Solo.io

Solo.io Gloo Portal Server API

The Gloo Platform Portal Server API provides REST endpoints to manage user access to the developer portal and API resources. It enables developers to discover available APIs, view API schemas and documentation, manage API keys, and review usage plans for the Gloo developer portal.

GitHub OpenAPI

Documentation

📖
Documentation
https://docs.solo.io/gloo-mesh-gateway/latest/portal/openapi/

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/solo-io/refs/heads/main/openapi/solo-io-gloo-portal-server-api-openapi.yml

Examples

📝
Example
https://raw.githubusercontent.com/api-evangelist/solo-io/refs/heads/main/examples/gloo-portal-list-apis-example.json
📝
Example
https://raw.githubusercontent.com/api-evangelist/solo-io/refs/heads/main/examples/gloo-portal-create-api-key-example.json

Schemas & Data

📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/solo-io/refs/heads/main/json-schema/user.json
📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/solo-io/refs/heads/main/json-schema/api-product.json
📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/solo-io/refs/heads/main/json-schema/api-version.json
📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/solo-io/refs/heads/main/json-schema/usage-plan.json
📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/solo-io/refs/heads/main/json-schema/api-key.json
📊
JSONStructure
https://raw.githubusercontent.com/api-evangelist/solo-io/refs/heads/main/json-structure/gloo-portal-structure.json

Other Resources

🔗
JSONLD
https://raw.githubusercontent.com/api-evangelist/solo-io/refs/heads/main/json-ld/solo-io-context.jsonld
🔗
SpectralRules
https://raw.githubusercontent.com/api-evangelist/solo-io/refs/heads/main/rules/solo-io-rules.yml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/solo-io/refs/heads/main/capabilities/shared/gloo-portal.yaml

OpenAPI Specification

solo-io-gloo-portal-server-api-openapi.yml Raw ↑ 
openapi: 3.1.0
info:
  title: Solo.io Gloo Portal Server API
  description: >-
    The Gloo Platform Portal Server API provides REST endpoints to manage user
    access to both the developer portal and the API resources exposed by the
    portal. It enables developers to discover available APIs, view API schemas
    and documentation, manage API keys, and review usage plans. The portal
    server is deployed as part of the Gloo Mesh Gateway installation and serves
    as the backend for the Gloo developer portal experience.
  version: 1.0.0
  contact:
    name: Solo.io
    url: https://www.solo.io/
  license:
    name: Proprietary
    url: https://www.solo.io/
servers:
  - url: https://{portalHost}/v1
    description: Gloo Portal Server
    variables:
      portalHost:
        default: portal.example.com
        description: The hostname where the Gloo Portal server is deployed
paths:
  /me:
    get:
      operationId: getCurrentUser
      summary: Solo.io Get current user
      description: >-
        Looks up the user for the current session and returns user information
        if the user session exists and is not expired. Used to determine the
        identity and permissions of the currently authenticated user.
      tags:
        - Users
      security:
        - bearerAuth: []
      responses:
        '200':
          description: Successfully retrieved user information
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/User'
        '401':
          description: Unauthorized - user session is invalid or expired
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
    options:
      operationId: optionsCurrentUser
      summary: Solo.io CORS preflight for current user
      description: Handles CORS preflight requests for the current user endpoint.
      tags:
        - Users
      responses:
        '204':
          description: CORS preflight response
  /apis:
    get:
      operationId: listApis
      summary: Solo.io List available APIs
      description: >-
        Lists all APIs visible to the current user. Returns both public and
        private API products that the authenticated user has access to. Each
        API includes metadata such as name, version, description, and
        associated usage plans.
      tags: []
      security:
        - bearerAuth: []
        - {}
      parameters:
        - name: offset
          in: query
          description: Pagination offset for the list of APIs
          schema:
            type: integer
            default: 0
        - name: limit
          in: query
          description: Maximum number of APIs to return
          schema:
            type: integer
            default: 25
      responses:
        '200':
          description: Successfully retrieved list of APIs
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/ApiProduct'
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
  /apis/{apiId}:
    get:
      operationId: getApi
      summary: Solo.io Get API details
      description: >-
        Retrieves the details of a specific API product by its identifier.
        Returns metadata including the API name, version, description,
        available endpoints, and associated usage plans.
      tags: []
      security:
        - bearerAuth: []
        - {}
      parameters:
        - name: apiId
          in: path
          required: true
          description: Unique identifier of the API product
          schema:
            type: string
      responses:
        '200':
          description: Successfully retrieved API details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiProduct'
        '404':
          description: API not found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
  /apis/{apiId}/schema:
    get:
      operationId: getApiSchema
      summary: Solo.io Get API schema
      description: >-
        Gets the OpenAPI specification schema for a specific API. Returns the
        schema only if the API ID exists and, when authentication is enforced,
        only if the user has access to the API. The schema can be rendered in
        Swagger or Redocly format by the developer portal frontend.
      tags: []
      security:
        - bearerAuth: []
        - {}
      parameters:
        - name: apiId
          in: path
          required: true
          description: Unique identifier of the API product
          schema:
            type: string
      responses:
        '200':
          description: Successfully retrieved API schema
          content:
            application/json:
              schema:
                type: object
                description: The OpenAPI specification for the requested API
            application/x-yaml:
              schema:
                type: string
                description: The OpenAPI specification in YAML format
        '403':
          description: Forbidden - user does not have access to this API
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '404':
          description: API not found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
  /usage-plans:
    get:
      operationId: listUsagePlans
      summary: Solo.io List usage plans
      description: >-
        Lists all usage plans available to the current user. Usage plans define
        rate limiting policies, quotas, and access levels for API products.
        Developers can view available plans to understand the terms under which
        they can consume APIs.
      tags:
        - Usage Plans
      security:
        - bearerAuth: []
        - {}
      responses:
        '200':
          description: Successfully retrieved list of usage plans
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/UsagePlan'
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
  /api-keys:
    get:
      operationId: listApiKeys
      summary: Solo.io List API keys
      description: >-
        Lists all API keys belonging to the current user. API keys are used
        to authenticate requests to API products exposed through the Gloo
        developer portal.
      tags:
        - API Keys
      security:
        - bearerAuth: []
      responses:
        '200':
          description: Successfully retrieved list of API keys
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/ApiKey'
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
    post:
      operationId: createApiKey
      summary: Solo.io Create API key
      description: >-
        Creates a new API key for the current user. The API key can be
        associated with a specific usage plan and API product. The generated
        key value is returned only once in the response and should be stored
        securely by the developer.
      tags:
        - API Keys
      security:
        - bearerAuth: []
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateApiKeyRequest'
      responses:
        '201':
          description: Successfully created API key
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApiKeyWithSecret'
        '400':
          description: Bad request - invalid parameters
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
  /api-keys/{apiKeyId}:
    delete:
      operationId: deleteApiKey
      summary: Solo.io Delete API key
      description: >-
        Deletes a specific API key belonging to the current user. Once deleted,
        the API key can no longer be used to authenticate requests to API
        products.
      tags:
        - API Keys
      security:
        - bearerAuth: []
      parameters:
        - name: apiKeyId
          in: path
          required: true
          description: Unique identifier of the API key to delete
          schema:
            type: string
      responses:
        '204':
          description: Successfully deleted API key
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '404':
          description: API key not found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
  /login:
    get:
      operationId: login
      summary: Solo.io Login to developer portal
      description: >-
        Initiates the login flow for the developer portal. This endpoint is
        used as the callback path in the ExtAuthPolicy OIDC configuration.
        It redirects the user to the configured identity provider for
        authentication.
      tags:
        - Authentication
      responses:
        '302':
          description: Redirect to identity provider for authentication
          headers:
            Location:
              schema:
                type: string
              description: URL of the identity provider login page
  /logout:
    get:
      operationId: logout
      summary: Solo.io Logout from developer portal
      description: >-
        Logs out the current user from the developer portal by invalidating
        the current session.
      tags:
        - Authentication
      security:
        - bearerAuth: []
      responses:
        '302':
          description: Redirect after successful logout
          headers:
            Location:
              schema:
                type: string
              description: URL to redirect to after logout
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        OAuth 2.0 Bearer token obtained through the OIDC login flow
    apiKeyAuth:
      type: apiKey
      in: header
      name: api-key
      description: API key for accessing API products
  schemas:
    User:
      type: object
      properties:
        id:
          type: string
          description: Unique identifier for the user
        email:
          type: string
          format: email
          description: Email address of the user
        username:
          type: string
          description: Username of the user
        name:
          type: string
          description: Display name of the user
        groups:
          type: array
          items:
            type: string
          description: Groups the user belongs to
    ApiProduct:
      type: object
      properties:
        id:
          type: string
          description: Unique identifier for the API product
        name:
          type: string
          description: Name of the API product
        description:
          type: string
          description: Description of the API product
        version:
          type: string
          description: Version of the API product
        contact:
          type: string
          description: Contact information for the API product owner
        license:
          type: string
          description: License information for the API product
        termsOfService:
          type: string
          description: Terms of service URL
        usagePlans:
          type: array
          items:
            type: string
          description: List of usage plan IDs associated with this API product
        apiVersions:
          type: array
          items:
            $ref: '#/components/schemas/ApiVersion'
          description: Available versions of this API
        visibility:
          type: string
          enum:
            - public
            - private
          description: Visibility setting of the API product
    ApiVersion:
      type: object
      properties:
        id:
          type: string
          description: Unique identifier for the API version
        version:
          type: string
          description: Version string
        schemaType:
          type: string
          enum:
            - openapi
            - graphql
            - grpc
          description: Type of schema for this API version
    UsagePlan:
      type: object
      properties:
        id:
          type: string
          description: Unique identifier for the usage plan
        name:
          type: string
          description: Name of the usage plan
        description:
          type: string
          description: Description of the usage plan
        rateLimitPolicy:
          type: object
          properties:
            requestsPerUnit:
              type: integer
              description: Number of allowed requests per time unit
            unit:
              type: string
              enum:
                - SECOND
                - MINUTE
                - HOUR
                - DAY
              description: Time unit for rate limiting
          description: Rate limiting configuration for this plan
        apiProducts:
          type: array
          items:
            type: string
          description: List of API product IDs available under this plan
    ApiKey:
      type: object
      properties:
        id:
          type: string
          description: Unique identifier for the API key
        name:
          type: string
          description: Name or label for the API key
        apiProductId:
          type: string
          description: ID of the API product this key grants access to
        usagePlanId:
          type: string
          description: ID of the usage plan associated with this key
        createdAt:
          type: string
          format: date-time
          description: Timestamp when the API key was created
        metadata:
          type: object
          additionalProperties:
            type: string
          description: Additional metadata associated with the API key
    ApiKeyWithSecret:
      allOf:
        - $ref: '#/components/schemas/ApiKey'
        - type: object
          properties:
            apiKey:
              type: string
              description: >-
                The generated API key value. This is only returned once at
                creation time and cannot be retrieved again.
    CreateApiKeyRequest:
      type: object
      required:
        - name
        - usagePlanId
        - apiProductId
      properties:
        name:
          type: string
          description: Name or label for the API key
        usagePlanId:
          type: string
          description: ID of the usage plan to associate with the key
        apiProductId:
          type: string
          description: ID of the API product to grant access to
        metadata:
          type: object
          additionalProperties:
            type: string
          description: Additional metadata to associate with the API key
    Error:
      type: object
      properties:
        message:
          type: string
          description: Human-readable error message
        code:
          type: integer
          description: Error code
        status:
          type: string
          description: HTTP status text
tags:
  - name: API Keys
    description: API key lifecycle management
  - name: Authentication
    description: Login and logout operations for the developer portal
  - name: Usage Plans
    description: Usage plan discovery and selection
  - name: Users
    description: User profile and session management