API Gateway
Management API
Schemas
ResourceStatus
{
"id" : "reading-list-api-v1.0" ,
"state" : "deployed" ,
"createdAt" : "2026-04-24T07:21:13Z" ,
"updatedAt" : "2026-04-24T07:21:13Z" ,
"deployedAt" : "2026-04-24T07:21:13Z"
}
Server-managed lifecycle information for a resource
Properties
Name
Type
Required
Restrictions
Description
id
string
false
none
Unique identifier assigned by the server (equal to metadata.name)
state
string
false
none
Desired deployment state reported by the server
createdAt
string(date-time)
false
none
Timestamp when the resource was first created (UTC)
updatedAt
string(date-time)
false
none
Timestamp when the resource was last updated (UTC)
deployedAt
string(date-time)
false
none
Timestamp when the resource was last deployed (omitted when undeployed)
Enumerated Values
Property
Value
state
deployed
state
undeployed
RestAPIRequest
{
"apiVersion" : "gateway.api-platform.wso2.com/v1alpha1" ,
"kind" : "RestApi" ,
"metadata" : {
"name" : "reading-list-api-v1.0"
},
"spec" : {
"displayName" : "Reading-List-API" ,
"version" : "v1.0" ,
"context" : "/reading-list/$version" ,
"upstream" : {
"main" : {
"url" : "https://apis.bijira.dev/samples/reading-list-api-service/v1.0"
}
},
"policies" : [
{
"name" : "set-headers" ,
"version" : "v1" ,
"params" : {
"request" : {
"headers" : [
{
"name" : "x-wso2-apip-gateway-version" ,
"value" : "v1.0.0"
}
]
},
"response" : {
"headers" : [
{
"name" : "x-environment" ,
"value" : "development"
}
]
}
}
}
],
"operations" : [
{
"method" : "GET" ,
"path" : "/books"
},
{
"method" : "POST" ,
"path" : "/books"
},
{
"method" : "GET" ,
"path" : "/books/{id}"
},
{
"method" : "PUT" ,
"path" : "/books/{id}"
},
{
"method" : "DELETE" ,
"path" : "/books/{id}"
}
]
}
}
Properties
Name
Type
Required
Restrictions
Description
apiVersion
string
true
none
API specification version
kind
string
true
none
API type
metadata
Metadata true
none
none
spec
APIConfigData true
none
none
Enumerated Values
Property
Value
apiVersion
gateway.api-platform.wso2.com/v1alpha1
kind
RestApi
RestAPI
{
"apiVersion" : "gateway.api-platform.wso2.com/v1alpha1" ,
"kind" : "RestApi" ,
"metadata" : {
"name" : "reading-list-api-v1.0"
},
"spec" : {
"displayName" : "Reading-List-API" ,
"version" : "v1.0" ,
"context" : "/reading-list/$version" ,
"upstream" : {
"main" : {
"url" : "https://apis.bijira.dev/samples/reading-list-api-service/v1.0"
}
},
"policies" : [
{
"name" : "set-headers" ,
"version" : "v1" ,
"params" : {
"request" : {
"headers" : [
{
"name" : "x-wso2-apip-gateway-version" ,
"value" : "v1.0.0"
}
]
},
"response" : {
"headers" : [
{
"name" : "x-environment" ,
"value" : "development"
}
]
}
}
}
],
"operations" : [
{
"method" : "GET" ,
"path" : "/books"
},
{
"method" : "POST" ,
"path" : "/books"
},
{
"method" : "GET" ,
"path" : "/books/{id}"
},
{
"method" : "PUT" ,
"path" : "/books/{id}"
},
{
"method" : "DELETE" ,
"path" : "/books/{id}"
}
]
},
"status" : {
"id" : "reading-list-api-v1.0" ,
"state" : "deployed" ,
"createdAt" : "2026-04-24T07:21:13Z" ,
"updatedAt" : "2026-04-24T07:21:13Z" ,
"deployedAt" : "2026-04-24T07:21:13Z"
}
}
Properties
allOf
Name
Type
Required
Restrictions
Description
anonymous RestAPIRequest false
none
none
and
Name
Type
Required
Restrictions
Description
anonymous object
false
none
none
ยป status
ResourceStatus false
read-only
Server-managed lifecycle fields. Populated on responses.
WebSubAPIRequest
{
"apiVersion" : "gateway.api-platform.wso2.com/v1alpha1" ,
"kind" : "WebSubApi" ,
"metadata" : {
"name" : "github-events-v1.0"
},
"spec" : {
"displayName" : "GitHub Events" ,
"version" : "v1.0" ,
"context" : "/github-events/$version" ,
"channels" : [
{
"name" : "issues" ,
"method" : "SUB"
},
{
"name" : "pull_requests" ,
"method" : "SUB"
}
]
}
}
Properties
Name
Type
Required
Restrictions
Description
apiVersion
string
true
none
API specification version
kind
string
true
none
API type
metadata
Metadata true
none
none
spec
WebhookAPIData true
none
none
Enumerated Values
Property
Value
apiVersion
gateway.api-platform.wso2.com/v1alpha1
kind
WebSubApi
WebSubAPI
{
"apiVersion" : "gateway.api-platform.wso2.com/v1alpha1" ,
"kind" : "WebSubApi" ,
"metadata" : {
"name" : "github-events-v1.0"
},
"spec" : {
"displayName" : "GitHub Events" ,
"version" : "v1.0" ,
"context" : "/github-events/$version" ,
"channels" : [
{
"name" : "issues" ,
"method" : "SUB"
},
{
"name" : "pull_requests" ,
"method" : "SUB"
}
]
},
"status" : {
"id" : "github-events-v1.0" ,
"state" : "deployed" ,
"createdAt" : "2026-04-24T07:21:13Z" ,
"updatedAt" : "2026-04-24T07:21:13Z" ,
"deployedAt" : "2026-04-24T07:21:13Z"
}
}
Properties
allOf
Name
Type
Required
Restrictions
Description
anonymous WebSubAPIRequest false
none
none
and
Name
Type
Required
Restrictions
Description
anonymous object
false
none
none
ยป status
ResourceStatus false
read-only
Server-managed lifecycle fields. Populated on responses.
{
"name" : "reading-list-api-v1.0" ,
"labels" : {
"environment" : "production" ,
"team" : "backend" ,
"version" : "v1"
},
"annotations" : {
"gateway.api-platform.wso2.com/project-id" : "019d953f-d386-7a64-aa92-1869a28292e0"
}
}
Properties
Name
Type
Required
Restrictions
Description
name
string
true
none
Unique handle for the resource
labels
object
false
none
Labels are key-value pairs for organizing and selecting APIs. Keys must not contain spaces.
ยป additionalProperties
string
false
none
none
annotations
object
false
none
Annotations are arbitrary non-identifying metadata. Use domain-prefixed keys.
ยป additionalProperties
string
false
none
none
APIConfigData
{
"displayName" : "Reading List API" ,
"version" : "v1.0" ,
"context" : "/reading-list/$version" ,
"upstreamDefinitions" : [
{
"name" : "my-upstream-1" ,
"basePath" : "/api/v2" ,
"timeout" : {
"connect" : "5s"
},
"upstreams" : [
{
"url" : "http://prod-backend-1:5000" ,
"weight" : 80
}
]
}
],
"upstream" : {
"main" : {
"url" : "http://prod-backend:5000/api/v2" ,
"ref" : "string" ,
"hostRewrite" : "auto"
},
"sandbox" : {
"url" : "http://prod-backend:5000/api/v2" ,
"ref" : "string" ,
"hostRewrite" : "auto"
}
},
"vhosts" : {
"main" : "api.example.com" ,
"sandbox" : "sandbox-api.example.com"
},
"subscriptionPlans" : [
"Gold" ,
"Silver"
],
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
],
"operations" : [
{
"method" : "GET" ,
"path" : "/books/{id}" ,
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
}
],
"deploymentState" : "deployed"
}
Properties
Name
Type
Required
Restrictions
Description
displayName
string
true
none
Human-readable API name (must be URL-friendly - only letters, numbers, spaces, hyphens, underscores, and dots allowed)
version
string
true
none
Semantic version of the API
context
string
true
none
Base path for all API routes (must start with /, no trailing slash). Use version to embed the version in the path (e.g., /reading-list/
upstreamDefinitions
[UpstreamDefinition ]
false
none
List of reusable upstream definitions with optional timeout configurations
upstream
object
true
none
API-level upstream configuration
ยป main
Upstream true
none
Upstream backend configuration (single target or reference)
ยป sandbox
Upstream false
none
Upstream backend configuration (single target or reference)
vhosts
object
false
none
Custom virtual hosts/domains for the API
ยป main
string
true
none
Custom virtual host/domain for production traffic
ยป sandbox
string
false
none
Custom virtual host/domain for sandbox traffic
subscriptionPlans
[string]
false
none
List of subscription plan names available for this API
policies
[Policy ]
false
none
List of API-level policies applied to all operations unless overridden
operations
[Operation ]
true
none
List of HTTP operations/routes
deploymentState
string
false
none
Desired deployment state - 'deployed' (default) or 'undeployed'. When set to 'undeployed', the API is removed from router traffic but configuration, API keys, and policies are preserved for potential redeployment.
Enumerated Values
Property
Value
deploymentState
deployed
deploymentState
undeployed
UpstreamDefinition
{
"name" : "my-upstream-1" ,
"basePath" : "/api/v2" ,
"timeout" : {
"connect" : "5s"
},
"upstreams" : [
{
"url" : "http://prod-backend-1:5000" ,
"weight" : 80
}
]
}
Reusable upstream configuration with optional timeout and load balancing settings
Properties
Name
Type
Required
Restrictions
Description
name
string
true
none
Unique identifier for this upstream definition
basePath
string
false
none
Base path prefix for all endpoints in this upstream (e.g., /api/v2). All requests to this upstream will have this path prepended.
timeout
UpstreamTimeout false
none
Timeout configuration for upstream requests
upstreams
[object]
true
none
List of backend targets with optional weights for load balancing
ยป url
string(uri)
true
none
Backend URL (host and port only, path comes from basePath)
ยป weight
integer
false
none
Weight for load balancing (optional, default 100)
UpstreamTimeout
Timeout configuration for upstream requests
Properties
Name
Type
Required
Restrictions
Description
connect
string
false
none
Connection timeout duration (e.g., "5s", "500ms")
Upstream
{
"url" : "http://prod-backend:5000/api/v2" ,
"ref" : "string" ,
"hostRewrite" : "auto"
}
Upstream backend configuration (single target or reference)
Properties
Name
Type
Required
Restrictions
Description
url
string(uri)
false
none
Direct backend URL to route traffic to
ref
string
false
none
Reference to a predefined upstreamDefinition
hostRewrite
string
false
none
Controls how the Host header is handled when routing to the upstream. auto delegates host rewriting to Envoy, which rewrites the Host header using the upstream cluster host. manual disables automatic rewriting and expects explicit configuration.
oneOf
Name
Type
Required
Restrictions
Description
anonymous object
false
none
none
xor
Name
Type
Required
Restrictions
Description
anonymous object
false
none
none
Enumerated Values
Property
Value
hostRewrite
auto
hostRewrite
manual
Operation
{
"method" : "GET" ,
"path" : "/books/{id}" ,
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
}
Properties
Name
Type
Required
Restrictions
Description
method
string
true
none
HTTP method
path
string
true
none
Route path with optional
policies
[Policy ]
false
none
List of policies applied only to this operation (overrides or adds to API-level policies)
Enumerated Values
Property
Value
method
GET
method
POST
method
PUT
method
DELETE
method
PATCH
method
HEAD
method
OPTIONS
Policy
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
Properties
Name
Type
Required
Restrictions
Description
name
string
true
none
Name of the policy
version
string
true
none
Version of the policy. Only major-only version is allowed (e.g., v0, v1). Full semantic version (e.g., v1.0.0) is not accepted and will be rejected. The Gateway Controller resolves the major version to the single matching full version installed in the gateway image.
executionCondition
string
false
none
Expression controlling conditional execution of the policy
params
object
false
none
Arbitrary parameters for the policy (free-form key/value structure)
WebhookAPIData
{
"displayName" : "reading-list-api" ,
"version" : "v1.0" ,
"context" : "/weather" ,
"vhosts" : {
"main" : "api.example.com" ,
"sandbox" : "sandbox-api.example.com"
},
"allChannels" : {
"on_subscription" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_unsubscription" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_message_received" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_message_delivery" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
}
},
"channels" : {
"property1" : {
"on_subscription" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_unsubscription" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_message_received" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_message_delivery" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
}
},
"property2" : {
"on_subscription" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_unsubscription" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_message_received" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_message_delivery" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
}
}
},
"deploymentState" : "deployed"
}
Properties
Name
Type
Required
Restrictions
Description
displayName
string
true
none
Human-readable API name (must be URL-friendly - only letters, numbers, spaces, hyphens, underscores, and dots allowed)
version
string
true
none
Semantic version of the API
context
string
true
none
Base path for all API routes (must start with /, no trailing slash)
vhosts
object
false
none
Custom virtual hosts/domains for the API
ยป main
string
true
none
Custom virtual host/domain for production traffic
ยป sandbox
string
false
none
Custom virtual host/domain for sandbox traffic
allChannels
WebSubAllChannelPolicies false
none
Policies applied to all channels, organized by event type.
channels
object
false
none
Per-channel configuration keyed by channel name. Each key is a channel name and defines policies applied only to that channel.
ยป additionalProperties
WebSubChannel false
none
A single channel definition with optional per-channel policy overrides.
deploymentState
string
false
none
Desired deployment state - 'deployed' (default) or 'undeployed'. When set to 'undeployed', the API is removed from router traffic but configuration, API keys, and policies are preserved for potential redeployment.
Enumerated Values
Property
Value
deploymentState
deployed
deploymentState
undeployed
WebSubChannel
{
"on_subscription" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_unsubscription" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_message_received" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_message_delivery" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
}
}
A single channel definition with optional per-channel policy overrides.
Properties
WebSubEventPolicies
{
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
}
Policies for a single event type.
Properties
Name
Type
Required
Restrictions
Description
policies
[Policy ]
false
none
List of policies applied for this event type.
WebSubAllChannelPolicies
{
"on_subscription" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_unsubscription" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_message_received" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_message_delivery" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
}
}
Policies applied to all channels, organized by event type.
Properties
WebSubChannelPolicies
{
"on_subscription" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
],
"on_unsubscription" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
],
"on_message_received" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
],
"on_message_delivery" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
}
Policies applied to a specific channel, organized by event type.
Properties
Name
Type
Required
Restrictions
Description
on_subscription
[Policy ]
false
none
Policies applied when a client subscribes to this channel (e.g., rbac)
on_unsubscription
[Policy ]
false
none
Policies applied when a client unsubscribes from this channel
on_message_received
[Policy ]
false
none
Policies applied when a message is received for this channel
on_message_delivery
[Policy ]
false
none
Policies applied when delivering a message for this channel
Channel
{
"name" : "issues" ,
"method" : "SUB" ,
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
}
Channel (topic/event stream) definition for async APIs.
Properties
Name
Type
Required
Restrictions
Description
name
string
true
none
Channel name or topic identifier relative to API context.
method
string
true
none
Operation method type.
policies
[Policy ]
false
none
List of policies applied only to this channel (overrides or adds to API-level policies)
Enumerated Values
Property
Value
method
SUB
WebBrokerApiRequest
{
"apiVersion" : "gateway.api-platform.wso2.com/v1alpha1" ,
"kind" : "WebBrokerApi" ,
"metadata" : {
"name" : "stock-trading-v1.0"
},
"spec" : {
"displayName" : "Stock Trading WebBroker API" ,
"version" : "v1.0" ,
"context" : "/stock-trading/$version" ,
"receiver" : {
"name" : "websocket-receiver" ,
"type" : "websocket"
},
"broker" : {
"name" : "kafka-driver" ,
"type" : "kafka" ,
"properties" : {
"brokers" : [
"kafka-broker-1:9092" ,
"kafka-broker-2:9092"
]
}
},
"allChannels" : {
"on_connection_init" : {
"policies" : []
},
"on_produce" : {
"policies" : []
},
"on_consume" : {
"policies" : []
}
},
"channels" : {
"prices" : {
"produceTo" : {
"topic" : "stock.prices"
},
"consumeFrom" : {
"topic" : "stock.prices"
},
"on_connection_init" : {
"policies" : []
},
"on_produce" : {
"policies" : []
},
"on_consume" : {
"policies" : []
}
}
}
}
}
Properties
Name
Type
Required
Restrictions
Description
apiVersion
string
true
none
API specification version
kind
string
true
none
API type
metadata
Metadata true
none
none
spec
WebBrokerApiData true
none
none
Enumerated Values
Property
Value
apiVersion
gateway.api-platform.wso2.com/v1alpha1
kind
WebBrokerApi
WebBrokerApi
{
"apiVersion" : "gateway.api-platform.wso2.com/v1alpha1" ,
"kind" : "WebBrokerApi" ,
"metadata" : {
"name" : "stock-trading-v1.0"
},
"spec" : {
"displayName" : "Stock Trading WebBroker API" ,
"version" : "v1.0" ,
"context" : "/stock-trading/$version" ,
"receiver" : {
"name" : "websocket-receiver" ,
"type" : "websocket"
},
"broker" : {
"name" : "kafka-driver" ,
"type" : "kafka" ,
"properties" : {
"brokers" : [
"kafka-broker-1:9092" ,
"kafka-broker-2:9092"
]
}
},
"allChannels" : {
"on_connection_init" : {
"policies" : []
},
"on_produce" : {
"policies" : []
},
"on_consume" : {
"policies" : []
}
},
"channels" : {
"prices" : {
"produceTo" : {
"topic" : "stock.prices"
},
"consumeFrom" : {
"topic" : "stock.prices"
},
"on_connection_init" : {
"policies" : []
},
"on_produce" : {
"policies" : []
},
"on_consume" : {
"policies" : []
}
}
}
},
"status" : {
"id" : "stock-trading-v1.0" ,
"state" : "deployed" ,
"createdAt" : "2026-04-24T07:21:13Z" ,
"updatedAt" : "2026-04-24T07:21:13Z" ,
"deployedAt" : "2026-04-24T07:21:13Z"
}
}
Properties
allOf
and
Name
Type
Required
Restrictions
Description
anonymous object
false
none
none
ยป status
ResourceStatus false
read-only
Server-managed lifecycle fields. Populated on responses.
WebBrokerApiData
{
"displayName" : "Stock Trading WebBroker API" ,
"version" : "v1.0" ,
"context" : "/stock-trading" ,
"receiver" : {
"name" : "websocket-receiver" ,
"type" : "websocket" ,
"properties" : {}
},
"broker" : {
"name" : "kafka-driver" ,
"type" : "kafka" ,
"properties" : {
"brokers" : [
"kafka-broker-1:9092" ,
"kafka-broker-2:9092"
]
}
},
"allChannels" : {
"on_connection_init" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_produce" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_consume" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
}
},
"channels" : {
"property1" : {
"produceTo" : {
"topic" : "stock.prices"
},
"consumeFrom" : {
"topic" : "stock.prices"
},
"on_connection_init" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_produce" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_consume" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
}
},
"property2" : {
"produceTo" : {
"topic" : "stock.prices"
},
"consumeFrom" : {
"topic" : "stock.prices"
},
"on_connection_init" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_produce" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_consume" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
}
}
},
"vhosts" : {
"main" : "api.example.com" ,
"sandbox" : "sandbox-api.example.com"
},
"deploymentState" : "deployed"
}
Properties
Name
Type
Required
Restrictions
Description
displayName
string
true
none
Human-readable API name (must be URL-friendly - only letters, numbers, spaces, hyphens, underscores, and dots allowed)
version
string
true
none
Semantic version of the API
context
string
true
none
Base path for all API routes (must start with /, no trailing slash)
receiver
WebBrokerApiReceiver true
none
WebSocket receiver configuration
broker
WebBrokerApiBroker true
none
Message broker driver configuration
allChannels
WebBrokerApiAllChannelPolicies false
none
Protocol mediation policies applied to all channels
channels
object
true
none
Map of WebSocket channels for bidirectional streaming with Kafka (key is channel name)
ยป additionalProperties
WebBrokerApiChannel false
none
WebSocket channel configuration with Kafka topic mapping
vhosts
object
false
none
Custom virtual hosts/domains for the API
ยป main
string
true
none
Custom virtual host/domain for production traffic
ยป sandbox
string
false
none
Custom virtual host/domain for sandbox traffic
deploymentState
string
false
none
Desired deployment state - 'deployed' (default) or 'undeployed'. When set to 'undeployed', the API is removed from router traffic but configuration and policies are preserved for potential redeployment.
Enumerated Values
Property
Value
deploymentState
deployed
deploymentState
undeployed
WebBrokerApiReceiver
{
"name" : "websocket-receiver" ,
"type" : "websocket" ,
"properties" : {}
}
WebSocket receiver configuration
Properties
Name
Type
Required
Restrictions
Description
name
string
true
none
Receiver name
type
string
true
none
Receiver type
properties
object
false
none
Additional receiver properties
WebBrokerApiBroker
{
"name" : "kafka-driver" ,
"type" : "kafka" ,
"properties" : {
"brokers" : [
"kafka-broker-1:9092" ,
"kafka-broker-2:9092"
]
}
}
Message broker driver configuration
Properties
Name
Type
Required
Restrictions
Description
name
string
true
none
Broker driver name
type
string
true
none
Broker driver type
properties
object
true
none
Broker driver properties (e.g., bootstrap servers)
WebBrokerApiAllChannelPolicies
{
"on_connection_init" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_produce" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_consume" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
}
}
Protocol mediation policies applied to all channels
Properties
WebBrokerApiPolicyGroup
{
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
}
Group of policies
Properties
Name
Type
Required
Restrictions
Description
policies
[Policy ]
false
none
List of policies to apply
WebBrokerApiChannel
{
"produceTo" : {
"topic" : "stock.prices"
},
"consumeFrom" : {
"topic" : "stock.prices"
},
"on_connection_init" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_produce" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
},
"on_consume" : {
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
]
}
}
WebSocket channel configuration with Kafka topic mapping
Properties
WebBrokerApiProduceConfig
{
"topic" : "stock.prices"
}
Configuration for producing messages from WebSocket to Kafka
Properties
Name
Type
Required
Restrictions
Description
topic
string
true
none
Kafka topic to produce messages to
WebBrokerApiConsumeConfig
{
"topic" : "stock.prices"
}
Configuration for consuming messages from Kafka to WebSocket
Properties
Name
Type
Required
Restrictions
Description
topic
string
true
none
Kafka topic to consume messages from
APIKeyCreationRequest
{
"name" : "my-production-key"
}
Properties
Name
Type
Required
Restrictions
Description
name
string
false
none
Identifier of the API key. If not provided, a default identifier will be generated
apiKey
string
false
none
Optional plain-text API key value for external key injection.
maskedApiKey
string
false
none
Masked version of the API key for display purposes.
expiresIn
object
false
none
Expiration duration for the API key
ยป unit
string
true
none
Time unit for expiration
ยป duration
integer
true
none
Duration value for expiration
expiresAt
string(date-time)
false
none
Expiration timestamp. If both expiresIn and expiresAt are provided, expiresAt takes precedence.
externalRefId
string
false
none
External reference ID for the API key.
issuer
string
false
none
Identifies the portal that created this key. If provided, only api keys generated from
Enumerated Values
Property
Value
unit
seconds
unit
minutes
unit
hours
unit
days
unit
weeks
unit
months
APIKeyCreationResponse
{
"status" : "success" ,
"message" : "API key generated successfully" ,
"remainingApiKeyQuota" : 9 ,
"apiKey" : {
"name" : "my-production-key" ,
"displayName" : "My Production Key" ,
"apiKey" : "apip_1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef" ,
"apiId" : "reading-list-api-v1.0" ,
"status" : "active" ,
"createdAt" : "2026-04-01T10:30:00Z" ,
"createdBy" : "admin" ,
"expiresAt" : null ,
"source" : "local"
}
}
Properties
Name
Type
Required
Restrictions
Description
status
string
true
none
none
message
string
true
none
none
remainingApiKeyQuota
integer
false
none
Remaining API key quota for the user
apiKey
APIKey false
none
Details of an API key
APIKey
{
"name" : "my-production-key" ,
"displayName" : "My Production Key" ,
"apiKey" : "apip_1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef" ,
"apiId" : "reading-list-api-v1.0" ,
"status" : "active" ,
"createdAt" : "2026-04-01T10:30:00Z" ,
"createdBy" : "admin" ,
"expiresAt" : null ,
"source" : "local"
}
Details of an API key
Properties
Name
Type
Required
Restrictions
Description
name
string
true
none
URL-safe identifier for the API key (auto-generated from displayName, immutable, used as path parameter)
displayName
string
false
none
Human-readable name for the API key (user-provided, mutable)
apiKey
string
false
none
Generated API key with apip_ prefix
apiId
string
true
none
Unique public identifier of the API that the key is associated with
status
string
true
none
Status of the API key
createdAt
string(date-time)
true
none
Timestamp when the API key was generated
createdBy
string
true
none
Identifier of the user who generated the API key
expiresAt
string(date-time)ยฆnull
true
none
Expiration timestamp (null if no expiration)
source
string
true
none
Source of the API key (local or external)
externalRefId
string
false
none
External reference ID for the API key
Enumerated Values
Property
Value
status
active
status
revoked
status
expired
source
local
source
external
APIKeyRegenerationRequest
Properties
Name
Type
Required
Restrictions
Description
expiresIn
object
false
none
Expiration duration for the API key
ยป unit
string
true
none
Time unit for expiration
ยป duration
integer
true
none
Duration value for expiration
expiresAt
string(date-time)
false
none
Expiration timestamp
Enumerated Values
Property
Value
unit
seconds
unit
minutes
unit
hours
unit
days
unit
weeks
unit
months
APIKeyUpdateRequest
{
"name" : "my-production-key"
}
Properties
None
APIKeyRevocationResponse
{
"status" : "success" ,
"message" : "API key revoked successfully"
}
Properties
Name
Type
Required
Restrictions
Description
status
string
true
none
none
message
string
true
none
none
SubscriptionPlanCreateRequest
{
"planName" : "Gold" ,
"billingPlan" : "COMMERCIAL" ,
"stopOnQuotaReach" : true ,
"throttleLimitCount" : 1000 ,
"throttleLimitUnit" : "Hour" ,
"expiryTime" : "2026-12-31T23:59:59Z" ,
"status" : "ACTIVE"
}
Properties
Name
Type
Required
Restrictions
Description
planName
string
true
none
none
billingPlan
string
false
none
none
stopOnQuotaReach
boolean
false
none
none
throttleLimitCount
integer
false
none
none
throttleLimitUnit
string
false
none
none
expiryTime
string(date-time)
false
none
none
status
string
false
none
none
Enumerated Values
Property
Value
throttleLimitUnit
Min
throttleLimitUnit
Hour
throttleLimitUnit
Day
throttleLimitUnit
Month
status
ACTIVE
status
INACTIVE
SubscriptionPlanUpdateRequest
{
"planName" : "string" ,
"billingPlan" : "string" ,
"stopOnQuotaReach" : true ,
"throttleLimitCount" : 0 ,
"throttleLimitUnit" : "Min" ,
"expiryTime" : "2019-08-24T14:15:22Z" ,
"status" : "ACTIVE"
}
Properties
Name
Type
Required
Restrictions
Description
planName
string
false
none
none
billingPlan
string
false
none
none
stopOnQuotaReach
boolean
false
none
none
throttleLimitCount
integer
false
none
none
throttleLimitUnit
string
false
none
none
expiryTime
string(date-time)
false
none
none
status
string
false
none
none
Enumerated Values
Property
Value
throttleLimitUnit
Min
throttleLimitUnit
Hour
throttleLimitUnit
Day
throttleLimitUnit
Month
status
ACTIVE
status
INACTIVE
SubscriptionPlanResponse
{
"id" : "string" ,
"planName" : "string" ,
"billingPlan" : "string" ,
"stopOnQuotaReach" : true ,
"throttleLimitCount" : 0 ,
"throttleLimitUnit" : "string" ,
"expiryTime" : "2019-08-24T14:15:22Z" ,
"gatewayId" : "string" ,
"status" : "ACTIVE" ,
"createdAt" : "2019-08-24T14:15:22Z" ,
"updatedAt" : "2019-08-24T14:15:22Z"
}
Properties
Name
Type
Required
Restrictions
Description
id
string
false
none
none
planName
string
false
none
none
billingPlan
string
false
none
none
stopOnQuotaReach
boolean
false
none
none
throttleLimitCount
integer
false
none
none
throttleLimitUnit
string
false
none
none
expiryTime
string(date-time)
false
none
none
gatewayId
string
false
none
none
status
string
false
none
none
createdAt
string(date-time)
false
none
none
updatedAt
string(date-time)
false
none
none
Enumerated Values
Property
Value
status
ACTIVE
status
INACTIVE
SubscriptionPlanListResponse
{
"subscriptionPlans" : [
{
"id" : "string" ,
"planName" : "string" ,
"billingPlan" : "string" ,
"stopOnQuotaReach" : true ,
"throttleLimitCount" : 0 ,
"throttleLimitUnit" : "string" ,
"expiryTime" : "2019-08-24T14:15:22Z" ,
"gatewayId" : "string" ,
"status" : "ACTIVE" ,
"createdAt" : "2019-08-24T14:15:22Z" ,
"updatedAt" : "2019-08-24T14:15:22Z"
}
],
"count" : 0
}
Properties
Name
Type
Required
Restrictions
Description
subscriptionPlans
[SubscriptionPlanResponse ]
false
none
none
count
integer
false
none
none
SubscriptionCreateRequest
{
"apiId" : "c9f2b6ae-1234-5678-9abc-def012345678" ,
"subscriptionToken" : "sub-token-abc123xyz" ,
"applicationId" : "string" ,
"subscriptionPlanId" : "string" ,
"billingCustomerId" : "string" ,
"billingSubscriptionId" : "string" ,
"status" : "ACTIVE"
}
Properties
Name
Type
Required
Restrictions
Description
apiId
string
true
none
API identifier (deployment ID or handle)
subscriptionToken
string
true
none
Opaque subscription token for API invocation (required; stored as hash only)
applicationId
string
false
none
Application identifier (from DevPortal/STS). Optional for token-based subscriptions.
subscriptionPlanId
string
false
none
Subscription plan UUID for rate limit and billing configuration.
billingCustomerId
string
false
none
Billing customer identifier (optional, for analytics tracking).
billingSubscriptionId
string
false
none
Billing subscription identifier (optional, for analytics tracking).
status
string
false
none
none
Enumerated Values
Property
Value
status
ACTIVE
status
INACTIVE
status
REVOKED
SubscriptionUpdateRequest
Properties
Name
Type
Required
Restrictions
Description
status
string
false
none
none
Enumerated Values
Property
Value
status
ACTIVE
status
INACTIVE
status
REVOKED
SubscriptionResponse
{
"id" : "string" ,
"apiId" : "string" ,
"applicationId" : "string" ,
"subscriptionToken" : "string" ,
"subscriptionPlanId" : "string" ,
"billingCustomerId" : "string" ,
"billingSubscriptionId" : "string" ,
"gatewayId" : "string" ,
"status" : "ACTIVE" ,
"createdAt" : "2019-08-24T14:15:22Z" ,
"updatedAt" : "2019-08-24T14:15:22Z"
}
Properties
Name
Type
Required
Restrictions
Description
id
string
false
none
none
apiId
string
false
none
none
applicationId
string
false
none
none
subscriptionToken
string
false
none
Opaque subscription token (returned only on create; use Platform-API to retrieve for existing subscriptions)
subscriptionPlanId
string
false
none
Subscription plan UUID
billingCustomerId
string
false
none
Billing customer identifier
billingSubscriptionId
string
false
none
Billing subscription identifier
gatewayId
string
false
none
none
status
string
false
none
none
createdAt
string(date-time)
false
none
none
updatedAt
string(date-time)
false
none
none
Enumerated Values
Property
Value
status
ACTIVE
status
INACTIVE
status
REVOKED
SubscriptionListResponse
{
"subscriptions" : [
{
"id" : "string" ,
"apiId" : "string" ,
"applicationId" : "string" ,
"subscriptionToken" : "string" ,
"subscriptionPlanId" : "string" ,
"billingCustomerId" : "string" ,
"billingSubscriptionId" : "string" ,
"gatewayId" : "string" ,
"status" : "ACTIVE" ,
"createdAt" : "2019-08-24T14:15:22Z" ,
"updatedAt" : "2019-08-24T14:15:22Z"
}
],
"count" : 0
}
Properties
Name
Type
Required
Restrictions
Description
subscriptions
[SubscriptionResponse ]
false
none
none
count
integer
false
none
none
MCPProxyConfigurationRequest
{
"apiVersion" : "gateway.api-platform.wso2.com/v1alpha1" ,
"kind" : "Mcp" ,
"metadata" : {
"name" : "everything-mcp-v1.0"
},
"spec" : {
"displayName" : "Everything" ,
"version" : "v1.0" ,
"context" : "/everything" ,
"specVersion" : "2025-06-18" ,
"upstream" : {
"url" : "http://everything:3001"
},
"tools" : [],
"resources" : [],
"prompts" : []
}
}
Properties
Name
Type
Required
Restrictions
Description
apiVersion
string
true
none
MCP Proxy specification version
kind
string
true
none
MCP Proxy type
metadata
Metadata true
none
none
spec
MCPProxyConfigData true
none
none
Enumerated Values
Property
Value
apiVersion
gateway.api-platform.wso2.com/v1alpha1
kind
Mcp
MCPProxyConfiguration
{
"apiVersion" : "gateway.api-platform.wso2.com/v1alpha1" ,
"kind" : "Mcp" ,
"metadata" : {
"name" : "everything-mcp-v1.0"
},
"spec" : {
"displayName" : "Everything" ,
"version" : "v1.0" ,
"context" : "/everything" ,
"specVersion" : "2025-06-18" ,
"upstream" : {
"url" : "http://everything:3001"
},
"tools" : [],
"resources" : [],
"prompts" : []
},
"status" : {
"id" : "everything-mcp-v1.0" ,
"state" : "deployed" ,
"createdAt" : "2026-04-24T07:21:13Z" ,
"updatedAt" : "2026-04-24T07:21:13Z" ,
"deployedAt" : "2026-04-24T07:21:13Z"
}
}
Properties
allOf
and
Name
Type
Required
Restrictions
Description
anonymous object
false
none
none
ยป status
ResourceStatus false
read-only
Server-managed lifecycle fields. Populated on responses.
MCPProxyConfigData
{
"displayName" : "Everything" ,
"version" : "v1.0" ,
"context" : "/everything" ,
"specVersion" : "2025-06-18" ,
"vhost" : "mcp1.example.com" ,
"upstream" : {
"url" : "http://prod-backend:5000/api/v2" ,
"ref" : "string" ,
"hostRewrite" : "auto" ,
"auth" : {
"type" : "api-key" ,
"header" : "string" ,
"value" : "string"
}
},
"policies" : [
{
"name" : "cors" ,
"version" : "v1" ,
"executionCondition" : "request.metadata[authenticated] != true" ,
"params" : {}
}
],
"tools" : [
{
"name" : "string" ,
"title" : "string" ,
"description" : "string" ,
"inputSchema" : "string" ,
"outputSchema" : "string"
}
],
"resources" : [
{
"uri" : "string" ,
"name" : "string" ,
"title" : "string" ,
"description" : "string" ,
"mimeType" : "string" ,
"size" : 0
}
],
"prompts" : [
{
"name" : "string" ,
"title" : "string" ,
"description" : "string" ,
"arguments" : [
{
"name" : "string" ,
"description" : "string" ,
"required" : true ,
"title" : "string"
}
]
}
],
"deploymentState" : "deployed"
}
Properties
Name
Type
Required
Restrictions
Description
displayName
string
true
none
Human-readable MCP Proxy display name
version
string
true
none
MCP Proxy version
context
string
false
none
MCP Proxy context path
specVersion
string
false
none
MCP specification version
vhost
string
false
none
Virtual host name used for routing. Supports standard domain names, subdomains, or wildcard domains. Must follow RFC-compliant hostname rules. Wildcards are only allowed in the left-most label (e.g., *.example.com).
upstream
any
true
none
The backend MCP server url and auth configurations
allOf
Name
Type
Required
Restrictions
Description
ยป anonymous
Upstream false
none
Upstream backend configuration (single target or reference)
and
Name
Type
Required
Restrictions
Description
ยป anonymous
UpstreamAuth false
none
none
continued
Name
Type
Required
Restrictions
Description
policies
[Policy ]
false
none
List of MCP Proxy level policies applied
tools
[MCPTool ]
false
none
none
resources
[MCPResource ]
false
none
none
prompts
[MCPPrompt ]
false
none
none
deploymentState
string
false
none
Desired deployment state - 'deployed' (default) or 'undeployed'. When set to 'undeployed', the MCP Proxy is removed from router traffic but configuration and policies are preserved for potential redeployment.
Enumerated Values
Property
Value
deploymentState
deployed
deploymentState
undeployed
{
"name" : "string" ,
"title" : "string" ,
"description" : "string" ,
"inputSchema" : "string" ,
"outputSchema" : "string"
}
Properties
Name
Type
Required
Restrictions
Description
name
string
true
none
Unique identifier for the tool
title
string
false
none
Optional human-readable name of the tool for display purposes.
description
string
true
none
Human-readable description of functionality
inputSchema
string
true
none
JSON Schema defining expected parameters
outputSchema
string
false
none
Optional JSON Schema defining expected output structure
MCPResource
{
"uri" : "string" ,
"name" : "string" ,
"title" : "string" ,
"description" : "string" ,
"mimeType" : "string" ,
"size" : 0
}
Properties
Name
Type
Required
Restrictions
Description
uri
string
true
none
Unique identifier for the resource
name
string
true
none
The name of the resource
title
string
false
none
Optional human-readable name of the resource for display purposes
description
string
false
none
Optional description
mimeType
string
false
none
Optional MIME type
size
integer
false
none
Optional size in bytes
MCPPrompt
{
"name" : "string" ,
"title" : "string" ,
"description" : "string" ,
"arguments" : [
{
"name" : "string" ,
"description" : "string" ,
"required" : true ,
"title" : "string"
}
]
}
Properties
Name
Type
Required
Restrictions
Description
name
string
true
none
Unique identifier for the prompt
title
string
false
none
Optional human-readable name of the prompt for display purposes
description
string
false
none
Optional human-readable description
arguments
[object]
false
none
Optional list of arguments for customization
ยป name
string
true
none
Name of the argument
ยป description
string
false
none
Description of the argument
ยป required
boolean
false
none
Whether the argument is required
ยป title
string
false
none
Optional human-readable title of the argument
ErrorResponse
{
"status" : "error" ,
"message" : "Configuration validation failed" ,
"errors" : [
{
"field" : "spec.context" ,
"message" : "Context must start with / and cannot end with /"
}
]
}
Properties
Name
Type
Required
Restrictions
Description
status
string
true
none
none
message
string
true
none
High-level error description
errors
[ValidationError ]
false
none
Detailed validation errors
ValidationError
{
"field" : "spec.context" ,
"message" : "Context must start with / and cannot end with /"
}
Properties
Name
Type
Required
Restrictions
Description
field
string
false
none
Field that failed validation
message
string
false
none
Human-readable error message
LLMProviderTemplateRequest
{
"apiVersion" : "gateway.api-platform.wso2.com/v1alpha1" ,
"kind" : "LlmProviderTemplate" ,
"metadata" : {
"name" : "openai-template"
},
"spec" : {
"displayName" : "OpenAI" ,
"promptTokens" : {
"location" : "payload" ,
"identifier" : "$.usage.prompt_tokens"
},
"completionTokens" : {
"location" : "payload" ,
"identifier" : "$.usage.completion_tokens"
},
"totalTokens" : {
"location" : "payload" ,
"identifier" : "$.usage.total_tokens"
},
"remainingTokens" : {
"location" : "header" ,
"identifier" : "x-ratelimit-remaining-tokens"
},
"requestModel" : {
"location" : "payload" ,
"identifier" : "$.model"
},
"responseModel" : {
"location" : "payload" ,
"identifier" : "$.model"
}
}
}
Properties
Name
Type
Required
Restrictions
Description
apiVersion
string
true
none
Template specification version
kind
string
true
none
Template kind
metadata
Metadata true
none
none
spec
LLMProviderTemplateData true
none
none
Enumerated Values
Property
Value
apiVersion
gateway.api-platform.wso2.com/v1alpha1
kind
LlmProviderTemplate
LLMProviderTemplate
{
"apiVersion" : "gateway.api-platform.wso2.com/v1alpha1" ,
"kind" : "LlmProviderTemplate" ,
"metadata" : {
"name" : "openai-template"
},
"spec" : {
"displayName" : "OpenAI" ,
"promptTokens" : {
"location" : "payload" ,
"identifier" : "$.usage.prompt_tokens"
},
"completionTokens" : {
"location" : "payload" ,
"identifier" : "$.usage.completion_tokens"
},
"totalTokens" : {
"location" : "payload" ,
"identifier" : "$.usage.total_tokens"
},
"remainingTokens" : {
"location" : "header" ,
"identifier" : "x-ratelimit-remaining-tokens"
},
"requestModel" : {
"location" : "payload" ,
"identifier" : "$.model"
},
"responseModel" : {
"location" : "payload" ,
"identifier" : "$.model"
}
},
"status" : {
"id" : "openai-template" ,
"createdAt" : "2026-04-24T07:21:13Z" ,
"updatedAt" : "2026-04-24T07:21:13Z"
}
}
Properties
allOf
and
Name
Type
Required
Restrictions
Description
anonymous object
false
none
none
ยป status
ResourceStatus false
read-only
Server-managed lifecycle fields. Populated on responses.
LLMProviderTemplateData
{
"displayName" : "OpenAI" ,
"promptTokens" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
},
"completionTokens" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
},
"totalTokens" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
},
"remainingTokens" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
},
"requestModel" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
},
"responseModel" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
},
"resourceMappings" : {
"resources" : [
{
"resource" : "/responses" ,
"promptTokens" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
},
"completionTokens" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
},
"totalTokens" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
},
"remainingTokens" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
},
"requestModel" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
},
"responseModel" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
}
}
]
}
}
Properties
LLMProviderTemplateResourceMappings
{
"resources" : [
{
"resource" : "/responses" ,
"promptTokens" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
},
"completionTokens" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
},
"totalTokens" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
},
"remainingTokens" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
},
"requestModel" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
},
"responseModel" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
}
}
]
}
Properties
LLMProviderTemplateResourceMapping
{
"resource" : "/responses" ,
"promptTokens" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
},
"completionTokens" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
},
"totalTokens" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
},
"remainingTokens" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
},
"requestModel" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
},
"responseModel" : {
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
}
}
Properties
{
"location" : "payload" ,
"identifier" : "$.usage.inputTokens"
}
Properties
Name
Type
Required
Restrictions
Description
location
string
true
none
Where to find the token information
identifier
string
true
none
JSONPath expression or header name to identify the token value
Enumerated Values
Property
Value
location
payload
location
header
location
queryParam
location
pathParam
LLMProviderConfigurationRequest
{
"apiVersion" : "gateway.api-platform.wso2.com/v1alpha1" ,
"kind" : "LlmProvider" ,
"metadata" : {
"name" : "wso2-openai-provider"
},
"spec" : {
"displayName" : "OpenAI Provider" ,
"version" : "v1.0" ,
"template" : "openai" ,
"context" : "/openai/latest" ,
"upstream" : {
"url" : "https://api.openai.com/v1" ,
"auth" : {
"type" : "api-key" ,
"header" : "Authorization" ,
"value" : "Bearer sk-your-api-key"
}
},
"accessControl" : {
"mode" : "deny_all" ,
"exceptions" : [
{
"path" : "/chat/completions" ,
"methods" : [
"POST"
]
},
{
"path" : "/models" ,
"methods" : [
"GET"
]
},
{
"path" : "/models/{modelId}" ,
"methods" : [
"GET"
]
}
]
}
}
}
Properties
Name
Type
Required
Restrictions
Description
apiVersion
string
true
none
Provider specification version
kind
string
true
none
Provider kind
metadata
Metadata true
none
none
spec
LLMProviderConfigData true
none
none
Enumerated Values
Property
Value
apiVersion
gateway.api-platform.wso2.com/v1alpha1
kind
LlmProvider
LLMProviderConfiguration
{
"apiVersion" : "gateway.api-platform.wso2.com/v1alpha1" ,
"kind" : "LlmProvider" ,
"metadata" : {
"name" : "wso2-openai-provider"
},
"spec" : {
"displayName" : "OpenAI Provider" ,
"version" : "v1.0" ,
"template" : "openai" ,
"context" : "/openai/latest" ,
"upstream" : {
"url" : "https://api.openai.com/v1" ,
"auth" : {
"type" : "api-key" ,
"header" : "Authorization" ,
"value" : "Bearer sk-your-api-key"
}
},
"accessControl" : {
"mode" : "deny_all" ,
"exceptions" : [
{
"path" : "/chat/completions" ,
"methods" : [
"POST"
]
},
{
"path" : "/models" ,
"methods" : [
"GET"
]
},
{
"path" : "/models/{modelId}" ,
"methods" : [
"GET"
]
}
]
}
},
"status" : {
"id" : "wso2-openai-provider" ,
"state" : "deployed" ,
"createdAt" : "2026-04-24T07:21:13Z" ,
"updatedAt" : "2026-04-24T07:21:13Z" ,
"deployedAt" : "2026-04-24T07:21:13Z"
}
}
Properties
allOf
and
Name
Type
Required
Restrictions
Description
anonymous object
false
none
none
ยป status
ResourceStatus false
read-only
Server-managed lifecycle fields. Populated on responses.
LLMProviderConfigData
{
"displayName" : "WSO2 OpenAI Provider" ,
"version" : "v1.0" ,
"context" : "/openai" ,
"vhost" : "api.openai.com" ,
"template" : "openai" ,
"upstream" : {
"url" : "http://prod-backend:5000/api/v2" ,
"ref" : "string" ,
"hostRewrite" : "auto" ,
"auth" : {
"type" : "api-key" ,
"header" : "string" ,
"value" : "string"
}
},
"accessControl" : {
"mode" : "deny_all" ,
"exceptions" : [
{
"path" : "/chat/completions" ,
"methods" : [
"GET"
]
}
]
},
"policies" : [
{
"name" : "llm-cost-based-ratelimit" ,
"version" : "v1" ,
"paths" : [
{
"path" : "/chat/completions" ,
"methods" : [
"GET"
],
"params" : {}
}
]
}
],
"deploymentState" : "deployed"
}
Properties
Name
Type
Required
Restrictions
Description
displayName
string
true
none
Human-readable LLM Provider name
version
string
true
none
Semantic version of the LLM Provider
context
string
false
none
Base path for all API routes (must start with /, no trailing slash)
vhost
string
false
none
Virtual host name used for routing. Supports standard domain names, subdomains, or wildcard domains. Must follow RFC-compliant hostname rules. Wildcards are only allowed in the left-most label (e.g., *.example.com).
template
string
true
none
Template name to use for this LLM Provider
upstream
any
true
none
none
allOf
Name
Type
Required
Restrictions
Description
ยป anonymous
Upstream false
none
Upstream backend configuration (single target or reference)
and
Name
Type
Required
Restrictions
Description
ยป anonymous
UpstreamAuth false
none
none
continued
Name
Type
Required
Restrictions
Description
accessControl
LLMAccessControl true
none
none
policies
[LLMPolicy ]
false
none
List of policies applied only to this operation (overrides or adds to API-level policies)
deploymentState
string
false
none
Desired deployment state - 'deployed' (default) or 'undeployed'. When set to 'undeployed', the LLM Provider is removed from router traffic but configuration and policies are preserved for potential redeployment.
Enumerated Values
Property
Value
deploymentState
deployed
deploymentState
undeployed
UpstreamAuth
{
"auth" : {
"type" : "api-key" ,
"header" : "string" ,
"value" : "string"
}
}
Properties
Name
Type
Required
Restrictions
Description
auth
object
false
none
none
ยป type
string
true
none
none
ยป header
string
false
none
none
ยป value
string
false
none
none
Enumerated Values
Property
Value
type
api-key
LLMUpstreamAuth
{
"type" : "api-key" ,
"header" : "string" ,
"value" : "string"
}
Properties
Name
Type
Required
Restrictions
Description
type
string
true
none
none
header
string
false
none
none
value
string
false
none
none
Enumerated Values
Property
Value
type
api-key
LLMProxyProvider
{
"id" : "wso2-openai-provider" ,
"auth" : {
"type" : "api-key" ,
"header" : "string" ,
"value" : "string"
}
}
Properties
Name
Type
Required
Restrictions
Description
id
string
true
none
Unique id of a deployed llm provider
auth
LLMUpstreamAuth false
none
none
LLMAccessControl
{
"mode" : "deny_all" ,
"exceptions" : [
{
"path" : "/chat/completions" ,
"methods" : [
"GET"
]
}
]
}
Properties
Name
Type
Required
Restrictions
Description
mode
string
true
none
Access control mode
exceptions
[RouteException ]
false
none
Path exceptions to the access control mode
Enumerated Values
Property
Value
mode
allow_all
mode
deny_all
RouteException
{
"path" : "/chat/completions" ,
"methods" : [
"GET"
]
}
Properties
Name
Type
Required
Restrictions
Description
path
string
true
none
Path pattern
methods
[string]
true
none
HTTP methods
LLMPolicy
{
"name" : "llm-cost-based-ratelimit" ,
"version" : "v1" ,
"paths" : [
{
"path" : "/chat/completions" ,
"methods" : [
"GET"
],
"params" : {}
}
]
}
Properties
Name
Type
Required
Restrictions
Description
name
string
true
none
none
version
string
true
none
none
paths
[LLMPolicyPath ]
true
none
none
LLMPolicyPath
{
"path" : "/chat/completions" ,
"methods" : [
"GET"
],
"params" : {}
}
Properties
Name
Type
Required
Restrictions
Description
path
string
true
none
none
methods
[string]
true
none
none
params
object
true
none
JSON Schema describing the parameters accepted by this policy. This itself is a JSON Schema document.
LLMProxyConfigurationRequest
{
"apiVersion" : "gateway.api-platform.wso2.com/v1alpha1" ,
"kind" : "LlmProxy" ,
"metadata" : {
"name" : "openai-proxy"
},
"spec" : {
"displayName" : "OpenAI Proxy" ,
"version" : "v1.0" ,
"context" : "/openai-proxy" ,
"provider" : {
"id" : "wso2-openai-provider"
},
"policies" : []
}
}
Properties
Name
Type
Required
Restrictions
Description
apiVersion
string
true
none
Proxy specification version
kind
string
true
none
Proxy kind
metadata
Metadata true
none
none
spec
LLMProxyConfigData true
none
none
Enumerated Values
Property
Value
apiVersion
gateway.api-platform.wso2.com/v1alpha1
kind
LlmProxy
LLMProxyConfiguration
{
"apiVersion" : "gateway.api-platform.wso2.com/v1alpha1" ,
"kind" : "LlmProxy" ,
"metadata" : {
"name" : "openai-proxy"
},
"spec" : {
"displayName" : "OpenAI Proxy" ,
"version" : "v1.0" ,
"context" : "/openai-proxy" ,
"provider" : {
"id" : "wso2-openai-provider"
},
"policies" : []
},
"status" : {
"id" : "openai-proxy" ,
"state" : "deployed" ,
"createdAt" : "2026-04-24T07:21:13Z" ,
"updatedAt" : "2026-04-24T07:21:13Z" ,
"deployedAt" : "2026-04-24T07:21:13Z"
}
}
Properties
allOf
and
Name
Type
Required
Restrictions
Description
anonymous object
false
none
none
ยป status
ResourceStatus false
read-only
Server-managed lifecycle fields. Populated on responses.
LLMProxyConfigData
{
"displayName" : "OpenAI Proxy" ,
"version" : "v1.0" ,
"context" : "/openai" ,
"vhost" : "api.openai.com" ,
"provider" : {
"id" : "wso2-openai-provider" ,
"auth" : {
"type" : "api-key" ,
"header" : "string" ,
"value" : "string"
}
},
"policies" : [
{
"name" : "llm-cost-based-ratelimit" ,
"version" : "v1" ,
"paths" : [
{
"path" : "/chat/completions" ,
"methods" : [
"GET"
],
"params" : {}
}
]
}
],
"deploymentState" : "deployed"
}
Properties
Name
Type
Required
Restrictions
Description
displayName
string
true
none
Human-readable LLM proxy name (must be URL-friendly - only letters, numbers, spaces, hyphens, underscores, and dots allowed)
version
string
true
none
Semantic version of the LLM proxy
context
string
false
none
Base path for all API routes (must start with /, no trailing slash)
vhost
string
false
none
Virtual host name used for routing. Supports standard domain names, subdomains, or wildcard domains. Must follow RFC-compliant hostname rules. Wildcards are only allowed in the left-most label (e.g., *.example.com).
provider
LLMProxyProvider true
none
none
policies
[LLMPolicy ]
false
none
List of policies applied only to this operation (overrides or adds to API-level policies)
deploymentState
string
false
none
Desired deployment state - 'deployed' (default) or 'undeployed'. When set to 'undeployed', the LLM Proxy is removed from router traffic but configuration and policies are preserved for potential redeployment.
Enumerated Values
Property
Value
deploymentState
deployed
deploymentState
undeployed
SecretConfigurationRequest
{
"apiVersion" : "gateway.api-platform.wso2.com/v1alpha1" ,
"kind" : "Secret" ,
"metadata" : {
"name" : "database-password"
},
"spec" : {
"displayName" : "Database Password" ,
"description" : "PostgreSQL main database password" ,
"value" : "sup3rs3cr3t!"
}
}
Properties
Name
Type
Required
Restrictions
Description
apiVersion
string
true
none
Secret specification version
kind
string
true
none
Secret resource kind
metadata
Metadata true
none
none
spec
SecretConfigData true
none
none
Enumerated Values
Property
Value
apiVersion
gateway.api-platform.wso2.com/v1alpha1
kind
Secret
SecretConfiguration
{
"apiVersion" : "gateway.api-platform.wso2.com/v1alpha1" ,
"kind" : "Secret" ,
"metadata" : {
"name" : "database-password"
},
"spec" : {
"displayName" : "Database Password" ,
"description" : "PostgreSQL main database password" ,
"value" : "sup3rs3cr3t!"
},
"status" : {
"id" : "database-password" ,
"createdAt" : "2026-04-24T07:21:13Z" ,
"updatedAt" : "2026-04-24T07:21:13Z"
}
}
Composite of request fields plus a generic k8s-style status for documentation.
For actual HTTP response shapes, use SecretConfigurationResponseCreateUpdate,
SecretConfigurationResponseRetrieved, or SecretListItem (see
SecretResourceServiceStatus for the id/timestamp-only status on secret APIs).
Properties
allOf
and
Name
Type
Required
Restrictions
Description
anonymous object
false
none
none
ยป status
ResourceStatus false
read-only
Server-managed lifecycle fields. Populated on responses.
SecretConfigData
{
"displayName" : "Database Password" ,
"description" : "PostgreSQL main database password" ,
"value" : "sup3rs3cr3t!"
}
Properties
Name
Type
Required
Restrictions
Description
displayName
string
true
none
Human-readable secret name (must be URL-friendly - only letters, numbers, spaces, hyphens, underscores, and dots allowed)
description
string
false
none
Description of the secret
value
string(password)
true
none
Secret value (stored encrypted)
SecretConfigListData
{
"displayName" : "Database Password" ,
"description" : "PostgreSQL main database password"
}
Properties
Name
Type
Required
Restrictions
Description
displayName
string
true
none
Human-readable secret name (must be URL-friendly - only letters, numbers, spaces, hyphens, underscores, and dots allowed)
description
string
false
none
Description of the secret, if the server includes it
SecretListItem
{
"apiVersion" : "gateway.api-platform.wso2.com/v1alpha1" ,
"kind" : "Secret" ,
"metadata" : {
"name" : "database-password"
},
"spec" : {
"displayName" : "Database Password"
},
"status" : {
"id" : "database-password" ,
"createdAt" : "2026-04-24T07:21:13Z" ,
"updatedAt" : "2026-04-24T07:21:13Z"
}
}
Properties
Name
Type
Required
Restrictions
Description
apiVersion
string
true
none
Secret specification version
kind
string
true
none
Secret resource kind
metadata
Metadata true
none
none
spec
SecretConfigListData true
none
none
status
ResourceStatus false
read-only
Server-managed lifecycle fields. Omitted in list items may vary; the secret value is never included here.
Enumerated Values
Property
Value
apiVersion
gateway.api-platform.wso2.com/v1alpha1
kind
Secret
CertificateUploadRequest
{
"name" : "my-custom-ca" ,
"certificate" : "-----BEGIN CERTIFICATE-----\nMIIDXTCCAkWgAwIBAgIJAKL0UG+mRKtjMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\n...\n-----END CERTIFICATE-----\n"
}
Properties
Name
Type
Required
Restrictions
Description
name
string
true
none
Unique name for the certificate. Must be unique across all certificates.
certificate
string
true
none
PEM-encoded X.509 certificate(s). Can contain multiple certificates.
CertificateResponse
{
"id" : "550e8400-e29b-41d4-a716-446655440000" ,
"name" : "my-custom-ca" ,
"subject" : "CN=My CA,O=My Organization,C=US" ,
"issuer" : "CN=My CA,O=My Organization,C=US" ,
"notAfter" : "2026-11-26 06:07:26" ,
"count" : 1 ,
"message" : "Certificate uploaded and SDS updated successfully" ,
"status" : "success"
}
Properties
Name
Type
Required
Restrictions
Description
id
string
false
none
Unique identifier (UUID) for the certificate
name
string
false
none
Name of the certificate
subject
string
false
none
Certificate subject DN (for first cert if bundle)
issuer
string
false
none
Certificate issuer DN (for first cert if bundle)
notAfter
string(date-time)
false
none
Certificate expiration date (for first cert if bundle)
count
integer
false
none
Number of certificates in the file
message
string
false
none
Success or informational message
status
string
false
none
none
Enumerated Values
Property
Value
status
success
status
error
CertificateListResponse
{
"certificates" : [
{
"id" : "550e8400-e29b-41d4-a716-446655440000" ,
"name" : "my-custom-ca" ,
"subject" : "CN=My CA,O=My Organization,C=US" ,
"issuer" : "CN=My CA,O=My Organization,C=US" ,
"notAfter" : "2026-11-26 06:07:26" ,
"count" : 1 ,
"message" : "Certificate uploaded and SDS updated successfully" ,
"status" : "success"
}
],
"totalCount" : 3 ,
"totalBytes" : 221599 ,
"status" : "success"
}
Properties
Name
Type
Required
Restrictions
Description
certificates
[CertificateResponse ]
false
none
none
totalCount
integer
false
none
Total number of certificate files
totalBytes
integer
false
none
Total bytes of all certificate files
status
string
false
none
none
APIKeyListResponse
{
"apiKeys" : [
{
"name" : "my-production-key" ,
"displayName" : "My Production Key" ,
"apiKey" : "apip_1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef" ,
"apiId" : "reading-list-api-v1.0" ,
"status" : "active" ,
"createdAt" : "2026-04-01T10:30:00Z" ,
"createdBy" : "admin" ,
"expiresAt" : null ,
"source" : "local"
}
],
"totalCount" : 3 ,
"status" : "success"
}
Properties
Name
Type
Required
Restrictions
Description
apiKeys
[APIKey ]
false
none
[Details of an API key]
totalCount
integer
false
none
Total number of API keys
status
string
false
none
none
SecretListResponse
{
"status" : "success" ,
"count" : 5 ,
"secrets" : [
{
"apiVersion" : "gateway.api-platform.wso2.com/v1alpha1" ,
"kind" : "Secret" ,
"metadata" : {
"name" : "database-password"
},
"spec" : {
"displayName" : "Database Password"
},
"status" : {
"id" : "database-password" ,
"createdAt" : "2026-04-24T07:21:13Z" ,
"updatedAt" : "2026-04-24T07:21:13Z"
}
}
]
}
Properties
Name
Type
Required
Restrictions
Description
status
string
false
none
none
count
integer
false
none
Total number of secrets
secrets
[SecretListItem ]
false
none
List of secrets. For security, the spec.value field is omitted for every item in the list; retrieve a single secret by id to obtain the decrypted value.
SecretResourceServiceStatus
{
"id" : "database-password" ,
"createdAt" : "2026-01-05T10:30:00Z" ,
"updatedAt" : "2026-01-05T10:30:00Z"
}
Id and optional timestamps. Not the full ResourceStatus model (no state or
deployedAt).
Properties
Name
Type
Required
Restrictions
Description
id
string
true
none
Same as metadata.name / secret handle
createdAt
string(date-time)
false
none
none
updatedAt
string(date-time)
false
none
none
SecretConfigurationResponseCreateUpdate
{
"apiVersion" : "gateway.api-platform.wso2.com/v1alpha1" ,
"kind" : "Secret" ,
"metadata" : {
"name" : "database-password"
},
"spec" : {
"displayName" : "Database Password" ,
"description" : "PostgreSQL main database password"
},
"status" : {
"id" : "database-password" ,
"createdAt" : "2026-01-05T10:30:00Z" ,
"updatedAt" : "2026-01-05T10:30:00Z"
}
}
POST/PUT /secrets response. spec.value is not returned; see SecretConfigurationRequest for create/update request bodies.
Properties
Name
Type
Required
Restrictions
Description
apiVersion
string
true
none
none
kind
string
true
none
none
metadata
Metadata true
none
none
spec
SecretConfigListData true
none
none
status
SecretResourceServiceStatus true
none
Id and optional timestamps. Not the full ResourceStatus model (no state ordeployedAt).
Enumerated Values
Property
Value
apiVersion
gateway.api-platform.wso2.com/v1alpha1
kind
Secret
SecretConfigurationResponseRetrieved
{
"apiVersion" : "gateway.api-platform.wso2.com/v1alpha1" ,
"kind" : "Secret" ,
"metadata" : {
"name" : "database-password"
},
"spec" : {
"displayName" : "Database Password" ,
"description" : "PostgreSQL main database password" ,
"value" : "sup3rs3cr3t!"
},
"status" : {
"id" : "database-password" ,
"createdAt" : "2026-01-05T10:30:00Z" ,
"updatedAt" : "2026-01-05T10:30:00Z"
}
}
GET /secrets/{id} response including decrypted spec.value.
Properties
Name
Type
Required
Restrictions
Description
apiVersion
string
true
none
none
kind
string
true
none
none
metadata
Metadata true
none
none
spec
SecretConfigData true
none
none
status
SecretResourceServiceStatus true
none
Id and optional timestamps. Not the full ResourceStatus model (no state ordeployedAt).
Enumerated Values
Property
Value
apiVersion
gateway.api-platform.wso2.com/v1alpha1
kind
Secret