JWTFetcher.cs) 
+and [REST examples](/docs/getting-started-samples/RestApiKeyQueries.cs) in different programming languages.
 
 Index
 

www/docs/rest-api/list-corpora.api.mdx

@@ -22,7 +22,11 @@ import TabItem from "@theme/TabItem";
 
 ## ListCorpora
 
-
+This operation authenticates with an OAuth 2.0 Bearer 
+Token (also known as a JWT token) via the client credentials grant. 
+Review the [OAuth 2.0 section](/docs/api-reference/auth-apis/oauth-2) about 
+how to generate JWT token. We also provide [client credentials grant examples](/docs/getting-started-samples/JWTFetcher.cs)
+in different programming languages.
 
 List Corpora
 

www/docs/rest-api/query.api.mdx

@@ -22,7 +22,10 @@ import TabItem from "@theme/TabItem";
 
 ## Query
 
-
+This operation authenticates with either an API Key or OAuth 2.0 Bearer 
+Token. Review the [API Keys](/docs/common-use-cases/app-authn-authz/api-keys) and [OAuth 2.0](/docs/api-reference/auth-apis/oauth-2) sections
+for more details. We also provide [client credentials grant examples](/docs/getting-started-samples/JWTFetcher.cs) 
+and [REST examples](/docs/getting-started-samples/RestApiKeyQueries.cs) in different programming languages.
 
 Query
 

www/docs/rest-api/reset-corpus.api.mdx

@@ -22,7 +22,11 @@ import TabItem from "@theme/TabItem";
 
 ## ResetCorpus
 
-
+This operation authenticates with an OAuth 2.0 Bearer 
+Token (also known as a JWT token) via the client credentials grant. 
+Review the [OAuth 2.0 section](/docs/api-reference/auth-apis/oauth-2) about 
+how to generate JWT token. We also provide [client credentials grant examples](/docs/getting-started-samples/JWTFetcher.cs)
+in different programming languages.
 
 Reset Corpus
 

www/docs/rest-api/vectara-rest-api.info.mdx

@@ -21,9 +21,23 @@ import Export from "@theme/ApiDemoPanel/Export";
 
 <ApiLogo logo={{"url":"https://docs.vectara.com/img/vectara_wordmark.png","altText":"Vectara"}} darkLogo={{"url":"https://docs.vectara.com/img/vectara_wordmark_light.png","altText":"Vectara"}}></ApiLogo>
 
-Vectara is a neural search platform, built for developers to get the most out of their data.
+Vectara is the trusted GenAI product platform. Built around a neural search 
+core, it provides an end-to-end platform for creating GenAI products using 
+a simple to use API
 
-You can sign up for an account at [https://vectara.com](https://vectara.com).
+You can sign up for an account at [https://vectara.com](https://vectara.com) and 
+then view several [API Recipes](/docs/api-recipes) with example queries 
+and parameter values.
+
+:::note
+
+API Keys can be used for querying and indexing operations, but cannot at this 
+time be used for administrative operations such as creating or deleting 
+corpora. These operations authenticate with a Bearer Token via the 
+OAuth 2.0 client credentials grant. Review the [OAuth 2.0 section](/docs/api-reference/auth-apis/oauth-2) about 
+how to generate the token.
+
+:::
 
 <div style={{"marginBottom":"2rem"}}><h2 id={"authentication"} style={{"marginBottom":"1rem"}}>Authentication</h2><SchemaTabs className={"openapi-tabs__security-schemes"}><TabItem label={"OAuth 2.0: oAuth"} value={"oAuth"}>