Set API product visibility
For the API products that the developer portal serves, you can decide whether the API product is visible to all users (public APIs) or if the API product is hidden until the user is successfully authenticated and authorized (private APIs).
Marking an API product as private requires a user to be properly authorized to see the corresponding APIs in the developer portal. However, private API products do not automatically configure an API product to require an API key when interacting with the API. To secure an API product and its APIs with an API key, see Prepare usage plans for your API products.
Visibility options
Click through the following tabs to learn more about the visibility options that are available to you and the resources you need to configure to implement this option.
By default, the portal's visibility is set to private, which means that all the API products that the portal serves are hidden to the user, until the user is properly authenticated with an OIDC provider and authorized with a portal group.
If you decide to keep all of your API products private, no additional setup in the portal resource or API product is required. However, you must follow the steps to add external authentication with an OIDC provider and authorize users with portal groups.
A public portal does not require authentication for the API products that the portal serves. Any user who accesses the developer portal can view the APIs of the API product. To change the visibility for all API products that the portal serves to public, set the spec.visibility.public
value in your portal resource to true
as shown in the following example.
kubectl apply -f- <<EOF
apiVersion: apimanagement.gloo.solo.io/v2
kind: Portal
metadata:
name: developer-portal
namespace: gloo-mesh-addons
spec:
visibility:
public: true
domains:
- "developer.example.com"
portalBackendSelectors:
- selector:
labels:
app: gloo-mesh-portal-server
usagePlans:
- name: bronze
displayName: "Bronze Plan"
description: "A basic usage plan"
- name: silver
description: "A better usage plan"
- name: gold
description: "The best usage plan!"
apis:
- labels:
portal: dev-portal
EOF
You can choose to set the visibility for your portal to public and select specific API products that you want to hide until the user is properly authenticated and authorized. With this approach, unauthorized users can see only the APIs of public API products. Private APIs are hidden.
-
Decide on a label that you want to use to mark an API product private. For example, your label might be
portal-visibility: private
. -
In your portal resource, configure the
spec.visibility
with both public and private settings. Set the overall visibility topublic: true
. Then, add the label that you want to use to mark API products as private in theprivateAPILabels
section.kubectl apply -f- <<EOF apiVersion: apimanagement.gloo.solo.io/v2 kind: Portal metadata: name: developer-portal namespace: gloo-mesh-addons spec: visibility: public: true privateAPILabels: portal-visibility: private domains: - "developer.example.com" portalBackendSelectors: - selector: labels: app: gloo-mesh-portal-server usagePlans: - name: bronze displayName: "Bronze Plan" description: "A basic usage plan" - name: silver description: "A better usage plan" - name: gold description: "The best usage plan!" apis: - labels: portal: dev-portal EOF
-
Add the label to any API product that you want to mark private. In this example, the
portal-visibility: private
label is added to the route table that represents the petstore API product.kubectl apply -f - << EOF apiVersion: networking.gloo.solo.io/v2 kind: RouteTable metadata: name: petstore-rt namespace: gloo-mesh-gateways labels: portal: dev-portal api: petstore portal-visibility: private spec: http: - name: pets-api labels: usagePlans: dev-portal matchers: - uri: prefix: /pet forwardTo: destinations: - ref: name: pets-rest-api namespace: pets port: number: 5000 - name: users-api labels: usagePlans: dev-portal matchers: - uri: prefix: /user forwardTo: destinations: - ref: name: users-rest-api namespace: users port: number: 5000 - name: store-api labels: usagePlans: dev-portal matchers: - uri: prefix: /store forwardTo: destinations: - ref: name: store-rest-api namespace: store port: number: 5000 portalMetadata: apiProductId: "petstore" apiProductDisplayName: "Pet Store" apiVersion: "v1" title: "Pet Store REST API" description: "Totally awesome API for all things pets!" termsOfService: "You must authenticate to use this API! And other Terms of Service." contact: "support@example.com" license: "License info, such as MIT" lifecycle: "Supported" customMetadata: compatibility: "None" EOF
-
Follow the steps to add external authentication with an OIDC provider and authorize users with portal groups.