`developerOnboarding`

Developer onboarding means allowing developers to register apps and manage credentials.

Options

Option	Type	Description
adapters	[Adapter]	REQUIRED. List of adapter configurations.

Adapter object

Choose the appropriate adapter object based on the type.

Apigee
Gravitee

Apigee adapter

Option	Type	Description
type	string	REQUIRED. Possible values: `APIGEE_X`, `APIGEE_EDGE`.
organizationName	string	REQUIRED. Name of the organization. Example: `apigee-eval-10`.
auth	Apigee Auth Object	REQUIRED. Authentication object for the Apigee management API.
ignoreApiProducts	[string]	List of API products to ignore. Ignored products are not displayed during app registration or credential management.
allowApiProductsOutsideCatalog	boolean	Allow developers to register apps with API products that are not in the catalog. Default value: `false`.
stage	string	Mark the current Apigee instance as production or non-production to mark them in the UI. Default value: `non-production`.
apiUrl	string	URL to send Apigee management console requests to, in case you wish to pass them through a proxy. Default value: `https://apigee.googleapis.com/v1`.

Apigee Auth Object

Choose your preferred method of authentication.

Service Account
OAuth proxy

Apigee Service Account Auth Object

Option	Type	Description
type	string	REQUIRED. Possible values: `SERVICE_ACCOUNT`
serviceAccountEmail	string	REQUIRED. Email associated with the service account that interacts with the Apigee management API. Example: `redocly@apigee-eval-10.iam.gserviceaccount.com`.
serviceAccountPrivateKey	string	REQUIRED. Private key for Apigee management API access. Use an environment variable and do NOT store your private key directly in the YAML configuration file. Example: `{{ process.env.DEMO_PRIVATE_KEY }}`.

Apigee OAuth Proxy Auth Object

This auth object requires you to have an OAuth2 proxy in front of the Apigee management API.

The auth proxy should implement OAuth2 client credentials flow. The Apigee adapter uses this token as the Authorization bearer token to access the Apigee management API. Additionally, the Apigee adapter sets the X-Api-Key header to the clientId value.

You need to implement a custom Apigee authorization proxy and configure apiUrl to point to it. This proxy should:

Validate the access token received from the OAuth2 proxy.
Validate if the specific API operation is allowed by your custom authorization logic. See the list of Apigee API operations used by the Redocly adapter.
Authorize the request with Apigee (for example using service account).
Forward request to the Apigee management API.

Option	Type	Description
type	string	REQUIRED. Possible values: `OAUTH2`
clientId	string	REQUIRED. Client ID for Apigee management API access. Use an environment variable and do NOT store your private key directly in the YAML configuration file. Example: `{{ process.env.DEMO_CLIENT_ID }}`.
clientSecret	string	REQUIRED. Client secret for Apigee management API access. Use an environment variable and do NOT store your private key directly in the YAML configuration file. Example: `{{ process.env.DEMO_CLIENT_SECRET }}`.
tokenEndpoint	string	REQUIRED. URL to send OAuth2 requests to. Example: `https://apigee-eval-10-demo.apigee.net/mgmt-proxy/token`.

Gravitee adapter

The Gravitee adapter uses the ID token of the user to authenticate with the Gravitee API. You need to configure Identity Provider in the Gravitee API Manager.

Contact team@redocly.com before using this adapter.

Option	Type	Description
type	string	REQUIRED. Possible values: `GRAVITEE`
apiBaseUrl	string	REQUIRED. Base URL of the Gravitee API. Example: `https://apim-dev.acme-inc.com`.
env	string	REQUIRED. Name of the environment. Default value: `DEFAULT`.
stage	string	Mark the current Gravitee instance as production or non-production to mark them in the UI. Default value: `non-production`.
allowApiProductsOutsideCatalog	boolean	Allow developers to register apps with API products that are not in the catalog. Default value: `false`.

Examples

The following is an example of a developer onboarding configuration with two gateways.

developerOnboarding:
  adapters:
    - type: APIGEE_X
      organizationName: apigee-eval-10
      ignoreApiProducts:
        - Infrastructure API
      auth:
        type: SERVICE_ACCOUNT
        serviceAccountEmail: redocly@apigee-eval-10.iam.gserviceaccount.com
        serviceAccountPrivateKey: '{{process.env.MAIN_PRIVATE_KEY}}'
      # apiUrl: https://apigee.googleapis.com/v1 # optional
    - type: APIGEE_X
      organizationName: apigee-eval-10-demo
      auth:
        type: OAUTH2
        clientId: '{{process.env.DEMO_CLIENT_ID}}'
        clientSecret: '{{process.env.DEMO_CLIENT_SECRET}}'
        tokenEndpoint: https://apigee-eval-10-demo.apigee.net/mgmt-proxy/token
      apiUrl: https://apigee-eval-10-demo.apigee.net/mgmt-proxy/

The following is an example of a developer onboarding configuration with one gateway.

developerOnboarding:
  adapters:
    - type: GRAVITEE
      apiBaseUrl: https://apim-dev.acme-inc.com

Resources

List of used Apigee API endpoints

developerOnboarding