API docs by Redocly

Konnect Application Auth Strategies (2.0.0)

Download OpenAPI specification:Download

URL: https://cloud.konghq.com

The API for Kong Konnect Portal Application Configuration

DCR Providers

Dynamic Client Registration Providers are configurations representing an external Identity Provider whose clients (i.e. Applications) Konnect will be authorized to manage. For instance, they will be able to perform dynamic client registration (DCR) with the provider. The DCR provider provides credentials to each DCR-enabled application in Konnect that can be used to access Product Versions that the app is registered for.

Create DCR provider

Creates a DCR provider.

Request Body schema: application/json
provider_type
required
string
required
object (DcrConfigAuth0InRequest)

Payload to create an Auth0 DCR provider.

name
required
string (DcrProviderName) [ 1 .. 256 ] characters

The name of the DCR provider. This is used to identify the DCR provider in the Konnect UI.

display_name
string (DcrProviderDisplayName) [ 1 .. 256 ] characters

The display name of the DCR provider. This is used to identify the DCR provider in the Portal UI.

issuer
required
string <url> <= 256 characters
object (Labels) <= 50 properties

Labels store metadata of an entity that can be used for filtering an entity list or for searching across entity types.

Keys must be of length 1-63 characters, and cannot start with "kong", "konnect", "mesh", "kic", or "_".

Responses

Request samples

Content type
application/json
Example
{}

Response samples

Content type
application/json
Example
{
  • "id": "93f8380e-7798-4566-99e3-2edf2b57d289",
  • "name": "DCR Okta 1 - Segment A",
  • "provider_type": "okta",
  • "issuer": "https://my-issuer.okta.com/default",
  • "active": true,
  • "dcr_config": { },
  • "created_at": "2023-01-01T00:00:00.000Z",
  • "updated_at": "2023-01-01T00:00:00.000Z"
}

List DCR Providers

Returns a paginated collection of DCR providers.

query Parameters
page[size]
integer
Example: page[size]=10

The maximum number of items to include per page. The last page of a collection may include fewer items.

page[number]
integer
Example: page[number]=1

Determines which page of the entities to retrieve.

sort
string

Sorts a collection of DCR Providers. Supported sort attributes are:

  • created_at
  • updated_at
  • provider_type
  • issuer
  • name
filter[id][eq]
string

filters DCR Providers by their id

filter[id]
string

filters DCR Providers by their id (alias for filter[id][eq])

filter[id][contains]
string

filters DCR Providers by their id with a supplied substring

filter[issuer][eq]
string

filters DCR Providers by their issuer

filter[issuer]
string

filters DCR Providers by their issuer (alias for filter[issuer][eq])

filter[issuer][contains]
string

filters DCR Providers by their issuer with a supplied substring

filter[name][eq]
string

filters DCR Providers by their name

filter[name]
string

filters DCR Providers by their name (alias for filter[name][eq])

filter[name][contains]
string

filters DCR Providers by their name with a supplied substring

filter[provider_type][eq]
string

filters DCR Providers by their provider type

filter[provider_type]
string

filters DCR Providers by their provider type (alias for filter[provider_type][eq])

filter[initial_client_id][eq]
string

filters DCR Providers by their initial client id

filter[initial_client_id]
string

filters DCR Providers by their initial client id (alias for filter[initial_client_id][eq])

filter[initial_client_id][contains]
string

filters DCR Providers by their initial client id with a supplied substring

filter[initial_client_audience][eq]
string

filters DCR Providers by their initial client audience

filter[initial_client_audience]
string

filters DCR Providers by their initial client audience (alias for filter[initial_client_audience][eq])

filter[initial_client_audience][contains]
string

filters DCR Providers by their initial client audience with a supplied substring

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Fetch DCR provider

Returns a DCR provider.

path Parameters
dcrProviderId
required
string <uuid> (UUID)
Example: 5f9fd312-a987-4628-b4c5-bb4f4fddd5f7

DCR provider identifier

Responses

Response samples

Content type
application/json
Example
{
  • "id": "93f8380e-7798-4566-99e3-2edf2b57d289",
  • "name": "DCR Auth0 1 - Segment A",
  • "display_name": "Auth0 DCR provider",
  • "provider_type": "auth0",
  • "issuer": "https://my-issuer.auth0.com/api/v2/",
  • "active": true,
  • "dcr_config": {},
  • "created_at": "2023-01-01T00:00:00.000Z",
  • "updated_at": "2023-01-01T00:00:00.000Z"
}

Update DCR provider

Updates a DCR provider.

path Parameters
dcrProviderId
required
string <uuid> (UUID)
Example: 5f9fd312-a987-4628-b4c5-bb4f4fddd5f7

DCR provider identifier

Request Body schema: application/json
name
string (DcrProviderName) [ 1 .. 256 ] characters

The name of the DCR provider. This is used to identify the DCR provider in the Konnect UI.

display_name
string (DcrProviderDisplayName) [ 1 .. 256 ] characters

The display name of the DCR provider. This is used to identify the DCR provider in the Portal UI.

issuer
string <url> <= 256 characters
object or null (LabelsUpdate) <= 50 properties

Labels store metadata of an entity that can be used for filtering an entity list or for searching across entity types.

Labels are intended to store INTERNAL metadata.

Keys must be of length 1-63 characters, and cannot start with "kong", "konnect", "mesh", "kic", or "_".

DcrConfigAuth0InRequest (object) or DcrConfigAzureAdInRequest (object) or DcrConfigCurityInRequest (object) or DcrConfigOktaInRequest (object) or CreateDcrConfigHttpInRequest (object)

Responses

Request samples

Content type
application/json
{}

Response samples

Content type
application/json
Example
{
  • "id": "93f8380e-7798-4566-99e3-2edf2b57d289",
  • "name": "DCR Auth0 1 - Segment A",
  • "display_name": "Auth0 DCR provider",
  • "provider_type": "auth0",
  • "issuer": "https://my-issuer.auth0.com/api/v2/",
  • "active": true,
  • "dcr_config": {},
  • "created_at": "2023-01-01T00:00:00.000Z",
  • "updated_at": "2023-01-01T00:00:00.000Z"
}

Delete DCR provider

Deletes a DCR provider.

path Parameters
dcrProviderId
required
string <uuid> (UUID)
Example: 5f9fd312-a987-4628-b4c5-bb4f4fddd5f7

DCR provider identifier

Responses

Response samples

Content type
application/problem+json
{
  • "status": 401,
  • "title": "Unauthorized",
  • "instance": "kong:trace:8347343766220159418",
  • "detail": "Unauthorized"
}

Verify DCR provider configuration.

Verifies if a DCR provider is configured properly. Returns 200 for success, 4xx for failure.

path Parameters
dcrProviderId
required
string <uuid> (UUID)
Example: 5f9fd312-a987-4628-b4c5-bb4f4fddd5f7

DCR provider identifier

Responses

Response samples

Content type
application/json
Example
{
  • "status": "success",
  • "errors": [ ]
}

App Auth Strategies

Application Auth Strategies are sets of plugin configurations that represent how the gateway will perform authentication and authorization for a Product Version. Called “Auth Strategy” for short in the context of portals/applications. The plugins are synced to any Gateway Service that is currently linked or becomes linked to the Product Version.

Create App Auth Strategy

Creates an application auth strategy.

Request Body schema: application/json
name
required
string (AuthStrategyName) [ 1 .. 256 ] characters

The name of the auth strategy. This is used to identify the auth strategy in the Konnect UI.

display_name
required
string (AuthStrategyDisplayName) <= 256 characters

The display name of the Auth strategy. This is used to identify the Auth strategy in the Portal UI.

strategy_type
required
string
required
object

JSON-B object containing the configuration for the Key Auth strategy

object (Labels) <= 50 properties

Labels store metadata of an entity that can be used for filtering an entity list or for searching across entity types.

Keys must be of length 1-63 characters, and cannot start with "kong", "konnect", "mesh", "kic", or "_".

Responses

Request samples

Content type
application/json
Example
{
  • "name": "auth strategy 1",
  • "display_name": "API Key Auth",
  • "strategy_type": "key_auth",
  • "configs": {
    }
}

Response samples

Content type
application/json
{
  • "id": "22f8380e-7798-4566-99e3-2edf2b57d289",
  • "name": "auth strategy 1",
  • "display_name": "Client Credentials",
  • "strategy_type": "openid_connect",
  • "active": false,
  • "configs": {},
  • "dcr_provider": {
    },
  • "labels": { },
  • "created_at": "2023-01-01T00:00:00.000Z",
  • "updated_at": "2023-01-01T00:00:00.000Z"
}

List App Auth Strategies

Returns a paginated collection of application auth strategies.

query Parameters
page[size]
integer
Example: page[size]=10

The maximum number of items to include per page. The last page of a collection may include fewer items.

page[number]
integer
Example: page[number]=1

Determines which page of the entities to retrieve.

sort
string

Sorts a collection of application auth strategies. Supported sort attributes are:

  • created_at
  • updated_at
  • strategy_type
  • name
  • display_name
  • dcr_provider_id
  • dcr_provider_name
  • dcr_provider_type
object

Filter application auth strategies returned in the response.

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Get App Auth Strategy

Returns an application auth strategy.

path Parameters
authStrategyId
required
string <uuid> (UUID)
Example: 5f9fd312-a987-4628-b4c5-bb4f4fddd5f7

Application auth strategy identifier

Responses

Response samples

Content type
application/json
{
  • "id": "22f8380e-7798-4566-99e3-2edf2b57d289",
  • "name": "auth strategy 1",
  • "display_name": "Client Credentials",
  • "strategy_type": "openid_connect",
  • "active": false,
  • "configs": {},
  • "dcr_provider": {
    },
  • "labels": { },
  • "created_at": "2023-01-01T00:00:00.000Z",
  • "updated_at": "2023-01-01T00:00:00.000Z"
}

Replace App Auth Strategy

Replaces an application auth strategy.

path Parameters
authStrategyId
required
string <uuid> (UUID)
Example: 5f9fd312-a987-4628-b4c5-bb4f4fddd5f7

Application auth strategy identifier

Request Body schema: application/json
name
required
string (AuthStrategyName) [ 1 .. 256 ] characters

The name of the auth strategy. This is used to identify the auth strategy in the Konnect UI.

display_name
required
string (AuthStrategyDisplayName) <= 256 characters

The display name of the Auth strategy. This is used to identify the Auth strategy in the Portal UI.

strategy_type
required
string
required
object

JSON-B object containing the configuration for the Key Auth strategy

object (Labels) <= 50 properties

Labels store metadata of an entity that can be used for filtering an entity list or for searching across entity types.

Keys must be of length 1-63 characters, and cannot start with "kong", "konnect", "mesh", "kic", or "_".

Responses

Request samples

Content type
application/json
Example
{
  • "name": "auth strategy 1",
  • "display_name": "API Key Auth",
  • "strategy_type": "key_auth",
  • "configs": {
    }
}

Response samples

Content type
application/json
{
  • "id": "22f8380e-7798-4566-99e3-2edf2b57d289",
  • "name": "auth strategy 1",
  • "display_name": "Client Credentials",
  • "strategy_type": "openid_connect",
  • "active": false,
  • "configs": {},
  • "dcr_provider": {
    },
  • "labels": { },
  • "created_at": "2023-01-01T00:00:00.000Z",
  • "updated_at": "2023-01-01T00:00:00.000Z"
}

Update App Auth Strategy

Updates an application auth strategy.

path Parameters
authStrategyId
required
string <uuid> (UUID)
Example: 5f9fd312-a987-4628-b4c5-bb4f4fddd5f7

Application auth strategy identifier

Request Body schema: application/json
name
string (AuthStrategyName) [ 1 .. 256 ] characters

The name of the auth strategy. This is used to identify the auth strategy in the Konnect UI.

display_name
string (AuthStrategyDisplayName) <= 256 characters

The display name of the Auth strategy. This is used to identify the Auth strategy in the Portal UI.

object or null (LabelsUpdate) <= 50 properties

Labels store metadata of an entity that can be used for filtering an entity list or for searching across entity types.

Labels are intended to store INTERNAL metadata.

Keys must be of length 1-63 characters, and cannot start with "kong", "konnect", "mesh", "kic", or "_".

dcr_provider_id
string or null <uuid>
object or object

JSON-B object containing the configuration for the OIDC strategy under the key 'openid-connect' or the configuration for the Key Auth strategy under the key 'key-auth'

Responses

Request samples

Content type
application/json
Example
{
  • "display_name": "API Key"
}

Response samples

Content type
application/json
{
  • "id": "22f8380e-7798-4566-99e3-2edf2b57d289",
  • "name": "auth strategy 1",
  • "display_name": "Client Credentials",
  • "strategy_type": "openid_connect",
  • "active": false,
  • "configs": {},
  • "dcr_provider": {
    },
  • "labels": { },
  • "created_at": "2023-01-01T00:00:00.000Z",
  • "updated_at": "2023-01-01T00:00:00.000Z"
}

Delete App Auth Strategy

Deletes an application auth strategy. An application auth strategy can be deleted ONLY if it's not used by any product version within any portal regardless of their publication statuses. If an application auth strategy is still in use the request will result in an HTTP 409 CONFLICT.

path Parameters
authStrategyId
required
string <uuid> (UUID)
Example: 5f9fd312-a987-4628-b4c5-bb4f4fddd5f7

Application auth strategy identifier

Responses

Response samples

Content type
application/problem+json
{
  • "status": 401,
  • "title": "Unauthorized",
  • "instance": "kong:trace:8347343766220159418",
  • "detail": "Unauthorized"
}