Publishing an API makes it available to one or more Dev Portals. With the appropriate security and access and approval settings, you can publish an API securely to the appropriate audience.
Make sure you have created APIs before attempting to publish to them your Dev Portals.
There are two methods for publishing an API:
In both cases, you’ll see the same dialog:
Select an Authentication Strategy.
The default value for this setting is set in Settings > Security for the specific Dev Portal. This determines how developers will generate credentials to call the API.
Select the appropriate Visibility.
The default value for this setting is set in Settings > Security for the specific Dev Portal. Visibility determines if developers need to register to view the API or generate credentials and API keys.
Change the Visibility or Authentication Strategy of an API that has been published to one or more Dev Portals:
Visibility, authentication strategies, and user authentication can be independently configured to maximize flexibility in how you publish your API to a given developer audience.
The following table describes various Dev Portal access control scenarios and their settings:
|
Access use case |
Visibility |
Authentication strategy |
User authentication |
Description |
|---|---|---|---|---|
| Viewable by anyone, no self-service credentials | Public | Disabled | Disabled in security settings | Anyone can view the API’s specs and documentation, but cannot generate credentials and API keys. No developer registration is required. |
| Viewable by anyone, self-service credentials | Public |
key-auth (or any other appropriate authentication strategy)
|
Enabled in security settings |
Anyone can view the API’s specs and documentation, but must sign up for a developer account and create an Application to generate credentials and API keys.
RBAC is disabled if fine-grained access management is not needed, configured in security settings. |
| Viewable by anyone, self-service credentials with RBAC | Public |
key-auth (or any other appropriate Authentication strategy)
|
Enabled in security settings |
Anyone can view the API’s specs and documentation, but must sign up for a developer account and create an Application to generate credentials and API keys.
A Konnect Admin must assign a developer to a Team to provide specific role-based access. RBAC is enabled to allow Teams assignments for developers, granting credentials with the API Consumer role. |
| Sign up required to view API specs and/or documentation | Private |
key-auth (or any other appropriate Authentication strategy)
|
Enabled in security settings |
All users must sign up for a Developer account to view APIs. They can optionally create an Application to generate credentials/API keys.
RBAC can be enabled for Teams assignments for developers, granting credentials with the API Consumer role, configured in security settings. |