diff --git a/app/_includes/dev-portal/create-app-api.md b/app/_includes/dev-portal/create-app-api.md new file mode 100644 index 0000000000..104cd2b9d3 --- /dev/null +++ b/app/_includes/dev-portal/create-app-api.md @@ -0,0 +1,49 @@ +You can automate applications and application registrations on behalf of a developer or team using the {{site.konnect_short_name}} API. +The [authentication strategy](/dev-portal/auth-strategies/) you want to use must be enabled on your {{site.dev_portal}} and your published API. + +1. Create a developer application by sending a `POST` request to the `/portals/{portalId}/applications` endpoint: +{% capture create-application %} + +{% konnect_api_request %} +url: /v3/portals/$DEV_PORTAL_ID/applications +method: POST +status_code: 201 +body: + name: "KongAir Application" + description: "A portal application provisioned for a developer by a Portal Admin." + auth_strategy_id: "$AUTH_STRATEGY_ID" + owner: + id: "$DEVELOPER_ID" + type: "developer" +{% endkonnect_api_request %} + +{% endcapture %} +{{create-application | indent: 3}} + + If the application is for a team, configure `type: team`. + +1. Copy and export the application ID: + ```sh + export APPLICATION_ID='YOUR APPLICATION ID' + ``` + +1. Create an application registration by sending a `POST` request to the `/portals/{portalId}/applications/{applicationId}/registrations` endpoint: +{% capture create-application-registration %} + +{% konnect_api_request %} +url: /v3/portals/$DEV_PORTAL_ID/applications/$APPLICATION_ID/registrations +method: POST +status_code: 201 +body: + api_id: "$API_ID" + status: "approved" +{% endkonnect_api_request %} + +{% endcapture %} +{{create-application-registration | indent: 3}} + + {:.warning} + > **DCR applications:** + > If the application will be using a DCR provider with the given auth strategy, your configuration depends on your use case: + > * You want to create a new DCR application, where the IdP client will be created in the identity provider and assigned a `client_id`. This will be set as the `client_id` of the application and can't be changed moving forward. **Do not** specify `dcr_client_id` or `client_id` in this case. `client_id` will be present in the response. + > * You want to create an application that is linked to an existing IdP client, but treated as if it was created via the DCR app creation process. This allows you to import existing IdP clients when onboarding your applications into {{site.konnect_short_name}}. In this case, you must specify `dcr_client_id` and `client_id` will be present in the response. diff --git a/app/_includes/dev-portal/create-dev-api.md b/app/_includes/dev-portal/create-dev-api.md new file mode 100644 index 0000000000..c26cbea7b8 --- /dev/null +++ b/app/_includes/dev-portal/create-dev-api.md @@ -0,0 +1,45 @@ +You can pre-create developer accounts to provision their team association and API access before they access the {{site.dev_portal}}. + +1. To automatically create developers and send them an email to create a password, send a `POST` request to the ` /portals/{portalId}/developers` endpoint: +{% capture create-dev %} + +{% konnect_api_request %} +url: /v3/portals/$DEV_PORTAL_ID/developers +method: POST +status_code: 201 +body: + full_name: "Raina Sovani" + email: "raina.sovani@example.com" + status: "approved" + send_notification_email: true +{% endkonnect_api_request %} + +{% endcapture %} +{{create-dev | indent: 3}} + +1. Copy and export the developer ID: + ```sh + export DEVELOPER_ID='YOUR DEVELOPER ID' + ``` + +1. Add the developer to an existing team that has the correct roles for the APIs they need access to by sending a `POST` request to the [`/portals/{portalId}/teams/{teamId}/developers` endpoint](/api/konnect/portal-management/v3/#/operations/add-developer-to-portal-team): +{% capture add-dev-to-team %} + +{% konnect_api_request %} +url: /v3/portals/$DEV_PORTAL_ID/teams/$TEAM_ID/developers +method: POST +status_code: 201 +body: + id: "$DEVELOPER_ID" +{% endkonnect_api_request %} + +{% endcapture %} +{{add-dev-to-team | indent: 3}} + +{:.warning} +> **Logging in to {{site.dev_portal}}s:** +> * **SSO:** If a developer is created in a {{site.dev_portal}} with SSO configured, they must be able to use SSO to login if their email address is configured in the identity provider. +> After they log in, they will automatically approved. +> * **Basic auth:** If a developer is created in a {{site.dev_portal}} with basic auth configured, they must be able to set their password. This can be done one of two ways: +> * `send_notification_email: true`: Developers can use the link in the email to set their password. +> * Developers can click **Forgot password** in the {{site.dev_portal}} UI to set a password, regardless of whether `send_notification_email` is `true` or `false`, diff --git a/app/_landing_pages/dev-portal/self-service.yaml b/app/_landing_pages/dev-portal/self-service.yaml index 6477ab57b5..856c1309f9 100644 --- a/app/_landing_pages/dev-portal/self-service.yaml +++ b/app/_landing_pages/dev-portal/self-service.yaml @@ -9,6 +9,8 @@ metadata: - authentication breadcrumbs: - /dev-portal/ + works_on: + - konnect rows: @@ -191,6 +193,26 @@ rows: Applications and API keys are specific to a [geographic region](/konnect-platform/geos/). When you enable application registration by selecting an authentication strategy during publication, the resulting applications and API keys are tied to the developers and traffic in that region. + - columns: + - blocks: + - type: structured_text + config: + header: + text: "Automate developer creation" + blocks: + - type: text + text: | + {% include dev-portal/create-dev-api.md %} + + - blocks: + - type: structured_text + config: + header: + text: "Automate app creation" + blocks: + - type: text + text: | + {% include dev-portal/create-app-api.md %} - header: type: h3 text: "Share applications with a team"