diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/DisableSecurityAndTryOutRESTResourceWithElkAnalyticsEnabledTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/DisableSecurityAndTryOutRESTResourceWithElkAnalyticsEnabledTestCase.java
new file mode 100644
index 0000000000..67ca3159cb
--- /dev/null
+++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/DisableSecurityAndTryOutRESTResourceWithElkAnalyticsEnabledTestCase.java
@@ -0,0 +1,211 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.am.integration.tests.api.lifecycle;
+
+import org.json.JSONException;
+import org.testng.ITestContext;
+import org.testng.annotations.AfterClass;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Test;
+import org.wso2.am.integration.clients.publisher.api.ApiException;
+import org.wso2.am.integration.test.utils.APIManagerIntegrationTestException;
+import org.wso2.carbon.automation.test.utils.http.client.HttpRequestUtil;
+import org.wso2.carbon.automation.test.utils.http.client.HttpResponse;
+import org.wso2.carbon.integration.common.utils.exceptions.AutomationUtilException;
+import org.wso2.carbon.integration.common.utils.mgt.ServerConfigurationManager;
+
+import javax.xml.xpath.XPathExpressionException;
+import java.io.File;
+import java.io.IOException;
+import java.util.HashMap;
+
+import static org.junit.Assert.assertNotEquals;
+import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.assertTrue;
+import static org.testng.AssertJUnit.assertNotNull;
+
+/**
+ * Add , edit and remove rest resource and test the invocation of API
+ */
+public class DisableSecurityAndTryOutRESTResourceWithElkAnalyticsEnabledTestCase extends APIManagerLifecycleBaseTest {
+ private final String API_VERSION_1_0_0 = "1.0.0";
+ private final String INVOKABLE_API_CONTEXT = API_VERSION_1_0_0 + "/api";
+
+ private final String RESPONSE_GET = "123John";
+ private final String API_GET_ENDPOINT_METHOD = "/customers/123";
+
+ private HashMap requestHeadersGet;
+ private ITestContext ctx;
+
+ private ServerConfigurationManager serverConfigurationManager;
+
+ @BeforeClass(alwaysRun = true)
+ public void initialize(ITestContext ctx) throws APIManagerIntegrationTestException, XPathExpressionException,
+ JSONException, ApiException, IOException, AutomationUtilException {
+
+ super.init();
+ serverConfigurationManager = new ServerConfigurationManager(superTenantKeyManagerContext);
+
+ serverConfigurationManager.applyConfiguration(new File(getAMResourceLocation()
+ + File.separator + "configFiles" + File.separator + "ElkAnalytics" +
+ File.separator + "deployment.toml"));
+
+ requestHeadersGet = new HashMap();
+ requestHeadersGet.put("accept", "text/xml");
+
+ this.ctx = ctx;
+ String apiId = (String) ctx.getAttribute("apiId");
+ // Create Revision and Deploy to Gateway
+ createAPIRevisionAndDeployUsingRest(apiId, restAPIPublisher);
+ waitForAPIDeployment();
+ }
+
+ @Test(groups = {"webapp"}, description = "Test the invocation of GET resource")
+ public void testTurnOffSecurityAndInvokeGETResource(ITestContext ctx) throws Exception {
+ String apiId = (String) ctx.getAttribute("apiId");
+
+ String oldSwagger = restAPIPublisher.getSwaggerByID(apiId);
+ // resource are modified by using swagger doc. create the swagger doc with modified information.
+
+ String modifiedResource = "{\n" +
+ " \"openapi\" : \"3.0.1\",\n" +
+ " \"info\" : {\n" +
+ " \"title\" : \"APITest\",\n" +
+ " \"description\" : \"description\",\n" +
+ " \"version\" : \"1.0.0\"\n" +
+ " },\n" +
+ " \"servers\" : [ {\n" +
+ " \"url\" : \"/\"\n" +
+ " } ],\n" +
+ " \"security\" : [ {\n" +
+ " \"default\" : [ ]\n" +
+ " } ],\n" +
+ " \"paths\" : {\n" +
+ " \"/\" : {\n" +
+ " \"get\" : {\n" +
+ " \"responses\" : {\n" +
+ " \"200\" : {\n" +
+ " \"description\" : \"OK\"\n" +
+ " }\n" +
+ " },\n" +
+ " \"security\" : [ ],\n" +
+ " \"x-auth-type\" : \"Application & Application User\",\n" +
+ " \"x-throttling-tier\" : \"Unlimited\",\n" +
+ " \"x-wso2-application-security\" : {\n" +
+ " \"security-types\" : [ \"oauth2\" ],\n" +
+ " \"optional\" : false\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " \"/customers/{id}\" : {\n" +
+ " \"get\" : {\n" +
+ " \"parameters\" : [ {\n" +
+ " \"name\" : \"id\",\n" +
+ " \"in\" : \"path\",\n" +
+ " \"required\" : true,\n" +
+ " \"style\" : \"simple\",\n" +
+ " \"explode\" : false,\n" +
+ " \"schema\" : {\n" +
+ " \"type\" : \"string\"\n" +
+ " }\n" +
+ " } ],\n" +
+ " \"responses\" : {\n" +
+ " \"200\" : {\n" +
+ " \"description\" : \"OK\"\n" +
+ " }\n" +
+ " },\n" +
+ " \"security\" : [ ],\n" +
+ " \"x-auth-type\" : \"None\",\n" +
+ " \"x-throttling-tier\" : \"Unlimited\",\n" +
+ " \"x-wso2-application-security\" : {\n" +
+ " \"security-types\" : [ \"oauth2\" ],\n" +
+ " \"optional\" : false\n" +
+ " }\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " \"components\" : {\n" +
+ " \"securitySchemes\" : {\n" +
+ " \"default\" : {\n" +
+ " \"type\" : \"oauth2\",\n" +
+ " \"flows\" : {\n" +
+ " \"implicit\" : {\n" +
+ " \"authorizationUrl\" : \"https://test.com\",\n" +
+ " \"scopes\" : { }\n" +
+ " }\n" +
+ " }\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " \"x-wso2-auth-header\" : \"Authorization\",\n" +
+ " \"x-wso2-api-key-header\" : \"ApiKey\",\n" +
+ " \"x-wso2-cors\" : {\n" +
+ " \"corsConfigurationEnabled\" : false,\n" +
+ " \"accessControlAllowOrigins\" : [ ],\n" +
+ " \"accessControlAllowCredentials\" : false,\n" +
+ " \"accessControlAllowHeaders\" : [ ],\n" +
+ " \"accessControlAllowMethods\" : [ ]\n" +
+ " },\n" +
+ " \"x-wso2-production-endpoints\" : {\n" +
+ " \"urls\" : [ \"http://localhost:10263/jaxrs_basic/services/customers/customerservice/\" ],\n" +
+ " \"type\" : \"http\"\n" +
+ " },\n" +
+ " \"x-wso2-sandbox-endpoints\" : {\n" +
+ " \"urls\" : [ \"http://localhost:10263/jaxrs_basic/services/customers/customerservice/\" ],\n" +
+ " \"type\" : \"http\"\n" +
+ " },\n" +
+ " \"x-wso2-basePath\" : \"/1.0.0/api\",\n" +
+ " \"x-wso2-transports\" : [ \"http\", \"https\" ],\n" +
+ " \"x-wso2-application-security\" : {\n" +
+ " \"security-types\" : [ \"oauth2\" ],\n" +
+ " \"optional\" : false\n" +
+ " },\n" +
+ " \"x-wso2-response-cache\" : {\n" +
+ " \"enabled\" : false,\n" +
+ " \"cacheTimeoutInSeconds\" : 100\n" +
+ " }\n" +
+ "}";
+ String swaggerResponse = restAPIPublisher.updateSwagger(apiId, modifiedResource);
+ assertNotNull(swaggerResponse);
+
+ String updatedSwagger = restAPIPublisher.getSwaggerByID(apiId);
+ assertNotEquals(updatedSwagger, oldSwagger, "Modifying resources failed for API");
+
+ createAPIRevisionAndDeployUsingRest(apiId, restAPIPublisher);
+ waitForAPIDeployment();
+
+ requestHeadersGet.remove("Authorization");
+
+ //Send GET Request
+
+ HttpResponse httpResponse =
+ HttpRequestUtil.doGet(getAPIInvocationURLHttp(INVOKABLE_API_CONTEXT) + API_GET_ENDPOINT_METHOD,
+ requestHeadersGet);
+ assertEquals(httpResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, "Invocation fails for GET request");
+ assertTrue(httpResponse.getData().contains(RESPONSE_GET), "Response Data not match for GET request." +
+ " Expected value :\"" + RESPONSE_GET + "\" not contains in response data:\"" + httpResponse.getData() + "\"");
+
+ }
+
+ @AfterClass(alwaysRun = true)
+ public void removeApplicationSharingConfig() throws Exception {
+ serverConfigurationManager.restoreToLastConfiguration(false);
+ }
+
+}
diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/ElkAnalytics/deployment.toml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/ElkAnalytics/deployment.toml
new file mode 100644
index 0000000000..b98a21b1a7
--- /dev/null
+++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/ElkAnalytics/deployment.toml
@@ -0,0 +1,260 @@
+[server]
+hostname = "localhost"
+#offset=0
+base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}"
+#discard_empty_caches = false
+server_role = "default"
+
+[super_admin]
+username = "admin"
+password = "admin"
+create_admin_account = true
+
+[user_store]
+type = "database_unique_id"
+
+[database.apim_db]
+type = "h2"
+url = "jdbc:h2:./repository/database/WSO2AM_DB;AUTO_SERVER=TRUE;DB_CLOSE_ON_EXIT=FALSE"
+username = "wso2carbon"
+password = "wso2carbon"
+
+[database.shared_db]
+type = "h2"
+url = "jdbc:h2:./repository/database/WSO2SHARED_DB;DB_CLOSE_ON_EXIT=FALSE"
+username = "wso2carbon"
+password = "wso2carbon"
+
+[keystore.tls]
+file_name = "wso2carbon.jks"
+type = "JKS"
+password = "wso2carbon"
+alias = "wso2carbon"
+key_password = "wso2carbon"
+
+#[keystore.listener_profile]
+#bind_address = "0.0.0.0"
+
+#[keystore.primary]
+#file_name = "wso2carbon.jks"
+#type = "JKS"
+#password = "wso2carbon"
+#alias = "wso2carbon"
+#key_password = "wso2carbon"
+
+#[keystore.internal]
+#file_name = "wso2carbon.jks"
+#type = "JKS"
+#password = "wso2carbon"
+#alias = "wso2carbon"
+#key_password = "wso2carbon"
+
+[[apim.gateway.environment]]
+name = "Default"
+type = "hybrid"
+provider = "wso2"
+display_in_api_console = true
+description = "This is a hybrid gateway that handles both production and sandbox token traffic."
+show_as_token_endpoint_url = true
+service_url = "https://localhost:${mgt.transport.https.port}/services/"
+username= "${admin.username}"
+password= "${admin.password}"
+ws_endpoint = "ws://localhost:9099"
+wss_endpoint = "wss://localhost:8099"
+http_endpoint = "http://localhost:${http.nio.port}"
+https_endpoint = "https://localhost:${https.nio.port}"
+websub_event_receiver_http_endpoint = "http://localhost:9021"
+websub_event_receiver_https_endpoint = "https://localhost:8021"
+
+[apim.sync_runtime_artifacts.gateway]
+gateway_labels =["Default"]
+
+#[apim.cache.gateway_token]
+#enable = true
+#expiry_time = "900s"
+
+#[apim.cache.resource]
+#enable = true
+#expiry_time = "900s"
+
+#[apim.cache.km_token]
+#enable = false
+#expiry_time = "15m"
+
+#[apim.cache.recent_apis]
+#enable = false
+
+#[apim.cache.scopes]
+#enable = true
+
+#[apim.cache.publisher_roles]
+#enable = true
+
+#[apim.cache.jwt_claim]
+#enable = true
+#expiry_time = "15m"
+
+#[apim.cache.tags]
+#expiry_time = "2m"
+
+[apim.analytics]
+enable = true
+type = "elk"
+
+[apim.key_manager]
+enable_apikey_subscription_validation = true
+#service_url = "https://localhost:${mgt.transport.https.port}/services/"
+#username = "$ref{super_admin.username}"
+#password = "$ref{super_admin.password}"
+#pool.init_idle_capacity = 50
+#pool.max_idle = 100
+#key_validation_handler_type = "default"
+#key_validation_handler_type = "custom"
+#key_validation_handler_impl = "org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler"
+
+#[apim.idp]
+#server_url = "https://localhost:${mgt.transport.https.port}"
+#authorize_endpoint = "https://localhost:${mgt.transport.https.port}/oauth2/authorize"
+#oidc_logout_endpoint = "https://localhost:${mgt.transport.https.port}/oidc/logout"
+#oidc_check_session_endpoint = "https://localhost:${mgt.transport.https.port}/oidc/checksession"
+
+#[apim.jwt]
+#enable = true
+#encoding = "base64" # base64,base64url
+#generator_impl = "org.wso2.carbon.apimgt.keymgt.token.JWTGenerator"
+#claim_dialect = "http://wso2.org/claims"
+#convert_dialect = false
+#header = "X-JWT-Assertion"
+#signing_algorithm = "SHA256withRSA"
+#enable_user_claims = true
+#claims_extractor_impl = "org.wso2.carbon.apimgt.impl.token.ExtendedDefaultClaimsRetriever"
+
+#[apim.oauth_config]
+#enable_outbound_auth_header = false
+#auth_header = "Authorization"
+#revoke_endpoint = "https://localhost:${https.nio.port}/revoke"
+#enable_token_encryption = false
+#enable_token_hashing = false
+
+#[apim.devportal]
+#url = "https://localhost:${mgt.transport.https.port}/devportal"
+#enable_application_sharing = false
+#if application_sharing_type, application_sharing_impl both defined priority goes to application_sharing_impl
+#application_sharing_type = "default" #changed type, saml, default #todo: check the new config for rest api
+#application_sharing_impl = "org.wso2.carbon.apimgt.impl.SAMLGroupIDExtractorImpl"
+#display_multiple_versions = false
+#display_deprecated_apis = false
+#enable_comments = true
+#enable_ratings = true
+#enable_forum = true
+#enable_anonymous_mode=true
+#enable_cross_tenant_subscriptions = true
+#default_reserved_username = "apim_reserved_user"
+
+[apim.cors]
+allow_origins = "*"
+allow_methods = ["GET","PUT","POST","DELETE","PATCH","OPTIONS"]
+allow_headers = ["authorization","Access-Control-Allow-Origin","Content-Type","SOAPAction","apikey","Internal-Key"]
+allow_credentials = false
+
+#[apim.throttling]
+#enable_data_publishing = true
+#enable_policy_deploy = true
+#enable_blacklist_condition = true
+#enable_persistence = true
+#throttle_decision_endpoints = ["tcp://localhost:5672","tcp://localhost:5672"]
+
+#[apim.throttling.blacklist_condition]
+#start_delay = "5m"
+#period = "1h"
+
+#[apim.throttling.jms]
+#start_delay = "5m"
+
+#[apim.throttling.event_sync]
+#hostName = "0.0.0.0"
+#port = 11224
+
+#[apim.throttling.event_management]
+#hostName = "0.0.0.0"
+#port = 10005
+
+#[[apim.throttling.url_group]]
+#traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
+#traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
+#type = "loadbalance"
+
+#[[apim.throttling.url_group]]
+#traffic_manager_urls = ["tcp://localhost:9611","tcp://localhost:9611"]
+#traffic_manager_auth_urls = ["ssl://localhost:9711","ssl://localhost:9711"]
+#type = "failover"
+
+#[apim.workflow]
+#enable = false
+#service_url = "https://localhost:9445/bpmn"
+#username = "$ref{super_admin.username}"
+#password = "$ref{super_admin.password}"
+#callback_endpoint = "https://localhost:${mgt.transport.https.port}/api/am/admin/v0.17/workflows/update-workflow-status"
+#token_endpoint = "https://localhost:${https.nio.port}/token"
+#client_registration_endpoint = "https://localhost:${mgt.transport.https.port}/client-registration/v0.17/register"
+#client_registration_username = "$ref{super_admin.username}"
+#client_registration_password = "$ref{super_admin.password}"
+
+#data bridge config
+#[transport.receiver]
+#type = "binary"
+#worker_threads = 10
+#session_timeout = "30m"
+#keystore.file_name = "$ref{keystore.tls.file_name}"
+#keystore.password = "$ref{keystore.tls.password}"
+#tcp_port = 9611
+#ssl_port = 9711
+#ssl_receiver_thread_pool_size = 100
+#tcp_receiver_thread_pool_size = 100
+#ssl_enabled_protocols = ["TLSv1","TLSv1.1","TLSv1.2"]
+#ciphers = ["SSL_RSA_WITH_RC4_128_MD5","SSL_RSA_WITH_RC4_128_SHA"]
+
+#[apim.notification]
+#from_address = "APIM.com"
+#username = "APIM"
+#password = "APIM+123"
+#hostname = "localhost"
+#port = 3025
+#enable_start_tls = false
+#enable_authentication = true
+
+#[apim.token.revocation]
+#notifier_impl = "org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl"
+#enable_realtime_notifier = true
+#realtime_notifier.ttl = 5000
+#enable_persistent_notifier = true
+#persistent_notifier.hostname = "https://localhost:2379/v2/keys/jti/"
+#persistent_notifier.ttl = 5000
+#persistent_notifier.username = "root"
+#persistent_notifier.password = "root"
+
+[[event_handler]]
+name="userPostSelfRegistration"
+subscriptions=["POST_ADD_USER"]
+
+[service_provider]
+sp_name_regex = "^[\\sa-zA-Z0-9._-]*$"
+
+[database.local]
+url = "jdbc:h2:./repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE"
+
+[[event_listener]]
+id = "token_revocation"
+type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
+name = "org.wso2.is.notification.ApimOauthEventInterceptor"
+order = 1
+[event_listener.properties]
+notification_endpoint = "https://localhost:${mgt.transport.https.port}/internal/data/v1/notify"
+username = "${admin.username}"
+password = "${admin.password}"
+'header.X-WSO2-KEY-MANAGER' = "default"
+
+[oauth.grant_type.token_exchange]
+enable = true
+allow_refresh_tokens = true
+iat_validity_period = "1h"
\ No newline at end of file
diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml b/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml
index 03901f9726..94e3be90d3 100644
--- a/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml
+++ b/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml
@@ -28,6 +28,7 @@
+