[DOCS] Corrected API path for invalidate token and SSL certificate examples (#39530)

x-pack/docs/build.gradle

@@ -92,6 +92,7 @@ buildRestTests.docs = fileTree(projectDir) {
     exclude 'build'
     // These file simply doesn't pass yet. We should figure out how to fix them.
     exclude 'en/watcher/reference/actions.asciidoc'
+    exclude 'en/rest-api/security/ssl.asciidoc'
 }
 
 Map<String, String> setups = buildRestTests.setups

x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc

@@ -22,7 +22,8 @@ can no longer be used. That time period is defined by the
 The refresh tokens returned by the <<security-api-get-token,get token API>> are
 only valid for 24 hours. They can also be used exactly once.
 
-If you want to invalidate one or more access or refresh tokens immediately, use this invalidate token API.
+If you want to invalidate one or more access or refresh tokens immediately, use
+this invalidate token API.
 
 
 ==== Request Body
@@ -31,26 +32,56 @@ The following parameters can be specified in the body of a DELETE request and
 pertain to invalidating tokens:
 
 `token` (optional)::
-(string) An access token. This parameter cannot be used any of `refresh_token`, `realm_name` or
-         `username` are used.
+(string) An access token. This parameter cannot be used any of `refresh_token`,
+`realm_name` or `username` are used.
 
 `refresh_token` (optional)::
-(string) A refresh token. This parameter cannot be used any of `refresh_token`, `realm_name` or
-                          `username` are used.
+(string) A refresh token. This parameter cannot be used any of `refresh_token`,
+`realm_name` or `username` are used.
 
 `realm_name` (optional)::
-(string) The name of an authentication realm. This parameter cannot be used with either `refresh_token` or `token`.
+(string) The name of an authentication realm. This parameter cannot be used with
+either `refresh_token` or `token`.
 
 `username` (optional)::
-(string) The username of a user. This parameter cannot be used with either `refresh_token` or `token`
+(string) The username of a user. This parameter cannot be used with either
+`refresh_token` or `token`
 
-NOTE: While all parameters are optional, at least one of them is required. More specifically, either one of `token`
-or `refresh_token` parameters is required. If none of these two are specified, then `realm_name` and/or `username`
-need to be specified.
+NOTE: While all parameters are optional, at least one of them is required. More
+specifically, either one of `token` or `refresh_token` parameters is required.
+If none of these two are specified, then `realm_name` and/or `username` need to
+be specified.
 
 ==== Examples
 
-The following example invalidates the specified token immediately:
+For example, if you create a token using the `client_credentials` grant type as
+follows:
+
+[source,js]
+--------------------------------------------------
+POST /_security/oauth2/token
+{
+  "grant_type" : "client_credentials"
+}
+--------------------------------------------------
+// CONSOLE
+// TEST
+
+The get token API returns the following information about the access token:
+
+[source,js]
+--------------------------------------------------
+{
+  "access_token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==",
+  "type" : "Bearer",
+  "expires_in" : 1200
+}
+--------------------------------------------------
+// CONSOLE
+// TESTRESPONSE[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/]
+
+This access token can now be immediately invalidated, as shown in the following
+example:
 
 [source,js]
 --------------------------------------------------
@@ -59,57 +90,97 @@ DELETE /_security/oauth2/token
   "token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ=="
 }
 --------------------------------------------------
-// NOTCONSOLE
+// CONSOLE
+// TEST[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/]
+// TEST[continued]
 
-whereas the following example invalidates the specified refresh token immediately:
+If you used the `password` grant type to obtain a token for a user, the response
+might also contain a refresh token. For example:
+
+[source,js]
+--------------------------------------------------
+POST /_security/oauth2/token
+{
+  "grant_type" : "password",
+  "username" : "test_admin",
+  "password" : "x-pack-test-password"
+}
+--------------------------------------------------
+// CONSOLE
+// TEST
+
+The get token API returns the following information:
+
+[source,js]
+--------------------------------------------------
+{
+  "access_token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==",
+  "type" : "Bearer",
+  "expires_in" : 1200,
+  "refresh_token": "vLBPvmAB6KvwvJZr27cS"
+}
+--------------------------------------------------
+// CONSOLE
+// TESTRESPONSE[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/]
+// TESTRESPONSE[s/vLBPvmAB6KvwvJZr27cS/$body.refresh_token/]
+
+The refresh token can now also be immediately invalidated as shown 
+in the following example:
 
 [source,js]
 --------------------------------------------------
 DELETE /_security/oauth2/token
 {
-  "refresh_token" : "movUJjPGRRC0PQ7+NW0eag"
+  "refresh_token" : "vLBPvmAB6KvwvJZr27cS"
 }
 --------------------------------------------------
-// NOTCONSOLE
+// CONSOLE
+// TEST[s/vLBPvmAB6KvwvJZr27cS/$body.refresh_token/]
+// TEST[continued]
 
-The following example invalidates all access tokens and refresh tokens for the `saml1` realm immediately:
+The following example invalidates all access tokens and refresh tokens for the
+`saml1` realm immediately:
 
 [source,js]
 --------------------------------------------------
-DELETE /_xpack/security/oauth2/token
+DELETE /_security/oauth2/token
 {
   "realm_name" : "saml1"
 }
 --------------------------------------------------
-// NOTCONSOLE
+// CONSOLE
+// TEST
 
-The following example invalidates all access tokens and refresh tokens for the user `myuser` in all realms immediately:
+The following example invalidates all access tokens and refresh tokens for the
+user `myuser` in all realms immediately:
 
 [source,js]
 --------------------------------------------------
-DELETE /_xpack/security/oauth2/token
+DELETE /_security/oauth2/token
 {
   "username" : "myuser"
 }
 --------------------------------------------------
-// NOTCONSOLE
+// CONSOLE
+// TEST
 
-Finally, the following example invalidates all access tokens and refresh tokens for the user `myuser` in
- the `saml1` realm immediately:
+Finally, the following example invalidates all access tokens and refresh tokens
+for the user `myuser` in the `saml1` realm immediately:
 
 [source,js]
 --------------------------------------------------
-DELETE /_xpack/security/oauth2/token
+DELETE /_security/oauth2/token
 {
   "username" : "myuser",
   "realm_name" : "saml1"
 }
 --------------------------------------------------
-// NOTCONSOLE
+// CONSOLE
+// TEST
 
-A successful call returns a JSON structure that contains the number of tokens that were invalidated, the number
-of tokens that had already been invalidated, and potentially a list of errors encountered while invalidating
-specific tokens.
+A successful call returns a JSON structure that contains the number of tokens
+that were invalidated, the number of tokens that had already been invalidated,
+and potentially a list of errors encountered while invalidating specific tokens.
 
 [source,js]
 --------------------------------------------------

x-pack/docs/en/rest-api/security/ssl.asciidoc

@@ -78,12 +78,13 @@ node of {es}:
 
 [source,js]
 --------------------------------------------------
-GET /_xpack/certificates
+GET /_ssl/certificates
 --------------------------------------------------
 // CONSOLE
-// TEST[skip:todo]
+// TEST
 
 The API returns the following results:
+
 [source,js]
 ----
 [