Disabling Security for APIs

An API can be invoked without authentication by disabling security. Pick one of the following methods to disable security depending on the Choreo Connect mode you have chosen.

Mode Method
Choreo Connect with WSO2 API Manager as a Control Plane Via WSO2 API Manager Publisher Portal
Choreo Connect as a Standalone Gateway By Updating the OpenAPI Definition

Via WSO2 API Manager Publisher Portal

  1. Select the API from the Publisher Portal.

  2. Click Resources listed under API Configurations in the left menu to navigate to the Resources page in the Publisher.

  3. Expand any method and switch the security slidebar off to disable security for that specific resource.

    Disable security for a Prototype API resource

By updating the OpenAPI definition

APIs can be exposed without requiring any authentication (i.e. disable transport security and application security) using the OpenAPI extension x-wso2-disable-security . This extension is supported at API, resource, and operation levels. The following is an example of how you can disable security for an API.

openapi: 3.0.0
info:
  version: 1.0.0
  title: Petstore
x-wso2-disable-security: true
  paths:
    "/pet/findByStatus":
      get:
paths:
 "/pet/findByStatus":
    x-wso2-disable-security: true
    get:
      tags:
      - pet
      summary: Finds Pets by status
      description: Multiple status values can be provided with comma separated strings
      operationId: findPetsByStatus
paths:
 "/pet/findByStatus":
    get:
      x-wso2-disable-security: true
      tags:
      - pet
      summary: Finds Pets by status
      description: Multiple status values can be provided with comma separated strings
      operationId: findPetsByStatus
Top