Package :



Table of Contents


API Products define a group of API Operations (endpoints) to be published for use by Developers. The API Product resource declares which APIs are bundled together as well as how to route to the backends serving those APIs.

API Products also define Usage Plans which are used to define access and rate limits for Identified API Consumers.

Field Type Description
displayInfo User-facing information to display to GUI users for this API Product.
publishRoutes expose Gateway Routes for the APIs published in this API Product. defaults to true..
domains [] the domains that will serve this api product. domains must be unique across all API Products. These must be a valid FQDN or wildcard hostname. Port should not be included here, instead specified on the Gateway resource in Gloo or Istio..
basePath the base path that will serve this api product. endpoint matchers must be unique for a domain+basepath set. incoming requests will be rewritten to match the API WARNING: this field is currently ignored by the server..
apis [] the selection of APIs defined in ApiDocs which this APIProduct exposes..
defaultRoute an optional default configuration for all Operations defined in this APIProduct. Operations contained in this APIProduct will inherit this config when they do not provide their own. If no OperationConfig is defined for an Operation at any level, a route will not be exposed for the Operation..
plans [] a list of Usage Plans available for accessing this API Product. if none are specified, unlimited access will be enabled for unauthorized users..


used to a set of Operations from a specific ApiDoc

Field Type Description
apiDoc A reference to the ApiDoc defining the operations.
openApi a selection of OpenAPI methods.
grpc information specific to a grpc method.


user-facing display information about this

Field Type Description
title string .
description string .
termsOfService string .
contact .
license .
version string .
image The image to display in UIs for this API Product..


Field Type Description
name string .
url string .
email string .


Field Type Description
name string .
url string .


The current status of the APIProduct. The APIProduct will be processed as soon as one or more Portals select it for publishing.

Field Type Description
observedGeneration The observed generation of the APIProduct. When this matches the APIProduct’s metadata.generation, it indicates the status is up-to-date..
state The current state of the APIProduct..
reason A human-readable string explaining the error, if any..
modifiedDate Most recent date the ApiDoc was updated..
usagePlans [] for each Usage Plan defined on the API Product, indicates the APIKeys, if any, provisioned for the plan.
openApiSchema the merged OpenAPI Schema for any selected OpenAPI operations.
grpcDescriptors the merged gRPC Descriptors for any selected gRPC methods.
numberOfEndpoints the total number of API endpoints exposed in the published API Product.
apiRoutes [] an internal representation of the HTTP Routes generated for this API Product. these are translated to Gateway configuration for any enabled routes..


Gives the Status of a Usage P that lives on the portal.

Field Type Description
name string Name of the plan.
provisionedKeys The Secrets containing the APIKeys that have been provisioned for this key scope..


an API Route is a route (matcher + destination) generated from an API definition combined with a Route config. These are translated internally into Istio and Gloo routing configurations.

Field Type Description
operationId the ID of the operation. this can be a gRPC method in the format “package.service.method” or an OpenAPI OperationID.
method the HTTP method of the operation.
path the full HTTP Path of the operation. if a parameter is specified (as in OpenAPI), a regex matcher will be generated..
summary optional description of the route.
route the resolved route config for the API Route..


a list of references to methods in a gRPC definition

Field Type Description
methods [] the list of methods defined in the gRPC Schema.


describes an operation (RPC method) defined in a set of gRPC Descriptors

Field Type Description
serviceName string the name of the gRPC service serving the RPC method..
rpcName string the name of the RPC method as defined on the service..
route Specify a route for exposing the Operation to HTTP traffic. If not provided, this will be inherited from the API Product’s default Route. Route Specifiers can also be placed directly in the API Doc on the operation or service itself. See details on [configuring routing inside of API Docs](

/dev-portal/latest/todo ). |


Field Type Description
operations [] the list of operations to select from in the OpenAPI schema.


describes an operation defined in an OpenAPI schema

Field Type Description
id string the OperationID of the operation. the same ID may not be selected more than once.
route Specify a route for exposing the Operation to HTTP traffic. If not provided, this will be inherited from the API Product’s default Route. Route Specifiers can also be plaed directly in the API Doc on the operation or service itself. See details on [configuring routing inside of API Docs](

/dev-portal/latest/todo ). |


A UsagePlan describes a policy applied to Consumers of an API Product. Rate limits will be applied to HTTP traffic according to the plan for which the API Key was issued.

Field Type Description
name Names must be unique for usage plans.
displayName User-facing display name for the plan.
rateLimit The rate limits enforced for users (API Consumers) of the plan. Leave empty to allow unlimited API access for users of this plan..
authPolicy choose an auth policy for this plan.
allowedScopes [] If using an OAuth Auth Policy, a list of Allowed Scopes must be provided here to properly authorize users authenticated with OAuth.
If an OAuth token carries one of these scopes, the client will be permitted access to the API under this Usage Plan.
Allowed Scopes must be unique (cannot overlap) across all of a Product’s Plans..


a Rate Limit Policy that can be applied to request traffic from an authorized client.

Field Type Description
unit .
requestsPerUnit uint32 .


The set of valid Auth Policies for used to authorize client requests

Name Number Description
Unauthorized 0 Consumers do not require authorization to use this plan. Only one Unauthorized usage plan may exist for an API Product.
APIKey 1 Consumers will authenticate using API Keys created under this usage plan.
OAuth 2 Consumers will authenticate using OAuth tokens. If using OAuth, at least one OAuth scope must be provided in AllowedScopes


Name Number Description