{
"id" : " reading-list-api-v1.0" "state" : " deployed" "createdAt" : " 2026-04-24T07:21:13Z" "updatedAt" : " 2026-04-24T07:21:13Z" "deployedAt" : " 2026-04-24T07:21:13Z" Server-managed lifecycle information for a resource
Name
Type
Required
Restrictions
Description
id
string
false
none
Unique identifier assigned by the server (equal to metadata.name)
state
string
false
none
Desired deployment state reported by the server
createdAt
string(date-time)
false
none
Timestamp when the resource was first created (UTC)
updatedAt
string(date-time)
false
none
Timestamp when the resource was last updated (UTC)
deployedAt
string(date-time)
false
none
Timestamp when the resource was last deployed (omitted when undeployed)
Property
Value
state
deployed
state
undeployed
{
"apiVersion" : " gateway.api-platform.wso2.com/v1alpha1" "kind" : " RestApi" "metadata" : {
"name" : " reading-list-api-v1.0" "spec" : {
"displayName" : " Reading-List-API" "version" : " v1.0" "context" : " /reading-list/$version" "upstream" : {
"main" : {
"url" : " https://apis.bijira.dev/samples/reading-list-api-service/v1.0" "policies" : [
{
"name" : " set-headers" "version" : " v1" "params" : {
"request" : {
"headers" : [
{
"name" : " x-wso2-apip-gateway-version" "value" : " v1.0.0" "response" : {
"headers" : [
{
"name" : " x-environment" "value" : " development" "operations" : [
{
"method" : " GET" "path" : " /books" "method" : " POST" "path" : " /books" "method" : " GET" "path" : " /books/{id}" "method" : " PUT" "path" : " /books/{id}" "method" : " DELETE" "path" : " /books/{id}"
Name
Type
Required
Restrictions
Description
apiVersion
string
true
none
API specification version
kind
string
true
none
API type
metadata
Metadata true
none
none
spec
APIConfigData true
none
none
Property
Value
apiVersion
gateway.api-platform.wso2.com/v1alpha1
kind
RestApi
{
"apiVersion" : " gateway.api-platform.wso2.com/v1alpha1" "kind" : " RestApi" "metadata" : {
"name" : " reading-list-api-v1.0" "spec" : {
"displayName" : " Reading-List-API" "version" : " v1.0" "context" : " /reading-list/$version" "upstream" : {
"main" : {
"url" : " https://apis.bijira.dev/samples/reading-list-api-service/v1.0" "policies" : [
{
"name" : " set-headers" "version" : " v1" "params" : {
"request" : {
"headers" : [
{
"name" : " x-wso2-apip-gateway-version" "value" : " v1.0.0" "response" : {
"headers" : [
{
"name" : " x-environment" "value" : " development" "operations" : [
{
"method" : " GET" "path" : " /books" "method" : " POST" "path" : " /books" "method" : " GET" "path" : " /books/{id}" "method" : " PUT" "path" : " /books/{id}" "method" : " DELETE" "path" : " /books/{id}" "status" : {
"id" : " reading-list-api-v1.0" "state" : " deployed" "createdAt" : " 2026-04-24T07:21:13Z" "updatedAt" : " 2026-04-24T07:21:13Z" "deployedAt" : " 2026-04-24T07:21:13Z" allOf
Name
Type
Required
Restrictions
Description
anonymous RestAPIRequest false
none
none
and
Name
Type
Required
Restrictions
Description
anonymous object
false
none
none
» status
ResourceStatus false
read-only
Server-managed lifecycle fields. Populated on responses.
{
"apiVersion" : " gateway.api-platform.wso2.com/v1alpha1" "kind" : " WebSubApi" "metadata" : {
"name" : " github-events-v1.0" "spec" : {
"displayName" : " GitHub Events" "version" : " v1.0" "context" : " /github-events/$version" "channels" : [
{
"name" : " issues" "method" : " SUB" "name" : " pull_requests" "method" : " SUB"
Name
Type
Required
Restrictions
Description
apiVersion
string
true
none
API specification version
kind
string
true
none
API type
metadata
Metadata true
none
none
spec
WebhookAPIData true
none
none
Property
Value
apiVersion
gateway.api-platform.wso2.com/v1alpha1
kind
WebSubApi
{
"apiVersion" : " gateway.api-platform.wso2.com/v1alpha1" "kind" : " WebSubApi" "metadata" : {
"name" : " github-events-v1.0" "spec" : {
"displayName" : " GitHub Events" "version" : " v1.0" "context" : " /github-events/$version" "channels" : [
{
"name" : " issues" "method" : " SUB" "name" : " pull_requests" "method" : " SUB" "status" : {
"id" : " github-events-v1.0" "state" : " deployed" "createdAt" : " 2026-04-24T07:21:13Z" "updatedAt" : " 2026-04-24T07:21:13Z" "deployedAt" : " 2026-04-24T07:21:13Z" allOf
Name
Type
Required
Restrictions
Description
anonymous WebSubAPIRequest false
none
none
and
Name
Type
Required
Restrictions
Description
anonymous object
false
none
none
» status
ResourceStatus false
read-only
Server-managed lifecycle fields. Populated on responses.
{
"name" : " reading-list-api-v1.0" "labels" : {
"environment" : " production" "team" : " backend" "version" : " v1" "annotations" : {
"gateway.api-platform.wso2.com/project-id" : " 019d953f-d386-7a64-aa92-1869a28292e0"
Name
Type
Required
Restrictions
Description
name
string
true
none
Unique handle for the resource
labels
object
false
none
Labels are key-value pairs for organizing and selecting APIs. Keys must not contain spaces.
» additionalProperties
string
false
none
none
annotations
object
false
none
Annotations are arbitrary non-identifying metadata. Use domain-prefixed keys.
» additionalProperties
string
false
none
none
{
"displayName" : " Reading List API" "version" : " v1.0" "context" : " /reading-list/$version" "upstreamDefinitions" : [
{
"name" : " my-upstream-1" "basePath" : " /api/v2" "timeout" : {
"connect" : " 5s" "upstreams" : [
{
"url" : " http://prod-backend-1:5000" "weight" : 80
}
]
}
],
"upstream" : {
"main" : {
"url" : " http://prod-backend:5000/api/v2" "ref" : " string" "hostRewrite" : " auto" "sandbox" : {
"url" : " http://prod-backend:5000/api/v2" "ref" : " string" "hostRewrite" : " auto" "vhosts" : {
"main" : " api.example.com" "sandbox" : " sandbox-api.example.com" "subscriptionPlans" : [
" Gold" " Silver" "policies" : [
{
"name" : " cors" "version" : " v1" "executionCondition" : " request.metadata[authenticated] != true" "params" : {}
}
],
"operations" : [
{
"method" : " GET" "path" : " /books/{id}" "policies" : [
{
"name" : " cors" "version" : " v1" "executionCondition" : " request.metadata[authenticated] != true" "params" : {}
}
]
}
],
"deploymentState" : " deployed"
Name
Type
Required
Restrictions
Description
displayName
string
true
none
Human-readable API name (must be URL-friendly - only letters, numbers, spaces, hyphens, underscores, and dots allowed)
version
string
true
none
Semantic version of the API
context
string
true
none
Base path for all API routes (must start with /, no trailing slash). Use $version to embed the version in the path (e.g., /reading-list/$version resolves to /reading-list/v1.0).
upstreamDefinitions
[UpstreamDefinition ]
false
none
List of reusable upstream definitions with optional timeout configurations
upstream
object
true
none
API-level upstream configuration
» main
Upstream true
none
Upstream backend configuration (single target or reference)
» sandbox
Upstream false
none
Upstream backend configuration (single target or reference)
vhosts
object
false
none
Custom virtual hosts/domains for the API
» main
string
true
none
Custom virtual host/domain for production traffic
» sandbox
string
false
none
Custom virtual host/domain for sandbox traffic
subscriptionPlans
[string]
false
none
List of subscription plan names available for this API
policies
[Policy ]
false
none
List of API-level policies applied to all operations unless overridden
operations
[Operation ]
true
none
List of HTTP operations/routes
deploymentState
string
false
none
Desired deployment state - 'deployed' (default) or 'undeployed'. When set to 'undeployed', the API is removed from router traffic but configuration, API keys, and policies are preserved for potential redeployment.
Property
Value
deploymentState
deployed
deploymentState
undeployed
{
"name" : " my-upstream-1" "basePath" : " /api/v2" "timeout" : {
"connect" : " 5s" "upstreams" : [
{
"url" : " http://prod-backend-1:5000" "weight" : 80
}
]
}
Reusable upstream configuration with optional timeout and load balancing settings
Name
Type
Required
Restrictions
Description
name
string
true
none
Unique identifier for this upstream definition
basePath
string
false
none
Base path prefix for all endpoints in this upstream (e.g., /api/v2). All requests to this upstream will have this path prepended.
timeout
UpstreamTimeout false
none
Timeout configuration for upstream requests
upstreams
[object]
true
none
List of backend targets with optional weights for load balancing
» url
string(uri)
true
none
Backend URL (host and port only, path comes from basePath)
» weight
integer
false
none
Weight for load balancing (optional, default 100)
Timeout configuration for upstream requests
Name
Type
Required
Restrictions
Description
connect
string
false
none
Connection timeout duration (e.g., "5s", "500ms")
{
"url" : " http://prod-backend:5000/api/v2" "ref" : " string" "hostRewrite" : " auto" Upstream backend configuration (single target or reference)
Name
Type
Required
Restrictions
Description
url
string(uri)
false
none
Direct backend URL to route traffic to
ref
string
false
none
Reference to a predefined upstreamDefinition
hostRewrite
string
false
none
Controls how the Host header is handled when routing to the upstream. auto delegates host rewriting to Envoy, which rewrites the Host header using the upstream cluster host. manual disables automatic rewriting and expects explicit configuration.
oneOf
Name
Type
Required
Restrictions
Description
anonymous object
false
none
none
xor
Name
Type
Required
Restrictions
Description
anonymous object
false
none
none
Property
Value
hostRewrite
auto
hostRewrite
manual
{
"method" : " GET" "path" : " /books/{id}" "policies" : [
{
"name" : " cors" "version" : " v1" "executionCondition" : " request.metadata[authenticated] != true" "params" : {}
}
]
}
Name
Type
Required
Restrictions
Description
method
string
true
none
HTTP method
path
string
true
none
Route path with optional {param} placeholders
policies
[Policy ]
false
none
List of policies applied only to this operation (overrides or adds to API-level policies)
Property
Value
method
GET
method
POST
method
PUT
method
DELETE
method
PATCH
method
HEAD
method
OPTIONS
{
"name" : " cors" "version" : " v1" "executionCondition" : " request.metadata[authenticated] != true" "params" : {}
}
Name
Type
Required
Restrictions
Description
name
string
true
none
Name of the policy
version
string
true
none
Version of the policy. Only major-only version is allowed (e.g., v0, v1). Full semantic version (e.g., v1.0.0) is not accepted and will be rejected. The Gateway Controller resolves the major version to the single matching full version installed in the gateway image.
executionCondition
string
false
none
Expression controlling conditional execution of the policy
params
object
false
none
Arbitrary parameters for the policy (free-form key/value structure)
{
"displayName" : " reading-list-api" "version" : " v1.0" "context" : " /weather" "vhosts" : {
"main" : " api.example.com" "sandbox" : " sandbox-api.example.com" "channels" : [
{
"name" : " issues" "method" : " SUB" "policies" : [
{
"name" : " cors" "version" : " v1" "executionCondition" : " request.metadata[authenticated] != true" "params" : {}
}
]
}
],
"policies" : [
{
"name" : " cors" "version" : " v1" "executionCondition" : " request.metadata[authenticated] != true" "params" : {}
}
],
"deploymentState" : " deployed"
Name
Type
Required
Restrictions
Description
displayName
string
true
none
Human-readable API name (must be URL-friendly - only letters, numbers, spaces, hyphens, underscores, and dots allowed)
version
string
true
none
Semantic version of the API
context
string
true
none
Base path for all API routes (must start with /, no trailing slash)
vhosts
object
false
none
Custom virtual hosts/domains for the API
» main
string
true
none
Custom virtual host/domain for production traffic
» sandbox
string
false
none
Custom virtual host/domain for sandbox traffic
channels
[Channel ]
true
none
List of channels - Async operations(SUB) for WebSub APIs
policies
[Policy ]
false
none
List of API-level policies applied to all operations unless overridden
deploymentState
string
false
none
Desired deployment state - 'deployed' (default) or 'undeployed'. When set to 'undeployed', the API is removed from router traffic but configuration, API keys, and policies are preserved for potential redeployment.
Property
Value
deploymentState
deployed
deploymentState
undeployed
{
"name" : " issues" "method" : " SUB" "policies" : [
{
"name" : " cors" "version" : " v1" "executionCondition" : " request.metadata[authenticated] != true" "params" : {}
}
]
}
Channel (topic/event stream) definition for async APIs.
Name
Type
Required
Restrictions
Description
name
string
true
none
Channel name or topic identifier relative to API context.
method
string
true
none
Operation method type.
policies
[Policy ]
false
none
List of policies applied only to this channel (overrides or adds to API-level policies)
Property
Value
method
SUB
{
"name" : " my-production-key"
Name
Type
Required
Restrictions
Description
name
string
false
none
Identifier of the API key. If not provided, a default identifier will be generated
apiKey
string
false
none
Optional plain-text API key value for external key injection.
maskedApiKey
string
false
none
Masked version of the API key for display purposes.
expiresIn
object
false
none
Expiration duration for the API key
» unit
string
true
none
Time unit for expiration
» duration
integer
true
none
Duration value for expiration
expiresAt
string(date-time)
false
none
Expiration timestamp. If both expiresIn and expiresAt are provided, expiresAt takes precedence.
externalRefId
string
false
none
External reference ID for the API key.
issuer
string
false
none
Identifies the portal that created this key. If provided, only api keys generated from
Property
Value
unit
seconds
unit
minutes
unit
hours
unit
days
unit
weeks
unit
months
{
"status" : " success" "message" : " API key generated successfully" "remainingApiKeyQuota" : 9 ,
"apiKey" : {
"name" : " my-production-key" "displayName" : " My Production Key" "apiKey" : " apip_1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef" "apiId" : " reading-list-api-v1.0" "status" : " active" "createdAt" : " 2026-04-01T10:30:00Z" "createdBy" : " admin" "expiresAt" : null ,
"source" : " local"
Name
Type
Required
Restrictions
Description
status
string
true
none
none
message
string
true
none
none
remainingApiKeyQuota
integer
false
none
Remaining API key quota for the user
apiKey
APIKey false
none
Details of an API key
{
"name" : " my-production-key" "displayName" : " My Production Key" "apiKey" : " apip_1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef" "apiId" : " reading-list-api-v1.0" "status" : " active" "createdAt" : " 2026-04-01T10:30:00Z" "createdBy" : " admin" "expiresAt" : null ,
"source" : " local" Details of an API key
Name
Type
Required
Restrictions
Description
name
string
true
none
URL-safe identifier for the API key (auto-generated from displayName, immutable, used as path parameter)
displayName
string
false
none
Human-readable name for the API key (user-provided, mutable)
apiKey
string
false
none
Generated API key with apip_ prefix
apiId
string
true
none
Unique public identifier of the API that the key is associated with
status
string
true
none
Status of the API key
createdAt
string(date-time)
true
none
Timestamp when the API key was generated
createdBy
string
true
none
Identifier of the user who generated the API key
expiresAt
string(date-time)¦null
true
none
Expiration timestamp (null if no expiration)
source
string
true
none
Source of the API key (local or external)
externalRefId
string
false
none
External reference ID for the API key
Property
Value
status
active
status
revoked
status
expired
source
local
source
external
APIKeyRegenerationRequest
Name
Type
Required
Restrictions
Description
expiresIn
object
false
none
Expiration duration for the API key
» unit
string
true
none
Time unit for expiration
» duration
integer
true
none
Duration value for expiration
expiresAt
string(date-time)
false
none
Expiration timestamp
Property
Value
unit
seconds
unit
minutes
unit
hours
unit
days
unit
weeks
unit
months
{
"name" : " my-production-key" None
{
"status" : " success" "message" : " API key revoked successfully"
Name
Type
Required
Restrictions
Description
status
string
true
none
none
message
string
true
none
none
SubscriptionPlanCreateRequest
{
"planName" : " Gold" "billingPlan" : " COMMERCIAL" "stopOnQuotaReach" : true ,
"throttleLimitCount" : 1000 ,
"throttleLimitUnit" : " Hour" "expiryTime" : " 2026-12-31T23:59:59Z" "status" : " ACTIVE"
Name
Type
Required
Restrictions
Description
planName
string
true
none
none
billingPlan
string
false
none
none
stopOnQuotaReach
boolean
false
none
none
throttleLimitCount
integer
false
none
none
throttleLimitUnit
string
false
none
none
expiryTime
string(date-time)
false
none
none
status
string
false
none
none
Property
Value
throttleLimitUnit
Min
throttleLimitUnit
Hour
throttleLimitUnit
Day
throttleLimitUnit
Month
status
ACTIVE
status
INACTIVE
SubscriptionPlanUpdateRequest
{
"planName" : " string" "billingPlan" : " string" "stopOnQuotaReach" : true ,
"throttleLimitCount" : 0 ,
"throttleLimitUnit" : " Min" "expiryTime" : " 2019-08-24T14:15:22Z" "status" : " ACTIVE"
Name
Type
Required
Restrictions
Description
planName
string
false
none
none
billingPlan
string
false
none
none
stopOnQuotaReach
boolean
false
none
none
throttleLimitCount
integer
false
none
none
throttleLimitUnit
string
false
none
none
expiryTime
string(date-time)
false
none
none
status
string
false
none
none
Property
Value
throttleLimitUnit
Min
throttleLimitUnit
Hour
throttleLimitUnit
Day
throttleLimitUnit
Month
status
ACTIVE
status
INACTIVE
{
"id" : " string" "planName" : " string" "billingPlan" : " string" "stopOnQuotaReach" : true ,
"throttleLimitCount" : 0 ,
"throttleLimitUnit" : " string" "expiryTime" : " 2019-08-24T14:15:22Z" "gatewayId" : " string" "status" : " ACTIVE" "createdAt" : " 2019-08-24T14:15:22Z" "updatedAt" : " 2019-08-24T14:15:22Z"
Name
Type
Required
Restrictions
Description
id
string
false
none
none
planName
string
false
none
none
billingPlan
string
false
none
none
stopOnQuotaReach
boolean
false
none
none
throttleLimitCount
integer
false
none
none
throttleLimitUnit
string
false
none
none
expiryTime
string(date-time)
false
none
none
gatewayId
string
false
none
none
status
string
false
none
none
createdAt
string(date-time)
false
none
none
updatedAt
string(date-time)
false
none
none
Property
Value
status
ACTIVE
status
INACTIVE
SubscriptionPlanListResponse
{
"subscriptionPlans" : [
{
"id" : " string" "planName" : " string" "billingPlan" : " string" "stopOnQuotaReach" : true ,
"throttleLimitCount" : 0 ,
"throttleLimitUnit" : " string" "expiryTime" : " 2019-08-24T14:15:22Z" "gatewayId" : " string" "status" : " ACTIVE" "createdAt" : " 2019-08-24T14:15:22Z" "updatedAt" : " 2019-08-24T14:15:22Z" "count" : 0
}
Name
Type
Required
Restrictions
Description
subscriptionPlans
[SubscriptionPlanResponse ]
false
none
none
count
integer
false
none
none
SubscriptionCreateRequest
{
"apiId" : " c9f2b6ae-1234-5678-9abc-def012345678" "subscriptionToken" : " sub-token-abc123xyz" "applicationId" : " string" "subscriptionPlanId" : " string" "billingCustomerId" : " string" "billingSubscriptionId" : " string" "status" : " ACTIVE"
Name
Type
Required
Restrictions
Description
apiId
string
true
none
API identifier (deployment ID or handle)
subscriptionToken
string
true
none
Opaque subscription token for API invocation (required; stored as hash only)
applicationId
string
false
none
Application identifier (from DevPortal/STS). Optional for token-based subscriptions.
subscriptionPlanId
string
false
none
Subscription plan UUID for rate limit and billing configuration.
billingCustomerId
string
false
none
Billing customer identifier (optional, for analytics tracking).
billingSubscriptionId
string
false
none
Billing subscription identifier (optional, for analytics tracking).
status
string
false
none
none
Property
Value
status
ACTIVE
status
INACTIVE
status
REVOKED
SubscriptionUpdateRequest
Name
Type
Required
Restrictions
Description
status
string
false
none
none
Property
Value
status
ACTIVE
status
INACTIVE
status
REVOKED
{
"id" : " string" "apiId" : " string" "applicationId" : " string" "subscriptionToken" : " string" "subscriptionPlanId" : " string" "billingCustomerId" : " string" "billingSubscriptionId" : " string" "gatewayId" : " string" "status" : " ACTIVE" "createdAt" : " 2019-08-24T14:15:22Z" "updatedAt" : " 2019-08-24T14:15:22Z"
Name
Type
Required
Restrictions
Description
id
string
false
none
none
apiId
string
false
none
none
applicationId
string
false
none
none
subscriptionToken
string
false
none
Opaque subscription token (returned only on create; use Platform-API to retrieve for existing subscriptions)
subscriptionPlanId
string
false
none
Subscription plan UUID
billingCustomerId
string
false
none
Billing customer identifier
billingSubscriptionId
string
false
none
Billing subscription identifier
gatewayId
string
false
none
none
status
string
false
none
none
createdAt
string(date-time)
false
none
none
updatedAt
string(date-time)
false
none
none
Property
Value
status
ACTIVE
status
INACTIVE
status
REVOKED
{
"subscriptions" : [
{
"id" : " string" "apiId" : " string" "applicationId" : " string" "subscriptionToken" : " string" "subscriptionPlanId" : " string" "billingCustomerId" : " string" "billingSubscriptionId" : " string" "gatewayId" : " string" "status" : " ACTIVE" "createdAt" : " 2019-08-24T14:15:22Z" "updatedAt" : " 2019-08-24T14:15:22Z" "count" : 0
}
Name
Type
Required
Restrictions
Description
subscriptions
[SubscriptionResponse ]
false
none
none
count
integer
false
none
none
MCPProxyConfigurationRequest
{
"apiVersion" : " gateway.api-platform.wso2.com/v1alpha1" "kind" : " Mcp" "metadata" : {
"name" : " everything-mcp-v1.0" "spec" : {
"displayName" : " Everything" "version" : " v1.0" "context" : " /everything" "specVersion" : " 2025-06-18" "upstream" : {
"url" : " http://everything:3001" "tools" : [],
"resources" : [],
"prompts" : []
}
}
Name
Type
Required
Restrictions
Description
apiVersion
string
true
none
MCP Proxy specification version
kind
string
true
none
MCP Proxy type
metadata
Metadata true
none
none
spec
MCPProxyConfigData true
none
none
Property
Value
apiVersion
gateway.api-platform.wso2.com/v1alpha1
kind
Mcp
{
"apiVersion" : " gateway.api-platform.wso2.com/v1alpha1" "kind" : " Mcp" "metadata" : {
"name" : " everything-mcp-v1.0" "spec" : {
"displayName" : " Everything" "version" : " v1.0" "context" : " /everything" "specVersion" : " 2025-06-18" "upstream" : {
"url" : " http://everything:3001" "tools" : [],
"resources" : [],
"prompts" : []
},
"status" : {
"id" : " everything-mcp-v1.0" "state" : " deployed" "createdAt" : " 2026-04-24T07:21:13Z" "updatedAt" : " 2026-04-24T07:21:13Z" "deployedAt" : " 2026-04-24T07:21:13Z" allOf
and
Name
Type
Required
Restrictions
Description
anonymous object
false
none
none
» status
ResourceStatus false
read-only
Server-managed lifecycle fields. Populated on responses.
{
"displayName" : " Everything" "version" : " v1.0" "context" : " /everything" "specVersion" : " 2025-06-18" "vhost" : " mcp1.example.com" "upstream" : {
"url" : " http://prod-backend:5000/api/v2" "ref" : " string" "hostRewrite" : " auto" "auth" : {
"type" : " api-key" "header" : " string" "value" : " string" "policies" : [
{
"name" : " cors" "version" : " v1" "executionCondition" : " request.metadata[authenticated] != true" "params" : {}
}
],
"tools" : [
{
"name" : " string" "title" : " string" "description" : " string" "inputSchema" : " string" "outputSchema" : " string" "resources" : [
{
"uri" : " string" "name" : " string" "title" : " string" "description" : " string" "mimeType" : " string" "size" : 0
}
],
"prompts" : [
{
"name" : " string" "title" : " string" "description" : " string" "arguments" : [
{
"name" : " string" "description" : " string" "required" : true ,
"title" : " string" "deploymentState" : " deployed"
Name
Type
Required
Restrictions
Description
displayName
string
true
none
Human-readable MCP Proxy display name
version
string
true
none
MCP Proxy version
context
string
false
none
MCP Proxy context path
specVersion
string
false
none
MCP specification version
vhost
string
false
none
Virtual host name used for routing. Supports standard domain names, subdomains, or wildcard domains. Must follow RFC-compliant hostname rules. Wildcards are only allowed in the left-most label (e.g., *.example.com).
upstream
any
true
none
The backend MCP server url and auth configurations
allOf
Name
Type
Required
Restrictions
Description
» anonymous
Upstream false
none
Upstream backend configuration (single target or reference)
and
Name
Type
Required
Restrictions
Description
» anonymous
UpstreamAuth false
none
none
continued
Name
Type
Required
Restrictions
Description
policies
[Policy ]
false
none
List of MCP Proxy level policies applied
tools
[MCPTool ]
false
none
none
resources
[MCPResource ]
false
none
none
prompts
[MCPPrompt ]
false
none
none
deploymentState
string
false
none
Desired deployment state - 'deployed' (default) or 'undeployed'. When set to 'undeployed', the MCP Proxy is removed from router traffic but configuration and policies are preserved for potential redeployment.
Property
Value
deploymentState
deployed
deploymentState
undeployed
{
"name" : " string" "title" : " string" "description" : " string" "inputSchema" : " string" "outputSchema" : " string"
Name
Type
Required
Restrictions
Description
name
string
true
none
Unique identifier for the tool
title
string
false
none
Optional human-readable name of the tool for display purposes.
description
string
true
none
Human-readable description of functionality
inputSchema
string
true
none
JSON Schema defining expected parameters
outputSchema
string
false
none
Optional JSON Schema defining expected output structure
{
"uri" : " string" "name" : " string" "title" : " string" "description" : " string" "mimeType" : " string" "size" : 0
}
Name
Type
Required
Restrictions
Description
uri
string
true
none
Unique identifier for the resource
name
string
true
none
The name of the resource
title
string
false
none
Optional human-readable name of the resource for display purposes
description
string
false
none
Optional description
mimeType
string
false
none
Optional MIME type
size
integer
false
none
Optional size in bytes
{
"name" : " string" "title" : " string" "description" : " string" "arguments" : [
{
"name" : " string" "description" : " string" "required" : true ,
"title" : " string"
Name
Type
Required
Restrictions
Description
name
string
true
none
Unique identifier for the prompt
title
string
false
none
Optional human-readable name of the prompt for display purposes
description
string
false
none
Optional human-readable description
arguments
[object]
false
none
Optional list of arguments for customization
» name
string
true
none
Name of the argument
» description
string
false
none
Description of the argument
» required
boolean
false
none
Whether the argument is required
» title
string
false
none
Optional human-readable title of the argument
{
"status" : " error" "message" : " Configuration validation failed" "errors" : [
{
"field" : " spec.context" "message" : " Context must start with / and cannot end with /"
Name
Type
Required
Restrictions
Description
status
string
true
none
none
message
string
true
none
High-level error description
errors
[ValidationError ]
false
none
Detailed validation errors
{
"field" : " spec.context" "message" : " Context must start with / and cannot end with /"
Name
Type
Required
Restrictions
Description
field
string
false
none
Field that failed validation
message
string
false
none
Human-readable error message
LLMProviderTemplateRequest
{
"apiVersion" : " gateway.api-platform.wso2.com/v1alpha1" "kind" : " LlmProviderTemplate" "metadata" : {
"name" : " openai-template" "spec" : {
"displayName" : " OpenAI" "promptTokens" : {
"location" : " payload" "identifier" : " $.usage.prompt_tokens" "completionTokens" : {
"location" : " payload" "identifier" : " $.usage.completion_tokens" "totalTokens" : {
"location" : " payload" "identifier" : " $.usage.total_tokens" "remainingTokens" : {
"location" : " header" "identifier" : " x-ratelimit-remaining-tokens" "requestModel" : {
"location" : " payload" "identifier" : " $.model" "responseModel" : {
"location" : " payload" "identifier" : " $.model"
Name
Type
Required
Restrictions
Description
apiVersion
string
true
none
Template specification version
kind
string
true
none
Template kind
metadata
Metadata true
none
none
spec
LLMProviderTemplateData true
none
none
Property
Value
apiVersion
gateway.api-platform.wso2.com/v1alpha1
kind
LlmProviderTemplate
{
"apiVersion" : " gateway.api-platform.wso2.com/v1alpha1" "kind" : " LlmProviderTemplate" "metadata" : {
"name" : " openai-template" "spec" : {
"displayName" : " OpenAI" "promptTokens" : {
"location" : " payload" "identifier" : " $.usage.prompt_tokens" "completionTokens" : {
"location" : " payload" "identifier" : " $.usage.completion_tokens" "totalTokens" : {
"location" : " payload" "identifier" : " $.usage.total_tokens" "remainingTokens" : {
"location" : " header" "identifier" : " x-ratelimit-remaining-tokens" "requestModel" : {
"location" : " payload" "identifier" : " $.model" "responseModel" : {
"location" : " payload" "identifier" : " $.model" "status" : {
"id" : " openai-template" "createdAt" : " 2026-04-24T07:21:13Z" "updatedAt" : " 2026-04-24T07:21:13Z" allOf
and
Name
Type
Required
Restrictions
Description
anonymous object
false
none
none
» status
ResourceStatus false
read-only
Server-managed lifecycle fields. Populated on responses.
{
"displayName" : " OpenAI" "promptTokens" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" "completionTokens" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" "totalTokens" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" "remainingTokens" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" "requestModel" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" "responseModel" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" "resourceMappings" : {
"resources" : [
{
"resource" : " /responses" "promptTokens" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" "completionTokens" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" "totalTokens" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" "remainingTokens" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" "requestModel" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" "responseModel" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" LLMProviderTemplateResourceMappings
{
"resources" : [
{
"resource" : " /responses" "promptTokens" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" "completionTokens" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" "totalTokens" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" "remainingTokens" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" "requestModel" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" "responseModel" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" LLMProviderTemplateResourceMapping
{
"resource" : " /responses" "promptTokens" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" "completionTokens" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" "totalTokens" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" "remainingTokens" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" "requestModel" : {
"location" : " payload" "identifier" : " $.usage.inputTokens" "responseModel" : {
"location" : " payload" "identifier" : " $.usage.inputTokens"
{
"location" : " payload" "identifier" : " $.usage.inputTokens"
Name
Type
Required
Restrictions
Description
location
string
true
none
Where to find the token information
identifier
string
true
none
JSONPath expression or header name to identify the token value
Property
Value
location
payload
location
header
location
queryParam
location
pathParam
LLMProviderConfigurationRequest
{
"apiVersion" : " gateway.api-platform.wso2.com/v1alpha1" "kind" : " LlmProvider" "metadata" : {
"name" : " wso2-openai-provider" "spec" : {
"displayName" : " OpenAI Provider" "version" : " v1.0" "template" : " openai" "context" : " /openai/latest" "upstream" : {
"url" : " https://api.openai.com/v1" "auth" : {
"type" : " api-key" "header" : " Authorization" "value" : " Bearer sk-your-api-key" "accessControl" : {
"mode" : " deny_all" "exceptions" : [
{
"path" : " /chat/completions" "methods" : [
" POST" "path" : " /models" "methods" : [
" GET" "path" : " /models/{modelId}" "methods" : [
" GET"
Name
Type
Required
Restrictions
Description
apiVersion
string
true
none
Provider specification version
kind
string
true
none
Provider kind
metadata
Metadata true
none
none
spec
LLMProviderConfigData true
none
none
Property
Value
apiVersion
gateway.api-platform.wso2.com/v1alpha1
kind
LlmProvider
{
"apiVersion" : " gateway.api-platform.wso2.com/v1alpha1" "kind" : " LlmProvider" "metadata" : {
"name" : " wso2-openai-provider" "spec" : {
"displayName" : " OpenAI Provider" "version" : " v1.0" "template" : " openai" "context" : " /openai/latest" "upstream" : {
"url" : " https://api.openai.com/v1" "auth" : {
"type" : " api-key" "header" : " Authorization" "value" : " Bearer sk-your-api-key" "accessControl" : {
"mode" : " deny_all" "exceptions" : [
{
"path" : " /chat/completions" "methods" : [
" POST" "path" : " /models" "methods" : [
" GET" "path" : " /models/{modelId}" "methods" : [
" GET" "status" : {
"id" : " wso2-openai-provider" "state" : " deployed" "createdAt" : " 2026-04-24T07:21:13Z" "updatedAt" : " 2026-04-24T07:21:13Z" "deployedAt" : " 2026-04-24T07:21:13Z" allOf
and
Name
Type
Required
Restrictions
Description
anonymous object
false
none
none
» status
ResourceStatus false
read-only
Server-managed lifecycle fields. Populated on responses.
{
"displayName" : " WSO2 OpenAI Provider" "version" : " v1.0" "context" : " /openai" "vhost" : " api.openai.com" "template" : " openai" "upstream" : {
"url" : " http://prod-backend:5000/api/v2" "ref" : " string" "hostRewrite" : " auto" "auth" : {
"type" : " api-key" "header" : " string" "value" : " string" "accessControl" : {
"mode" : " deny_all" "exceptions" : [
{
"path" : " /chat/completions" "methods" : [
" GET" "policies" : [
{
"name" : " llm-cost-based-ratelimit" "version" : " v1" "paths" : [
{
"path" : " /chat/completions" "methods" : [
" GET" "params" : {}
}
]
}
],
"deploymentState" : " deployed"
Name
Type
Required
Restrictions
Description
displayName
string
true
none
Human-readable LLM Provider name
version
string
true
none
Semantic version of the LLM Provider
context
string
false
none
Base path for all API routes (must start with /, no trailing slash)
vhost
string
false
none
Virtual host name used for routing. Supports standard domain names, subdomains, or wildcard domains. Must follow RFC-compliant hostname rules. Wildcards are only allowed in the left-most label (e.g., *.example.com).
template
string
true
none
Template name to use for this LLM Provider
upstream
any
true
none
none
allOf
Name
Type
Required
Restrictions
Description
» anonymous
Upstream false
none
Upstream backend configuration (single target or reference)
and
Name
Type
Required
Restrictions
Description
» anonymous
UpstreamAuth false
none
none
continued
Name
Type
Required
Restrictions
Description
accessControl
LLMAccessControl true
none
none
policies
[LLMPolicy ]
false
none
List of policies applied only to this operation (overrides or adds to API-level policies)
deploymentState
string
false
none
Desired deployment state - 'deployed' (default) or 'undeployed'. When set to 'undeployed', the LLM Provider is removed from router traffic but configuration and policies are preserved for potential redeployment.
Property
Value
deploymentState
deployed
deploymentState
undeployed
{
"auth" : {
"type" : " api-key" "header" : " string" "value" : " string"
Name
Type
Required
Restrictions
Description
auth
object
false
none
none
» type
string
true
none
none
» header
string
false
none
none
» value
string
false
none
none
Property
Value
type
api-key
{
"type" : " api-key" "header" : " string" "value" : " string"
Name
Type
Required
Restrictions
Description
type
string
true
none
none
header
string
false
none
none
value
string
false
none
none
Property
Value
type
api-key
{
"id" : " wso2-openai-provider" "auth" : {
"type" : " api-key" "header" : " string" "value" : " string"
Name
Type
Required
Restrictions
Description
id
string
true
none
Unique id of a deployed llm provider
auth
LLMUpstreamAuth false
none
none
{
"mode" : " deny_all" "exceptions" : [
{
"path" : " /chat/completions" "methods" : [
" GET"
Name
Type
Required
Restrictions
Description
mode
string
true
none
Access control mode
exceptions
[RouteException ]
false
none
Path exceptions to the access control mode
Property
Value
mode
allow_all
mode
deny_all
{
"path" : " /chat/completions" "methods" : [
" GET"
Name
Type
Required
Restrictions
Description
path
string
true
none
Path pattern
methods
[string]
true
none
HTTP methods
{
"name" : " llm-cost-based-ratelimit" "version" : " v1" "paths" : [
{
"path" : " /chat/completions" "methods" : [
" GET" "params" : {}
}
]
}
Name
Type
Required
Restrictions
Description
name
string
true
none
none
version
string
true
none
none
paths
[LLMPolicyPath ]
true
none
none
{
"path" : " /chat/completions" "methods" : [
" GET" "params" : {}
}
Name
Type
Required
Restrictions
Description
path
string
true
none
none
methods
[string]
true
none
none
params
object
true
none
JSON Schema describing the parameters accepted by this policy. This itself is a JSON Schema document.
LLMProxyConfigurationRequest
{
"apiVersion" : " gateway.api-platform.wso2.com/v1alpha1" "kind" : " LlmProxy" "metadata" : {
"name" : " openai-proxy" "spec" : {
"displayName" : " OpenAI Proxy" "version" : " v1.0" "context" : " /openai-proxy" "provider" : {
"id" : " wso2-openai-provider" "policies" : []
}
}
Name
Type
Required
Restrictions
Description
apiVersion
string
true
none
Proxy specification version
kind
string
true
none
Proxy kind
metadata
Metadata true
none
none
spec
LLMProxyConfigData true
none
none
Property
Value
apiVersion
gateway.api-platform.wso2.com/v1alpha1
kind
LlmProxy
{
"apiVersion" : " gateway.api-platform.wso2.com/v1alpha1" "kind" : " LlmProxy" "metadata" : {
"name" : " openai-proxy" "spec" : {
"displayName" : " OpenAI Proxy" "version" : " v1.0" "context" : " /openai-proxy" "provider" : {
"id" : " wso2-openai-provider" "policies" : []
},
"status" : {
"id" : " openai-proxy" "state" : " deployed" "createdAt" : " 2026-04-24T07:21:13Z" "updatedAt" : " 2026-04-24T07:21:13Z" "deployedAt" : " 2026-04-24T07:21:13Z" allOf
and
Name
Type
Required
Restrictions
Description
anonymous object
false
none
none
» status
ResourceStatus false
read-only
Server-managed lifecycle fields. Populated on responses.
{
"displayName" : " OpenAI Proxy" "version" : " v1.0" "context" : " /openai" "vhost" : " api.openai.com" "provider" : {
"id" : " wso2-openai-provider" "auth" : {
"type" : " api-key" "header" : " string" "value" : " string" "policies" : [
{
"name" : " llm-cost-based-ratelimit" "version" : " v1" "paths" : [
{
"path" : " /chat/completions" "methods" : [
" GET" "params" : {}
}
]
}
],
"deploymentState" : " deployed"
Name
Type
Required
Restrictions
Description
displayName
string
true
none
Human-readable LLM proxy name (must be URL-friendly - only letters, numbers, spaces, hyphens, underscores, and dots allowed)
version
string
true
none
Semantic version of the LLM proxy
context
string
false
none
Base path for all API routes (must start with /, no trailing slash)
vhost
string
false
none
Virtual host name used for routing. Supports standard domain names, subdomains, or wildcard domains. Must follow RFC-compliant hostname rules. Wildcards are only allowed in the left-most label (e.g., *.example.com).
provider
LLMProxyProvider true
none
none
policies
[LLMPolicy ]
false
none
List of policies applied only to this operation (overrides or adds to API-level policies)
deploymentState
string
false
none
Desired deployment state - 'deployed' (default) or 'undeployed'. When set to 'undeployed', the LLM Proxy is removed from router traffic but configuration and policies are preserved for potential redeployment.
Property
Value
deploymentState
deployed
deploymentState
undeployed
SecretConfigurationRequest
{
"apiVersion" : " gateway.api-platform.wso2.com/v1alpha1" "kind" : " Secret" "metadata" : {
"name" : " database-password" "spec" : {
"displayName" : " Database Password" "description" : " PostgreSQL main database password" "value" : " sup3rs3cr3t!"
Name
Type
Required
Restrictions
Description
apiVersion
string
true
none
Secret specification version
kind
string
true
none
Secret resource kind
metadata
Metadata true
none
none
spec
SecretConfigData true
none
none
Property
Value
apiVersion
gateway.api-platform.wso2.com/v1alpha1
kind
Secret
{
"apiVersion" : " gateway.api-platform.wso2.com/v1alpha1" "kind" : " Secret" "metadata" : {
"name" : " database-password" "spec" : {
"displayName" : " Database Password" "description" : " PostgreSQL main database password" "value" : " sup3rs3cr3t!" "status" : {
"id" : " database-password" "createdAt" : " 2026-04-24T07:21:13Z" "updatedAt" : " 2026-04-24T07:21:13Z" Composite of request fields plus a generic k8s-style status for documentation.
For actual HTTP response shapes, use SecretConfigurationResponseCreateUpdate,
SecretConfigurationResponseRetrieved, or SecretListItem (see
SecretResourceServiceStatus for the id/timestamp-only status on secret APIs).
allOf
and
Name
Type
Required
Restrictions
Description
anonymous object
false
none
none
» status
ResourceStatus false
read-only
Server-managed lifecycle fields. Populated on responses.
{
"displayName" : " Database Password" "description" : " PostgreSQL main database password" "value" : " sup3rs3cr3t!"
Name
Type
Required
Restrictions
Description
displayName
string
true
none
Human-readable secret name (must be URL-friendly - only letters, numbers, spaces, hyphens, underscores, and dots allowed)
description
string
false
none
Description of the secret
value
string(password)
true
none
Secret value (stored encrypted)
{
"displayName" : " Database Password" "description" : " PostgreSQL main database password"
Name
Type
Required
Restrictions
Description
displayName
string
true
none
Human-readable secret name (must be URL-friendly - only letters, numbers, spaces, hyphens, underscores, and dots allowed)
description
string
false
none
Description of the secret, if the server includes it
{
"apiVersion" : " gateway.api-platform.wso2.com/v1alpha1" "kind" : " Secret" "metadata" : {
"name" : " database-password" "spec" : {
"displayName" : " Database Password" "status" : {
"id" : " database-password" "createdAt" : " 2026-04-24T07:21:13Z" "updatedAt" : " 2026-04-24T07:21:13Z"
Name
Type
Required
Restrictions
Description
apiVersion
string
true
none
Secret specification version
kind
string
true
none
Secret resource kind
metadata
Metadata true
none
none
spec
SecretConfigListData true
none
none
status
ResourceStatus false
read-only
Server-managed lifecycle fields. Omitted in list items may vary; the secret value is never included here.
Property
Value
apiVersion
gateway.api-platform.wso2.com/v1alpha1
kind
Secret
{
"name" : " my-custom-ca" "certificate" : " -----BEGIN CERTIFICATE-----\n MIIDXTCCAkWgAwIBAgIJAKL0UG+mRKtjMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\n ...\n -----END CERTIFICATE-----\n "
Name
Type
Required
Restrictions
Description
name
string
true
none
Unique name for the certificate. Must be unique across all certificates.
certificate
string
true
none
PEM-encoded X.509 certificate(s). Can contain multiple certificates.
{
"id" : " 550e8400-e29b-41d4-a716-446655440000" "name" : " my-custom-ca" "subject" : " CN=My CA,O=My Organization,C=US" "issuer" : " CN=My CA,O=My Organization,C=US" "notAfter" : " 2026-11-26 06:07:26" "count" : 1 ,
"message" : " Certificate uploaded and SDS updated successfully" "status" : " success"
Name
Type
Required
Restrictions
Description
id
string
false
none
Unique identifier (UUID) for the certificate
name
string
false
none
Name of the certificate
subject
string
false
none
Certificate subject DN (for first cert if bundle)
issuer
string
false
none
Certificate issuer DN (for first cert if bundle)
notAfter
string(date-time)
false
none
Certificate expiration date (for first cert if bundle)
count
integer
false
none
Number of certificates in the file
message
string
false
none
Success or informational message
status
string
false
none
none
Property
Value
status
success
status
error
{
"certificates" : [
{
"id" : " 550e8400-e29b-41d4-a716-446655440000" "name" : " my-custom-ca" "subject" : " CN=My CA,O=My Organization,C=US" "issuer" : " CN=My CA,O=My Organization,C=US" "notAfter" : " 2026-11-26 06:07:26" "count" : 1 ,
"message" : " Certificate uploaded and SDS updated successfully" "status" : " success" "totalCount" : 3 ,
"totalBytes" : 221599 ,
"status" : " success"
Name
Type
Required
Restrictions
Description
certificates
[CertificateResponse ]
false
none
none
totalCount
integer
false
none
Total number of certificate files
totalBytes
integer
false
none
Total bytes of all certificate files
status
string
false
none
none
{
"apiKeys" : [
{
"name" : " my-production-key" "displayName" : " My Production Key" "apiKey" : " apip_1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef" "apiId" : " reading-list-api-v1.0" "status" : " active" "createdAt" : " 2026-04-01T10:30:00Z" "createdBy" : " admin" "expiresAt" : null ,
"source" : " local" "totalCount" : 3 ,
"status" : " success"
Name
Type
Required
Restrictions
Description
apiKeys
[APIKey ]
false
none
[Details of an API key]
totalCount
integer
false
none
Total number of API keys
status
string
false
none
none
{
"status" : " success" "count" : 5 ,
"secrets" : [
{
"apiVersion" : " gateway.api-platform.wso2.com/v1alpha1" "kind" : " Secret" "metadata" : {
"name" : " database-password" "spec" : {
"displayName" : " Database Password" "status" : {
"id" : " database-password" "createdAt" : " 2026-04-24T07:21:13Z" "updatedAt" : " 2026-04-24T07:21:13Z"
Name
Type
Required
Restrictions
Description
status
string
false
none
none
count
integer
false
none
Total number of secrets
secrets
[SecretListItem ]
false
none
List of secrets. For security, the spec.value field is omitted for every item in the list; retrieve a single secret by id to obtain the decrypted value.
SecretResourceServiceStatus
{
"id" : " database-password" "createdAt" : " 2026-01-05T10:30:00Z" "updatedAt" : " 2026-01-05T10:30:00Z" Id and optional timestamps. Not the full ResourceStatus model (no state or
deployedAt).
Name
Type
Required
Restrictions
Description
id
string
true
none
Same as metadata.name / secret handle
createdAt
string(date-time)
false
none
none
updatedAt
string(date-time)
false
none
none
SecretConfigurationResponseCreateUpdate
{
"apiVersion" : " gateway.api-platform.wso2.com/v1alpha1" "kind" : " Secret" "metadata" : {
"name" : " database-password" "spec" : {
"displayName" : " Database Password" "description" : " PostgreSQL main database password" "status" : {
"id" : " database-password" "createdAt" : " 2026-01-05T10:30:00Z" "updatedAt" : " 2026-01-05T10:30:00Z" POST/PUT /secrets response. spec.value is not returned; see SecretConfigurationRequest for create/update request bodies.
Name
Type
Required
Restrictions
Description
apiVersion
string
true
none
none
kind
string
true
none
none
metadata
Metadata true
none
none
spec
SecretConfigListData true
none
none
status
SecretResourceServiceStatus true
none
Id and optional timestamps. Not the full ResourceStatus model (no state ordeployedAt).
Property
Value
apiVersion
gateway.api-platform.wso2.com/v1alpha1
kind
Secret
SecretConfigurationResponseRetrieved
{
"apiVersion" : " gateway.api-platform.wso2.com/v1alpha1" "kind" : " Secret" "metadata" : {
"name" : " database-password" "spec" : {
"displayName" : " Database Password" "description" : " PostgreSQL main database password" "value" : " sup3rs3cr3t!" "status" : {
"id" : " database-password" "createdAt" : " 2026-01-05T10:30:00Z" "updatedAt" : " 2026-01-05T10:30:00Z" GET /secrets/{id} response including decrypted spec.value.
Name
Type
Required
Restrictions
Description
apiVersion
string
true
none
none
kind
string
true
none
none
metadata
Metadata true
none
none
spec
SecretConfigData true
none
none
status
SecretResourceServiceStatus true
none
Id and optional timestamps. Not the full ResourceStatus model (no state ordeployedAt).
Property
Value
apiVersion
gateway.api-platform.wso2.com/v1alpha1
kind
Secret