The WSO2 API Manager Publisher API enables programmatic management of APIs within the WSO2 API Manager Publisher portal. It provides RESTful endpoints for creating, designing, implementing, versioning, and managing APIs through the full API lifecycle including design, publish, and deprecate.
# Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
openapi: 3.0.1
info:
title: WSO2 API Manager - Publisher API
description: |
This document specifies a **RESTful API** for WSO2 **API Manager** - **Publisher**.
Please see [full OpenAPI Specification](https://raw.githubusercontent.com/wso2/carbon-apimgt/master/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml) of the API which is written using [OAS 3.0](http://swagger.io/) specification.
# Authentication
The Publisher REST API is protected using OAuth2 and access control is achieved through scopes. Before you start invoking
the the API you need to obtain an access token with the required scopes. This guide will walk you through the steps
that you will need to follow to obtain an access token.
First you need to obtain the consumer key/secret key pair by calling the dynamic client registration (DCR) endpoint. You can add your preferred grant types
in the payload. A Sample payload is shown below.
```
{
"callbackUrl":"www.google.lk",
"clientName":"rest_api_publisher",
"owner":"admin",
"grantType":"client_credentials password refresh_token",
"saasApp":true
}
```
Create a file (payload.json) with the above sample payload, and use the cURL shown bellow to invoke the DCR endpoint. Authorization header of this should contain the
base64 encoded admin username and password.
**Format of the request**
```
curl -X POST -H "Authorization: Basic Base64(admin_username:admin_password)" -H "Content-Type: application/json"
\ -d @payload.json https://<host>:<servlet_port>/client-registration/v0.17/register
```
**Sample request**
```
curl -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json"
\ -d @payload.json https://localhost:9443/client-registration/v0.17/register
```
Following is a sample response after invoking the above curl.
```
{
"clientId": "fOCi4vNJ59PpHucC2CAYfYuADdMa",
"clientName": "rest_api_publisher",
"callBackURL": "www.google.lk",
"clientSecret": "a4FwHlq0iCIKVs2MPIIDnepZnYMa",
"isSaasApplication": true,
"appOwner": "admin",
"jsonString": "{\"grant_types\":\"client_credentials password refresh_token\",\"redirect_uris\":\"www.google.lk\",\"client_name\":\"rest_api123\"}",
"jsonAppAttribute": "{}",
"tokenType": null
}
```
Note that in a distributed deployment or IS as KM separated environment to invoke RESTful APIs (product APIs), users must generate tokens through API-M Control Plane's token endpoint.
The tokens generated using third party key managers, are to manage end-user authentication when accessing APIs.
Next you must use the above client id and secret to obtain the access token.
We will be using the password grant type for this, you can use any grant type you desire.
You also need to add the proper **scope** when getting the access token. All possible scopes for publisher REST API can be viewed in **OAuth2 Security** section
of this document and scope for each resource is given in **authorization** section of resource documentation.
Following is the format of the request if you are using the password grant type.
```
curl -k -d "grant_type=password&username=<admin_username>&password=<admin_passowrd&scope=<scopes seperated by space>"
\ -H "Authorization: Basic base64(cliet_id:client_secret)"
\ https://<host>:<servlet_port>/oauth2/token
```
**Sample request**
```
curl https://localhost:9443/oauth2/token -k \
-H "Authorization: Basic Zk9DaTR2Tko1OVBwSHVjQzJDQVlmWXVBRGRNYTphNEZ3SGxxMGlDSUtWczJNUElJRG5lcFpuWU1h" \
-d "grant_type=password&username=admin&password=admin&scope=apim:api_view apim:api_create"
```
Shown below is a sample response to the above request.
```
{
"access_token": "e79bda48-3406-3178-acce-f6e4dbdcbb12",
"refresh_token": "a757795d-e69f-38b8-bd85-9aded677a97c",
"scope": "apim:api_create apim:api_view",
"token_type": "Bearer",
"expires_in": 3600
}
```
Now you have a valid access token, which you can use to invoke an API.
Navigate through the API descriptions to find the required API, obtain an access token as described above and invoke the API with the authentication header.
If you use a different authentication mechanism, this process may change.
# Try out in Postman
If you want to try-out the embedded postman collection with "Run in Postman" option, please follow the guidelines listed below.
* All of the OAuth2 secured endpoints have been configured with an Authorization Bearer header with a parameterized access token. Before invoking any REST API resource make sure you run the `Register DCR Application` and `Generate Access Token` requests to fetch an access token with all required scopes.
* Make sure you have an API Manager instance up and running.
* Update the `basepath` parameter to match the hostname and port of the APIM instance.
[](https://app.getpostman.com/run-collection/32294946-7fbaad97-7fb9-43ae-b6f2-13b63f2867d7)
contact:
name: WSO2
url: https://wso2.com/api-manager/
email: [email protected]
license:
name: Apache 2.0
url: http://www.apache.org/licenses/LICENSE-2.0.html
version: v4
servers:
- url: https://apis.wso2.com/api/am/publisher/v4
security:
- OAuth2Security:
- apim:api_view
paths:
######################################################
# The "API Collection" resource APIs
######################################################
/apis:
get:
tags:
- APIs
summary: |
Retrieve/Search APIs
description: |
This operation provides you a list of available APIs qualifying under a given search condition.
Each retrieved API is represented with a minimal amount of attributes. If you want to get complete details of an API, you need to use **Get details of an API** operation.
parameters:
- $ref: '#/components/parameters/limit'
- $ref: '#/components/parameters/offset'
- $ref: '#/components/parameters/requestedTenant'
- name: query
in: query
description: |
**Search condition**.
You can search in attributes by using an **"<attribute>:"** modifier.
Eg.
"provider:wso2" will match an API if the provider of the API contains "wso2".
"provider:"wso2"" will match an API if the provider of the API is exactly "wso2".
"status:PUBLISHED" will match an API if the API is in PUBLISHED state.
Also you can use combined modifiers
Eg.
name:pizzashack version:v1 will match an API if the name of the API is pizzashack and version is v1.
Supported attribute modifiers are [**version, context, name, status,
description, provider, api-category, tags, doc, contexttemplate,
lcstate, content, type, label, enablestore, thirdparty**]
If no advanced attribute modifier has been specified, the API names containing
the search term will be returned as a result.
Please note that you need to use encoded URL (URL encoding) if you are using a client which does not support URL encoding (such as curl)
schema:
type: string
- $ref: '#/components/parameters/If-None-Match'
- $ref: '#/components/parameters/Accept'
responses:
200:
description: |
OK.
List of qualifying APIs is returned.
headers:
ETag:
description: |
Entity Tag of the response resource. Used by caches, or in conditional requests (Will be supported in future).
schema:
type: string
Content-Type:
description: The content type of the body.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/APIList'
304:
description: |
Not Modified.
Empty body because the client has already the latest version of the requested resource (Will be supported in future).
content: {}
406:
$ref: '#/components/responses/NotAcceptable'
security:
- OAuth2Security:
- apim:api_view
- apim:api_manage
- apim:api_import_export
- apim:api_list_view
x-code-samples:
- lang: Curl
source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
"https://127.0.0.1:9443/api/am/publisher/v4/apis"'
operationId: getAllAPIs
post:
tags:
- APIs
summary: Create a New API
description: |
This operation can be used to create a new API specifying the details of the API in the payload. The new API will be in `CREATED` state.
There is a special capability for a user who has `APIM Admin` permission such that he can create APIs on behalf of other users. For that he can to specify `"provider" : "some_other_user"` in the payload so that the API's creator will be shown as `some_other_user` in the UI.
parameters:
- name: openAPIVersion
in: query
description: Open api version
schema:
type: string
default: v3
enum:
- v2
- v3
requestBody:
description: API object that needs to be added
content:
application/json:
schema:
$ref: '#/components/schemas/API'
required: true
responses:
201:
description: |
Created.
Successful response with the newly created object as entity in the body.
Location header contains URL of newly created entity.
headers:
ETag:
description: |
Entity Tag of the response resource. Used by caches, or in conditional requests (Will be supported in future).
schema:
type: string
Location:
description: |
The URL of the newly created resource.
schema:
type: string
Content-Type:
description: |
The content type of the body.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/API'
400:
$ref: '#/components/responses/BadRequest'
415:
$ref: '#/components/responses/UnsupportedMediaType'
security:
- OAuth2Security:
- apim:api_create
- apim:api_manage
x-code-samples:
- lang: Curl
source: 'curl -k -X POST -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
-H "Content-Type: application/json" -d @data.json "https://127.0.0.1:9443/api/am/publisher/v4/apis"'
operationId: createAPI
#######################################################
# The "API Design Assistant - Chat" resource APIs
#######################################################
/design-assistant/chat:
post:
tags:
- API Design Assistant
summary: Generate API Specifications with API Design Assistant
description: |
Generates API specifications based on natural language input.
Key features:
- Converts text descriptions into structured API specifications
- Provides QoS suggestions and other improvements
- Supports session-based API generation
requestBody:
description: Input for API specification generation
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/DesignAssistantChatQuery'
responses:
200:
description: Successful API specification generation
content:
application/json:
schema:
$ref: '#/components/schemas/DesignAssistantChatResponse'
400:
$ref: '#/components/responses/BadRequest'
415:
$ref: '#/components/responses/UnsupportedMediaType'
security:
- OAuth2Security:
- apim:api_create
- apim:api_manage
x-code-samples:
- lang: Curl
source: 'curl -k -X POST -H Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -d "{\"text\": \"create an API for a banking transaction.\", \"sessionId\": \"1234567890\"}" "https://127.0.0.1:9443/api/am/publisher/v4/design-assistant/chat"'
operationId: designAssistantChat
######################################################################
# The "API Design Assistant - Generate API Payloads" resource APIs
######################################################################
/design-assistant/generate-api-payload:
post:
tags:
- API Design Assistant
summary: Create API Payload with API Design Assistant
description: |
Creates an API payload using the stored specification.
requestBody:
description: Input for API payload creation
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/DesignAssistantGenAPIPayload'
responses:
200:
description: API payload successfully created.
content:
application/json:
schema:
$ref: '#/components/schemas/DesignAssistantAPIPayloadResponse'
400:
$ref: '#/components/responses/BadRequest'
415:
$ref: '#/components/responses/UnsupportedMediaType'
security:
- OAuth2Security:
- apim:api_create
- apim:api_manage
x-code-samples:
- lang: Curl
source: 'curl -k -X POST -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -H "Content-Type: application/json" -d "{\"sessionId\": \"1234567890\"}" "https://127.0.0.1:9443/api/am/publisher/v4/design-assistant/generate-api-payload"'
operationId: designAssistantApiPayloadGen
######################################################
# The "Individual API" resource APIs
######################################################
/apis/{apiId}:
get:
tags:
- APIs
summary: Get Details of an API
description: |
Using this operation, you can retrieve complete details of a single API. You need to provide the Id of the API to retrive it.
parameters:
- $ref: '#/components/parameters/apiId'
- $ref: '#/components/parameters/requestedTenant'
- $ref: '#/components/parameters/If-None-Match'
responses:
200:
description: |
OK.
Requested API is returned
headers:
ETag:
description: |
Entity Tag of the response resource. Used by caches, or in conditional requests (Will be supported in future).
schema:
type: string
Last-Modified:
description: |
Date and time the resource has been modifed the last time.
Used by caches, or in conditional requests (Will be supported in future).
schema:
type: string
Content-Type:
description: |
The content type of the body.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/API'
304:
description: |
Not Modified.
Empty body because the client has already the latest version of the requested resource (Will be supported in future).
content: {}
404:
$ref: '#/components/responses/NotFound'
406:
$ref: '#/components/responses/NotAcceptable'
security:
- OAuth2Security:
- apim:api_view
- apim:api_manage
- apim:api_import_export
- apim:api_product_import_export
x-code-samples:
- lang: Curl
source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
"https://127.0.0.1:9443/api/am/publisher/v4/apis/7a2298c4-c905-403f-8fac-38c73301631f"'
operationId: getAPI
put:
tags:
- APIs
summary: Update an API
description: |
This operation can be used to update an existing API.
But the properties `name`, `version`, `context`, `provider`, `state` will not be changed by this operation.
parameters:
- $ref: '#/components/parameters/apiId'
- $ref: '#/components/parameters/If-Match'
requestBody:
description: API object that needs to be added
content:
application/json:
schema:
$ref: '#/components/schemas/API'
required: true
responses:
200:
description: |
OK.
Successful response with updated API object
headers:
ETag:
description: |
Entity Tag of the response resource. Used by caches, or in conditional requests (Will be supported in future).
schema:
type: string
Last-Modified:
description: |
Date and time the resource has been modifed the last time.
Used by caches, or in conditional requests (Will be supported in future).
schema:
type: string
Location:
description: |
The URL of the newly created resource.
schema:
type: string
Content-Type:
description: |
The content type of the body.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/API'
400:
$ref: '#/components/responses/BadRequest'
403:
$ref: '#/components/responses/Forbidden'
404:
$ref: '#/components/responses/NotFound'
409:
$ref: '#/components/responses/Conflict'
412:
$ref: '#/components/responses/PreconditionFailed'
security:
- OAuth2Security:
- apim:api_create
- apim:api_manage
- apim:api_publish
x-code-samples:
- lang: Curl
source: 'curl -k -X PUT -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
-H "Content-Type: application/json" -d @data.json "https://127.0.0.1:9443/api/am/publisher/v4/apis/7a2298c4-c905-403f-8fac-38c73301631f"'
operationId: updateAPI
delete:
tags:
- APIs
summary: Delete an API
description: |
This operation can be used to delete an existing API proving the Id of the API.
parameters:
- $ref: '#/components/parameters/apiId'
- $ref: '#/components/parameters/If-Match'
responses:
200:
description: |
OK.
Resource successfully deleted.
content: {}
403:
$ref: '#/components/responses/Forbidden'
404:
$ref: '#/components/responses/NotFound'
409:
$ref: '#/components/responses/Conflict'
412:
$ref: '#/components/responses/PreconditionFailed'
security:
- OAuth2Security:
- apim:api_delete
- apim:api_manage
- apim:api_import_export
x-code-samples:
- lang: Curl
source: 'curl -k -X DELETE -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
"https://127.0.0.1:9443/api/am/publisher/v4/apis/7a2298c4-c905-403f-8fac-38c73301631f"'
operationId: deleteAPI
/apis/{apiId}/topics:
put:
tags:
- APIs
summary: Update Topics of an Async API
description: This operation can be used to update topics of an existing async API.
operationId: updateTopics
parameters:
- $ref: '#/components/parameters/apiId'
- $ref: '#/components/parameters/If-Match'
requestBody:
description: API object that needs to be added
content:
application/json:
schema:
$ref: '#/components/schemas/TopicList'
required: true
responses:
200:
description: |
OK.
Successful response with updated API object
headers:
ETag:
description: |
Entity Tag of the response resource. Used by caches, or in conditional requests (Will be supported in future).
schema:
type: string
Last-Modified:
description: |
Date and time the resource has been modifed the last time.
Used by caches, or in conditional requests (Will be supported in future).
schema:
type: string
Location:
description: |
The URL of the newly created resource.
schema:
type: string
Content-Type:
description: |
The content type of the body.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/API'
security:
- OAuth2Security:
- apim:api_create
- apim:api_manage
- apim:api_import_export
x-code-samples:
- lang: Curl
source: 'curl -k -X PUT -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
-H "Content-Type: application/json" -d @data.json
"https://127.0.0.1:9443/api/am/publisher/v4/apis/7a2298c4-c905-403f-8fac-38c73301631f/topics"'
/apis/{apiId}/sequence-backend/{type}/content:
get:
tags:
- APIs
summary: Get Sequence of Custom Backend
description: This operation can be used to get Sequence of the Custom Backend
operationId: getSequenceBackendContent
parameters:
- name: type
in: path
description: |
Type of the Endpoint.
SANDBOX or PRODUCTION
required: true
schema:
maxLength: 15
type: string
- $ref: '#/components/parameters/apiId'
responses:
200:
description: |
OK.
Requested API Custom Backend is returned
headers:
Content-Type:
description: |
The content type of the body.
schema:
type: string
content:
application/xml:
schema:
type: string
format: binary
404:
$ref: '#/components/responses/NotFound'
406:
$ref: '#/components/responses/NotAcceptable'
security:
- OAuth2Security:
- apim:api_view
- apim:api_manage
- apim:api_import_export
- apim:api_product_import_export
x-code-samples:
- lang: Curl
source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
"https://127.0.0.1:9443/api/am/publisher/v4/apis/7a2298c4-c905-403f-8fac-38c73301631f/custom-backend/7a2298c4-c915-483f-8fac-38c73301631f/content"'
/apis/{apiId}/sequence-backend/{type}:
delete:
tags:
- APIs
summary: Delete Sequence Backend of the API
description: This operation can be used to remove the Sequence Backend of the API
operationId: sequenceBackendDelete
parameters:
- name: type
in: path
description: |
Type of the Endpoint.
SANDBOX or PRODUCTION
required: true
schema:
maxLength: 15
type: string
- $ref: '#/components/parameters/apiId'
responses:
200:
description: |
OK.
Resource successfully deleted.
content: { }
403:
$ref: '#/components/responses/Forbidden'
404:
$ref: '#/components/responses/NotFound'
409:
$ref: '#/components/responses/Conflict'
412:
$ref: '#/components/responses/PreconditionFailed'
security:
- OAuth2Security:
- apim:api_delete
- apim:api_manage
- apim:api_import_export
x-code-samples:
- lang: Curl
source: 'curl -k -X DELETE -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
"https://127.0.0.1:9443/api/am/publisher/v4/apis/7a2298c4-c905-403f-8fac-38c73301631f/custom-backend/7a2298c4-c915-483f-8fac-38c73301631f"'
/apis/{apiId}/sequence-backend:
get:
tags:
- APIs
summary: Get Sequence Backends of the API
description: This operation can be used to get Sequence Backend data of the API
operationId: getSequenceBackendData
parameters:
- $ref: '#/components/parameters/apiId'
responses:
200:
description: |
OK.
Requested API Sequence Backend is returned
headers:
Content-Type:
description: |
The content type of the body.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/SequenceBackendList'
404:
$ref: '#/components/responses/NotFound'
406:
$ref: '#/components/responses/NotAcceptable'
security:
- OAuth2Security:
- apim:api_view
- apim:api_manage
- apim:api_import_export
- apim:api_product_import_export
x-code-samples:
- lang: Curl
source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
"https://127.0.0.1:9443/api/am/publisher/v4/apis/7a2298c4-c905-403f-8fac-38c73301631f/custom-backend/7a2298c4-c915-483f-8fac-38c73301631f"'
put:
tags:
- APIs
summary: Upload Sequence Sequence as the Endpoint of the API
description: This operation can be used to change the endpoint of the API to Sequence Backend
operationId: sequenceBackendUpdate
parameters:
- $ref: '#/components/parameters/apiId'
requestBody:
content:
multipart/form-data:
schema:
properties:
sequence:
type: string
description: The sequence that needs to be uploaded.
format: binary
type:
type: string
description: Type of the Endpoint
responses:
200:
description: |
OK.
Successful response with updated API object
headers:
Location:
description: |
The URL of the newly created resource.
schema:
type: string
Content-Type:
description: |
The content type of the body.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/API'
400:
$ref: '#/components/responses/BadRequest'
403:
$ref: '#/components/responses/Forbidden'
404:
$ref: '#/components/responses/NotFound'
409:
$ref: '#/components/responses/Conflict'
412:
$ref: '#/components/responses/PreconditionFailed'
security:
- OAuth2Security:
- apim:api_create
- apim:api_manage
- apim:api_publish
x-code-samples:
- lang: Curl
source: 'curl -k -X PUT -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
-H "Content-Type: application/json" -d @data.json "https://127.0.0.1:9443/api/am/publisher/v4/apis/7a2298c4-c905-403f-8fac-38c73301631f/custom-backend"'
/apis/{apiId}/reimport-service:
put:
tags:
- APIs
summary: Update the Service that is used to create the API
description: This operation can be used to re-import the Service used to create the API
operationId: reimportServiceFromCatalog
parameters:
- $ref: '#/components/parameters/apiId'
responses:
200:
description: |
OK.
Successful response with updated API object
headers:
Location:
description: |
The URL of the newly created resource.
schema:
type: string
Content-Type:
description: |
The content type of the body.
schema:
type: string
content:
application/json:
schema:
$ref: '#/components/schemas/API'
404:
$ref: '#/components/responses/NotFound'
500:
$ref: '#/components/responses/InternalServerError'
security:
- OAuth2Security:
- apim:api_create
- apim:api_manage
x-code-samples:
- lang: Curl
source: 'curl -k -X PUT -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
"https://127.0.0.1:9443/api/am/publisher/v4/apis/ecb5b300-422d-4ee8-88d2-364a0a122238/reimport-service"'
/apis/{apiId}/swagger:
get:
tags:
- APIs
summary: Get Swagger Definition
description: |
This operation can be used to retrieve the swagger definition of an API.
parameters:
- $ref: '#/components/parameters/apiId'
- $ref: '#/components/parameters/If-None-Match'
responses:
200:
description: |
OK.
Requested swagger document of the API is returned
headers:
ETag:
description: |
Entity Tag of the response resource. Used by caches, or in conditional requests (Will be supported in future).
schema:
type: string
Last-Modified:
description: |
Date and time the resource has been modifed the last time.
Used by caches, or in conditional requests (Will be supported in future).
schema:
type: string
Content-Type:
description: |
The content type of the body.
schema:
type: string
content:
application/json:
schema:
type: string
example: ""
304:
description: |
Not Modified.
Empty body because the client has already the latest version of the requested resource (Will be supported in future).
content: {}
404:
$ref: '#/components/responses/NotFound'
406:
$ref: '#/components/responses/NotAcceptable'
security:
- OAuth2Security:
- apim:api_view
- apim:api_manage
- apim:api_definition_view
x-code-samples:
- lang: Curl
source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
"https://127.0.0.1:9443/api/am/publi
# --- truncated at 32 KB (650 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/wso2/refs/heads/main/openapi/wso2-publisher-api.yaml