This documentation is for WSO2 API Manager 1.5.0 View documentation for the latest release.
Page Comparison - Adding Documentation Using Swagger (v.18 vs v.19) - API Manager 1.5.0 - WSO2 Documentation

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Reverted from v. 15

Providing Interactive documentation Documentation support helps users to understand and experience the APIs. WSO2 API Manager provides this functionality by integrating through the integration with Swagger. Swagger is a specification and a complete framework implementation for describing, producing, consuming, and visualizing RESTful Web services. In Swagger, when APIs are described in simple, static JSON representation, they can be loaded through the Swagger UI and made available as interactive documentation.

The idea of this interactive console is allowing users to test the APIs and get to know how they respond without subscribing to the APIs. When an API is created in the API Publisher, the JSON representation of that API is automatically generated and saved into the registry as an API definition. This API definition describes the API using the information provided at the time it is created. You can modify the API definition using the Doc tab in the management console. In API Store, Swagger UI discovers the API definition for each API and displays the interactive documentation under the API's Overview tab.


  1. Log in to API Publisher Web interface (https://localhost:9443/publisher), and go to Add API page. Create a new API with following information.

    • Name: PhoneVerificationFindFeeds
    • Context: /phoneverifyfeeds
    • Version: 1.0.0
    • Choose to create a wildcard resource (/*)
    • Endpoint type: HTTP
    • Production Appropriate image as the thumbnail
    • Endpoint:
    • Tier availability: Bronze/Gold/Silver/Unlimited
    • Transports: HTTP/HTTPSstandardfeeds
    • Tiers: Gold, Silver, Bronze (select all 3 – this field supports multiple values)
    • Business owner: Bruce Wayne
    • Business owner e-mail: [email protected]
    • Technical owner: Peter Parker
    • Technical owner e-mail: [email protected]
  2. Define API resources for the operations you need to perform.
    Specify None as the Auth Type of OPTIONS

    For each of the resource that has HTTP verbs requiring Authentication (i.e., Auth Type is not NONE), enable OPTIONS with None Auth type. For example, as the following screen shot shows, resources with /* URL Pattern has HTTP verbs with Auth Type as Application & Application User. Therefore, we must give None as the Auth Type of OPTIONS. This is to support CORS (Cross Origin Resource Sharing) between the API Store and Gateway. But, if no authentication is needed for any of the HTTP verbs, you don't have to specify None Auth type to OPTIONS.

  3. Publish the API to the API Store.When an API is created, the JSON representation of that API is automatically generated. To customize it, go to the Docs tab of the API in the API Publisher and click Edit Content.Image Removed

  4. Modify the paths, parameters, descriptions etc. by editing the JSON representation of API definition. For example, in the PhoneVerification API, we have changed the path for all the HTTP methods of API definition from /phoneverify/1.0.0/ to /phoneverify/1.0.0/CheckPhoneNumber as follows:

    Image Removed

Invoking the interactive documentation

  1. Log in to the API Store Web interface (https://localhost:9443/store) and click the API published before.
  2. Subscribe to the API using the Bronze tier.
    Image Removed
  3. Generate the access tokens. You need them to invoke the API in the next steps.
  4. Select the API again and go to the API Console tab, which shows the interactive documentation of the API. Using the API console, you can The API opens. Under the API's Try It tab, you can find the interactive documentation for FindTweets.Image Added
  5. Click on GET operation to expand it. There, you can enter the Authorization Headers, Parameters and click Try it out to invoke.
  6. The response appears below. For example,Image Added

Updating the API definition

The API creator can update/customize the automatically generated API definition for each API.

  1. In the API Publisher, go to the Doc tab of FindFeeds API to see its API definition.
  2. API definition contains the JSON representation of the API. You can easily modify existing content, add/remove elements, change paths and parameters etc. using the JSON editor.


    By default, all the POST and PUT operations have the Payload parameter, which you can use to send any payload when invoking the API. The GET, DELETE operations have Query parameters, which you can use to send URL-appended valuesparameters. You can also add named parameters.

    For example, to modify the path of the API created above with a parameter, edit the path and add the relevant parameter.Provide the necessary parameters and click Try it out to call the API. For example, the PhoneVerification API takes two parameters: the phone number and a license key, which is set to 0 for testing purposes.
    Image Removed
    Note the following in the above UI:

    Base URLAppears at the bottom of the console. Using the base URL and the parameters, the system creates the API URL in the form http://host:8280/<context>/<version>/<back end service requirements included as parameters>. For example, http://host:8280/phoneverify/1.1.0/CheckPhoneNumber.
    Query ParametersGive the API payload as PhoneNumber=18006785432&LicenseKey=0 where /phoneverify is the context and 1.1.0 is the version. The rest of the URL is driven by the backend service requirements.
    AuthorizationIn the authorization header, pass the application key that was generated at the time a user subscribes to an API. This is prefixed by the string "Bearer". For example, Bearer q6- JeSXxZDDzBnccK3ZZGf5_AZTk.

    WSO2 API Manager enforces OAuth security on all the published APIs. Consumers who talk to the API Manager should send their credentials (application key) as per the OAuth bearer token profile. If you don't send an application key or send a wrong key, you will receive a 401 Unauthorized response in return.


  3. Note the response for the API invocation that appears as follows:
    Image Removed
  4. Within a minute after the first API invocation, make another attempt to invoke the API and note that the second invocation results in a throttling error.
    This is because you applied a Bronze tier at the time you subscribed to the API and the Bronze tier only allows one API call per minute.
    Image Removed

    To add new elements, click Add New Value and provide the value. To delete elements, delete the value of Key. For example, if you delete Key value description, that element will be deleted. The screenshot below shows path modified with a parameter.

    Image Added

    The following screenshot shows parameter definition added for param and the default Payload parameter removed:

    Image Added

    Also be sure to modify descriptions, notes, summary on each of the operations.

  5. Once the modifications are done, save and Publish the API.

  6. Log in to the API Store and click on GET operation to expand it. There you can enter the parameters and try it out.Image Added

Next, see API Versioning.