After writing your API documentation and getting ready to publish it, a key question arises: Who should be able to view it?
Should the docs be completely public? Or restricted to your internal team? Maybe your external partners need access—but not just anyone.
Creating a separate version of the documentation for each scenario would be time-consuming and inefficient. In reality, access needs are often highly specific—maybe only one department should see it, or perhaps your partners should only access it from within their corporate network.
Thankfully, Apidog provides multiple access control options to meet all these needs. When publishing a doc site, simply select the access control method that fits your use case.
1. Public: Anyone Can View
If your API is open for public use—like your product’s open API—just set the access control to "Public". Anyone with the link can view the documentation.
Pro tip: Apidog also features an API Hub, a marketplace-style platform where developers can browse and discover APIs. Publish your docs there to boost visibility and adoption.
2. Password Protected: Simple Barrier
Sometimes you don’t want your docs fully public, but you also want to avoid complex setup. Password protection is a straightforward solution—set a password, and only those who know it can access the docs.
Setup is easy:
- Choose “Password Protected”
- Set a password manually or let the system generate one
- Share it with coworkers or partners
Best for: Short-term or temporary sharing, like letting a partner review your API design. Afterward, just update the password or unpublish the docs. Simple and clean.
But keep in mind: Passwords can be shared unintentionally. If you need stricter control, consider other options.
3. IP Allowlist: Restrict Access to Specific Networks
If your team or partners are based in fixed office locations, IP allowlisting may be your best choice.
It works like this:
- Only users from the specified IP addresses or ranges can access the docs
- Unauthorized IPs are automatically denied
Think of it as a firewall for your documentation.
Best for:
- Corporate environments
- Limiting access to your internal network
- Allowing partner access only from their office network
You can configure a single IP or an entire IP range.
Bonus: You can also enable IP allowlisting for team project access in Apidog’s Team Settings (Enterprise plan required). Once enabled, only users from allowed IPs can access your internal projects.
4. Email Allowlist: Identity-Based Access
Concerned that passwords might get leaked or IPs may change often? Email allowlisting is a flexible, secure alternative.
Simply add your team’s or partners’ email addresses to the allowlist. Users can then access the docs via a one-time email verification code.
It supports wildcards too—for example, *@apidog.com allows all users with your company’s domain to access the documentation.
Benefits:
- Easy to manage: add or remove users as needed
- Safer than passwords: unauthorized users can’t view docs even if they have the link
- Great for distributed teams or mobile workforces
5. Custom Login Page: Integrate with Your Own Auth System
If none of the above methods meet your needs, there’s a more advanced option—Custom Login Page. This lets you connect your own authentication system to control access.
Here’s how it works:
- When a user tries to access the doc site, they’re redirected to your login page.
- After authentication, your server generates a JWT token.
- The user is redirected back to the doc site with the token as a parameter.
- Apidog verifies the token, and grants access if it’s valid.
This approach lets you define permissions exactly as your business needs. Though it requires some development, it’s a great fit for companies with complex access control needs.
Check the Help Docs for details on implementing a custom login page.
How to Choose the Right Access Control Method
With so many options, you might wonder: Which one should I choose?
It depends on your use case:
| Use Case | Recommended Method |
|---|---|
| Public APIs, want exposure | Public Access |
| Teamwork or short-term external sharing | Password Protection |
| Secure internal or partner networks | IP Whitelist |
| Control access by user identity | Email Whitelist |
| Use your own login system | Custom Login Page |
Tip: You can combine multiple methods. For example:
- Use an IP allowlist for internal team members
- Use an email allowlist for external partners
- Use password protection for temporary demos
With Apidog, you can publish multiple doc sites, each with its own access control and a tailored set of API endpoints. That means different audiences only see what they need to—nothing more, nothing less.
