This documentation is for WSO2 API Manager 2.1.0. View documentation for the latest release.

All docs This doc

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added a link to non authentic API invocation WSODOCINTERNAL-1183


  1. Sign in to the WSO2 API Publisher.
    https://<hostname>:9443/publisher (ex: e.g.,  https://localhost:9443/publisher ). Use admin as the username and password.
  2. In the APIS menu, click Add New API.
  3. Select Design New REST API and click Start Creating.
  4. Give the information in the table below and click Add to add the resource.

    FieldSample value



    The API context is used to is used to uniquely identify the api by the gateway. API context should by the Gateway to identify the API. Therefore, the API context must be unique. This context is the API's root context when invoking the API through gatewaythe Gateway.


    Tip: You can define the API's version as a parameter of its context by adding the {version} into the context. For example, {version}/phoneverify. The API Manager assigns the actual version of the API to the {version} parameter internally. For example, https://localhost:8243/1.0.0/phoneverify. Note that the version appears before the context, allowing you to group your APIs based on the versions.


    phone, checkNumbers


    Tags can be used to filter out apis APIs matching some search criteria. It is better to add small keywords as tags which explains We recommend adding tags that explain the functionality and purpose of the api, so later subscribers API. Subscribers can search for APIs based on the tags.

    ResourcesURL patternCheckPhoneNumber

    Request types



    The selection of the HTTP method should match with the actual back end backend resource. For example, if the actual back end backend contains "the GET " method to get retrieve the details of an a phone number, then that resource should be matched match with an a GET resource type and with a proper context.

    For more information on URL patterns, see API Resources.

  5. After you add the resource, click it's GET method to expand it. Update the value for Produces as application/xml and the value for Consumes as application/json.


    In the resource definition, we define the MIME types. Consumes refers to the MIME type of request accepted by the backend service and Produces refers to the MIME type of response produced by the backend service which you define as the endpoint of the API.

  6. Next, add the following parameters. You use these parameters to invoke the API using our integrated API Console, which is explained in later tutorials. 

    Parameter NameDescriptionParameter TypeData TypeRequired
    PhoneNumberGive the phone number to be validatedQueryqueryStringstringTrue
    LicenseKeyGive the license key as 0 for testing purposeQueryqueryStringstringTrue

    titleHTTP Post

    By design, the HTTP POST method specify specifies that the web server accept accepts data enclosed within the body of the request. Therefore, hence when adding a POST method by default API manager add , API Manager adds the payload parameter to the POST method by default.

    titleImport or Edit API definition

    Image Added

    To import an existing swagger definition from a file or a URL, click Import. Click Edit Source to manually edit the API swagger definition.

  7. Once done, click  Next: Implement >  .
    Alternatively, click Save to save all the changes made to the API. You can come back later to edit it further by selecting the API and clicking on Edit. For details about the states of the API, see Manage the API Lifecycle.


    The following parameter types can be defined according to the resource parameters you add.

    Parameter TypeDescription
    queryContains the fields added as part of the invocation URL that holds the data to be used to call the backend service.
    headerContains the case-sensitive names followed by a colon (:) and then by its value which carries additional information with the request which defines the operating parameters of the transaction.
    formDataContains a property list of attribute names and values which includes in the body of the message.
    bodyAn arbitrary amount of data of any type which sends with a POST message

    You can use the following Data type categories, supported by swagger.

  8. Click the Managed API option.  


  9. The Implement tab opens. Enter the information in the table below.

    FieldSample value
    Endpoint type

    HTTP/REST endpoint

    titleLoad balanced and fail over endpoints

    The load balanced and failover endpoint types are not selected in this example. For details about these endpoint types, see Working with Endpoints and ESB Endpoints.

    Production endpoint

    This sample service has two operations as CheckPhoneNumber and CheckPhoneNumbers. Let's use CheckPhoneNumber here.

    To verify the URL, click the Test button next to it. (This is the actual endpoint where the API implementation can be found).

    Sandbox endpoint

    This sample service has two operations as CheckPhoneNumber and CheckPhoneNumbers. Let's use CheckPhoneNumber here.

    To verify the URL, click the Test button next to it.

    For more information on Endpoints, please see  Working with Endpoints .

    For additional information, see Enabling CORS for APIs and Adding Mediation Extensions.


    You can deploy your API as a Prototyped API in the Implement tab. A prototyped API is usually a mock implementation made public in order to get feedback about its usability. You can implement it Inline or by specifing specifying an endpoint.

    Users can invoke the API without a subscription after publishing the API to the Store. For more information refer , see Deploy and Test as a Prototype.

  10. Click Next: Manage > and enter the information in the table below.

    FieldSample valueDescription
    TransportsHTTP and HTTPS

    The transport protocol on which the API is exposed.  Both HTTP and HTTPS transports are selected by default. If you want to limit API availability to only one transport (e.g., HTTPS), un-check clear the checkbox for the other transport.


    You can only try out HTTPS based APIs via the API Console, because the API Store runs on HTTPS.

    Subscription TiersSelect allThe API can be available at different levels of service. They allow you to limit the number of successful hits to an API during a given period of time. These seleced tiers are the tiers that will be available for selection on the store when a subscriber tried to subscribe this API to an application.

    titleMake Default Version

    Make this the default version makes the api Default Version checkbox ensures that the API is available in the gateway Gateway without a version specified in the production and sandbox urlsURLs. This feature option allows you to create a new version of an API and make set it as the default version and in the client applications . Then, you can invoke the same resources in the client applications without changing the API gateway URL. This allows you to create new versions of an API with changes and make it allow for existing clients application without client have , at the same time, allowing existing clients applications to be invoked without the client having to change the URLs.

    Please refer Working with Throttling for
    titleThrottle Settings
    • For more information

    • on maximum backend throughput

  11. Click Save & Publish.

    This publishes the API that you just created to the API Store so that subscribers can use it.

     You have created an API.




    You can save partially complete or completed APIs without publishing it. Select the API and click on the Lifecycle tab to manage the API Lifecycle.

You have created an API.

titleRelated Tutorials