From b9246ed7c2c6a6cd84d3de92d7078115ac100bb2 Mon Sep 17 00:00:00 2001
From: Thamindu Aluthwala <thamindu.randil@gmail.com>
Date: Sun, 15 Oct 2023 11:30:10 +0530
Subject: [PATCH] Register and authorize system apis

---
 .../pom.xml                                   |  35 +-
 .../APIResourceManagementConstants.java       |  19 +
 .../impl/APIResourceManagementDAOImpl.java    |  15 +-
 ...APIResourceManagementServiceComponent.java |  65 +++
 ...ourceManagementServiceComponentHolder.java |  59 +++
 .../APIResourceManagementListener.java        |  63 +++
 .../APIResourceManagementConfigBuilder.java   | 163 ++++++
 .../mgt/util/APIResourceManagementUtil.java   |  31 ++
 .../pom.xml                                   |   5 +-
 .../application/mgt/ApplicationConstants.java |   2 +
 ...ApplicationManagementServiceComponent.java |   6 +
 ...onsoleAuthorizedAPIManagementListener.java | 139 ++++++
 .../pom.xml                                   |  47 ++
 .../resources/build.properties                |  20 +
 .../resources/p2.inf                          |   3 +
 .../resources/system-api-resource.xml         |  22 +
 .../resources/system-api-resource.xml.j2      | 464 ++++++++++++++++++
 .../resources/identity.xml.j2                 |  12 +
 ....identity.core.server.feature.default.json |   6 +
 19 files changed, 1152 insertions(+), 24 deletions(-)
 create mode 100644 components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/internal/APIResourceManagementServiceComponentHolder.java
 create mode 100644 components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/listener/APIResourceManagementListener.java
 create mode 100644 components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/util/APIResourceManagementConfigBuilder.java
 create mode 100644 components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/listener/ConsoleAuthorizedAPIManagementListener.java
 create mode 100644 features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/build.properties
 create mode 100644 features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/p2.inf
 create mode 100644 features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml
 create mode 100644 features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml.j2

diff --git a/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/pom.xml b/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/pom.xml
index 21e524616831..46782c5f01cf 100644
--- a/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/pom.xml
+++ b/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/pom.xml
@@ -39,6 +39,10 @@
             <groupId>org.apache.felix</groupId>
             <artifactId>org.apache.felix.scr.ds-annotations</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.framework</groupId>
+            <artifactId>org.wso2.carbon.identity.core</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.wso2.carbon.identity.organization.management.core</groupId>
             <artifactId>org.wso2.carbon.identity.organization.management.service</artifactId>
@@ -107,35 +111,32 @@
                             org.wso2.carbon.identity.api.resource.mgt.*; version="${carbon.identity.package.export.version}"
                         </Export-Package>
                         <Import-Package>
-                            org.osgi.framework;version="${osgi.framework.imp.pkg.version.range}",
-                            org.osgi.service.component; version="${osgi.service.component.imp.pkg.version.range}",
-                            javax.sql,
+                            javax.xml.namespace,
+                            javax.xml.stream,
+                            org.apache.axiom.om; version="${axiom.osgi.version.range}",
+                            org.apache.axiom.om.impl.builder; version="${axiom.osgi.version.range}",
                             org.apache.commons.collections; version="${commons-collections.wso2.osgi.version.range}",
+                            org.apache.commons.io; version="${commons.io.wso2.osgi.version.range}",
                             org.apache.commons.lang; version="${commons-lang.wso2.osgi.version.range}",
                             org.apache.commons.logging; version="${import.package.version.commons.logging}",
-                            org.wso2.carbon.context; version="${carbon.kernel.package.import.version.range}",
-                            org.wso2.carbon.database.utils.jdbc;
-                            version="${org.wso2.carbon.database.utils.version.range}",
-                            org.wso2.carbon.database.utils.jdbc.exceptions;
-                            version="${org.wso2.carbon.database.utils.version.range}",
+                            org.osgi.framework; version="${osgi.framework.imp.pkg.version.range}",
+                            org.osgi.service.component; version="${osgi.service.component.imp.pkg.version.range}",
                             org.wso2.carbon.identity.application.common.model;
                             version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon.identity.base; version="${carbon.identity.package.import.version.range}",
-                            org.wso2.carbon.identity.core.cache;
-                            version="${carbon.identity.package.import.version.range}",
-                            org.wso2.carbon.identity.core.model;
-                            version="${carbon.identity.package.import.version.range}",
-                            org.wso2.carbon.identity.core.util;
-                            version="${carbon.identity.package.import.version.range}",
-                            org.wso2.carbon.user.api; version="${carbon.user.api.imp.pkg.version.range}",
-                            org.wso2.carbon.user.core.util; version="${carbon.kernel.package.import.version.range}",
-                            org.wso2.carbon.utils; version="${carbon.kernel.package.import.version.range}",
+                            org.wso2.carbon.identity.core; version="${carbon.identity.package.import.version.range}",
+                            org.wso2.carbon.identity.core.cache; version="${carbon.identity.package.import.version.range}",
+                            org.wso2.carbon.identity.core.model; version="${carbon.identity.package.import.version.range}",
+                            org.wso2.carbon.identity.core.util; version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon.identity.organization.management.service;
                             version="${org.wso2.carbon.identity.organization.management.core.version.range}",
                             org.wso2.carbon.identity.organization.management.service.exception;
                             version="${org.wso2.carbon.identity.organization.management.core.version.range}",
                             org.wso2.carbon.identity.organization.management.service.util;
                             version="${org.wso2.carbon.identity.organization.management.core.version.range}",
+                            org.wso2.carbon.stratos.common.*; version="${carbon.commons.imp.pkg.version}",
+                            org.wso2.carbon.user.core.service; version="${carbon.kernel.package.import.version.range}",
+                            org.wso2.carbon.utils; version="${carbon.kernel.package.import.version.range}",
                         </Import-Package>
                     </instructions>
                 </configuration>
diff --git a/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/constant/APIResourceManagementConstants.java b/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/constant/APIResourceManagementConstants.java
index 54d6c50b4cf7..5edbb0166fd5 100644
--- a/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/constant/APIResourceManagementConstants.java
+++ b/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/constant/APIResourceManagementConstants.java
@@ -30,6 +30,9 @@ public class APIResourceManagementConstants {
     public static final String NAME = "name";
     public static final String IDENTIFIER = "identifier";
     public static final String TYPE = "type";
+    public static final String RBAC_AUTHORIZATION = "RBAC";
+    public static final String ASC = "asc";
+    public static final String SYSTEM_API_FILTER = "type eq SYSTEM";
     public static final String BEFORE = "before";
     public static final String AFTER = "after";
     public static final String EQ = "eq";
@@ -58,6 +61,22 @@ public class APIResourceManagementConstants {
         scopeAttributeColumnMap.put(NAME, SQLConstants.NAME_COLUMN_NAME);
     }
 
+    /**
+     * API resource configuration builder constants.
+     */
+    public static class APIResourceConfigBuilderConstants {
+
+        public static final String API_RESOURCE_ELEMENT = "APIResource";
+        public static final String SCOPES_ELEMENT = "Scopes";
+        public static final String SCOPE_ELEMENT = "Scope";
+        public static final String NAME = "name";
+        public static final String IDENTIFIER = "identifier";
+        public static final String DISPLAY_NAME = "displayName";
+        public static final String DESCRIPTION = "description";
+        public static final String REQUIRES_AUTHORIZATION = "requiresAuthorization";
+        public static final String SYSTEM_TYPE = "SYSTEM";
+    }
+
     /**
      * Error messages.
      */
diff --git a/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/dao/impl/APIResourceManagementDAOImpl.java b/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/dao/impl/APIResourceManagementDAOImpl.java
index 4a072355566f..b4a6d67ff645 100644
--- a/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/dao/impl/APIResourceManagementDAOImpl.java
+++ b/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/dao/impl/APIResourceManagementDAOImpl.java
@@ -565,12 +565,15 @@ private static APIResource getApiResource(ResultSet resultSet) throws SQLExcepti
                         .tenantId(resultSet.getInt(SQLConstants.API_RESOURCE_TENANT_ID_COLUMN_NAME));
                 apiResource = apiResourceBuilder.build();
             }
-            Scope.ScopeBuilder scopeBuilder = new Scope.ScopeBuilder()
-                    .id(resultSet.getString(SQLConstants.SCOPE_ID_COLUMN_NAME))
-                    .name(resultSet.getString(SQLConstants.SCOPE_QUALIFIED_NAME_COLUMN_NAME))
-                    .displayName(resultSet.getString(SQLConstants.SCOPE_DISPLAY_NAME_COLUMN_NAME))
-                    .description(resultSet.getString(SQLConstants.SCOPE_DESCRIPTION_COLUMN_NAME));
-            scopes.add(scopeBuilder.build());
+            String scopeName = resultSet.getString(SQLConstants.SCOPE_QUALIFIED_NAME_COLUMN_NAME);
+            if (scopeName != null) {
+                Scope.ScopeBuilder scopeBuilder = new Scope.ScopeBuilder()
+                        .id(resultSet.getString(SQLConstants.SCOPE_ID_COLUMN_NAME))
+                        .name(scopeName)
+                        .displayName(resultSet.getString(SQLConstants.SCOPE_DISPLAY_NAME_COLUMN_NAME))
+                        .description(resultSet.getString(SQLConstants.SCOPE_DESCRIPTION_COLUMN_NAME));
+                scopes.add(scopeBuilder.build());
+            }
         }
         if (apiResource != null) {
             apiResource.setScopes(scopes);
diff --git a/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/internal/APIResourceManagementServiceComponent.java b/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/internal/APIResourceManagementServiceComponent.java
index 39128850b270..872c3876acff 100644
--- a/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/internal/APIResourceManagementServiceComponent.java
+++ b/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/internal/APIResourceManagementServiceComponent.java
@@ -25,8 +25,20 @@
 import org.osgi.service.component.annotations.Activate;
 import org.osgi.service.component.annotations.Component;
 import org.osgi.service.component.annotations.Deactivate;
+import org.osgi.service.component.annotations.Reference;
+import org.osgi.service.component.annotations.ReferenceCardinality;
+import org.osgi.service.component.annotations.ReferencePolicy;
 import org.wso2.carbon.identity.api.resource.mgt.APIResourceManager;
 import org.wso2.carbon.identity.api.resource.mgt.APIResourceManagerImpl;
+import org.wso2.carbon.identity.api.resource.mgt.APIResourceMgtException;
+import org.wso2.carbon.identity.api.resource.mgt.constant.APIResourceManagementConstants;
+import org.wso2.carbon.identity.api.resource.mgt.listener.APIResourceManagementListener;
+import org.wso2.carbon.identity.api.resource.mgt.model.APIResourceSearchResult;
+import org.wso2.carbon.identity.api.resource.mgt.util.APIResourceManagementUtil;
+import org.wso2.carbon.identity.core.util.IdentityCoreInitializedEvent;
+import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
+import org.wso2.carbon.stratos.common.listeners.TenantMgtListener;
+import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
 
 /**
  * Service component for the API resource management.
@@ -45,6 +57,10 @@ protected void activate(ComponentContext context) {
         try {
             BundleContext bundleCtx = context.getBundleContext();
             bundleCtx.registerService(APIResourceManager.class, APIResourceManagerImpl.getInstance(), null);
+            bundleCtx.registerService(TenantMgtListener.class, new APIResourceManagementListener(),
+                    null);
+            // Register system APIs in the super tenant.
+            registerSystemAPIsInSuperTenant();
             LOG.debug("API resource management bundle is activated");
         } catch (Throwable e) {
             LOG.error("Error while initializing API resource management component.", e);
@@ -62,4 +78,53 @@ protected void deactivate(ComponentContext context) {
             LOG.error("Error while deactivating API resource management component.", e);
         }
     }
+
+    @Reference(
+            name = "identityCoreInitializedEventService",
+            service = IdentityCoreInitializedEvent.class,
+            cardinality = ReferenceCardinality.MANDATORY,
+            policy = ReferencePolicy.DYNAMIC,
+            unbind = "unsetIdentityCoreInitializedEventService"
+    )
+    protected void setIdentityCoreInitializedEventService(IdentityCoreInitializedEvent identityCoreInitializedEvent) {
+        /* reference IdentityCoreInitializedEvent service to guarantee that this component will wait until identity core
+         is started */
+    }
+
+    protected void unsetIdentityCoreInitializedEventService(IdentityCoreInitializedEvent identityCoreInitializedEvent) {
+        /* reference IdentityCoreInitializedEvent service to guarantee that this component will wait until identity core
+         is started */
+    }
+
+    @Reference(
+            name = "organization.service",
+            service = OrganizationManager.class,
+            cardinality = ReferenceCardinality.MANDATORY,
+            policy = ReferencePolicy.DYNAMIC,
+            unbind = "unsetOrganizationManager"
+    )
+    protected void setOrganizationManager(OrganizationManager organizationManager) {
+        /* reference Organization Management service to guarantee that this component will wait until organization
+        management service is started */
+    }
+
+    protected void unsetOrganizationManager(OrganizationManager organizationManager) {
+        /* reference Organization Management service to guarantee that this component will wait until organization
+        management service is started */
+    }
+
+    private void registerSystemAPIsInSuperTenant() {
+
+        String tenantDomain = MultitenantConstants.SUPER_TENANT_DOMAIN_NAME;
+        try {
+            APIResourceSearchResult systemAPIResources = APIResourceManagerImpl.getInstance()
+                    .getAPIResources(null, null, 1, APIResourceManagementConstants.SYSTEM_API_FILTER,
+                            APIResourceManagementConstants.ASC, tenantDomain);
+            if (systemAPIResources.getTotalCount() == 0) {
+                APIResourceManagementUtil.addSystemAPIs(tenantDomain);
+            }
+        } catch (APIResourceMgtException e) {
+            LOG.error("Error while registering system API resources in the tenant: " + tenantDomain);
+        }
+    }
 }
diff --git a/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/internal/APIResourceManagementServiceComponentHolder.java b/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/internal/APIResourceManagementServiceComponentHolder.java
new file mode 100644
index 000000000000..3e1467ec0186
--- /dev/null
+++ b/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/internal/APIResourceManagementServiceComponentHolder.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.resource.mgt.internal;
+
+import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
+import org.wso2.carbon.user.core.service.RealmService;
+
+/**
+ * API Resource Management Service Component Holder class.
+ */
+public class APIResourceManagementServiceComponentHolder {
+
+    private static APIResourceManagementServiceComponentHolder instance = new
+            APIResourceManagementServiceComponentHolder();
+
+    private OrganizationManager organizationManager;
+    private RealmService realmService;
+
+    public static APIResourceManagementServiceComponentHolder getInstance() {
+
+        return instance;
+    }
+
+    public OrganizationManager getOrganizationManager() {
+
+        return organizationManager;
+    }
+
+    public void setOrganizationManager(OrganizationManager organizationManager) {
+
+        this.organizationManager = organizationManager;
+    }
+
+    public RealmService getRealmService() {
+
+        return realmService;
+    }
+
+    public void setRealmService(RealmService realmService) {
+
+        this.realmService = realmService;
+    }
+}
diff --git a/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/listener/APIResourceManagementListener.java b/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/listener/APIResourceManagementListener.java
new file mode 100644
index 000000000000..57ae83bb5169
--- /dev/null
+++ b/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/listener/APIResourceManagementListener.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.resource.mgt.listener;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.identity.api.resource.mgt.APIResourceManager;
+import org.wso2.carbon.identity.api.resource.mgt.APIResourceManagerImpl;
+import org.wso2.carbon.identity.api.resource.mgt.util.APIResourceManagementUtil;
+import org.wso2.carbon.identity.core.AbstractIdentityTenantMgtListener;
+import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
+import org.wso2.carbon.identity.organization.management.service.util.OrganizationManagementUtil;
+import org.wso2.carbon.stratos.common.beans.TenantInfoBean;
+
+/**
+ * APIResourceManagementListener class.
+ */
+public class APIResourceManagementListener extends AbstractIdentityTenantMgtListener {
+
+    private final APIResourceManager apiResourceManager = APIResourceManagerImpl.getInstance();
+
+    private static final Log LOG = LogFactory.getLog(APIResourceManagementListener.class);
+
+    @Override
+    public void onTenantCreate(TenantInfoBean tenantInfo) {
+
+        if (!isEnable()) {
+            LOG.debug("API resource management related APIResourceManagementListener is not enabled.");
+            return;
+        }
+
+        int tenantId = tenantInfo.getTenantId();
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("API resource management related APIResourceManagementListener fired for tenant " +
+                    "creation for Tenant ID: " + tenantId);
+        }
+
+        try {
+            if (OrganizationManagementUtil.isOrganization(tenantId)) {
+                return;
+            }
+            APIResourceManagementUtil.addSystemAPIs(tenantInfo.getTenantDomain());
+        } catch (OrganizationManagementException e) {
+            LOG.error("Error while registering system API resources in tenant: " + tenantInfo.getTenantDomain());
+        }
+    }
+}
diff --git a/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/util/APIResourceManagementConfigBuilder.java b/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/util/APIResourceManagementConfigBuilder.java
new file mode 100644
index 000000000000..5a6ae37853c3
--- /dev/null
+++ b/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/util/APIResourceManagementConfigBuilder.java
@@ -0,0 +1,163 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.resource.mgt.util;
+
+import edu.umd.cs.findbugs.annotations.SuppressWarnings;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.commons.io.FilenameUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.identity.api.resource.mgt.constant.APIResourceManagementConstants.APIResourceConfigBuilderConstants;
+import org.wso2.carbon.identity.application.common.model.APIResource;
+import org.wso2.carbon.identity.application.common.model.Scope;
+import org.wso2.carbon.utils.CarbonUtils;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
+
+/**
+ * Config builder class for organization management related configs in organization-mgt.xml file.
+ */
+public class APIResourceManagementConfigBuilder {
+
+    private static final Log LOG = LogFactory.getLog(APIResourceManagementConfigBuilder.class);
+    private static final Map<String, APIResource> apiResourceMgtConfigurations = new HashMap<>();
+    private static final APIResourceManagementConfigBuilder apiResourceManagementConfigBuilder =
+            new APIResourceManagementConfigBuilder();
+
+    private OMElement documentElement;
+
+    public static APIResourceManagementConfigBuilder getInstance() {
+
+        return apiResourceManagementConfigBuilder;
+    }
+
+    private APIResourceManagementConfigBuilder() {
+
+        loadConfigurations();
+    }
+
+    /**
+     * Get organization management related configs.
+     *
+     * @return Map of org mgt configs.
+     */
+    public Map<String, APIResource> getAPIResourceMgtConfigurations() {
+
+        return apiResourceMgtConfigurations;
+    }
+
+    /**
+     * Read the system-api-resource.xml file and build the configuration map.
+     */
+    @SuppressWarnings(value = "PATH_TRAVERSAL_IN", justification = "Don't use any user input file.")
+    private void loadConfigurations() {
+
+        String configDirPath = CarbonUtils.getCarbonConfigDirPath();
+        File configFile = new File(configDirPath, FilenameUtils.getName("system-api-resource.xml"));
+        if (!configFile.exists()) {
+            return;
+        }
+        try (InputStream stream = Files.newInputStream(configFile.toPath())) {
+            XMLInputFactory factory = XMLInputFactory.newFactory();
+            // Prevents using external resources when parsing xml.
+            factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
+            // Prevents using external document type definition when parsing xml.
+            factory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
+            XMLStreamReader parser = factory.createXMLStreamReader(stream);
+            StAXOMBuilder builder = new StAXOMBuilder(parser);
+            documentElement = builder.getDocumentElement();
+            buildAPIResourceConfig();
+        } catch (IOException e) {
+            LOG.warn("Error while loading system API resource management configs.", e);
+        } catch (XMLStreamException e) {
+            LOG.warn("Error while streaming organization management configs.", e);
+        }
+    }
+
+    private void buildAPIResourceConfig() {
+
+        Iterator<OMElement> apiResources = this.documentElement.getChildrenWithName(
+                new QName(APIResourceConfigBuilderConstants.API_RESOURCE_ELEMENT));
+        if (apiResources == null) {
+            return;
+        }
+
+        while (apiResources.hasNext()) {
+            OMElement apiResource = apiResources.next();
+            APIResource apiResourceObj = buildAPIResource(apiResource);
+
+            if (apiResourceObj == null) {
+                continue;
+            }
+
+            OMElement scopeElement = apiResource.getFirstChildWithName(
+                    new QName(APIResourceConfigBuilderConstants.SCOPES_ELEMENT));
+            if (scopeElement != null) {
+                Iterator<OMElement> scopes = scopeElement.getChildrenWithName(
+                        new QName(APIResourceConfigBuilderConstants.SCOPE_ELEMENT));
+                if (scopes != null) {
+                    List<Scope> scopeList = new ArrayList<>();
+                    while (scopes.hasNext()) {
+                        OMElement scope = scopes.next();
+                        Scope scopeObj = new Scope.ScopeBuilder()
+                                .name(apiResourceObj.getIdentifier() +
+                                        scope.getAttributeValue(new QName(APIResourceConfigBuilderConstants.NAME)))
+                                .displayName(scope.getAttributeValue(
+                                        new QName(APIResourceConfigBuilderConstants.DISPLAY_NAME)))
+                                .build();
+                        scopeList.add(scopeObj);
+                    }
+                    apiResourceObj.setScopes(scopeList);
+                }
+            }
+            apiResourceMgtConfigurations.put(apiResourceObj.getIdentifier(), apiResourceObj);
+        }
+    }
+
+    private APIResource buildAPIResource(OMElement element) {
+
+        String apiResourceIdentifier = element.getAttributeValue(
+                new QName(APIResourceConfigBuilderConstants.IDENTIFIER));
+        if (apiResourceMgtConfigurations.containsKey(apiResourceIdentifier)) {
+            return null;
+        }
+        return new APIResource.APIResourceBuilder()
+                .name(element.getAttributeValue(new QName(APIResourceConfigBuilderConstants.NAME)))
+                .description(element.getAttributeValue(new QName(APIResourceConfigBuilderConstants.DESCRIPTION)))
+                .identifier(apiResourceIdentifier)
+                .type(APIResourceConfigBuilderConstants.SYSTEM_TYPE)
+                .requiresAuthorization(Boolean.parseBoolean(
+                        element.getAttributeValue(new QName(APIResourceConfigBuilderConstants.REQUIRES_AUTHORIZATION))))
+                .build();
+    }
+}
diff --git a/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/util/APIResourceManagementUtil.java b/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/util/APIResourceManagementUtil.java
index fb152d1be14a..c36d26f1f3e5 100644
--- a/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/util/APIResourceManagementUtil.java
+++ b/components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/main/java/org/wso2/carbon/identity/api/resource/mgt/util/APIResourceManagementUtil.java
@@ -19,15 +19,24 @@
 package org.wso2.carbon.identity.api.resource.mgt.util;
 
 import org.apache.commons.lang.ArrayUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.identity.api.resource.mgt.APIResourceManagerImpl;
 import org.wso2.carbon.identity.api.resource.mgt.APIResourceMgtClientException;
+import org.wso2.carbon.identity.api.resource.mgt.APIResourceMgtException;
 import org.wso2.carbon.identity.api.resource.mgt.APIResourceMgtServerException;
 import org.wso2.carbon.identity.api.resource.mgt.constant.APIResourceManagementConstants;
+import org.wso2.carbon.identity.application.common.model.APIResource;
+
+import java.util.Map;
 
 /**
  * Utility class for API Resource Management.
  */
 public class APIResourceManagementUtil {
 
+    private static final Log LOG = LogFactory.getLog(APIResourceManagementUtil.class);
+
     /**
      * Handle API Resource Management client exceptions.
      *
@@ -64,4 +73,26 @@ public static APIResourceMgtServerException handleServerException(
 
         return new APIResourceMgtServerException(error.getMessage(), description, error.getCode(), e);
     }
+
+    /**
+     * Fetch the configuration from the XML file and register the system API in the given tenant.
+     *
+     * @param tenantDomain tenant domain.
+     */
+    public static void addSystemAPIs(String tenantDomain) {
+
+        LOG.debug("Registering System APIs in tenant domain: " + tenantDomain);
+        Map<String, APIResource> configs = APIResourceManagementConfigBuilder.getInstance()
+                .getAPIResourceMgtConfigurations();
+        for (APIResource apiResource : configs.values()) {
+            if (apiResource != null) {
+                try {
+                    APIResourceManagerImpl.getInstance().addAPIResource(apiResource, tenantDomain);
+                } catch (APIResourceMgtException e) {
+                    LOG.error("Error while registering system API resources in the tenant: " + tenantDomain);
+                }
+            }
+        }
+        LOG.debug("System APIs successfully registered in tenant domain: " + tenantDomain);
+    }
 }
diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/pom.xml b/components/application-mgt/org.wso2.carbon.identity.application.mgt/pom.xml
index bd6227e7cc0b..94ab94b43d1c 100644
--- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/pom.xml
+++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/pom.xml
@@ -246,7 +246,10 @@
                             org.wso2.carbon.identity.central.log.mgt.*; version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon.identity.organization.management.service; version="${org.wso2.carbon.identity.organization.management.core.version.range}",
                             org.wso2.carbon.identity.organization.management.service.exception; version="${org.wso2.carbon.identity.organization.management.core.version.range}",
-                            org.wso2.carbon.identity.api.resource.mgt; version="${carbon.identity.package.import.version.range}"
+                            org.wso2.carbon.identity.organization.management.service.util;
+                            version="${org.wso2.carbon.identity.organization.management.core.version.range}",
+                            org.wso2.carbon.identity.api.resource.mgt; version="${carbon.identity.package.import.version.range}",
+                            org.wso2.carbon.identity.api.resource.mgt.model; version="${carbon.identity.package.import.version.range}",
                         </Import-Package>
                         <Export-Package>
                             !org.wso2.carbon.identity.application.mgt.internal,
diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationConstants.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationConstants.java
index c3312037fb22..5a72fc6fea33 100644
--- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationConstants.java
+++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationConstants.java
@@ -99,6 +99,8 @@ private ApplicationConstants() {
     // Application Management Service Configurations.
     public static final String ENABLE_APPLICATION_ROLE_VALIDATION_PROPERTY = "ApplicationMgt.EnableRoleValidation";
 
+    public static final String CONSOLE_APPLICATION_NAME = "Console";
+
     /**
      * Group the constants related to logs.
      */
diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponent.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponent.java
index 0fdcbc847df1..cb39f7fdf3b2 100644
--- a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponent.java
+++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/internal/ApplicationManagementServiceComponent.java
@@ -54,6 +54,7 @@
 import org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtAuditLogger;
 import org.wso2.carbon.identity.application.mgt.listener.ApplicationMgtListener;
 import org.wso2.carbon.identity.application.mgt.listener.ApplicationResourceManagementListener;
+import org.wso2.carbon.identity.application.mgt.listener.ConsoleAuthorizedAPIManagementListener;
 import org.wso2.carbon.identity.application.mgt.listener.DefaultApplicationResourceMgtListener;
 import org.wso2.carbon.identity.application.mgt.provider.ApplicationPermissionProvider;
 import org.wso2.carbon.identity.application.mgt.provider.RegistryBasedApplicationPermissionProvider;
@@ -138,6 +139,11 @@ protected void activate(ComponentContext context) {
                 ApplicationManagementServiceComponentHolder.getInstance()
                         .setApplicationPermissionProvider(new RegistryBasedApplicationPermissionProvider());
             }
+
+            // Register the Console Authorized API Management Listener.
+            bundleContext.registerService(ApplicationMgtListener.class,
+                    new ConsoleAuthorizedAPIManagementListener(), null);
+
             if (log.isDebugEnabled()) {
                 log.debug("Identity ApplicationManagementComponent bundle is activated");
             }
diff --git a/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/listener/ConsoleAuthorizedAPIManagementListener.java b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/listener/ConsoleAuthorizedAPIManagementListener.java
new file mode 100644
index 000000000000..26205443ddb9
--- /dev/null
+++ b/components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/listener/ConsoleAuthorizedAPIManagementListener.java
@@ -0,0 +1,139 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.application.mgt.listener;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.base.MultitenantConstants;
+import org.wso2.carbon.identity.api.resource.mgt.constant.APIResourceManagementConstants;
+import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
+import org.wso2.carbon.identity.application.common.model.APIResource;
+import org.wso2.carbon.identity.application.common.model.ApplicationBasicInfo;
+import org.wso2.carbon.identity.application.common.model.AuthorizedAPI;
+import org.wso2.carbon.identity.application.common.model.Scope;
+import org.wso2.carbon.identity.application.common.model.ServiceProvider;
+import org.wso2.carbon.identity.application.mgt.ApplicationConstants;
+import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
+import org.wso2.carbon.identity.application.mgt.AuthorizedAPIManagementService;
+import org.wso2.carbon.identity.application.mgt.AuthorizedAPIManagementServiceImpl;
+import org.wso2.carbon.identity.application.mgt.internal.ApplicationManagementServiceComponentHolder;
+import org.wso2.carbon.identity.organization.management.service.exception.OrganizationManagementException;
+import org.wso2.carbon.identity.organization.management.service.util.OrganizationManagementUtil;
+
+import java.util.List;
+
+/**
+ * Authorized API Management listener class.
+ */
+public class ConsoleAuthorizedAPIManagementListener extends AbstractApplicationMgtListener {
+
+    private static final Log LOG = LogFactory.getLog(ConsoleAuthorizedAPIManagementListener.class);
+
+    @Override
+    public boolean doPostCreateApplication(ServiceProvider serviceProvider, String tenantDomain, String userName)
+            throws IdentityApplicationManagementException {
+
+        if (!isEnable()) {
+            LOG.debug("Authorized API Management related ConsoleAuthorizedAPIManagementListener is not enabled.");
+            return false;
+        }
+
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Authorized API Management related ConsoleAuthorizedAPIManagementListener fired for tenant " +
+                    "creation for Tenant: " + tenantDomain);
+        }
+
+        if (!ApplicationConstants.CONSOLE_APPLICATION_NAME.equals(serviceProvider.getApplicationName())) {
+            return false;
+        }
+
+        try {
+            if (OrganizationManagementUtil.isOrganization(tenantDomain)) {
+                return false;
+            }
+            authorizeSystemAPIConsole(tenantDomain);
+        } catch (OrganizationManagementException e) {
+            LOG.error("Error while registering system API resources in tenant: " + tenantDomain);
+        }
+        return true;
+    }
+
+    private void authorizeSystemAPIConsole(String tenantDomain) {
+
+        try {
+            ApplicationManagementService applicationManagementService = ApplicationManagementService.getInstance();
+            ApplicationBasicInfo applicationBasicInfo = applicationManagementService.getApplicationBasicInfoByName(
+                    ApplicationConstants.CONSOLE_APPLICATION_NAME, tenantDomain);
+            if (applicationBasicInfo == null) {
+                LOG.error("Error while authorizing system API console. Console application not found in tenant: "
+                        + tenantDomain);
+                return;
+            }
+            AuthorizedAPIManagementService authorizedAPIManagementService = new AuthorizedAPIManagementServiceImpl();
+            List<AuthorizedAPI> authorizedAPIs = authorizedAPIManagementService.getAuthorizedAPIs(
+                    applicationBasicInfo.getApplicationResourceId(), tenantDomain);
+            // Return if the system APIs are already authorized for the console application.
+            if (!authorizedAPIs.isEmpty()) {
+                LOG.debug("System APIs are already authorized for the console application in tenant: "
+                        + tenantDomain);
+                return;
+            }
+            // Fetch the system API resources count.
+            int systemAPICount = ApplicationManagementServiceComponentHolder.getInstance()
+                    .getAPIResourceManager().getAPIResources(null, null, 1,
+                            APIResourceManagementConstants.SYSTEM_API_FILTER, "ASC", tenantDomain).getTotalCount();
+            // Fetch all system APIs.
+            List<APIResource> apiResources = ApplicationManagementServiceComponentHolder.getInstance()
+                    .getAPIResourceManager().getAPIResources(null, null, systemAPICount,
+                            APIResourceManagementConstants.SYSTEM_API_FILTER, "ASC", tenantDomain).getAPIResources();
+            if (apiResources.isEmpty()) {
+                LOG.error("Error while authorizing system API console. System APIs not found in tenant: "
+                        + tenantDomain);
+                return;
+            }
+            for (APIResource apiResource : apiResources) {
+                List<Scope> scopes = ApplicationManagementServiceComponentHolder.getInstance()
+                        .getAPIResourceManager().getAPIScopesById(apiResource.getId(), tenantDomain);
+                AuthorizedAPI authorizedAPI = new AuthorizedAPI.AuthorizedAPIBuilder()
+                        .apiId(apiResource.getId())
+                        .appId(applicationBasicInfo.getApplicationResourceId())
+                        .scopes(scopes)
+                        .policyId(APIResourceManagementConstants.RBAC_AUTHORIZATION)
+                        .build();
+                authorizedAPIManagementService.addAuthorizedAPI(applicationBasicInfo.getApplicationResourceId(),
+                        authorizedAPI, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
+            }
+            LOG.debug("System APIs are authorized for the console application in " + tenantDomain);
+        } catch (Throwable e) {
+            LOG.error("Error while authorizing system API to the console application.", e);
+        }
+    }
+
+    @Override
+    public int getDefaultOrderId() {
+
+        return 211;
+    }
+
+    @Override
+    public boolean isEnable() {
+
+        return true;
+    }
+}
diff --git a/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/pom.xml b/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/pom.xml
index 142052b263f7..9ed7c0968f2d 100644
--- a/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/pom.xml
+++ b/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/pom.xml
@@ -41,6 +41,32 @@
 
     <build>
         <plugins>
+            <plugin>
+                <artifactId>maven-resources-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>prefilter-resources</id>
+                        <phase>generate-resources</phase>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>src/main/resources</outputDirectory>
+                            <resources>
+                                <resource>
+                                    <directory>resources</directory>
+                                    <includes>
+                                        <include>system-api-resource.xml</include>
+                                        <include>system-api-resource.xml.j2</include>
+                                        <include>p2.inf</include>
+                                        <include>build.properties</include>
+                                    </includes>
+                                </resource>
+                            </resources>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
             <plugin>
                 <groupId>org.wso2.maven</groupId>
                 <artifactId>carbon-p2-plugin</artifactId>
@@ -67,6 +93,27 @@
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-antrun-plugin</artifactId>
+                <version>1.1</version>
+                <executions>
+                    <execution>
+                        <id>clean_target</id>
+                        <phase>install</phase>
+                        <configuration>
+                            <tasks>
+                                <delete dir="src/main/resources" />
+                                <delete dir="src/main" />
+                                <delete dir="src" />
+                            </tasks>
+                        </configuration>
+                        <goals>
+                            <goal>run</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
     </build>
 
diff --git a/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/build.properties b/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/build.properties
new file mode 100644
index 000000000000..6197d402519c
--- /dev/null
+++ b/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/build.properties
@@ -0,0 +1,20 @@
+#
+# Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+#
+# WSO2 LLC. licenses this file to you under the Apache License,
+# Version 2.0 (the "License"); you may not use this file except
+# in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+custom = true
+root.api-resource-mgt=conf
diff --git a/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/p2.inf b/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/p2.inf
new file mode 100644
index 000000000000..0a51efa3d6be
--- /dev/null
+++ b/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/p2.inf
@@ -0,0 +1,3 @@
+instructions.configure = \
+org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.identity.api.resource.mgt.server_${feature.version}/system-api-resource.xml,target:${installFolder}/../../conf/system-api-resource.xml,overwrite:true);\
+org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.identity.api.resource.mgt.server_${feature.version}/system-api-resource.xml.j2,target:${installFolder}/../../resources/conf/templates/repository/conf/system-api-resource.xml.j2,overwrite:true);\
diff --git a/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml b/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml
new file mode 100644
index 000000000000..7eb33ddbb51a
--- /dev/null
+++ b/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+  ~ Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+  ~
+  ~ WSO2 LLC. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+
+<APIResources>
+
+</APIResources>
diff --git a/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml.j2 b/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml.j2
new file mode 100644
index 000000000000..4d6e8dd5ec19
--- /dev/null
+++ b/features/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt.server.feature/resources/system-api-resource.xml.j2
@@ -0,0 +1,464 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+  ~ Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+  ~
+  ~ WSO2 LLC. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+
+<APIResources>
+    {% for api_resource in api_resources %}
+    <APIResource name="{{ api_resource.name }}" identifier="{{ api_resource.identifier }}" requiresAuthorization="{{ api_resource.requiresAuthorization }}" description="{{ api_resource.description }}">
+        <Scopes>
+            {% for scope in api_resource.scopes %}
+            <Scope displayName="{{ scope.displayName }}" name="{{ scope.name }}"/>
+            {% endfor %}
+        </Scopes>
+    </APIResource>
+    {% endfor %}
+    <APIResource name="Admin Advisory Management API" identifier="/api/server/v1/admin-advisory-management/banner" requiresAuthorization="true" description="API representation of the Admin Advisory Management API">
+        <Scopes>
+            <Scope displayName="Modify Admin Advisory" name="internal_admin_advisory_mgt_update" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="API Resource Management API" identifier="/api/server/v1/api-resources" requiresAuthorization="true" description="API representation of the API Resource Management API">
+        <Scopes>
+            <Scope displayName="Create API Resource" name="internal_api_resource_create" />
+            <Scope displayName="View API Resource" name="internal_api_resource_view" />
+            <Scope displayName="Update API Resource" name="internal_api_resource_update" />
+            <Scope displayName="Delete API Resource" name="internal_api_resource_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Application Management API" identifier="/api/server/v1/applications" requiresAuthorization="true" description="API representation of the Application Management API">
+        <Scopes>
+            <Scope displayName="Create Application Management" name="internal_application_mgt_create" />
+            <Scope displayName="Update Application Management" name="internal_application_mgt_update" />
+            <Scope displayName="View Application Management" name="internal_application_mgt_view" />
+            <Scope displayName="Delete Application Management" name="internal_application_mgt_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Authenticators Management API" identifier="/api/server/v1/authenticators" requiresAuthorization="true" description="API representation of the Authenticators Management API">
+        <Scopes>
+            <Scope displayName="View Authenticators" name="internal_authenticator_view" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Branding Preference Management API" identifier="/api/server/v1/branding-preference" requiresAuthorization="true" description="API representation of the Branding Preference Management API">
+        <Scopes>
+            <Scope displayName="Update Branding Preference" name="internal_branding_preference_update" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Challenges Management API" identifier="/api/server/v1/challenges" requiresAuthorization="true" description="API representation of the Challenges Management API">
+        <Scopes>
+            <Scope displayName="View Challenges" name="internal_challenges_view" />
+            <Scope displayName="Create Challenges" name="internal_challenges_create" />
+            <Scope displayName="Update Challenges" name="internal_challenges_update" />
+            <Scope displayName="Delete Challenges" name="internal_challenges_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Claim Management API" identifier="/api/server/v1/claim-dialects" requiresAuthorization="true" description="API representation of the Claim Management API">
+        <Scopes>
+            <Scope displayName="Create Claim Meta" name="internal_claim_meta_create" />
+            <Scope displayName="View Claim Meta" name="internal_claim_meta_view" />
+            <Scope displayName="Update Claim Meta" name="internal_claim_meta_update" />
+            <Scope displayName="Delete Claim Meta" name="internal_claim_meta_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Config Management API" identifier="/api/server/v1/configs" requiresAuthorization="true" description="API representation of the Config Management API">
+        <Scopes>
+            <Scope displayName="View Config" name="internal_config_view" />
+            <Scope displayName="Create Config" name="internal_config_create" />
+            <Scope displayName="Update Config" name="internal_config_update" />
+            <Scope displayName="Delete Config" name="internal_config_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="CORS Management API" identifier="/api/server/v1/cors/origins" requiresAuthorization="true" description="API representation of the CORS Management API">
+        <Scopes>
+            <Scope displayName="View CORS Origins" name="internal_cors_origins_view" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Expired Password Identification Management API" identifier="/api/server/v1/expired-password-identification" requiresAuthorization="true" description="API representation of the Expired Password Identification Management API">
+        <Scopes>
+            <Scope displayName="View Expired Password" name="internal_expired_password_view" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Extension Management API" identifier="/api/server/v1/extensions" requiresAuthorization="true" description="API representation of the Extension Management API">
+        <Scopes>
+            <Scope displayName="View Extensions" name="internal_extensions_view" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Remote Fetch Management API" identifier="/api/server/v1/remote-fetch" requiresAuthorization="true" description="API representation of the Remote Fetch Management API">
+        <Scopes>
+            <Scope displayName="View Remote Fetch" name="internal_remote_fetch_view" />
+            <Scope displayName="Create Remote Fetch" name="internal_remote_fetch_create" />
+            <Scope displayName="Update Remote Fetch" name="internal_remote_fetch_update" />
+            <Scope displayName="Delete Remote Fetch" name="internal_remote_fetch_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Identity Governance Management API"
+        identifier="/api/server/v1/identity-governance" requiresAuthorization="true"
+        description="API representation of the Identity Governance Management API">
+        <Scopes>
+            <Scope displayName="View Identity Governance" name="internal_identity_governance_view" />
+            <Scope displayName="Update Identity Governance"
+                name="internal_identity_governance_update" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Idle Account Identification Management API"
+        identifier="/api/idle-account-identification/v1/inactive-users" requiresAuthorization="true"
+        description="API representation of the Idle Account Identification Management API">
+        <Scopes>
+            <Scope displayName="List Idle Accounts" name="internal_idle_account_list" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Identity Provider Management API"
+        identifier="/api/server/v1/identity-providers" requiresAuthorization="true"
+        description="API representation of the Identity Provider Management API">
+        <Scopes>
+            <Scope displayName="View Identity Providers" name="internal_idp_view" />
+            <Scope displayName="Create Identity Provider" name="internal_idp_create" />
+            <Scope displayName="Update Identity Provider" name="internal_idp_update" />
+            <Scope displayName="Delete Identity Provider" name="internal_idp_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Identity Verifier Management API" identifier="/api/server/v1/idv-providers"
+        requiresAuthorization="true"
+        description="API representation of the Identity Verifier Management API">
+        <Scopes>
+            <Scope displayName="View Identity Verifier Providers" name="internal_idvp_view" />
+            <Scope displayName="Add Identity Verifier Provider" name="internal_idvp_add" />
+            <Scope displayName="Update Identity Verifier Provider" name="internal_idvp_update" />
+            <Scope displayName="Delete Identity Verifier Provider" name="internal_idvp_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Validation Rules API" identifier="/api/server/v1/validation-rules"
+        requiresAuthorization="true" description="API representation of the Validation Rules API">
+        <Scopes>
+            <Scope displayName="Update Validation Rule Management"
+                name="internal_validation_rule_mgt_update" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Keystore Management API" identifier="/api/server/v1/keystores/certs"
+        requiresAuthorization="true" description="API representation of the Keystore Management API">
+        <Scopes>
+            <Scope displayName="View Keystore" name="internal_keystore_view" />
+            <Scope displayName="Update Keystore" name="internal_keystore_update" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Notification Sender Management API"
+        identifier="/api/server/v1/notification-senders/email" requiresAuthorization="true"
+        description="API representation of the Notification Sender Management API">
+        <Scopes>
+            <Scope displayName="View Notification Senders" name="internal_notification_senders_view" />
+            <Scope displayName="Create Notification Senders"
+                name="internal_notification_senders_create" />
+            <Scope displayName="Update Notification Senders"
+                name="internal_notification_senders_update" />
+            <Scope displayName="Delete Notification Senders"
+                name="internal_notification_senders_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="OIDC Scope Management API" identifier="/api/server/v1/oidc/scopes"
+        requiresAuthorization="true"
+        description="API representation of the OIDC Scope Management API">
+        <Scopes>
+            <Scope displayName="View OIDC Scopes" name="internal_oidc_scope_view" />
+            <Scope displayName="Create OIDC Scopes" name="internal_oidc_scope_create" />
+            <Scope displayName="Update OIDC Scopes" name="internal_oidc_scope_update" />
+            <Scope displayName="Delete OIDC Scopes" name="internal_oidc_scope_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Organization Management API" identifier="/api/server/v1/organizations"
+        requiresAuthorization="true"
+        description="API representation of the Organization Management API">
+        <Scopes>
+            <Scope displayName="View Organizations" name="internal_organization_view" />
+            <Scope displayName="Create Organizations" name="internal_organization_create" />
+            <Scope displayName="Update Organizations" name="internal_organization_update" />
+            <Scope displayName="Delete Organizations" name="internal_organization_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Organization Role Management API"
+        identifier="/api/server/v1/organizations/{organization-id}/roles"
+        requiresAuthorization="true"
+        description="API representation of the Organization Role Management API">
+        <Scopes>
+            <Scope displayName="View Organization Roles" name="internal_org_role_mgt_view" />
+            <Scope displayName="Create Organization Roles" name="internal_org_role_mgt_create" />
+            <Scope displayName="Update Organization Roles" name="internal_org_role_mgt_update" />
+            <Scope displayName="Delete Organization Roles" name="internal_org_role_mgt_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Organization Config Management API"
+        identifier="/api/server/v1/organization-configs/discovery" requiresAuthorization="true"
+        description="API representation of the Organization Config Management API">
+        <Scopes>
+            <Scope displayName="View Organization Configs" name="internal_org_config_mgt_view" />
+            <Scope displayName="Add Organization Configs" name="internal_org_config_mgt_add" />
+            <Scope displayName="Delete Organization Configs" name="internal_org_config_mgt_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Organization User Invitation Management API"
+        identifier="/api/server/v1/guests/invite" requiresAuthorization="true"
+        description="API representation of the Organization User Invitation Management API">
+        <Scopes>
+            <Scope displayName="List Guest Invitations" name="internal_guest_mgt_invite_list" />
+            <Scope displayName="Add Guest Invitations" name="internal_guest_mgt_invite_add" />
+            <Scope displayName="Delete Guest Invitations" name="internal_guest_mgt_invite_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Permission Management API"
+        identifier="/api/server/v1/permission-management/permissions" requiresAuthorization="true"
+        description="API representation of the Permission Management API">
+        <Scopes>
+            <Scope displayName="View Permissions" name="internal_permission_mgt_view" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Script Library Management API" identifier="/api/server/v1/script-libraries"
+        requiresAuthorization="true"
+        description="API representation of the Script Library Management API">
+        <Scopes>
+            <Scope displayName="Create Functional Library" name="internal_functional_lib_create" />
+            <Scope displayName="View Functional Library" name="internal_functional_lib_view" />
+            <Scope displayName="Update Functional Library" name="internal_functional_lib_update" />
+            <Scope displayName="Delete Functional Library" name="internal_functional_lib_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Secret Type Management API" identifier="/api/server/v1/secret-type"
+        requiresAuthorization="true"
+        description="API representation of the Secret Type Management API">
+        <Scopes>
+            <Scope displayName="Add Secret Type" name="internal_secret_type_mgt_add" />
+            <Scope displayName="Update Secret Type" name="internal_secret_type_mgt_update" />
+            <Scope displayName="View Secret Type" name="internal_secret_type_mgt_view" />
+            <Scope displayName="Delete Secret Type" name="internal_secret_type_mgt_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Secret Management API" identifier="/api/server/v1/secrets"
+        requiresAuthorization="true" description="API representation of the Secret Management API">
+        <Scopes>
+            <Scope displayName="Add Secret" name="internal_secret_mgt_add" />
+            <Scope displayName="Update Secret" name="internal_secret_mgt_update" />
+            <Scope displayName="View Secret" name="internal_secret_mgt_view" />
+            <Scope displayName="Delete Secret" name="internal_secret_mgt_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Userstore Management API" identifier="/api/server/v1/userstore"
+        requiresAuthorization="true"
+        description="API representation of the Userstore Management API">
+        <Scopes>
+            <Scope displayName="Create Userstore" name="internal_userstore_create" />
+            <Scope displayName="View Userstore" name="internal_userstore_view" />
+            <Scope displayName="Delete Userstore" name="internal_userstore_delete" />
+            <Scope displayName="Update Userstore" name="internal_userstore_update" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Workflow Management API" identifier="/api/server/v1/workflow-engines"
+        requiresAuthorization="true" description="API representation of the Workflow Management API">
+        <Scopes>
+            <Scope displayName="View Workflow" name="internal_workflow_view" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Approval Task Management API" identifier="/api/users/v1/me/approval-tasks"
+        requiresAuthorization="true"
+        description="API representation of the Approval Task Management API">
+        <Scopes>
+            <Scope displayName="View Approval Tasks" name="internal_approval_task_view" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Association Management API"
+        identifier="/api/users/v1/{user-id}/(.*)associations" requiresAuthorization="true"
+        description="API representation of the Association Management API">
+        <Scopes>
+            <Scope displayName="View User Associations" name="internal_user_association_view" />
+            <Scope displayName="Delete User Associations" name="internal_user_association_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Authorized Application Management API"
+        identifier="/api/users/v(.*)/{user-id}/authorized-apps" requiresAuthorization="true"
+        description="API representation of the Authorized Application Management V2 API">
+        <Scopes>
+            <Scope displayName="View Authorized Applications"
+                name="internal_user_authorizedapp_view" />
+            <Scope displayName="Delete Authorized Applications"
+                name="internal_user_authorizedapp_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Challenge Management API" identifier="/api/users/v1/{user-id}/challenge(.*)"
+        requiresAuthorization="true"
+        description="API representation of the Challenge Management API">
+        <Scopes>
+            <Scope displayName="View Challenge Answers" name="internal_challenge_view" />
+            <Scope displayName="Create Challenge Answers" name="internal_challenge_create" />
+            <Scope displayName="Update Challenge Answers" name="internal_challenge_update" />
+            <Scope displayName="Delete Challenge Answers" name="internal_challenge_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Functionality Management API"
+        identifier="/api/users/v1/{user-id}/user-functionality/{function-id}"
+        requiresAuthorization="true"
+        description="API representation of the Functionality Management API">
+        <Scopes>
+            <Scope displayName="View User Functionality" name="internal_user_fucntionality_view" />
+            <Scope displayName="Create User Functionality" name="internal_user_fucntionality_create" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="IDV Claim Management API" identifier="/api/users/v1/{user-id}/idv"
+        requiresAuthorization="true"
+        description="API representation of the IDV Claim Management API">
+        <Scopes>
+            <Scope displayName="Verify IDV Claim" name="internal_idv_claim_verify" />
+            <Scope displayName="View IDV Claim" name="internal_idv_claim_view" />
+            <Scope displayName="Update IDV Claim" name="internal_idv_claim_update" />
+            <Scope displayName="Add IDV Claim" name="internal_idv_claim_add" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Session Management API" identifier="/api/users/v1/(.*)sessions"
+        requiresAuthorization="true" description="API representation of the Session Management API">
+        <Scopes>
+            <Scope displayName="View Sessions" name="internal_session_view" />
+            <Scope displayName="Delete Sessions" name="internal_session_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Account Recovery V1 API" identifier="/api/users/v1/recovery"
+        requiresAuthorization="true" description="API representation of the Account Recovery V1 API">
+        <Scopes>
+            <Scope displayName="Create User Recovery" name="internal_user_recovery_create" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="SCIM2 Groups API" identifier="/scim2/Groups" requiresAuthorization="true"
+        description="API representation of the SCIM2 Groups API">
+        <Scopes>
+            <Scope displayName="View Group Management" name="internal_group_mgt_view" />
+            <Scope displayName="Create Group Management" name="internal_group_mgt_create" />
+            <Scope displayName="Update Group Management" name="internal_group_mgt_update" />
+            <Scope displayName="Delete Group Management" name="internal_group_mgt_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="SCIM2 Users API" identifier="/scim2/Users" requiresAuthorization="true"
+        description="API representation of the SCIM2 Users API">
+        <Scopes>
+            <Scope displayName="List User Management" name="internal_user_mgt_list" />
+            <Scope displayName="Create User Management" name="internal_user_mgt_create" />
+            <Scope displayName="Update User Management" name="internal_user_mgt_update" />
+            <Scope displayName="Delete User Management" name="internal_user_mgt_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="SCIM2 Roles API" identifier="/scim2/Roles" requiresAuthorization="true" description="API representation of the SCIM2 Roles API">
+        <Scopes>
+            <Scope displayName="View Role Management" name="internal_role_mgt_view" />
+            <Scope displayName="Create Role Management" name="internal_role_mgt_create" />
+            <Scope displayName="Update Role Management" name="internal_role_mgt_update" />
+            <Scope displayName="Delete Role Management" name="internal_role_mgt_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="SCIM2 Bulk API" identifier="/scim2/Bulk" requiresAuthorization="true" description="API representation of the SCIM2 Bulk API">
+        <Scopes>
+            <Scope displayName="Create Bulk User Management" name="internal_bulk_user_mgt_create" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Code Management API" identifier="/api/identity/user/v1.0/(.*)-code" requiresAuthorization="true" description="API representation of the Code Management API">
+        <Scopes>
+            <Scope displayName="View Code Management" name="internal_code_mgt_view" />
+            <Scope displayName="Create Code Management" name="internal_code_mgt_create" />
+            <Scope displayName="Update Code Management" name="internal_code_mgt_update" />
+            <Scope displayName="Delete Code Management" name="internal_code_mgt_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="User Personal Identification API" identifier="/api/identity/user/v1.0/pi-info" requiresAuthorization="true" description="API representation of the User Personal Identification API">
+        <Scopes>
+            <Scope displayName="View Personal Identification Information" name="internal_pi_info_view" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Configuration Management API" identifier="/api/identity/config-mgt/v1.0" requiresAuthorization="true" description="API representation of the Configuration Management API">
+        <Scopes>
+            <Scope displayName="List Configuration Management" name="internal_config_mgt_list" />
+            <Scope displayName="Add Configuration Management" name="internal_config_mgt_add" />
+            <Scope displayName="Update Configuration Management" name="internal_config_mgt_update" />
+            <Scope displayName="Delete Configuration Management" name="internal_config_mgt_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Consent Management API" identifier="/api/identity/consent-mgt/v1.0/consents" requiresAuthorization="true" description="API representation of the Consent Management API">
+        <Scopes>
+            <Scope displayName="Add Consent Management" name="internal_consent_mgt_add" />
+            <Scope displayName="Delete Consent Management" name="internal_consent_mgt_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Recovery API" identifier="/api/identity/recovery" requiresAuthorization="true" description="API representation of the Recovery API">
+        <Scopes>
+            <Scope displayName="View Recovery" name="internal_recovery_view" />
+            <Scope displayName="Create Recovery" name="internal_recovery_create" />
+            <Scope displayName="Update Recovery" name="internal_recovery_update" />
+            <Scope displayName="Delete Recovery" name="internal_recovery_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="OAuth DCR API" identifier="/api/identity/oauth2/dcr/v1.1/register" requiresAuthorization="true" description="API representation of the OAuth DCR (Dynamic Client Registration) API">
+        <Scopes>
+            <Scope displayName="View DCR" name="internal_dcr_view" />
+            <Scope displayName="Create DCR" name="internal_dcr_create" />
+            <Scope displayName="Update DCR" name="internal_dcr_update" />
+            <Scope displayName="Delete DCR" name="internal_dcr_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="OAuth2 Scope Management API" identifier="/api/identity/oauth2/v1.0/scopes" requiresAuthorization="true" description="API representation of the OAuth2 Scope Management API">
+        <Scopes>
+            <Scope displayName="View OAuth Scope" name="internal_oauth_scope_view" />
+            <Scope displayName="Create OAuth Scope" name="internal_oauth_scope_create" />
+            <Scope displayName="Update OAuth Scope" name="internal_oauth_scope_update" />
+            <Scope displayName="Delete OAuth Scope" name="internal_oauth_scope_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Email Template Management API" identifier="/api/server/v1/email/template-types" requiresAuthorization="true" description="API representation of the Email Template Management API">
+        <Scopes>
+            <Scope displayName="View Email Template Management" name="internal_email_mgt_view" />
+            <Scope displayName="Create Email Template Management" name="internal_email_mgt_create" />
+            <Scope displayName="Update Email Template Management" name="internal_email_mgt_update" />
+            <Scope displayName="Delete Email Template Management" name="internal_email_mgt_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Entitlement Management API" identifier="/api/identity/entitlement/" requiresAuthorization="true" description="API representation of the Entitlement Management API">
+        <Scopes>
+            <Scope displayName="Manage PEP (Policy Enforcement Point)" name="internal_manage_pep" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Media Management API" identifier="/api/identity/media/v1.0/user/" requiresAuthorization="true" description="API representation of the Media Management API">
+        <Scopes>
+            <Scope displayName="Create Media Management" name="internal_media_mgt_create" />
+            <Scope displayName="View Media Management" name="internal_media_mgt_view" />
+            <Scope displayName="Delete Media Management" name="internal_media_mgt_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Guest Invitation Management API" identifier="/api/server/v1/guests/invitation" requiresAuthorization="true" description="API representation of the Guest Invitation Management API">
+        <Scopes>
+            <Scope displayName="List Guest Invitations" name="internal_guest_mgt_invite_list" />
+            <Scope displayName="Delete Guest Invitations" name="internal_guest_mgt_invite_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="OAuth2 Introspection API" identifier="/oauth2/introspect" requiresAuthorization="true" description="API representation of the OAuth2 Introspection API">
+        <Scopes>
+            <Scope displayName="OAuth2 Introspection" name="internal_oauth2_introspect" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Identity Register API" identifier="/identity/register" requiresAuthorization="true" description="API representation of the Identity Register API">
+        <Scopes>
+            <Scope displayName="Create Identity Register" name="internal_register_create" />
+            <Scope displayName="Delete Identity Register" name="internal_register_delete" />
+        </Scopes>
+    </APIResource>
+    <APIResource name="Organization Self Service API" identifier="/identity/register" requiresAuthorization="true" description="API representation of the Organization Self Service API">
+        <Scopes>
+            <Scope displayName="View Self Service" name="internal_self_service_view" />
+            <Scope displayName="Update Self Service" name="internal_self_service_update" />
+        </Scopes>
+    </APIResource>
+</APIResources>
diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2 b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2
index 871acec6f5a0..ac26fa0adb50 100644
--- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2
+++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2
@@ -1940,6 +1940,18 @@
                        enable="{{event.default_listener.basic_user_info_provider.enable}}">
         </EventListener>
 
+        <EventListener id="system_api_resource_management_listener" type="org.wso2.carbon.identity.core.AbstractIdentityTenantMgtListener"
+                       name="org.wso2.carbon.identity.api.resource.mgt.listener.APIResourceManagementListener"
+                       orderId="{{event.default_listener.system_api_resource_management_listener.priority}}"
+                       enable="{{event.default_listener.system_api_resource_management_listener.enable}}">
+        </EventListener>
+
+        <EventListener id="console_authorization_management_listener" type="org.wso2.carbon.identity.application.mgt.listener.AbstractApplicationMgtListener"
+                       name="org.wso2.carbon.identity.application.mgt.listener.ConsoleAuthorizedAPIManagementListener"
+                       orderId="{{event.default_listener.console_authorization_management_listener.priority}}"
+                       enable="{{event.default_listener.console_authorization_management_listener.enable}}">
+        </EventListener>
+
         <!-- Custom Event Listeners -->
         {% for listener in event_listener %}
         <EventListener id="{{listener.id}}"
diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json
index 86df91d5e7f9..e9880e41e036 100644
--- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json
+++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json
@@ -436,6 +436,12 @@
   "identity_mgt.user_claim_update.uniqueness.listener_priority": "2",
   "identity_mgt.user_claim_update.uniqueness.scope_within_userstore": false,
 
+  "event.default_listener.system_api_resource_management_listener.priority": "600",
+  "event.default_listener.system_api_resource_management_listener.enable": true,
+
+  "event.default_listener.console_authorization_management_listener.priority": "601",
+  "event.default_listener.console_authorization_management_listener.enable": true,
+
   "identity_mgt_account_suspension.use_identity_claims": true,
 
   "identity_mgt.enable_user_claim_input_regex_validation": true,