ory · vinckr · Jun 16, 2025 · Jun 10, 2025 · Jun 11, 2025
@@ -5,15 +5,6 @@ sidebar_label: Usage-based billing
 slug: usage-billing
 ---
 
-:::info
-
-While we are rolling out usage-based billing, we will not collect payment for overusage. Payment collection will be rolled out
-gradually in Q3 2024.
-
-Please report any issues to [email protected] or contact us in the [Ory Community](https://slack.ory.sh/).
-
-:::
-
 ## Overview
 
 Usage-based invoices are a feature in the Ory Console that allows you to understand your usage of Ory Network services, the usage

@@ -5,12 +5,8 @@ title: Changelog and roadmap
 
 ## Ory Changelog
 
-:::info
-
 Read the changelog for Ory Network at [changelog.ory.sh](https://changelog.ory.sh/) !
 
-:::
-
 > Running security-critical open source technology in a self-service format requires vigilance. We make your life easier by
 > announcing important software updates via the [Ory Security Newsletter](https://www.ory.sh/l/sign-up-newsletter). Never miss an
 > update and **[sign up now to important release updates!](https://www.ory.sh/l/sign-up-newsletter)**

@@ -112,13 +112,6 @@ This behavior is necessary to avoid issues with the browsers
 
 Ory Proxy converts sessions into JSON Web Tokens (JWTs) and ensures that cookies and URLs are properly configured.
 
-:::info
-
-Using Ory Proxy is an alternative to [custom domains (CNAME)](../custom-domains), and a useful tool when developing locally. Read
-more about [adding a Custom Domain to your Ory Network project](../custom-domains.mdx) for production setups.
-
-:::
-
 ### URL structure
 
 :::tip
@@ -276,18 +269,12 @@ ory proxy --project <project-id> --workspace <workspace-id> --port 8080 http://1
 node your-entrypoint.js
 ```
 
-:::tip
-
 Ory Proxy should never be the main entry point to your application. Always run an ingress proxy such as Nginx or Traefik in front.
 
-:::
-
 ### Use Ory Proxy in Docker
 
 To use Ory Proxy in Docker, add your application and Ory Proxy to a single Docker container.
 
-:::info
-
 This isn't a perfect solution as Docker watches the processes running in the foreground. With the application and Ory Proxy in one
 container, you must decide which becomes the foreground process.
 
@@ -299,8 +286,6 @@ In this example, Ory Proxy is the background process.
 Read the [Docker documentation](https://docs.docker.com/config/containers/multi-service_container/) to learn more about running
 multiple processes in a single container.
 
-:::
-
 To run Ory Proxy in one container with your application, create an `entrypoint.sh` file like this:
 
 ```shell

@@ -363,7 +363,7 @@ else
 
 :::info
 
-Currently, Jsonnet doesn't support regular expressions. Follow this issue to see if the feature has been implemented:
+Jsonnet doesn't support regular expressions yet. Follow this issue to see if the feature has been implemented:
 [google/go-jsonnet/409](https://github.com/google/go-jsonnet/issues/409).
 
 :::
@@ -406,13 +406,8 @@ config:
 ```
 
 When the webhook target returns a 200 OK response code and the response body is a JSON object with the key `identity` in it, the
-values from that object will be used to change the identity before it is saved to the database.
-
-:::info
-
-Modifying the identity is currently only possible during the registration and settings flows.
-
-:::
+values from that object will be used to change the identity before it is saved to the database. Modifying the identity is only
+possible during registration and settings flows.
 
 When updating any of the identity fields, be aware that the whole field is replaced by the value returned by the webhook. For
 example, if the user signed up with
@@ -456,13 +451,8 @@ complete data:
 #### Update identity traits
 
 When the webhook target returns a 200 OK response code and the response body is a JSON object with the key `identity.traits` in
-it, the values from that object will be used to replace the identity traits before they are saved to the database.
-
-:::info
-
-This method replaces the entire identity traits object. It is not possible to update only a single trait.
-
-:::
+it, the values from that object will be used to replace the identity traits before they are saved to the database. This method
+replaces the entire identity traits object. It isn't possible to update only a single trait.
 
 ```json
 {
@@ -480,13 +470,8 @@ This method replaces the entire identity traits object. It is not possible to up
 When the webhook target returns a 200 OK response code and the response body is a JSON object with the key
 `identity.metadata_public` or `identity.metadata_admin` in it, the values from that object will be used to replace the
 [identity metadata](../kratos/manage-identities/10_managing-users-identities-metadata.mdx) fields before they are saved to the
-database.
-
-:::info
-
-This method replaces the entire metadata object. You can't update only a single value in `metadata_public` or `metadata_admin`.
-
-:::
+database. This method replaces the entire metadata object. Partial updates to values in `metadata_public` or `metadata_admin`
+aren't supported.
 
 ```json
 {
@@ -509,12 +494,8 @@ When the webhook target returns a 200 OK response code and the response body is
 `identity.verifiable_addresses` in it, the values from that object will be used to replace the identity verification addresses
 before they are saved to the database.
 
-:::info
-
 Verification and recovery addresses are taken from the `identity.traits` object using the Identity Schema. If you add additional
-verification or recovery addresses, these will be deleted unless the Identity traits also contain that address.
-
-:::
+verification or recovery addresses, these will be deleted unless the identity traits also contain that address.
 
 ```json5
 {

@@ -16,12 +16,8 @@ To run this guide you need:
 - your **Ory Network project ID** and **Workspace ID**
 - a **Workspace API Key**
 
-:::info
-
 To create a new Workspace API Key go to <ConsoleLink route="workspace.settings.apiKeys" />.
 
-:::
-
 ### Usage
 
 Use the API Key in API calls, SDK calls, or command-line interactions. Ory Workspace API Keys have a `ory_wak_` prefix, which

@@ -112,8 +112,4 @@ ory patch oauth2-config --project <project-id> --workspace <workspace-id> \
   --add '/webfinger/jwks/broadcast_keys/-="custom_keyset"'
 ```
 
-:::info
-
 For more information on how to create a custom keyset, see the [ory create jwk](../cli/ory-create-jwk.md) command.
-
-:::
@@ -284,7 +284,7 @@ Update the identity using the [updateIdentity API](../../reference/api#tag/ident
 
 :::info
 
-The [updateIdentity API](../../reference/api#tag/identity/operation/updateIdentity) overwrites the existing identity with the one provided in the request body. Omit any fields that should not be changed, including the `credentials` field.
+The [updateIdentity API](../../reference/api#tag/identity/operation/updateIdentity) overwrites the existing identity with the one provided in the request body. Omit any fields that shouldn't be changed, including the `credentials` field.
 
 :::
 

@@ -128,7 +128,7 @@ You can customize the JSON Web Token claims by providing a JsonNet template to `
 
 :::info
 
-The `sub` claim can not be customized and is always set to the Ory Session's `IdentityID`.
+The `sub` claim can't be customized and is always set to the Ory Session's `IdentityID`.
 
 :::
 
@@ -170,8 +170,8 @@ ES256, RS256, RS512, and others.
 
 :::info
 
-We recommend using ES256 or ES512 for signing JSON Web Tokens. Avoid using symmetric algorithms such as the HS family (HS256,
-HS512, etc).
+Ory recommends to use ES256 or ES512 for signing JSON Web Tokens. Avoid symmetric algorithms such as the HS family (HS256, HS512,
+etc).
 
 :::
 

@@ -33,11 +33,7 @@ ory patch project --project <project-id> --workspace <workspace-id> \
 
 ![Ory Account Experience with login hint](./_static/login-hint.png)
 
-:::info
-
 This behavior improves the sign-in experience for your users, but comes at the cost of exposing information about which sign-in
 mehods a particular account identifier has associated with it.
 
 Disable this feature if account enumeration attacks are a risk factor in your threat model.
-
-:::
@@ -87,22 +87,11 @@ what security measures are applied.
 
 - Browser applications are apps with which users interact through their web browsers. Two common types of browser applications are
   server-side rendered apps (SSR) and single-page apps (SPA). Since the application is rendered in the browser, the communication
-  between the user that interacts with the app and Ory must be secured. This is achieved by setting a CSRF cookie and token.
-
-  :::info
-
-  All browser apps must call Ory self-service APIs at `/self-service/{flow_type}/browser`
-
-  :::
-
+  between the user that interacts with the app and Ory must be secured. This is achieved by setting a CSRF cookie and token. All
+  browser apps must call Ory self-service APIs at `/self-service/{flow_type}/browser`
 - Native applications, such as Android mobile apps or desktop applications, aren't rendered in the browser. Since the application
-  isn't rendered in the browser, the CSRF cookie and token aren't necessary.
-
-  :::info
-
-  All native apps must call Ory self-service APIs at `/self-service/{flow_type}/api`
-
-  :::
+  isn't rendered in the browser, the CSRF cookie and token aren't necessary. All native apps must call Ory self-service APIs at
+  `/self-service/{flow_type}/api`
 
 ## Create a flow
 

@@ -42,11 +42,7 @@ With the _Multibrand_ feature enabled for your workspace, you can add multiple c
 add a different custom UI base URL of each of the custom domains registered in the project. This allows for a high degree of
 flexibility, where each of the domains serves its own set of UI views that have a common path makeup but different base URL.
 
-:::info
-
-Interested in the Multibrand feature for your Ory Network project? [We're here to help! ](https://www.ory.sh/contact)
-
-:::
+Are you interested in the Multibrand feature ? [Ory is here to help!](https://www.ory.sh/contact)
 
 In practical terms, this means that you can serve different UI views to customers that interact with different parts of your
 business, while still allowing them to conveniently use one account that's managed by your Ory Network project.

@@ -5,7 +5,7 @@ title: Performance problems and out of memory panics caused by password hashing
 
 :::info
 
-This page only applies to you if you use Argon2 instead of BCrypt hashing
+This document only applies if you use Argon2 hashing.
 
 :::
 

@@ -33,13 +33,9 @@ If you set the account recovery method to `link`, the system uses these template
 - `recovery.valid`
 - `recovery.invalid`
 
-:::info
-
-To read more about the recovery flow, read
+To learn more about the recovery flow, read
 [Account recovery and password reset](../self-service/flows/account-recovery-password-reset.mdx).
 
-:::
-
 ```mdx-code-block
 </TabItem>
 <TabItem value="verification" label="Address verification">
@@ -55,13 +51,9 @@ If you set the account verification method to `link`, the system uses these temp
 - `verification.valid`
 - `verification.invalid`
 
-:::info
-
-To read more about the verification flow, read
+To learn more about the verification flow, read
 [Email and phone verification](../self-service/flows/verify-email-account-activation.mdx).
 
-:::
-
 ```mdx-code-block
 </TabItem>
 
@@ -71,11 +63,7 @@ To read more about the verification flow, read
 When you enable the one-time code method the login flow will need to send out an email to users signing in through the one-time
 code method. The system will then use the `login_code.valid` template to send the login code to the user.
 
-:::info
-
-To read more about login via a one-time code, read the [one-time code](../passwordless/06_code.mdx) documentation.
-
-:::
+To learn more about login via a one-time code, read the [one-time code](../passwordless/06_code.mdx) documentation.
 
 ```mdx-code-block
 </TabItem>
@@ -86,11 +74,7 @@ To read more about login via a one-time code, read the [one-time code](../passwo
 When you enable the one-time code method the registration flow will need to send out an email to users signing up using the
 one-time code method. The system will then use the `registration_code.valid` template to send the registration code to the user.
 
-:::info
-
-To read more about registration via a one-time code, read the [one-time code](../passwordless/06_code.mdx) documentation.
-
-:::
+To learn more about registration via a one-time code, read the [one-time code](../passwordless/06_code.mdx) documentation.
 
 ```mdx-code-block
 </TabItem>
@@ -102,13 +86,9 @@ To read more about registration via a one-time code, read the [one-time code](..
 Templates can be customized to fit your own branding and requirements. If you don't customize a specific template, the system
 automatically uses the built-in template.
 
-:::info
-
 A custom email server is required to use custom templates. Read more about
 [custom SMTP and HTTP servers](./01_sending-emails-smtp.mdx).
 
-:::
-
 ```mdx-code-block
 <Tabs>
 <TabItem value="console" label="Ory Console" default>
@@ -117,17 +97,12 @@ A custom email server is required to use custom templates. Read more about
 1. Go to <ConsoleLink route="project.emailTemplates" />
 2. Select the email template you want to customize.
 
-:::info
-
 The recovery & verification templates only show the versions for the method (**one-time code** or **link**) you have selected in
 the flow configuration.
 
 - <ConsoleLink route="project.recovery" />
-
 - <ConsoleLink route="project.verification" />
 
-:::
-
 ```mdx-code-block
 </TabItem>
 <TabItem value="cli" label="Ory CLI" default>

@@ -51,13 +51,8 @@ verification and for account recovery:
 ### Username and password
 
 This preset is useful for applications that don't need the user's email address and don't prioritize a high degree of user
-anonymity.
-
-:::info
-
-Without an email, users can not send recovery links to their email. They will not be able to regain access to their account.
-
-:::
+anonymity. Without an email, users can not send recovery links to their email. They will not be able to regain access to their
+account.
 
 With this preset, every identity has a single trait - the `username`. The `username` is the login identifier:
 

@@ -23,14 +23,10 @@ property at the start of every document.
 }
 ```
 
-:::info
-
-Use the [JSON Schema Validator](https://www.jsonschemavalidator.net) to check your identity schemas. If you're not familiar with
+Use the [JSON Schema Validator](https://www.jsonschemavalidator.net) to check your identity schema. If you're not familiar with
 JSON Schemas, study the [official examples](https://json-schema.org/learn/miscellaneous-examples.html) to get familiar with the
 structure.
 
-:::
-
 ## Writing your first custom identity schema
 
 This is the minimum viable identity schema:

@@ -17,12 +17,6 @@ The process of inviting users to an Ory-powered application follows these steps:
 4. The user performs account recovery which forces them to define new credentials.
 5. The user gets a fully functional account with the credentials they defined.
 
-:::info
-
-Automating this process requires writing custom code that relies on the specifics of your implementation.
-
-:::
-
 ## Procedure
 
 Send these API calls to the Admin API to create a new user account and create a recovery link. Admin API calls don't trigger Ory

@@ -130,8 +130,8 @@ Authentication methods are classified into factors:
 
 :::info
 
-When you enable [passwordless authentication with WebAuthn or Passkeys](../passwordless/05_passkeys.mdx), it is not considered as
-a second authentication factor.
+When you enable [passwordless authentication with WebAuthn or Passkeys](../passwordless/05_passkeys.mdx), it isn't considered as a
+second authentication factor.
 
 :::
-Original file line number
+Diff line change
@@ Expand Up @@
       --add '/webfinger/jwks/broadcast_keys/-="custom_keyset"'
     ```
-    :::info
     For more information on how to create a custom keyset, see the [ory create jwk](../cli/ory-create-jwk.md) command.
-    :::