Configure the Developer Portal
After deploying the Developer Portal, configure portal settings from the Provider Portal to control access, authentication, and developer management.
Portal Settings
Portal settings are managed in the Provider Portal under each portal's Settings page. The settings are organized into the following sections.
Public Access
The Public Access toggle controls whether the Developer Portal is accessible to unauthenticated users:
- Enabled: Unauthenticated visitors can browse the API Hub and view public API products.
- Disabled: All visitors must authenticate before accessing any portal content.
Portal Tokens
Portal tokens authenticate the Developer Portal application with the Portal API. Each token has the prefix a7prt and can be configured with an expiration date.
| Operation | Description |
|---|---|
| Generate | Create a new token with a name and optional expiration date. The token value is shown only at creation time. |
| Rename | Update the display name of a token. |
| Regenerate | Generate a new token value, invalidating the previous one. Update the Developer Portal config.yaml with the new token and restart the application. |
| Delete | Remove a token. If the Developer Portal is using this token, it will lose connectivity to the Portal API. |
After regenerating or deleting a token, update the config.yaml on the Developer Portal host and restart the application. The portal will not function correctly without a valid token.
Built-in Authentication
The built-in authentication option controls email-and-password registration and login on the Developer Portal.
| Setting | Description |
|---|---|
| Enable self-registration | When enabled, developers can sign up directly on the Developer Portal. When disabled, developers can only be added through invitation or external identity providers. |
| Registration auto-approval | When enabled, new developer accounts are immediately active. When disabled, administrators must approve each registration in the Provider Portal. |
| Login with email | When enabled, developers can log in using their email address. |
The built-in authentication option can be enabled or disabled entirely. Disabling it removes the email/password login option from the Developer Portal. At least one login option (built-in or SSO) must remain enabled.
SSO (External Login Options)
You can configure external identity providers as additional login options for the Developer Portal. These are managed separately from the built-in authentication. See Configure SSO for the Developer Portal for detailed instructions.
SCIM Provisioning�
SCIM (System for Cross-domain Identity Management) enables automatic user synchronization from an external identity provider. When enabled, user accounts are automatically created, updated, and deactivated in the Developer Portal based on changes in the identity provider.
To enable SCIM:
- Navigate to the portal's Settings page.
- Enable SCIM Provisioning.
- Generate a SCIM token for configuring the identity provider.
- Configure the identity provider (such as Okta) with the SCIM endpoint URL and token.
For a complete Okta walkthrough, see Configure SCIM Provisioning for a Custom Developer Portal with Okta.
The SCIM endpoint follows the format:
https://<PORTAL_DOMAIN>/api/auth/scim/v2
Application Configuration
The following settings are configured in the Developer Portal's config.yaml file and require a restart to take effect.
Portal API Connection
portal:
url: https://<CONTROL_PLANE_HOST>:4321 # Portal API endpoint
token: a7prt-xxxxxxxxxxxx # Portal token from Provider Portal
Database
db:
url: "postgres://user:password@host:5432/dbname"
The Developer Portal uses a PostgreSQL-compatible database for storing user sessions, authentication data, and organization information.
Authentication Secret
auth:
secret: "<base64-encoded-secret>"
This secret is used to sign authentication sessions. Generate it with:
openssl rand -base64 32
Application URLs
app:
name: "My Developer Portal" # Displayed in browser title and header
desc: "API documentation portal" # Used for SEO meta description
baseURL: "https://portal.example.com"
trustedOrigins:
- "https://portal.example.com"
Environment Variable Substitution
Configuration values support environment variable substitution:
| Syntax | Behavior |
|---|---|
${VAR} | Required. Fails if the variable is not set. |
${VAR:default} | Optional. Uses the default value if the variable is not set. |
Example:
portal:
url: ${PORTAL_API_URL}
token: ${PORTAL_TOKEN}
auth:
secret: ${AUTH_SECRET}