User Management
API Owners
Introduction
API Owners are the administrators who configure and manage your Tyk Developer Portal. They control the entire API lifecycle - from defining Products and Plans to managing user access and monitoring usage. With their privileged access to the Admin Portal, API Owners play a crucial role in shaping your API program’s success. Unlike API Consumers who use your APIs, API Owners are responsible for curating the API experience. They make strategic decisions about which APIs to expose, how to package them, who can access them, and under what conditions. Effectively managing your API Owner users is essential for maintaining the security and integrity of your API program. Whether you’re setting up your Developer Portal for the first time or refining your administrative structure, understanding how to properly manage API Owners will help you create a secure, well-governed API program.API Owner Roles And Responsibilities
An API Owner’s responsibilities typically include:- API Product Management
- User Administration
- Portal Configuration
Creating An API Owner User
When the Developer Portal is first started, you will go through a bootstrapping process during which an initial API Owner user will be created. When the bootstrapped user logs into the Portal, they will reach the Admin Portal. They can create additional API Owners from the Settings > Admin Users screen:- Select Add new admin user
- Provide a first and last name for the new API Owner
- Provide a unique email address, which will be used when logging in
- Select Active to activate the user immediately
- Select User must change password at the next login to force the user to provide a new password when they access the Portal (recommended)
- Set an initial password for their first log in
- Select Save changes
For legacy reasons, the original bootstrapped user is labelled as having the super-admin role, whereas subsequent users have the provider-admin role. There is no difference in capability between these roles.
Logging In
If you are not using Single Sign On then to access the Developer Portal, simply navigate to the Portal UI in your browser and select the Log in button.
- Note that any Public Catalogs and Blogs will be available to you prior to logging in.
-
You will be taken to the log in page (
/auth/password/login) where you enter the email address and password registered for your account.If you are using Single Sign-On (SSO) then Tyk does not provide a log in page and you should create one.
Managing Users in the Admin Portal
In the Admin Portal, API Owners have visibility of and permission to manage all other user accounts created on the Developer Portal. There are two separate lists:- API Consumers > Users: API Consumer Admins and Team Members across all Organisations and Teams
- Settings > Admin users: API Owners
- create new user accounts
- edit existing user details
- reassign API Consumers to different Organisations and Teams
- approve/activate or deactivate users
- delete users
User Account Status
Users in the Developer Portal can have their accounts set to either active or inactive status. This status controls their ability to access the portal:- Active users can log in and access the Developer Portal
- Inactive users cannot log in, even with correct credentials
Activating or Deactivating User Accounts
API Owners can change a user’s active status at any time:- Navigate to the user’s profile in the Admin Portal:
- for API Consumers: API Consumers > Users
- for API Owners: Settings > Admin users
- Toggle the active checkbox to the required state
- Click Save Changes
- Changes take effect immediately - activated users can log in right away, while deactivated users will lose access
Automatically Approve User Registrations
For trusted environments such as internal developer programs, you can eliminate the manual approval process for self-registered users. When enabled, new API Consumer accounts will be automatically activated upon registration. To enable this feature:- Navigate to Settings > General in the Admin Portal
- Enable the Auto-approve API consumers registering to the portal option
- Select Save changes
Deleting Users
The API Owner can permanently remove a user from the Developer Portal as follows:- Navigate to the appropriate user list in the Admin Portal:
- for API Consumers: API Consumers > Users
- for API Owners: Settings > Admin users
- Use search to find the user you wish to view or manage (if required)
- Select Delete from the three dot menu
- Confirm the deletion
- All user data will be permanently removed
Security Implications
Given that all API Owners have full administrative access, it’s especially important to:- Limit API Owner Accounts: Only create API Owner accounts for users who genuinely need full administrative access
- Carefully Vet Administrators: Thoroughly verify the identity and trustworthiness of anyone granted API Owner status
- Regular Audits: Periodically review the list of API Owners to ensure it remains current and appropriate
- Prompt Removal: Immediately remove API Owner access when it’s no longer needed
Best Practices for API Owner Management
Since all API Owners have full access, consider these operational approaches:- Use External Identity Management: Implement SSO or other external identity solutions to control access
- Implement Procedural Controls: Create operational procedures and policies for administrative actions
- Maintain Documentation: Keep detailed records of who has API Owner access and why
- Regular Training: Ensure all API Owners understand the responsibility that comes with full access