(Legacy) Application Overview
This documentation is for the legacy Konnect environment at konnect.konghq.com. For the cloud.konghq.com environment, see the current Konnect documentation.
Applications consume Services in Konnect via Application-level authentication. Developers, or the persona that logs into the Konnect Dev Portal, use Applications they create in the Dev Portal.
Admins enable application registration through konnect.konghq.com so that Developers can associate Services with Applications.
For a Developer to be able to manage Applications, they must be granted access by an admin to the Konnect Dev Portal. For more information about registering for a Konnect Dev Portal as a Developer, see Developer Registration.
Applications and Services
Multiple Services can be registered to a single Application. In the Konnect Dev Portal, Services registered to an Application will be listed in the Application detail page, available through My Apps in the top-right corner dropdown menu beneath the Developer’s login email.
The purpose of registering Services to an Application is to consume those Services using the Application-level authentication. Grouping authentication enables direct access to multiple Services.
As an example, the Application can represent a mobile banking app and the Services registered to the Application can be a billing API, a users API, and a legal agreements API.
Application authentication
Generate Application credentials through the Konnect Dev Portal in the Application detail page. The Application can have multiple credentials, or API keys. For more information about Application Credentials, refer to Generate Credentials for an Application.
In konnect.konghq.com, admins can access a list of the installed authentication plugins via Shared Config. See Enable Application Registration for a Service for more information about authentication flows.
Konnect-managed plugins
When you enable application registration on a Service, Konnect Cloud enables two plugins automatically: ACL, and one of Key Authentication or OIDC. These plugins run in the background to support application registration for the Service and are managed by Konnect Cloud.
To disable or delete a plugin that was enabled by app registration, you must disable app registration itself. You can’t use the toggle in the Plugins pane on a Service version, as the toggle is unavailable for Konnect-managed plugins.
If using a declarative configuration file to manage your Service, these plugins appear in the file. Do not delete or edit them through declarative configuration, as it will break your Service.
To help differentiate the application registration plugins,
Konnect automatically adds two metadata tags:
konnect-managed-plugin
and konnect-app-registration
.
For example, if you enable application registration from the
Konnect GUI and run deck konnect dump
, you should see
an entry like this for the ACL plugin:
plugins:
- name: acl
config:
allow:
- 0003237b-7e77-4ec4-8dd0-b1b587305c28
deny: null
hide_groups_header: false
enabled: true
protocols:
- grpc
- grpcs
- http
- https
tags:
- konnect-managed-plugin
- konnect-app-registration