Create an API from an Open API Definition

An OpenAPI definition is a format that describes REST APIs.

Follow the instructions below to create a REST API using an Open API definition for an existing API.

Create an API using the basic flow

  1. Sign in to the WSO2 API Publisher.

    https://<hostname>:9443/publisher (e.g., https://localhost:9443/publisher).


    The CREATE API button will only appear if the user who has signed in has the creator role permission.

  2. Click CREATE API and then click I have an existing REST API.

  3. Select one of the following options:

    • OpenAPI URL - If you select this option, you need to provide an endpoint URL.
    • OpenAPI Archive/File - If you select this option, click Browse and upload either an individual Open API definition or an archive that has an Open API definition with external file references.


    You need to upload an archive if you have remote references in your API definition. If it is a single Swagger file without remote references it can be imported directly, without zipping. When uploading an OpenAPI archive, the master Swagger file should be named as swagger.yaml/swagger.json. If not, the validation will fail at the point of API creation. Referenced files can be named independently.


    The Swagger definitions should be placed under one root folder and zipped.

    Sample folder structures


    In the above sample, every Swagger definition is placed inside one root folder namely masterFolder.

  4. Select OpenAPI URL and provide as the URL. Click NEXT.

    Create a REST API using swagger definition

  5. Edit the information as given below and click CREATE.

    Field Sample value
    Name SwaggerPetstore
    Context /v2
    Version 1.0.5

    Create a REST API using swagger definition

    The Petstore API overview page appears.


Click Resources to navigate to the resources page.

You will notice that all the API resources are created automatically when the OpenAPI URL is specified.

API Definition

  1. Click API Definition and click Edit to remove the security headers.

    This is required to invoke the API in the Developer Portal using the OpenAPI UI.

  2. Remove the petstore_auth tag related configuration that appears under the security tag from the /pet POST resource given below.


    Do not remove the default tag related configuration that appears under the security tag.

    OpenAPI - Post resource

        - petstore_auth:
            - 'write:pets'
            - 'read:pets'
        - default:
            - 'write:pets'
            - 'read:pets'
  3. Remove the security pet/{petId} GET resource given below:

    OpenAPI - Get resource

            //remove the following code snippet
            - api_key: []
    4. After removing the security tags, click Update Contents to save the changes.


  1. Navigate to the Endpoints page.

  2. Enter the information shown below.

    Field Sample value
    Endpoint type HTTP/REST endpoint
    Production endpoint
    Sandbox endpoint Let's only work with the production endpoint for this sample. Therefore, uncheck the sandbox endpoint option.

  3. Click SAVE.

Runtime Configuration

Click Runtime Configuration to navigate to the runtime configurations that correspond to the API.

The Transport Level Security defines the transport protocol on which the API is exposed.


Both HTTP and HTTPS transports are selected by default. It is able to limit the API availability to only one transport (e.g., HTTPS) by clearing the checkbox of the other transport.


Transport Level Security defines the transport protocol on which the API is exposed. When creating a new API by using a Swagger or Open API definition, these transport security schemes can be defined using “x-wso2- transports”and "x-wso2-mutual-ssl”extensions.

x-wso2-mutual-ssl: "optional"
    - "https"
    - “http”


  1. Click Subscriptions.

  2. Select Gold and Silver as the Bussiness plans.


    The API can be available at different levels of the service. They allow you to limit the number of successful hits to an API during a given period of time.

  3. Click SAVE

Now, a REST API from an Open API Definition has been created and configured successfully.

Next, publish the API, for more information, see Publish an API.