Publish OpenAPI Service Wizard

An Administrator can use the Publish OpenAPI Service wizard to publish a service based on an OpenAPI document. The wizard guides you through the steps to specify the OpenAPI document, routing URI, and API Server URL. You can optionally select validation options to apply to request messages in the service policy. The wizard creates a sample template policy to help you get started (see ).
9-5
An Administrator can use the 
Publish OpenAPI Service
 wizard to publish a service based on an OpenAPI document. The wizard guides you through the steps to specify the OpenAPI document, routing URI, and API Server URL. You can optionally select validation options to apply to request messages in the service policy. The wizard creates a sample template policy to help you get started (see Validate Against OpenAPI Document Assertion).
 
 
If the incoming protocol to your service differs from that of your OpenAPI service, be sure to change the Route via HTTP(S) Assertion (in the template policy generated by this wizard) to use that protocol. For example, inbound SSL is added to the OpenAPI policy, yet the OpenAPI back end uses HTTP. In this case, change the beginning of the URL in the Route via HTTP(S) Assertion in the template policy from "
${request.url.protocol}:
" to "
http:
".
Publish a Service
  1. Click 
    Tasks > Services and APIs > Publish OpenAPI Service 
    in the Policy Development window.
    The Publish OpenAPI Service Wizard opens.
  2. Specify the location of the OpenAPI document in the 
    OpenAPI Document Location 
    and click 
    Next
    This document must be online, hosted on a HTTP/HTTPS server. To configure options for the URL (for example, to specify credentials, SSL, or proxy options), click [
    HTTP Options
    ] to open the Manage HTTP Options dialog.
    Note:
     An error message stating that the OpenAPI document location cannot be parsed and may indicate that authentication is required. If this occurs, click [
    HTTP Options
    ] to configure options for the URL.
  3. Enter a name for the service in the 
    Service Name
     field. If the Title is set in the OpenAPI document, it is set as the default value.
  4. Enter the resolution URI for the service to publish in the 
    Routing URI
     field. If the server URI is set in the OpenAPI document, it is set as the default value.
  5. Select an 
    API Server URL
     from the drop-down list. 
  6. Select the 
    OpenAPI Validation Options
     to enable in the resulting Validate Against OpenAPI Document assertion in the published service policy.
    1.  
      Validate Path: 
      Validate the path portion of the request, excluding the server URL and service URI, against the API from the OpenAPI document. This validation is enabled by default. If not selected, then any path is accepted.
      Note:
       Disabling path validation also disables all the other validation options.
    2.  
      Validate Method
      : Check whether the method from the request is allowed to be used with the API from the OpenAPI document. If not selected, then any method is accepted.
      Note:
       Method validation is available only when Path validation is selected.
    3.  
      Validate Body: 
      Check to validate the request body content against the JSON schema from the OpenAPI document if request body is of type JSON. Request body validation has the same limitation as that of Validate JSON Schema, if any.
      • JSON schema is cached after first load.
      • You can configure cache size and eviction time in Gateway System Properties.
      • If the request body length is more than the value that is configured in the system property, Gateway System Properties, it is ignored for request body validation.
         
       
      Note:
       Request body validation is available only when Method validation is selected.
    4.  
      Require Security Credentials to be Present
      : Check whether the appropriate security credentials specified in the API from the OpenAPI document are present in the request. If not selected, then any credentials (or no credentials) are accepted.
      Note:
       
      • Security credentials validation can be checked only when Method validation is chosen. 
      • This assertion does not collect or authenticate security credentials. It only verifies that they are present. If no permitted credentials are found, then the assertion fails.
  7. Click 
    Finish
    .
    The Policy window opens with the configured values.
Frequently Asked Questions
 
Question
 
 
Answer
 
Why can't I specify a OpenAPI document on a local or network drive?
The 
 
.json
 
or 
.yaml
 document is always expected to be hosted online. Advanced users can opt to paste the contents of the OpenAPI document into a context variable and create their own service.
Can I change the OpenAPI validation options later?
Yes. Simply open the Validate Against OpenAPI Document assertion in the published service and make the appropriate changes.
Why is my OpenAPI document download failing?
Verify that the document is a valid OpenAPI document. Also ensure that the document size does not exceed the maximum specified by the  cluster property.