For priming the AP you can use the command you mentioned, also other options to help ap find the WLC would be to use DHCP option 43, DNS, directed broadcast. I prefer to use DHCP or DNS if there is no N+1 redundancy requirements. 

To backup the config there are multiple ways;

1. Use Cisco Prime to backup the config

2. Use any other supported NMS to backup the config

3. @marce1000 highlighted use TFTP or any remote storage (USB, SFTP) to copy the config

4. SSH and record the session and take an output for show run

There are otherways as well where you can automate the config backup using python or kron natively to offload a configuration.

https://community.cisco.com/t5/wireless-mobility-documents/lightweight-ap-discovery-process-for-wireless-lan-controllers/ta-p/3128151

https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/119286-lap-notjoin-wlc-tshoot.html

See Configuration file management in https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9800-series-wireless-controllers/guide-c07-743627.html#Generalcontrollersettings

These are the guidelines when it comes to restoring a backup:

1. Get the configuration from WLC1 into a text file and upload to TFTP/FTP server
2. Copy the configuration file on to the startup-config file of WLC2 by doing “copy tftp://<server>/config.txt startup-config” (or Flash as source)
   1. If copying the configuration to the running-config, there would be some errors as FLEX profiles should be created before adding SITE profiles, otherwise Site profiles won’t have Flex profiles associated. To them so you will need to re-add site-2-flex association commands.
3. Reload the box (without saving) 
4. SSH back into the controller WLC2. You should be able to SSH as the TP-self-signed cert should be available by default.
5. 9800-CL does not come with a Manufacture Installed Certificate. It needs a SSC for terminate CAPWAP.  Follow the sub steps below to generate a SSC for a 9800-CL.
   Below section is not required for a hardware controller. It has its own MIC. If it is a hardware controller, skip to step6
   1. First, delete the certificates which were copied along with the config and add a new one.
   2. Check for the existing certificates using the command “show crypto pki trustpoint”
   3. Delete the existing “WLC_CA” and device cert “<hostname>_WLC_TP”
      "no crypto pki server WLC_CA"
   4. Delete existing device certificate.
      no crypto pki trustpoint "<hostname>_WLC_TP"
   5. Create a new SSC for the management interface
      “wireless config vwlc-ssc key-size 2048 signature-algo sha256 password 0 <password>”
6. If password encryption was enabled on the previous config, all keys and passwords would have to be reconfigured. Once the keys/passwords are reconfigured enable password encryption back again. The command is below
   key config-key password-encrypt <private-key>” + “password encryption aes”
7. SNMP v3 users are part of NVRAM and not the config. Add snmpv3 users if any using the below command
   snmp-server user <username> <group> v3 auth sha <password> priv aes 128 <password>  
8. Add the management interface mac as wireless mobility mac address. Since this is a new instance/hardware, the mac address of the SVI will change.
   wireless mobility mac-address <new MAC>. Get the mac from command “show wireless interface summary”
9. Add “license smart register idtoken <TOKENID FROM PORTAL>”

HTH
-Jesus
*** Please rate helpful responses ***

From GUI, click on Save Configuration icon on top. Choose Show Diff. There you can download both running and startup config directly by clicking on the download icons above them.