Import an API contract and create gateway-hosted MCP tool candidates. POST
/v1/api-sources/import
Accepts OpenAPI 3.x, Swagger/OpenAPI 2.0, or Postman Collection v2.1 contract input and persists selected operations for approval. Imported APIs become gateway-hosted MCP tool facades through the API adapter; no backend MCP server is created.
Select media type application/json object object escalationContact required
object Allowed values: direct_url uploaded_file configured_source
url
Direct contract URL or configured source URL. Remote fetches are bounded and host-allowlisted.
string format: uri
uploadedFileName
Dev/test fixture path under fixtures/openapi when content fields are absent.
string
>= 1 characters
fileName
Safe display name for browser-uploaded contract content. File bytes are not echoed in responses.
string
>= 1 characters
contentBase64
Browser-uploaded contract bytes. Accepted on preview/import but never returned.
string
>= 1 characters
contentText
Browser-uploaded UTF-8 contract content. Accepted on preview/import but never returned.
string
>= 1 characters
resolverId
Configured source resolver id. Provider-specific resolver details are backend configuration, not product DTO concepts.
string
>= 1 characters
selectedOperations required
credentialBindingId
Optional top-level default opaque credential binding id. Secret material is never accepted here.
string
>= 1 characters
operationCredentialBindings
Array<object>
default:
object credentialBindingId required
Opaque credential binding id. Secret material is never accepted here.
string
>= 1 characters
credentialMode
Allowed values: service_account user_delegated agent_scoped workload_mapped
Import accepted for validation, operation selection, and approval.
Select media type application/json object Allowed values: openapi_3 swagger_2 postman_collection unknown
Any of:
Allowed values: openapi_3 swagger_2 postman_collection unknown
runtimePlacement required
object mcpServerCreated required
managedMcpHostingAvailable required
candidateOperations required
Array<object>
object Allowed values: GET POST PUT PATCH DELETE
string
>= 1 characters /^//
requestContentTypes required
requestBodyFields required
Array<object>
object Allowed values: path query header body
Allowed values: string integer number boolean object array
authRequirements required
Array<object>
object Allowed values: none api_key bearer basic oauth2 hmac sigv4 mtls workload_identity unsupported
Allowed values: none header query authorization_header transport signature
oauthFlow
Allowed values: client_credentials authorization_code jwt_bearer unknown
credentialBindingRequired required
Allowed values: none header_api_key query_api_key authorization_bearer authorization_basic oauth2_client_credentials oauth2_user_delegated workload_identity mtls hmac_signature aws_sigv4 unsupported
string
Allowed values: submitted under_review approved rejected disabled archived
generatedToolName required
Allowed values: low medium high critical
validationWarnings required
Array<object>
object Allowed values: info warning error
Array<object>
object generatedToolName required
string
Allowed values: submitted under_review approved rejected disabled archived
requestContentType required
Allowed values: application/json application/x-www-form-urlencoded multipart/form-data
Allowed values: GET POST PUT PATCH DELETE
string
>= 1 characters /^//
runtimePlacement required
object mcpServerCreated required
managedMcpHostingAvailable required
object additionalProperties required
object key additional properties
object Allowed values: string integer number boolean object array
Allowed values: path query header body
validationBoundaries required
object pathParamsRequired required
querySchemaValidated required
headerSchemaValidated required
bodySchemaValidated required
credentialBindingId required
Allowed values: none service_account user_delegated agent_scoped workload_mapped
authRequirements required
Array<object>
object Allowed values: none api_key bearer basic oauth2 hmac sigv4 mtls workload_identity unsupported
Allowed values: none header query authorization_header transport signature
oauthFlow
Allowed values: client_credentials authorization_code jwt_bearer unknown
credentialBindingRequired required
Allowed values: none header_api_key query_api_key authorization_bearer authorization_basic oauth2_client_credentials oauth2_user_delegated workload_identity mtls hmac_signature aws_sigv4 unsupported
Allowed values: none header_api_key query_api_key authorization_bearer authorization_basic oauth2_client_credentials oauth2_user_delegated workload_identity mtls hmac_signature aws_sigv4 unsupported
credentialCompatibility required
Allowed values: not_required compatible unsupported
unsupportedReason required
object maxResponseBytes required
oversizeBehavior required
object policyVersionRequired required
credentialModeRequired required
credentialBindingIdRequired required
secretMaterialLogged required
string
Allowed values: submitted under_review approved rejected disabled archived
mcpClient
Any of:
object gatewayEndpointUrl required
Allowed values: gateway_client_auth
Allowed values: streamable_http sse
smokeTestCommand required
Secret-free local command descriptor for MCP client list/call smoke.
string
>= 1 characters
Type set in Geist, Source Serif 4, and
Departure Mono .
