Authentication Options of the API Portal

Portal Authentication


To let your developers log in to your API Portal, you can choose from the following means of authentication:

  • E-mail and password signup and login
  • ADFS 3.0 Federation using your own ADFS instance (SAML)
  • Github Social Login (OAuth 2.0)
  • Google Login (OAuth 2.0)
  • ... more to come

For e-mail and password log in, the portal supports reCAPTCHA to avoid robots signing up to your portal; additionally, you can configure the portal to validate email addresses.

Sending lost password reset requests is also supported; you only have to supply the API Portal with SMTP credentials.


API Authentication

Besides the portal authentication, your developers can register applications with the API Portal and subscribe to your APIs. You can choose to authenticate these applications using one of the following methods:

  • Static API Keys (using a header)
  • OAuth 2.0, including Client Credentials Flow, Authorization Code Flow, Implicit Flow and Resource Owner Password Grant

Credentials, i.e. API Keys or Client ID and Client Secret are generated for each application and per API subscription automatically, depending on how you choose to secure your API.

Need other means of authentication? Kong supports additional ones, such as JWT. File an issue on GitHub and tell us.


For more information, either see the documentation on GitHub or the use case descriptions on this microsite:

Back to top

© 2016-2017 Haufe-Lexware GmbH & Co. KG,,,,