5 Easy Methods to Control API Documentation Access in Apidog

Not all API docs should be public. With Apidog, you can control who sees what—use password protection, IP or email allowlists, or even connect your own login system. This guide walks through each method to help you choose the right one for your API access needs.

Oliver Kingsley

Oliver Kingsley

1 July 2025

5 Easy Methods to Control API Documentation Access in Apidog

After writing your API documentation and getting ready to publish it, a key question arises: Who should be able to view it?

Should the docs be completely public? Or restricted to your internal team? Maybe your external partners need access—but not just anyone.

Creating a separate version of the documentation for each scenario would be time-consuming and inefficient. In reality, access needs are often highly specific—maybe only one department should see it, or perhaps your partners should only access it from within their corporate network.

Thankfully, Apidog provides multiple access control options to meet all these needs. When publishing a doc site, simply select the access control method that fits your use case.

setting up API documentation access control in Apidog

1. Public: Anyone Can View

Set API documentation to be public in Apidog

If your API is open for public use—like your product’s open API—just set the access control to "Public". Anyone with the link can view the documentation.

Pro tip: Apidog also features an API Hub, a marketplace-style platform where developers can browse and discover APIs. Publish your docs there to boost visibility and adoption.


2. Password Protected: Simple Barrier

Set API documentation to be password protected in Apidog

Sometimes you don’t want your docs fully public, but you also want to avoid complex setup. Password protection is a straightforward solution—set a password, and only those who know it can access the docs.

API documentation need passwords to get access

Setup is easy:

Best for: Short-term or temporary sharing, like letting a partner review your API design. Afterward, just update the password or unpublish the docs. Simple and clean.

But keep in mind: Passwords can be shared unintentionally. If you need stricter control, consider other options.


3. IP Allowlist: Restrict Access to Specific Networks

Protect API documentation with a IP Allowlist in Apidog

If your team or partners are based in fixed office locations, IP allowlisting may be your best choice.

It works like this:

Think of it as a firewall for your documentation.

API documentation can be accessed by specific IPs

Best for:

You can configure a single IP or an entire IP range.

Bonus: You can also enable IP allowlisting for team project access in Apidog’s Team Settings (Enterprise plan required). Once enabled, only users from allowed IPs can access your internal projects.


4. Email Allowlist: Identity-Based Access

Protect API documentation with a email Allowlist in Apidog

Concerned that passwords might get leaked or IPs may change often? Email allowlisting is a flexible, secure alternative.

Simply add your team’s or partners’ email addresses to the allowlist. Users can then access the docs via a one-time email verification code.

It supports wildcards too—for example, *@apidog.com allows all users with your company’s domain to access the documentation.

Benefits:


5. Custom Login Page: Integrate with Your Own Auth System

Protect API documentation with a custom login page in Apidog

If none of the above methods meet your needs, there’s a more advanced option—Custom Login Page. This lets you connect your own authentication system to control access.

Here’s how it works:

This approach lets you define permissions exactly as your business needs. Though it requires some development, it’s a great fit for companies with complex access control needs.

custom-login.gif

Check the Help Docs for details on implementing a custom login page.


How to Choose the Right Access Control Method

With so many options, you might wonder: Which one should I choose?

It depends on your use case:

Use CaseRecommended Method
Public APIs, want exposurePublic Access
Teamwork or short-term external sharingPassword Protection
Secure internal or partner networksIP Whitelist
Control access by user identityEmail Whitelist
Use your own login systemCustom Login Page

Tip: You can combine multiple methods. For example:

With Apidog, you can publish multiple doc sites, each with its own access control and a tailored set of API endpoints. That means different audiences only see what they need to—nothing more, nothing less.

button

Explore more

Apidog SEO Settings Explained: Maximize Your API Docs Visibility

Apidog SEO Settings Explained: Maximize Your API Docs Visibility

Discover how to supercharge your API documentation's visibility with Apidog's powerful SEO features. This comprehensive guide covers everything from page-level optimizations like custom URLs and meta tags to site-wide settings such as sitemaps and robots.txt.

18 June 2025

How to Protect API Specification from Unauthorized Users with Apidog

How to Protect API Specification from Unauthorized Users with Apidog

Learn how Apidog empowers you to protect API specification from unauthorized users. Explore advanced API documentation security, access controls, and sharing options for secure API development.

17 June 2025

How to Use the PostHog MCP Server?

How to Use the PostHog MCP Server?

Discover how to use the PostHog MCP server with this in-depth technical guide. Learn to install, configure, and optimize the server for seamless PostHog analytics integration using natural language. Includes practical use cases and troubleshooting.

16 June 2025

Practice API Design-first in Apidog

Discover an easier way to build and use APIs