{"openapi":"3.0.3","info":{"title":"Proxy Generator API","description":"<div class=\"nhsd-m-emphasis-box nhsd-m-emphasis-box--emphasis nhsd-!t-margin-bottom-6\" aria-label=\"Highlighted Information\">\n    <div class=\"nhsd-a-box nhsd-a-box--border-blue\">\n        <div class=\"nhsd-m-emphasis-box__image-box\">\n            <figure class=\"nhsd-a-image\">\n                <picture class=\"nhsd-a-image__picture\">\n                    <img src=\"http://digital.nhs.uk/binaries/content/gallery/icons/info.svg?colour=231f20\" alt=\"\" style=\"object-fit:fill\">\n                </picture>\n            </figure>\n        </div>\n        <div class=\"nhsd-m-emphasis-box__content-box\">\n            <div data-uipath=\"website.contentblock.emphasis.content\" class=\"nhsd-t-word-break\"><p class=\"nhsd-t-body\">This API is <a href=\"https://digital.nhs.uk/developer/guides-and-documentation/reference-guide#statuses\">in production, beta but internal</a>, meaning the API is not currently available for integration by external third parties. If you want to use it, <a href=\"https://digital.nhs.uk/developer/help-and-support\">contact us</a> and we'll look at making it available.</p></div>\n        </div>\n    </div>\n</div>\n\n## Overview\nUse this API to create and manage resources on NHS England's [API platform](https://digital.nhs.uk/services/api-platform).\nThis API is intended for API producers [building healthcare APIs](https://digital.nhs.uk/services/api-platform/building-healthcare-apis).\n\nYou can:\n* register new API definitions\n* publish API specifications\n* manage containers and secrets\n* use your OAS specification to manage API proxies, access modes and security patterns\n\n## Who can use this API\nThis API is only for use by teams publishing APIs on our API platform. These are predominantly internal NHS England teams.\n\n## API status and roadmap\nThis API is in [production, beta but internal](https://digital.nhs.uk/developer/guides-and-documentation/reference-guide#statuses), meaning:\n* we might make breaking changes, but only if we cannot avoid it, and we will give advance notice\n* it is only available for internal NHS England users\n\n## Service level\nThis API is a bronze service, meaning it is operational and supported only during business hours (8am to 6pm), Monday to Friday excluding bank holidays.\n\nFor more details, see [service levels](https://digital.nhs.uk/developer/guides-and-documentation/reference-guide#service-levels).\n\n## Technology\nThis API is [RESTful](https://digital.nhs.uk/developer/guides-and-documentation/api-technologies-at-nhs-digital#basic-rest-apis).\n\n## Network access\nThis API is available on the internet.\n\nFor more details see [Network access for APIs](https://digital.nhs.uk/developer/guides-and-documentation/network-access-for-apis).\n\n## Security and authorisation\n\nThis API supports [application-restricted](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#application-restricted-apis) access.\nWe are working on [user-restricted](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#user-restricted-apis) access. \n\n### Application-restricted access\n\nTo use this access mode, use the following security pattern:\n\n- [Application-restricted RESTful API - signed JWT authentication](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/application-restricted-restful-apis-signed-jwt-authentication)\n\n> The instructions in the above guide are valid, but the implementation details/endpoints differ, as explained below.\n\nIn application-restricted access mode a token is obtained by performing a *client credentials* grant request, with an assertion type of `jwt-bearer` (a signed JWT).\n\n#### Requirements\n\nDuring API registration ([POST /apis](#post-apis)) a **public key** is supplied as a JWKS endpoint.\n\nA 'machine user' **client** is created with a client ID of `<api_name>-client` and is associated with this public key.\n\nYou use this client ID and the corresponding **private key** to authenticate against our authorisation server and obtain an access token.\n\n#### Example\n\nTo authenticate as the `hello-world` API machine user, having:\n\n- a Client ID of `hello-world-client`\n- a private key file\n- The KID of the corresponding public key in the JWKS endpoint: `prod-1`\n\n```python\nimport uuid\nfrom time import time\n\nimport requests\nimport jwt  # pyjwt library\n\nREALM_URL = \"https://identity.prod.api.platform.nhs.uk/realms/api-producers\"\nPRIVATE_KEY_FILE = \"./hello-world-client-prod-1.key\"  # absolute path\nKID = \"prod-1\"\n\nclaims = {\n    \"sub\": CLIENT_ID,\n    \"iss\": CLIENT_ID,\n    \"jti\": str(uuid.uuid4()),\n    \"aud\": REALM_URL,\n    \"exp\": int(time()) + 300,\n}\n\nwith open(PRIVATE_KEY_FILE, \"r\") as f:\n    private_key = f.read()\n\nclient_assertion = jwt.encode(\n  claims, private_key, algorithm=\"RS512\", headers={'kid': KID}\n)\n\ntoken_response = requests.post(\n    f\"{REALM_URL}/protocol/openid-connect/token\",\n    data={\n        \"grant_type\": \"client_credentials\",\n        \"client_assertion_type\": \"urn:ietf:params:oauth:client-assertion-type:jwt-bearer\",\n        \"client_assertion\": client_assertion,\n    },\n)\n\naccess_token = token_response.json()[\"access_token\"]\n\n# Make a request to a protected endpoint\nresponse = requests.get(\n    \"https://proxygen.prod.api.platform.nhs.uk/apis/hello-world\",\n    headers={\"Authorization\": f\"Bearer {access_token}\"},\n)\n```\n\n## Environments and testing\nUse the production instance of Proxy Generator API to deploy APIs to all environments.\n\nThe base URL is `https://proxygen.prod.api.platform.nhs.uk`.\n\n## Onboarding\nTo use this API, you need to [engage with us as an API producer team](https://digital.nhs.uk/services/api-platform/building-healthcare-apis#getting-started).\n\n## Errors\nWe use standard HTTP status codes to show whether an API request succeeded or not. They are usually in the range:\n\n* 200 to 299 if it succeeded, including code 202 if it was accepted by an API that needs to wait for further action\n* 400 to 499 if it failed because of a client error by your application\n* 500 to 599 if it failed because of an error on our server\n\nErrors specific to each API are shown in the Endpoints section, under Response. See our [reference guide](https://digital.nhs.uk/developer/guides-and-documentation/reference-guide#http-status-codes) for more on errors.\n\n## Concepts and terminology\n\n### API\n\nThe top-level concept in Proxy Generator API. Uniquely identified by its kebab-case **API name**.\n\n> The example API in this documentation is `hello-world`\n\nAn API is typically created with the following **pre-requisite resources**:\n\n- **Machine client**:\nan OAuth v2 client that can be directly authenticated against, secured by a public-private keypair, with permissions to perform operations against this API. Intended for use in CI/CD pipelines. In our example API the client ID is `hello-world-client`.\nSee [Authorisation](#authorisation).\n- **Docker repositories**:\nthe API Platform offers you the ability to deploy a Docker image behind your API to carry out lightweight, stateless processing. In the internal documentation this is referred to as *hosted containers*.\nAn API may have one or more associated Docker repositories to store the image(s). \nSee [GET /apis/{api_name}/docker-token](#get-apis-api_name-docker-token) and the `target` section of the OAS Extension reference.\n- **Managing access and permissions**:\nwe control access and permissions to make changes to the Proxy Generator APIs, so that you cannot change another teams API. This is managed by an authorisation server, Keycloak, using the `api-producers` realm.\nSee [Security and authorisation](#security-and-authorisation).\n- **API registry entry**:\na central registry of all the API Platform APIs. The name (for example `hello-world`), short name (for example `hw`) are recorded against a GUID. This allows tracking of APIs through name changes and provides a canonical reference of everything on the API Platform.\n\nThese pre-requisite resources can be updated or enabled/disabled after creation.\n\n### Specification\n\nEach API may have a single OpenAPI specification (v3.0.3) which will be published on the [API catalogue](https://digital.nhs.uk/developer/api-catalogue) for reference by API consumers. Refer to the [Writing your API documentation](https://nhsd-confluence.digital.nhs.uk/display/APM/Writing+your+API+documentation) section of the API Platform Confluence space for guidance and best practices.\n\n#### API specification vs instance specification\n\nUnderlying Proxy Generator is the Open API Specification, and the same underlying specification is used to display your API in the API Catalogue and to deploy (publish) your proxy on the API Platform. The instance requires Proxy Generator API-specific extensions, so you might want to keep those separate and merge in your pipelines.\nThe term 'API specification' is distinct from the term 'instance specification'. An API *instance* relates to a callable API endpoint, that then routes your API back-end service. \n\n| Specification type | Endpoints | Purpose | API catalogue |\n| --- | --- | --- | --- |\n| API specification | `GET`, `PUT` `/apis/{api_name}/spec`<br>`GET` `/specs/{api_name}` | Reference for the API (service) as a whole. | Publishes to the API catalogue |\n| Instance specification | `POST` `/apis/{api_name}/environments/{environment}/instances`<br>`GET`, `PUT` `/apis/{api_name}/environments/{environment}/instances/{instance_name}` | Manages an API instance | Does not publish to the API catalogue |\n\n### Environments, instances and secrets\n\n#### Environments\n\nAPI instances and secrets are deployed into a specific *environment*. Environments are logically divided into three categories:\n\n- **Internal path to live** -  `internal-dev`, `internal-dev-sandbox`, `internal-qa-sandbox`, `internal-qa`, `internal-qa-sandbox`, `ref`:\nused by API producers in the development and testing of API proxies.\n- **External ath to live** - `sandbox`, `dev`, `int`:\nused by API consumers in their development of services integrating with the API Platform\n- **Production** - `prod`:\nthe live environment.\n\n> All environments are treated equally with the exception of **production** which requires additional permissions.\n\n#### Instances\n\nAn API instance is a deployed API proxy which routes requests to your back-end service. It is always specific to an *environment*, although you can have more than one instance in an environment. Each *instance* is entirely independant of each other. API *instances* are configured from a supplied **instance-specific OpenAPI specification** (OAS).\n\n> See [OpenAPI specification constraints and extensions](#openapi-specification-constraints-and-extensions) for the full explanation of the format of this specification.\n\n\nAn API instance has an **instance name** which is derived from the base path of the `servers.0.server.url` property of the OAS.\n\n> A server URL of `https://internal-dev.api.service.nhs.uk/hello-world-pr-123` would map to the instance name `hello-world-pr-123`\n\nAn API instance may:\n\n- have one or more **API Access Modes** for API consumers to subscribe to\n- implement **rate limiting**\n- send traffic to a **back-end service** or a **hosted container**\n- implement one or more **security patterns** controlling how API clients can authenticate\n\n##### Temporary instances\n\nAPI resources are limited across the platform and in order to keep deployed resources manageable. API producer teams are allocated a limited number of conncurrently deployed API instances. Once this limit is reached, deployments will fail. In order to keep this manageable for producers, there are a number of batch jobs which delete API instances which are marked as `temporary` periodically, based on their `last_modified` date.\n\nTemporary instances are limited to Internal path to live environments. See Environments section for more information on environments.\n\nExamples of when the `temporary` attribute would be appropriate include, but are not limited to:\n- on creation of a pull request (PR) - these instances are often used for automated testing\n- during penetration testing\n- during load testing\n\n#### Secrets\n\nProxy Generator API can be used to store secret values - primarily for use in securing the connection to an external target (see below).\n\nSecrets have a `type` attribute, which indicate their upstream use. Supported types are:\n\n- `apikey` - used when employing API Key security between the API platform and back-end 'target' servers - this will be added to HTTP requests to the target as the value of the 'apikey' header.\n- `mtls` - used when employing mTLS security between the API platform and back-end 'target' servers - this is a a combination of the client certificate and private key. Adding this secret creates or updates a keystore on the API platform, which is used in a handshake with the target server certificate and verifies that both the client and server certificates have been signed by the same root certificate authority. \n\n#### Resources for testing\n\nFor testing deployed proxies we recommend using the [pytest-nhsd-apim python testing package](https://github.com/NHSDigital/pytest-nhsd-apim). This is a pytest plugin that provides a set of fixtures and utilities to help you test your API proxies with simple integration and automatic authentication.\n\nTo use the package you must first export `APIGEE_ACCESS_TOKEN` as an environment variable so that the package can interact with the API platform's underlying functionality.\n\nYou can use proxygen to retrieve this token by calling the [GET /apis/{api_name}/pytest-nhsd-apim-token](#get-/apis/-api_name-/pytest-nhsd-apim-token) endpoint.\n\nFor full detail on how to use the package, see the [pytest-nhsd-apim documentation](https://nhsd-confluence.digital.nhs.uk/display/APM/Test+Utils+2.0%3A+pytest+plugin+for+APIM)\n\n## OpenAPI specification constraints and extensions\n\n### Constraints\n\n#### OpenAPI version restriction to 3.0.3\n##### Schema path: `openapi`\nFor example: `openapi: 3.0.3`\n\n#### List of servers must contain a single item\n##### Schema path: `servers`\nFor example:\n```\nservers:\n - url: 'https://internal-dev-sandbox.api.service.nhs.uk/hello-world'\n```\n\n#### Security scheme constraints\n##### Schema path: `components.securitySchemes`\nA distinct list of security schemes referred to in the [security](https://swagger.io/specification/#security-requirement-object) property of path [Operations Objects](https://swagger.io/specification/#operation-object) defined within this spec.\n\nFor example:\n```\nsecuritySchemes:  # limit this to only those used in your API\n  nhs-login-p0:\n  $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p0\nnhs-login-p5:\n  $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p5\nnhs-login-p9:\n  $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9\nnhs-cis2-aal1:\n  $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-cis2-aal1\nnhs-cis2-aal3:\n  $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/nhs-cis2-aal3\napp-level0:\n  $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/app-level0\napp-level3:\n  $ref: https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/app-level3\n```\nEach item references a publically available JSON description object, which is rendered into the final specification document.\n\n### `x-nhsd-apim` Specification Extension\n\nThis [extension to the OpenAPI specification](https://swagger.io/docs/specification/openapi-extensions/) is read during API instance deployment and controls functionality specific to the API Platform.\n\n#### Monitoring\n\nThe `monitoring` key controls whether the instance will be monitored by the API platform. This is enabled by default (set to `true`).\n\n#### Target specification\n\nThe `target` key contains an object that defines the target (back-end) where your API proxy forwards requests.\n\n##### External target\n\nA service not hosted on the API Platform. (Contrast with hosted target, below.)\n\nTwo methods of securing the connection between the API proxy and target service are supported: API Key and mTLS.\n\nBoth methods depend on a named secret (`target.secret` property) existing in the relevant environment. See [Create or update an API Key secret](#put-/apis/-api_name-/environments/-environment-/secrets/apikey/-secret_name-) and [Create or update an mTLS secret](#put-/apis/-api_name-/environments/-environment-/secrets/mtls/-secret_name-).\n\n###### mTLS security\n\nmTLS (Mutual TLS or sometimes termed TLS-MA) provides the strongest security between the API Platform and an externally hosted back-end.\n\nmTLS is a handshake, which verifies that both the client (API platform) and server (target back-end) certificates have been signed by the same root certificate authority.\n\nBefore deploying instances with mTLS security you must first PUT the client certificate and private key as a secret in the instance's environment.\n\nFor example:\n```\ntarget:\n  type: external\n  healthcheck: /_mybackendhealthcheck\n  url: https://example.external.mtls.secured.backend.com\n  security:\n    type: mtls\n    secret: example-cert-key-pair-secret-name\n```\n\n###### API key external target\n\nAPI key back-end security is used for external back-ends with no or low sensitivity. The server is configured to only accept requests having the correct a shared secret (the API key) in a HTTP header.\n\nBefore deploying instances with API key security you must first PUT the apikey required by the target server in the environment the instance will be deployed in. See [Create or update an API Key secret](#put-/apis/-api_name-/environments/-environment-/secrets/apikey/-secret_name-) and [Create or update an mTLS secret](#put-/apis/-api_name-/environments/-environment-/secrets/mtls/-secret_name-).\n\nThe `target.security.header` property specifies the HTTP Header name used to transmit the API key.\n\nFor example:\n```\ntarget:\n  type: external\n  healthcheck: /_mybackendhealthcheck\n  url: https://example.external.apikey.secured.backend.com\n  security:\n    type: apikey\n    header: X-API-Key\n    secret: example-apikey-secret-name\n```\n##### Hosted target\n\nA hosted target is a container running on the API Platform.\n\nSpecify the `name` and `tag` of an image in your API Platform container registry (see [Get a container registry access token](#get-/apis/-api_name-/docker-token)) and Proxy Generator will create the service and route requests from your API proxy instance.\n\nEnvironment variables for the service can be specified in the `target.containers[].environment` object.\n\nFor example:\n```\ntarget:\n  type: hosted\n  healthcheck: /_mybackendhealthcheck\n  containers:\n    - name: hello-world\n      image:\n        name: hello-world_hello-world\n        tag: 72537-sha6c0ccdb\n      environment:\n        LOG_LEVEL: info\n        UPSTREAM: 'https://internal-dev.api.service.nhs.uk'\n        NODE_ENV: production\n```\n#### Rate limiting\n\nAdd the `ratelimiting` key to protect your back-end service from being overwhelmed by too many requests.\n\nWhen specified rate limit is exceeded the API Proxy will respond with a `HTTP 429` (too many requests).\n\nRate limits can be specified:\n- for the entire API Proxy in `ratelimiting.proxy`\n- per-application in `ratelimiting.app-default`\n\nFor example:\n```\nratelimiting:\n  proxy:\n    limit: 5\n    timeunit: minute\n  app-default:\n    limit: 10\n    timeunit: minute\n```\n\n#### API access modes\n\nEach object in the `x-nhsd-apim.access` array defines an Access Mode. API consumers subscribe their Applications to these in the developer portal.\n\nFor example:\n```\naccess:\n- title: User Restricted\n  grants:\n    nhs-login-p5: []\n- title: Application Restricted\n  grants:\n    app-level0: []\n```\n\n#### Target Attributes\n\nEach object in the `x-nhsd-apim.target-attributes` array describes an attribute you expect to be attached to Applications connecting to your API. \n\nEach object within the array relates to an individual attribute, including its name, whether it is required, and the header name.\n\nIf you set `required` to `true` for an attribute, the proxy will reject any requests from applications missing that attribute - if you set it to `false`, the proxy will continue processing the request regardless.\n\nExample usage:\n```\ntarget-attributes:\n  - name: party-key\n    required: true\n  - name: ods-code\n    required: true\n    header: ODS-Code-Header\n  - name: service.metadata\n    required: false\n```\n\nAttributes may be strings, arrays, or objects. If you declare an object in this array, you may specify nested attributes as part of this object.\n\nFor example `service.metadata` refers to an object with the following JSON representation `{\"service\": {\"metadata\": <some value>}}`. You can similarly describe attributes in deeper nested objects, e.g. `service.metadata.timestamp`.\n\nThe values declared will be forwarded on as headers on the request. The name of this header is the `header` value specific to the individual attribute, e.g `ODS-Code-Header`.\nIf `header` is not provided, the name of this header is derived from the name you have provided for each attribute, and is formatted as `attribute-<your attribute name>`, e.g. `attribute-party-key`.\n\nPlease be aware that these headers are not base64 encoded before they are forwarded and take this into consideration before attaching sensitive data to consumer applications as attributes.\n\n\n#### Target Identity Headers\n\nEach object in the `x-nhsd-apim.target-identity` array describes an identity header you intend to pass through to the backend. Currently, CIS2 and NHS login authentication is supported.\n\nEach object within the array relates to an individual target identity header. Specifying the `name` field as one of the available options will determine whether the identity header will be present in the request to the backend.\n\nThe header name can be optionally specified using the `header` field. In their absence, the following defaults will be used: \n- cis2-uuid: `NHSD-Session-UUID` \n- cis2-urid: `NHSD-Session-URID`\n- cis2-acr: `NHSD-Session-CIS2-ACR`\n- nhs-login-nhs-number: `NHSD-NHSlogin-NHS-Number`\n- nhs-login-identity-proofing-level: `NHSD-NHSlogin-Identity-Proofing-Level`\n- id-token: `NHSD-ID-Token`\n\nThe headers will have their values populated using the auth token associated with the CIS2 or NHS login authentication.\n   \nThe CIS2 UUID, NHS login NHS number, and ID token values are obtained from the access token in the request. The Role ID value is obtained via the shared UserRoleServiceV2.\n\nIf the request to the _proxy_ includes the default Role ID header `NHSD-Session-URID`, this will flow through to the backend as the urid-header-name defined in your specification (or remain as the default header name, in the absence of a provided header name).\n\nExample usage:\n```\ntarget-identity:\n  - name: cis2-uuid\n    header: \"custom-uuid-header-name\"\n  - name: cis2-urid\n    header: \"custom-urid-header-name\"\n  - name: cis2-acr\n    header: \"custom-acr-header-name\"\n  - name: nhs-login-nhs-number\n    header: \"custom-nhs-number-header-name\"\n  - name: nhs-login-identity-proofing-level\n    header: \"custom-identity-proofing-level-header-name\"\n  - name: id-token\n    header: \"custom-id-token-header-name\"\n```\n\nThe `name` and `header` fields must be strings. `name` must be one of the following values: `cis2-uuid`, `cis2-urid`, `cis2-acr`, `nhs-login-nhs-number`, `nhs-login-identity-proofing-level`, `id-token`.\n\n\n## Usage limits\n\nTo control the resource usage of the underlying services we apply the following usage limits.\n\nWhere a request would exceed these limts you will recieve a `HTTP 400` error with the response body detailing your current usage with respect to the limit.\n\nThe limits apply to all APIs equally and are reconfigurable. Contact us to request a limit change.\n\n\n### API instance limits\n\n * 1 API instance in the `production` environment\n * 10 API instances in the `internal-dev` and `internal-dev-sandbox` environments\n * 5 API instances in all other environments\n","contact":{"name":"API Management Support","url":"https://digital.nhs.uk/developer/help-and-support","email":"api.management@nhs.net"},"license":{"name":"MIT"},"version":"v1.0.156-alpha"},"servers":[{"url":"https://proxygen.prod.api.platform.nhs.uk","description":"Base url for Proxy Generator API"}],"paths":{"/apis":{"get":{"tags":["APIs"],"summary":"List all APIs","description":"Get a list of all API names.\n\n> This operation requires the **admin** permission, users can contact API Management support to get an up-to-date list.","operationId":"get-apis","parameters":[],"responses":{"200":{"description":"Successful response","content":{"application/json":{"schema":{"type":"array","items":{"type":"string","example":"hello-world"}},"examples":{"api-list":{"value":["hello-world","personal-demographics"]}}}}}},"deprecated":false},"post":{"tags":["APIs"],"summary":"Register a new API","description":"Register a new API with Proxy Generator API.\n\n> This operation requires the **admin** permission.\n\nRegisters a new API with Proxy Generator API, creating the following pre-requisite resources:\n\n### Keycloak policies and permissions\nWhen `keycloak` is set to `true` (the default) this allows the API to be managed via Proxy Generator. In the background, the policies and permissions are created in Keycloak.\n\n### Machine client\nWhen `keycloak` is set to `true` and a `keycloak_client_jwks_resource_url` is provided a machine client is created with client ID `{api-name}-client` with permissions to perform operations on this API through Proxy Generator API. See Security and Authorisation section above.\n\n### API Registry entry\n`api_registry_entry` should always be set to `true`, and it creates an entry in the API registry. There are some edge cases where it might be set to `false`.\n\n### Docker repositories\nThe API Platform offers you the ability to deploy a Docker image behind your API to carry out lightweight, stateless processing. In the internal documentation this is referred to as as *hosted containers*, and during deployment this is all automatically wired up and secured. Behind the scenes we use [Elastic Container Registry](https://aws.amazon.com/ecr/) (ECR) Docker Repository to manage the images.\n\nSet `docker_repositories` to an empty list (`[]`) to skip creation of a repository.\n\nCreate one or more repositories with different names by setting the `docker_repositories` array. Repository names must start with (or be the same as) the API name.","operationId":"post-apis","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Api"},"examples":{"create-hello-world-api":{"value":{"name":"hello-world","api_registry_entry":true,"keycloak":true,"keycloak_client_jwks_resource_url":"https://example.org/jwks","docker_repositories":["hello-world"]}}}}},"required":false},"responses":{"201":{"description":"New API created.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Api"},"examples":{"hello-world-api-created":{"value":{"name":"hello-world","api_registry_entry":true,"keycloak":true,"keycloak_client_jwks_resource_url":"https://example.org/jwks","docker_repositories":["hello-world"]}}}}}}},"deprecated":false}},"/apis/{api_name}":{"get":{"tags":["APIs"],"summary":"Get an API's deployed resources","description":"Get a list of the deployed resources for an API.\n\n> This operations requires the read permission for the specific API\n\nResource can be either 'secrets' or 'instances' (API proxies).\n\nResources in *all* environments are listed.","operationId":"get-apis-api_name","responses":{"200":{"description":"Successful response","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/resource"}},"examples":{"get-all-resources":{"value":[{"spec_hash":"437b930db84b8079c2dd804a71936b5f","temporary":true,"type":"instance","environment":"internal-dev","name":"hello-world-123","last_modified":"2022-10-12T11:39:45+00:00"},{"type":"secret","apikey":false,"mtls":false,"version_id":"106a9942-210f-4f43-9735-a9310a34daa7","environment":"internal-dev","name":"some-secret","last_modified":"2022-10-12T11:39:45+00:00"},{"spec_hash":"437b930db84b8079c2dd804a71936b5f","temporary":true,"type":"instance","environment":"internal-qa","name":"hello-world-321","last_modified":"2022-10-12T11:39:45+00:00"},{"type":"secret","apikey":false,"mtls":false,"version_id":"106a9942-210f-4f43-9735-a9310a34daa7","environment":"internal-qa","name":"some-other-secret","last_modified":"2022-10-12T11:39:45+00:00"}]}}}}}},"deprecated":false},"put":{"tags":["APIs"],"summary":"Update an existing API","description":"Change the pre-requisite resources for an existing API. You can update anything except the API name.\n\n> This operation requires the update permission for the specific API\n\nSee [POST /apis](#post-apis) for details of the semantics of the request.","operationId":"put-apis-api_name","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Api"},"examples":{"update-api":{"value":{"name":"hello-world","api_registry_entry":true,"keycloak":true,"keycloak_client_jwks_resource_url":"https://example.org/new-jwks-endpoint","docker_repositories":["hello-world","hello-world-auxiliary"]}}}}},"required":false},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Api"},"examples":{"update-api-response":{"value":{"name":"hello-world","api_registry_entry":true,"keycloak":true,"keycloak_client_jwks_resource_url":"https://example.org/new-jwks-endpoint","docker_repositories":["hello-world","hello-world-auxiliary"]}}}}}},"422":{"description":"Unprocessable Entity (WebDAV)","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPException"},"examples":{"Example 1":{"value":{"detail":"Path parameter api_name='hello-world' does match request body 'something-else'"}}}}}}},"deprecated":false},"delete":{"tags":["APIs"],"summary":"Delete an API","description":"Delete an API and the API registration entry. The API must have no deployed resources for the operation to succeed.\n\n> This operation requires the delete permission for the specific API","operationId":"delete-apis-api_name","responses":{"200":{"description":"Successful response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Api"},"examples":{"delete-api":{"value":{"name":"hello-world","api_registry_entry":false,"keycloak":false,"keycloak_client_jwks_resource_url":"","docker_repositories":[]}}}}}},"400":{"description":"Bad Request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPException"},"examples":{"Example 1":{"value":{"detail":"Cannot delete API with deployed resources."}}}}}}},"deprecated":false},"parameters":[{"name":"api_name","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string","example":"hello-world"}}]},"/apis/{api_name}/docker-token":{"get":{"tags":["Resources"],"summary":"Get a container registry access token","description":"If you are using the Hosted Containers function, you might need to access the associated Elastic Container Registry (ECR) Docker repository. To do this you will need a user name and password - use this endpoint to get those. See [Register a new API](#post-apis) for more information.\n\n> This operation requires the read permission for the specific API\n\nUse this endpoint to retrieve a short-lived access token (a username and password) and registry URI to access the registry:\n\n```\n$ docker login --username <user> --password <password> <registry>\n```\n\nIf your API was not initially configured with Docker repositories, this endpoint will receive a successful request with an empty object. If you need to set up Docker repositories for working with hosted containers, please reach out to us to update your API.\n","operationId":"get-apis-api_name-docker-token","responses":{"200":{"description":"Successful response","content":{"application/json":{"schema":{"type":"object","properties":{"user":{"type":"string"},"password":{"type":"string"},"registry":{"type":"string"},"expiresAt":{"type":"string","format":"date-time"}}},"examples":{"docker-token":{"value":{"user":"AWS","password":"**********************","registry":"https://958002497996.dkr.ecr.eu-west-2.amazonaws.com","expiresAt":"2022-10-26T02:05:39.540000+01:00"}}}}}}},"deprecated":false},"parameters":[{"name":"api_name","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}}]},"/apis/{api_name}/pytest-nhsd-apim-token":{"get":{"tags":["Resources"],"summary":"Get a token for use with the pytest-nhsd-apim python testing package","description":"Use to retrieve a token to supply `APIGEE_ACCESS_TOKEN` as an environment variable when using using the [pytest-nhsd-apim python testing package](https://github.com/NHSDigital/pytest-nhsd-apim). This is a pytest plugin that provides a set of fixtures and utilities to help you test your API proxies with simple integration and automatic authentication.\n\nFor full detail on how to use the package, see the [pytest-nhsd-apim documentation](https://nhsd-confluence.digital.nhs.uk/display/APM/Test+Utils+2.0%3A+pytest+plugin+for+APIM)\n","operationId":"get-apis-api_name-pytest-nhsd-apim-token","responses":{"200":{"description":"Successful response","content":{"application/json":{"schema":{"type":"object","properties":{"pytest_nhsd_apim_token":{"type":"string"},"expires_in":{"type":"string"}}},"examples":{"pytest-nhsd-apim-token":{"value":{"pytest_nhsd_apim_token":"**********************","expires_in":"43199"}}}}}}},"deprecated":false},"parameters":[{"name":"api_name","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}}]},"/apis/{api_name}/spec":{"get":{"tags":["API Specifications"],"summary":"Get the Specification for an API","description":"Get an API's OpenAPI Specification (OAS).\n\n> This operation require the read permission for the specific API\n\nAn API may have an OpenAPI Specification which is published on the [API Catalogue](https://digital.nhs.uk/developer/api-catalogue).\n\nNote that this is distinct from the OAS files that drive the generation of API's 'instances' (deployed API proxies). Instance-specific OAS files are typically derived from this specification, but include Proxy Generator API-specific extensions.","operationId":"get-apis-api_name-spec","requestBody":{"content":{},"required":false},"responses":{"200":{"description":"Successful response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PaasOpenAPI"},"examples":{"api-spec":{"$ref":"#/components/examples/api-oas"}}}}},"404":{"description":"Not Found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPException"},"examples":{"Example 1":{"value":{"detail":"Not found"}}}}}}},"deprecated":false},"put":{"tags":["API Specifications"],"summary":"Create or replace the specification for an API","description":"Create or replace (update) an API's OAS specification.\n\n> This operation requires the update permission for the specific API\n\nAn API may have an OpenAPI Specification which is published on the [API Catalogue](https://digital.nhs.uk/developer/api-catalogue).\n\nNote that this is distinct from the OAS files that drive the generation of API's 'instances' (deployed API proxies). Instance-specific OAS files are typically derived from this specification, but include Proxy Generator API-specific extensions.","operationId":"put-apis-api_name-spec","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PaasOpenAPI"},"examples":{"update-api-specification":{"$ref":"#/components/examples/api-oas"}}}},"required":false},"responses":{"200":{"description":"Successful request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PaasOpenAPI"},"examples":{"put-spec-response":{"$ref":"#/components/examples/api-oas"}}}}}},"deprecated":false},"delete":{"tags":["API Specifications"],"summary":"Delete the specification for an API","description":"Delete an API's OpenAPI Specification (OAS).\n\n> This operation requires the delete permission for the specific API\n\nAn API may have an OAS format specification which is (or will be) published on the [API Catalogue](https://digital.nhs.uk/developer/api-catalogue), however this is not mandatory. Using this operation you can delete the API's specification.","operationId":"delete-apis-api_name-spec","responses":{"204":{"description":"Specification deleted successfully"}},"deprecated":false},"parameters":[{"name":"api_name","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}}]},"/apis/{api_name}/spec/uat":{"get":{"tags":["API Specifications"],"summary":"Get the UAT Specification for an API","description":"Identical to [GET /apis/{api_name}/spec](#get-apis-api_name-spec) except if a UAT version of the spec exist, then\nthis will be returned instead.","operationId":"get-apis-api_name-spec-uat","requestBody":{"content":{},"required":false},"responses":{"200":{"description":"Successful response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PaasOpenAPI"},"examples":{"api-spec":{"$ref":"#/components/examples/api-oas"}}}}},"404":{"description":"Not Found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPException"},"examples":{"Example 1":{"value":{"detail":"Not found"}}}}}}},"deprecated":false},"put":{"tags":["API Specifications"],"summary":"Create or replace the UAT specification for an API","description":"Create or replace (update) the UAT version of an API's OAS specification.\n\n> This operation requires the update permission for the specific API","operationId":"put-apis-api_name-spec-uat","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PaasOpenAPI"},"examples":{"update-api-specification":{"$ref":"#/components/examples/api-oas"}}}},"required":false},"responses":{"200":{"description":"Successful request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PaasOpenAPI"},"examples":{"put-spec-response":{"$ref":"#/components/examples/api-oas"}}}}}},"deprecated":false},"delete":{"tags":["API Specifications"],"summary":"Delete the UAT specification for an API","description":"Delete an the UAT version of an API's OpenAPI Specification (OAS).\n\n> This operation requires the delete permission for the specific API","operationId":"delete-apis-api_name-spec-uat","responses":{"204":{"description":"Specification deleted successfully"}},"deprecated":false},"parameters":[{"name":"api_name","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}}]},"/apis/{api_name}/config":{"get":{"tags":["APIs"],"summary":"Get an API's config","description":"Get an API's config\n\n> This operation requires the **admin** permission.\n\nAPI-level configuration currently includes:\n\n### Disallowed environments\nA list of environments that are disallowed for an API to deploy to. By default 'prod' is disallowed which can be changed by API Management on request when ready to deploy to production.","operationId":"get-api-config","parameters":[],"responses":{"200":{"description":"Successful response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ApiConfig"},"examples":{"disallowed-prod-config":{"value":{"disallowed_environments":["prod"]}}}}}}},"deprecated":false},"put":{"tags":["APIs"],"summary":"Update an API's config","description":"Updates an API's config\n\n> This operation requires the **admin** permission.\n\nYou must provide the API's full config when updating.\n\nThe config is initially created with default values on creation of the API.\n\nAPI-level configuration currently includes:\n\n### Disallowed environments\nA list of environments that are disallowed for an API to deploy to. By default 'prod' is disallowed which can be changed by API Management on request when ready to deploy to production.","operationId":"put-api-config","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/ApiConfig"},"examples":{"update-api-config":{"value":{"disallowed_environments":["prod","dev"]}}}}},"required":false},"responses":{"200":{"description":"Api config udpated.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ApiConfig"},"examples":{"disallowed-prod-config":{"value":{"disallowed_environments":["prod"]}}}}}},"422":{"description":"Unprocessable Entity","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPException"},"examples":{"extra-fields-not-permitted":{"value":{"detail":"extra fields not permitted"}},"invalid-disallowed-environments-type":{"value":{"detail":"value is not a valid list"}},"invalid-environment-in-disallowed-environments":{"value":{"detail":"Invalid environment 'pord' in disallowed_environments. Must be one of: prod, int, sandbox, dev, ref, internal-qa, internal-qa-sandbox, internal-dev, internal-dev-sandbox"}}}}}}},"deprecated":false},"parameters":[{"name":"api_name","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}}]},"/apis/{api_name}/environments":{"get":{"tags":["Resources"],"summary":"Get an API's deployed resources (optionally just a specific type)","description":"Get a list of the deployed resources for an API.\n\n> This operations requires the read permission for the specific API\n\nResource can be either 'secrets' or 'instances' (API proxies).\n\nRetrieve instances of a specific type using the optional `type` query parameter.\n\nResources in *all* environments are listed.","operationId":"get-apis-api_name-environments","parameters":[{"name":"type","in":"query","required":false,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"enum":["instance","secret"],"type":"string","example":"instance"}}],"responses":{"200":{"description":"Successful response","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/resource"}},"examples":{"get-resources-all-environments":{"value":[{"spec_hash":"437b930db84b8079c2dd804a71936b5f","temporary":true,"type":"instance","environment":"internal-dev","name":"hello-world-123","last_modified":"2022-10-12T11:39:45+00:00"},{"type":"secret","apikey":false,"mtls":false,"version_id":"106a9942-210f-4f43-9735-a9310a34daa7","environment":"internal-dev","name":"some-secret","last_modified":"2022-10-12T11:39:45+00:00"},{"spec_hash":"437b930db84b8079c2dd804a71936b5f","temporary":true,"type":"instance","environment":"internal-qa","name":"hello-world-321","last_modified":"2022-10-12T11:39:45+00:00"},{"type":"secret","apikey":false,"mtls":false,"version_id":"106a9942-210f-4f43-9735-a9310a34daa7","environment":"internal-qa","name":"some-other-secret","last_modified":"2022-10-12T11:39:45+00:00"}]}}}}}},"deprecated":false},"parameters":[{"name":"api_name","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}}]},"/apis/{api_name}/environments/{environment}":{"get":{"tags":["Resources"],"summary":"Get an API's deployed resources for a specific environment","description":"Get a list of the deployed resources for an API, in a specific environment.\n\n> This operations requires the read permission for the specific API\n\nResource can be either 'secrets' or 'instances' (API proxies).","operationId":"get-apis-api_name-environments-environment","responses":{"200":{"description":"Successful response","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/resource"}},"examples":{"get-resources-specific-environment":{"value":[{"spec_hash":"437b930db84b8079c2dd804a71936b5f","temporary":true,"type":"instance","environment":"internal-dev","name":"hello-world-123","last_modified":"2022-10-12T11:39:45+00:00"},{"type":"secret","apikey":false,"mtls":false,"version_id":"106a9942-210f-4f43-9735-a9310a34daa7","environment":"internal-dev","name":"some-secret","last_modified":"2022-10-12T11:39:45+00:00"}]}}}}}},"deprecated":false},"parameters":[{"name":"api_name","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}},{"name":"environment","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}}]},"/apis/{api_name}/environments/{environment}/secrets":{"get":{"tags":["Resources"],"summary":"Get the secrets for an API in a specific environment","description":"Get a list of stored secrets for an API, in a specific environment.\n\n> This operations requires the read permission for the specific API","operationId":"get-apis-api_name-environments-environment-secrets","responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/secret"}},"examples":{"get-secrets-for-environment":{"value":[{"type":"secret","apikey":true,"mtls":false,"version_id":"106a9942-210f-4f43-9735-a9310a34daa7","environment":"internal-dev","name":"some-secret","last_modified":"2022-10-12T11:39:45+00:00"},{"type":"secret","apikey":false,"mtls":true,"version_id":"4e03f1bd-f6d4-415e-bf04-10640136f031","environment":"internal-dev","name":"some-other-secret","last_modified":"2022-10-10T10:12:25+00:00"}]}}}}}},"deprecated":false},"parameters":[{"name":"api_name","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}},{"name":"environment","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}}]},"/apis/{api_name}/environments/{environment}/secrets/apikey/{secret_name}":{"put":{"tags":["Resources"],"summary":"Create or update an API Key secret","description":"Create or update an API Key secret\n\n> This operation requires the update permission for the specific API\n\nCreate a named secret using this operation, specifying the secret name (key) in the path and secret value to be stored in the body of the request.\n\nIf the secret already exists it will be updated.\n\nAPI Keys can be used to secure the connection between an instance (API Proxy) and back-end (target).","operationId":"put-apis-api_name-environments-environment-secrets-apikey-secret_name","requestBody":{"content":{"text/plain":{"schema":{"minLength":1,"type":"string"},"examples":{"api-key-uuid":{"value":"fc0875d7-65ad-4e68-bff8-2fa1d3130bf7"}}}},"required":true},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/secret"},"examples":{"put-secret-response":{"value":{"name":"my-secret","type":"secret","last_modified":"2019-08-24T14:15:22Z","environment":"internal-dev","apikey":true,"mtls":false,"version_id":"9e94c502-ca41-4342-a7f7-af96b444512c"}}}}}},"422":{"description":"Unprocessable Entity","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPException"},"examples":{"empty-request-body":{"value":{"detail":"Request body cannot be empty"}}}}}}},"deprecated":false},"parameters":[{"name":"api_name","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}},{"name":"environment","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}},{"name":"secret_name","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"maxLength":400,"minLength":1,"pattern":"^[a-zA-Z0-9_-]+$","type":"string","example":"some-secret"}}]},"/apis/{api_name}/environments/{environment}/secrets/mtls/{secret_name}":{"put":{"tags":["Resources"],"summary":"Create or update an mTLS secret","description":"Create or update an mTLS certificate and private key combination secret.\n\n> This operation requires the update permission for the specific API\n\nCreate a named secret using this operation, specifying the secret name (key) in the path and secret value to be stored in the body of the request.\n\nIf the secret already exists it will be updated.\n\nAdding this secret creates or updates a keystore on the API platform which is used in a handshake with the target server certificate, which verifies that both the client and server certificates have been signed by the same root certificate authority.\n\n> * The certificate and private key files should be in PEM format and must be sent as `multipart/form-data` under fields of `key` and `cert`.\n> * Updating an mtls secret will always update the keystore and will be used by any instances of the API in the specified environment. This is can be used for key rotation but should be done with caution for live environments.","operationId":"put-apis-api_name-environments-environment-secrets-mtls-secret_name","requestBody":{"content":{"multipart/form-data":{"schema":{"type":"object","properties":{"key":{"type":"string","format":"binary"},"cert":{"type":"string","format":"binary"}}}}},"required":true},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/secret"},"examples":{"put-secret-response":{"value":{"name":"my-secret","type":"secret","last_modified":"2019-08-24T14:15:22Z","environment":"internal-dev","apikey":false,"mtls":true,"version_id":"9e94c502-ca41-4342-a7f7-af96b444512c"}}}}}},"422":{"description":"Unprocessable Entity","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPException"},"examples":{"empty-request-body":{"value":{"detail":"Request body cannot be empty"}}}}}},"400":{"description":"Bad Request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPException"},"examples":{"missing-key-file":{"value":{"detail":"Missing key file in payload. Must include both key and cert files."}},"missing-cert-file":{"value":{"detail":"Missing cert file in payload. Must include both key and cert files."}},"invalid-key-file":{"value":{"detail":"Invalid key file in payload. Must be a PEM key file."}},"invalid-cert-file":{"value":{"detail":"Invalid cert file in payload. Must be a PEM cert file."}},"password-protected-key-file":{"value":{"detail":"Invalid key file in payload. key file cannot be password protected."}}}}}}},"deprecated":false},"parameters":[{"name":"api_name","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}},{"name":"environment","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}},{"name":"secret_name","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"maxLength":400,"minLength":1,"pattern":"^[a-zA-Z0-9_-]+$","type":"string","example":"some-secret"}}]},"/apis/{api_name}/environments/{environment}/secrets/{secret_type}/{secret_name}":{"get":{"tags":["Resources"],"summary":"Get the metadata for a specific secret","description":"Get secret metadata for a specific secret.\n\n> This operation requires the read permission for the specific API","operationId":"get-apis-api_name-environments-environment-secrets-secret_name","responses":{"200":{"description":"Successful response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/secret"},"examples":{"get_secret":{"value":{"type":"secret","apikey":false,"mtls":false,"version_id":"106a9942-210f-4f43-9735-a9310a34daa7","environment":"internal-dev","name":"some-secret","last_modified":"2022-10-12T11:39:45+00:00"}}}}}}},"deprecated":false},"delete":{"tags":["Resources"],"summary":"Delete a secret or API key","description":"Delete a secret or API Key\n\n> This operation requires the delete permission for the specific API","operationId":"delete-apis-api_name-environments-environment-secrets-secret_name","responses":{"200":{"description":"Secret deleted","content":{"application/json":{"schema":{"$ref":"#/components/schemas/secret"},"examples":{"delete-secret":{"value":{"type":"secret","apikey":false,"version_id":"106a9942-210f-4f43-9735-a9310a34daa7","environment":"internal-dev","name":"some-secret","last_modified":"2022-10-12T11:39:45+00:00"}}}}}}},"deprecated":false},"parameters":[{"name":"api_name","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}},{"name":"environment","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}},{"name":"secret_type","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"enum":["apikey","mtls"],"type":"string"}},{"name":"secret_name","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"maxLength":400,"minLength":1,"pattern":"^[a-zA-Z0-9_-]+$","type":"string","example":"some-secret"}}]},"/apis/{api_name}/environments/{environment}/instances":{"get":{"tags":["API Instances"],"summary":"Get the instances of an API in a specific environment","description":"Get a list of the deployed instances (API Proxies and associated API Access Modes) for a given API and environment.\n\n> This operations requires the read permission for the specific API\n","operationId":"get-apis-api_name-environments-environment-instances","responses":{"200":{"description":"Successful response","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/instance"}},"examples":{"get-instances-specific-environment":{"value":[{"spec_hash":"437b930db84b8079c2dd804a71936b5f","temporary":true,"type":"instance","environment":"internal-dev","name":"hello-world-123","last_modified":"2022-10-12T11:39:45+00:00"}]}}}}}},"deprecated":false},"post":{"tags":["API Instances"],"summary":"Create an API instance in a specific environment","description":"Creating a new instance of the API, in the specified environment, will deploy it and make it available in that environment.\n\n> This operation requires the create permission for the specific API\n\nThe name of the created instance is determined by base path of the server url.","operationId":"post-apis-api_name-environments-environment-instances","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PaasOpenAPI"},"examples":{"create-instance-post-body-example":{"$ref":"#/components/examples/instance-oas"}}}},"required":false},"responses":{"201":{"description":"Instance created","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PaasOpenAPI"},"examples":{"create-instance-post-response":{"$ref":"#/components/examples/instance-oas"}}}}},"409":{"description":"Failed to create instance","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPException"},"examples":{"failed-to-create-instance":{"value":{"detail":"API hello-world already has an instance hello-world-123 in internal-dev"}}}}}},"422":{"description":"Unprocessable Entity","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPException"},"examples":{"temporary-instance-is-external-env":{"value":{"detail":{"msg":"1 validation error for ApiInstance\\nenvironment\\n  Instances in int environment cannot be temporary. (type=value_error)"}}}}}}}},"deprecated":false},"parameters":[{"name":"api_name","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}},{"name":"environment","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}}]},"/apis/{api_name}/environments/{environment}/instances/{instance_name}":{"get":{"tags":["API Instances"],"summary":"Get a specific API instance","description":"Get the instance-specific OAS file defining a specific API instance.\n\n> This operation requires the read permission for the specific API","operationId":"get-apis-api_name-environments-environment-instances-instance_name","responses":{"200":{"description":"Successful response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PaasOpenAPI"},"examples":{"get-instance":{"$ref":"#/components/examples/instance-oas"}}}}}},"deprecated":false},"put":{"tags":["API Instances"],"summary":"Update or create an API instance","description":"Update or create a named API instance\n\n> This operation requires the update permission for the specific API\n\nCreated a named API instance using this operation.\n\nIf the instance already exists it will be updated.\n\nThe instance name supplied in the path parameter must match the one derived from the `servers.0.server.url` base path.","operationId":"put-apis-api_name-environments-environment-instances-instance_name","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PaasOpenAPI"},"examples":{"put-instance-body":{"$ref":"#/components/examples/instance-oas"}}}},"required":false},"responses":{"200":{"description":"Instance created or updated","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PaasOpenAPI"},"examples":{"put-instance-response":{"$ref":"#/components/examples/instance-oas"}}}}}},"deprecated":false},"delete":{"tags":["API Instances"],"summary":"Delete an API instance","description":"Delete an API instance\n\n> This operation requires the delete permission for the specific API","operationId":"delete-apis-api_name-environments-environment-instances-instance_name","responses":{"200":{"description":"Instance deleted"},"404":{"description":"Instance not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPException"},"examples":{"Example 1":{"value":{"detail":"No instance hello-world-123 in environment internal-dev"}}}}}}},"deprecated":false},"parameters":[{"name":"api_name","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}},{"name":"environment","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}},{"name":"instance_name","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}}]},"/specs":{"get":{"tags":["API Specification Bulk Retrieval"],"summary":"Get all specifications","description":"Get a list of all API specifications and their last-modified dates.\n\n> This operation requires the special `spec-resource` permission\n\nThe specifications listed are the API specification (those accessed through the [GET /apis/{api_name}/spec](#get-apis-api_name-spec) endpoints) and not the instance-specific specifications.\n\nIn the returned object `spec_id` is synonymous with `api_name` found in other contexts.","operationId":"get-specs","responses":{"200":{"description":"Successful response","content":{"application/json":{"schema":{"type":"array","items":{"type":"object","properties":{"spec_id":{"type":"string","description":"Synonymous with `api_name` found in other contexts","example":"hello-world"},"last_modified":{"type":"string","format":"date-time"}}}},"examples":{"get-all-specs":{"value":[{"spec_id":"hello-world","last_modified":"2019-08-24T14:15:22Z"},{"spec_id":"personal-demographics","last_modified":"2019-08-22T12:14:11Z"}]}}}}}},"deprecated":false}},"/specs/{api_name}":{"get":{"tags":["API Specification Bulk Retrieval"],"summary":"Get an API specification","description":"Get a specific API specification.\n\n> This operation requires the special `spec-resource` permission\n\nThe specification is API specification as you might access through the [GET /apis/{api_name}/spec](#get-apis-api_name-spec) endpoint and not the instance-specific specification.","operationId":"get-specs-api_name","responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PaasOpenAPI"},"examples":{"get-spec":{"$ref":"#/components/examples/api-oas"}}}}}},"deprecated":false},"parameters":[{"name":"api_name","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}}]},"/specs/{api_name}/uat":{"get":{"tags":["API Specification Bulk Retrieval"],"summary":"Get the UAT version of an API specification","description":"Identical to [GET /specs/{api_name}/uat](#get-specs-api_name) except if a UAT version of the spec exist, then\nthis will be returned instead.","operationId":"get-specs-api_name_uat","responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PaasOpenAPI"},"examples":{"get-spec":{"$ref":"#/components/examples/api-oas"}}}}}},"deprecated":false},"parameters":[{"name":"api_name","in":"path","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string"}}]}},"components":{"schemas":{"Api":{"title":"Api","required":["name"],"type":"object","properties":{"name":{"type":"string","description":"API name in kebab-case. It has to be unique","example":"hello-world"},"api_registry_entry":{"type":"boolean","description":"Whether to create an entry in the API Registry","default":true},"keycloak":{"type":"boolean","description":"Indicates that Keycloak manages access and permissions for this API. This should always be set to `true`","default":true},"keycloak_client_jwks_resource_url":{"type":"string","description":"The JWKS resource URL holding the public key for the default machine user admin client.","example":"https://example.org/jwks-endpoint"},"docker_repositories":{"uniqueItems":true,"type":"array","items":{"type":"string","example":"hello-world"},"description":"Defaults to one repository with the same name as the API name.\r\n\r\nNames must be the same as, or start with, the API name.\r\n\r\nSend an empty list to have no repositories."}}},"ApiConfig":{"title":"ApiConfig","type":"object","properties":{"disallowed_environments":{"uniqueItems":true,"type":"array","items":{"type":"string","example":"prod"},"description":"A list of environments the API is not allowed to deployed to. By default this includes 'prod' as there are pre-go-live activities that should first be completed. Contact the API Management team to change this."}}},"HTTPException":{"title":"HTTPException","type":"object","properties":{"detail":{"type":"string"}}},"LITERAL_ENVS":{"title":"LITERAL_ENVS","enum":["internal-dev","internal-dev-sandbox","internal-qa","internal-qa-sandbox","ref","dev","int","sandbox","prod"],"description":""},"base_resource":{"title":"base_resource","type":"object","properties":{"environment":{"$ref":"#/components/schemas/LITERAL_ENVS"},"name":{"type":"string","example":"hello-world-123"},"last_modified":{"type":"string","format":"date-time","example":"2022-10-12T11:39:45+00:00"}},"x-examples":{}},"PaasOpenAPI":{"title":"OAS v3.0.3 Specification with Proxy Generator API-specific constraints and extensions","required":["openapi","info","servers","paths"],"type":"object","properties":{"openapi":{"enum":["3.0.3"],"type":"string"},"info":{"type":"object"},"externalDocs":{"type":"object"},"servers":{"minItems":1,"type":"array","items":{"required":["url"],"type":"object","properties":{"url":{"pattern":"^https://(internal-dev.api|internal-dev-sandbox.api|internal-qa.api|internal-qa-sandbox.api|ref.api|dev.api|int.api|sandbox.api|api).service.nhs.uk/((([a-zA-Z0-9])+[-/]?)+([a-zA-Z0-9])+)$","type":"string"},"description":{"type":"string"},"variables":{"type":"object"}}}},"security":{"type":"array","items":{"$ref":"#/components/schemas/PaasSecurityRequirement"}},"tags":{"type":"array"},"paths":{"type":"object","properties":{"^\\/":{"type":"object","properties":{"summary":{"type":"string"},"description":{"type":"string"},"servers":{"type":"array"},"parameters":{"type":"array"},"get":{"$ref":"#/components/schemas/Operation"},"put":{"$ref":"#/components/schemas/Operation"},"post":{"$ref":"#/components/schemas/Operation"},"delete":{"$ref":"#/components/schemas/Operation"},"options":{"$ref":"#/components/schemas/Operation"},"head":{"$ref":"#/components/schemas/Operation"},"patch":{"$ref":"#/components/schemas/Operation"},"trace":{"$ref":"#/components/schemas/Operation"}},"description":"Some (any) path"}}},"components":{"type":"object"},"x-nhsd-apim":{"$ref":"#/components/schemas/XNhsdApim"}},"description":"Many Proxy Generator API endpoints accept or return an OpenAPI Specification with some additional constraints and a [specification extension](https://swagger.io/docs/specification/openapi-extensions/).\n\nFor more in-depth descriptions, see the [OpenAPI specification constraints and extensions](#overview--openapi-specification-constraints-and-extensions) section.\n\nUnfortunately the schema for an OAS cannot be represented in another OAS (this Proxy Generator API specification) due to the lack of support for `patternProperties`. This is a **partial/incomplete** representation of that schema, with a specific focus on the Proxy Generator API-specific constraints and extensions.\n\nMany properties are left 'empty' (eg `type: object`) where they are unmodified. Where there are Proxy Generator API-specific constraints on fields, the original sibling fields are typically included.\n\nPlease also refer to the [OpenAPI Specification version 3.0.3](https://swagger.io/specification/v3/) reference."},"Operation":{"type":"object","properties":{"tags":{"type":"array"},"summary":{"type":"string"},"description":{"type":"string"},"externalDocs":{"type":"object"},"operationId":{"type":"string"},"servers":{"type":"array"},"security":{"$ref":"#/components/schemas/PaasSecurityRequirement"},"deprecated":{"type":"boolean"},"responses":{"type":"object"},"parameters":{"type":"object"}}},"PaasSecurityRequirement":{"type":"object","allOf":[{"$ref":"#/components/schemas/_PaasSecurity"}]},"EmptyList":{"maxItems":0,"type":"array"},"_PaasSecurity":{"title":"_PaasSecurity","type":"object","oneOf":[{"required":["app_level0"],"properties":{"app_level0":{"$ref":"#/components/schemas/EmptyList"}},"additionalProperties":false},{"required":["app_level3"],"properties":{"app_level3":{"$ref":"#/components/schemas/EmptyList"}},"additionalProperties":false},{"required":["nhs_login_p0"],"properties":{"nhs_login_p0":{"$ref":"#/components/schemas/EmptyList"}},"additionalProperties":false},{"required":["nhs_login_p5"],"properties":{"nhs_login_p5":{"$ref":"#/components/schemas/EmptyList"}},"additionalProperties":false},{"required":["nhs_login_p9"],"properties":{"nhs_login_p9":{"$ref":"#/components/schemas/EmptyList"}},"additionalProperties":false},{"required":["nhs_cis2_aal1"],"properties":{"nhs_cis2_aal1":{"$ref":"#/components/schemas/EmptyList"}},"additionalProperties":false},{"required":["nhs_cis2_aal3"],"properties":{"nhs_cis2_aal3":{"$ref":"#/components/schemas/EmptyList"}},"additionalProperties":false}],"description":"Authorisation and Authentication pattern of the path","x-examples":{"Example 1":{"app_level0":[]}}},"XNhsdApim":{"type":"object","properties":{"target":{"$ref":"#/components/schemas/Target"},"access":{"type":"array","items":{"$ref":"#/components/schemas/Access"},"description":"Defines a list of API Access Modes to be deployed within the API Platform."},"ratelimiting":{"$ref":"#/components/schemas/RateLimiting"},"monitoring":{"type":"boolean","description":"Adds _ping and _status endpoints to the list of endpoints to be monitored","default":true},"temporary":{"type":"boolean","default":false},"target-attributes":{"type":"array","items":{"$ref":"#/components/schemas/TargetAttribute"},"description":"Describes attributes that are expected to be attached to Applications consuming your API."},"target-identity":{"type":"array","items":{"$ref":"#/components/schemas/TargetIdentity"},"description":"Describes identity headers intended to be passed through to the target backend from the users CIS2 or NHS login auth token."}},"description":"This section defines the infrastructure and resources required to deploy the Proxy.\n"},"Target":{"allOf":[{"$ref":"#/components/schemas/BaseTarget"}],"oneOf":[{"$ref":"#/components/schemas/HostedTarget"},{"$ref":"#/components/schemas/ExternalTarget"}],"description":"Describes the API back-end and therefore associated infrastructure for deployment."},"BaseTarget":{"type":"object","properties":{"healthcheck":{"pattern":"^/","type":"string","description":"The path of the healthcheck endpoint on the back-end. When the /_status endpoint of your proxy is called, it then calls out to this healthcheck endpoint and if this returns a status of 200 then /_status will return a status of `pass`"}}},"Access":{"required":["title","grants"],"type":"object","properties":{"title":{"type":"string"},"grants":{"$ref":"#/components/schemas/PaasSecurityAccess"},"visible":{"type":"boolean","default":true}}},"PaasSecurityAccess":{"type":"object","allOf":[{"$ref":"#/components/schemas/_PaasSecurity"}],"description":"Grant access to this view using items defined in `securitySchemes`"},"HostedTarget":{"required":["containers","type"],"type":"object","properties":{"type":{"enum":["hosted"],"type":"string"},"containers":{"maxItems":5,"minItems":1,"uniqueItems":true,"type":"array","items":{"$ref":"#/components/schemas/Container"},"description":"A list of Docker containers to deploy with each API instance."}},"description":"The back-end target is hosted using Docker container(s) within the API Platform."},"Container":{"required":["name","image"],"type":"object","properties":{"name":{"type":"string"},"image":{"$ref":"#/components/schemas/Image"},"environment":{"type":"object","description":"Environment variables"},"primary":{"type":"boolean","description":"The primary container is the one which will handle incoming requests. It is expected that this container exposes HTTP port 9000."}}},"Image":{"required":["name","tag"],"type":"object","properties":{"name":{"type":"string"},"tag":{"type":"string"}},"description":"A container image whihch must be available in the AWS ECR."},"ExternalTarget":{"required":["url","security","type"],"type":"object","properties":{"type":{"enum":["external"],"type":"string"},"url":{"type":"string","format":"uri"},"security":{"oneOf":[{"$ref":"#/components/schemas/APIKeyBackendSecurity"},{"$ref":"#/components/schemas/MTLSBackendSecurity"}]}},"description":"The API back-end is hosted externally to the API Platform. Requests will be sent sent out to the provided URL."},"APIKeyBackendSecurity":{"required":["type","header","secret"],"type":"object","properties":{"header":{"type":"string","description":"The name of the HTTP header, added by the API Platform, which will contain the API key.","example":"apikey (the default)"},"secret":{"type":"string","description":"The name of a `secret` resource, which must already be deployed into the relevant environment."},"type":{"enum":["apikey"],"type":"string"}},"description":"A target back-end that is secured using an API key, which will be included in the configured HTTP request header."},"MTLSBackendSecurity":{"required":["type","secret"],"type":"object","properties":{"secret":{"type":"string","description":"The name of a `secret` resource, which must already be deployed into the relevant environment."},"type":{"enum":["mtls"],"type":"string"}},"description":"A target back-end that is secured using a mTLS handshake, which verifies that both the client (API platform) and server (target back-end) certificates have been signed by the same root certificate authority."},"RateLimiting":{"type":"object","properties":{"proxy":{"$ref":"#/components/schemas/RateLimit"},"app_default":{"$ref":"#/components/schemas/RateLimit"}},"description":"Rate limits can be described per-proxy and/or a default for the entire app."},"RateLimit":{"required":["timeunit","limit"],"type":"object","properties":{"timeunit":{"enum":["second","minute","hour"],"type":"string"},"limit":{"minimum":0.0,"type":"integer"}}},"TargetAttribute":{"required":["name"],"type":"object","properties":{"name":{"type":"string"},"required":{"type":"boolean","default":true},"header":{"type":"string","default":"attribute-{name}"}}},"TargetIdentity":{"required":["name"],"type":"object","properties":{"name":{"enum":["cis2-uuid","cis2-urid","cis2-acr","nhs-login-nhs-number","nhs-login-identity-proofing-level","id-token"],"type":"string","description":"Name of the identity header to be included in target requests"},"header":{"type":"string","description":"Custom header name","default":"NHSD-Session-UUID | NHSD-Session-URID | NHSD-Session-CIS2-ACR | NHSD-NHSlogin-NHS-Number | NHSD-NHSlogin-Identity-Proofing-Level | NHSD-ID-Token"}}},"instance":{"title":"instance","allOf":[{"type":"object","properties":{"spec_hash":{"type":"string","description":"The md5 hash of the OAS defining this instance","example":"437b930db84b8079c2dd804a71936b5f"},"temporary":{"type":"boolean","description":"Whether the instance is marked as temporary.\r\n\r\nTemporary instances are periodically removed, subject to their `last_modified` date.","default":false},"type":{"enum":["instance"]}}},{"$ref":"#/components/schemas/base_resource"}],"x-examples":{"Example 1":{"spec_hash":"string","temporary":false,"type":"instance","environment":"internal-dev","name":"hello-world-123","last_modified":"2022-10-12T11:39:45+00:00"}}},"resource":{"title":"resource","oneOf":[{"$ref":"#/components/schemas/instance"},{"$ref":"#/components/schemas/secret"}]},"secret":{"title":"secret","allOf":[{"type":"object","properties":{"type":{"enum":["secret"]},"apikey":{"type":"boolean"},"mtls":{"type":"boolean"},"version_id":{"type":"string","format":"uuid","example":"106a9942-210f-4f43-9735-a9310a34daa7"}}},{"$ref":"#/components/schemas/base_resource"}]}},"examples":{"instance-oas":{"value":{"openapi":"3.0.3","info":{"version":"0.0.1","title":"Hello World API","description":"## Overview\nUse this API alongside our  [tutorials](https://digital.nhs.uk/developer/guides-and-documentation/tutorials) to teach yourself how to connect to our RESTful APIs.\nYou can:\n - get a response from an open-access endpoint, where the calling application and the end users are not authenticated\n - get a response from an application-restricted endpoint, where the calling application is authenticated but the end user is not authenticated\n - get a response from a user-restricted endpoint, where the calling application and the end user are authenticated\n","contact":{"name":"API Management Support","email":"api.management@nhs.net"}},"servers":[{"url":"https://sandbox.api.service.nhs.uk/specification/hello-world","description":"Sandbox environment."}],"paths":{"/hello/world":{"get":{"summary":"Get a \"Hello world!\" response from an open-access endpoint","operationId":"getHello","security":[{"app-level0":[]}],"description":"## Overview\nUse this endpoint alongside our [open-access REST API tutorial](https://digital.nhs.uk/developer/guides-and-documentation/tutorials/open-access-rest-api-tutorial) to learn how to connect to our APIs.\n","responses":{"200":{"description":"Successful response.","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string","example":"Hello world!"}}},"example":{"message":"Hello world!"}}}}}}}},"components":{"securitySchemes":{"app-level0":{"\\$ref":"https://proxygen.prod.api.platform.nhs.uk/components/securitySchemes/app-level0"}}},"x-nhsd-apim":{"monitoring":true,"access":[{"title":"Application Restricted","grants":{"app-level0":[]}}],"target":{"type":"hosted","healthcheck":"/_mybackendhealthcheck","containers":[{"name":"hello-world","image":{"name":"hello-world_hello-world","tag":"72537-sha6c0ccdb"},"environment":{"LOG_LEVEL":"info","UPSTREAM":"https://internal-dev.api.service.nhs.uk","NODE_ENV":"production"}}]},"ratelimiting":{"proxy":{"limit":5,"timeunit":"minute"},"app-default":{"limit":10,"timeunit":"minute"}}}}},"api-oas":{"value":{"openapi":"3.0.3","info":{"version":"0.0.1","title":"Hello World API","description":"## Overview\nUse this API alongside our  [tutorials](https://digital.nhs.uk/developer/guides-and-documentation/tutorials) to teach yourself how to connect to our RESTful APIs.\nYou can:\n - get a response from an open-access endpoint, where the calling application and the end users are not authenticated\n - get a response from an application-restricted endpoint, where the calling application is authenticated but the end user is not authenticated\n - get a response from a user-restricted endpoint, where the calling application and the end user are authenticated\n","contact":{"name":"API Management Support","email":"api.management@nhs.net"}},"servers":[{"url":"https://sandbox.api.service.nhs.uk/specification/hello-world","description":"Sandbox environment."}],"paths":{"/hello/world":{"get":{"summary":"Get a \"Hello world!\" response from an open-access endpoint","operationId":"getHello","description":"## Overview\nUse this endpoint alongside our [open-access REST API tutorial](https://digital.nhs.uk/developer/guides-and-documentation/tutorials/open-access-rest-api-tutorial) to learn how to connect to our APIs.\n","responses":{"200":{"description":"Successful response.","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string","example":"Hello world!"}}},"example":{"message":"Hello world!"}}}}}}}}}}},"securitySchemes":{}},"x-spec-publication":{"operation-order":[{"group":"APIs","operations":[{"method":"GET","path":"/apis"},{"method":"POST","path":"/apis"},{"method":"GET","path":"/apis/{api_name}"},{"method":"PUT","path":"/apis/{api_name}"},{"method":"DELETE","path":"/apis/{api_name}"},{"method":"GET","path":"/apis/{api_name}/config"},{"method":"PUT","path":"/apis/{api_name}/config"}]},{"group":"API Specifications","operations":[{"method":"GET","path":"/apis/{api_name}/spec"},{"method":"PUT","path":"/apis/{api_name}/spec"},{"method":"DELETE","path":"/apis/{api_name}/spec"},{"method":"GET","path":"/apis/{api_name}/spec/uat"},{"method":"PUT","path":"/apis/{api_name}/spec/uat"},{"method":"DELETE","path":"/apis/{api_name}/spec/uat"}]},{"group":"Resources","operations":[{"method":"GET","path":"/apis/{api_name}/docker-token"},{"method":"GET","path":"/apis/{api_name}/pytest-nhsd-apim-token"},{"method":"GET","path":"/apis/{api_name}/environments"},{"method":"GET","path":"/apis/{api_name}/environments/{environment}"},{"method":"GET","path":"/apis/{api_name}/environments/{environment}/secrets"},{"method":"PUT","path":"/apis/{api_name}/environments/{environment}/secrets/apikey/{secret_name}"},{"method":"PUT","path":"/apis/{api_name}/environments/{environment}/secrets/mtls/{secret_name}"},{"method":"GET","path":"/apis/{api_name}/environments/{environment}/secrets/{secret_type}/{secret_name}"},{"method":"DELETE","path":"/apis/{api_name}/environments/{environment}/secrets/{secret_type}/{secret_name}"}]},{"group":"API Instances","operations":[{"method":"GET","path":"/apis/{api_name}/environments/{environment}/instances"},{"method":"POST","path":"/apis/{api_name}/environments/{environment}/instances"},{"method":"GET","path":"/apis/{api_name}/environments/{environment}/instances/{instance_name}"},{"method":"PUT","path":"/apis/{api_name}/environments/{environment}/instances/{instance_name}"},{"method":"DELETE","path":"/apis/{api_name}/environments/{environment}/instances/{instance_name}"}]},{"group":"API Specification Bulk Retrieval","operations":[{"method":"GET","path":"/specs"},{"method":"GET","path":"/specs/{api_name}"},{"method":"GET","path":"/specs/{api_name}/uat"}]}],"try-this-api":{"disabled":true}}}