Manage API Consumer organizations

Last updated: 5 minutes read.

Tyk Enterprise Developer Portal

If you are interested in getting access contact us at [email protected]

Introduction

Quite often, API Providers have to provide API Products to other companies. In fact, 90% of our customers say that their primary audience is other companies. In this case, they are dealing with not just individual developers but with teams of developers. Unlike individual developers, companies require more sophisticated machinery to access API credentials:

  • Usually, a company is represented by a team of developers, not just an individual. Communication between API Providers and API Consumers mustn’t rely on a single individual that may leave a company or be fired;
  • API Consumers need to share access credentials securely within their team. Without that capability, they have to share credentials with internal communication tools, which is a horrible practice. Credentials may be stolen, exposed to an incorrect audience, or not appropriately updated;
  • Those teams have an internal hierarchy: some users have admin responsibilities with broader permissions, while other teammates’ permissions are restricted to only accessing API Credentials;
  • API Consumers should be able to maintain their teams by themselves: invite new members or remove ones that left the team.

So, simply put, there are two main challenges that the new API Consumer organization management capability solves:

  • How to share securely share access credentials between team members;
  • How to manage user permissions on the API consumer side.

Prerequisites

Before starting, you need to set up an email server because it’s used to send invitations to API Consumer team members. Please refer to the email notifications documentation to set up the email server.

Please refer to the email notification section for further instructions for setting up the email server.

Admin settings and governance

You can control if API Consumers can register an organization and if such registration requires approval from the portal admins. To enable API Consumer organization registration, navigate to the Settings/General menu and scroll to the API Consumer access section. In that section, there are two settings that control API Consumer registration:

  • Enable API consumers to register organizations: when this setting is enabled, API Consumers can register organizations, and the respective button appears in the navigation menu;
  • Auto-approve API consumers registering organization: When this setting is enabled, no approval is required from the portal admins for an API Consumer to register an organization. If this setting is disabled, API Consumer can register organizations, but they won’t be able to invite team members.


This is how it looks in the portal’s UI:

Organization registration settings


To proceed with the following steps, enable the Enable API consumers setting to register organizations.

Step 1: Request org registration

Register a developer account or use an existing one and log in to the developer portal as a developer. To start the organization registration flow, click on the Create an organization button in the top right corner of the screen.

Become an organization button



You will be navigated to the screen where you can specify the name of your future organization.

Specify name of the organization



If the Auto-approve API consumers registering organization setting is enabled, the new organization will instantly be provisioned.

Organization registration is approved



Otherwise, the developer will have to wait for approval from admin users.

Organization registration is pending

Step 2: Approve or reject organization registration requests

If the Auto-approve API consumers registering organization setting is disabled and the email settings are configured correctly, the admin users will be notified about the new organization registration request via email.

New organization registration request notification



If the Auto-approve API consumers registering organization setting is disabled, the new API Consumer organizations won’t be immediately provisioned. As an admin user, you can approve or reject organization registration requests from the Organization menu.

New organization registration request view

When admin users approve or reject organization registration requests, the respective email notification is sent to API Consumers.

Notification when organization request is approved:

Organization registration request is approved



Notification when organization request is rejected:

Organization registration request is rejected



Both emails are customizable. Refer to the email customization documentation for further information on the email customization.

Step 3: Invite or remove teammates

Once admin users approve the organization registration request, API Consumers can invite teammates. As an API Consumer, navigate to the Dashboard to invite new teammates.

Navigate to the dashboard



Then select the Users tab in the side menu.

Navigate to the Users tab



You can add a new team member to your API Consumer organization in the Users tab. To invite a new team member, specify their first and last name, email address, and role.

Invite new team member



There are two possible roles for API Consumers:

  • Super admin;
  • Team member.

The difference between these two roles is that the Super admins can invite or remove users from their organization and manage applications, while the Team members can only manage applications.



Once the invitation is sent, the invited team member should receive the following email:

Invite new team member email



The invited team member can use the link from the email to register in the portal and join the organization.

Invite new team member email

Step 4: Manage API Consumers’ role

API Consumer Super admins can manage users in their organizations. To do so, navigate to the Users menu in the Dashboard and select a user to edit.

Edit API Consumer profile



As a Super admin, you can change users’ first and last names and roles. The changes will take effect immediately.

Manage API Consumer profile

Step 5: Sharing assets between teammates

Now, when any team member creates an application, all other team members can access it and use the credentials.

Share credentials between API Consumers