Configuring and Securing the APIM Developer Portal

Configuring and Securing the APIM Developer Portal

June 10, 2025 API Management

In APIM, the goal is to provide your users with a set of APIs that abstract the complexities of retrieving data from your main APIs. Perhaps you have some security constraints you don’t want people to use and would rather embed them into your policies, or you want to control how often people can access your APIs or maybe you simply want to combine message results to your users.

Whichever the case, APIM is a great choice to simplify your life and lessen your workload.

As part of lessening this workload, you don’t want to be on service calls, telling users which API does what and how to use it. To accomplish this goal, you can use the APIM Developer Portal to shrink your workload and offer self-service tools to your users.

Setting up the Portal

If you have not already set up the portal, you will be greeted with a screen like this when you go to Portal Overview. Click on the “Developer Portal” to open the link to your portal and publish it for the first time.

Once there, without changing anything, click on “Publish Site.”

You’ll now see under revisions that our Portal has been published.

Accessing the Portal

To access the Portal, click on the “Developer Portal” button again and you will be taken to an “editing” view of your site. You can view it in the context of a user OR you can copy the URL and go to another browser window to see the user experience.

In an “incognito” view, I don’t have access to anything, so I am going to sign up using the native authentication. You can switch this authentication to integrate with Active Directory/Entra, which works great, however, I have seen issues when your email is also the email of the Administrator – APIM doesn’t like this. If you’re an Administrator of your APIM Portal, I would suggest using a different email.

You can start the signup process by clicking Sign Up ” in the top-right corner.

If everything goes smoothly, you should receive a nice introductory email with details on completing your signup (without the horrible red scratch marks below).

Securing API Access

After logging in, you’ll notice that I only see the default Echo API and none of my other APIs.

The reason for this is twofold;

My user is automatically added to a list called Developers who have access to the “Starter and Unlimited” products.

    And also, both those products are published. You can use APIs as part of a product in an unpublished state, but it will only appear in your API list when they are marked as published. Unpublishing the APIs are disassociating my user from the Developers group will result in them having no APIs available to view.

    Creating a Custom Group

    The Administrators and Developers are built-in groups that cannot be modified. Users by default are added to the Developer group, so if you want to lock down access to your APIs further, you should consider creating a custom group to provide access to. To do this, you can navigate to the Groups menu under the Developer Portal and create your own group, adding your user to it.

    Once complete, I can update my Starter product to ensure only users of that group have access to this product and mark it as published once again.

    And when complete, I am back in business with being able to see my API again, this time in a more secure fashion.

    Copyright © 2025 BetaRover Inc