# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ################################################################################ openapi: 3.0.1 info: title: WSO2 API Manager - Developer Portal description: | This document specifies a **RESTful API** for WSO2 **API Manager** - **Developer Portal**. Please see [full OpenAPI Specification](https://raw.githubusercontent.com/wso2/carbon-apimgt/master/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/resources/devportal-api.yaml) of the API which is written using [OAS 3.0](http://swagger.io/) specification. # Authentication The Developer Portal REST API is protected using OAuth2 and access control is achieved through scopes. Before you start invoking the API, you need to obtain an access token with the required scopes. This guide will walk you through the steps that you will need to follow to obtain an access token. First you need to obtain the consumer key/secret key pair by calling the dynamic client registration (DCR) endpoint. You can add your preferred grant types in the payload. A Sample payload is shown below. ``` { "callbackUrl":"www.google.lk", "clientName":"rest_api_devportal", "owner":"admin", "grantType":"client_credentials password refresh_token", "saasApp":true } ``` Create a file (payload.json) with the above sample payload, and use the cURL shown below to invoke the DCR endpoint. Authorization header of this should contain the base64 encoded admin username and password. **Format of the request** ``` curl -X POST -H "Authorization: Basic Base64(admin_username:admin_password)" -H "Content-Type: application/json" \ -d @payload.json https://:/client-registration/v0.17/register ``` **Sample request** ``` curl -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" \ -d @payload.json https://localhost:9443/client-registration/v0.17/register ``` Following is a sample response after invoking the above curl. ``` { "clientId": "fOCi4vNJ59PpHucC2CAYfYuADdMa", "clientName": "rest_api_devportal", "callBackURL": "www.google.lk", "clientSecret": "a4FwHlq0iCIKVs2MPIIDnepZnYMa", "isSaasApplication": true, "appOwner": "admin", "jsonString": "{\"grant_types\":\"client_credentials password refresh_token\",\"redirect_uris\":\"www.google.lk\",\"client_name\":\"rest_api_devportal\"}", "jsonAppAttribute": "{}", "tokenType": null } ``` Note that in a distributed deployment or IS as KM separated environment to invoke RESTful APIs (product APIs), users must generate tokens through API-M Control Plane's token endpoint. The tokens generated using third party key managers, are to manage end-user authentication when accessing APIs. Next you must use the above client id and secret to obtain the access token. We will be using the password grant type for this, you can use any grant type you desire. You also need to add the proper **scope** when getting the access token. All possible scopes for devportal REST API can be viewed in **OAuth2 Security** section of this document and scope for each resource is given in **authorization** section of resource documentation. Following is the format of the request if you are using the password grant type. ``` curl -k -d "grant_type=password&username=&password=&scope=" \ -H "Authorization: Basic base64(cliet_id:client_secret)" \ https://:/oauth2/token ``` **Sample request** ``` curl https://localhost:9443/oauth2/token -k \ -H "Authorization: Basic Zk9DaTR2Tko1OVBwSHVjQzJDQVlmWXVBRGRNYTphNEZ3SGxxMGlDSUtWczJNUElJRG5lcFpuWU1h" \ -d "grant_type=password&username=admin&password=admin&scope=apim:subscribe apim:api_key" ``` Shown below is a sample response to the above request. ``` { "access_token": "e79bda48-3406-3178-acce-f6e4dbdcbb12", "refresh_token": "a757795d-e69f-38b8-bd85-9aded677a97c", "scope": "apim:subscribe apim:api_key", "token_type": "Bearer", "expires_in": 3600 } ``` Now you have a valid access token, which you can use to invoke an API. Navigate through the API descriptions to find the required API, obtain an access token as described above and invoke the API with the authentication header. If you use a different authentication mechanism, this process may change. # Try out in Postman If you want to try-out the embedded postman collection with "Run in Postman" option, please follow the guidelines listed below. * All of the OAuth2 secured endpoints have been configured with an Authorization Bearer header with a parameterized access token. Before invoking any REST API resource make sure you run the `Register DCR Application` and `Generate Access Token` requests to fetch an access token with all required scopes. * Make sure you have an API Manager instance up and running. * Update the `basepath` parameter to match the hostname and port of the APIM instance. [![Run in Postman](https://run.pstmn.io/button.svg)](https://app.getpostman.com/run-collection/32294946-a8a1522b-31b8-4e27-8a31-6e13054bce4e) contact: name: WSO2 url: https://wso2.com/api-manager/ email: architecture@wso2.com license: name: Apache 2.0 url: http://www.apache.org/licenses/LICENSE-2.0.html version: v3 servers: - url: https://apis.wso2.com/api/am/devportal/v3 ###################################################### # The "API Collection" resource APIs ###################################################### paths: /apis: get: tags: - APIs summary: | Retrieve/Search APIs description: | This operation provides you a list of available APIs qualifying under a given search condition. Each retrieved API is represented with a minimal amount of attributes. If you want to get complete details of an API, you need to use **Get details of an API** operation. This operation supports retrieving APIs of other tenants. The required tenant domain need to be specified as a header `X-WSO2-Tenant`. If not specified super tenant's APIs will be retrieved. If you used an Authorization header, the user's tenant associated with the access token will be used. **NOTE:** * By default, this operation retrieves Published APIs. In order to retrieve Prototyped APIs, you need to use **query** parameter and specify **status:PROTOTYPED**. * This operation does not require an Authorization header by default. But if it is provided, it will be validated and checked for permissions of the user, hence you may be able to see APIs which are restricted for special permissions/roles. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/requestedTenant' - name: query in: query description: | **Search condition**. You can search in attributes by using an **":"** modifier. Eg. "provider:wso2" will match an API if the provider of the API is exactly "wso2". Additionally you can use wildcards. Eg. "provider:wso2*" will match an API if the provider of the API starts with "wso2". Supported attribute modifiers are [**version, context, status, description, doc, provider, tag**] To search by API Properties provide the query in below format. **property_name:property_value** Eg. "environment:test" where environment is the property name and test is the propert value. If no advanced attribute modifier has been specified, search will match the given query string against API Name. schema: type: string - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. List of qualifying APIs is returned. content: application/json: schema: $ref: '#/components/schemas/APIList' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/apis" /apis/{apiId}: get: tags: - APIs summary: | Get Details of an API description: | Using this operation, you can retrieve complete details of a single API. You need to provide the Id of the API to retrive it. `X-WSO2-Tenant` header can be used to retrieve an API of a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. **NOTE:** * This operation does not require an Authorization header by default. But if it is provided, it will be validated and checked for permissions of the user, hence you may be able to see APIs which are restricted for special permissions/roles. \n parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. Requested API is returned headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string Last-Modified: description: | Date and time the resource has been modified the last time. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/API' 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: {} 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/apis/c43a325c-260b-4302-81cb-768eafaa3aed" /apis/{apiId}/swagger: get: tags: - APIs summary: | Get Swagger Definition description: | You can use this operation to retrieve the swagger definition of an API. `X-WSO2-Tenant` header can be used to retrieve the swagger definition an API of a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. **NOTE:** * This operation does not require an Authorization header by default. But in order to see a restricted API's swagger definition, you need to provide Authorization header. parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/environmentName' - $ref: '#/components/parameters/If-None-Match' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/requestedTenant-Q' - name: query in: query description: | **Key Manager Specific Swagger Generation**. To retrieve an OpenAPI Specification (OAS) definition for a specific Key Manager, please specify the Key Manager's ID in your request. For example, by passing the query parameter `kmId=65e30b46-85e4-4788-85b7-b1c3de06b2e0`, you will receive the OAS definition containing all relevant information for the Key Manager associated with that ID. **Important:** If you're using a client that does not automatically handle URL encoding (such as `curl`), please ensure that you encode the URL properly. schema: type: string responses: 200: description: | OK. Requested swagger document of the API is returned headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string Last-Modified: description: | Date and time the resource has been modifed the last time. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: type: string example: '{ "swagger" : "2.0", "info" : { "version" : "1.0", "title" : "PhoneVerification" }, "host" : "localhost:8243", "basePath" : "/phoneverify/1.0", "schemes" : [ "https", "http" ], "security" : [ { "default" : [ ] } ], "paths" : { "/*" : { "post" : { "consumes" : [ "text/xml", "application/soap+xml" ], "parameters" : [ { "in" : "body", "name" : "SOAP Request", "description" : "SOAP request.", "required" : true, "schema" : { "type" : "string" } }, { "name" : "SOAPAction", "in" : "header", "description" : "SOAPAction header for soap 1.1", "required" : false, "type" : "string" } ], "responses" : { "200" : { "description" : "OK" } }, "security" : [ { "default" : [ ] } ], "x-auth-type" : "Application & Application User", "x-throttling-tier" : "Unlimited" } } }, "securityDefinitions" : { "default" : { "type" : "oauth2", "authorizationUrl" : "https://localhost:8243/authorize", "flow" : "implicit" } } }' 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: {} 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/apis/c43a325c-260b-4302-81cb-768eafaa3aed/swagger" /apis/{apiId}/async-api-specification: get: tags: - APIs summary: | Get async api specification definition description: | You can use this operation to retrieve the async api specification of an API. `X-WSO2-Tenant` header can be used to retrieve the async api specification an API of a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. **NOTE:** * This operation does not require an Authorization header by default. But in order to see a restricted API's swagger definition, you need to provide Authorization header. parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/environmentName' - $ref: '#/components/parameters/If-None-Match' - $ref: '#/components/parameters/requestedTenant' responses: 200: description: | OK. Requested async api specification document of the API is returned headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string Last-Modified: description: | Date and time the resource has been modifed the last time. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: type: string example: '{"asyncapi": "2.0.0","defaultContentType": "application/json","info": {"title": "Streetlights API","version": "1.0.0","description": "The Smartylighting Streetlights API allows you to remotely manag e the city lights.\n\n### Check out its awesome features:\n\n* Turn a specific streetlight on/off\n* Dim a specific streetlight\n* Receive real-time information about environmental lighting conditions\n","licen se": {"name": "Apache 2.0","url":"https://www.apache.org/licenses/LICENSE-2.0" }},"servers": {"productio n": {"url": "ws://localhost:8080","protocol": "ws"},"sandbox": {"url": "ws://localhost:8080","protocol": "ws"}},"channels": {"smartylighting/streetlights/1/0/event/{streetlightId}/lighting/measured": {"descrip tion": "The topic on which measured values may be produced and consumed.",“publish": {"operationId": "re ceiveLightMeasurement","summary": "Inform about environmental lighting conditions of a particular street light.","traits": [{"$ref": "#/components/operationTraits/kafka"}],"message": {"$ref": "#/components/mes sages/lightMeasured"}},"parameters": {"streetlightId": {"$ref": "#/components/parameters/streetlightId"} }},"smartylighting/streetlights/1/0/action/{streetlightId}/turn/on": {"subscribe": {"operationId": "turn On","traits": [{"$ref": "#/components/operationTraits/kafka"}],"message": {"$ref": "#/components/message s/turnOnOff"}},"parameters": {"streetlightId": {"$ref": "#/components/parameters/streetlightId"}}},"smar tylighting/streetlights/1/0/action/{streetlightId}/turn/off": {"subscribe": {"operationId": "turnOff","t raits": [{"$ref": "#/components/operationTraits/kafka"}],"message": {"$ref": "#/components/messages/turn OnOff"}},"parameters": {"streetlightId": {"$ref": "#/components/parameters/streetlightId"}}},"smartyligh ting/streetlights/1/0/action/{streetlightId}/dim": {"subscribe": {"operationId": "dimLight","traits": [{ "$ref": "#/components/operationTraits/kafka"}],"message": {"$ref": "#/components/messages/dimLight"}},"p arameters": {"streetlightId": {"$ref": "#/components/parameters/streetlightId"}}}},"components": {"schem as": {"lightMeasuredPayload": {"type": "object","properties": {"lumens": {"description": "Light intensit y measured in lumens.","minimum": 0,"type": "integer"},"sentAt": {“$ref": "#/components/schemas/sentAt"} }},"turnOnOffPayload": {"type": "object","properties": {"command": {"description": "Whether to turn on o r off the light.","enum": [true,false],"type": "string"},"sentAt": {"$ref": "#/components/schemas/sentAt "}}},"dimLightPayload": {"type": "object","properties": {"percentage": {"description": "Percentage to wh ich the light should be dimmed to.","maximum": 100,"minimum": 0,"type": "integer"},"sentAt": {"$ref": "# /components/schemas/sentAt"}}},"sentAt": {"format": "date-time","description": "Date and time when the m essage was sent.","type": "string"}},"messages": {"lightMeasured": {"contentType": "application/json","n ame": "lightMeasured","title": "Light measured","summary": "Inform about environmental lighting conditio ns of a particular streetlight.","payload": {"$ref": "#/components/schemas/lightMeasuredPayload"},"trait s": [{"$ref": "#/components/messageTraits/commonHeaders"}]},"turnOnOff": {"name": "turnOnOff","title": " on/off","summary": "Command a particular streetlight to turn the lights on or off.","payload": {"$ref":" #/components/schemas/turnOnOffPayload"},"traits": [{"$ref": "#/components/messageTraits/commonHeaders"}] },"dimLight": {"name": "dimLight","title": "Dim light","summary": "Command a particular streetlight to d im the lights.","payload": {"$ref": "#/components/schemas/dimLightPayload"},"traits": [{"$ref":"#/compon ents/messageTraits/commonHeaders"}]}},"securitySchemes": {"apiKey": {"type": "apiKey","description": "Pr ovide your API key as the user and leave the password empty.","in": "user"},"supportedOauthFlows": {"typ e": "oauth2","description": "Flows to support OAuth 2.0","flows": {"implicit": {"authorizationUrl": "http s://authserver.example/auth","scopes": {"streetlights:on": "Ability to switch lights on","streetlights:o ff": "Ability to switch lights off","streetlights:dim": "Ability to dim the lights"}},"password": {"toke nUrl": "https://authserver.example/token","scopes": {"streetlights:on": "Ability to switch lights on","s treetlights:off": "Ability to switch lights off","streetlights:dim": "Ability to dim the lights"}},"clie ntCredentials": {"tokenUrl": "https://authserver.example/token","scopes": {"streetlights:on": "Ability t o switch lights on","streetlights:off": "Ability to switch lights off","streetlights:dim": "Ability to d im the lights"}},"authorizationCode": {"authorizationUrl": "https://authserver.example/auth","tokenUrl": "https://authserver.example/token","refreshUrl": "https://authserver.example/refresh","scopes": {"street lights:on": "Ability to switch lights on","streetlights:off": "Ability to switch lights off","streetligh ts:dim": "Ability to dim the lights"}}}},"openIdConnectWellKnown": {"type": "openIdConnect","openIdConne ctUrl": "https://authserver.example/.well-known"},"oauth2": {"type": "oauth2","flows": {"implicit": {"aut horizationUrl": "http://localhost:9999","scopes": {},"x-scopes-bindings": {}}}}},"parameters": {"streetl ightId": {"description": "The ID of the streetlight.","schema": {"type": "string"}}},"operationTraits": {"kafka": {"bindings": {"kafka": {"clientId": "my-app-id"}}}},"messageTraits": {"commonHeaders": {"heade rs": {"type": "object","properties": {"my-app-header": {"type": "integer","minimum": 0,"maximum": 100}}} }}}}' 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: { } 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [ ] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/apis/c43a325c-260b-4302-81cb-768eafaa3aed/async-api-specification" /apis/{apiId}/graphql-schema: get: tags: - APIs summary: | Get GraphQL Definition description: | You can use this operation to retrieve the GraphQL schema definition of a GraphQL API. `X-WSO2-Tenant` header can be used to retrieve the swagger definition an API of a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. **NOTE:** * This operation does not require an Authorization header by default. But in order to see a restricted API's swagger definition, you need to provide Authorization header. parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/If-None-Match' - $ref: '#/components/parameters/requestedTenant' responses: 200: description: | OK. Requested swagger document of the API is returned headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string Last-Modified: description: | Date and time the resource has been modifed the last time. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: type: string example: 'directive @cacheControl( maxAge: Int scope: CacheControlScope ) on FIELD_DEFINITION | OBJECT | INTERFACE enum CacheControlScope { PUBLIC PRIVATE } # A `Lift` is a chairlift, gondola, tram, funicular, pulley, rope tow, or other means of ascending a mountain. type Lift { # The unique identifier for a `Lift` (id: "panorama") id: ID! # The name of a `Lift` name: String! # The current status for a `Lift`: `OPEN`, `CLOSED`, `HOLD` status: LiftStatus # The number of people that a `Lift` can hold capacity: Int! # A boolean describing whether a `Lift` is open for night skiing night: Boolean! # The number of feet in elevation that a `Lift` ascends elevationGain: Int! # A list of trails that this `Lift` serves trailAccess: [Trail!]! } # An enum describing the options for `LiftStatus`: `OPEN`, `CLOSED`, `HOLD` enum LiftStatus { OPEN CLOSED HOLD } type Mutation { # Sets a `Lift` status by sending `id` and `status` setLiftStatus(id: ID!, status: LiftStatus!): Lift! # Sets a `Trail` status by sending `id` and `status` setTrailStatus(id: ID!, status: TrailStatus!): Trail! } type Query { # A list of all `Lift` objects allLifts(status: LiftStatus): [Lift!]! # A list of all `Trail` objects allTrails(status: TrailStatus): [Trail!]! # Returns a `Lift` by `id` (id: "panorama") Lift(id: ID!): Lift! # Returns a `Trail` by `id` (id: "old-witch") Trail(id: ID!): Trail! # Returns an `Int` of `Lift` objects with optional `LiftStatus` filter liftCount(status: LiftStatus): Int! # Returns an `Int` of `Trail` objects with optional `TrailStatus` filter trailCount(status: TrailStatus): Int! # Returns a list of `SearchResult` objects based on `term` or `status` search(term: String, status: LiftStatus): [SearchResult!]! } union SearchResult = Lift | Trail type Subscription { # Listens for changes in lift status liftStatusChange: Lift # Listens for changes in trail status trailStatusChange: Trail } # A `Trail` is a run at a ski resort type Trail { id: ID! # The name of a `Trail` name: String! # The current status for a `Trail`: OPEN, CLOSED status: TrailStatus # The difficulty rating for a `Trail` difficulty: String! # A boolean describing whether or not a `Trail` is groomed groomed: Boolean! # A boolean describing whether or not a `Trail` has trees trees: Boolean! # A boolean describing whether or not a `Trail` is open for night skiing night: Boolean! # A list of Lifts that provide access to this `Trail` accessedByLifts: [ Lift! ]! } # An enum describing the options for `TrailStatus`: `OPEN`, `CLOSED` enum TrailStatus { OPEN CLOSED } # The `Upload` scalar type represents a file upload. scalar Upload' 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: {} 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/apis/c43a325c-260b-4302-81cb-768eafaa3aed/graphql-schema" /apis/{apiId}/sdks/{language}: get: tags: - SDKs summary: | Generate a SDK for an API description: | This operation can be used to generate SDKs (System Development Kits), for the APIs available in the API Developer Portal, for a requested development language. parameters: - $ref: '#/components/parameters/apiId' - name: language in: path description: | Programming language of the SDK that is required. Languages supported by default are **Java**, **Javascript**, **Android** and **JMeter**. required: true schema: type: string - $ref: '#/components/parameters/requestedTenant' responses: 200: description: | OK. SDK generated successfully. content: application/zip: schema: type: string format: byte 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 500: $ref: '#/components/responses/InternalServerError' security: - OAuth2Security: - apim:subscribe x-code-samples: - lang: Curl source: curl -k -H "Authorization:Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/apis/890a4f4d-09eb-4877-a323-57f6ce2ed79b/sdks/java" > Petstore_java_1.0.0.zip /apis/{apiId}/wsdl: get: tags: - APIs summary: Get API WSDL definition description: | This operation can be used to retrieve the WSDL definition of an API. operationId: getWSDLOfAPI parameters: - $ref: '#/components/parameters/formatWsdl' - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/environmentName' - $ref: '#/components/parameters/If-None-Match' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/exp' - $ref: '#/components/parameters/sig' - $ref: '#/components/parameters/requestedTenant-Q' responses: 200: description: | OK. Requested WSDL document of the API is returned headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests (Will be supported in future). schema: type: string Last-Modified: description: | Date and time the resource has been modifed the last time. Used by caches, or in conditional requests (Will be supported in future). schema: type: string content: {} 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource (Will be supported in future). content: {} 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/apis/c43a325c-260b-4302-81cb-768eafaa3aed/wsdl" ###################################################### # The "Document Collection" resource APIs ###################################################### /apis/{apiId}/documents: get: tags: - API Documents summary: | Get a List of Documents of an API description: | This operation can be used to retrive a list of documents belonging to an API by providing the id of the API. `X-WSO2-Tenant` header can be used to retrive documents of an API that belongs to a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. **NOTE:** * This operation does not require an Authorization header by default. But in order to see a restricted API's documents, you need to provide Authorization header. parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. Document list is returned. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/DocumentList' 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: {} 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/apis/c43a325c-260b-4302-81cb-768eafaa3aed/documents" ###################################################### # The "Individual Document" resource APIs ###################################################### /apis/{apiId}/documents/{documentId}: get: tags: - API Documents summary: | Get a Document of an API description: | This operation can be used to retrieve a particular document's metadata associated with an API. `X-WSO2-Tenant` header can be used to retrive a document of an API that belongs to a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. **NOTE:** * This operation does not require an Authorization header by default. But in order to see a restricted API's document, you need to provide Authorization header. parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/documentId' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. Document returned. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/Document' 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: {} 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/apis/c43a325c-260b-4302-81cb-768eafaa3aed/documents/850a4f34-db2c-4d23-9d85-3f95fbfb082c" /apis/{apiId}/documents/{documentId}/content: get: tags: - API Documents summary: | Get the Content of an API Document description: | This operation can be used to retrive the content of an API's document. The document can be of 3 types. In each cases responses are different. 1. **Inline type**: The content of the document will be retrieved in `text/plain` content type 2. **FILE type**: The file will be downloaded with the related content type (eg. `application/pdf`) 3. **URL type**: The client will recieve the URL of the document as the Location header with the response with - `303 See Other` `X-WSO2-Tenant` header can be used to retrive the content of a document of an API that belongs to a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. **NOTE:** * This operation does not require an Authorization header by default. But in order to see a restricted API's document content, you need to provide Authorization header. parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/documentId' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. File or inline content returned. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string Last-Modified: description: | Date and time the resource has been modifed the last time. Used by caches, or in conditional requests. schema: type: string content: {} 303: description: | See Other. Source can be retrived from the URL specified at the Location header. headers: Location: description: | The Source URL of the document. schema: type: string content: {} 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: {} 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/apis/890a4f4d-09eb-4877-a323-57f6ce2ed79b/documents/0bcb7f05-599d-4e1a-adce-5cb89bfe58d5/content" /apis/{apiId}/thumbnail: get: tags: - APIs summary: Get Thumbnail Image description: | This operation can be used to download a thumbnail image of an API. `X-WSO2-Tenant` header can be used to retrive a thumbnail of an API that belongs to a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. **NOTE:** * This operation does not require an Authorization header by default. But in order to see a restricted API's thumbnail, you need to provide Authorization header. parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. Thumbnail image returned headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string Last-Modified: description: | Date and time the resource has been modifed the last time. Used by caches, or in conditional requests (Will be supported in future). schema: type: string Content-Type: description: | The content type of the body. schema: type: string content: {} 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: {} 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [] x-code-samples: - lang: Curl source: 'curl -k "https://localhost:9443/api/am/devportal/v3/apis/e93fb282-b456-48fc-8981-003fb89086ae/thumbnail" > image.jpeg' /apis/{apiId}/ratings: get: tags: - Ratings summary: Retrieve API Ratings description: | This operation can be used to retrieve the list of ratings of an API. `X-WSO2-Tenant` header can be used to retrieve ratings of an API that belongs to a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/requestedTenant' responses: 200: description: | OK. Rating list returned. content: application/json: schema: $ref: '#/components/schemas/RatingList' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/apis/e93fb282-b456-48fc-8981-003fb89086ae/ratings" /apis/{apiId}/user-rating: get: tags: - Ratings summary: Retrieve API Rating of User description: | This operation can be used to get the user rating of an API. `X-WSO2-Tenant` header can be used to retrieve the logged in user rating of an API that belongs to a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. Rating returned. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string Last-Modified: description: | Date and time the resource has been modified the last time. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/Rating' 304: description: | Not Modified. Empty body because the client already has the latest version of the requested resource. content: {} 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: - apim:subscribe x-code-samples: - lang: Curl source: curl -k -H "Authorization:Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/apis/e93fb282-b456-48fc-8981-003fb89086ae/user-rating" put: tags: - Ratings summary: Add or Update Logged in User's Rating for an API description: | This operation can be used to add or update an API rating. `X-WSO2-Tenant` header can be used to add or update the logged in user rating of an API that belongs to a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/requestedTenant' requestBody: description: | Rating object that should to be added content: application/json: schema: $ref: '#/components/schemas/Rating' required: true responses: 200: description: | OK. Successful response with the newly created or updated object as entity in the body. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional request. schema: type: string content: application/json: schema: $ref: '#/components/schemas/Rating' 400: $ref: '#/components/responses/BadRequest' 415: $ref: '#/components/responses/UnsupportedMediaType' security: - OAuth2Security: - apim:subscribe x-code-samples: - lang: Curl source: 'curl -k -X PUT -H "Authorization:Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -d @data.json "https://localhost:9443/api/am/devportal/v3/apis/e93fb282-b456-48fc-8981-003fb89086ae/user-rating"' delete: tags: - Ratings summary: Delete User API Rating description: | This operation can be used to delete logged in user API rating. `X-WSO2-Tenant` header can be used to delete the logged in user rating of an API that belongs to a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/If-Match' responses: 200: description: | OK. Resource successfully deleted. content: {} security: - OAuth2Security: - apim:subscribe x-code-samples: - lang: Curl source: curl -k -X DELETE -H "Authorization:Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/apis/e93fb282-b456-48fc-8981-003fb89086ae/user-rating" /apis/{apiId}/comments: get: tags: - Comments summary: Retrieve API Comments description: | Get a list of Comments that are already added to APIs operationId: getAllCommentsOfAPI parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/includeCommenterInfo' responses: 200: description: | OK. Comments list is returned. content: application/json: schema: $ref: '#/components/schemas/CommentList' 404: $ref: '#/components/responses/NotFound' 500: $ref: '#/components/responses/InternalServerError' security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/apis/e93fb282-b456-48fc-8981-003fb89086ae/comments" post: tags: - Comments summary: Add an API Comment operationId: addCommentToAPI parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/parentCommentId' requestBody: description: | Comment object that should to be added content: application/json: schema: $ref: '#/components/schemas/PostRequestBody' required: true responses: 201: description: | Created. Successful response with the newly created object as entity in the body. Location header contains URL of newly created entity. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional request. schema: type: string Location: description: | Location to the newly created Comment. schema: type: string content: application/json: schema: $ref: '#/components/schemas/Comment' 400: $ref: '#/components/responses/BadRequest' 401: $ref: '#/components/responses/Unauthorized' 404: $ref: '#/components/responses/NotFound' 415: $ref: '#/components/responses/UnsupportedMediaType' 500: $ref: '#/components/responses/InternalServerError' security: - OAuth2Security: - apim:subscribe x-code-samples: - lang: Curl source: 'curl -k -X POST -H "Authorization:Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -d @data.json "https://localhost:9443/api/am/devportal/v3/apis/e93fb282-b456-48fc-8981-003fb89086ae/comments"' /apis/{apiId}/comments/{commentId}: get: tags: - Comments summary: Get Details of an API Comment description: | Get the individual comment given by a user for a certain API. operationId: getCommentOfAPI parameters: - $ref: '#/components/parameters/commentId' - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/If-None-Match' - $ref: '#/components/parameters/includeCommenterInfo' - $ref: '#/components/parameters/replyLimit' - $ref: '#/components/parameters/replyOffset' responses: 200: description: | OK. Comment returned. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string Last-Modified: description: | Date and time the resource has been modifed the last time. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/Comment' 401: $ref: '#/components/responses/Unauthorized' 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' 500: $ref: '#/components/responses/InternalServerError' security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/apis/e93fb282-b456-48fc-8981-003fb89086ae/comments/d4cf1704-5d09-491c-bc48-4d19ce6ea9b4" patch: tags: - Comments summary: Edit a comment description: | Edit the individual comment operationId: editCommentOfAPI parameters: - $ref: '#/components/parameters/commentId' - $ref: '#/components/parameters/apiId' requestBody: description: | Comment object that should to be updated content: application/json: schema: $ref: '#/components/schemas/PatchRequestBody' required: true responses: 200: description: | OK. Comment updated. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional request. schema: type: string Location: description: | Location to the newly created Comment. schema: type: string content: application/json: schema: $ref: '#/components/schemas/Comment' 400: $ref: '#/components/responses/BadRequest' 401: $ref: '#/components/responses/Unauthorized' 403: description: | Forbidden. The request must be conditional but no condition has been specified. 404: $ref: '#/components/responses/NotFound' 415: $ref: '#/components/responses/UnsupportedMediaType' 500: $ref: '#/components/responses/InternalServerError' security: - OAuth2Security: - apim:subscribe x-code-samples: - lang: Curl source: 'curl -k -X PATCH -H "Authorization:Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -d @data.json "https://localhost:9443/api/am/devportal/v3/apis/e93fb282-b456-48fc-8981-003fb89086ae/comments/d4cf1704-5d09-491c-bc48-4d19ce6ea9b4"' delete: tags: - Comments summary: Delete an API Comment description: | Remove a Comment operationId: deleteComment parameters: - $ref: '#/components/parameters/commentId' - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/If-Match' responses: 200: description: | OK. Resource successfully deleted. content: {} 401: $ref: '#/components/responses/Unauthorized' 403: description: | Forbidden. The request must be conditional but no condition has been specified. content: {} 404: $ref: '#/components/responses/NotFound' 405: description: | MethodNotAllowed. Request method is known by the server but is not supported by the target resource. content: {} 500: $ref: '#/components/responses/InternalServerError' security: - OAuth2Security: - apim:subscribe - apim:admin # special scope added to moderate comments x-code-samples: - lang: Curl source: curl -k -X DELETE -H "Authorization:Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/apis/e93fb282-b456-48fc-8981-003fb89086ae/comments/d4cf1704-5d09-491c-bc48-4d19ce6ea9b4" /apis/{apiId}/comments/{commentId}/replies: get: tags: - Comments summary: Get replies of a comment description: | Get replies of a comment operationId: getRepliesOfComment parameters: - $ref: '#/components/parameters/commentId' - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/If-None-Match' - $ref: '#/components/parameters/includeCommenterInfo' responses: 200: description: | OK. Comment returned. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string Last-Modified: description: | Date and time the resource has been modifed the last time. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/CommentList' 401: $ref: '#/components/responses/Unauthorized' 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' 500: $ref: '#/components/responses/InternalServerError' security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k -H "Authorization:Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/apis/e93fb282-b456-48fc-8981-003fb89086ae/comments/d4cf1704-5d09-491c-bc48-4d19ce6ea9b4/replies" /apis/{apiId}/topics: get: tags: - Topics summary: | Get a list of available topics for a given async API description: | This operation will provide a list of topics available for a given Async API, based on the provided API ID. parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/requestedTenant' responses: 200: description: | OK. Topic list returned. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/TopicList' 404: $ref: '#/components/responses/NotFound' 500: $ref: '#/components/responses/InternalServerError' security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k -H "Authorization:Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/apis/5b65808c-cdf2-43e1-a695-de63e3ad0ae9/topics" /apis/{apiId}/subscription-policies: get: tags: - APIs summary: | Get Details of the Subscription Throttling Policies of an API description: | This operation can be used to retrieve details of the subscription throttling policy of an API by specifying the API Id. `X-WSO2-Tenant` header can be used to retrive API subscription throttling policies that belongs to a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. Throttling Policy returned headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string Last-Modified: description: | Date and time the resource has been modifed the last time. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/ThrottlingPolicy' 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: {} 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/apis/268c9e55-3dc1-4f47-82e7-977e5343d077/subscription-policies" /apis/{apiId}/api-keys/generate: post: tags: - APIKeys summary: Generate API Key description: | Generate a self contained API Key for the API operationId: generateApiBoundApiKey parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/If-Match' requestBody: description: | API Key generation request object content: application/json: schema: $ref: '#/components/schemas/APIAPIKeyGenerateRequest' required: true responses: 200: description: | OK. Api key generated. content: application/json: schema: $ref: '#/components/schemas/APIKey' 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage - apim:api_key x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST -d @data.json "https://localhost:9443/api/am/devportal/v3/apis/16cd2684-9657-4a01-a956-4efd89e96077/api-keys/generate"' /apis/{apiId}/api-keys/regenerate: post: tags: - APIKeys summary: Regenerate API Key description: | Regenerate a self contained API Key for the API specified by the key UUID operationId: regenerateAPIBoundAPIKey parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/If-Match' requestBody: description: | API Key renewal request object content: application/json: schema: $ref: '#/components/schemas/APIKeyRenewRequest' required: true responses: 200: description: | OK. Api key regenerated successfully. content: application/json: schema: $ref: '#/components/schemas/APIKey' 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage - apim:api_key x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST -d @data.json "https://localhost:9443/api/am/devportal/v3/apis/16cd2684-9657-4a01-a956-4efd89e96077/api-keys/regenerate"' /apis/{apiId}/api-keys: get: tags: - APIKeys summary: Get API Key(s) of a Given API description: | Retrieve self contained API Key(s) for the API. operationId: getAPIBoundAPIKeys parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. API key(s) of a given API are returned. content: application/json: schema: $ref: '#/components/schemas/APIAPIKeyList' 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage - apim:api_key x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X GET "https://localhost:9443/api/am/devportal/v3/apis/16cd2684-9657-4a01-a956-4efd89e96077/api-keys"' /apis/{apiId}/api-keys/revoke: post: tags: - APIKeys summary: Revoke API Key description: | Revoke a self contained API Key for the API specified by the key UUID operationId: revokeAPIBoundAPIKey parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/If-Match' requestBody: description: | API Key revocation request object content: application/json: schema: $ref: '#/components/schemas/APIAPIKeyRevokeRequest' required: true responses: 200: description: | OK. Api key revoked successfully. content: { } 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage - apim:api_key x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST -d @data.json "https://localhost:9443/api/am/devportal/v3/apis/16cd2684-9657-4a01-a956-4efd89e96077/api-keys/revoke"' /apis/{apiId}/api-keys/associate: post: tags: - APIKeys summary: Create an association for the API Key description: | Create an association for a self contained API Key for the API operationId: associateAPIKey parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/If-Match' requestBody: description: | API Key association request object content: application/json: schema: $ref: '#/components/schemas/APIAPIKeyAssociateRequest' required: true responses: 200: description: | OK. Api key associated successfully. content: application/json: schema: $ref: '#/components/schemas/APIKeyAssociation' 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage - apim:api_key x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST -d @data.json "https://localhost:9443/api/am/devportal/v3/apis/16cd2684-9657-4a01-a956-4efd89e96077/api-keys/associate"' /apis/{apiId}/api-keys/dissociate: post: tags: - APIKeys summary: Remove an Association for the API Key description: | Remove an association a self contained API Key for the API specified by the key UUID operationId: dissociateAPIKey parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/If-Match' requestBody: description: | API Key dissociation request object content: application/json: schema: $ref: '#/components/schemas/APIKeyDissociateRequest' required: true responses: 200: description: | OK. Removed association for the Api key successfully. content: { } 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage - apim:api_key x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST -d @data.json "https://localhost:9443/api/am/devportal/v3/apis/16cd2684-9657-4a01-a956-4efd89e96077/api-keys/dissociate"' /mcp-servers: get: tags: - MCP Servers summary: | Retrieve/Search MCP Servers description: | This operation provides you a list of available MCP servers qualifying under a given search condition. Each retrieved MCP Server is represented with a minimal amount of attributes. If you want to get complete details of a MCP server, you need to use **Get details of a MCP** operation. This operation supports retrieving MCP servers of other tenants. The required tenant domain need to be specified as a header `X-WSO2-Tenant`. If not specified super tenant's MCP servers will be retrieved. If you used an Authorization header, the user's tenant associated with the access token will be used. **NOTE:** * By default, this operation retrieves Published MCP Server. * This operation does not require an Authorization header by default. But if it is provided, it will be validated and checked for permissions of the user, hence you may be able to see APIs which are restricted for special permissions/roles. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/requestedTenant' - name: query in: query description: | **Search condition**. You can search in attributes by using an **":"** modifier. Eg. "provider:wso2" will match an MCP Server if the provider of the MCP Server is exactly "wso2". Additionally you can use wildcards. Eg. "provider:wso2*" will match a MCP Server if the provider of the MCP Server starts with "wso2". Supported attribute modifiers are [**version, context, status, description, doc, provider, tag**] To search by Properties provide the query in below format. **property_name:property_value** Eg. "environment:test" where environment is the property name and test is the propert value. If no advanced attribute modifier has been specified, search will match the given query string against API Name. schema: type: string - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. List of qualifying MCP Servers is returned. content: application/json: schema: $ref: '#/components/schemas/APIList' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [ ] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/mcp-servers" operationId: getAllMCPServers /mcp-servers/{mcpServerId}: get: tags: - MCP Servers summary: | Get Details of a MCP Server description: | Using this operation, you can retrieve complete details of a single MCP Server. You need to provide the Id of the MCP Server to retrieve it. `X-WSO2-Tenant` header can be used to retrieve a MCP Server of a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. **NOTE:** * This operation does not require an Authorization header by default. But if it is provided, it will be validated and checked for permissions of the user, hence you may be able to see APIs which are restricted for special permissions/roles. \n parameters: - $ref: '#/components/parameters/mcpServerId' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. Requested API is returned headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string Last-Modified: description: | Date and time the resource has been modified the last time. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/API' 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: { } 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [ ] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/mcp-servers/c43a325c-260b-4302-81cb-768eafaa3aed" operationId: getMCPServer ###################################################### # The "Document Collection" resource MCP Servers ###################################################### /mcp-servers/{mcpServerId}/documents: get: tags: - MCP Server Documents summary: | Get a List of Documents of a MCP Server description: | This operation can be used to retrieve a list of documents belonging to a MCP Server by providing the id of the MCP Server. `X-WSO2-Tenant` header can be used to retrieve documents of a MCP Server that belongs to a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. **NOTE:** * This operation does not require an Authorization header by default. But in order to see a restricted MCP Server's documents, you need to provide Authorization header. parameters: - $ref: '#/components/parameters/mcpServerId' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. Document list is returned. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/DocumentList' 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: { } 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [ ] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/mcp-servers/c43a325c-260b-4302-81cb-768eafaa3aed/documents" operationId: getMCPServerDocuments ###################################################### # The "Individual Document" resource APIs ###################################################### /mcp-servers/{mcpServerId}/documents/{documentId}: get: tags: - MCP Server Documents summary: | Get a Document of a MCP Server description: | This operation can be used to retrieve a particular document's metadata associated with a MCP Server. `X-WSO2-Tenant` header can be used to retrieve a document of a MCP Server that belongs to a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. **NOTE:** * This operation does not require an Authorization header by default. But in order to see a restricted MCP Server's document, you need to provide Authorization header. parameters: - $ref: '#/components/parameters/mcpServerId' - $ref: '#/components/parameters/documentId' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. Document returned. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/Document' 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: { } 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [ ] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/mcp-servers/c43a325c-260b-4302-81cb-768eafaa3aed/documents/850a4f34-db2c-4d23-9d85-3f95fbfb082c" operationId: getMCPServerDocument /mcp-servers/{mcpServerId}/documents/{documentId}/content: get: tags: - MCP Server Documents summary: | Get the Content of a MCP Server Document description: | This operation can be used to retrieve the content of a MCP Server's document. The document can be of 3 types. In each cases responses are different. 1. **Inline type**: The content of the document will be retrieved in `text/plain` content type 2. **FILE type**: The file will be downloaded with the related content type (eg. `application/pdf`) 3. **URL type**: The client will recieve the URL of the document as the Location header with the response with - `303 See Other` `X-WSO2-Tenant` header can be used to retrieve the content of a document of a MCP Server that belongs to a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. **NOTE:** * This operation does not require an Authorization header by default. But in order to see a restricted MCP Server's document content, you need to provide Authorization header. parameters: - $ref: '#/components/parameters/mcpServerId' - $ref: '#/components/parameters/documentId' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. File or inline content returned. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string Last-Modified: description: | Date and time the resource has been modified the last time. Used by caches, or in conditional requests. schema: type: string content: { } 303: description: | See Other. Source can be retrieved from the URL specified at the Location header. headers: Location: description: | The Source URL of the document. schema: type: string content: { } 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: { } 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [ ] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/mcp-servers/890a4f4d-09eb-4877-a323-57f6ce2ed79b/documents/0bcb7f05-599d-4e1a-adce-5cb89bfe58d5/content" operationId: getMCPServerDocumentContent /mcp-servers/{mcpServerId}/thumbnail: get: tags: - MCP Servers summary: Get Thumbnail Image description: | This operation can be used to download a thumbnail image of a MCP Server. `X-WSO2-Tenant` header can be used to retrieve a thumbnail of a MCP Server that belongs to a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. **NOTE:** * This operation does not require an Authorization header by default. But in order to see a restricted MCP Server's thumbnail, you need to provide Authorization header. parameters: - $ref: '#/components/parameters/mcpServerId' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. Thumbnail image returned headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string Last-Modified: description: | Date and time the resource has been modified the last time. Used by caches, or in conditional requests (Will be supported in future). schema: type: string Content-Type: description: | The content type of the body. schema: type: string content: { } 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: { } 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [ ] x-code-samples: - lang: Curl source: 'curl -k "https://localhost:9443/api/am/devportal/v3/mcp-servers/e93fb282-b456-48fc-8981-003fb89086ae/thumbnail" > image.jpeg' operationId: getMCPServerThumbnail /mcp-servers/{mcpServerId}/ratings: get: tags: - Ratings summary: Retrieve MCP Server Ratings description: | This operation can be used to retrieve the list of ratings of a MCP Server. `X-WSO2-Tenant` header can be used to retrieve ratings of a MCP Server that belongs to a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. parameters: - $ref: '#/components/parameters/mcpServerId' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/requestedTenant' responses: 200: description: | OK. Rating list returned. content: application/json: schema: $ref: '#/components/schemas/RatingList' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [ ] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/mcp-servers/e93fb282-b456-48fc-8981-003fb89086ae/ratings" operationId: getMCPServerRatings /mcp-servers/{mcpServerId}/user-rating: get: tags: - Ratings summary: Retrieve MCP Server Rating of User description: | This operation can be used to get the user rating of a MCP Server. `X-WSO2-Tenant` header can be used to retrieve the logged in user rating of a MCP Server that belongs to a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. parameters: - $ref: '#/components/parameters/mcpServerId' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. Rating returned. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string Last-Modified: description: | Date and time the resource has been modified the last time. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/Rating' 304: description: | Not Modified. Empty body because the client already has the latest version of the requested resource. content: { } 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: - apim:subscribe x-code-samples: - lang: Curl source: curl -k -H "Authorization:Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/mcp-servers/e93fb282-b456-48fc-8981-003fb89086ae/user-rating" operationId: getMCPServerRating put: tags: - Ratings summary: Add or Update Logged in User's Rating for a MCP Server description: | This operation can be used to add or update a MCP Server rating. `X-WSO2-Tenant` header can be used to add or update the logged in user rating of a MCP Server that belongs to a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. parameters: - $ref: '#/components/parameters/mcpServerId' - $ref: '#/components/parameters/requestedTenant' requestBody: description: | Rating object that should to be added content: application/json: schema: $ref: '#/components/schemas/Rating' required: true responses: 200: description: | OK. Successful response with the newly created or updated object as entity in the body. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional request. schema: type: string content: application/json: schema: $ref: '#/components/schemas/Rating' 400: $ref: '#/components/responses/BadRequest' 415: $ref: '#/components/responses/UnsupportedMediaType' security: - OAuth2Security: - apim:subscribe x-code-samples: - lang: Curl source: 'curl -k -X PUT -H "Authorization:Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -d @data.json "https://localhost:9443/api/am/devportal/v3/mcp-servers/e93fb282-b456-48fc-8981-003fb89086ae/user-rating"' operationId: addMCPServerRating delete: tags: - Ratings summary: Delete User MCP Server Rating description: | This operation can be used to delete logged in user MCP Server rating. `X-WSO2-Tenant` header can be used to delete the logged in user rating of a MCP Server that belongs to a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. parameters: - $ref: '#/components/parameters/mcpServerId' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/If-Match' responses: 200: description: | OK. Resource successfully deleted. content: { } security: - OAuth2Security: - apim:subscribe x-code-samples: - lang: Curl source: curl -k -X DELETE -H "Authorization:Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/mcp-servers/e93fb282-b456-48fc-8981-003fb89086ae/user-rating" operationId: deleteMCPServerRating /mcp-servers/{mcpServerId}/comments: get: tags: - Comments summary: Retrieve MCP Server Comments description: | Get a list of Comments that are already added to MCP Servers parameters: - $ref: '#/components/parameters/mcpServerId' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/includeCommenterInfo' responses: 200: description: | OK. Comments list is returned. content: application/json: schema: $ref: '#/components/schemas/CommentList' 404: $ref: '#/components/responses/NotFound' 500: $ref: '#/components/responses/InternalServerError' security: - OAuth2Security: [ ] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/mcp-servers/e93fb282-b456-48fc-8981-003fb89086ae/comments" operationId: getAllCommentsOfMCPServer post: tags: - Comments summary: Add a MCP Server Comment parameters: - $ref: '#/components/parameters/mcpServerId' - $ref: '#/components/parameters/parentCommentId' requestBody: description: | Comment object that should to be added content: application/json: schema: $ref: '#/components/schemas/PostRequestBody' required: true responses: 201: description: | Created. Successful response with the newly created object as entity in the body. Location header contains URL of newly created entity. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional request. schema: type: string Location: description: | Location to the newly created Comment. schema: type: string content: application/json: schema: $ref: '#/components/schemas/Comment' 400: $ref: '#/components/responses/BadRequest' 401: $ref: '#/components/responses/Unauthorized' 404: $ref: '#/components/responses/NotFound' 415: $ref: '#/components/responses/UnsupportedMediaType' 500: $ref: '#/components/responses/InternalServerError' security: - OAuth2Security: - apim:subscribe x-code-samples: - lang: Curl source: 'curl -k -X POST -H "Authorization:Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -d @data.json "https://localhost:9443/api/am/devportal/v3/mcp-servers/e93fb282-b456-48fc-8981-003fb89086ae/comments"' operationId: addCommentToMCPServer /mcp-servers/{mcpServerId}/comments/{commentId}: get: tags: - Comments summary: Get Details of a MCP Server Comment description: | Get the individual comment given by a user for a certain MCP Server. parameters: - $ref: '#/components/parameters/mcpServerId' - $ref: '#/components/parameters/commentId' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/If-None-Match' - $ref: '#/components/parameters/includeCommenterInfo' - $ref: '#/components/parameters/replyLimit' - $ref: '#/components/parameters/replyOffset' responses: 200: description: | OK. Comment returned. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string Last-Modified: description: | Date and time the resource has been modified the last time. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/Comment' 401: $ref: '#/components/responses/Unauthorized' 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' 500: $ref: '#/components/responses/InternalServerError' security: - OAuth2Security: [ ] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/mcp-servers/e93fb282-b456-48fc-8981-003fb89086ae/comments/d4cf1704-5d09-491c-bc48-4d19ce6ea9b4" operationId: getCommentOfMCPServer patch: tags: - Comments summary: Edit a comment description: | Edit the individual comment parameters: - $ref: '#/components/parameters/mcpServerId' - $ref: '#/components/parameters/commentId' requestBody: description: | Comment object that should to be updated content: application/json: schema: $ref: '#/components/schemas/PatchRequestBody' required: true responses: 200: description: | OK. Comment updated. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional request. schema: type: string Location: description: | Location to the newly created Comment. schema: type: string content: application/json: schema: $ref: '#/components/schemas/Comment' 400: $ref: '#/components/responses/BadRequest' 401: $ref: '#/components/responses/Unauthorized' 403: description: | Forbidden. The request must be conditional but no condition has been specified. 404: $ref: '#/components/responses/NotFound' 415: $ref: '#/components/responses/UnsupportedMediaType' 500: $ref: '#/components/responses/InternalServerError' security: - OAuth2Security: - apim:subscribe x-code-samples: - lang: Curl source: 'curl -k -X PATCH -H "Authorization:Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -d @data.json "https://localhost:9443/api/am/devportal/v3/mcp-servers/e93fb282-b456-48fc-8981-003fb89086ae/comments/d4cf1704-5d09-491c-bc48-4d19ce6ea9b4"' operationId: editCommentOfMCPServer delete: tags: - Comments summary: Delete a MCP Server Comment description: | Remove a Comment parameters: - $ref: '#/components/parameters/mcpServerId' - $ref: '#/components/parameters/commentId' - $ref: '#/components/parameters/If-Match' responses: 200: description: | OK. Resource successfully deleted. content: { } 401: $ref: '#/components/responses/Unauthorized' 403: description: | Forbidden. The request must be conditional but no condition has been specified. content: { } 404: $ref: '#/components/responses/NotFound' 405: description: | MethodNotAllowed. Request method is known by the server but is not supported by the target resource. content: { } 500: $ref: '#/components/responses/InternalServerError' security: - OAuth2Security: - apim:subscribe - apim:admin # special scope added to moderate comments x-code-samples: - lang: Curl source: curl -k -X DELETE -H "Authorization:Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/mcp-servers/e93fb282-b456-48fc-8981-003fb89086ae/comments/d4cf1704-5d09-491c-bc48-4d19ce6ea9b4" operationId: deleteCommentOfMCPServer /mcp-servers/{mcpServerId}/comments/{commentId}/replies: get: tags: - Comments summary: Get replies of a comment description: | Get replies of a comment parameters: - $ref: '#/components/parameters/mcpServerId' - $ref: '#/components/parameters/commentId' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/If-None-Match' - $ref: '#/components/parameters/includeCommenterInfo' responses: 200: description: | OK. Comment returned. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string Last-Modified: description: | Date and time the resource has been modified the last time. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/CommentList' 401: $ref: '#/components/responses/Unauthorized' 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' 500: $ref: '#/components/responses/InternalServerError' security: - OAuth2Security: [ ] x-code-samples: - lang: Curl source: curl -k -H "Authorization:Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/mcp-servers/e93fb282-b456-48fc-8981-003fb89086ae/comments/d4cf1704-5d09-491c-bc48-4d19ce6ea9b4/replies" operationId: getRepliesOfCommentOfMCPServer /mcp-servers/{mcpServerId}/subscription-policies: get: tags: - MCP Servers summary: | Get Details of the Subscription Throttling Policies of a MCP Server description: | This operation can be used to retrieve details of the subscription throttling policy of a MCP Server by specifying the MCP Server Id. `X-WSO2-Tenant` header can be used to retrieve MCP Server subscription throttling policies that belongs to a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. parameters: - $ref: '#/components/parameters/mcpServerId' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. Throttling Policy returned headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string Last-Modified: description: | Date and time the resource has been modified the last time. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/ThrottlingPolicy' 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: { } 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [ ] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/mcp-servers/268c9e55-3dc1-4f47-82e7-977e5343d077/subscription-policies" operationId: getMCPServerSubscriptionPolicies ###################################################### # The "Application Collection" resource APIs ###################################################### /applications: get: tags: - Applications summary: | Retrieve/Search Applications description: | This operation can be used to retrieve list of applications that is belonged to the user associated with the provided access token. parameters: - $ref: '#/components/parameters/groupId' - name: query in: query description: | **Search condition**. You can search for an application by specifying the name as "query" attribute. Eg. "app1" will match an application if the name is exactly "app1". Currently this does not support wildcards. Given name must exactly match the application name. schema: type: string - name: sortBy in: query schema: type: string enum: - name - throttlingPolicy - status - name: sortOrder in: query schema: type: string enum: - asc - desc - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. Application list returned. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/ApplicationList' 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: {} 400: $ref: '#/components/responses/BadRequest' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: - apim:subscribe - apim:app_manage - apim:app_import_export x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/applications?query=CalculatorApp"' post: tags: - Applications summary: | Create a New Application description: | This operation can be used to create a new application specifying the details of the application in the payload. requestBody: description: | Application object that is to be created. content: application/json: schema: $ref: '#/components/schemas/Application' required: true responses: 201: description: | Created. Successful response with the newly created object as entity in the body. Location header contains URL of newly created entity. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional request schema: type: string Location: description: | Location of the newly created Application. schema: type: string content: application/json: schema: $ref: '#/components/schemas/Application' 202: description: | Accepted. The request has been accepted. headers: Location: description: | Location of the newly created Application. schema: type: string content: application/json: schema: $ref: '#/components/schemas/WorkflowResponse' 400: $ref: '#/components/responses/BadRequest' 409: $ref: '#/components/responses/Conflict' 415: $ref: '#/components/responses/UnsupportedMediaType' security: - OAuth2Security: - apim:subscribe - apim:app_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST -d @data.json "https://localhost:9443/api/am/devportal/v3/applications"' ###################################################### # The "Individual Application" resource APIs ###################################################### /applications/{applicationId}: get: tags: - Applications summary: | Get Details of an Application description: | This operation can be used to retrieve details of an individual application specifying the application id in the URI. parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/If-None-Match' - $ref: '#/components/parameters/requestedTenant' responses: 200: description: | OK. Application returned. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string Last-Modified: description: | Date and time the resource has been modifed the last time. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/Application' 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: {} 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: - apim:subscribe - apim:app_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/applications/896658a0-b4ee-4535-bbfa-806c894a4015"' put: tags: - Applications summary: | Update an Application description: | This operation can be used to update an application. Upon succesfull you will retrieve the updated application as the response. parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/If-Match' requestBody: description: | Application object that needs to be updated content: application/json: schema: $ref: '#/components/schemas/Application' required: true responses: 200: description: | OK. Application updated. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional request. schema: type: string Last-Modified: description: | Date and time the resource has been modifed the last time. Used by caches, or in conditional requests. schema: type: string Location: description: | The URL of the newly created resource. schema: type: string content: application/json: schema: $ref: '#/components/schemas/Application' 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X PUT -d @data.json "https://localhost:9443/api/am/devportal/v3/applications/896658a0-b4ee-4535-bbfa-806c894a4015"' delete: tags: - Applications summary: | Remove an Application description: | This operation can be used to remove an application specifying its id. parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/If-Match' responses: 200: description: | OK. Resource successfully deleted. content: {} 202: description: | Accepted. The request has been accepted. headers: Location: description: | Location of the existing Application. schema: type: string content: application/json: schema: $ref: '#/components/schemas/WorkflowResponse' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage - apim:app_import_export x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -X DELETE "https://localhost:9443/api/am/devportal/v3/applications/896658a0-b4ee-4535-bbfa-806c894a4015"' /applications/{applicationId}/generate-keys: post: tags: - Application Keys summary: Generate Application Keys description: | Generate keys (Consumer key/secret) for application parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/requestedTenant' requestBody: description: | Application key generation request object content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyGenerateRequest' required: true responses: 200: description: | OK. Keys are generated. content: application/json: schema: $ref: '#/components/schemas/ApplicationKey' 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST -d @data.json "https://localhost:9443/api/am/devportal/v3/applications/896658a0-b4ee-4535-bbfa-806c894a4015/generate-keys"' /applications/{applicationId}/map-keys: post: tags: - Application Keys summary: Map Application Keys description: | Map keys (Consumer key/secret) to an application parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/requestedTenant' requestBody: description: | Application key mapping request object content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyMappingRequest' required: true responses: 200: description: | OK. Keys are mapped. content: application/json: schema: $ref: '#/components/schemas/ApplicationKey' 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST -d @data.json "https://localhost:9443/api/am/devportal/v3/applications/896658a0-b4ee-4535-bbfa-806c894a4015/map-keys"' /applications/{applicationId}/keys: get: tags: - Application Keys summary: Retrieve All Application Keys description: | Retrieve keys (Consumer key/secret) of application parameters: - $ref: '#/components/parameters/applicationId' responses: 200: description: | OK. Keys are returned. content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyList' 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' deprecated: true security: - OAuth2Security: - apim:subscribe - apim:app_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/applications/896658a0-b4ee-4535-bbfa-806c894a4015/keys"' /applications/{applicationId}/keys/{keyType}: get: tags: - Application Keys summary: | Get Key Details of a Given Type description: | This operation can be used to retrieve key details of an individual application specifying the key type in the URI. parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/keyType' - $ref: '#/components/parameters/groupId' responses: 200: description: | OK. Keys of given type are returned. content: application/json: schema: $ref: '#/components/schemas/ApplicationKey' 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' deprecated: true security: - OAuth2Security: - apim:subscribe - apim:app_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/applications/896658a0-b4ee-4535-bbfa-806c894a4015/keys/PRODUCTION"' put: tags: - Application Keys summary: | Update Grant Types and Callback Url of an Application description: | This operation can be used to update grant types and callback url of an application. (Consumer Key and Consumer Secret are ignored) Upon succesfull you will retrieve the updated key details as the response. parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/keyType' requestBody: description: | Grant types/Callback URL update request object content: application/json: schema: $ref: '#/components/schemas/ApplicationKey' required: true responses: 200: description: | Ok. Grant types or/and callback url is/are updated. content: application/json: schema: $ref: '#/components/schemas/ApplicationKey' 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' deprecated: true security: - OAuth2Security: - apim:subscribe - apim:app_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X PUT -d @data.json "https://localhost:9443/api/am/devportal/v3/applications/896658a0-b4ee-4535-bbfa-806c894a4015/keys/PRODUCTION"' /applications/{applicationId}/keys/{keyType}/regenerate-secret: post: tags: - Application Keys summary: | Re-Generate Consumer Secret description: | This operation can be used to re generate consumer secret for an application for the give key type parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/keyType' responses: 200: description: | OK. Keys are re generated. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests (Will be supported in future). schema: type: string Last-Modified: description: | Date and time the resource has been modifed the last time. Used by caches, or in conditional requests (Will be supported in future).‚ schema: type: string Content-Type: description: | The content type of the body. schema: type: string content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyReGenerateResponse' 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' deprecated: true security: - OAuth2Security: - apim:subscribe - apim:app_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST "https://localhost:9443/api/am/devportal/v3/applications/896658a0-b4ee-4535-bbfa-806c894a4015/keys/PRODUCTION/regenerate-secret"' /applications/{applicationId}/keys/{keyType}/clean-up: post: tags: - Application Keys summary: Clean-Up Application Keys description: | Clean up keys after failed key generation of an application parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/keyType' - $ref: '#/components/parameters/If-Match' responses: 200: description: | OK. Clean up is performed content: {} 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' deprecated: true security: - OAuth2Security: - apim:subscribe - apim:app_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST "https://localhost:9443/api/am/devportal/v3/applications/896658a0-b4ee-4535-bbfa-806c894a4015/keys/PRODUCTION/clean-up"' /applications/{applicationId}/keys/{keyType}/generate-token: post: tags: - Application Tokens summary: Generate Application Token description: | Generate an access token for application by client_credentials grant type parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/keyType' - $ref: '#/components/parameters/If-Match' requestBody: description: | Application token generation request object content: application/json: schema: $ref: '#/components/schemas/ApplicationTokenGenerateRequest' required: true responses: 200: description: | OK. Token is generated. content: application/json: schema: $ref: '#/components/schemas/ApplicationToken' 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' deprecated: true security: - OAuth2Security: - apim:subscribe - apim:app_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST -d @data.json "https://localhost:9443/api/am/devportal/v3/applications/16cd2684-9657-4a01-a956-4efd89e96077/keys/PRODUCTION/generate-token"' /applications/{applicationId}/oauth-keys: get: tags: - Application Keys summary: Retrieve All Application Keys description: | Retrieve keys (Consumer key/secret) of application parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/requestedTenant' responses: 200: description: | OK. Keys are returned. content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyList' 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/applications/16cd2684-9657-4a01-a956-4efd89e96077/oauth-keys"' /applications/{applicationId}/oauth-keys/{keyMappingId}: get: tags: - Application Keys summary: | Get Key Details of a Given Type description: | This operation can be used to retrieve key details of an individual application specifying the key type in the URI. parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/keyMappingId' - $ref: '#/components/parameters/groupId' responses: 200: description: | OK. Keys of given type are returned. content: application/json: schema: $ref: '#/components/schemas/ApplicationKey' 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/applications/16cd2684-9657-4a01-a956-4efd89e96077/oauth-keys/df972173-c957-46d4-96ac-99be8e303584"' put: tags: - Application Keys summary: | Update Grant Types and Callback URL of an Application description: | This operation can be used to update grant types and callback url of an application. (Consumer Key and Consumer Secret are ignored) Upon succesfull you will retrieve the updated key details as the response. parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/keyMappingId' requestBody: description: | Grant types/Callback URL update request object content: application/json: schema: $ref: '#/components/schemas/ApplicationKey' required: true responses: 200: description: | Ok. Grant types or/and callback url is/are updated. content: application/json: schema: $ref: '#/components/schemas/ApplicationKey' 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X PUT -d @data.json "https://localhost:9443/api/am/devportal/v3/applications/16cd2684-9657-4a01-a956-4efd89e96077/oauth-keys/df972173-c957-46d4-96ac-99be8e303584"' delete: tags: - Application Keys summary: Remove Generated Application Keys description: | Remove generated application keys from dev portal rest api parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/keyMappingId' - $ref: '#/components/parameters/requestedTenant' responses: 200: description: | OK. Key removed successfully. content: { } 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X DELETE "https://localhost:9443/api/am/devportal/v3/applications/16cd2684-9657-4a01-a956-4efd89e96077/oauth-keys/df972173-c957-46d4-96ac-99be8e303584"' /applications/{applicationId}/oauth-keys/{keyMappingId}/regenerate-secret: post: tags: - Application Keys summary: | Re-Generate Consumer Secret description: | This operation can be used to re generate consumer secret for an application for the give key type parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/keyMappingId' responses: 200: description: | OK. Keys are re generated. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests (Will be supported in future). schema: type: string Last-Modified: description: | Date and time the resource has been modifed the last time. Used by caches, or in conditional requests (Will be supported in future).‚ schema: type: string Content-Type: description: | The content type of the body. schema: type: string content: application/json: schema: $ref: '#/components/schemas/ApplicationKeyReGenerateResponse' 400: $ref: '#/components/responses/BadRequest' 403: $ref: '#/components/responses/Forbidden' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST "https://localhost:9443/api/am/devportal/v3/applications/16cd2684-9657-4a01-a956-4efd89e96077/oauth-keys/df972173-c957-46d4-96ac-99be8e303584/regenerate-secret"' /applications/{applicationId}/oauth-keys/{keyMappingId}/clean-up: post: tags: - Application Keys summary: Clean-Up Application Keys description: | Clean up keys after failed key generation of an application parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/keyMappingId' - $ref: '#/components/parameters/If-Match' responses: 200: description: | OK. Clean up is performed content: {} 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST "https://localhost:9443/api/am/devportal/v3/applications/16cd2684-9657-4a01-a956-4efd89e96077/oauth-keys/df972173-c957-46d4-96ac-99be8e303584/clean-up"' /applications/{applicationId}/oauth-keys/{keyMappingId}/generate-token: post: tags: - Application Tokens summary: Generate Application Token description: | Generate an access token for application by client_credentials grant type parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/keyMappingId' - $ref: '#/components/parameters/If-Match' requestBody: description: | Application token generation request object content: application/json: schema: $ref: '#/components/schemas/ApplicationTokenGenerateRequest' required: true responses: 200: description: | OK. Token is generated. content: application/json: schema: $ref: '#/components/schemas/ApplicationToken' 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST -d @data.json "https://localhost:9443/api/am/devportal/v3/applications/16cd2684-9657-4a01-a956-4efd89e96077/oauth-keys/{keyMappingId}/generate-token"' /applications/{applicationId}/oauth-keys/{keyMappingId}/generate-secret: post: tags: - Application Secrets summary: | Generate a New Consumer Secret description: | This operation can be used to generate a new consumer secret for an application for the given key type operationId: generateConsumerSecret parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/keyMappingId' requestBody: description: | Request payload containing details for creating a new consumer secret content: application/json: schema: $ref: '#/components/schemas/ConsumerSecretCreationRequest' required: true responses: 201: description: | Created. Successful response with the newly created object as entity in the body. Location header contains URL of newly created entity. headers: Location: description: | Location to the newly created secret entity. schema: type: string Content-Type: description: | The content type of the body. schema: type: string content: application/json: schema: $ref: '#/components/schemas/ConsumerSecret' 400: $ref: '#/components/responses/BadRequest' 401: $ref: '#/components/responses/Unauthorized' 403: $ref: '#/components/responses/Forbidden' 500: $ref: '#/components/responses/InternalServerError' security: - OAuth2Security: - apim:subscribe - apim:app_manage x-code-samples: - lang: Curl source: | curl -k \ -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" \ -H "Content-Type: application/json" \ -X POST \ -d '{"additionalProperties":{"description":"pizza application secret7","expiresIn":86400}}' \ "https://localhost:9443/api/am/devportal/v3/applications/16cd2684-9657-4a01-a956-4efd89e96077/oauth-keys/df972173-c957-46d4-96ac-99be8e303584/generate-secret" /applications/{applicationId}/oauth-keys/{keyMappingId}/secrets: get: tags: - Application Secrets summary: | Retrieve Consumer Secrets description: | This operation can be used to retrieve consumer secrets of an application for the given key type operationId: getConsumerSecrets parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/keyMappingId' responses: 200: description: | OK. Consumer secrets are retrieved. headers: Content-Type: description: | The content type of the body. schema: type: string content: application/json: schema: $ref: '#/components/schemas/ConsumerSecretList' 400: $ref: '#/components/responses/BadRequest' 401: $ref: '#/components/responses/Unauthorized' 403: $ref: '#/components/responses/Forbidden' 404: $ref: '#/components/responses/NotFound' 500: $ref: '#/components/responses/InternalServerError' security: - OAuth2Security: - apim:subscribe - apim:app_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X GET "https://localhost:9443/api/am/devportal/v3/applications/16cd2684-9657-4a01-a956-4efd89e96077/oauth-keys/df972173-c957-46d4-96ac-99be8e303584/secrets"' /applications/{applicationId}/oauth-keys/{keyMappingId}/revoke-secret: post: tags: - Application Secrets summary: | Revoke a Consumer Secret description: | This operation can be used to revoke a consumer secret for an application for the give key type operationId: revokeConsumerSecret parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/keyMappingId' requestBody: description: | Request payload containing details for revoking a new consumer secret content: application/json: schema: $ref: '#/components/schemas/ConsumerSecretDeletionRequest' required: true responses: 204: description: | OK. Consumer secret deleted. content: { } 400: $ref: '#/components/responses/BadRequest' 401: $ref: '#/components/responses/Unauthorized' 403: $ref: '#/components/responses/Forbidden' 404: $ref: '#/components/responses/NotFound' 500: $ref: '#/components/responses/InternalServerError' security: - OAuth2Security: - apim:subscribe - apim:app_manage x-code-samples: - lang: Curl source: | curl -k \ -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" \ -H "Content-Type: application/json" \ -X POST \ -d '{"secretId":"sec_123456"}' \ "https://localhost:9443/api/am/devportal/v3/applications/16cd2684-9657-4a01-a956-4efd89e96077/oauth-keys/df972173-c957-46d4-96ac-99be8e303584/revoke-secret" /applications/{applicationId}/api-keys/{keyType}/generate: post: tags: - APIKeys summary: Generate API Key description: | Generate a self contained API Key for the application operationId: applicationsApplicationIdApiKeysKeyTypeGeneratePost parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/keyType' - $ref: '#/components/parameters/If-Match' requestBody: description: | API Key generation request object content: application/json: schema: $ref: '#/components/schemas/APIKeyGenerateRequest' required: false responses: 200: description: | OK. Api key generated. content: application/json: schema: $ref: '#/components/schemas/APIKey' 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage - apim:api_key x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST -d @data.json "https://localhost:9443/api/am/devportal/v3/applications/16cd2684-9657-4a01-a956-4efd89e96077/api-keys/PRODUCTION/generate"' /applications/{applicationId}/api-keys/{keyType}/regenerate: post: tags: - APIKeys summary: Regenerate API Key description: | Regenerate a self contained API Key for the application specified by the key UUID operationId: regenerateAppBoundAPIKey parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/keyType' - $ref: '#/components/parameters/If-Match' requestBody: description: | API Key renewal request object content: application/json: schema: $ref: '#/components/schemas/APIKeyRenewRequest' required: true responses: 200: description: | OK. Api key regenerated successfully. content: application/json: schema: $ref: '#/components/schemas/APIKey' 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage - apim:api_key x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST -d @data.json "https://localhost:9443/api/am/devportal/v3/applications/16cd2684-9657-4a01-a956-4efd89e96077/api-keys/PRODUCTION/regenerate"' /applications/{applicationId}/api-keys/{keyType}: get: tags: - APIKeys summary: Get API Key(s) of a Given Type description: | Retrieve self contained API Key(s) for the application specifying the key type in the URI. operationId: getAppBoundAPIKeys parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/keyType' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. API key(s) of given type are returned. content: application/json: schema: $ref: '#/components/schemas/APIKeyList' 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage - apim:api_key x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X GET "https://localhost:9443/api/am/devportal/v3/applications/16cd2684-9657-4a01-a956-4efd89e96077/api-keys/PRODUCTION"' /applications/{applicationId}/api-keys/{keyType}/revoke: post: tags: - APIKeys summary: Revoke API Key description: | Revoke a self contained API Key for the application operationId: applicationsApplicationIdApiKeysKeyTypeRevokePost parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/keyType' - $ref: '#/components/parameters/If-Match' requestBody: description: | API Key revoke request object content: application/json: schema: $ref: '#/components/schemas/APIKeyRevokeRequest' required: true responses: 200: description: | OK. Api key revoked successfully. content: {} 400: $ref: '#/components/responses/BadRequest' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage - apim:api_key x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST -d @data.json "https://localhost:9443/api/am/devportal/v3/applications/16cd2684-9657-4a01-a956-4efd89e96077/api-keys/PRODUCTION/revoke"' /applications/{applicationId}/api-keys/{keyType}/subscriptions: get: tags: - APIKeys summary: Get Subscribed APIs with API Key(s) of a Given Type description: | Retrieve subscribed APIs with non-associated API Key(s) for the application specifying the key type in the URI. operationId: getSubscribedAPIsWithAPIKeys parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/keyType' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. Subscribed APIs along with the non-associated API key(s) of given type are returned. content: application/json: schema: $ref: '#/components/schemas/SubscribedAPIWithApiKeyList' 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage - apim:api_key x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X GET "https://localhost:9443/api/am/devportal/v3/applications/16cd2684-9657-4a01-a956-4efd89e96077/api-keys/PRODUCTION/subscriptions"' /applications/{applicationId}/api-keys/{keyType}/associate: post: tags: - APIKeys summary: Associate an API Key to the Application description: | Create an association to a self contained API Key for the application operationId: associateAPIKeyToApp parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/keyType' - $ref: '#/components/parameters/If-Match' requestBody: description: | API Key association request object content: application/json: schema: $ref: '#/components/schemas/AppAPIKeyAssociateRequest' required: true responses: 200: description: | OK. Api key associated successfully. content: application/json: schema: $ref: '#/components/schemas/APIKeyAssociation' 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage - apim:api_key x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST -d @data.json "https://localhost:9443/api/am/devportal/v3/applications/16cd2684-9657-4a01-a956-4efd89e96077/api-keys/PRODUCTION/associate"' /applications/{applicationId}/api-keys/{keyType}/dissociate: post: tags: - APIKeys summary: Remove the association of the API Key to the Application description: | Remove the association to a self contained API Key for the application operationId: dissociateAPIKeyFromApp parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/keyType' - $ref: '#/components/parameters/If-Match' requestBody: description: | API Key dissociation request object content: application/json: schema: $ref: '#/components/schemas/APIKeyDissociateRequest' required: true responses: 200: description: | OK. Removed association for the API key successfully. content: { } 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage - apim:api_key x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST -d @data.json "https://localhost:9443/api/am/devportal/v3/applications/16cd2684-9657-4a01-a956-4efd89e96077/api-keys/PRODUCTION/dissociate"' /applications/{applicationId}/api-keys/{keyType}/associations: get: tags: - APIKeys summary: Get API Key associations of a Given Type description: | Retrieve API key associations for the application specifying the key type in the URI. operationId: getAPIKeyAssociationsForApp parameters: - $ref: '#/components/parameters/applicationId' - $ref: '#/components/parameters/keyType' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. API key associations of given type are returned. content: application/json: schema: $ref: '#/components/schemas/APIKeyAssociationList' 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:app_manage - apim:api_key x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X GET "https://localhost:9443/api/am/devportal/v3/applications/16cd2684-9657-4a01-a956-4efd89e96077/api-keys/PRODUCTION/associations"' /applications/export: get: tags: - Import Export summary: Export an Application description: | This operation can be used to export the details of a particular application as a zip file. parameters: - name: appName in: query description: | Application Name required: true schema: type: string - name: appOwner in: query description: | Owner of the Application required: true schema: type: string - name: withKeys in: query description: | Export application keys schema: type: boolean - name: format in: query description: | Format of output documents. Can be YAML or JSON. schema: type: string enum: - JSON - YAML responses: 200: description: | OK. Export Successful. headers: Content-Type: description: | The content type of the body. schema: type: string content: application/zip: schema: type: string format: binary 400: $ref: '#/components/responses/BadRequest' 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: - apim:app_import_export x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/applications/export?appName=sampleApp&appOwner=admin&withKeys=true" > exportedApplication.zip' /applications/import: post: tags: - Import Export summary: Import an Application description: | This operation can be used to import an application. parameters: - name: preserveOwner in: query description: | Preserve Original Creator of the Application schema: type: boolean - name: skipSubscriptions in: query description: | Skip importing Subscriptions of the Application schema: type: boolean - name: appOwner in: query description: | Expected Owner of the Application in the Import Environment schema: type: string - name: skipApplicationKeys in: query description: | Skip importing Keys of the Application schema: type: boolean - name: update in: query description: | Update if application exists schema: type: boolean - name: ignoreTier in: query description: | Ignore tier and proceed with subscribed APIs schema: type: boolean requestBody: content: multipart/form-data: schema: required: - file properties: file: type: string description: | Zip archive consisting of exported Application Configuration. format: binary required: true responses: 200: description: | OK. Successful response with the updated object information as entity in the body. headers: Content-Type: description: | The content type of the body. schema: type: string content: application/json: schema: $ref: '#/components/schemas/ApplicationInfo' 207: description: | Multi Status. Partially successful response with skipped APIs information object as entity in the body. content: application/json: schema: $ref: '#/components/schemas/APIInfoList' 400: $ref: '#/components/responses/BadRequest' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: - apim:app_import_export x-code-samples: - lang: Curl source: 'curl -k -X POST -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -F file=@exportedApplication.zip "https://127.0.0.1:9443/api/am/devportal/v3/applications/import?preserveOwner=true&skipSubscriptions=false&appOwner=admin&skipApplicationKeys=false&update=true"' ###################################################### # The "Subscription Collection" resource APIs ###################################################### /subscriptions: get: tags: - Subscriptions summary: | Get All Subscriptions description: | This operation can be used to retrieve a list of subscriptions of the user associated with the provided access token. This operation is capable of 1. Retrieving applications which are subscribed to a specific API. `GET https://localhost:9443/api/am/devportal/v3/subscriptions?apiId=c43a325c-260b-4302-81cb-768eafaa3aed` 2. Retrieving APIs which are subscribed by a specific application. `GET https://localhost:9443/api/am/devportal/v3/subscriptions?applicationId=c43a325c-260b-4302-81cb-768eafaa3aed` If application sharing is enabled, the **groupId** can be used to include subscriptions associated with the specified **groupId** in the results, provided the application is shared within the group. **IMPORTANT:** * It is mandatory to provide either **apiId** or **applicationId**. parameters: - $ref: '#/components/parameters/apiId-Q' - $ref: '#/components/parameters/applicationId-Q' - $ref: '#/components/parameters/groupId' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. Subscription list returned. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/SubscriptionList' 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: {} 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: - apim:subscribe - apim:sub_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/subscriptions?apiId=02e658e7-71c7-4b1d-a623-be145b789340"' post: tags: - Subscriptions summary: | Add a New Subscription description: | This operation can be used to add a new subscription providing the id of the API and the application. parameters: - $ref: '#/components/parameters/requestedTenant' requestBody: description: | Subscription object that should to be added content: application/json: schema: $ref: '#/components/schemas/Subscription' example: applicationId: bbcc3be9-e29c-4ba2-a756-d922a5bd6c4d apiId: abcff4cf-24c5-4298-a7b4-39a1fbd34693 throttlingPolicy: Unlimited required: true responses: 201: description: | Created. Successful response with the newly created object as entity in the body. Location header contains URL of newly created entity. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional request. schema: type: string Location: description: | Location to the newly created subscription. schema: type: string content: application/json: schema: $ref: '#/components/schemas/Subscription' 202: description: | Accepted. The request has been accepted. headers: Location: description: | Location of the newly created subscription. schema: type: string content: application/json: schema: $ref: '#/components/schemas/WorkflowResponse' 400: $ref: '#/components/responses/BadRequest' 415: $ref: '#/components/responses/UnsupportedMediaType' security: - OAuth2Security: - apim:subscribe - apim:sub_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST -d @data.json "https://localhost:9443/api/am/devportal/v3/subscriptions"' /subscriptions/multiple: post: tags: - Subscriptions summary: | Add New Subscriptions description: | This operation can be used to add a new subscriptions providing the ids of the APIs and the applications. parameters: - $ref: '#/components/parameters/requestedTenant' requestBody: description: | Subscription objects that should to be added content: application/json: schema: type: array items: $ref: '#/components/schemas/Subscription' example: - applicationId: bbcc3be9-e29c-4ba2-a756-d922a5bd6c4d apiId: abcff4cf-24c5-4298-a7b4-39a1fbd34693 throttlingPolicy: Unlimited - applicationId: 67543be9-e29c-4ba2-7856-d922a5bd6c4d apiId: abcff4cf-24c5-4298-a7b4-39a1f7896693 throttlingPolicy: Bronze required: true responses: 200: description: | OK. Successful response with the newly created objects as entity in the body. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests (Will be supported in future). schema: type: string Content-Type: description: | The content type of the body. schema: type: string content: application/json: schema: type: array items: $ref: '#/components/schemas/Subscription' 400: $ref: '#/components/responses/BadRequest' 415: $ref: '#/components/responses/UnsupportedMediaType' security: - OAuth2Security: - apim:subscribe - apim:sub_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST -d @data.json "https://localhost:9443/api/am/devportal/v3/subscriptions/multiple"' ###################################################### # The "Subscriptions related to API" resource API ###################################################### /subscriptions/{apiId}/additionalInfo: get: tags: - Subscriptions summary: Get Additional Information of subscriptions attached to an API. description: | This operation can be used to retrieve all additional Information of subscriptions attached to an API by providing the API id. operationId: getAdditionalInfoOfAPISubscriptions parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/groupId' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. Types and fields returned successfully. headers: Content-Type: description: | The content of the body. schema: type: string default: application/json content: application/json: schema: $ref: '#/components/schemas/AdditionalSubscriptionInfoList' 404: description: | Not Found. Retrieving types and fields failed. content: {} security: - OAuth2Security: [] x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/subscriptions/e93fb282-b456-48fc-8981-003fb89086ae/additionalInfo"' ###################################################### # The "Individual Subscription" resource APIs ###################################################### /subscriptions/{subscriptionId}: get: tags: - Subscriptions summary: | Get Details of a Subscription description: | This operation can be used to get details of a single subscription. parameters: - $ref: '#/components/parameters/subscriptionId' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. Subscription returned headers: ETag: description: Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string Last-Modified: description: Date and time the resource has been modifed the last time. Used by caches, or in conditional reuquests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/Subscription' 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: {} 404: $ref: '#/components/responses/NotFound' security: - OAuth2Security: - apim:subscribe - apim:sub_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/subscriptions/5b65808c-cdf2-43e1-a695-de63e3ad0ae9"' put: tags: - Subscriptions summary: | Update Existing Subscription description: | This operation can be used to update a subscription providing the subscription id, api id, application Id, status and updated throttling policy tier. parameters: - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/subscriptionId' requestBody: description: | Subscription object that should to be added content: application/json: schema: $ref: '#/components/schemas/Subscription' required: true responses: 200: description: | Subscription Updated. Successful response with the updated object as entity in the body. Location header contains URL of newly updates entity. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional request. schema: type: string Location: description: | Location to the updated subscription. schema: type: string content: application/json: schema: $ref: '#/components/schemas/Subscription' 202: description: | Accepted. The request has been accepted. headers: Location: description: | Location of the updated subscription. schema: type: string content: application/json: schema: $ref: '#/components/schemas/WorkflowResponse' 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: {} 400: $ref: '#/components/responses/BadRequest' 404: description: | Not Found. Requested Subscription does not exist. content: {} 415: description: | Unsupported media type. The entity of the request was in a not supported format. content: {} security: - OAuth2Security: - apim:subscribe - apim:sub_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X PUT -d @data.json "https://localhost:9443/api/am/devportal/v3/subscriptions/80369180-7d90-4ee8-99a1-19fa68512aa5"' delete: tags: - Subscriptions summary: | Remove a Subscription description: | This operation can be used to remove a subscription. parameters: - $ref: '#/components/parameters/subscriptionId' - $ref: '#/components/parameters/If-Match' responses: 200: description: | OK. Resource successfully deleted. content: {} 202: description: | Accepted. The request has been accepted. headers: Location: description: | Location of the existing subscription. schema: type: string content: application/json: schema: $ref: '#/components/schemas/WorkflowResponse' 404: $ref: '#/components/responses/NotFound' 412: $ref: '#/components/responses/PreconditionFailed' security: - OAuth2Security: - apim:subscribe - apim:sub_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X DELETE "https://localhost:9443/api/am/devportal/v3/subscriptions/80369180-7d90-4ee8-99a1-19fa68512aa5"' /subscriptions/{subscriptionId}/usage: get: tags: - API Monetization summary: Get Details of a Pending Invoice for a Monetized Subscription with Metered Billing. description: | This operation can be used to get details of a pending invoice for a monetized subscription with metered billing. parameters: - $ref: '#/components/parameters/subscriptionId' responses: 200: description: | OK. Details of a pending invoice returned. headers: ETag: description: Entity Tag of the response resource. Used by caches, or in conditional requests (Will be supported in future). schema: type: string Last-Modified: description: Date and time the resource has been modified the last time. Used by caches, or in conditional requests (Will be supported in future). schema: type: string Content-Type: description: The content type of the body. schema: type: string content: application/json: schema: $ref: '#/components/schemas/APIMonetizationUsage' 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource (Will be supported in future). content: {} 404: $ref: '#/components/responses/NotFound' security: - OAuth2Security: - apim:subscribe - apim:sub_manage x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/subscriptions/5b65808c-cdf2-43e1-a695-de63e3ad0ae9/usage"' ###################################################### # The "Throttling Policy Collection" resource APIs ###################################################### /throttling-policies/{policyLevel}: get: tags: - Throttling Policies summary: Get All Available Throttling Policies description: | This operation can be used to get all available application or subscription level throttling policies parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/policyLevel' - $ref: '#/components/parameters/If-None-Match' - $ref: '#/components/parameters/requestedTenant' responses: 200: description: | OK. List of throttling policies returned. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/ThrottlingPolicyList' 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: {} 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/throttling-policies/application" ###################################################### # The "Individual Throttling Policy" resource APIs ###################################################### /throttling-policies/{policyLevel}/{policyId}: get: tags: - Throttling Policies summary: | Get Details of a Throttling Policy description: | This operation can be used to retrieve details of a single throttling policy by specifying the policy level and policy name. `X-WSO2-Tenant` header can be used to retrive throttling policy that belongs to a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. parameters: - $ref: '#/components/parameters/policyId' - $ref: '#/components/parameters/policyLevel' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. Throttling Policy returned headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string Last-Modified: description: | Date and time the resource has been modifed the last time. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/ThrottlingPolicy' 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: {} 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/throttling-policies/application/10PerMin" ###################################################### # The "Throttling Policy Reset" resource APIs ###################################################### /applications/{applicationId}/reset-throttle-policy: post: tags: - Applications summary: Reset Application-Level Throttle Policy description: | This operation can be used to reset the application-level throttle policy for a specific user. parameters: - $ref: '#/components/parameters/applicationId' requestBody: description: | Payload for which the application-level throttle policy needs to be reset content: application/json: schema: $ref: '#/components/schemas/ApplicationThrottleReset' required: true responses: 200: description: OK. Application-level throttle policy reset successfully content: {} 400: $ref: '#/components/responses/BadRequest' 401: $ref: '#/components/responses/Unauthorized' 403: description: | Forbidden. The request must be conditional but no condition has been specified. content: { } 404: $ref: '#/components/responses/NotFound' 500: $ref: '#/components/responses/InternalServerError' security: - OAuth2Security: - apim:app_manage - apim:subscribe x-code-samples: - lang: Curl source: 'curl -k \ -H "Authorization: Bearer 80249337-fe7c-3c66-bde6-ed431c144372" \ -H "Content-Type: application/json" -X POST \ -d @payload.json \ "https://localhost:9443/api/am/devportal/v3/application/37dd21cc-631e-4c73-bf73-c59cc7087a63/reset-throttle-policy"' ###################################################### # The "Tag Collection" resource API ###################################################### /tags: get: tags: - Tags summary: | Get All Tags description: | This operation can be used to retrieve a list of tags that are already added to APIs. `X-WSO2-Tenant` header can be used to retrive tags that belongs to a different tenant domain. If not specified super tenant will be used. If Authorization header is present in the request, the user's tenant associated with the access token will be used. **NOTE:** * This operation does not require an Authorization header by default. But in order to see a restricted API's tags, you need to provide Authorization header. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/requestedTenant' - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. Tag list is returned. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/TagList' 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource. content: {} 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/tags" ###################################################### # The "Content Search Results" resource APIs ###################################################### /search: get: tags: - Unified Search summary: | Retrieve/Search APIs and API Documents by Content description: | This operation provides you a list of available APIs and API Documents qualifying the given keyword match. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/requestedTenant' - name: query in: query description: | **Search**. You can search by using providing the search term in the query parameters. schema: type: string - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. List of qualifying APIs and docs is returned. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests (Will be supported in future). schema: type: string Content-Type: description: The content type of the body. schema: type: string content: application/json: schema: $ref: '#/components/schemas/SearchResultList' 304: description: | Not Modified. Empty body because the client has already the latest version of the requested resource (Will be supported in future). content: {} 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/search?query=PizzaShackAPI" ###################################################### # The "SDK Generation Languages" list resource APIs ###################################################### /sdk-gen/languages: get: tags: - SDKs summary: | Get a List of Supported SDK Languages description: | This operation will provide a list of programming languages that are supported by the swagger codegen library for generating System Development Kits (SDKs) for APIs available in the API Manager Developer Portal responses: 200: description: | OK. List of supported languages for generating SDKs. content: application/json: example : ["android","java","javascript","jmeter"] 404: $ref: '#/components/responses/NotFound' 500: $ref: '#/components/responses/InternalServerError' security: - OAuth2Security: - apim:subscribe x-code-samples: - lang: Curl source: curl -k -H "Authorization:Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/sdk-gen/languages" ###################################################### # The Web hook API topic details ###################################################### /webhooks/subscriptions: get: tags: - Webhooks summary: | Get available web hook subscriptions for a given application. description: | This operation will provide a list of web hook topic subscriptions for a given application. If the api id is provided results will be filtered by the api Id. parameters: - $ref: '#/components/parameters/applicationId-Q' - $ref: '#/components/parameters/apiId-Q' - $ref: '#/components/parameters/requestedTenant' responses: 200: description: | OK. Topic list returned. headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests. schema: type: string content: application/json: schema: $ref: '#/components/schemas/WebhookSubscriptionList' 404: $ref: '#/components/responses/NotFound' 500: $ref: '#/components/responses/InternalServerError' security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k -H "Authorization:Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/webhooks/subscriptions?applicationId=5b65808c-cdf2-43e1-a695-de63e3ad0ae9&apiId=ae4eae22-3f65-387b-a171-d37eaa366fa8" ###################################################### # The Developer Portal settings List ###################################################### /settings: get: tags: - Settings summary: Retreive Developer Portal settings description: | Retreive Developer Portal settings parameters: - $ref: '#/components/parameters/requestedTenant' responses: 200: description: | OK. Settings returned content: application/json: schema: $ref: '#/components/schemas/Settings' 404: $ref: '#/components/responses/NotFound' security: - OAuth2Security: - apim:store_settings x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/settings"' /settings/application-attributes: get: tags: - Settings summary: | Get All Application Attributes from Configuration description: | This operation can be used to retrieve the application attributes from configuration. It will not return hidden attributes. parameters: - $ref: '#/components/parameters/If-None-Match' responses: 200: description: | OK. Application attributes returned. headers: Content-Type: description: | The content type of the body. schema: type: string content: application/json: schema: $ref: '#/components/schemas/ApplicationAttributeList' 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: - apim:subscribe x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/settings/application-attributes"' ###################################################### # The tenant resource APIs ###################################################### /tenants: get: tags: - Tenants summary: | Get Tenants by State description: | This operation is used to get tenants by state parameters: - name: state in: query description: | The state represents the current state of the tenant Supported states are [ active, inactive] schema: type: string default: active enum: - active - inactive - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' responses: 200: description: | OK. Tenant names returned. headers: Content-Type: description: | The content type of the body. schema: type: string content: application/json: schema: $ref: '#/components/schemas/TenantList' 404: $ref: '#/components/responses/NotFound' 406: $ref: '#/components/responses/NotAcceptable' security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/tenants" ###################################################### # The "Recommendations" resource API ###################################################### /recommendations: get: tags: - Recommendations summary: Give API Recommendations for a User description: This API can be used to get recommended APIs for a user who logs into the API Developer Portal responses: 200: description: | OK. Requested recommendations are returned headers: ETag: description: | Entity Tag of the response resource. Used by caches, or in conditional requests schema: type: string content: application/json: schema: $ref: '#/components/schemas/Recommendations' 404: $ref: '#/components/responses/NotFound' security: - OAuth2Security: - apim:subscribe x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/recommendations"' ###################################################### # The "Category Collection" resource API ###################################################### /api-categories: get: tags: - API Categories summary: Get All API Categories description: | Get all API categories parameters: - $ref: '#/components/parameters/requestedTenant' responses: 200: description: | OK. Categories returned content: application/json: schema: $ref: '#/components/schemas/APICategoryList' security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/api-categories" ###################################################### # The "Key Manager Collection" resource API ###################################################### /key-managers: get: tags: - Key Managers summary: Get All Key Managers description: | Get all Key managers parameters: - $ref: '#/components/parameters/requestedTenant' responses: 200: description: | OK. Key Manager list returned content: application/json: schema: $ref: '#/components/schemas/KeyManagerList' security: - OAuth2Security: - apim:subscribe x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/key-managers"' ###################################################### # GraphQL "Query Complexity" resource APIs ###################################################### /apis/{apiId}/graphql-policies/complexity: get: tags: - GraphQL Policies summary: Get the Complexity Related Details of an API description: | This operation can be used to retrieve complexity related details belonging to an API by providing the API id. parameters: - $ref: '#/components/parameters/apiId' responses: 200: description: | OK. Requested complexity details returned. headers: Content-Type: description: | The content of the body. schema: type: string default: application/json content: application/json: schema: $ref: '#/components/schemas/GraphQLQueryComplexityInfo' 404: description: | Not Found. Requested API does not contain any complexity details. content: {} security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/apis/e93fb282-b456-48fc-8981-003fb89086ae/graphql-policies/complexity" /apis/{apiId}/graphql-policies/complexity/types: get: tags: - GraphQL Policies summary: Retrieve Types and Fields of a GraphQL Schema description: | This operation can be used to retrieve all types and fields of the GraphQL Schema by providing the API id. parameters: - $ref: '#/components/parameters/apiId' responses: 200: description: | OK. Types and fields returned successfully. headers: Content-Type: description: | The content of the body. schema: type: string default: application/json content: application/json: schema: $ref: '#/components/schemas/GraphQLSchemaTypeList' 404: description: | Not Found. Retrieving types and fields failed. content: {} security: - OAuth2Security: [] x-code-samples: - lang: Curl source: curl -k "https://localhost:9443/api/am/devportal/v3/apis/e93fb282-b456-48fc-8981-003fb89086ae/graphql-policies/complexity/types" ###################################################### # The "API Chat Feature" resource API ###################################################### /apis/{apiId}/api-chat: post: security: - OAuth2Security: - apim:subscribe summary: Test API using a natural language query description: | Executes a test scenario against an API; which iteratively provide resources that need to be invoked alongside the inputs such as parameters, payloads, etc. while caching the progress. operationId: apiChatPost parameters: - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/action' requestBody: description: | API Chat request body content: application/json: schema: $ref: '#/components/schemas/ApiChatRequest' tags: - API Chat responses: 201: description: | Created. API Chat action completed. content: application/json: schema: $ref: '#/components/schemas/ApiChatResponse' 400: $ref: '#/components/responses/BadRequest' 401: $ref: '#/components/responses/Unauthorized' 500: description: | Internal Server Error. An error occurred while invoking the API Chat service. x-code-samples: - lang: Curl source: 'curl -k -X POST -H "Content-Type: application/json" -d @request.json "https://localhost:9443/api/am/devportal/v3/apis/e93fb282-b456-48fc-8981-003fb89086ae/api-chat?apiChatAction=EXECUTE"' /apis/{apiId}/generate-definition-url: post: tags: - APIs summary: Generate a URL to download a resource for an API description: >- Generate a URL to access an API resource like the WSDL definition. operationId: generateDefinitionURL parameters: - $ref: '#/components/parameters/resourceType' - $ref: '#/components/parameters/environmentName' - $ref: '#/components/parameters/apiId' - $ref: '#/components/parameters/requestedTenant' responses: '200': description: OK. Returns generated download URL as a string. content: application/json: schema: type: string '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' '500': $ref: '#/components/responses/InternalServerError' security: - OAuth2Security: [ ] ###################################################### # User resource APIs ###################################################### /me/change-password: post: tags: - Users summary: Change the Password of the user description: | Using this operation, logged-in user can change their password. operationId: changeUserPassword requestBody: description: | Current and new password of the user content: application/json: schema: $ref: '#/components/schemas/CurrentAndNewPasswords' required: true responses: 200: description: OK. User password changed successfully content: {} 400: $ref: '#/components/responses/BadRequest' security: - OAuth2Security: - apim:subscribe x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST -d @data.json "https://localhost:9443/api/am/devportal/v3/me/change-password"' /me/organization-information: get: tags: - Users summary: Get the Organization information of the user description: | Using this operation, logged-in user can get their organization information. operationId: organizationInformation responses: 200: description: | OK. Key Manager list returned content: application/json: schema: $ref: '#/components/schemas/OrganizationInfo' 400: $ref: '#/components/responses/BadRequest' security: - OAuth2Security: - apim:subscribe x-code-samples: - lang: Curl source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -X POST -d @data.json "https://localhost:9443/api/am/devportal/v3/me/organization"' ###################################################### # The "Marketplace Assistant Feature" resource APIs ###################################################### '/marketplace-assistant/api-count': #----------------------------------------------------- # Get No of apis in the VectorDB #----------------------------------------------------- get: summary: API Count endpoint. description: | Get the api count of Marketplace Assistant AI service. operationId: getMarketplaceAssistantApiCount tags: - Marketplace Assistant responses: 200: description: | OK. Api Count is returned. content: application/json: schema: $ref: '#/components/schemas/MarketplaceAssistantApiCountResponse' 400: $ref: '#/components/responses/BadRequest' 401: $ref: '#/components/responses/Unauthorized' 500: description: | Internal Server Error. An error occurred while retrieving the API count. x-code-samples: - lang: Curl source: 'curl -k "https://localhost:9443/api/am/devportal/v3/apis/marketplace-assistant/api-count"' '/marketplace-assistant/chat': #----------------------------------------------------- # Chat with Marketplace Assistant #----------------------------------------------------- post: summary: Marketplace Assistant Chat Endpoint. description: | Send a single query to the service and get the response. operationId: marketplaceAssistantExecute requestBody: description: | Marketplace Assistant chat request payload. content: application/json: schema: $ref: '#/components/schemas/MarketplaceAssistantRequest' tags: - Marketplace Assistant responses: 201: description: | Created. Marketplace Assistant chat response payload. content: application/json: schema: $ref: '#/components/schemas/MarketplaceAssistantResponse' 400: $ref: '#/components/responses/BadRequest' 401: $ref: '#/components/responses/Unauthorized' 429: $ref: '#/components/responses/TooManyRequests' 500: description: | Internal Server Error. An error occurred while executing test using Marketplace Chat service. x-code-samples: - lang: Curl source: 'curl -k -X POST -d request.json "https://localhost:9443/api/am/devportal/v3/apis/marketplace-assistant/chat"' components: schemas: ApplicationThrottleReset: title: Reset application level throttling type: object properties: userName: type: string description: The username for which the throttle policy needs to be reset example: admin APIList: title: API List type: object properties: count: type: integer description: | Number of APIs returned. example: 1 list: type: array items: $ref: '#/components/schemas/APIInfo' pagination: $ref: '#/components/schemas/Pagination' example: count: 2 list: - id: 01234567-0123-0123-0123-012345678901 name: CalculatorAPI description: A calculator API that supports basic operations context: /CalculatorAPI version: 1.0.0 type: HTTP provider: admin lifeCycleStatus: PUBLISHED thumbnailUri: /apis/01234567-0123-0123-0123-012345678901/thumbnail avgRating: 4.3 throttlingPolicies: [Unlimited] advertiseInfo: advertised: false, apiExternalProductionEndpoint: null, apiExternalSandboxEndpoint: null, originalDevPortalUrl: null, apiOwner: null businessInformation: businessOwner: Jane Roe businessOwnerEmail: businessowner@wso2.com technicalOwner: John Doe technicalOwnerEmail: technicalowner@wso2.com isSubscriptionAvailable: true monetizationLabel: null - id: 01123567-1233-5453-0212-12353678901 name: PizzaShackAPI description: A Pizza ordering API context: /PizzaShackAPI version: 1.0.0 type: HTTP provider: admin lifeCycleStatus: PUBLISHED thumbnailUri: /apis/01123567-1233-5453-0212-12353678901/thumbnail avgRating: 4.3 throttlingPolicies: [ Unlimited ] advertiseInfo: advertised: false, apiExternalProductionEndpoint: null, apiExternalSandboxEndpoint: null, originalDevPortalUrl: null, apiOwner: null businessInformation: businessOwner: Jane Roe businessOwnerEmail: businessowner@wso2.com technicalOwner: John Doe technicalOwnerEmail: technicalowner@wso2.com isSubscriptionAvailable: true monetizationLabel: null pagination: offset: 2 limit: 2 total: 10 next: /apis?limit=2&offset=4 previous: /apis?limit=2&offset=0 APIInfo: title: API Info object with basic API details. type: object properties: id: type: string example: 01234567-0123-0123-0123-012345678901 name: type: string example: CalculatorAPI displayName: type: string example: Calculator API description: | Display name of the API. This is the name that will be displayed in the Publisher and DevPortal. If not provided, the name will be used as the display name. description: type: string example: A calculator API that supports basic operations context: type: string example: CalculatorAPI version: type: string example: 1.0.0 type: type: string example: WS createdTime: type: string example: 1614020559444 provider: type: string description: | If the provider value is not given, the user invoking the API will be used as the provider. example: admin lifeCycleStatus: type: string example: PUBLISHED thumbnailUri: type: string example: /apis/01234567-0123-0123-0123-012345678901/thumbnail avgRating: type: string description: Average rating of the API example: "4.5" throttlingPolicies: type: array description: List of throttling policies of the API example: - Unlimited - Bronze items: type: string advertiseInfo: $ref: '#/components/schemas/AdvertiseInfo' businessInformation: $ref: '#/components/schemas/APIBusinessInformation' isSubscriptionAvailable: type: boolean example: false monetizationLabel: type: string example: Free gatewayType: type: string example: solace gatewayVendor: type: string example: WSO2 additionalProperties: type: array items: type: object properties: name: type: string value: type: string display: type: boolean description: | Custom(user defined) properties of API example: { } monetizedInfo: type: boolean example: true egress: type: boolean description: Whether the API is Egress or not default: false example: true subtype: type: string description: Subtype of the API. default: DEFAULT example: AIAPI readOnly: true APIInfoList: title: API Info List type: object properties: count: type: integer description: | Number of API Info objects returned. example: 1 list: type: array items: $ref: '#/components/schemas/APIInfo' API: title: API object required: - context - lifeCycleStatus - name - provider - version type: object properties: id: type: string description: | UUID of the api example: 01234567-0123-0123-0123-012345678901 name: type: string description: Name of the API example: CalculatorAPI displayName: description: Human-friendly name shown in UI. Length limited to DB column size. type: string example: Pizza Shack API description: type: string description: A brief description about the API example: A calculator API that supports basic operations context: type: string description: A string that represents thecontext of the user's request example: CalculatorAPI version: type: string description: The version of the API example: 1.0.0 provider: type: string description: | If the provider value is not given user invoking the api will be used as the provider. example: admin apiDefinition: type: string description: | Swagger definition of the API which contains details about URI templates and scopes example: '{"paths":{"\/substract":{"get":{"x-auth-type":"Application & Application User","x-throttling-tier":"Unlimited","parameters":[{"name":"x","required":true,"type":"string","in":"query"},{"name":"y","required":true,"type":"string","in":"query"}],"responses":{"200":{}}}},"\/add":{"get":{"x-auth-type":"Application & Application User","x-throttling-tier":"Unlimited","parameters":[{"name":"x","required":true,"type":"string","in":"query"},{"name":"y","required":true,"type":"string","in":"query"}],"responses":{"200":{}}}}},"swagger":"2.0","info":{"title":"CalculatorAPI","version":"1.0.0"}}' wsdlUri: type: string description: | WSDL URL if the API is based on a WSDL endpoint example: http://www.webservicex.com/globalweather.asmx?wsdl lifeCycleStatus: type: string description: This describes in which status of the lifecycle the API is. example: PUBLISHED isDefaultVersion: type: boolean example: false type: type: string description: This describes the transport type of the API example: HTTP transport: type: array example: - http - https items: type: string description: | Supported transports for the API (http and/or https). operations: type: array example: [] items: $ref: '#/components/schemas/APIOperations' authorizationHeader: type: string description: | Name of the Authorization header used for invoking the API. If it is not set, Authorization header name specified in tenant or system level will be used. example: Authorization apiKeyHeader: type: string description: | Name of the API key header used for invoking the API. If it is not set, default value `apiKey` will be used. example: ApiKey securityScheme: type: array description: | Types of API security, the current API secured with. It can be either OAuth2 or mutual SSL or both. If it is not set OAuth2 will be set as the security for the current API. example: - oauth2 - oauth_basic_auth_api_key_mandatory items: type: string tags: type: array description: Search keywords related to the API example: - substract - add items: type: string tiers: type: array description: The subscription tiers selected for the particular API items: type: object properties: tierName: type: string example: Gold tierPlan: type: string example: COMMERCIAL monetizationAttributes: type: object properties: fixedPrice: type: string example: "10" pricePerRequest: type: string example: "1" currencyType: type: string example: USD billingCycle: type: string example: month hasThumbnail: type: boolean example: true default: false additionalProperties: type: array items: type: object properties: name: type: string value: type: string display: type: boolean description: | Custom(user defined) properties of API example: {} monetization: $ref: '#/components/schemas/APIMonetizationInfo' endpointURLs: type: array items: type: object properties: environmentName: type: string example: Default environmentDisplayName: type: string example: Default environmentType: type: string example: hybrid URLs: type: object properties: http: type: string description: HTTP environment URL example: http://localhost:8280/phoneverify/1.0.0 https: type: string description: HTTPS environment URL example: https://localhost:8243/phoneverify/1.0.0 ws: type: string description: WS environment URL example: ws://localhost:9099/phoneverify/1.0.0 wss: type: string description: WSS environment URL example: wss://localhost:9099/phoneverify/1.0.0 defaultVersionURLs: type: object properties: http: type: string description: HTTP environment default URL example: http://localhost:8280/phoneverify/ https: type: string description: HTTPS environment default URL example: https://localhost:8243/phoneverify/ ws: type: string description: WS environment default URL example: ws://localhost:9099/phoneverify/ wss: type: string description: WSS environment default URL example: wss://localhost:9099/phoneverify/ businessInformation: $ref: '#/components/schemas/APIBusinessInformation' environmentList: type: array description: The environment list configured with non empty endpoint URLs for the particular API. example: - PRODUCTION - SANDBOX items: type: string scopes: type: array items: $ref: '#/components/schemas/ScopeInfo' avgRating: type: string description: The average rating of the API example: "4.5" subscriptions: type: integer format: int64 description: The number of subscriptions for the API example: 10 advertiseInfo: $ref: '#/components/schemas/AdvertiseInfo' isSubscriptionAvailable: type: boolean example: false initiatedFromGateway: type: boolean description: Flag indicating this API was discovered/initiated via the gateway (federated discovery) rather than created in the Control Plane. example: false categories: type: array description: | API categories items: type: string example: "Marketing" keyManagers: type: object properties: {} description: | API Key Managers example: ["all"] createdTime: type: string example: 2020-10-31T13:57:16.229 lastUpdatedTime: type: string example: 2020-10-31T13:57:16.229 gatewayType: title: Gateway type of the API type: string example: solace gatewayVendor: title: Gateway vendor of the API type: string example: wso2 asyncTransportProtocols: type: array description: | Supported transports for the aync API. example: - http - mqtt items: type: string egress: type: boolean description: Whether the API is egress or not default: false example: true subtype: type: string description: Subtype of the API. default: DEFAULT example: AIAPI readOnly: true APIMonetizationInfo: title: API monetization object required: - enabled type: object properties: enabled: type: boolean description: Flag to indicate the monetization status example: true ApplicationList: title: Application List type: object properties: count: type: integer description: | Number of applications returned. example: 1 list: type: array items: $ref: '#/components/schemas/ApplicationInfo' pagination: $ref: '#/components/schemas/Pagination' Application: title: Application required: - name - throttlingPolicy type: object properties: applicationId: type: string readOnly: true example: 01234567-0123-0123-0123-012345678901 name: maxLength: 100 minLength: 1 type: string example: CalculatorApp throttlingPolicy: minLength: 1 type: string example: Unlimited description: maxLength: 512 type: string example: Sample calculator application tokenType: type: string description: | Type of the access token generated for this application. **OAUTH:** A UUID based access token **JWT:** A self-contained, signed JWT based access token which is issued by default. example: JWT default: JWT enum: - OAUTH - JWT status: type: string readOnly: true example: APPROVED default: "" groups: type: array example: [] items: type: string subscriptionCount: type: integer readOnly: true keys: type: array readOnly: true example: [] items: $ref: '#/components/schemas/ApplicationKey' attributes: type: object additionalProperties: type: string example: {} subscriptionScopes: type: array example: [] items: $ref: '#/components/schemas/ScopeInfo' owner: type: string description: | Application created user readOnly: true example: admin hashEnabled: type: boolean readOnly: true example: false createdTime: type: string readOnly: true example: 1651555310208 updatedTime: type: string readOnly: true example: 1651555310208 visibility: type: string enum: - PRIVATE - SHARED_WITH_ORG ApplicationInfo: title: Application info object with basic application details type: object properties: applicationId: type: string example: 01234567-0123-0123-0123-012345678901 name: type: string example: CalculatorApp throttlingPolicy: type: string example: Unlimited description: type: string example: Sample calculator application status: type: string example: APPROVED default: "" groups: type: array example: "" items: type: string subscriptionCount: type: integer attributes: type: object properties: {} example: External Reference ID, Billing Tier owner: type: string example: admin tokenType: type: string example: JWT createdTime: type: string readOnly: true example: 1651555310208 updatedTime: type: string readOnly: true example: 1651555310208 DocumentList: title: Document List type: object properties: count: type: integer description: | Number of Documents returned. example: 1 list: type: array items: $ref: '#/components/schemas/Document' pagination: $ref: '#/components/schemas/Pagination' Document: title: Document required: - name - sourceType - type type: object properties: documentId: type: string example: 01234567-0123-0123-0123-012345678901 name: type: string example: CalculatorDoc type: type: string example: HOWTO enum: - HOWTO - SAMPLES - PUBLIC_FORUM - SUPPORT_FORUM - API_MESSAGE_FORMAT - SWAGGER_DOC - OTHER summary: type: string example: Summary of Calculator Documentation sourceType: type: string example: INLINE enum: - INLINE - MARKDOWN - URL - FILE sourceUrl: type: string example: "" otherTypeName: type: string example: "" ThrottlingPolicyList: title: Throttling Policy List type: object properties: count: type: integer description: | Number of Throttling Policies returned. example: 1 list: type: array items: $ref: '#/components/schemas/ThrottlingPolicy' pagination: $ref: '#/components/schemas/Pagination' ThrottlingPolicy: title: Throttling Policy required: - name - requestCount - stopOnQuotaReach - tierPlan - unitTime type: object properties: name: type: string example: Platinum description: type: string example: Allows 50 request(s) per minute. policyLevel: type: string example: subscription enum: - application - subscription attributes: type: object additionalProperties: type: string description: | Custom attributes added to the throttling policy example: {} requestCount: type: integer description: | Maximum number of requests which can be sent within a provided unit time format: int64 example: 50 dataUnit: description: | Unit of data allowed to be transfered. Allowed values are "KB", "MB" and "GB" type: string example: KB unitTime: type: integer format: int64 example: 60000 timeUnit: type: string example: min rateLimitCount: type: integer default: 0 description: Burst control request count example: 10 rateLimitTimeUnit: type: string description: Burst control time unit example: min quotaPolicyType: type: string description: Default quota limit type enum: - REQUESTCOUNT - BANDWIDTHVOLUME example: REQUESTCOUNT tierPlan: type: string description: | This attribute declares whether this tier is available under commercial or free example: FREE enum: - FREE - COMMERCIAL stopOnQuotaReach: type: boolean description: | If this attribute is set to false, you are capabale of sending requests even if the request count exceeded within a unit time example: true monetizationAttributes: $ref: '#/components/schemas/MonetizationInfo' throttlingPolicyPermissions: $ref: '#/components/schemas/ThrottlingPolicyPermissionInfo' SubscriptionList: title: Subscription List type: object properties: count: type: integer description: | Number of Subscriptions returned. example: 1 list: type: array items: $ref: '#/components/schemas/Subscription' pagination: $ref: '#/components/schemas/Pagination' TopicList: title: Topic List type: object properties: count: type: integer description: | Number of Topics returned. example: 1 list: type: array items: $ref: '#/components/schemas/Topic' pagination: $ref: '#/components/schemas/Pagination' Topic: title: Topic type: object properties: apiId: type: string example: faae5fcc-cbae-40c4-bf43-89931630d313 name: type: string example: orderBooks type: type: string example: publisher WebhookSubscriptionList: title: Subscribed Webhook List type: object properties: count: type: integer description: | Number of webhook subscriptions returned. example: 1 list: type: array items: $ref: '#/components/schemas/WebhookSubscription' pagination: $ref: '#/components/schemas/Pagination' WebhookSubscription: title: Webhook Subscription type: object properties: apiId: type: string example: faae5fcc-cbae-40c4-bf43-89931630d313 appId: type: string example: faae5fcc-cbae-40c4-bf43-89931630d313 topic: type: string example: orderBooks callBackUrl: type: string example: www.orderbooksite.com deliveryTime: type: string example: faae5fcc-cbae-40c4-bf43-89931630d313 deliveryStatus: type: integer example: 1 APIBusinessInformation: type: object properties: businessOwner: type: string example: businessowner businessOwnerEmail: type: string example: businessowner@wso2.com technicalOwner: type: string example: technicalowner technicalOwnerEmail: type: string example: technicalowner@wso2.com Subscription: title: Subscription required: - applicationId - throttlingPolicy type: object properties: subscriptionId: type: string description: The UUID of the subscription readOnly: true example: faae5fcc-cbae-40c4-bf43-89931630d313 applicationId: type: string description: The UUID of the application example: b3ade481-30b0-4b38-9a67-498a40873a6d apiId: type: string description: The unique identifier of the API. example: 2962f3bb-8330-438e-baee-0ee1d6434ba4 apiInfo: $ref: '#/components/schemas/APIInfo' applicationInfo: $ref: '#/components/schemas/ApplicationInfo' throttlingPolicy: type: string example: Unlimited requestedThrottlingPolicy: type: string example: Unlimited status: type: string example: UNBLOCKED enum: - BLOCKED - PROD_ONLY_BLOCKED - UNBLOCKED - ON_HOLD - REJECTED - TIER_UPDATE_PENDING - DELETE_PENDING redirectionParams: type: string description: A url and other parameters the subscriber can be redirected. readOnly: true example: "" Tag: title: Tag type: object properties: value: type: string example: tag1 count: type: integer example: 5 TagList: title: Tag List type: object properties: count: type: integer description: | Number of Tags returned. example: 1 list: type: array items: $ref: '#/components/schemas/Tag' pagination: $ref: '#/components/schemas/Pagination' Rating: title: Rating required: - rating type: object properties: ratingId: type: string readOnly: true example: 32acfa7a-77f8-4fe0-bb7f-a902f36546d0 apiId: type: string readOnly: true example: e93fb282-b456-48fc-8981-003fb89086ae ratedBy: maxLength: 50 type: string readOnly: true example: admin rating: type: integer example: 4 RatingList: title: Rating List type: object properties: avgRating: type: string description: | Average Rating of the API example: "4" userRating: type: integer description: | Rating given by the user example: 4 count: type: integer description: | Number of Subscriber Ratings returned. example: 1 list: type: array items: $ref: '#/components/schemas/Rating' pagination: $ref: '#/components/schemas/Pagination' Comment: title: Comment required: - content type: object properties: id: type: string readOnly: true example: 943d3002-000c-42d3-a1b9-d6559f8a4d49 content: maxLength: 512 type: string example: This is a comment createdTime: type: string readOnly: true example: 2021-02-11-09:57:25 createdBy: type: string readOnly: true example: admin updatedTime: type: string readOnly: true example: 2021-02-12-19:57:25 category: type: string readOnly: true default: general example : general parentCommentId: type: string readOnly: true example: 6f38aea2-f41e-4ac9-b3f2-a9493d00ba97 entryPoint: type: string readOnly: true enum: [devPortal, publisher] commenterInfo: $ref: '#/components/schemas/CommenterInfo' replies: $ref: '#/components/schemas/CommentList' CommentList: title: Comments List type: object properties: count: type: integer readOnly: true description: | Number of Comments returned. example: 1 list: type: array readOnly: true items: $ref: '#/components/schemas/Comment' pagination: $ref: '#/components/schemas/Pagination' Error: title: Error object returned with 4XX HTTP status required: - code - message type: object properties: code: type: integer format: int64 message: type: string description: Error message. description: type: string description: | A detail description about the error message. moreInfo: type: string description: | Preferably an url with more details about the error. error: type: array description: | If there are more than one error list them out. For example, list out validation errors by each field. items: $ref: '#/components/schemas/ErrorListItem' ErrorListItem: title: Description of individual errors that may have occurred during a request. required: - code - message type: object properties: code: type: string message: type: string description: | Description about individual errors occurred ApplicationToken: title: Application token details to invoke APIs type: object properties: accessToken: type: string description: Access token example: 1.2345678901234568E30 tokenScopes: type: array description: Valid comma seperated scopes for the access token example: - default - read_api - write_api items: type: string validityTime: type: integer description: Maximum validity time for the access token format: int64 example: 3600 APIKey: title: API Key details to invoke APIs type: object properties: keyName: type: string description: API Key name example: Test_Key apikey: type: string description: API Key example: eyJoZWxsbyI6IndvcmxkIn0=.eyJ3c28yIjoiYXBpbSJ9.eyJ3c28yIjoic2lnbmF0dXJlIn0= validityPeriod: type: integer format: int64 example: 3600 APIKeyAssociation: title: API Key association type: object properties: keyName: type: string description: API Key name example: Test_Key apiName: type: string description: API name example: NotificationAPI applicationName: type: string description: Application name example: DefaultApplication APIKeyAssociationInfo: title: API Key association type: object properties: keyUUID: type: string description: The UUID of the API key keyName: type: string description: API Key name example: Test_Key apiName: type: string description: API name example: NotificationAPI apiUUID: type: string description: The UUID of the API issuedOn: type: integer format: int64 description: Created Time example: 2026-02-06 23:45:07 validityPeriod: type: integer format: int64 example: 3600 lastUsed: type: integer format: int64 description: Last used time as epoch milliseconds. example: APIKeyInfo: title: API Key details to invoke APIs type: object properties: keyUUID: type: string description: The UUID of the API key keyName: type: string description: API Key name example: Test_Key issuedOn: type: integer format: int64 description: Created Time example: 3600 validityPeriod: type: integer format: int64 example: 3600 lastUsed: type: integer format: int64 description: Last used time as epoch milliseconds. example: 3600 APIWithKeyInfo: title: API with API Key type: object properties: keyName: type: string description: API Key name example: Test_Key keyUUID: type: string description: The UUID of the API key apiName: type: string description: API name example: NotificationAPI apiUUID: type: string description: The UUID of the associated API APIAPIKeyInfo: title: API Key details to invoke APIs type: object properties: keyUUID: type: string description: The UUID of the API key keyName: type: string description: API Key name example: Test_Key associatedApp: type: string description: Associated application example: DefaultApplication issuedOn: type: integer format: int64 description: Created Time example: 2026-02-06 23:45:07 validityPeriod: type: integer format: int64 example: 3600 lastUsed: type: integer format: int64 description: Last used time as epoch milliseconds. example: 2026-02-06 23:45:07 APIAPIKeyList: title: API Keys List type: object properties: count: type: integer description: | Number of API keys returned. example: 1 list: type: array items: $ref: '#/components/schemas/APIAPIKeyInfo' APIKeyList: title: API Keys List type: object properties: count: type: integer description: | Number of API keys returned. example: 1 list: type: array items: $ref: '#/components/schemas/APIKeyInfo' SubscribedAPIWithApiKeyList: title: Subscribed APIs with non-associated API keys type: object properties: count: type: integer description: | Number of subscribed APIs with API keys returned. example: 1 list: type: array items: $ref: '#/components/schemas/APIWithKeyInfo' APIKeyAssociationList: title: API Key Associations List type: object properties: count: type: integer description: | Number of API key associations returned. example: 1 list: type: array items: $ref: '#/components/schemas/APIKeyAssociationInfo' ApplicationKey: title: Application key details type: object properties: keyMappingId: type: string description: Key Manager Mapping UUID readOnly: true example: 92ab520c-8847-427a-a921-3ed19b15aad7 keyManager: type: string description: Key Manager Name example: Resident Key Manager consumerKey: type: string description: Consumer key of the application readOnly: true example: vYDoc9s7IgAFdkSyNDaswBX7ejoa consumerSecret: type: string description: Consumer secret of the application readOnly: true example: TIDlOFkpzB7WjufO3OJUhy1fsvAa consumerSecrets: type: array description: A list of all consumer secrets of the application When multiple consumer secrets are enabled items: $ref: '#/components/schemas/ConsumerSecret' supportedGrantTypes: type: array description: The grant types that are supported by the application example: - client_credentials - password items: type: string callbackUrl: type: string description: Callback URL example: http://sample.com/callback/url keyState: type: string description: Describes the state of the key generation. example: APPROVED keyType: type: string description: Describes to which endpoint the key belongs example: PRODUCTION enum: - PRODUCTION - SANDBOX mode: type: string description: Describe the which mode Application Mapped. example: CREATED enum: - MAPPED - CREATED groupId: type: string description: Application group id (if any). example: "2" token: $ref: '#/components/schemas/ApplicationToken' additionalProperties: type: object properties: {} description: additionalProperties (if any). ApplicationKeyReGenerateResponse: title: Application key details after re generating consumer secret type: object properties: consumerKey: type: string description: The consumer key associated with the application, used to indetify the client example: vYDoc9s7IgAFdkSyNDaswBX7ejoa consumerSecret: type: string description: The client secret that is used to authenticate the client with the authentication server example: TIDlOFkpzB7WjufO3OJUhy1fsvAa ApplicationKeyList: title: Application Keys List type: object properties: count: type: integer description: | Number of applications keys returned. example: 1 list: type: array items: $ref: '#/components/schemas/ApplicationKey' ApplicationKeyGenerateRequest: title: Application key generation request object required: - grantTypesToBeSupported - keyType type: object properties: keyType: type: string enum: - PRODUCTION - SANDBOX keyManager: type: string description: key Manager to Generate Keys example: Resident Key Manager grantTypesToBeSupported: type: array description: Grant types that should be supported by the application example: - password - client_credentials items: type: string callbackUrl: type: string description: Callback URL example: http://sample.com/callback/url scopes: type: array description: Allowed scopes for the access token example: - am_application_scope - default items: type: string validityTime: type: string example: "3600" clientId: type: string description: Client ID for generating access token. readOnly: true example: sZzoeSCI_vL2cjSXZQmsmV8JEyga clientSecret: type: string description: Client secret for generating access token. This is given together with the client Id. readOnly: true example: nrs3YAP4htxnz_DqpvGhf9Um04oa additionalProperties: type: object properties: {} description: Additional properties needed. example: {} ApplicationKeyMappingRequest: title: Application key provision request object required: - consumerKey - keyType type: object properties: consumerKey: type: string description: Consumer key of the application example: oYhwZu4P2ThDmiDprBk6c0YfjR8a consumerSecret: type: string description: Consumer secret of the application example: ondWGtFTCOVM4sfPyOfZ7fel610a keyManager: type: string description: Key Manager Name example: Resident Key Manager keyType: type: string enum: - PRODUCTION - SANDBOX ApplicationTokenGenerateRequest: title: Application access token generation request object type: object properties: consumerSecret: type: string description: Consumer secret of the application example: cV5pvyisxug5b5QZInq9cGZrMOMa validityPeriod: type: integer description: Token validity period format: int64 example: 3600 scopes: type: array description: Allowed scopes (space seperated) for the access token example: - apim:subscribe items: type: string revokeToken: type: string description: Token to be revoked, if any example: "" grantType: type: string default: CLIENT_CREDENTIALS enum: - CLIENT_CREDENTIALS - TOKEN_EXCHANGE additionalProperties: type: object properties: {} description: Additional parameters if Authorization server needs any APIAPIKeyGenerateRequest: title: API Key generation request object type: object properties: keyName: type: string description: API Key name example: Test_Key keyType: type: string description: Type of the API key example: PRODUCTION enum: - PRODUCTION - SANDBOX validityPeriod: type: integer description: API key validity period format: int64 example: 3600 additionalProperties: type: object properties: { } description: Additional parameters if Authorization server needs any APIKeyGenerateRequest: title: API Key generation request object type: object properties: keyName: type: string description: API Key name example: Test_Key validityPeriod: type: integer description: API key validity period format: int64 example: 3600 additionalProperties: type: object properties: {} description: Additional parameters if Authorization server needs any APIKeyRenewRequest: title: API Key renewal request object type: object required: - keyUUID properties: keyUUID: type: string description: The UUID of the API key APIAPIKeyAssociateRequest: title: API Key association request object type: object required: - keyUUID - applicationUUID properties: keyUUID: type: string description: The UUID of the API key applicationUUID: type: string description: The UUID of the Application to be associated APIKeyDissociateRequest: title: API Key dissociation request object type: object required: - keyUUID properties: keyUUID: type: string description: The UUID of the API key AppAPIKeyAssociateRequest: title: API Key association request object type: object required: - keyUUID - apiUUID properties: apiUUID: type: string description: The unique identifier of the API. example: 2962f3bb-8330-438e-baee-0ee1d6434ba4 keyUUID: type: string description: The UUID of the API key APIKeyRevokeRequest: title: API Key revoke request object type: object oneOf: - required: [ apikey ] - required: [ keyUUID ] properties: apikey: type: string description: API Key to revoke example: eyJoZWxsbyI6IndvcmxkIn0=.eyJ3c28yIjoiYXBpbSJ9.eyJ3c28yIjoic2lnbmF0dXJlIn0= keyUUID: type: string description: The UUID of the API key APIAPIKeyRevokeRequest: title: API Key revoke request object type: object required: - keyUUID properties: keyUUID: type: string description: The UUID of the API key ScopeInfo: title: API Scope info object with scope details type: object properties: key: type: string example: admin_scope name: type: string example: admin scope roles: type: array description: Allowed roles for the scope example: - manager - developer items: type: string description: type: string description: Description of the scope ScopeList: title: Scope list type: object properties: count: type: integer description: | Number of results returned. example: 1 list: type: array items: $ref: '#/components/schemas/ScopeInfo' pagination: $ref: '#/components/schemas/Pagination' ThrottlingPolicyPermissionInfo: title: Throttling Policy Permission info object with throttling policy permission details type: object properties: type: type: string enum: - allow - deny roles: type: array description: roles for this permission example: - manager - developer items: type: string MonetizationInfo: title: Monetization type: object properties: billingType: type: string example: fixedPrice enum: - fixedPrice - dynamicRate billingCycle: type: string example: month fixedPrice: type: string example: "10" pricePerRequest: type: string example: "1" currencyType: type: string example: USD APIMonetizationUsage: title: API monetization usage object type: object properties: properties: type: object additionalProperties: type: string description: Map of custom properties related to monetization usage WorkflowResponse: title: workflow Response required: - workflowStatus type: object properties: workflowStatus: type: string description: | This attribute declares whether this workflow task is approved or rejected. example: APPROVED enum: - CREATED - APPROVED - REJECTED - REGISTERED jsonPayload: type: string description: | Attributes that returned after the workflow execution User: title: User required: - email - firstName - lastName - password - username type: object properties: username: type: string password: type: string firstName: type: string lastName: type: string email: type: string APIOperations: title: Operation type: object properties: id: type: string example: apioperation target: type: string verb: type: string SearchResultList: title: Search Result List type: object properties: count: type: integer description: | Number of results returned. example: 1 list: type: array items: type: object example: - id: abcff4cf-24c5-4298-a7b4-39a1fbd34693 name: PizzaShackAPI type: API transportType: description: context: "/pizzashack" version: 1.0.0 provider: admin status: PUBLISHED thumbnailUri: businessInformation: businessOwner: Jane Roe businessOwnerEmail: businessowner@wso2.com technicalOwner: John Doe technicalOwnerEmail: technicalowner@wso2.com avgRating: '4.0' pagination: $ref: '#/components/schemas/Pagination' SearchResult: title: Search Result required: - name type: object properties: id: type: string example: 01234567-0123-0123-0123-012345678901 name: type: string example: TestAPI type: type: string example: API enum: - DOC - API - APIProduct - DEFINITION - MCP transportType: type: string description: Accepted values are HTTP, WS, SOAPTOREST, GRAPHQL discriminator: propertyName: name APISearchResult: title: API Result allOf: - $ref: '#/components/schemas/SearchResult' - type: object properties: displayName: description: Human-friendly name shown in UI. Length limited to DB column size. type: string example: Pizza Shack API description: type: string description: A brief description about the API example: A calculator API that supports basic operations context: type: string description: A string that represents the context of the user's request example: CalculatorAPI version: type: string description: The version of the API example: 1.0.0 provider: type: string description: | If the provider value is notgiven, the user invoking the API will be used as the provider. example: admin status: type: string description: This describes in which status of the lifecycle the API is example: CREATED thumbnailUri: type: string example: /apis/01234567-0123-0123-0123-012345678901/thumbnail businessInformation: $ref: '#/components/schemas/APIBusinessInformation' avgRating: type: string description: Average rating of the API example: "4.5" monetizedInfo: type: boolean example: true advertiseInfo: $ref: '#/components/schemas/AdvertiseInfo' DocumentSearchResult: title: Document Result allOf: - $ref: '#/components/schemas/SearchResult' - type: object properties: docType: type: string example: HOWTO enum: - HOWTO - SAMPLES - PUBLIC_FORUM - SUPPORT_FORUM - API_MESSAGE_FORMAT - SWAGGER_DOC - OTHER summary: type: string example: Summary of Calculator Documentation sourceType: type: string example: INLINE enum: - INLINE - URL - FILE - MARKDOWN sourceUrl: type: string example: "" otherTypeName: type: string example: "" visibility: type: string example: API_LEVEL enum: - OWNER_ONLY - PRIVATE - API_LEVEL apiName: type: string description: The name of the associated API example: TestAPI apiDisplayName: description: Human-friendly name shown in UI for associated API. Length limited to DB column size. type: string example: Pizza Shack API apiVersion: type: string description: The version of the associated API example: 1.0.0 apiProvider: type: string example: admin apiUUID: type: string associatedType: type: string APIDefinitionSearchResult: title: API Definition Search Result allOf: - $ref: '#/components/schemas/SearchResult' - properties: apiName: type: string description: The name of the associated API example: TestAPI apiDisplayName: description: Human-friendly name shown in UI for associated API. Length limited to DB column size. type: string example: Pizza Shack API apiVersion: type: string description: The version of the associated API example: 1.0.0 apiContext: type: string description: The context of the associated API example: /test apiUUID: type: string description: The UUID of the associated API apiProvider: type: string description: The provider name of the associated API example: publisher apiType: type: string description: The type of the associated API example: REST associatedType: type: string description: API or APIProduct example: API CommenterInfo: type: object properties: firstName: type: string example: John lastName: type: string example: David fullName: type: string example: John David Pagination: title: Pagination type: object properties: offset: type: integer example: 0 limit: type: integer example: 10 total: type: integer example: 1 next: type: string description: | Link to the next subset of resources qualified. Empty if no more resources are to be returned. example: "" previous: type: string description: | Link to the previous subset of resources qualified. Empty if current subset is the first subset returned. example: "" Settings: title: Settings type: object properties: grantTypes: type: array items: type: string example: - refresh_token - urn:ietf:params:oauth:grant-type:saml2-bearer - password - client_credentials - iwa:ntlm - authorization_code - urn:ietf:params:oauth:grant-type:jwt-bearer scopes: type: array items: type: string example: - apim:api_key - apim:app_import_export - apim:app_manage - apim:store_settings - apim:sub_alert_manage - apim:sub_manage - apim:subscribe - openid applicationSharingEnabled: type: boolean default: false IsLegacyApiKeysEnabled: type: boolean default: false mapExistingAuthApps: type: boolean default: false apiGatewayEndpoint: type: string monetizationEnabled: type: boolean default: false recommendationEnabled: type: boolean default: false IsUnlimitedTierPaid: type: boolean default: false identityProvider: type: object properties: external: type: boolean default: false IsAnonymousModeEnabled: type: boolean default: true IsPasswordChangeEnabled: type: boolean default: true IsJWTEnabledForLoginTokens: type: boolean default: false orgAccessControlEnabled: type: boolean description: | Is Organization-based access control configuration enabled example: true userStorePasswordPattern: type: string description: The 'PasswordJavaRegEx' cofigured in the UserStoreManager example: "^[\\S]{5,30}$" passwordPolicyPattern: type: string description: The regex configured in the Password Policy property 'passwordPolicy.pattern' example: "^[\\S]{5,30}$" passwordPolicyMinLength: type: integer description: If Password Policy Feature is enabled, the property 'passwordPolicy.min.length' is returned as the 'passwordPolicyMinLength'. If password policy is not enabled, default value -1 will be returned. And it should be noted that the regex pattern(s) returned in 'passwordPolicyPattern' and 'userStorePasswordPattern' properties too will affect the minimum password length allowed and an intersection of all conditions will be considered finally to validate the password. passwordPolicyMaxLength: type: integer description: If Password Policy Feature is enabled, the property 'passwordPolicy.max.length' is returned as the 'passwordPolicyMaxLength'. If password policy is not enabled, default value -1 will be returned. And it should be noted that the regex pattern(s) returned in 'passwordPolicyPattern' and 'userStorePasswordPattern' properties too will affect the maximum password length allowed and an intersection of all conditions will be considered finally to validate the password. apiChatEnabled: type: boolean description: Specifies whether API Chat feature is enabled. default: true aiAuthTokenProvided: type: boolean description: Checks if the auth token is provided for AI service usage. default: false marketplaceAssistantEnabled: type: boolean description: Specifies whether Marketplace Assistant feature is enabled. default: true orgWideAppUpdateEnabled: type: boolean default: false devportalMode: type: string description: > This indicates the mode of the Developer Portal. Possible values are: - HYBRID: Both MCP and API portals are enabled. - MCP_ONLY: Only the MCP portal is enabled. - API_ONLY: Only the API portal is enabled. enum: - HYBRID - MCP_ONLY - API_ONLY default: HYBRID ApplicationAttribute: title: Application attributes type: object properties: description: type: string description: description of the application attribute example: Sample description of the attribute type: type: string description: type of the input element to display example: text tooltip: type: string description: tooltop to display for the input element example: Sample tooltip required: type: string description: whether this is a required attribute example: "false" attribute: type: string description: the name of the attribute example: External Reference Id hidden: type: string description: whether this is a hidden attribute example: "false" ApplicationAttributeList: title: Application Attributes List type: object properties: count: type: integer description: | Number of application attributes returned. example: 1 list: type: array items: $ref: '#/components/schemas/ApplicationAttribute' Tenant: title: Tenant type: object properties: domain: type: string description: tenant domain example: wso2.com status: type: string description: current status of the tenant active/inactive example: active TenantList: title: Tenant list type: object properties: count: type: integer description: | Number of tenants returned. example: 1 list: type: array items: $ref: '#/components/schemas/Tenant' pagination: $ref: '#/components/schemas/Pagination' AdvertiseInfo: title: API Advertise info object with advertise details type: object properties: advertised: type: boolean example: true apiExternalProductionEndpoint: type: string example: https://localhost:9443/devportal apiExternalSandboxEndpoint: type: string example: https://localhost:9443/devportal originalDevPortalUrl: type: string example: https://localhost:9443/devportal apiOwner: type: string example: admin vendor: type: string default: WSO2 enum: - WSO2 - AWS APICategory: title: API Category required: - name type: object properties: id: type: string example: 01234567-0123-0123-0123-012345678901 name: type: string example: Finance description: type: string example: Finance related APIs APICategoryList: title: API Category List type: object properties: count: type: integer description: | Number of API categories returned. example: 1 list: type: array items: $ref: '#/components/schemas/APICategory' Recommendations: title: API recommendations type: object properties: count: type: integer description: | Number of APIs returned. example: 1 list: type: array items: $ref: '#/components/schemas/recommendedAPI' recommendedAPI: title: Recommended API type: object properties: id: type: string example: 01234567-0123-0123-0123-012345678901 name: type: string example: CalculatorAPI avgRating: type: string description: Average rating of the API example: "4.5" OrganizationInfo: title: Organization Info type: object properties: organizationId: type: string example: 01234567-0123-0123-0123-012345678901 name: type: string example: My Organization KeyManagerInfo: title: Key Manager Info required: - name - type type: object properties: id: type: string example: 01234567-0123-0123-0123-012345678901 name: type: string example: Resident Key Manager type: type: string example: default displayName: type: string description: | display name of Keymanager example: Resident Key Manager description: type: string example: This is Resident Key Manager enabled: type: boolean example: true availableGrantTypes: type: array items: type: string example: client_credentials tokenEndpoint: type: string example: https://localhost:9443/oauth2/token revokeEndpoint: type: string example: https://localhost:9443/oauth2/revoke userInfoEndpoint: type: string example: "" enableTokenGeneration: type: boolean example: true enableTokenEncryption: type: boolean example: false default: false enableTokenHashing: type: boolean example: false default: false enableOAuthAppCreation: type: boolean example: true default: true enableMapOAuthConsumerApps: type: boolean example: false default: false applicationConfiguration: type: array items: $ref: '#/components/schemas/KeyManagerApplicationConfiguration' alias: type: string description: | The alias of Identity Provider. If the tokenType is EXCHANGED, the alias value should be inclusive in the audience values of the JWT token example: https://localhost:9443/oauth2/token additionalProperties: type: object properties: {} tokenType: type: string description: The type of the tokens to be used (exchanged or without exchanged). Accepted values are EXCHANGED, DIRECT and BOTH. example: EXCHANGED default: DIRECT enum: - EXCHANGED - DIRECT - BOTH KeyManagerApplicationConfiguration: title: Key Manager application Configuration type: object properties: name: type: string example: consumer_key label: type: string example: Consumer Key type: type: string example: select required: type: boolean example: true mask: type: boolean example: true multiple: type: boolean example: true tooltip: type: string example: Enter username to connect to key manager default: type: object properties: {} example: admin values: type: array items: type: object properties: {} constraint: $ref: '#/components/schemas/ApplicationConfigurationConstraint' ApplicationConfigurationConstraint: title: Application Configuration Constraint type: object properties: type: type: string example: RANGE value: type: object properties: {} example: '{ "min": 60, "max": 3600 }' KeyManagerList: title: Key Manager List type: object properties: count: type: integer description: | Number of Key managers returned. example: 1 list: type: array items: $ref: '#/components/schemas/KeyManagerInfo' GraphQLQueryComplexityInfo: title: GraphQL Query Complexity Info type: object properties: list: type: array items: $ref: '#/components/schemas/GraphQLCustomComplexityInfo' GraphQLCustomComplexityInfo: title: GraphQL Custom Complexity Info required: - complexityValue - field - type type: object properties: type: type: string description: | The type found within the schema of the API example: Country field: type: string description: | The field which is found under the type within the schema of the API example: name complexityValue: type: integer description: | The complexity value allocated for the associated field under the specified type example: 1 GraphQLSchemaTypeList: title: List of types and corresponding fields of the GraphQL Schema type: object properties: typeList: type: array items: $ref: '#/components/schemas/GraphQLSchemaType' GraphQLSchemaType: title: Single type and corresponding fields found within the GraphQL Schema type: object properties: type: type: string description: | Type found within the GraphQL Schema example: Country fieldList: type: array description: | Array of fields under current type example: - code - name items: type: string CurrentAndNewPasswords: title: Current and new passowrd of the user type: object properties: currentPassword: type: string example: password123 newPassword: type: string example: newpassword1234 AdditionalSubscriptionInfoList: title: Additional Subscription Info List type: object properties: count: type: integer description: | Number of additional information sets of subscription returned. example: 1 list: type: array items: $ref: '#/components/schemas/AdditionalSubscriptionInfo' pagination: $ref: '#/components/schemas/Pagination' AdditionalSubscriptionInfo: title: Additional Information of subscriptions related to an API type: object properties: subscriptionId: type: string description: The UUID of the subscription readOnly: true example: faae5fcc-cbae-40c4-bf43-89931630d313 applicationId: type: string description: The UUID of the application example: b3ade481-30b0-4b38-9a67-498a40873a6d applicationName: type: string description: The name of the application example: Sample Application apiId: type: string description: The unique identifier of the API. example: 2962f3bb-8330-438e-baee-0ee1d6434ba4 isSolaceAPI: type: boolean example: false solaceOrganization: type: string example: SolaceWso2 solaceDeployedEnvironments: type: array items: type: object properties: environmentName: type: string environmentDisplayName: type: string organizationName: type: string solaceURLs: type: array items: type: object properties: protocol: type: string example: Defalt endpointURL: type: string example: Default SolaceTopicsObject: type: object properties: defaultSyntax: $ref: '#/components/schemas/SolaceTopics' mqttSyntax: $ref: '#/components/schemas/SolaceTopics' SolaceTopics: title: SolaceTopics type: object properties: publishTopics: type: array items: type: string subscribeTopics: type: array items: type: string ApiChatRequest: title: API Chat request properties: apiChatRequestId: type: string description: | Request UUID example: "faae5fcc-cbae-40c4-bf43-89931630d313" command: type: string description: | User specified testcase to be tested against the API example: "Get pet with id 123" apiSpec: type: object properties: serviceUrl: type: string description: Service URL of API if any example: "https://localhost:8243/pizzashack/1.0.0" tools: type: array description: Extracted Http tools from the OpenAPI specification items: type: object example: name: "GET-order_orderId" description: "Get details of an Order by providing Order Id. This tool invokes a HTTP GET resource" method: "GET" path: "/order/{orderId}" parameters: orderId: location: "path" description: "Order Id" required: true style: "simple" explode: false schema: type: "string" format: "string" response: type: object properties: code: type: integer description: HTTP status code of the response example: 201 path: type: string description: HTTP path url with encoded parameters example: "/order/123" headers: type: object description: Response headers example: contentType: "application/json" body: type: object description: Response payload example: orderId: "300ada62-81bd-4c89-bdfa-983de3cadd77" pizzaType: "Pepperoni" quantity: 2 customerName: "John Doe" creditCardNumber: "1234567890123456" address: "123 Main St" delivered: false ApiChatResponse: title: API Chat response properties: apiSpec: type: object title: Enriched API spec required: - tools properties: serviceUrl: type: string description: Extracted service URL from the OpenAPI specification if there is any example: "https://localhost:8243/pizzashack/1.0.0" tools: type: array description: Extracted Http tools from the OpenAPI specification items: type: object example: name: "GET-order_orderId" description: "Get details of an Order by providing Order Id. This tool invokes a HTTP GET resource" method: "GET" path: "/order/{orderId}" parameters: orderId: location: "path" description: "Order Id" required: true style: "simple" explode: false schema: type: "string" format: "string" taskStatus: type: string description: Task status (IN_PROGRESS, TERMINATED or COMPLETED) enum: - IN_PROGRESS - TERMINATED - COMPLETED example: COMPLETED resource: type: object properties: method: type: string description: HTTP method of the resource example: "GET" path: type: string description: Path of the resource example: "/order/{orderId}" inputs: type: object description: Input parameters for the resource example: parameters: orderId: "123" result: type: string description: completion result example: "The pet with ID 123 is available. Here are the details: - ID: 123 - Name: asd - Status: available" queries: type: array description: list of sample queries items: $ref: '#/components/schemas/SampleQuery' SampleQuery: title: API Chat sample query record required: - scenario - query properties: scenario: type: string description: scenario query: type: string description: generated query ChatMessage: required: - content - role type: object properties: role: type: string description: user or assistant role of a chat message. example: "assistant" content: type: string description: content of the message. example: "Hi, How can I help you?" MarketplaceAssistantRequest: required: - query - history type: object properties: query: type: string description: natural langugae query given by the user. example: "Hi" history: type: array items: $ref: '#/components/schemas/ChatMessage' MarketplaceAssistantApi: required: - apiId - apiName - version type: object properties: apiId: type: string description: Uuid of the api. example: "1sbdhsjd-121n-nknsjkd-1213njb" apiName: type: string description: name of the api. example: "PizzaShackAPI" version: type: string description: version of the api. example: "1.0.0" MarketplaceAssistantResponse: required: - response type: object properties: response: type: string description: natural language response by the llm. example: "Hi, How can I help you?" apis: type: array items: $ref: '#/components/schemas/MarketplaceAssistantApi' MarketplaceAssistantApiCountResponse: required: - count - limit type: object properties: count: type: integer description: no of apis stored in the vectordb. example: "100" limit: type: integer description: maximum no of apis allowed for an org. example: "1000" PostRequestBody: title: Post request body type: object properties: content: type: string maxLength: 512 description: | Content of the comment example: This is a comment category: type: string description: | Category of the comment example: general required: - content PatchRequestBody: title: Patch request body type: object properties: content: type: string maxLength: 512 description: | Content of the comment example: This is a comment category: type: string description: | Category of the comment example: general #----------------------------------------------------- # Consumer Secret Object #----------------------------------------------------- ConsumerSecret: type: object properties: secretId: type: string description: Unique identifier for the secret example: sec_123456 secretValue: type: string description: The actual secret string example: "***r3tV@lu3" additionalProperties: type: object description: Additional dynamic properties for the secret creation request. additionalProperties: type: object example: expiresAt: 1761568483 description: "pizza application secret" #----------------------------------------------------- # Consumer Secret Request Object #----------------------------------------------------- ConsumerSecretCreationRequest: type: object properties: additionalProperties: type: object description: Additional properties for the secret creation request. additionalProperties: type: object example: expiresIn: 86400 description: "pizza application secret" example: additionalProperties: expiresIn: 86400 description: "pizza application secret" #----------------------------------------------------- # Consumer Secret Deletion Object #----------------------------------------------------- ConsumerSecretDeletionRequest: type: object properties: secretId: type: string description: Unique identifier for the secret example: sec_123456 additionalProperties: type: object description: Additional properties for the secret deletion request. additionalProperties: type: object #----------------------------------------------------- # Consumer Secret List Object #----------------------------------------------------- ConsumerSecretList: title: Client Secret List properties: count: type: integer description: | Number of consumer secrets returned. example: 1 list: type: array items: $ref: '#/components/schemas/ConsumerSecret' responses: BadRequest: description: Bad Request. Invalid request or validation error. content: application/json: schema: $ref: '#/components/schemas/Error' example: code: 400 message: Bad Request description: Invalid request or validation error moreInfo: "" error: [] Conflict: description: Conflict. Specified resource already exists. content: application/json: schema: $ref: '#/components/schemas/Error' example: code: 409 message: Conflict description: Specified resource already exists moreInfo: "" error: [] InternalServerError: description: Internal Server Error. content: application/json: schema: $ref: '#/components/schemas/Error' example: code: 500 message: Internal Server Error description: The server encountered an internal error. Please contact administrator. moreInfo: "" error: [] NotAcceptable: description: Not Acceptable. The requested media type is not supported. content: application/json: schema: $ref: '#/components/schemas/Error' example: code: 406 message: Not Acceptable description: The requested media type is not supported moreInfo: "" error: [] NotFound: description: Not Found. The specified resource does not exist. content: application/json: schema: $ref: '#/components/schemas/Error' example: code: 404 message: Not Found description: The specified resource does not exist moreInfo: "" error: [] PreconditionFailed: description: Precondition Failed. The request has not been performed because one of the preconditions is not met. content: application/json: schema: $ref: '#/components/schemas/Error' example: code: 412 message: Precondition Failed description: The request has not been performed because one of the preconditions is not met moreInfo: "" error: [] Unauthorized: description: Unauthorized. The user is not authorized. content: application/json: schema: $ref: '#/components/schemas/Error' example: code: 401 message: Unauthorized description: The user is not authorized moreInfo: "" error: [] Forbidden: description: Forbidden. The user does not have permission to perform this action. content: application/json: schema: $ref: '#/components/schemas/Error' example: code: 403 message: Forbidden description: The user does not have permission to perform this action moreInfo: "" error: [ ] UnsupportedMediaType: description: Unsupported Media Type. The entity of the request was not in a supported format. content: application/json: schema: $ref: '#/components/schemas/Error' example: code: 415 message: Unsupported media type description: The entity of the request was not in a supported format moreInfo: "" error: [] TooManyRequests: description: Too many requests. content: application/json: schema: $ref: '#/components/schemas/Error' example: code: 429 message: TooManyRequests description: The user has exceeded the rate limit moreInfo: "" error: [ ] parameters: parentCommentId: name: replyTo in: query description: | ID of the perent comment. schema: type: string requestedTenant: name: X-WSO2-Tenant in: header description: | For cross-tenant invocations, this is used to specify the tenant domain, where the resource need to be retrieved from. schema: type: string includeCommenterInfo: name: includeCommenterInfo in: query description: | Whether we need to display commentor details. schema: type: boolean default : false apiId: name: apiId in: path description: | **API ID** consisting of the **UUID** of the API. required: true schema: type: string mcpServerId: name: mcpServerId in: path description: | **MCP Server ID** consisting of the **UUID** of the MCP Server. required: true schema: type: string apiProductId: name: apiProductId in: path description: | **API Product ID** consisting of the **UUID** of the API Product. required: true schema: type: string x-encoded: true x-encoded: true apiId-Q: name: apiId in: query description: | **API ID** consisting of the **UUID** of the API. schema: type: string requestedTenant-Q: name: X-WSO2-Tenant-Q in: query description: | For cross-tenant invocations, this is used to specify the tenant domain, where the resource need to be retirieved from. schema: type: string apiType-Q: name: apiType in: query description: | **API TYPE** Identifies the type API(API or API_PRODUCT). schema: type: string language: name: language in: query description: | Programming language to generate SDK. required: true schema: type: string documentId: name: documentId in: path description: | Document Identifier required: true schema: type: string applicationId: name: applicationId in: path description: | Application Identifier consisting of the UUID of the Application. required: true schema: type: string keyMappingId: name: keyMappingId in: path description: | OAuth Key Identifier consisting of the UUID of the Oauth Key Mapping. required: true schema: type: string filterByUserRoles: name: filterByUserRoles in: query description: | Filter user by roles. schema: type: boolean applicationId-Q: name: applicationId in: query description: | **Application Identifier** consisting of the UUID of the Application. schema: type: string groupId: name: groupId in: query description: | Application Group Id schema: type: string subscriptionId: name: subscriptionId in: path description: | Subscription Id required: true schema: type: string policyId: name: policyId in: path description: | The name of the policy required: true schema: type: string commentId: name: commentId in: path description: | Comment Id required: true schema: type: string ratingId: name: ratingId in: path description: | Rating Id required: true schema: type: string policyLevel: name: policyLevel in: path description: | List Application or Subscription type thro. required: true schema: type: string enum: - application - subscription environmentName: name: environmentName in: query description: | Name of the API gateway environment. schema: type: string exp: name: exp in: query description: | Time of expiration of the generated URL. required: false schema: type: integer format: int64 sig: name: sig in: query description: | Signature to validate the generated URL. required: false schema: type: string formatWsdl: name: format in: query description: | If format is wsdl, send the content of the main WSDL file and not the archived WSDL. If not defined, send the zip. required: false schema: type: string resourceType: name: type in: query description: Type of the resource to be retrieved using the generated url (Ex - wsdl) required: true schema: type: string enum: - wsdl limit: name: limit in: query description: | Maximum size of resource array to return. schema: type: integer default: 25 offset: name: offset in: query description: | Starting point within the complete list of items qualified. schema: type: integer default: 0 replyLimit: name: replyLimit in: query description: | Maximum size of replies array to return. schema: type: integer default: 25 replyOffset: name: replyOffset in: query description: | Starting point within the complete list of replies. schema: type: integer default: 0 keyType: name: keyType in: path description: | **Application Key Type** standing for the type of the keys (i.e. Production or Sandbox). required: true schema: type: string enum: - PRODUCTION - SANDBOX keyName: name: keyName in: path description: | Name of the API key. URL-encode reserved characters. required: true schema: type: string x-encoded: true If-None-Match: name: If-None-Match in: header description: | Validator for conditional requests; based on the ETag of the formerly retrieved variant of the resourec. schema: type: string If-Match: name: If-Match in: header description: | Validator for conditional requests; based on ETag. schema: type: string alertType: name: alertType in: path description: | The alert type. required: true schema: type: string configurationId: name: configurationId in: path description: | The alert configuration id. Base64 encoded value of 'apiName#apiVersion#applicationName'. required: true schema: type: string action: name: apiChatAction in: query description: | Action to be performed on API Chat AI Agent. Specifies whether 'prepare' or 'execute' schema: type: string enum: - PREPARE - EXECUTE securitySchemes: OAuth2Security: type: oauth2 flows: password: tokenUrl: https://localhost:9443/oauth2/token scopes: openid: Authorize access to user details apim:subscribe: Subscribe API apim:api_key: Generate API Keys apim:app_manage: Retrieve, Manage and Import, Export applications apim:sub_manage: Retrieve, Manage subscriptions apim:store_settings: Retrieve Developer Portal settings apim:sub_alert_manage: Retrieve, subscribe and configure Developer Portal alert types apim:app_import_export: Import and export applications related operations apim:admin: Manage all admin operations