Disabling Security for APIs¶
An API can be invoked without authentication by disabling security. Pick one of the following methods to disable security depending on the Choreo Connect mode you have chosen.
Mode | Method |
---|---|
Choreo Connect with WSO2 API Manager as a Control Plane | Via WSO2 API Manager Publisher Portal |
Choreo Connect as a Standalone Gateway | By Updating the OpenAPI Definition |
Via WSO2 API Manager Publisher Portal¶
Follow the steps given in Disabling Security for APIs.
By updating the OpenAPI definition¶
APIs can be exposed without requiring any authentication (i.e. disable transport security and application security) using the OpenAPI extension x-wso2-disable-security
. This extension is supported at API, resource, and operation levels. The following is an example of how you can disable security for an API.
openapi: 3.0.0
info:
version: 1.0.0
title: Petstore
x-wso2-disable-security: true
paths:
"/pet/findByStatus":
get:
paths:
"/pet/findByStatus":
x-wso2-disable-security: true
get:
tags:
- pet
summary: Finds Pets by status
description: Multiple status values can be provided with comma separated strings
operationId: findPetsByStatus
paths:
"/pet/findByStatus":
get:
x-wso2-disable-security: true
tags:
- pet
summary: Finds Pets by status
description: Multiple status values can be provided with comma separated strings
operationId: findPetsByStatus