This documentation is for WSO2 API Manager 2.6.0. View documentation for the latest release.

All docs This doc

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Link to non authentic API invocation WSODOCINTERNAL-1183


  1. Sign in to the WSO2 API Publisher.
  2. In the APIS menu, click Add New API.
  3. Select I Have an Existing API. Click Swagger URL and give  as the URL. Click Start Creating.
  4. Edit the information as given below.

    FieldSample value

  5. Notice that all the API resources are created automatically when the Swagger URL is specified.
  6. Click Edit Source to edit the Swagger file and remove security headers. This is required to invoke the API in the Store using the Swagger UI.
  7. Remove the security tag from the /pet POST resource given below. This is required to enable API invocation using the API (store) console.

    Code Block
    titleSwagger - Post resource
    //remove the following code snippet
            - petstore_auth:
                - 'write:pets'
                - 'read:pets'
  8. Remove the security pet/{petId} GET resource given below:

    Code Block
    titleSwagger - Get resource
    //remove the following code snippet
            - api_key: []
  9. After removing the security tags, click Apply Changes to save the changes.

    Then, click Next: Implement.
  10. Click the Managed API option. Enter the information shown below and click Next: Manage.

    FieldSample value
    Endpoint typeHTTP/REST endpoint
    Production endpoint
    Sandbox endpointProviding only the production endpoint is sufficient.

  11. Select the options described in the table below.

    FieldSample valueDescription
    TransportsHTTP and HTTPSThe transport protocol on which the API is exposed.  Both HTTP and HTTPS transports are selected by default. If you want to limit API availability to only one transport (e.g., HTTPS), un-check the other transport.
    Subscription TiersGold, SilverThe API can be available at different levels of service. They allow you to limit the number of successful hits to an API during a given period of time.


    For more information on API authentication (e.g., non authentic API invocation), see HTTP methods.

  12. Click Save & Publish

Now you have successfully published an API using a Swagger defintion.