docs: fix Go backend example (#9864)

# Which Problems Are Solved This PR aims to clarify how to use the zitadel SDK with OAuth token introspection. # How the Problems Are Solved Reworked the setup process on console needed to create the JSON key and a PAT. # Additional Changes - Closes #5559
2025-08-11 21:07:31 +00:00 · 2025-05-20 14:21:30 +02:00
parent 6b07e57e5c
commit 7861024ea2
15 changed files with 55 additions and 19 deletions
--- a/docs/docs/examples/secure-api/go.md
+++ b/docs/docs/examples/secure-api/go.md
@@ -10,26 +10,63 @@ At the end of the guide you should have an API with a protected endpoint.
 > This documentation references our HTTP example. There's also one for GRPC. Check them out on [GitHub](https://github.com/zitadel/zitadel-go/blob/next/example/api/http/main.go).
 ## Set up application and obtain keys
 Before we begin developing our API, we need to perform a few configuration steps in the ZITADEL Console.
 You'll need to provide some information about your app. We recommend creating a new app to start from scratch. Navigate to your Project, then add a new application at the top of the page.
 Select the **API** application type and continue.
 ![Create app in console](/img/go/api-create.png)
 We recommend that you use JWT Profile for authenticating at the Introspection Endpoint.
 ![Create app in console](/img/go/api-create-auth.png)
 Then create a new key with your desired expiration date. Be sure to download it, as you won't be able to retrieve it again.
 ![Create api key in console](/img/go/api-create-key.png)
 ## Prerequisites
 This will handle the OAuth 2.0 introspection request including authentication using JWT with Private Key using our [OIDC client library](https://github.com/zitadel/oidc).
-All that is required, is to create your API and download the private key file later called `Key JSON` for the service user.
+All that is required, is to create your API, create a private key and a personal access token for a service user.
 ### Set up application and obtain keys
 Before we begin developing our API, we need to perform a few configuration steps in the ZITADEL Console.
 You'll need to provide some information about your app. We recommend creating a new app to start from scratch.
 Starting from the homepage of your console, click on Create Application
 ![Create app in homepage](/img/go/api-create_application.png)
 Select a project from the dropdown and select *Other* as framework, then continue.
 ![Framework Selection](/img/go/api-select_framework.png)
 Add your app name and select *API* as application type, then continue.
 ![Application Type](/img/go/api-app_details.png)
 We recommend that you use JWT Profile for authenticating at the Introspection Endpoint. So select *JWT* as authentication method
 ![JWT authentication method](/img/go/api-select_jwt.png)
 You then need to create a new JSON key.
 ![New JSON key](/img/go/api-new_key.png)
 Select an expiration date that suits you.
 ![Key expiration date](/img/go/api-expiration_date.png)
 And make sure to download it, as you won't be able to retrieve it again.
 ![Key download](/img/go/api-download_key.png)
 Now we need to create a *Personal Access Token* to authenticate the client requests.
 On the user view, switch to *Service Users* and create a new one.
 ![Service User Panel](/img/go/api-service_user_panel.png)
 Give the service user a name and a user name. Select `Bearer` as *Access Token Type*.
 ![Service User Creation](/img/go/api-create_service_user.png)
 ### Create service user and personal access token (PAT)
 Once done, from the left panel of the user management, click on Personal Access Token and create a new one.
 ![Personal Access Token View](/img/go/api-PAT_view.png)
 Set an expiration date and then copy the PAT generated to somewhere safe. We will need it later.
 ![PAT creation](/img/go/api-PAT_creation.png)
 ## Go Setup
@@ -119,8 +156,7 @@ Content-Length: 44
 unauthorized: authorization header is empty
 ```
-Get a valid access_token for the API. You can either achieve this by getting an access token with the project_id in the audience
+We need to use the personal access token generated previously.
 or use a PAT of a service account.
 If you provide a valid Bearer Token:
--- a/docs/static/img/go/api-PAT_creation.png
+++ b/docs/static/img/go/api-PAT_creation.png
--- a/docs/static/img/go/api-PAT_view.png
+++ b/docs/static/img/go/api-PAT_view.png
--- a/docs/static/img/go/api-app_details.png
+++ b/docs/static/img/go/api-app_details.png
--- a/docs/static/img/go/api-create-auth.png
+++ b/docs/static/img/go/api-create-auth.png
--- a/docs/static/img/go/api-create-key.png
+++ b/docs/static/img/go/api-create-key.png
--- a/docs/static/img/go/api-create.png
+++ b/docs/static/img/go/api-create.png
--- a/docs/static/img/go/api-create_application.png
+++ b/docs/static/img/go/api-create_application.png
--- a/docs/static/img/go/api-create_service_user.png
+++ b/docs/static/img/go/api-create_service_user.png
--- a/docs/static/img/go/api-download_key.png
+++ b/docs/static/img/go/api-download_key.png
--- a/docs/static/img/go/api-expiration_date.png
+++ b/docs/static/img/go/api-expiration_date.png
--- a/docs/static/img/go/api-new_key.png
+++ b/docs/static/img/go/api-new_key.png
--- a/docs/static/img/go/api-select_framework.png
+++ b/docs/static/img/go/api-select_framework.png
--- a/docs/static/img/go/api-select_jwt.png
+++ b/docs/static/img/go/api-select_jwt.png
--- a/docs/static/img/go/api-service_user_panel.png
+++ b/docs/static/img/go/api-service_user_panel.png