Skip to content

feat(portal): Automate developer and app creation #4885

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
cloudjumpercat wants to merge 4 commits into
base: main
Choose a base branch
from
+116 −0
Draft

feat(portal): Automate developer and app creation #4885

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
6d7de55
Draft docs
cloudjumpercat Apr 16, 2026
8021ab5
Apply suggestions from code review
cloudjumpercat Apr 20, 2026
c3a3311
Apply feedback, add dcr use case note
cloudjumpercat Apr 20, 2026
4255f26
Changes from testing
cloudjumpercat Apr 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 44 additions & 0 deletions app/_includes/dev-portal/create-app-api.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
You can pre-create applications and application registrations on behalf of a developer or team using the {{site.konnect_short_name}} API.
Copy link
Copy Markdown
Contributor

@Nathanael-Shermett Nathanael-Shermett Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe steer this less towards "pre-creation" and more towards automation in general? I'd argue the automation benefits is the biggest value drop.


1. Create a developer application by sending a `POST` request to the `/portals/{portalId}/applications` endpoint:
{% capture create-application %}
<!--vale off-->
{% konnect_api_request %}
url: /v3/portals/$DEV_PORTAL_ID/applications
method: POST
status_code: 201
body:
name: "KongAir Application"
description: "A portal application provisioned for a developer by a Portal Admin."
auth_strategy_id: "$AUTH_STRATEGY_ID"
owner:
id: "$DEVELOPER_ID"
type: "developer"
Comment on lines +15 to +17
Copy link
Copy Markdown
Contributor

@Nathanael-Shermett Nathanael-Shermett Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We also support the ability to create applications with a team owner via "type": "team". Probably worth calling this out somewhere.

{% endkonnect_api_request %}
<!--vale on-->
{% endcapture %}
{{create-application | indent: 3}}

1. Copy and export the application ID:
```sh
export APPLICATION_ID='YOUR APPLICATION ID'
```

1. Create an application registration by sending a `POST` request to the `/portals/{portalId}/applications/{applicationId}/registrations` endpoint:
{% capture create-application-registration %}
<!--vale off-->
{% konnect_api_request %}
url: /v3/portals/$DEV_PORTAL_ID/applications/$APPLICATION_ID/registrations
method: POST
status_code: 201
body:
api_id: "$API_ID"
status: "approved"
{% endkonnect_api_request %}
<!--vale on-->
{% endcapture %}
{{create-application-registration | indent: 3}}

{:.warning}
> **DCR applications:**
> If the application will be using a DCR provider with the given auth strategy, the request must specify `dcr_client_id`.
Copy link
Copy Markdown
Contributor

@Mierenga Mierenga Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using dcr_client_id is actually a special case, even when using a DCR auth strategy. The 2 cases with DCR auth strategies are:

  1. (standard case) Customer wants a new DCR application to be created, where the IdP client will be created in the identity provider and assigned a client_id, which will be set as the client_id of the application and cannot be changed moving forward. Neither dcr_client_id or client_id should be specified in this case, and client_id will be present on the response. This is similar to the existing application creation behavior within the portal context: https://developer.konghq.com/api/konnect/dev-portal/v3/#/operations/create-application.
  2. (import case) Customer wants to create an application that is linked to an existing IdP client, but treated as a DCR application moving forward as if it was created via the DCR app creation process. This allows the customer to import existing IdP clients when onboarding their applications into Konnect. In this case dcr_client_id must be specified, and client_id will be present on the response. This is not possible in the existing application creation behavior within the portal context.

45 changes: 45 additions & 0 deletions app/_includes/dev-portal/create-dev-api.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
You can pre-create developer accounts to provision their team association and API access before they access the {{site.dev_portal}}.

1. To automatically create developers and send them an email to create a password, send a `POST` request to the ` /portals/{portalId}/developers` endpoint:
{% capture create-dev %}
<!--vale off-->
{% konnect_api_request %}
url: /v3/portals/$DEV_PORTAL_ID/developers
method: POST
status_code: 201
body:
full_name: "Raina Sovani"
email: "raina.sovani@example.com"
status: "approved"
send_notification_email: true
{% endkonnect_api_request %}
<!--vale on-->
{% endcapture %}
{{create-dev | indent: 3}}

1. Copy and export the developer ID:
```sh
export DEVELOPER_ID='YOUR DEVELOPER ID'
```

1. Add the developer to an existing team that has the correct roles for the APIs they need access to by sending a `POST` request to the [`/portals/{portalId}/teams/{teamId}/developers` endpoint](/api/konnect/portal-management/v3/#/operations/add-developer-to-portal-team):
{% capture add-dev-to-team %}
<!--vale off-->
{% konnect_api_request %}
url: /v3/portals/$DEV_PORTAL_ID/teams/$TEAM_ID/developers
method: POST
status_code: 201
body:
id: "$DEVELOPER_ID"
{% endkonnect_api_request %}
<!--vale on-->
{% endcapture %}
{{add-dev-to-team | indent: 3}}

{:.warning}
> **Logging in to {{site.dev_portal}}s:**
> * **SSO:** If a developer is created in a {{site.dev_portal}} with SSO configured, they must be able to use SSO to login if their email address is configured in the identity provider.
> After they log in, they will automatically approved.
> * **Basic auth:** If a developer is created in a {{site.dev_portal}} with basic auth configured, they must be able to set their password. This can be done one of two ways:
> * `send_notification_email: true`: Developers can use the link in the email to set their password.
> * `send_notification_email: true`: Developers can click **Forgot password** in the {{site.dev_portal}} UI to set a password.
Comment thread
cloudjumpercat marked this conversation as resolved.
Outdated
22 changes: 22 additions & 0 deletions app/_landing_pages/dev-portal/self-service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ metadata:
- authentication
breadcrumbs:
- /dev-portal/
works_on:
- konnect

rows:

Expand Down Expand Up @@ -191,6 +193,26 @@ rows:

Applications and API keys are specific to a [geographic region](/konnect-platform/geos/).
When you enable application registration by selecting an authentication strategy during publication, the resulting applications and API keys are tied to the developers and traffic in that region.
- columns:
- blocks:
- type: structured_text
config:
header:
text: "Automate developer creation"
blocks:
- type: text
text: |
{% include dev-portal/create-dev-api.md %}

- blocks:
- type: structured_text
config:
header:
text: "Automate app creation"
blocks:
- type: text
text: |
{% include dev-portal/create-app-api.md %}
- header:
type: h3
text: "Share applications with a team"
Expand Down
Loading