Skip to content

Portal authorization

This tutorial explains how to set up and grant access to API Portals.


Introduction

In this tutorial, you will learn how to set up and grant user access to API Portals.

This tutorial assumes that you followed the tutorial about how to publish APIs from CRDs


1. User management

For this tutorial, you will add a new user called Kim Yeast and this user will be part of the user group support.

Head over to the dashboard overview and add the new user by selecting Create user.

Add new user

Add new user

Fill out the form, make sure to add the user to the group support and select Create

If the group does not exist, select Create new User Group and create the group.

Fill out the form

Create a new user

Copy the URL shown in the pop-up into your clipboard, open the URL in a new browser tab and fill in a secure password.

Set user password

Set user password

Check that the user is created and is assigned to the group support

Check user settings

Check user settings

2. Portal settings

After you validated that the user is created and assigned to the right group, head over to the Portal overview and select your API Portal which is assigned to the APIs.

Portal overview

Portal overview

Here you can see that the user group support has access to two APIs, the flight and the ticket API.

API access control overview

API access control overview

API Portal access policies are bind to the APIAccess CRD.

Once you created a user and assigned the user to a user group, you have to appoint the user group to an API.

For quick testing, you can do that through the UI by adjusting the label settings.

API label settings

API label settings

For production environments, it is recommended to assign labels via the APIAccess CRD. Adjustments done in the UI will be overwritten next time you redeploy the APIAccess CRD!


3. APIAccess

---
apiVersion: hub.traefik.io/v1alpha1
kind: APIAccess
metadata:
  name: custom-pick
spec:
  groups:
    - support
  apiSelector:
    matchExpressions:
      - key: area
        operator: In
        values:
          - flights
          - tickets

Summary

In this tutorial, you learned how to:

  • Add user and create groups
  • Add a user group to APIs (API access control)

What's next