What is restricted portal access in Apiable?

It puts the entire portal behind a single username and password at the edge, before the portal loads. Use it for a private or pre-launch portal you do not want publicly visible. It is separate from per-developer sign-in.

What MFA options does the API Portal support?

Three: ON requires multi-factor authentication for every developer, OPTIONAL lets each developer choose, and OFF disables it. You set the option in the security section and save the change.

Why are the MFA buttons locked with an updating message?

A change is being applied. The chosen state is saved as the desired state and the buttons stay locked until the live state matches it. Once the identity provider reflects the change, the control unlocks.

Is portal MFA the same as restricting portal access?

No. Restricted portal access password-protects the whole site at the edge. MFA adds a second authentication factor to each developer's own sign-in. You can use either, both, or neither.

Why is there no MFA section on my security page?

The MFA section appears only once your portal has an MFA configuration with a known current state. If it is missing, MFA is not yet set up for your portal. Contact Apiable to enable it.

API Portal

Portal security and MFA

Restrict access to your whole API Portal with password protection, and configure multi-factor authentication for developers as ON, OPTIONAL, or OFF. Covers how each setting is applied and what the pending state means.

Your API Portal has two separate access controls. Restricted portal access password-protects the entire site at the edge, before it loads. Multi-factor authentication adds a second factor to each developer's own sign-in. You set both in the dashboard under Settings, in the security section.

How do you password-protect the whole portal?

Open Settings in the dashboard, go to the security section, turn on restricted portal access, and choose Save changes. The portal then prompts every visitor for the username and password shown in that section before the portal loads.

Open Settings in the dashboard and go to the security section.
Turn on the restricted portal access toggle.
Note the username and password shown in the section. The password field has a show/hide control.
Choose Save changes.

Turning the toggle on adds the edge protection; turning it off removes it. The section reads the live state and reflects whether protection is currently active. Because the credential is shared across everyone who visits, restricted access is for a private or pre-launch portal, not for identifying individual developers.

What multi-factor options does the portal support?

The portal offers three MFA settings: ON, OPTIONAL, and OFF. You choose one in the security section and save it. The setting controls whether developers must, may, or cannot use a second authentication factor when they sign in.

Setting	What it means for developers
ON	Multi-factor authentication is required. Every developer must set up and use a second factor to sign in.
OPTIONAL	Each developer chooses whether to enable a second factor on their own account.
OFF	Multi-factor authentication is disabled for the portal.

The MFA section appears only when your portal has an MFA configuration with a known current state. If you do not see it, MFA is not yet set up for your portal, and you can ask Apiable to enable it.

How do you change the MFA setting?

Select ON, OPTIONAL, or OFF in the security section, then choose Save changes. Apiable records your choice as the desired state and applies it to the portal's identity provider. While the change is being applied, the control is locked and shows an updating message.

In the security section, select the MFA option you want.
Choose Save changes. The choice is saved as the desired state.
The buttons lock and an updating message appears while the change is applied.
When the live state matches your choice, the control unlocks and shows the new setting.

The portal keeps a current state and a desired state. The current state is reconciled from your portal's live identity provider, so the control always reflects what is actually in force, not just what was requested.

Troubleshooting

Match what you see to the fix.

What you see	What to do
The toggle and Save changes are disabled	Your account lacks the manage-portals permission. Ask an organization admin to grant it.
The restricted access state does not match what you expect	The section reads the live edge state, which can show as in progress while it updates. Give it a moment and let the section refresh.
There is no MFA section on the page	The MFA section shows only when an MFA configuration with a known current state exists. If it is missing, MFA is not set up for your portal. Contact Apiable.
The MFA buttons are locked with an updating message	A change is still being applied. The buttons unlock once the live state matches the desired state you saved.
You saved an MFA change but it has not taken effect	The change is applied to the identity provider and then reconciled back. Wait for the current state to update; the control reflects the live state, not the request.

Where to next

Portal details and registration

Set the portal name, the sign-up approval flow, and the registration form.

Custom domain

Point your own domain at the portal and provision SSL.

Partner and developer onboarding

What signing in, including a second factor, looks like for your developers.

API Portal overview

How the portal pages, theme, and navigation fit together.