[codex] add code examples and scoped AI prompts to Content APIs quickstart child guides (#108)

* [codex] add code examples and ai prompts to content quickstart child docs

* [codex] tighten content quickstart child code examples

* [codex] collapse child quickstart examples and add node parity

* [codex] fix child quickstart accordion scope and env validation

Author: basit3407

docs/quickstart/first-api-call.md

@@ -7,6 +7,8 @@ keywords:
   - "x-client-id"
   - "chapters endpoint"
   - "backend proxy"
+  - "Python requests chapters example"
+  - "Node fetch chapters example"
 sidebar_label: "First API Call"
 displayed_sidebar: "APIsSidebar"
 ---
@@ -37,6 +39,80 @@ curl --request GET \
   --header "x-client-id: YOUR_CLIENT_ID"
 ```
 
+<details>
+<summary><b>Expand for Python and Node.js request examples</b></summary>
+
+### Python Example (`requests`)
+
+```python
+import os
+
+import requests
+
+API_BASE_BY_ENV = {
+    "production": "https://apis.quran.foundation",
+    "prelive": "https://apis-prelive.quran.foundation",
+}
+env = os.getenv("QF_ENV", "prelive")
+if env not in API_BASE_BY_ENV:
+    raise ValueError(
+        f"Invalid QF_ENV value: {env!r}. Expected 'prelive' or 'production'."
+    )
+
+API_BASE_URL = API_BASE_BY_ENV[env]
+access_token = "YOUR_ACCESS_TOKEN"  # Replace with your token helper or prior manual-auth step.
+
+response = requests.get(
+    f"{API_BASE_URL}/content/api/v4/chapters",
+    headers={
+        "x-auth-token": access_token,
+        "x-client-id": os.environ["QF_CLIENT_ID"],
+    },
+    timeout=30,
+)
+response.raise_for_status()
+
+data = response.json()
+print(data["chapters"][0]["name_simple"])
+```
+
+This example uses `YOUR_ACCESS_TOKEN` as a placeholder. In production, reuse your token helper or cache from the [manual authentication](/docs/quickstart/manual-authentication) step instead of exporting one-off token environment variables.
+
+### Node.js Example (`fetch`)
+
+This example assumes Node 18+ or another runtime with a global `fetch` implementation.
+
+```js
+async function listChapters() {
+  const apiBaseByEnv = {
+    production: "https://apis.quran.foundation",
+    prelive: "https://apis-prelive.quran.foundation",
+  };
+  const env = process.env.QF_ENV ?? "prelive";
+  if (!(env in apiBaseByEnv)) {
+    throw new Error("QF_ENV must be 'prelive' or 'production'");
+  }
+
+  const apiBaseUrl = apiBaseByEnv[env];
+
+  const response = await fetch(`${apiBaseUrl}/content/api/v4/chapters`, {
+    headers: {
+      "x-auth-token": "YOUR_ACCESS_TOKEN",
+      "x-client-id": process.env.QF_CLIENT_ID,
+    },
+  });
+
+  if (!response.ok) {
+    throw new Error(`Chapters request failed: ${response.status}`);
+  }
+
+  const data = await response.json();
+  console.log(data.chapters[0].name_simple);
+}
+```
+
+</details>
+
 ### Example Successful Response
 
 ```json
@@ -73,6 +149,31 @@ const response = await fetch("/chapters");
 const data = await response.json();
 ```
 
+## AI Handoff Prompt
+
+Use this prompt when you want an AI coding tool to wire up the first authenticated Content API request:
+
+<details>
+<summary><b>Expand AI handoff prompt</b></summary>
+
+```text
+Implement the first authenticated Quran Foundation Content API call on the backend.
+
+Requirements
+- Call GET /content/api/v4/chapters against the correct prelive or production base URL.
+- Send both required headers: x-auth-token and x-client-id.
+- Reuse the existing backend token helper instead of requesting a new token for every request.
+- Expose a backend route or service method that returns the chapters response without leaking credentials to the frontend.
+- Verify success by checking that the response contains a chapters array.
+
+Documentation to follow
+- First API call: https://api-docs.quran.foundation/docs/quickstart/first-api-call
+- Token management: https://api-docs.quran.foundation/docs/quickstart/token-management
+- Content API reference: https://api-docs.quran.foundation/docs/category/content-apis
+```
+
+</details>
+
 ## Verification Checklist
 
 - The request returns JSON with a `chapters` array.

docs/quickstart/manual-authentication.md

@@ -6,6 +6,8 @@ keywords:
   - "client credentials"
   - "manual authentication"
   - "content scope"
+  - "Python requests token request"
+  - "Node fetch client credentials"
 sidebar_label: "Manual Authentication"
 displayed_sidebar: "APIsSidebar"
 ---
@@ -57,6 +59,101 @@ curl --request POST \
   --data 'grant_type=client_credentials&scope=content'
 ```
 
+<details>
+<summary><b>Expand for Python and Node.js token request examples</b></summary>
+
+### Python Example (`requests`)
+
+```python
+import os
+
+import requests
+from requests.auth import HTTPBasicAuth
+
+AUTH_BASE_BY_ENV = {
+    "prelive": "https://prelive-oauth2.quran.foundation",
+    "production": "https://oauth2.quran.foundation",
+}
+
+env = os.getenv("QF_ENV", "prelive")
+if env not in AUTH_BASE_BY_ENV:
+    raise ValueError(
+        f"Invalid QF_ENV value: {env!r}. Expected 'prelive' or 'production'."
+    )
+
+AUTH_BASE_URL = AUTH_BASE_BY_ENV[env]
+
+response = requests.post(
+    f"{AUTH_BASE_URL}/oauth2/token",
+    auth=HTTPBasicAuth(
+        os.environ["QF_CLIENT_ID"],
+        os.environ["QF_CLIENT_SECRET"],
+    ),
+    headers={"Content-Type": "application/x-www-form-urlencoded"},
+    data={
+        "grant_type": "client_credentials",
+        "scope": "content",
+    },
+    timeout=30,
+)
+response.raise_for_status()
+
+token = response.json()
+access_token = token["access_token"]
+expires_in = token["expires_in"]
+```
+
+### Node.js Example (`fetch`)
+
+This example assumes Node 18+ or another runtime with a global `fetch` implementation.
+
+```js
+async function getToken() {
+  const authBaseByEnv = {
+    production: "https://oauth2.quran.foundation",
+    prelive: "https://prelive-oauth2.quran.foundation",
+  };
+  const env = process.env.QF_ENV ?? "prelive";
+  if (!(env in authBaseByEnv)) {
+    throw new Error("QF_ENV must be 'prelive' or 'production'");
+  }
+
+  const authBaseUrl = authBaseByEnv[env];
+
+  const basicAuth = Buffer.from(
+    `${process.env.QF_CLIENT_ID}:${process.env.QF_CLIENT_SECRET}`,
+  ).toString("base64");
+
+  const response = await fetch(`${authBaseUrl}/oauth2/token`, {
+    method: "POST",
+    headers: {
+      Authorization: `Basic ${basicAuth}`,
+      "Content-Type": "application/x-www-form-urlencoded",
+    },
+    body: new URLSearchParams({
+      grant_type: "client_credentials",
+      scope: "content",
+    }),
+  });
+
+  if (!response.ok) {
+    throw new Error(`Token request failed: ${response.status}`);
+  }
+
+  return response.json();
+}
+
+getToken()
+  .then(({ expires_in }) => {
+    console.log("Fetched token that expires in", expires_in, "seconds");
+  })
+  .catch((error) => {
+    console.error("Token request failed:", error);
+  });
+```
+
+</details>
+
 ### Sample Token Response
 
 ```json
@@ -81,6 +178,30 @@ Recommended pattern:
 3. Use the token when your backend calls the Content APIs.
 4. Return only the API data your frontend needs.
 
+## AI Handoff Prompt
+
+Use this prompt when you want an AI coding tool to implement manual token retrieval on your backend:
+
+<details>
+<summary><b>Expand AI handoff prompt</b></summary>
+
+```text
+Implement Quran Foundation Content API token retrieval on the backend.
+
+Requirements
+- Read QF_CLIENT_ID, QF_CLIENT_SECRET, and QF_ENV from environment variables.
+- Use prelive -> https://prelive-oauth2.quran.foundation and production -> https://oauth2.quran.foundation.
+- Request POST /oauth2/token with HTTP Basic auth, grant_type=client_credentials, and scope=content.
+- Return access_token and expires_in from the token response.
+- Do not expose client_secret to browser or mobile code.
+
+Documentation to follow
+- Manual authentication: https://api-docs.quran.foundation/docs/quickstart/manual-authentication
+- Token management: https://api-docs.quran.foundation/docs/quickstart/token-management
+```
+
+</details>
+
 ## Continue the Manual Flow
 
 - [Token management](/docs/quickstart/token-management) for caching, early re-requesting, and 401 retry behavior.

docs/quickstart/migration.md

@@ -6,6 +6,8 @@ keywords:
   - "Quran Foundation Content APIs"
   - "OAuth2 migration"
   - "client credentials migration"
+  - "Python requests migration example"
+  - "Node fetch migration example"
 sidebar_label: "Migration"
 displayed_sidebar: "APIsSidebar"
 ---
@@ -41,13 +43,122 @@ The main changes are the base URL and authentication model. The endpoints, query
 5. Add `x-auth-token` and `x-client-id` to every Content API request.
 6. Verify the migration with `GET /content/api/v4/chapters`.
 
+## Before and After Example
+
+Older unauthenticated request:
+
+```bash
+curl --request GET \
+  --url https://api.quran.com/api/v4/chapters
+```
+
+Updated authenticated request (replace `{apiBaseUrl}` with your prelive or production Content API base URL):
+
+```bash
+curl --request GET \
+  --url {apiBaseUrl}/content/api/v4/chapters \
+  --header "x-auth-token: YOUR_ACCESS_TOKEN" \
+  --header "x-client-id: YOUR_CLIENT_ID"
+```
+
+<details>
+<summary><b>Expand for Python and Node.js migration examples</b></summary>
+
+Python migration example:
+
+```python
+import os
+
+import requests
+
+API_BASE_BY_ENV = {
+    "production": "https://apis.quran.foundation",
+    "prelive": "https://apis-prelive.quran.foundation",
+}
+env = os.getenv("QF_ENV", "prelive")
+if env not in API_BASE_BY_ENV:
+    raise ValueError(
+        f"Invalid QF_ENV value: {env!r}. Expected 'prelive' or 'production'."
+    )
+
+API_BASE_URL = API_BASE_BY_ENV[env]
+access_token = "YOUR_ACCESS_TOKEN"  # Replace with your token helper or prior manual-auth step.
+
+response = requests.get(
+    f"{API_BASE_URL}/content/api/v4/chapters",
+    headers={
+        "x-auth-token": access_token,
+        "x-client-id": os.environ["QF_CLIENT_ID"],
+    },
+    timeout=30,
+)
+response.raise_for_status()
+```
+
+Node.js migration example:
+
+```js
+async function fetchChapters() {
+  const apiBaseByEnv = {
+    production: "https://apis.quran.foundation",
+    prelive: "https://apis-prelive.quran.foundation",
+  };
+  const env = process.env.QF_ENV ?? "prelive";
+  if (!(env in apiBaseByEnv)) {
+    throw new Error("QF_ENV must be 'prelive' or 'production'");
+  }
+
+  const apiBaseUrl = apiBaseByEnv[env];
+
+  const response = await fetch(`${apiBaseUrl}/content/api/v4/chapters`, {
+    headers: {
+      "x-auth-token": "YOUR_ACCESS_TOKEN",
+      "x-client-id": process.env.QF_CLIENT_ID,
+    },
+  });
+
+  if (!response.ok) {
+    throw new Error(`Migration check failed: ${response.status}`);
+  }
+
+  return response.json();
+}
+```
+
+</details>
+
 ## Compatibility Notes
 
 - Tokens are environment-specific. Do not use prelive tokens against production or the reverse.
 - This quickstart flow does not use refresh tokens. Re-request the access token instead.
 - A `403` usually points to missing permissions or the wrong scope. Use `scope=content`.
 - A `401` usually means the token expired or was invalid. Re-request once and retry once.
 
+## AI Handoff Prompt
+
+Use this prompt when you want an AI coding tool to update an older `api.quran.com` integration:
+
+<details>
+<summary><b>Expand AI handoff prompt</b></summary>
+
+```text
+Migrate an existing api.quran.com Content API integration to Quran Foundation Content APIs.
+
+Requirements
+- Replace the old base URL with the correct Quran Foundation prelive or production base URL.
+- Add backend-only OAuth2 Client Credentials token retrieval with scope=content.
+- Add x-auth-token and x-client-id to every Content API request.
+- Preserve existing endpoint paths, query parameters, and response handling where the API contract is unchanged.
+- Verify the migration with GET /content/api/v4/chapters.
+
+Documentation to follow
+- Migration guide: https://api-docs.quran.foundation/docs/quickstart/migration
+- Manual authentication: https://api-docs.quran.foundation/docs/quickstart/manual-authentication
+- First API call: https://api-docs.quran.foundation/docs/quickstart/first-api-call
+```
+
+</details>
+
 ## Related Docs
 
 - [Manual authentication](/docs/quickstart/manual-authentication) for credentials and token requests.