Skip to main content

Import OpenAPI

This guide imports an OpenAPI document so Qefro can create or update Business Tools from your API spec — instead of hand-defining every operation.

Outcome

  • OpenAPI uploaded/previewed for a workspace
  • Operations reviewed (especially writes)
  • Tools applied with encrypted auth
  • Chat enablement deferred until tests pass

Prerequisites

  • OpenAPI 3.x document (URL or file) that describes HTTPS APIs
  • Scoped API credentials for the environments you will call
  • Owner/Admin role

Why preview matters

OpenAPI imports can expose dozens of operations, including DELETE and admin paths. Always preview, deselect dangerous operations, then apply.

Step 1 — Prepare the spec

  • Prefer a trimmed spec for the assistant (order read APIs ≠ full admin API)
  • Remove internal-only servers you cannot expose
  • Confirm security schemes match credentials you will store

Step 2 — Preview in Admin Console

  1. Open the target workspace → integrations / OpenAPI import.
  2. Provide the spec URL or upload.
  3. Review the operation list Qefro proposes.

Step 3 — Apply selectively

  1. Keep read operations first.
  2. Attach encrypted credentials.
  3. Apply/create tools.
  4. Run per-tool tests (see Connect REST APIs).

Step 4 — Reimport discipline

When the upstream API changes:

  1. Re-preview the new spec.
  2. Diff newly added write operations.
  3. Rotate credentials if the vendor rotated keys.
  4. Re-test before production chat.

Workflow checklist

OpenAPI import

  1. Trim the specAssistant-safe operations only.
  2. PreviewReject admin/delete unless required.
  3. Apply + encrypt authStore secrets in Qefro.
  4. Test each enabled opFix 401/404/5xx before chat.
  5. Monitor logsWatch for unexpected calls.

FAQ

Does import auto-enable every operation for the model?
You should assume you must review and limit what the assistant may call. Prefer explicit allowlists of tools.
What if my API is GraphQL only?
Expose a small HTTPS REST façade for the actions you want, or define REST tools manually for those mutations/queries.