Developer self-service and app registration

Konnect Dev Portal provides flexible options for controlling access to content and APIs. When combined with a Gateway Service, developers visiting a Dev Portal can sign up, create an application, register it with an API, and retrieve API keys without intervention from Dev Portal administrators.

Developer self-service consists of two main components:

• User authentication: Allows users to access your Dev Portal by logging in. You can further customize what logged in users can see using RBAC.
• Application registration: Allows developers to use your APIs using credentials and create applications for them.

To enable developer self-service, do the following:

1. Enable user authentication by navigating to Settings > Security in your Dev Portal.

   Developer sign ups and application creation require admin approval by default, which can also be configured in the Dev Portal security settings.

   For private Dev Portals, user authentication is enabled by default, and the default application auth strategy is key authentication.

2. Configure an application authentication strategy by navigating to Settings > Security.

3. Link an API to a Gateway Service.

   This is required to enforce auth strategies.

4. Publish an API to a Dev Portal.

5. Select an authentication strategy when publishing the API to a Dev Portal.

   This only applies to new APIs, it doesn’t retroactively change existing APIs.

6. For public content with restricted access, use visibility settings to show public pages or APIs to anonymous users while restricting actions to logged-in users.

Enabling user authentication requires users to register with the Dev Portal. You can decide which pages remain public and which ones require authentication.

Dev Portal supports the following user authentication types:

• Basic authentication
• OIDC
• SAML

Additionally, you can enable RBAC from your Dev Portal’s security settings to control who can view or view and consume APIs in your Dev Portal. When RBAC is enabled, any Dev Portal teams and roles you apply to a developer will control their access.

Application authentication allows developers to authenticate with your API using credentials. Developers use the credentials from the authentication strategy when they use an API from your Dev Portal. You can define and reuse multiple authentication strategies for different APIs and Dev Portals.

When you select an authentication strategy during API publication to a Dev Portal, Konnect automatically applies the strategy to the linked Gateway Service.

Dev Portal supports the following authentication strategies:

• Key authentication (key-auth)
• OpenID Connect (oidc)
• Dynamic Client Registration (DCR)

If a Gateway Service isn’t associated with the API when you choose an authentication strategy, the settings are saved and applied once a Service is linked. If a Service is later unlinked, the authentication strategy is applied to the next linked Service.

You can choose to auto approve developers and applications or require admin approval for developers and applications by navigating to Settings and the Security tab in your Dev Portal settings.

If your settings require developer or application approval, you can manage approvals by navigating to Access and approvals in the sidebar. Additionally, you can add developers to teams by clicking on the settings menu next to the name of the developer.

Once approved, developers can create applications and view APIs, and the application can generate credentials to use the APIs.

Applications and API keys are specific to a geographic region. When you enable application registration by selecting an authentication strategy during publication, the resulting applications and API keys are tied to the developers and traffic in that region.