Dev Portal APIs

Uses: Dev Portal
Related Documentation
OpenAPI Specifications
Incompatible with
on-prem

This is a reference guide, you can also follow along with our tutorials:

An API is the interface that you publish to your end customer. They can, and should, include an OpenAPI or AsyncAPI specification or additional documentation to help users get started with your API.

Additionally, you can link your API to a Gateway Service to allow developers to register applications for your specific APIs.

To create an API, do one of the following:

API versioning

When you create your API, you can choose to keep it unversioned or version it using a free text string. This allows you to follow the versioning system of your choice:

  • Semantic versioning (examples: v1, v2)
  • Date-based versioning (examples: 2024-05-10, 2024-10-22)
  • Custom naming scheme (example: a1b2c3-internal-xxyyzz00)

Each API is identified using the combination of name+version. For example, if your API is named My Test API and it has a version of v3, then it will be accessible via the API as my-test-api-v3 in your list of APIs. If a version isn’t specified, then name is used as the unique identifier.

To version an API, do one of the following:

API specs

All API specification files are validated during upload, although invalid specifications are permitted. If specifications are invalid, features like generated documentation and search may be degraded.

To upload a spec to an API, do one of the following:

API spec validation

Konnect looks for the following during spec validation:

  • Specs must be valid JSON or YAML.
  • Spec should be valid according to the OpenAPI 2.x or 3.x specification or the AsyncAPI 2.x or 3.0.0 specification.
    • OAS validation is performed using Spectral.
    • To replicate validation in your own CI/CD pipeline, run spectral lint [spec.yaml] .spectral.yaml, where .spectral.yaml should contain the following:
      • OpenAPI spectral.yaml: Should contain extends: "spectral:oas".
      • AsyncAPI spectral.yaml: Should contain extends: "spectral:asyncapi".
  • Invalid specs are permitted (with potential degraded experience), and validation_messages captures any validation issues.

API documentation

API documentation is content in Markdown that you can use to provide additional information about your API.

While you are creating or editing an API document, you can also choose to publish it and make it available in your Dev Portal (assuming all parent pages are published as well). Keep the following in mind:

  • The visibility of an API document is inherited from the API’s visibility and access controls.
  • If a parent page is unpublished, all child pages will also be unpublished.
  • If no parent pages are published, no API documentation will be visible, and the APIs list will navigate directly to generated specifications.

To create a new API document, do one of the following:

Page structure

The slug and parent fields create a tree of documents, and build the URL based on the slug/parent relationship. This document structure lives under a given API:

  • Page name: The name used to populate the title in the front matter of the Markdown document
  • Page slug: The slug used to build the URL for the document within the document structure
  • Parent page: When creating a document, selecting a parent page creates a tree of relationships between the pages. This allows for effectively creating categories of documentation.

For example, if you had a document configured like the following:

  • API slug: routes
  • API version: v3
  • Page 1: about, parent null
  • Page 2: info, parent about

Based on this data, you get the following generated URLs:

  • Generated URL for about page: /apis/routes-v3}/docs/about
  • Generated URL for info page: /apis/routes-v3}/docs/about/info

Allow developers to consume your API

You can link to a Konnect Gateway Service to allow developers to create applications and generate credentials or API keys. This is available to data planes running Kong Gateway 3.6 or later.

This will install the Konnect Application Auth (KAA) plugin on that Service. The KAA plugin can only be configured from the associated Dev Portal and its published APIs.

If you want the Gateway Service to restrict access to the API, configure developer and application registration for your Dev Portal.

To link your API to a Gateway Service, do one of the following:

Currently, you APIs can only have a 1:1 mapping with a Gateway Service.

Publish your API to Dev Portal

Publishing an API makes it available to one or more Dev Portals. Publishing an API in the Dev Portal involves several steps:

  1. Create a new API, including the API version.
  2. Upload an OpenAPI spec and/or markdown documentation (one of these is required to generate API docs).
  3. If you want developers to consume the API in a self-serve way, link the API to a Gateway Service.
  4. Publish the API to a Portal and apply an auth strategy. Publishing an API requires you to have the Product Publisher Konnect role.
  • The visibility of pages and menus is configured independently from APIs, maximizing your flexibility.
  • v3.6+ An API must be linked to a Konnect Gateway Service to be able to restrict access to your API with authentication strategies.

With the appropriate security and access and approval settings, you can publish an API securely to the appropriate audience. The following table describes various Dev Portal access control scenarios and their settings:

Access use case

Visibility

Authentication strategy

User authentication

Description

Viewable by anyone, no self-service credentials Public Disabled Disabled in security settings Anyone can view the API’s specs and documentation, but cannot generate credentials and API keys. No developer registration is required.
Viewable by anyone, self-service credentials Public key-auth (or any other appropriate authentication strategy) Enabled in security settings Anyone can view the API’s specs and documentation, but must sign up for a developer account and create an Application to generate credentials and API keys.

RBAC is disabled if fine-grained access management is not needed, configured in security settings.
Viewable by anyone, self-service credentials with RBAC Public key-auth (or any other appropriate Authentication strategy) Enabled in security settings Anyone can view the API’s specs and documentation, but must sign up for a developer account and create an Application to generate credentials and API keys.

A Konnect Admin must assign a developer to a Team to provide specific role-based access. RBAC is enabled to allow Teams assignments for developers, granting credentials with the API Consumer role.
Sign up required to view API specs and/or documentation Private key-auth (or any other appropriate Authentication strategy) Enabled in security settings All users must sign up for a Developer account to view APIs. They can optionally create an Application to generate credentials/API keys.

RBAC can be enabled for Teams assignments for developers, granting credentials with the API Consumer role, configured in security settings.

To publish your API, do one of the following:

Once published, the API appears in the selected Portal. If user authentication is enabled, developers can register, create applications, generate credentials, and begin using the API. If RBAC is enabled, approved developers must be assigned to a team to access the API.

Allow developers to try requests from the Dev Portal spec renderer

When you upload a spec for your API to Dev Portal, you can use the Try it! feature to allow developers to try your API right from Dev Portal. Try it! enables developers to add their authentication credentials, path parameters, and request body from the spec renderer in Dev Portal and send the request with their configuration.

The Try it! feature is enabled by default for published APIs. You can disable it by sending a PATCH request to the /v3/portals/{portalId}/customization endpoint. You must also enable the CORS plugin for this feature to work. Use the table below to determine the appropriate CORS configuration based on the Routes associated with your APIs:

Use case Headers used Route configuration CORS configuration
Simple request None No special configuration needed No CORS configuration required
Requests with any headers Any header Add methods: OPTIONS to any associated Routes that use the headers. Enable Try it in Dev Portal for requests with any header
Routes configured with a header to match Any header that is required by the request Do one of the following:
  • Add a new Route at the same path with methods: OPTIONS configured.
  • Add a global Route (a Route that isn’t associated with a Service) at the Control Plane-level with methods: OPTIONS configured (no path needs to be specified).
Enable Try it in Dev Portal for requests with any header

Filtering published APIs in Dev Portal

You can filter and categorize published APIs on your Dev Portals with custom attributes. By assigning attributes to an API, this allows users to filter APIs in the Dev Portal sidebar. For an API, you can define one or more custom attributes, and each attribute can have one or more values. For example, if you had a Billing API, you could label it with "visibility": ["Internal"] and "platform": ["Web", "Mobile"].

For more information about how to use custom attributes for filtering APIs displayed in your Dev Portal, see the MDC documentation.

FAQs

Did this doc help?

Something wrong?

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!