Developer self-service and application registration

Konnect Dev Portal provides flexible options for controlling access to content and APIs. When combined with a Gateway Service, developers visiting a Dev Portal can sign up, create an application, register it with an API, and retrieve API keys without intervention from Dev Portal administrators.

Developer self-service consists of two main components:

• User authentication: Allows users to access your Dev Portal by logging in. You can further customize what logged in users can see using RBAC.
• Application registration: Allows developers to use your APIs using credentials and create applications for them.

To enable developer self-service, do the following:

1. Enable user authentication by navigating to Settings > Security in your Dev Portal.

   Developer sign ups and application creation require admin approval by default, which can also be configured in the Dev Portal security settings.

   For private Dev Portals, user authentication is enabled by default, and the default application auth strategy is key authentication.

2. Configure an application authentication strategy by navigating to Settings > Security.
3. Optional: Enable application sharing for developer teams by navigating to your Dev Portal in Konnect and going to Access and approvals > Teams. Click the team, go to Settings and enable Allow team to own applications.

4. Link an API to a Gateway Service.

   This is required to enforce auth strategies.

5. Publish an API to a Dev Portal.
6. Select an authentication strategy when publishing the API to a Dev Portal.
7. For public content with restricted access, use visibility settings to show public pages or APIs to anonymous users while restricting actions to logged-in users.

Enabling user authentication requires users to register with the Dev Portal. You can decide which pages remain public and which ones require authentication.

Dev Portal supports the following user authentication types:

• Basic authentication
• OIDC
• SAML

Additionally, you can enable RBAC from your Dev Portal’s security settings to control who can view or view and consume APIs in your Dev Portal. When RBAC is enabled, any Dev Portal teams and roles you apply to a developer will control their access.

Application authentication allows developers to authenticate with your API using credentials. Developers use the credentials from the authentication strategy when they use an API from your Dev Portal. You can define and reuse multiple authentication strategies for different APIs and Dev Portals.

When you select an authentication strategy during API publication to a Dev Portal, Konnect automatically applies the strategy to the linked Gateway Service.

Dev Portal supports the following authentication strategies:

• Key authentication (key-auth)
• OpenID Connect (oidc)
• Dynamic Client Registration (DCR)

If a Gateway Service isn’t associated with the API when you choose an authentication strategy, the settings are saved and applied once a Service is linked. If a Service is later unlinked, the authentication strategy is applied to the next linked Service.

You can choose to auto approve developers and applications or require admin approval for developers and applications by navigating to Settings and the Security tab in your Dev Portal settings.

If your settings require developer or application approval, you can manage approvals by navigating to Access and approvals in the sidebar. You need the API Registration Approver and Portal Viewer role assigned to the Teams that control the APIs to approve these. Additionally, you can add developers to teams by clicking on the settings menu next to the name of the developer.

Once approved, developers can create applications and view APIs, and the application can generate credentials to use the APIs.

Applications and API keys are specific to a geographic region. When you enable application registration by selecting an authentication strategy during publication, the resulting applications and API keys are tied to the developers and traffic in that region.

You can assign an application to a team so that all members of that team share ownership of the application. Any team member can edit, manage, and use the application. Apps shared by a team appear in each member’s apps in the Dev Portal. Team membership and roles are managed via Dev Portal teams and roles.

This is useful in cases such as when a developer leaves your organization. With team application sharing, the team retains uninterrupted access to the application.

Important considerations:

• All members of the team that owns an application receive full ownership access.
• Applications can only be transferred to teams that have API Consumer access for every API currently registered by the application. Similarly, you can only register APIs to team-owned applications if everyone in the team has access to the API. This is true even if an individual team member has broader access through other teams.

To enable team application sharing, navigate to your Dev Portal in Konnect and click Access and approvals > Teams. Click the relevant team, go to Settings, and enable Allow team to own applications. To transfer ownership of an application to either a developer or team, navigate to the app and from the Actions dropdown menu, select “Transfer ownership”.

For more information about how to configure Dev Portal developer teams, see Dev Portal RBAC. For more information about the developer experience, see Dev Portal developer sign-up.