Last updated

developerOnboarding

Developer onboarding means allowing developers to register apps and manage credentials.

Options

OptionTypeDescription
adapters[Adapter]REQUIRED. List of adapter configurations.

Adapter object

Choose the appropriate adapter object based on the type.

Apigee adapter

OptionTypeDescription
typestringREQUIRED. Possible values: APIGEE_X, APIGEE_EDGE.
organizationNamestringREQUIRED. Name of the organization. Example: apigee-eval-10.
authApigee Auth ObjectREQUIRED. Authentication object for the Apigee management API.
ignoreApiProducts[string]List of API products to ignore. Ignored products are not displayed during app registration or credential management.
allowApiProductsOutsideCatalogbooleanAllow developers to register apps with API products that are not in the catalog. Default value: false.
stagestringMark the current Apigee instance as production or non-production to mark them in the UI. Default value: non-production.
apiUrlstringURL to send Apigee management console requests to, in case you wish to pass them through a proxy. Default value: https://apigee.googleapis.com/v1.

Apigee Auth Object

Choose your preferred method of authentication.

Apigee Service Account Auth Object

OptionTypeDescription
typestringREQUIRED. Possible values: SERVICE_ACCOUNT
serviceAccountEmailstringREQUIRED. Email associated with the service account that interacts with the Apigee management API. Example: redocly@apigee-eval-10.iam.gserviceaccount.com.
serviceAccountPrivateKeystringREQUIRED. Private key for Apigee management API access. Use an environment variable and do NOT store your private key directly in the YAML configuration file. Example: {{ process.env.DEMO_PRIVATE_KEY }}.

Apigee OAuth Proxy Auth Object

This auth object requires you to have an OAuth2 proxy in front of the Apigee management API.

The auth proxy should implement OAuth2 client credentials flow. The Apigee adapter uses this token as the Authorization bearer token to access the Apigee management API. Additionally, the Apigee adapter sets the X-Api-Key header to the clientId value.

You need to implement a custom Apigee authorization proxy and configure apiUrl to point to it. This proxy should:

  • Validate the access token received from the OAuth2 proxy.
  • Validate if the specific API operation is allowed by your custom authorization logic. See the list of Apigee API operations used by the Redocly adapter.
  • Authorize the request with Apigee (for example using service account).
  • Forward request to the Apigee management API.
OptionTypeDescription
typestringREQUIRED. Possible values: OAUTH2
clientIdstringREQUIRED. Client ID for Apigee management API access. Use an environment variable and do NOT store your private key directly in the YAML configuration file. Example: {{ process.env.DEMO_CLIENT_ID }}.
clientSecretstringREQUIRED. Client secret for Apigee management API access. Use an environment variable and do NOT store your private key directly in the YAML configuration file. Example: {{ process.env.DEMO_CLIENT_SECRET }}.
tokenEndpointstringREQUIRED. URL to send OAuth2 requests to. Example: https://apigee-eval-10-demo.apigee.net/mgmt-proxy/token.

Gravitee adapter

The Gravitee adapter uses the ID token of the user to authenticate with the Gravitee API. You need to configure Identity Provider in the Gravitee API Manager.

Contact team@redocly.com before using this adapter.

OptionTypeDescription
typestringREQUIRED. Possible values: GRAVITEE
apiBaseUrlstringREQUIRED. Base URL of the Gravitee API. Example: https://apim-dev.acme-inc.com.
envstringREQUIRED. Name of the environment. Default value: DEFAULT.
stagestringMark the current Gravitee instance as production or non-production to mark them in the UI. Default value: non-production.
allowApiProductsOutsideCatalogbooleanAllow developers to register apps with API products that are not in the catalog. Default value: false.

Examples

The following is an example of a developer onboarding configuration with two gateways.

developerOnboarding:
  adapters:
    - type: APIGEE_X
      organizationName: apigee-eval-10
      ignoreApiProducts:
        - Infrastructure API
      auth:
        type: SERVICE_ACCOUNT
        serviceAccountEmail: redocly@apigee-eval-10.iam.gserviceaccount.com
        serviceAccountPrivateKey: '{{process.env.MAIN_PRIVATE_KEY}}'
      # apiUrl: https://apigee.googleapis.com/v1 # optional
    - type: APIGEE_X
      organizationName: apigee-eval-10-demo
      auth:
        type: OAUTH2
        clientId: '{{process.env.DEMO_CLIENT_ID}}'
        clientSecret: '{{process.env.DEMO_CLIENT_SECRET}}'
        tokenEndpoint: https://apigee-eval-10-demo.apigee.net/mgmt-proxy/token
      apiUrl: https://apigee-eval-10-demo.apigee.net/mgmt-proxy/

The following is an example of a developer onboarding configuration with one gateway.

developerOnboarding:
  adapters:
    - type: GRAVITEE
      apiBaseUrl: https://apim-dev.acme-inc.com

Resources