[authentication] fix examples

Author: capcom6

docs/faq/authentication.md

@@ -8,19 +8,7 @@ JWT (JSON Web Token) authentication is the primary authentication mechanism for
 
 Migrating from Basic Authentication to JWT provides enhanced security, better performance, and fine-grained access control. Here's how to migrate:
 
-### Step 1: Generate a JWT Token
-
-```bash
-curl -X POST "https://api.sms-gate.app/3rdparty/v1/auth/token" \
-  -u "username:password" \
-  -H "Content-Type: application/json" \
-  -d '{
-    "ttl": 3600,
-    "scopes": ["messages:send", "messages:read"]
-  }'
-```
-
-### Step 2: Update Your Code
+### Step 1: Update Your Code
 
 Replace Basic Auth with JWT Bearer tokens:
 
@@ -29,7 +17,7 @@ Replace Basic Auth with JWT Bearer tokens:
    response = requests.post(
       "https://api.sms-gate.app/3rdparty/v1/messages",
       auth=("username", "password"),
-      json={"recipient": "+1234567890", "message": "Hello world!"}
+      json={"phoneNumbers": ["+1234567890"], "textMessage": {"text": "Hello world!"}}
    )
    ```
 
@@ -53,11 +41,11 @@ Replace Basic Auth with JWT Bearer tokens:
                "Authorization": f"Bearer {access_token}",
                "Content-Type": "application/json"
          },
-         json={"recipient": "+1234567890", "message": "Hello world!"}
+         json={"phoneNumbers": ["+1234567890"], "textMessage": {"text": "Hello world!"}}
       )
    ```
 
-### Step 3: Implement Token Management
+### Step 2: Implement Token Management
 
 - **Token Refresh**: Implement automatic token refresh before expiration
 - **Error Handling**: Handle 401/403 errors gracefully
@@ -153,7 +141,6 @@ class SMSGatewayClient:
     - Refresh tokens 5-10 minutes before expiration
     - Implement exponential backoff for failed refresh attempts
     - Store tokens securely (not in client-side code)
-    - Monitor token usage patterns
 
 ## 🛡️ How do I revoke a JWT token?
 
@@ -168,35 +155,6 @@ curl -X DELETE "https://api.sms-gate.app/3rdparty/v1/auth/token/{jti}" \
 
 Where `{jti}` is the token ID from the token response.
 
-## 🔒 Is JWT authentication more secure than Basic Auth?
-
-Yes, JWT authentication provides several security advantages over Basic Authentication:
-
-### Security Benefits
-
-1. **No Credential Transmission**: JWT tokens don't transmit username/password with each request
-2. **Fine-grained Access Control**: Scopes limit what each token can do
-3. **Short-lived Tokens**: Tokens expire automatically, reducing the impact of compromise
-4. **Digital Signatures**: Tokens are cryptographically signed to prevent tampering
-5. **No Session Storage**: Stateless authentication reduces server-side attack surface
-
-### Security Considerations
-
-While JWT is more secure than Basic Auth, proper implementation is crucial:
-
-- **Strong Secrets**: Use at least 32-character random secrets
-- **HTTPS Only**: Always transmit tokens over encrypted connections
-- **Short TTLs**: Use the shortest practical expiration time
-- **Scope Limitation**: Request only necessary scopes
-- **Secure Storage**: Store tokens securely on the server side
-
-!!! tip "Security Best Practices"
-    - Implement token revocation for compromised tokens
-    - Monitor token generation and usage patterns
-    - Use HTTPS for all API communications
-    - Regularly rotate JWT secrets
-    - Implement proper error handling for authentication failures
-
 ## 🔐 "Invalid token" JWT Error
 
 The "invalid token" error occurs when the JWT token is malformed, has an incorrect signature, or cannot be validated by the server.
@@ -349,10 +307,9 @@ When migrating from Basic Authentication to JWT, you may encounter various issue
 
 ### Common Issues
 
-1. **Mixed Authentication**: Some requests use Basic Auth while others use JWT
-2. **Token Generation Errors**: Unable to generate JWT tokens
-3. **Permission Errors**: JWT tokens don't have the same permissions as Basic Auth
-4. **Code Compatibility**: Existing code doesn't work with JWT authentication
+1. **Token Generation Errors**: Unable to generate JWT tokens
+2. **Permission Errors**: JWT tokens don't have the same permissions as Basic Auth
+3. **Code Compatibility**: Existing code doesn't work with JWT authentication
 
 ### Troubleshooting Steps
 

docs/integration/authentication.md

@@ -235,7 +235,7 @@ All scopes follow the pattern: `resource:action`
       -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
       -H "Content-Type: application/json" \
       -d '{
-        "recipient": "+1234567890",
+        "phoneNumbers": ["+1234567890"],
         "textMessage": {
           "text": "Hello from JWT!"
         }
@@ -288,12 +288,12 @@ All scopes follow the pattern: `resource:action`
             "Content-Type": "application/json"
         },
         data=json.dumps({
-            "recipient": "+1234567890",
-            "message": "Hello from JWT!"
+            "phoneNumbers": ["+1234567890"],
+            "textMessage": {"text": "Hello from JWT!"}
         })
     )
 
-    if response.status_code == 201:
+    if response.status_code == 202:
         print("Message sent successfully!")
     else:
         print(f"Error sending message: {response.status_code} - {response.text}")
@@ -343,8 +343,8 @@ All scopes follow the pattern: `resource:action`
         'Content-Type': 'application/json'
       },
       body: JSON.stringify({
-        recipient: "+1234567890",
-        message: "Hello from JWT!"
+        phoneNumbers: ["+1234567890"],
+        textMessage: {text: "Hello from JWT!"}
       })
     })
     .then(response => response.json())
@@ -382,8 +382,8 @@ All scopes follow the pattern: `resource:action`
         "https://api.sms-gate.app/3rdparty/v1/messages",
         auth=("username", "password"),
         json={
-            "recipient": "+1234567890",
-            "message": "Hello world!"
+            "phoneNumbers": ["+1234567890"],
+            "textMessage": {"text": "Hello world!"}
         }
     )
     ```
@@ -414,8 +414,8 @@ All scopes follow the pattern: `resource:action`
                 "Content-Type": "application/json"
             },
             json={
-                "recipient": "+1234567890",
-                "message": "Hello world!"
+                "phoneNumbers": ["+1234567890"],
+                "textMessage": {"text": "Hello world!"}
             }
         )
     ```
@@ -498,7 +498,7 @@ class SMSGatewayClient:
                     json={"recipient": recipient, "textMessage": {"text": message}}
                 )
 
-            if response.status_code == 201:
+            if response.status_code == 202:
                 return response.json()
             else:
                 raise Exception(f"Failed to send message: {response.status_code} - {response.text}")
@@ -531,34 +531,9 @@ print("Message sent:", result)
 - **Token Storage**: Store tokens securely (e.g., HttpOnly cookies, secure server-side storage)
 - **CSRF Protection**: Implement CSRF protection for web applications
 
-## Troubleshooting 🔧
-
-### Common Issues
-
-#### Token Not Working
-
-1. **Verify Expiration**: Check if the token has expired
-2. **Confirm Scopes**: Verify the token has the required scopes
-
-#### Authentication Errors
-
-1. **Verify Credentials**: Check username and password for token generation
-2. **Check Headers**: Ensure the Authorization header is correctly formatted
-3. **Confirm Endpoint**: Verify you're using the correct API endpoint
-4. **Check Network**: Ensure you can reach the API server
-
-#### Permission Errors
-
-1. **Check Scopes**: Verify your token has the required scopes
-2. **Check Resource**: Confirm you're accessing the correct resource
-
-### Debugging Tips
-
-1. **Test with cURL**: Use cURL to test authentication independently
-2. **Validate Tokens**: Use online JWT validators to check token structure
-
 ## See Also 🔗
 
 - [API Reference](api.md) - Complete API endpoint documentation
 - [Integration Guide](index.md) - Overview of integration options
 - [Client Libraries](client-libraries.md) - Pre-built libraries for various languages
+- [Authentication FAQ](../faq/authentication.md) - Frequently Asked Questions about JWT authentication