Skip to content
2023 API Summit Hackathon: Experiment with AI for APIs (August 28 - September 27) Learn More →
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
      Lightweight, fast, and flexible cloud-native API gateway
      Kong Konnect
      Single platform for SaaS end-to-end connectivity
      Kong Mesh
      Enterprise service mesh based on Kuma and Envoy
      decK
      Helps manage Kong’s configuration in a declarative fashion
      Kong Ingress Controller
      Works inside a Kubernetes cluster and configures Kong to proxy traffic
      Insomnia
      Collaborative API development platform
      Kuma
      Open-source distributed control plane with a bundled Envoy Proxy integration
      Docs Contribution Guidelines
      Want to help out, or found an issue in the docs and want to let us know?
  • API Specs
  • Plugin Hub
    • Explore the Plugin Hub
      View all plugins View all plugins View all plugins arrow image
    • Functionality View all View all arrow image
      View all plugins
      Authentication's icon
      Authentication
      Protect your services with an authentication layer
      Security's icon
      Security
      Protect your services with additional security layer
      Traffic Control's icon
      Traffic Control
      Manage, throttle and restrict inbound and outbound API traffic
      Serverless's icon
      Serverless
      Invoke serverless functions in combination with other plugins
      Analytics & Monitoring's icon
      Analytics & Monitoring
      Visualize, inspect and monitor APIs and microservices traffic
      Transformations's icon
      Transformations
      Transform request and responses on the fly on Kong
      Logging's icon
      Logging
      Log request and response data using the best transport for your infrastructure
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
Kong Gateway
3.1.x
  • Home icon
  • Kong Gateway
  • Kong Enterprise
  • Dev Portal
  • Applications
  • Enable Application Registration
github-edit-pageEdit this page
report-issueReport an issue
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kong Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • 3.4.x (latest)
  • 3.3.x
  • 3.2.x
  • 3.1.x
  • 3.0.x
  • 2.8.x
  • 2.7.x
  • 2.6.x
  • Archive (pre-2.6)
enterprise-switcher-icon Switch to OSS
On this pageOn this page
  • Prerequisites
  • Enable Application Registration on a Service using Kong Manager
    • Application Registration Configuration Parameters
  • Next steps
You are browsing documentation for an outdated version. See the latest documentation here.

Enable Application Registration

Application Registration allows registered developers on the Kong Dev Portal to authenticate with supported Authentication plugins against a Service on Kong. Either Kong Gateway or external identity provider admins can selectively admit access to Services using Kong Manager.

Prerequisites

  • Dev Portal is enabled on the same Workspace as the Service.
  • The Service is created and enabled with HTTPS.
  • Authentication is enabled on the Dev Portal.
  • Logged in as an admin with read and write roles on applications, services, and developers.
  • The portal_app_auth configuration option is configured for your OAuth provider and strategy (kong-oauth2 default or external-oauth2). See Configure the Authorization Provider Strategy for the Portal Application Registration plugin.
  • Authorization provider configured if using a supported third-party identity provider with the OIDC plugin:
    • For example instructions using Okta as an identity provider, refer to the Okta example.
    • For example instructions using Azure AD as an identity provider, refer to the Azure example.

Enable Application Registration on a Service using Kong Manager

To use Application Registration on a Service, the Portal Application Registration Plugin must be enabled on a Service.

In Kong Manager, access the Service for which you want to enable Application Registration:

  1. From your Workspace, in the left navigation pane, go to API Gateway > Services.
  2. On the Services page, select the Service and click View.
  3. In the Plugins pane in the Services page, click Add a Plugin.
  4. On the Add New Plugin page in the Authentication section, find the Portal Application Registration Plugin and click Enable.

    Portal Application Registration

  5. Enter the configuration settings. Use the parameters in the next section, Application Registration Configuration Parameters, to complete the fields.

    Create application-registration plugin

    Important: Exposing the Issuer URL is essential for the Authorization Code Flow workflow configured for third-party identity providers.

    Issuer URL

  6. Click Create.

Application Registration Configuration Parameters

Form Parameter Description
Service The Service that this plugin configuration will target. Required.
Tags A set of strings for grouping and filtering, separated by commas. Optional.
Auto Approve If enabled, all new Service contract requests are automatically approved. Otherwise, Dev Portal admins must manually approve requests. Default: false.
Description Description displayed in the information about a Service in the Dev Portal. Optional.
Display Name Unique name displayed in the information about a Service in the Dev Portal. Required.
Show Issuer Displays the Issuer URL in the Service Details page. Default: false. Important: Exposing the Issuer URL is essential for the Authorization Code Flow workflow configured for third-party identity providers.

Next steps

Kong OAuth2 strategy:

  • If using the Kong-managed authorization strategy (kong-oauth2) with the OAuth2 plugin, configure the Kong OAuth2 plugin as appropriate for your authorization requirements. You can use either the Kong Manager GUI or cURL commands as documented on the Plugin Hub. The OAuth2 plugin cannot be used in hybrid mode.
  • If using the Kong-managed authorization strategy (kong-oauth2) with key authentication, configure the Kong Key Auth plugin as appropriate for your authorization requirements. You can use either the Kong Manager GUI or cURL commands as documented on the Plugin Hub. The Key Auth plugin cannot be used in hybrid mode.

External OAuth2 strategy:

  • If using the third-party authorization strategy (external-oauth2), configure the OIDC plugin. You can use the Kong Manager GUI or cURL commands as documented on the Plugin Hub. When your deployment is hybrid mode, the OIDC plugin must be configured to handle authentication for the Portal Application Registration plugin.
Thank you for your feedback.
Was this page useful?
Too much on your plate? close cta icon
More features, less infrastructure with Kong Konnect. 1M requests per month for free.
Try it for Free
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023