|
| 1 | +--- |
| 2 | +title: "Consuming APIs Overview" |
| 3 | +description: "Understand the user hierarchy, roles, and lifecycle for API Consumers in the Tyk Developer Portal, from registration through to active API use." |
| 4 | +sidebarTitle: "Overview" |
| 5 | +keywords: "Developer Portal, API Consumer, Organisation, Team, Consumer Lifecycle, API Consumer Admin, Team Member, Live Portal" |
| 6 | +--- |
| 7 | + |
| 8 | +The Consuming APIs section covers everything an API Consumer needs to discover APIs, gain access, manage credentials, and integrate with services through the Tyk Developer Portal. |
| 9 | + |
| 10 | +## Your Interface as a Consumer |
| 11 | + |
| 12 | +The Developer Portal exposes two separate interfaces depending on your role: |
| 13 | + |
| 14 | +- The **Live Portal** is the public-facing website where API Consumers browse API Catalogs, request access to API Products, manage their credentials, and create Developer Apps. |
| 15 | +- The **Admin Portal** is the private management interface used by API Owners and Portal Admins to configure the portal, curate API Products, and manage access requests. |
| 16 | + |
| 17 | +API Consumers interact exclusively through the Live Portal. The Admin Portal is reserved for API Owners and Portal Admins and is not accessible to Consumers. |
| 18 | + |
| 19 | +For a full overview of all portal roles and concepts, see [Core Concepts](/portal/overview/concepts). |
| 20 | + |
| 21 | +{/* TODO: Screenshot — Live Portal home page showing the catalog listing view from a logged-in API Consumer's perspective, with the navigation menu visible */} |
| 22 | + |
| 23 | +## The Consumer Hierarchy |
| 24 | + |
| 25 | +API Consumers exist within a three-level hierarchy that controls what content they can see and what actions they can take. |
| 26 | + |
| 27 | +```mermaid |
| 28 | +graph TD |
| 29 | + A[Organisation] --> B[Team A] |
| 30 | + A --> C[Team B] |
| 31 | + B --> D[Team Member] |
| 32 | + B --> E[API Consumer Admin] |
| 33 | + C --> F[Team Member] |
| 34 | +``` |
| 35 | + |
| 36 | +Every API Consumer belongs to exactly one **Organisation**. Within that Organisation, they can be members of one or more **Teams**. The Teams a Consumer belongs to determine which API Catalogs and Products are visible to them in the Live Portal. |
| 37 | + |
| 38 | +### Organisations |
| 39 | + |
| 40 | +An Organisation represents a company or business unit that consumes your APIs. Organisations are created and managed by API Owners through the Admin Portal. |
| 41 | + |
| 42 | +Each portal deployment includes a **Default Organisation** that acts as a holding area for new users who have not yet been assigned to a custom Organisation. |
| 43 | + |
| 44 | +### Teams |
| 45 | + |
| 46 | +A Team is a group of users within an Organisation who share access to the same API Catalogs. Consumers can belong to multiple Teams within their Organisation, and each Team can have access to different Catalogs. |
| 47 | + |
| 48 | +Each Organisation includes a **Default Team**. Users who register without an invite code or explicit Team assignment are placed in the Default Team. |
| 49 | + |
| 50 | +<Note> |
| 51 | +The Live Portal only displays API Products and Catalogs that are visible to the Teams the logged-in Consumer belongs to. |
| 52 | +</Note> |
| 53 | + |
| 54 | +For details on creating and managing Organisations and Teams, see [Organisations and Teams](/tyk-stack/tyk-developer-portal/enterprise-developer-portal/managing-access/manage-api-consumer-organisations). |
| 55 | + |
| 56 | +## Consumer Roles |
| 57 | + |
| 58 | +There are two roles for API Consumers within the Developer Portal: |
| 59 | + |
| 60 | +### Team Member |
| 61 | + |
| 62 | +Team Members have standard access to discover and use APIs. They can: |
| 63 | + |
| 64 | +- Browse available API Catalogs and Products |
| 65 | +- Request access to API Products |
| 66 | +- Create and manage their own Developer Apps |
| 67 | +- View API documentation |
| 68 | +- Monitor their own API usage |
| 69 | + |
| 70 | +Most developers consuming your APIs will have the Team Member role. |
| 71 | + |
| 72 | +### API Consumer Admin |
| 73 | + |
| 74 | +API Consumer Admins have elevated privileges within their Organisation. In addition to all Team Member capabilities, they can: |
| 75 | + |
| 76 | +- Invite new users to their Organisation |
| 77 | +- Manage Team membership for users within their Organisation |
| 78 | +- View and manage shared Developer Apps created by other Organisation members |
| 79 | + |
| 80 | +This role is suited for team leads or primary contacts at partner organisations who need to manage their developer community. |
| 81 | + |
| 82 | +<Note> |
| 83 | +The Developer Portal UI displays this role as **Org Admin** in some screens. Both terms refer to the same role. |
| 84 | +</Note> |
| 85 | + |
| 86 | +**How roles are assigned:** |
| 87 | + |
| 88 | +- Users who self-register through the Live Portal receive the Team Member role by default. |
| 89 | +- Users who accept an admin invite, or who create a new Organisation during self-registration, receive the API Consumer Admin role. |
| 90 | +- SSO users are assigned roles based on their identity provider group mapping. See [Single Sign-On](/tyk-stack/tyk-developer-portal/enterprise-developer-portal/managing-access/enable-sso) for details. |
| 91 | + |
| 92 | +## Developer Apps and the Hierarchy |
| 93 | + |
| 94 | +A Developer App is a container that holds the credentials for accessing one or more API Products. Each App has a visibility setting that controls who within the Organisation can view it: |
| 95 | + |
| 96 | +| Visibility | Who can see the App | |
| 97 | +|---|---| |
| 98 | +| Personal | Only the creator | |
| 99 | +| Team | All members of the Teams the creator belongs to | |
| 100 | +| Organisation | All members of the creator's Organisation | |
| 101 | + |
| 102 | +API Consumer Admins can view all Apps within their Organisation regardless of the visibility setting. |
| 103 | + |
| 104 | +<Note> |
| 105 | +Users in the Default Organisation are restricted to Personal visibility for all Apps. Users who belong only to the Default Team of a custom Organisation can only set Personal or Organisation visibility. |
| 106 | +</Note> |
| 107 | + |
| 108 | +For full details on creating and managing Developer Apps, see [Developer Apps](/portal/developer-app). |
| 109 | + |
| 110 | +## The Consumer Lifecycle |
| 111 | + |
| 112 | +A typical API Consumer journey through the Developer Portal follows these stages: |
| 113 | + |
| 114 | +**Register or accept an invitation.** New Consumers create an account through the Live Portal registration page or accept an email invitation from an API Consumer Admin or Portal Admin. SSO users authenticate through their identity provider. |
| 115 | + |
| 116 | +**Join an Organisation and Team.** After registering, Consumers are placed into an Organisation and Team. This happens automatically when using an invite link or invite code. Consumers who self-register without an invite join the Default Organisation and Default Team until an API Consumer Admin reassigns them. |
| 117 | + |
| 118 | +**Browse available API Catalogs.** Once assigned to a Team, the Consumer can see all API Products and Catalogs accessible to that Team in the Live Portal. |
| 119 | + |
| 120 | +**Create a Developer App.** Before requesting access to an API Product, the Consumer creates a Developer App. The App serves as a container for the credentials associated with one or more API Products. |
| 121 | + |
| 122 | +**Request access to an API Product.** The Consumer selects an API Product and Plan, attaches their Developer App, and submits an access request. Depending on the Product's configuration, access is granted immediately (auto-approval) or after review by a Portal Admin. |
| 123 | + |
| 124 | +**Receive and use credentials.** Once access is approved, credentials such as API keys, OAuth tokens, or certificates are available in the Developer App. The Consumer uses these credentials to authenticate API calls. |
| 125 | + |
| 126 | +**Manage credentials over time.** Consumers can view, rotate, and revoke credentials directly from the Live Portal. They can also request access to additional Products or change Plans on existing credentials. |
| 127 | + |
| 128 | +For a step-by-step walkthrough of this process, see [Request Access to an API](/portal/request-access). |
| 129 | + |
| 130 | +## Browsing Without an Account |
| 131 | + |
| 132 | +An account is not required to browse **Public Catalogs**. Unauthenticated visitors can: |
| 133 | + |
| 134 | +- View API Product listings and descriptions |
| 135 | +- Read API documentation and OpenAPI specifications |
| 136 | +- Explore the API Playground (where enabled on the Product) |
| 137 | + |
| 138 | +An account is required to request access, create a Developer App, or retrieve credentials. When an unauthenticated visitor attempts these actions, the Live Portal redirects them to the login or registration page. |
| 139 | + |
| 140 | +Private Catalogs are not visible to unauthenticated visitors. |
| 141 | + |
| 142 | +## Single Sign-On |
| 143 | + |
| 144 | +If your organisation uses an identity provider such as Okta, Keycloak, or Azure AD, you may access the Developer Portal through a custom SSO login URL rather than the standard username and password form. Your identity provider group membership determines your Team assignment and role within the portal hierarchy automatically. |
| 145 | + |
| 146 | +For SSO configuration details, see [Single Sign-On](/tyk-stack/tyk-developer-portal/enterprise-developer-portal/managing-access/enable-sso). |
0 commit comments