This documentation is for WSO2 API Manager 1.7.0 View documentation for the latest release.
Page Comparison - Adding Documentation Using Swagger (v.2 vs v.3) - API Manager 1.7.0 - WSO2 Documentation

All docs This doc

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


In the examples we discuss here, we use an API named PhoneVerify FindFeeds, which is based on the online search functionality provided by YouTube ( We use as the Production Url/Endpoint.


XML ElementsValuesDescription
<Enabled>True/FalseUsed to enable/disable sending CORS headers from the Gateway. By default, CORS is enabled (True). This is needed for Swagger to function properly.
<Access-Control-Allow-Origin>HTTP and HTTPS Store Address. Change the Host and Port for correct values of your store. For example, https://localhost:9443,http://localhost:9763 The value of the <Access-Control-Allow-Origin header>. Default values are API Store addresses that are required for swagger to function properly.

Header values you need to pass when invoking the API. For example, ex: authorization, Access-Control-Allow-Origin, Content-Type

Default values are sufficient for Swagger to function.
<Access-Control-Allow-Methods>GET, POST, PUT, DELETE, OPTIONSMethods required to be supported from the Swagger client.


  1. Log in to API Publisher Web interface (https://localhost:9443/publisher), and go to Add API page. Create new API with following information.

  2. Define API resources for the operations you need to perform.
    Specify None as the Auth Type of OPTIONS

    For each resource that has HTTP verbs requiring Authentication (i.e., Auth Type is not NONE), enable OPTIONS with None Auth type. For example, as the following screen shot shows, resources with /feedsphoneverify/1.0.0 URL Pattern has HTTP verbs with Auth Type as Application & Application User. Therefore, we must give None as the Auth Type of OPTIONS. This is to support CORS between the API Store and Gateway. But, if no authentication is needed for any of the HTTP verbs, you don't have to specify None Auth type to OPTIONS.

    Image RemovedImage Added

  3. Publish the API to the API Store.