Navigation :

Set API product visibility

For the API products that the developer portal serves, you can decide whether the API product is visible to all users (public APIs) or if the API product is hidden until the user is successfully authenticated and authorized (private APIs).

Marking an API product as private requires a user to be properly authorized to see the corresponding APIs in the developer portal. However, private API products do not automatically configure an API product to require an API key when interacting with the API. To secure an API product and its APIs with an API key, see Prepare usage plans for your API products.

Visibility options

Click through the following tabs to learn more about the visibility options that are available to you and the resources you need to configure to implement this option.

Private APIs (Default)
Public APIs
Public and private APIs

By default, the portal's visibility is set to private, which means that all the API products that the portal serves are hidden to the user, until the user is properly authenticated with an OIDC provider and authorized with a portal group.

If you decide to keep all of your API products private, no additional setup in the portal resource or API product is required. However, you must follow the steps to add external authentication with an OIDC provider and authorize users with portal groups.

A public portal does not require authentication for the API products that the portal serves. Any user who accesses the developer portal can view the APIs of the API product. To change the visibility for all API products that the portal serves to public, set the spec.visibility.public value in your portal resource to true as shown in the following example.

kubectl apply -f- <<EOF
apiVersion: apimanagement.gloo.solo.io/v2
kind: Portal
metadata:
  name: developer-portal
  namespace: gloo-mesh-addons
spec:
  visibility:
    public: true
  domains:
    - "developer.example.com"
  portalBackendSelectors:
    - selector:
        labels:
          app: gloo-mesh-portal-server
  usagePlans:
    - name: bronze
      displayName: "Bronze Plan"
      description: "A basic usage plan"
    - name: silver
      description: "A better usage plan"
    - name: gold
      description: "The best usage plan!"
  apis:
    - labels:
        portal: dev-portal
EOF

You can choose to set the visibility for your portal to public and select specific API products that you want to hide until the user is properly authenticated and authorized. With this approach, unauthorized users can see only the APIs of public API products. Private APIs are hidden.

Decide on a label that you want to use to mark an API product private. For example, your label might be portal-visibility: private.

In your portal resource, configure the spec.visibility with both public and private settings. Set the overall visibility to public: true. Then, add the label that you want to use to mark API products as private in the privateAPILabels section.

kubectl apply -f- <<EOF
apiVersion: apimanagement.gloo.solo.io/v2
kind: Portal
metadata:
  name: developer-portal
  namespace: gloo-mesh-addons
spec:
  visibility:
    public: true
    privateAPILabels:
      portal-visibility: private
  domains:
    - "developer.example.com"
  portalBackendSelectors:
    - selector:
        labels:
          app: gloo-mesh-portal-server
  usagePlans:
    - name: bronze
      displayName: "Bronze Plan"
      description: "A basic usage plan"
    - name: silver
      description: "A better usage plan"
    - name: gold
      description: "The best usage plan!"
  apis:
    - labels:
        portal: dev-portal
EOF

Add the label to any API product that you want to mark private. In this example, the portal-visibility: private label is added to the route table that represents the petstore API product.

kubectl apply -f - << EOF
apiVersion: networking.gloo.solo.io/v2
kind: RouteTable
metadata:
  name: petstore-rt
  namespace: gloo-mesh-gateways
  labels:
    portal: dev-portal
    api: petstore
    portal-visibility: private
spec:
  http:
  - name: pets-api
    labels:
      usagePlans: dev-portal
    matchers:
    - uri:
        prefix: /pet
    forwardTo:
      destinations:
      - ref:
          name: pets-rest-api
          namespace: pets
        port:
          number: 5000
  - name: users-api
    labels:
      usagePlans: dev-portal
    matchers:
    - uri:
        prefix: /user
    forwardTo:
      destinations:
      - ref:
          name: users-rest-api
          namespace: users
        port:
          number: 5000
  - name: store-api
    labels:
      usagePlans: dev-portal
    matchers:
    - uri:
        prefix: /store
    forwardTo:
      destinations:
      - ref:
          name: store-rest-api
          namespace: store
        port:
          number: 5000
  portalMetadata:
    apiProductId: "petstore"
    apiProductDisplayName: "Pet Store"
    apiVersion: "v1"
    title: "Pet Store REST API"
    description: "Totally awesome API for all things pets!"
    termsOfService: "You must authenticate to use this API! And other Terms of Service."
    contact: "support@example.com"
    license: "License info, such as MIT"
    lifecycle: "Supported"
    customMetadata:
      compatibility: "None"
EOF

Follow the steps to add external authentication with an OIDC provider and authorize users with portal groups.

Next steps

Next, add usage plans to the portal.

When you are done with trying out Portal, you can clean up all of the resources that you created.