

Disabling Security for APIs

An API can be invoked without authentication by disabling security. Pick one of the following methods to disable security depending on the Choreo Connect mode you have chosen.

Mode	Method
Choreo Connect with MWARE ESB as a Control Plane	Via MWARE ESB Publisher Portal
Choreo Connect as a Standalone Gateway	By Updating the OpenAPI Definition

Via MWARE ESB Publisher Portal

Follow the steps given in Disabling Security for APIs.

By updating the OpenAPI definition

APIs can be exposed without requiring any authentication (i.e. disable transport security and application security) using the OpenAPI extension x-wso2-disable-security . This extension is supported at API, resource, and operation levels. The following is an example of how you can disable security for an API.

API Level

openapi: 3.0.0
info:
  version: 1.0.0
  title: Petstore
x-wso2-disable-security: true
  paths:
    "/pet/findByStatus":
      get:

Resource Level

paths:
 "/pet/findByStatus":
    x-wso2-disable-security: true
    get:
      tags:
      - pet
      summary: Finds Pets by status
      description: Multiple status values can be provided with comma separated strings
      operationId: findPetsByStatus

Operation Level

paths:
 "/pet/findByStatus":
    get:
      x-wso2-disable-security: true
      tags:
      - pet
      summary: Finds Pets by status
      description: Multiple status values can be provided with comma separated strings
      operationId: findPetsByStatus

Top