top of page

Your developer portal serves a lot of different audiences.  One of the most important audiences is your organization’s partners.  Partners often need special access to your APIs that the general public or even internal users may not need.

Organizations can have a mix of internal, public, and partner APIs to manage.  We are going to look at the specific challenges and best practices for managing partner access to a mixture of public and private APIs.

Usage Scenario

For our purposes, a partner is any type of organization or group that has special access to APIs that are otherwise not exposed to anyone else.  Some common scenarios for this include:

  • Resellers: An external organization that leverages your APIs within their own white labeled offering. Resellers have typically gone through an approval process and have a contractual relationship with the organization that grants them special access.

  • Subsidiaries/contractors: Any external group that is performing work on your behalf that requires special access to your APIs.  For example, an outsourced development firm that your organization uses to augment its own teams.

  • External partners: An external organization that consumes or provides services to your organization and needs access to a special set of APIs that enable them to integrate their services with your own.  For example, a supplier or a distributor that needs to have direct API access to your internal inventory or order systems.

  • Internal product teams: A team or department that works on the implementation of specific products within your organization that also need special access to organizational-level APIs.  As an example, say the portal is managed by a large organization with multiple isolated product teams that operate independently.  Each of these product teams can be considered an internal partner in that they only allowed access to their product’s APIs and organization-level global APIs, but not APIs of other products.

Generally, a partner is any business entity that requires special access to APIs that are not typically available to non-partner users.


User management

Partners come in all sizes, ranging from small one or two person teams to large organizations with potentially dozens or even hundreds of people needing access. In most cases, an organization wants to delegate the management of the partner’s team to one or two trusted administrators within that organization.  The ability to delegate management of your partner’s team members has many benefits including reducing portal management overhead and increasing portal security.  

Some key features for partners include:

  • Visibility into which of their members have access to the portal and what they are allowed to access.

  • Ability to easily and quickly add or remove employee access to the portal.

  • Granular permission controls to ensure that the partner employees only have access to the information they need.

Best practices

Grouping APIs into a package

Often there will be a large number of APIs that a given type of partner will need to access.  

Rather than individually assigning API access to the partner, group APIs into a few API Products, or group them into a single Access Group, that can be assigned to the Partner. This will simplify the management of access to those APIs. Controlling partner API access in Apiboost

Apiboost makes it easy to manage your partners’ access to APIs through its Access Groups feature.  Access Groups enable bundling related APIs into a single collection that is then used to grant users access.

The first step is to define an access group that contains all of the APIs that the partner should have access to.  This is done by simply creating an access group and selecting one or more APIs to include in the group.

The next step is to create one or more teams for your partner.  This allows you to define a partner administrator who will be responsible for managing the members of their partner team and their partner applications.  To do this, you’ll create a new team from the teams menu and enter one or more email addresses for the user(s) to make partner admins.

Finally, you grant the members of the partner team(s) access to their partner APIs.  This is accomplished via the access group created above.  When viewing the access group, you can grant access to the partner APIs to teams and/or individual developers.

This setup process can either be performed manually through the UI during the partner onboarding, automated as part of a CI/CD process, or automated with a custom integration with your CRM/SSO systems.


Your partners are critical to the success of your organization.  Your API portal must support your partners to ensure efficient integration and growth of your business.  Apiboost provides an enterprise developer portal experience optimized to support your partners.

Contact us today for a demo and a free trial of Apiboost.


Shawn Smiley

Shawn Smiley is the CTO at Achieve with a focus on architecting and building highly scalable, reliable, secure, and high-performance web applications on Drupal.

About the Author

Supporting Partners in your External Developer Portal

Your developer portal serves a lot of different audiences.  One of the most important audiences is your organization’s partners.

Published: Mar 20, 2024

3 min read

By: Shawn Smiley

Recent Posts

Reach out to our team today to learn more about how we can help you take your organization to the next level through impactful digital transformation initiatives and advanced API portals

Download Your Guide
bottom of page