Basically our idea is to protect api using consumer key i.e even though the API's are published and exposed to the world, can be access only if valid key is sent in the request.
I do see few information by integrating OTK with developer portal. But as of now, we didn't require any of these products for our requirement. So, what is the best way to get this achieved using ca api gateway?
OTK can be used independently of developer portal. Just install the OTK solution kit and you are ready to go.
OTK provides an implementation for OAuth where you use an oauth flow to generate access_tokens and use this access_token to gain access to your API while the access_token is not expired.