Merge pull request #1741 from rajithacharith/dev

Add API Keys for Dev Portal

Author: rajithacharith

en/docs/consuming-services/consuming-a-service-apikey.md

@@ -0,0 +1,82 @@
+# Consume an API Key Secured Service
+
+## Overview
+
+Choreo is a powerful platform that enables developers to create, deploy, and consume services efficiently. The Choreo Developer Portal simplifies API discovery and usage, allowing developers to integrate APIs seamlessly into their applications.
+
+This guide is intended for application developers (both internal and external) who wish to consume APIs published in the Developer Portal to build their applications. You will learn how to:
+
+- Discover APIs
+- Create an application and generate credentials
+- Subscribe to an API
+- Consume a published REST API via a web application
+
+---
+
+## Prerequisites
+
+Before proceeding, ensure you have access to a published service to consume. If you do not have one, follow the [Develop a Service](../develop-components/develop-services/develop-a-service.md) guide to create and deploy a sample REST API.
+
+---
+
+## Discover APIs
+
+In the Choreo Developer Portal, developers can search for APIs by name. APIs and services created and published through the Choreo Console are visible in the Developer Portal based on their visibility settings:
+
+- **Public**: Visible to all users in the Developer Portal.
+- **Private**: Accessible only to signed-in users.
+- **Restricted**: Available to users with specific roles, enabling granular access control.
+
+For more details, refer to [Control API Visibility](../api-management/control-api-visibility.md).
+
+### Viewing Available APIs
+
+The Developer Portal lists APIs categorized by their major versions. The API overview page displays:
+
+- Subscribed versions of the API
+- Subscription details (e.g., application name and creation date)
+
+![Developer Portal APIs](../assets/img/consume/developer-portal-apis.png)
+
+### Selecting the Correct API Version
+
+> **Tip:** It is recommended to use the latest version of an API. Copy the **Endpoint(s)** from the API overview page and integrate it into your client application to ensure compatibility with the most recent updates.
+
+---
+
+## Creating an API Key
+
+To consume an API secured with an API Key, an API Key is required. To obtain an API Key, an application must first be created in the Choreo Developer Portal. This application represents a physical entity (such as a mobile app, web app, or device) and serves as the means to subscribe to APIs under a defined usage policy. The API Key is associated with a specific application, and an application can be created during the API Key generation process if needed.
+
+---
+
+### Steps to Create an API Key
+
+1. Navigate to the [Choreo Developer Portal](https://devportal.choreo.dev) and sign in.
+2. Click on **APIs** in the Developer Portal header.
+3. Select the desired API that requires an API Key for access.
+4. This will take you to the API overview page, where you can manage credentials.
+
+#### Generating Environment-Specific API Keys.
+
+Choreo allows you to generate API keys for production and non-production environments.
+
+!!! note
+    Access to production endpoints may be restricted based on your user role. Ensure you have the required permissions before generating production keys.
+
+Follow these steps to generate an API Key:
+
+1. In the left navigation menu, select the desired environment under **Credentials**. The **API Keys** pane for the chosen environment will open.
+2. If any API keys already exist, they will be listed here.
+3. Click **Generate API Key** and configure the following options:
+    - **Key Name**: Provide a suitable name for the API key.
+    - **Environment**: Choose an environment (if multiple environments are configured for the API).
+    - **Application**: Select an existing application or create a new one.
+    - **Subscription Policy**: Choose an appropriate subscription policy.
+4. Click **Generate**. The newly created API Key will be displayed.
+
+
+!!! note
+    If the selected application is already subscribed to the chosen API, the subscription selection step will be skipped.
+
+Use this API Key to authenticate API requests by including it in the `api-key` header when invoking the API.

en/docs/consuming-services/consuming-a-sevice.md

@@ -42,129 +42,30 @@ The API overview page displays subscribed versions of the API along with subscri
 
 {% include "create-a-subscription.md" %}
 
-## Consume the API via your web application
+## Consume an API
 
-To securely invoke the API/service, you need to use your Identity Provider (IdP). Follow these steps:
+You can generate a token to invoke the API.
 
-1. Create a web application in Choreo.
-2. Create an OAuth application in the IdP.
-3. Configure the web application to authenticate API/service invocations using the IdP.
-4. Deploy the web application.
+1. If the API is secured by [OAuth2](https://wso2.com/choreo/docs/consuming-services/generate-an-access-token).
+2. If the API is secured by [API key](https://wso2.com/choreo/docs/consuming-services/manage-api-keys)
 
-For this guide, you’ll use:
-- **WSO2 Asgardeo** as the IdP.
-- **[choreo-samples/reading-list-app/reading-list-front-end](https://github.com/wso2/choreo-samples/tree/main/reading-list-app/reading-list-front-end)** as the web application. This is a React SPA that uses Axios to invoke the service. It is configured to work with the **[choreo-samples/reading-list-app/reading-list-service](https://github.com/wso2/choreo-samples/tree/main/reading-list-app/reading-list-service)**. You can modify this web application to work with your service or deploy the sample service in Choreo.
+You can use the generated token to invoke the API
 
-### Step 1: Create a web application component
+=== "Access OAuth2 secured API"
 
-!!! info
-    You can use your own web application instead of the sample. For this guide, you’ll use the [choreo-samples/reading-list-app/reading-list-front-end](https://github.com/wso2/choreo-samples/tree/main/reading-list-app/reading-list-front-end).
+    Use the access token as the Bearer token in the Authorization header.
 
-To host the front-end application in Choreo, create a web application component:
-
-1. In the Choreo Console, select the project for the reading list application from the project list in the header.
-2. Click **Create** under the **Component Listing** section.
-3. On the **Web Application** card, click **Create**.
-4. Enter the following details:
-
-    | **Field**       | **Value**               |
-    |-----------------|-------------------------|
-    | **Name**        | `Reading List Web App`  |
-    | **Description** | `Frontend application for the reading list service` |
-
-5. Click **Next**.
-6. Click **Authorize with GitHub** to connect Choreo to your GitHub account.
-7. In the **Connect Repository** pane, enter the following:
-
-    | **Field**             | **Value**                               |
-    |-----------------------|-----------------------------------------|
-    | **GitHub Account**    | Your account                            |
-    | **GitHub Repository** | **`choreo-samples`**                    |
-    | **Branch**            | **`main`**                              |
-    | **Buildpack**         | **React** (since it’s a React app built with Vite) |
-    | **Build Context Path**| **`reading-list-app/reading-list-front-end`** |
-    | **Build Command**     | **`npm install && npm run build`**      |
-    | **Build Output**      | **`dist`**                              |
-    | **Node Version**      | **`18`**                                |
-
-8. Click **Create**. This initializes the service with the GitHub repository and takes you to the **Overview** page.
-
-### Step 2: Create an OAuth application in the IdP
-
-To invoke the API/service, you need an access token. Create an OAuth application in the IdP (for example, Asgardeo) with the following settings:
-
-- **Allowed grant types**: Code
-- **Public client**: Enable this option.
-- **Authorized redirect URLs**: Add the web app URL.
-- **Allowed origins**: Add the same URLs as authorized redirect URLs.
-- **Access Token**: Set to JWT.
-
-Choreo uses Asgardeo as the default IdP. When you create an application in the Choreo Developer Portal, it automatically creates a corresponding application in Asgardeo. Follow these steps to configure the Asgardeo OAuth application:
-
-1. Sign in to [Asgardeo](https://console.asgardeo.io/) using the same credentials as Choreo.
-2. Ensure you’re in the same organization used in the Choreo Developer Portal.
-3. In the Asgardeo Console, click **Applications** in the left navigation. You’ll see the **readingListApp** created by Choreo.
-4. Click the edit icon to edit the application.
-5. Go to the **Protocol** tab and make the following changes:
-    1. Under **Allowed grant types**, select **Code**.
-    2. Select the **Public client** checkbox.
-    3. In **Authorized redirect URLs**, enter the web app URL and click **+** to add it.
-    4. In **Allowed origins**, add the same URLs.
-    5. Under **Access Token**, select **JWT** as the token type.
-    6. Click **Update**.
-
-### Step 3: Configure the web application to connect to the IdP and invoke the service
-
-Update the web app configurations to invoke the **Reading List Service** REST API. These configurations are environment-specific. For this guide, we’ll configure the development environment.
-
-!!! note
-    The web app reads environment-specific configurations from the `window` object at runtime via the `config.js` file. You’ll mount this file for the development environment. Repeat this process for other environments as needed.
-
-To configure the front-end application:
-
-1. On the web application component page, click **DevOps** in the left menu, then click **Configs and Secrets**.
-2. Click **+ Create**.
-3. Select the following options and click **Next**:
-
-    | **Field**             | **Value**                               |
-    |-----------------------|-----------------------------------------|
-    | **Config Type**       | **Config Map**                          |
-    | **Mount Type**        | **File Mount**                          |
-
-4. Specify the following values:
-
-    | **Field**             | **Value**                               |
-    |-----------------------|-----------------------------------------|
-    | **Config Name**       | **Web App Config**                      |
-    | **Mount Path**        | **/usr/share/nginx/html/config.js**     |
-
-5. Copy the following JSON configuration into the text area. Replace the placeholders with the values from earlier steps:
-
-    ```javascript
-    window.config = {
-        redirectUrl: "<web-app-url>",
-        asgardeoClientId: "<asgardeo-client-id>",
-        asgardeoBaseUrl: "https://api.asgardeo.io/t/<your-org-name>",
-        choreoApiUrl: "<reading-list-service-url>"
-    };
+    Example:
+    ```bash
+    curl -H "Authorization: Bearer <YOUR_ACCESS_TOKEN>" -X GET "https://my-sample-api.choreoapis.dev/greet"  
     ```
 
-    | **Field**             | **Description**                               |
-    |-----------------------|-----------------------------------------------|
-    | **redirectUrl**       | The web app URL you copied earlier.           |
-    | **asgardeoClientId**  | The **Client ID** from the Asgardeo application. |
-    | **asgardeoBaseUrl**   | The IdP API URL with your organization name (e.g., `https://api.asgardeo.io/t/<ORG_NAME>`). |
-    | **choreoApiUrl**      | The **Reading List Service** URL from the endpoint table in the overview page. |
-
-6. Click **Create**.
 
-### Step 4: Deploy the web application
+=== "Access API key secured API"
 
-To deploy the web application:
+    Use the API key as the api-key header value in the request.
 
-1. In the left menu, click **Deploy**.
-2. In the **Build Area** card, click **Deploy Manually**. Deployment may take a few minutes.
-3. Once deployed, copy the **Web App URL** from the development environment card.
-4. Navigate to the web app URL to verify it’s successfully hosted.
-
-That’s it! You can now use a user from your IdP to sign in and invoke the service through your web application.
+    Example:
+    ```bash
+    curl -H "api-key: <YOUR_API_KEY>" -X GET "https://my-sample-api.choreoapis.dev/greet"
+    ```

en/docs/consuming-services/manage-api-keys.md

@@ -0,0 +1,22 @@
+# Manage API Keys
+
+To consume a published API secured with an API Key, you must generate an API Key specifically for that API. This API Key serves as a unique identifier, allowing authorized access while ensuring security and control over API consumption.
+
+Once created, API Keys can be managed through two locations within the Choreo Developer Portal:
+
+- **Credentials section of the API**: This section provides an overview of all API Keys associated with the specific API, enabling API owners to monitor and manage access.
+- **Credentials section of the Application**: This section allows application owners to view and manage all API Keys linked to their application, ensuring they have control over API subscriptions and access.
+
+From these sections, you can perform various API Key management actions, such as regenerating and deleting.
+
+
+## API Key Regeneration
+
+API Key regeneration allows you to obtain a new secret key for an existing API Key while ensuring minimal disruption to service. When an API Key is regenerated, a new secret key is generated, and the existing key remains valid for a grace period of one hour before being revoked. This ensures that applications have sufficient time to update their credentials without experiencing service interruptions.
+
+!!! warning
+    Ensure that all applications using the existing API Key are updated with the newly generated key within the grace period to prevent any disruptions in API invocations.
+
+## API Key Deletion
+
+API Keys can be deleted when they are no longer needed. Deleting an API Key immediately revokes its access, preventing further use of the key for API invocations. This action is irreversible and should be performed with caution, as any application relying on the deleted API Key will lose access to the API immediately.