Import OpenAPI
This guide imports an OpenAPI document so Qefro can create or update Business Tools from your API spec — instead of hand-defining every operation.
Outcome
- OpenAPI uploaded/previewed for a workspace
- Operations reviewed (especially writes)
- Tools applied with encrypted auth
- Chat enablement deferred until tests pass
Prerequisites
- OpenAPI 3.x document (URL or file) that describes HTTPS APIs
- Scoped API credentials for the environments you will call
- Owner/Admin role
Why preview matters
OpenAPI imports can expose dozens of operations, including DELETE and admin paths. Always preview, deselect dangerous operations, then apply.
Step 1 — Prepare the spec
- Prefer a trimmed spec for the assistant (order read APIs ≠ full admin API)
- Remove internal-only servers you cannot expose
- Confirm security schemes match credentials you will store
Step 2 — Preview in Admin Console
- Open the target workspace → integrations / OpenAPI import.
- Provide the spec URL or upload.
- Review the operation list Qefro proposes.
Step 3 — Apply selectively
- Keep read operations first.
- Attach encrypted credentials.
- Apply/create tools.
- Run per-tool tests (see Connect REST APIs).
Step 4 — Reimport discipline
When the upstream API changes:
- Re-preview the new spec.
- Diff newly added write operations.
- Rotate credentials if the vendor rotated keys.
- Re-test before production chat.
Workflow checklist
OpenAPI import
- Trim the spec — Assistant-safe operations only.
- Preview — Reject admin/delete unless required.
- Apply + encrypt auth — Store secrets in Qefro.
- Test each enabled op — Fix 401/404/5xx before chat.
- Monitor logs — Watch for unexpected calls.
FAQ
Does import auto-enable every operation for the model?
You should assume you must review and limit what the assistant may call. Prefer explicit allowlists of tools.
What if my API is GraphQL only?
Expose a small HTTPS REST façade for the actions you want, or define REST tools manually for those mutations/queries.