Console
The Console is the API provider and admin interface. Platform admins and tenant managers use it to control the entire API lifecycle.
The Console follows the Stripe Model: Console = Provider + Admin (Create & Manage). Consumer features (API discovery, subscriptions, testing) are on the Portal.
URL: console.gostoa.dev
Getting Startedβ
- Navigate to the Console URL
- Sign in via Keycloak (OIDC client:
control-plane-ui) - The dashboard shows an overview of your tenants and APIs
Dashboardβ
The Console dashboard provides:
- Tenant summary: Number of tenants, active APIs, subscriptions
- Recent activity: Latest API publications, subscription requests
- Health status: Platform component health checks
Tenant Managementβ
Creating a Tenantβ
- Navigate to Tenants β Create Tenant
- Enter:
- Name: Unique identifier (lowercase, hyphens allowed)
- Display Name: Human-readable label
- Contact Email: Tenant admin email
- Click Create
This provisions:
- Kubernetes namespace
tenant-{name} - GitLab repository for tenant config
- Keycloak group for tenant RBAC
Tenant Settingsβ
- Members: Add/remove users, assign roles
- Quotas: Set API and subscription limits
- Policies: Default policies applied to all tenant APIs
Tenant Selectorβ
If you have access to multiple tenants, use the tenant selector in the top navigation to switch context. Only resources belonging to the selected tenant are displayed.
API Managementβ
Publishing an APIβ
- Navigate to APIs β Create API
- Fill in:
- Name and Version
- Description
- OpenAPI Specification (upload or URL)
- Configure policies
- Click Publish
The API will appear in the Developer Portal and be synced to the gateway.
API Lifecycle Actionsβ
| Action | Effect |
|---|---|
| Publish | Make API live and discoverable |
| Deprecate | Mark as deprecated (still functional) |
| Retire | Deactivate API, stop traffic |
| Delete | Remove API and all subscriptions |
Monitoring APIsβ
View per-API metrics:
- Request count and error rate
- Latency percentiles (p50, p95, p99)
- Active subscriptions and consumers
- Gateway sync status
Subscription Managementβ
Reviewing Requestsβ
- Navigate to Subscriptions β Pending
- Review the consumer's application details
- Click Approve or Reject
Managing Active Subscriptionsβ
- Suspend: Temporarily disable access
- Revoke: Permanently terminate the subscription
- View usage: Request count and rate limit utilization
User Managementβ
Managed through Keycloak integration:
| Role | What They Can Do |
|---|---|
cpi-admin | Everything β all tenants, all operations |
tenant-admin | Full access within their tenant |
devops | Deploy and promote APIs |
viewer | Read-only access |
Adding a Userβ
- Navigate to Users β Invite
- Enter email address
- Select tenant and role
- The user receives an invitation via Keycloak
Webhooksβ
Manage webhook endpoints for event-driven integrations.
- Navigate to Webhooks in the sidebar
- Click Create Webhook
- Enter the target URL, select event types, and set a signing secret
- Use Test to send a synthetic event and verify delivery
View delivery history, retry failed deliveries, and inspect request/response details.
See Console Advanced Features for detailed webhook configuration.
Credential Mappingsβ
Map consumer credentials to backend authentication schemes.
- Navigate to Credentials in the sidebar
- Click Create Mapping
- Select the auth type (
api_key,bearer, orbasic) - Configure source (consumer credential) and target (backend credential)
Credential mappings enable the gateway to translate consumer API keys into backend-specific authentication.
Contracts / UACβ
Manage Universal API Contracts that define multi-protocol API bindings.
- Navigate to Contracts in the sidebar
- Click Create Contract to define a new API contract
- Add protocol bindings (REST, MCP, GraphQL, gRPC, Kafka)
- Publish the contract to make it available for consumers
Contracts are the foundation of STOA's "Define Once, Expose Everywhere" approach. See UAC Concepts for details.
Gateway Adaptersβ
The Console shows the sync status between STOA and the target API gateways:
| Status | Meaning |
|---|---|
| Synced | API is live on the gateway |
| Pending | Sync in progress |
| Error | Sync failed β check logs |
| Drift | Gateway state differs from desired state |
The Gateway Adapter reconciliation can be triggered manually from the Console or automatically via ArgoCD.