POST
/v1/api-sources/preview
Discovery-first endpoint for customer-supplied OpenAPI 3.x, Swagger/OpenAPI 2.0, or Postman Collection v2.1 contracts. Accepts JSON uploaded content, multipart file upload content, safe HTTPS direct URLs, and dev/test fixture paths. Allows zero selected operations and returns metadata-only candidate and mapping preview data.
object
Allowed values: gateway.api-source-preview/v1 gateway.api-source-import/v1
object
Allowed values: direct_url uploaded_file configured_source
url
Direct contract URL or configured source URL. Remote fetches are bounded and host-allowlisted.
string format: uri
uploadedFileName
Dev/test fixture path under fixtures/openapi when content fields are absent.
string
>= 1 characters
fileName
Safe display name for browser-uploaded contract content. File bytes are not echoed in responses.
string
>= 1 characters
contentBase64
Browser-uploaded contract bytes. Accepted on preview/import but never returned.
string
>= 1 characters
contentText
Browser-uploaded UTF-8 contract content. Accepted on preview/import but never returned.
string
>= 1 characters
resolverId
Configured source resolver id. Provider-specific resolver details are backend configuration, not product DTO concepts.
string
>= 1 characters
credentialBindingId
Optional opaque credential binding id used only for mapping preview metadata.
string
>= 1 characters
operationCredentialBindings
Array<object>
default:
object
credentialBindingId required
Opaque credential binding id. Secret material is never accepted here.
string
>= 1 characters
credentialMode
Allowed values: service_account user_delegated agent_scoped workload_mapped
object
Comma-separated host list or JSON array string.
string
>= 1 characters
selectedOperations
Optional comma-separated operation list or JSON array string.
string
Metadata-only import preview. No registry record is persisted.
object
Allowed values: openapi_3 swagger_2 postman_collection unknown
Any of:
Allowed values: openapi_3 swagger_2 postman_collection unknown
runtimePlacement required
object
mcpServerCreated required
managedMcpHostingAvailable required
candidateOperations required
Array<object>
object
Allowed values: GET POST PUT PATCH DELETE
string
>= 1 characters /^//
requestContentTypes required
requestBodyFields required
Array<object>
object
Allowed values: path query header body
Allowed values: string integer number boolean object array
authRequirements required
Array<object>
object
Allowed values: none api_key bearer basic oauth2 hmac sigv4 mtls workload_identity unsupported
Allowed values: none header query authorization_header transport signature
oauthFlow
Allowed values: client_credentials authorization_code jwt_bearer unknown
credentialBindingRequired required
Allowed values: none header_api_key query_api_key authorization_bearer authorization_basic oauth2_client_credentials oauth2_user_delegated workload_identity mtls hmac_signature aws_sigv4 unsupported
string
Allowed values: submitted under_review approved rejected disabled archived
generatedToolName required
Allowed values: low medium high critical
validationWarnings required
Array<object>
object
Allowed values: info warning error
Array<object>
object
generatedToolName required
string
Allowed values: submitted under_review approved rejected disabled archived
requestContentType required
Allowed values: application/json application/x-www-form-urlencoded multipart/form-data
Allowed values: GET POST PUT PATCH DELETE
string
>= 1 characters /^//
runtimePlacement required
object
mcpServerCreated required
managedMcpHostingAvailable required
object
additionalProperties required
object
key additional properties
object
Allowed values: string integer number boolean object array
Allowed values: path query header body
validationBoundaries required
object
pathParamsRequired required
querySchemaValidated required
headerSchemaValidated required
bodySchemaValidated required
credentialBindingId required
Allowed values: none service_account user_delegated agent_scoped workload_mapped
authRequirements required
Array<object>
object
Allowed values: none api_key bearer basic oauth2 hmac sigv4 mtls workload_identity unsupported
Allowed values: none header query authorization_header transport signature
oauthFlow
Allowed values: client_credentials authorization_code jwt_bearer unknown
credentialBindingRequired required
Allowed values: none header_api_key query_api_key authorization_bearer authorization_basic oauth2_client_credentials oauth2_user_delegated workload_identity mtls hmac_signature aws_sigv4 unsupported
Allowed values: none header_api_key query_api_key authorization_bearer authorization_basic oauth2_client_credentials oauth2_user_delegated workload_identity mtls hmac_signature aws_sigv4 unsupported
credentialCompatibility required
Allowed values: not_required compatible unsupported
unsupportedReason required
object
maxResponseBytes required
oversizeBehavior required
object
policyVersionRequired required
credentialModeRequired required
credentialBindingIdRequired required
secretMaterialLogged required
Missing api_source.import for the requested environment.
