Create a REST API

API creation is the process of linking an existing backend API implementation to the API Publisher, so that you can manage and monitor the API's lifecycle, documentation, security, community, and subscriptions. Alternatively, you can provide the API implementation in-line in the API Publisher itself.

Follow the instructions below to create a REST API using the basic flow.

  1. Sign in to the WSO2 API Publisher.


    Example: https://localhost:9443/publisher


    The CREATE button will only appear for a user who has the creator role permission.

  2. Go to CREATE API and Click Design a New REST API.

  3. Enter API details.

    FieldSample value


    The API context is used by the Gateway to identify the API. Therefore, the API context must be unique. This context is the API's root context when invoking the API through the Gateway.

    You can define the API's version as a parameter of its context by adding the {version} into the context. For example, {version}/pizzashack. The API Manager assigns the actual version of the API to the {version} parameter internally. For example, https://localhost:8243/1.0.0/pizzashack. Note that the version appears before the context, allowing you to group your APIs based on the versions.



    The endpoint that you add is automatically added as the production and sandbox endpoints.


    The CREATE & PUBLISH option will only appear when a user who has publisher permission adds the details for the Endpoint and Business plan(s), which are optional fields.

    Create an API page

  4. Click CREATE or CREATE & PUBLISH to create the API.

    The overview page of the newly created API appears.

    API overview page

  5. Configure the API design configurations.

    Design configurations

    1. Click Design Configurations.


      By default, All users who have creator permission are allowed Publisher Access Control and public Developer Portal visibility.

    2. Add a tag and press enter.

      Let's add a tag named pizza.


      Tags can be used to filter out APIs matching specific search criteria. It is a good practice to add tags that explain the functionality and purpose of the API so that subscribers can search for APIs based on the tags.

    3. Optionally, select Yes as the Make this the Default Version option.

      When an API is the default version -

      • The API will be available in the Gateway without a version specified in the production and sandbox URLs.
      • You to create a new version of this API and set it as the default version. Thereafter, the same resources can be invoked in the client applications without changing the API gateway URL.
      • You can create new versions of an API with changes, while at the same time allowing the existing client applications to be invoked without the client having to change the URLs.
    4. Click Save.

  6. Configure the runtime configurations.

    1. Click Runtime Configuration.

      Transport Level Security defines the transport protocol on which the API is exposed.

      Transport-level security

    2. If you wish to limit the API availability to only one transport (e.g., HTTPS), uncheck the Transport Level Security checkbox.

      Both HTTP and HTTPS transports are selected by default.

  7. Configure the resources.

    By default, the API will have five resources with /* as the URL pattern.

    1. Click Show More to navigate Resource page.

      Overview page resource section

    2. Modify the resources as follows and click SAVE to update the resources.

      1. Click delete, as shown below, to remove all the existing resources.

        Delete all existing resources

      2. Click (+) to add a new resource.

        Add new resource

        The newly added resource is displayed as follows.

        Newly added resource

    3. Expand the created GET operation to add Summary and Description and Operation governance.

      1. Add a summary and a description of your resource.
      2. Turn the Security setting Off if you want to make a certain operation of the API non secured and accessible without passing an access token. To make the whole API non secured, and fully accessible without an access token, turn the security setting off in all the operations of the API. Invoke API without Access Token
      3. In addition, you can add the resource Parameters using the Parameters section.

        You can define the following parameter types based on the resource parameters that you add.

        Parameter Type Description
        query Contains the fields added as part of the invocation URL that contains the data to be used to call the backend service.
        header Contains the case-sensitive names followed by a colon (:) and then by its value that carries additional information with the request, which defines the operating parameters of the transaction.
        cookie Operations can also pass parameters in the Cookie header, as Cookie: name=value. Multiple cookie parameters are sent in the same header, separated by a semicolon and space.
        body An arbitrary amount of data of any type is sent with a POST message.
  8. Optionally, view the API definition.

    Click API Definition. The OpenAPI Specification (a.k.a Swagger definition) for the PizzaShack API appears.

    REST API definition

Now, you have successfully created and configured a REST API. Next, let's Publish your API.


Click the following topics to learn more on the concepts that you need to know when creating an API: