Dev Portal APIs

Uses: Dev Portal

API versioning

When you create your API, you can choose to keep it unversioned or version it using a free text string. This allows you to follow the versioning system of your choice:

Semantic versioning (examples: v1, v2)
Date-based versioning (examples: 2024-05-10, 2024-10-22)
Custom naming scheme (example: a1b2c3-internal-xxyyzz00)

Each API is identified using the combination of name+version. For example, if your API is named My Test API and it has a version of v3, then it will be accessible via the API as my-test-api-v3 in your list of APIs. If a version isn’t specified, then name is used as the unique identifier.

To version an API, do one of the following:

Navigate to Dev Portal > APIs in the sidebar, and then click New API. Enter a version in the API version field. You can also add a version on existing APIs by editing them.

Send a POST request to the /apis/{apiId}/versions endpoint:

 curl -X POST "https://us.api.konghq.com/v3/apis/$API_ID/versions" \
     -H "Authorization: Bearer $KONNECT_TOKEN" \
     --json '{
       "version": "1.0.0",
       "spec": {
         "content": "{\"openapi\":\"3.0.3\",\"info\":{\"title\":\"Example API\",\"version\":\"1.0.0\"},\"paths\":{\"/example\":{\"get\":{\"summary\":\"Example endpoint\",\"responses\":{\"200\":{\"description\":\"Successful response\"}}}}}}"
       }
     }'

      
        
      
    
Copied to clipboard!

Use the konnect_api_version resource:

echo '
resource "konnect_api_version" "my_apiversion" {
  provider = konnect-beta
  api_id = "9f5061ce-78f6-4452-9108-ad7c02821fd5"
  spec = {
    content = "{\"openapi\":\"3.0.3\",\"info\":{\"title\":\"Example API\",\"version\":\"1.0.0\"},\"paths\":{\"/example\":{\"get\":{\"summary\":\"Example endpoint\",\"responses\":{\"200\":{\"description\":\"Successful response\"}}}}}}"
    type    = "oas3"
  }
  version = "1.0.0"
}
' >> main.tf

      
        
      
    
Copied to clipboard!

API specs

All API specification files are validated during upload, although invalid specifications are permitted. If specifications are invalid, features like generated documentation and search may be degraded.

To upload a spec to an API, do one of the following:

Navigate to Dev Portal > APIs in the sidebar and click your API. Click the API specification tab, and then click Upload Spec.

Send a POST request to the /apis/{apiId}/versions endpoint:

 curl -X POST "https://us.api.konghq.com/v3/apis/$API_ID/versions" \
     -H "Authorization: Bearer $KONNECT_TOKEN" \
     --json '{
       "version": "1.0.0",
       "spec": {
         "content": "{\"openapi\":\"3.0.3\",\"info\":{\"title\":\"Example API\",\"version\":\"1.0.0\"},\"paths\":{\"/example\":{\"get\":{\"summary\":\"Example endpoint\",\"responses\":{\"200\":{\"description\":\"Successful response\"}}}}}}"
       }
     }'

      
        
      
    
Copied to clipboard!

Use the konnect_api_version resource:

echo '
resource "konnect_api_version" "my_apiversion" {
  provider = konnect-beta
  api_id = "9f5061ce-78f6-4452-9108-ad7c02821fd5"
  spec = {
    content = "{\"openapi\":\"3.0.3\",\"info\":{\"title\":\"Example API\",\"version\":\"1.0.0\"},\"paths\":{\"/example\":{\"get\":{\"summary\":\"Example endpoint\",\"responses\":{\"200\":{\"description\":\"Successful response\"}}}}}}"
    type    = "oas3"
  }
  version = "1.0.0"
}
' >> main.tf

      
        
      
    
Copied to clipboard!

API spec validation

Konnect looks for the following during spec validation:

Specs must be valid JSON or YAML.
Spec should be valid according to the OpenAPI 2.x or 3.x specification or the AsyncAPI 2.x or 3.0.0 specification.
- OAS validation is performed using Spectral.
- To replicate validation in your own CI/CD pipeline, run spectral lint [spec.yaml] .spectral.yaml, where .spectral.yaml should contain the following:
  - OpenAPI spectral.yaml: Should contain extends: "spectral:oas".
  - AsyncAPI spectral.yaml: Should contain extends: "spectral:asyncapi".
Invalid specs are permitted (with potential degraded experience), and validation_messages captures any validation issues.

API documentation

API documentation is content in Markdown that you can use to provide additional information about your API.

While you are creating or editing an API document, you can also choose to publish it and make it available in your Dev Portal (assuming all parent pages are published as well). Keep the following in mind:

The visibility of an API document is inherited from the API’s visibility and access controls.
If a parent page is unpublished, all child pages will also be unpublished.
If no parent pages are published, no API documentation will be visible, and the APIs list will navigate directly to generated specifications.

To create a new API document, do one of the following:

Navigate to Dev Portal > APIs in the sidebar and click your API. Click the Documentation tab, and then click New document. You can either upload your documentation as an existing a Markdown file or create a new document.

Send a POST request to the /apis/{apiId}/documents endpoint:

 curl -X POST "https://us.api.konghq.com/v3/apis/$API_ID/documents" \
     -H "Authorization: Bearer $KONNECT_TOKEN" \
     --json '{
       "slug": "api-document",
       "status": "published",
       "title": "API Document",
       "content": "# API Document Header"
     }'

      
        
      
    
Copied to clipboard!

Use the konnect_api_document resource:

echo '
resource "konnect_api_document" "my_apidocument" {
  provider = konnect-beta
  api_id             = "9f5061ce-78f6-4452-9108-ad7c02821fd5"
  content            = "...my_content..."
  parent_document_id = "b689d9da-f357-4687-8303-ec1c14d44e37"
  slug               = "api-document"
  status             = "published"
  title              = "API Document"
}
' >> main.tf

      
        
      
    
Copied to clipboard!

Page structure

The slug and parent fields create a tree of documents, and build the URL based on the slug/parent relationship. This document structure lives under a given API:

Page name: The name used to populate the title in the front matter of the Markdown document
Page slug: The slug used to build the URL for the document within the document structure
Parent page: When creating a document, selecting a parent page creates a tree of relationships between the pages. This allows for effectively creating categories of documentation.

For example, if you had a document configured like the following:

API slug: routes
API version: v3
Page 1: about, parent null
Page 2: info, parent about

Based on this data, you get the following generated URLs:

Generated URL for about page: /apis/routes-v3}/docs/about
Generated URL for info page: /apis/routes-v3}/docs/about/info

Allow developers to consume your API

You can link to a Konnect Gateway Service to allow developers to create applications and generate credentials or API keys. This is available to data planes running Kong Gateway 3.6 or later.

This will install the Konnect Application Auth (KAA) plugin on that Service. The KAA plugin can only be configured from the associated Dev Portal and its published APIs.

If you want the Gateway Service to restrict access to the API, configure developer and application registration for your Dev Portal.

To link your API to a Gateway Service, do one of the following:

Navigate to Dev Portal > APIs in the sidebar and click your API. Click the Gateway Service tab, and then click Link Gateway Service.

Send a POST request to the /apis/{apiId}/implementations endpoint:

 curl -X POST "https://us.api.konghq.com/v3/apis/$API_ID/implementations" \
     -H "Authorization: Bearer $KONNECT_TOKEN" \
     --json '{
       "service": {
         "control_plane_id": "'$CONTROL_PLANE_ID'",
         "id": "'$SERVICE_ID'"
       }
     }'

      
        
      
    
Copied to clipboard!

Use the konnect_api_implementation resource:

echo '
resource "konnect_api_implementation" "my_apiimplementation" {
  provider = konnect-beta
  api_id = "9f5061ce-78f6-4452-9108-ad7c02821fd5"
  service = {
    control_plane_id = "9f5061ce-78f6-4452-9108-ad7c02821fd5"
    id               = "7710d5c4-d902-410b-992f-18b814155b53"
  }
}
' >> main.tf

      
        
      
    
Copied to clipboard!

Currently, you APIs can only have a 1:1 mapping with a Gateway Service.

Publish your API to Dev Portal

Publishing an API makes it available to one or more Dev Portals. Publishing an API in the Dev Portal involves several steps:

Create a new API, including the API version.
Upload an OpenAPI spec and/or markdown documentation (one of these is required to generate API docs).
If you want developers to consume the API in a self-serve way, link the API to a Gateway Service.
Publish the API to a Portal and apply an auth strategy. Publishing an API requires you to have the Product Publisher Konnect role.

The visibility of pages and menus is configured independently from APIs, maximizing your flexibility.

v3.6+ An API must be linked to a Konnect Gateway Service to be able to restrict access to your API with authentication strategies.

With the appropriate security and access and approval settings, you can publish an API securely to the appropriate audience. The following table describes various Dev Portal access control scenarios and their settings:

Access use case	Visibility	Authentication strategy	User authentication	Description
Viewable by anyone, no self-service credentials	Public	Disabled	Disabled in security settings	Anyone can view the API’s specs and documentation, but cannot generate credentials and API keys. No developer registration is required.
Viewable by anyone, self-service credentials	Public	`key-auth` (or any other appropriate authentication strategy)	Enabled in security settings	Anyone can view the API’s specs and documentation, but must sign up for a developer account and create an Application to generate credentials and API keys. RBAC is disabled if fine-grained access management is not needed, configured in security settings.
Viewable by anyone, self-service credentials with RBAC	Public	`key-auth` (or any other appropriate Authentication strategy)	Enabled in security settings	Anyone can view the API’s specs and documentation, but must sign up for a developer account and create an Application to generate credentials and API keys. A Konnect Admin must assign a developer to a Team to provide specific role-based access. RBAC is enabled to allow Teams assignments for developers, granting credentials with the API Consumer role.
Sign up required to view API specs and/or documentation	Private	`key-auth` (or any other appropriate Authentication strategy)	Enabled in security settings	All users must sign up for a Developer account to view APIs. They can optionally create an Application to generate credentials/API keys. RBAC can be enabled for Teams assignments for developers, granting credentials with the API Consumer role, configured in security settings.

To publish your API, do one of the following:

Navigate to Dev Portal > APIs in the sidebar and click your API. Click the Portals tab, and then click Publish API.

Send a PUT request to the /apis/{apiId}/publications/{portalId} endpoint:

 curl -X PUT "https://us.api.konghq.com/v3/apis/$API_ID/publications/$PORTAL_ID" \
     -H "Authorization: Bearer $KONNECT_TOKEN"

Copied to clipboard!

Use the konnect_api_publication resource:

echo '
resource "konnect_api_publication" "my_apipublication" {
  provider = konnect-beta
  api_id = "9f5061ce-78f6-4452-9108-ad7c02821fd5"
  auth_strategy_ids = [
    "9c3bed4d-0322-4ea0-ba19-a4bd65d821f6"
  ]
  auto_approve_registrations = true
  portal_id                  = "f32d905a-ed33-46a3-a093-d8f536af9a8a"
  visibility                 = "private"
}
' >> main.tf

      
        
      
    
Copied to clipboard!

Once published, the API appears in the selected Portal. If user authentication is enabled, developers can register, create applications, generate credentials, and begin using the API. If RBAC is enabled, approved developers must be assigned to a team to access the API.

Allow developers to try requests from the Dev Portal spec renderer

When you upload a spec for your API to Dev Portal, you can use the Try it! feature to allow developers to try your API right from Dev Portal. Try it! enables developers to add their authentication credentials, path parameters, and request body from the spec renderer in Dev Portal and send the request with their configuration.

The Try it! feature is enabled by default for published APIs. You can disable it by sending a PATCH request to the /v3/portals/{portalId}/customization endpoint. You must also enable the CORS plugin for this feature to work. Use the table below to determine the appropriate CORS configuration based on the Routes associated with your APIs:

Use case	Headers used	Route configuration	CORS configuration
Simple request	None	No special configuration needed	No CORS configuration required
Requests with any headers	Any header	Add `methods: OPTIONS` to any associated Routes that use the headers.	Enable Try it in Dev Portal for requests with any header
Routes configured with a header to match	Any header that is required by the request	Do one of the following: Add a new Route at the same path with `methods: OPTIONS` configured. Add a global Route (a Route that isn’t associated with a Service) at the Control Plane-level with `methods: OPTIONS` configured (no path needs to be specified).	Enable Try it in Dev Portal for requests with any header

Filtering published APIs in Dev Portal

You can filter and categorize published APIs on your Dev Portals with custom attributes. By assigning attributes to an API, this allows users to filter APIs in the Dev Portal sidebar. For an API, you can define one or more custom attributes, and each attribute can have one or more values. For example, if you had a Billing API, you could label it with "visibility": ["Internal"] and "platform": ["Web", "Mobile"].

For more information about how to use custom attributes for filtering APIs displayed in your Dev Portal, see the MDC documentation.

FAQs

I’m using the Try it feature in the spec renderer to send requests from Dev Portal, but I’m getting a 401. How do I fix it?

I just edited or deleted my spec, document, page, or snippet. Why don’t I immediately see these changes live in the Dev Portal?

Why don’t I see API Products in my Konnect sidebar?