diff --git a/modules/distribution/resources/api_templates/velocity_template.xml b/modules/distribution/resources/api_templates/velocity_template.xml
index f681cb2ebd..e5f9e67969 100644
--- a/modules/distribution/resources/api_templates/velocity_template.xml
+++ b/modules/distribution/resources/api_templates/velocity_template.xml
@@ -292,17 +292,14 @@ $in_sequences.get("$resource.getUriTemplate()").get($uri)
 <loopback />
                 ## AWS Lambda: end
                 #else
-                    #if( $apiIsOauthProtected || $apiIsApiKeyProtected || $apiIsBasicAuthProtected )
 <filter source="$ctx:AM_KEY_TYPE" regex="$filterRegex">
     <then>
-                    #end
                     #if( ($environmentType == 'sandbox') || ($environmentType =='hybrid'
                         && ! $endpoint_config.get("production_endpoints")) )
                         #draw_endpoint( "sandbox" $endpoint_config )
                     #else
                         #draw_endpoint( "production" $endpoint_config )
                     #end
-                    #if( $apiIsOauthProtected || $apiIsApiKeyProtected || $apiIsBasicAuthProtected )
     </then>
     <else>
                         #if( $environmentType !='hybrid' )
@@ -335,7 +332,6 @@ $in_sequences.get("$resource.getUriTemplate()").get($uri)
                         #end
     </else>
 </filter>
-                    #end
                 #end
 </inSequence>
 <outSequence>
@@ -348,7 +344,6 @@ $out_sequences.get("$resource.getUriTemplate()").get($uri)
                 #if( $responseCacheEnabled )
 <cache scope="per-host" collector="true"/>
                 #end
-                #if( $apiIsOauthProtected || $apiIsApiKeyProtected || $apiIsBasicAuthProtected )
 <filter source="$ctx:AM_KEY_TYPE" regex="$filterRegex">
     <then>
                     #if($endpointSecurityProd.clientId && ($endpointSecurityProd.type == "oauth" || $endpointSecurityProd.type == "OAUTH"))
@@ -361,7 +356,7 @@ $out_sequences.get("$resource.getUriTemplate()").get($uri)
                     #end
     </else>
 </filter>
-                #end
+
 <send/>
 </outSequence>
         </resource>
diff --git a/modules/distribution/resources/operation_policies/specifications/apkAddHeader_v1.json b/modules/distribution/resources/operation_policies/specifications/apkAddHeader_v1.json
new file mode 100644
index 0000000000..2312664d12
--- /dev/null
+++ b/modules/distribution/resources/operation_policies/specifications/apkAddHeader_v1.json
@@ -0,0 +1,35 @@
+{
+  "category": "Mediation",
+  "version": "v1",
+  "displayName": "Add Header",
+  "name": "apkAddHeader",
+  "description": "This policy allows you to add a new header to the request",
+  "policyAttributes": [
+    {
+      "name": "headerName",
+      "displayName": "Header Name",
+      "description": "Name of the header to be added",
+      "validationRegex": "^([a-zA-Z_\\:][a-zA-Z\\d_\\-\\ ]*)$",
+      "type": "String",
+      "required": true
+    },
+    {
+      "name": "headerValue",
+      "displayName": "Header Value",
+      "description": "Value of the header",
+      "validationRegex": "^.+$",
+      "type": "String",
+      "required": true
+    }
+  ],
+  "applicableFlows": [
+    "request",
+    "response"
+  ],
+  "supportedGateways": [
+    "ChoreoConnect"
+  ],
+  "supportedApiTypes": [
+    "HTTP"
+  ]
+}
\ No newline at end of file
diff --git a/modules/distribution/resources/operation_policies/specifications/ccCallInterceptorService_v1.json b/modules/distribution/resources/operation_policies/specifications/apkCallInterceptorService_v1.json
similarity index 96%
rename from modules/distribution/resources/operation_policies/specifications/ccCallInterceptorService_v1.json
rename to modules/distribution/resources/operation_policies/specifications/apkCallInterceptorService_v1.json
index fa72a75a6f..6ab62fe076 100644
--- a/modules/distribution/resources/operation_policies/specifications/ccCallInterceptorService_v1.json
+++ b/modules/distribution/resources/operation_policies/specifications/apkCallInterceptorService_v1.json
@@ -1,6 +1,6 @@
 {
   "category": "Mediation",
-  "name": "ccCallInterceptorService",
+  "name": "apkCallInterceptorService",
   "version": "v1",
   "displayName": "Call Interceptor Service",
   "description": "This policy allows you to call an interceptor service for a request message",
diff --git a/modules/distribution/resources/operation_policies/specifications/apkMirrorRequest_v1.json b/modules/distribution/resources/operation_policies/specifications/apkMirrorRequest_v1.json
new file mode 100644
index 0000000000..cb3171b251
--- /dev/null
+++ b/modules/distribution/resources/operation_policies/specifications/apkMirrorRequest_v1.json
@@ -0,0 +1,26 @@
+{
+    "category": "Mediation",
+    "name": "apkMirrorRequest",
+    "version": "v1",
+    "displayName": "Mirror Request",
+    "description": "This policy allows you to mirror a request to various URLs",
+    "policyAttributes": [
+        {
+            "name": "url",
+            "displayName": "URL",
+            "description": "URL to mirror the request to",
+            "validationRegex": "^(([\\w+]+\\:\\/\\/)?([\\w\\d-]+\\.)*[\\w-]+([\\.\\:]\\w+)*([\\/\\?\\=\\&\\#\\.]?[\\w-]+)*\\/?)$",
+            "type": "String",
+            "required": true
+        }
+    ],
+    "applicableFlows": [
+        "request"
+    ],
+    "supportedGateways": [
+        "ChoreoConnect"
+    ],
+    "supportedApiTypes": [
+        "HTTP"
+    ]
+}
\ No newline at end of file
diff --git a/modules/distribution/resources/operation_policies/specifications/apkRedirectRequest_v1.json b/modules/distribution/resources/operation_policies/specifications/apkRedirectRequest_v1.json
new file mode 100644
index 0000000000..71cc1e991c
--- /dev/null
+++ b/modules/distribution/resources/operation_policies/specifications/apkRedirectRequest_v1.json
@@ -0,0 +1,34 @@
+{
+    "category": "Mediation",
+    "name": "apkRedirectRequest",
+    "version": "v1",
+    "displayName": "Redirect Request",
+    "description": "This policy allows you to redirect a request",
+    "policyAttributes": [
+        {
+            "name": "url",
+            "displayName": "URL",
+            "description": "URL to redirect the request to",
+            "validationRegex": "^(([\\w+]+\\:\\/\\/)?([\\w\\d-]+\\.)*[\\w-]+([\\.\\:]\\w+)*([\\/\\?\\=\\&\\#\\.]?[\\w-]+)*\\/?)$",
+            "type": "String",
+            "required": true
+        },
+        {
+            "name": "statusCode",
+            "displayName": "Status Code",
+            "description": "Status code to display upon redirecting the request. Must be either 301 or 302",
+            "validationRegex": "^(301|302)$",
+            "type": "Integer",
+            "required": true
+        }
+    ],
+    "applicableFlows": [
+        "request"
+    ],
+    "supportedGateways": [
+        "ChoreoConnect"
+    ],
+    "supportedApiTypes": [
+        "HTTP"
+    ]
+}
\ No newline at end of file
diff --git a/modules/distribution/resources/operation_policies/specifications/apkRemove_Header_v1.json b/modules/distribution/resources/operation_policies/specifications/apkRemove_Header_v1.json
new file mode 100644
index 0000000000..357ec8adba
--- /dev/null
+++ b/modules/distribution/resources/operation_policies/specifications/apkRemove_Header_v1.json
@@ -0,0 +1,27 @@
+{
+    "category": "Mediation",
+    "name": "apkRemoveHeader",
+    "version": "v1",
+    "displayName": "Remove Header",
+    "description": "This policy allows you to remove a header from the request",
+    "policyAttributes": [
+        {
+            "name": "headerName",
+            "displayName": "Header Name",
+            "description": "Name of the header to be removed",
+            "validationRegex": "^([a-zA-Z_\\:][a-zA-Z\\d_\\-\\ ]*)$",
+            "type": "String",
+            "required": true
+        }
+    ],
+    "applicableFlows": [
+        "request",
+        "response"
+    ],
+    "supportedGateways": [
+        "ChoreoConnect"
+    ],
+    "supportedApiTypes": [
+        "HTTP"
+    ]
+}
\ No newline at end of file
diff --git a/modules/integration/tests-common/clients/publisher/.openapi-generator/publisher-api.yaml.sha256 b/modules/integration/tests-common/clients/publisher/.openapi-generator/publisher-api.yaml.sha256
index 9f401602fc..c5df44d193 100644
--- a/modules/integration/tests-common/clients/publisher/.openapi-generator/publisher-api.yaml.sha256
+++ b/modules/integration/tests-common/clients/publisher/.openapi-generator/publisher-api.yaml.sha256
@@ -1 +1 @@
-932693cf163d497c081af51b44f9825a7ea795ac8a001cc0ebd5e582dab1722d
\ No newline at end of file
+f22432a7f6a2e79f6244e9360787b60d17a9169f9e91d69368ce8fd2a139ba5d
\ No newline at end of file
diff --git a/modules/integration/tests-common/clients/publisher/api/openapi.yaml b/modules/integration/tests-common/clients/publisher/api/openapi.yaml
index a714f59180..268be810a4 100644
--- a/modules/integration/tests-common/clients/publisher/api/openapi.yaml
+++ b/modules/integration/tests-common/clients/publisher/api/openapi.yaml
@@ -8820,6 +8820,630 @@ paths:
         source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
           "https://127.0.0.1:9443/api/am/publisher/v4/apis/d48a3412-1b85-49be-99f4-b81a3722ae73/client-certificates/wso2carbon/content"'
       x-accepts: application/json
+  /apis/{apiId}/client-certs/{keyType}:
+    get:
+      description: |
+        This operation can be used to retrieve and search the uploaded client certificates of a given key type.
+      operationId: getAPIClientCertificatesByKeyType
+      parameters:
+      - description: Key type for the certificate
+        explode: false
+        in: path
+        name: keyType
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: |
+          Maximum size of resource array to return.
+        explode: true
+        in: query
+        name: limit
+        required: false
+        schema:
+          default: 25
+          type: integer
+        style: form
+      - description: |
+          Starting point within the complete list of items qualified.
+        explode: true
+        in: query
+        name: offset
+        required: false
+        schema:
+          default: 0
+          type: integer
+        style: form
+      - description: Alias for the client certificate
+        explode: true
+        in: query
+        name: alias
+        required: false
+        schema:
+          type: string
+        style: form
+      - description: |
+          **API ID** consisting of the **UUID** of the API.
+        explode: false
+        in: path
+        name: apiId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ClientCertificates'
+          description: |
+            OK. Successful response with the list of matching certificate information in the body.
+          headers:
+            Content-Type:
+              description: |
+                The content type of the body.
+              explode: false
+              schema:
+                type: string
+              style: simple
+        "400":
+          content:
+            application/json:
+              example:
+                code: 400
+                message: Bad Request
+                description: Invalid request or validation error
+                moreInfo: ""
+                error: []
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request. Invalid request or validation error.
+        "500":
+          content:
+            application/json:
+              example:
+                code: 500
+                message: Internal Server Error
+                description: The server encountered an internal error. Please contact
+                  administrator.
+                moreInfo: ""
+                error: []
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Internal Server Error.
+      security:
+      - OAuth2Security:
+        - apim:api_view
+        - apim:api_manage
+        - apim:client_certificates_view
+        - apim:client_certificates_manage
+      summary: Retrieve/ Search Uploaded Client Certificates of a given key type
+      tags:
+      - Client Certificates
+      x-code-samples:
+      - lang: Curl
+        source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
+          "https://127.0.0.1:9443/api/am/publisher/v4/apis/d48a3412-1b85-49be-99f4-b81a3722ae73/client-certs/PRODUCTION?alias=wso2carbon"'
+      x-accepts: application/json
+    post:
+      description: |
+        This operation can be used to upload a new certificate for an endpoint of the given type.
+      operationId: addAPIClientCertificateOfGivenKeyType
+      parameters:
+      - description: Key type for the certificate
+        explode: false
+        in: path
+        name: keyType
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: |
+          **API ID** consisting of the **UUID** of the API.
+        explode: false
+        in: path
+        name: apiId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          multipart/form-data:
+            schema:
+              properties:
+                certificate:
+                  description: The certificate that needs to be uploaded.
+                  format: binary
+                  type: string
+                alias:
+                  description: Alias for the certificate
+                  maxLength: 30
+                  minLength: 1
+                  type: string
+                tier:
+                  description: API tier to which the certificate should be applied.
+                  type: string
+              required:
+              - alias
+              - certificate
+              - tier
+        required: true
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ClientCertMetadata'
+          description: |
+            OK.
+            The Certificate added successfully.
+          headers:
+            Location:
+              description: |
+                The URL of the newly created resource.
+              explode: false
+              schema:
+                type: string
+              style: simple
+            Content-Type:
+              description: |
+                The content type of the body.
+              explode: false
+              schema:
+                type: string
+              style: simple
+        "400":
+          content:
+            application/json:
+              example:
+                code: 400
+                message: Bad Request
+                description: Invalid request or validation error
+                moreInfo: ""
+                error: []
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request. Invalid request or validation error.
+        "500":
+          content:
+            application/json:
+              example:
+                code: 500
+                message: Internal Server Error
+                description: The server encountered an internal error. Please contact
+                  administrator.
+                moreInfo: ""
+                error: []
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Internal Server Error.
+      security:
+      - OAuth2Security:
+        - apim:api_create
+        - apim:api_manage
+        - apim:client_certificates_add
+        - apim:client_certificates_manage
+      summary: Upload a New Certificate of the given key type
+      tags:
+      - Client Certificates
+      x-code-samples:
+      - lang: Curl
+        source: 'curl -k -X POST -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
+          -H "Content-Type: multipart/form-data" -F certificate=@test.crt -F alias=wso2carbon
+          -F tier=Gold "https://127.0.0.1:9443/api/am/publisher/v4/apis/d48a3412-1b85-49be-99f4-b81a3722ae73/client-certs/PRODUCTION"'
+      x-contentType: multipart/form-data
+      x-accepts: application/json
+  /apis/{apiId}/client-certs/{keyType}/{alias}:
+    delete:
+      description: |
+        This operation can be used to delete an uploaded certificate of a given key type.
+      operationId: deleteAPIClientCertificateByKeyTypeAndAlias
+      parameters:
+      - description: Key type for the certificate
+        explode: false
+        in: path
+        name: keyType
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: |
+          The alias of the certificate that should be deleted.
+        explode: false
+        in: path
+        name: alias
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: |
+          **API ID** consisting of the **UUID** of the API.
+        explode: false
+        in: path
+        name: apiId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content: {}
+          description: |
+            OK.
+            The Certificate deleted successfully.
+          headers:
+            Content-Type:
+              description: |
+                The content type of the body.
+              explode: false
+              schema:
+                type: string
+              style: simple
+        "400":
+          content:
+            application/json:
+              example:
+                code: 400
+                message: Bad Request
+                description: Invalid request or validation error
+                moreInfo: ""
+                error: []
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request. Invalid request or validation error.
+        "404":
+          content:
+            application/json:
+              example:
+                code: 404
+                message: Not Found
+                description: The specified resource does not exist
+                moreInfo: ""
+                error: []
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found. The specified resource does not exist.
+        "500":
+          content:
+            application/json:
+              example:
+                code: 500
+                message: Internal Server Error
+                description: The server encountered an internal error. Please contact
+                  administrator.
+                moreInfo: ""
+                error: []
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Internal Server Error.
+      security:
+      - OAuth2Security:
+        - apim:api_create
+        - apim:api_manage
+        - apim:client_certificates_update
+      summary: Delete a Certificate of a Given Key Type
+      tags:
+      - Client Certificates
+      x-code-samples:
+      - lang: Curl
+        source: 'curl -k -X DELETE -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
+          "https://127.0.0.1:9443/api/am/publisher/v4/apis/d48a3412-1b85-49be-99f4-b81a3722ae73/client-certificates/wso2carbon"'
+      x-accepts: application/json
+    get:
+      description: |
+        This operation can be used to get the information about a certificate of a given key type.
+      operationId: getAPIClientCertificateByKeyTypeAndAlias
+      parameters:
+      - description: Key type for the certificate
+        explode: false
+        in: path
+        name: keyType
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: alias
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: |
+          **API ID** consisting of the **UUID** of the API.
+        explode: false
+        in: path
+        name: apiId
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CertificateInfo'
+          description: |
+            OK.
+          headers:
+            Content-Type:
+              description: |
+                The content type of the body.
+              explode: false
+              schema:
+                type: string
+              style: simple
+        "400":
+          content:
+            application/json:
+              example:
+                code: 400
+                message: Bad Request
+                description: Invalid request or validation error
+                moreInfo: ""
+                error: []
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request. Invalid request or validation error.
+        "404":
+          content:
+            application/json:
+              example:
+                code: 404
+                message: Not Found
+                description: The specified resource does not exist
+                moreInfo: ""
+                error: []
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found. The specified resource does not exist.
+        "500":
+          content:
+            application/json:
+              example:
+                code: 500
+                message: Internal Server Error
+                description: The server encountered an internal error. Please contact
+                  administrator.
+                moreInfo: ""
+                error: []
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Internal Server Error.
+      security:
+      - OAuth2Security:
+        - apim:api_view
+        - apim:api_manage
+        - apim:client_certificates_view
+        - apim:client_certificates_manage
+      summary: Get the Certificate Information of a Given Key Type
+      tags:
+      - Client Certificates
+      x-code-samples:
+      - lang: Curl
+        source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
+          "https://127.0.0.1:9443/api/am/publisher/v4/apis/d48a3412-1b85-49be-99f4-b81a3722ae73/client-certs/PRODUCTION/wso2carbon"'
+      x-accepts: application/json
+    put:
+      description: |
+        This operation can be used to update an uploaded certificate of a given key type.
+      operationId: updateAPIClientCertificateByKeyTypeAndAlias
+      parameters:
+      - description: Key type for the certificate
+        explode: false
+        in: path
+        name: keyType
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: Alias for the certificate
+        explode: false
+        in: path
+        name: alias
+        required: true
+        schema:
+          maxLength: 30
+          minLength: 1
+          type: string
+        style: simple
+      - description: |
+          **API ID** consisting of the **UUID** of the API.
+        explode: false
+        in: path
+        name: apiId
+        required: true
+        schema:
+          type: string
+        style: simple
+      requestBody:
+        content:
+          multipart/form-data:
+            schema:
+              properties:
+                certificate:
+                  description: The certificate that needs to be uploaded.
+                  format: binary
+                  type: string
+                tier:
+                  description: The tier of the certificate
+                  type: string
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ClientCertMetadata'
+          description: |
+            OK.
+            The Certificate updated successfully.
+          headers:
+            Location:
+              description: |
+                The URL of the newly created resource.
+              explode: false
+              schema:
+                type: string
+              style: simple
+            Content-Type:
+              description: |
+                The content type of the body.
+              explode: false
+              schema:
+                type: string
+              style: simple
+        "400":
+          content:
+            application/json:
+              example:
+                code: 400
+                message: Bad Request
+                description: Invalid request or validation error
+                moreInfo: ""
+                error: []
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request. Invalid request or validation error.
+        "404":
+          content:
+            application/json:
+              example:
+                code: 404
+                message: Not Found
+                description: The specified resource does not exist
+                moreInfo: ""
+                error: []
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found. The specified resource does not exist.
+        "500":
+          content:
+            application/json:
+              example:
+                code: 500
+                message: Internal Server Error
+                description: The server encountered an internal error. Please contact
+                  administrator.
+                moreInfo: ""
+                error: []
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Internal Server Error.
+      security:
+      - OAuth2Security:
+        - apim:api_create
+        - apim:api_manage
+        - apim:client_certificates_update
+        - apim:client_certificates_manage
+      summary: Update a Certificate of a Given Key Type
+      tags:
+      - Client Certificates
+      x-code-samples:
+      - lang: Curl
+        source: 'curl -k -X PUT -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
+          -H "Content-Type: multipart/form-data" -F certificate=@test.crt -F alias=wso2carbon
+          -F apiId=fea749dd-d548-4a8b-b308-34903b39a34b -F tier=Gold "https://127.0.0.1:9443/api/am/publisher/v4/apis/d48a3412-1b85-49be-99f4-b81a3722ae73/client-certs/PRODUCTION/wso2carbon"'
+      x-contentType: multipart/form-data
+      x-accepts: application/json
+  /apis/{apiId}/client-certs/{keyType}/{alias}/content:
+    get:
+      description: |
+        This operation can be used to download a certificate which matches the given alias and key type.
+      operationId: getAPIClientCertificateContentByKeyTypeAndAlias
+      parameters:
+      - description: |
+          **API ID** consisting of the **UUID** of the API.
+        explode: false
+        in: path
+        name: apiId
+        required: true
+        schema:
+          type: string
+        style: simple
+      - explode: false
+        in: path
+        name: alias
+        required: true
+        schema:
+          type: string
+        style: simple
+      - description: |
+          The key type of the certificate that should be deleted.
+        explode: false
+        in: path
+        name: keyType
+        required: true
+        schema:
+          type: string
+        style: simple
+      responses:
+        "200":
+          content: {}
+          description: |
+            OK.
+          headers:
+            Content-Type:
+              description: |
+                The content type of the body.
+              explode: false
+              schema:
+                type: string
+              style: simple
+        "400":
+          content:
+            application/json:
+              example:
+                code: 400
+                message: Bad Request
+                description: Invalid request or validation error
+                moreInfo: ""
+                error: []
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Bad Request. Invalid request or validation error.
+        "404":
+          content:
+            application/json:
+              example:
+                code: 404
+                message: Not Found
+                description: The specified resource does not exist
+                moreInfo: ""
+                error: []
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Not Found. The specified resource does not exist.
+        "500":
+          content:
+            application/json:
+              example:
+                code: 500
+                message: Internal Server Error
+                description: The server encountered an internal error. Please contact
+                  administrator.
+                moreInfo: ""
+                error: []
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Internal Server Error.
+      security:
+      - OAuth2Security:
+        - apim:api_view
+        - apim:api_manage
+        - apim:client_certificates_view
+        - apim:client_certificates_manage
+      summary: Download a Certificate of Given Key Type
+      tags:
+      - Client Certificates
+      x-code-samples:
+      - lang: Curl
+        source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
+          "https://127.0.0.1:9443/api/am/publisher/v4/apis/d48a3412-1b85-49be-99f4-b81a3722ae73/client-certs/PRODUCTION/wso2carbon/content"
+          > test.crt'
+      x-accepts: application/json
   /endpoint-certificates:
     get:
       description: |
diff --git a/modules/integration/tests-common/clients/publisher/docs/ClientCertificatesApi.md b/modules/integration/tests-common/clients/publisher/docs/ClientCertificatesApi.md
index 374508b471..1d440bcd11 100644
--- a/modules/integration/tests-common/clients/publisher/docs/ClientCertificatesApi.md
+++ b/modules/integration/tests-common/clients/publisher/docs/ClientCertificatesApi.md
@@ -5,11 +5,17 @@ All URIs are relative to *https://apis.wso2.com/api/am/publisher/v4*
 Method | HTTP request | Description
 ------------- | ------------- | -------------
 [**addAPIClientCertificate**](ClientCertificatesApi.md#addAPIClientCertificate) | **POST** /apis/{apiId}/client-certificates | Upload a New Certificate
+[**addAPIClientCertificateOfGivenKeyType**](ClientCertificatesApi.md#addAPIClientCertificateOfGivenKeyType) | **POST** /apis/{apiId}/client-certs/{keyType} | Upload a New Certificate of the given key type
 [**deleteAPIClientCertificateByAlias**](ClientCertificatesApi.md#deleteAPIClientCertificateByAlias) | **DELETE** /apis/{apiId}/client-certificates/{alias} | Delete a Certificate
+[**deleteAPIClientCertificateByKeyTypeAndAlias**](ClientCertificatesApi.md#deleteAPIClientCertificateByKeyTypeAndAlias) | **DELETE** /apis/{apiId}/client-certs/{keyType}/{alias} | Delete a Certificate of a Given Key Type
 [**getAPIClientCertificateByAlias**](ClientCertificatesApi.md#getAPIClientCertificateByAlias) | **GET** /apis/{apiId}/client-certificates/{alias} | Get the Certificate Information
+[**getAPIClientCertificateByKeyTypeAndAlias**](ClientCertificatesApi.md#getAPIClientCertificateByKeyTypeAndAlias) | **GET** /apis/{apiId}/client-certs/{keyType}/{alias} | Get the Certificate Information of a Given Key Type
 [**getAPIClientCertificateContentByAlias**](ClientCertificatesApi.md#getAPIClientCertificateContentByAlias) | **GET** /apis/{apiId}/client-certificates/{alias}/content | Download a Certificate
+[**getAPIClientCertificateContentByKeyTypeAndAlias**](ClientCertificatesApi.md#getAPIClientCertificateContentByKeyTypeAndAlias) | **GET** /apis/{apiId}/client-certs/{keyType}/{alias}/content | Download a Certificate of Given Key Type
 [**getAPIClientCertificates**](ClientCertificatesApi.md#getAPIClientCertificates) | **GET** /apis/{apiId}/client-certificates | Retrieve/ Search Uploaded Client Certificates
+[**getAPIClientCertificatesByKeyType**](ClientCertificatesApi.md#getAPIClientCertificatesByKeyType) | **GET** /apis/{apiId}/client-certs/{keyType} | Retrieve/ Search Uploaded Client Certificates of a given key type
 [**updateAPIClientCertificateByAlias**](ClientCertificatesApi.md#updateAPIClientCertificateByAlias) | **PUT** /apis/{apiId}/client-certificates/{alias} | Update a Certificate
+[**updateAPIClientCertificateByKeyTypeAndAlias**](ClientCertificatesApi.md#updateAPIClientCertificateByKeyTypeAndAlias) | **PUT** /apis/{apiId}/client-certs/{keyType}/{alias} | Update a Certificate of a Given Key Type
 
 
 <a name="addAPIClientCertificate"></a>
@@ -87,6 +93,83 @@ Name | Type | Description  | Notes
 **400** | Bad Request. Invalid request or validation error. |  -  |
 **500** | Internal Server Error. |  -  |
 
+<a name="addAPIClientCertificateOfGivenKeyType"></a>
+# **addAPIClientCertificateOfGivenKeyType**
+> ClientCertMetadataDTO addAPIClientCertificateOfGivenKeyType(keyType, apiId, certificate, alias, tier)
+
+Upload a New Certificate of the given key type
+
+This operation can be used to upload a new certificate for an endpoint of the given type. 
+
+### Example
+```java
+// Import classes:
+import org.wso2.am.integration.clients.publisher.api.ApiClient;
+import org.wso2.am.integration.clients.publisher.api.ApiException;
+import org.wso2.am.integration.clients.publisher.api.Configuration;
+import org.wso2.am.integration.clients.publisher.api.auth.*;
+import org.wso2.am.integration.clients.publisher.api.models.*;
+import org.wso2.am.integration.clients.publisher.api.v1.ClientCertificatesApi;
+
+public class Example {
+  public static void main(String[] args) {
+    ApiClient defaultClient = Configuration.getDefaultApiClient();
+    defaultClient.setBasePath("https://apis.wso2.com/api/am/publisher/v4");
+    
+    // Configure OAuth2 access token for authorization: OAuth2Security
+    OAuth OAuth2Security = (OAuth) defaultClient.getAuthentication("OAuth2Security");
+    OAuth2Security.setAccessToken("YOUR ACCESS TOKEN");
+
+    ClientCertificatesApi apiInstance = new ClientCertificatesApi(defaultClient);
+    String keyType = "keyType_example"; // String | Key type for the certificate
+    String apiId = "apiId_example"; // String | **API ID** consisting of the **UUID** of the API. 
+    File certificate = new File("/path/to/file"); // File | The certificate that needs to be uploaded.
+    String alias = "alias_example"; // String | Alias for the certificate
+    String tier = "tier_example"; // String | API tier to which the certificate should be applied.
+    try {
+      ClientCertMetadataDTO result = apiInstance.addAPIClientCertificateOfGivenKeyType(keyType, apiId, certificate, alias, tier);
+      System.out.println(result);
+    } catch (ApiException e) {
+      System.err.println("Exception when calling ClientCertificatesApi#addAPIClientCertificateOfGivenKeyType");
+      System.err.println("Status code: " + e.getCode());
+      System.err.println("Reason: " + e.getResponseBody());
+      System.err.println("Response headers: " + e.getResponseHeaders());
+      e.printStackTrace();
+    }
+  }
+}
+```
+
+### Parameters
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **keyType** | **String**| Key type for the certificate |
+ **apiId** | **String**| **API ID** consisting of the **UUID** of the API.  |
+ **certificate** | **File**| The certificate that needs to be uploaded. |
+ **alias** | **String**| Alias for the certificate |
+ **tier** | **String**| API tier to which the certificate should be applied. |
+
+### Return type
+
+[**ClientCertMetadataDTO**](ClientCertMetadataDTO.md)
+
+### Authorization
+
+[OAuth2Security](../README.md#OAuth2Security)
+
+### HTTP request headers
+
+ - **Content-Type**: multipart/form-data
+ - **Accept**: application/json
+
+### HTTP response details
+| Status code | Description | Response headers |
+|-------------|-------------|------------------|
+**200** | OK. The Certificate added successfully.  |  * Location - The URL of the newly created resource.  <br>  * Content-Type - The content type of the body.  <br>  |
+**400** | Bad Request. Invalid request or validation error. |  -  |
+**500** | Internal Server Error. |  -  |
+
 <a name="deleteAPIClientCertificateByAlias"></a>
 # **deleteAPIClientCertificateByAlias**
 > deleteAPIClientCertificateByAlias(alias, apiId)
@@ -158,6 +241,79 @@ null (empty response body)
 **404** | Not Found. The specified resource does not exist. |  -  |
 **500** | Internal Server Error. |  -  |
 
+<a name="deleteAPIClientCertificateByKeyTypeAndAlias"></a>
+# **deleteAPIClientCertificateByKeyTypeAndAlias**
+> deleteAPIClientCertificateByKeyTypeAndAlias(keyType, alias, apiId)
+
+Delete a Certificate of a Given Key Type
+
+This operation can be used to delete an uploaded certificate of a given key type. 
+
+### Example
+```java
+// Import classes:
+import org.wso2.am.integration.clients.publisher.api.ApiClient;
+import org.wso2.am.integration.clients.publisher.api.ApiException;
+import org.wso2.am.integration.clients.publisher.api.Configuration;
+import org.wso2.am.integration.clients.publisher.api.auth.*;
+import org.wso2.am.integration.clients.publisher.api.models.*;
+import org.wso2.am.integration.clients.publisher.api.v1.ClientCertificatesApi;
+
+public class Example {
+  public static void main(String[] args) {
+    ApiClient defaultClient = Configuration.getDefaultApiClient();
+    defaultClient.setBasePath("https://apis.wso2.com/api/am/publisher/v4");
+    
+    // Configure OAuth2 access token for authorization: OAuth2Security
+    OAuth OAuth2Security = (OAuth) defaultClient.getAuthentication("OAuth2Security");
+    OAuth2Security.setAccessToken("YOUR ACCESS TOKEN");
+
+    ClientCertificatesApi apiInstance = new ClientCertificatesApi(defaultClient);
+    String keyType = "keyType_example"; // String | Key type for the certificate
+    String alias = "alias_example"; // String | The alias of the certificate that should be deleted. 
+    String apiId = "apiId_example"; // String | **API ID** consisting of the **UUID** of the API. 
+    try {
+      apiInstance.deleteAPIClientCertificateByKeyTypeAndAlias(keyType, alias, apiId);
+    } catch (ApiException e) {
+      System.err.println("Exception when calling ClientCertificatesApi#deleteAPIClientCertificateByKeyTypeAndAlias");
+      System.err.println("Status code: " + e.getCode());
+      System.err.println("Reason: " + e.getResponseBody());
+      System.err.println("Response headers: " + e.getResponseHeaders());
+      e.printStackTrace();
+    }
+  }
+}
+```
+
+### Parameters
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **keyType** | **String**| Key type for the certificate |
+ **alias** | **String**| The alias of the certificate that should be deleted.  |
+ **apiId** | **String**| **API ID** consisting of the **UUID** of the API.  |
+
+### Return type
+
+null (empty response body)
+
+### Authorization
+
+[OAuth2Security](../README.md#OAuth2Security)
+
+### HTTP request headers
+
+ - **Content-Type**: Not defined
+ - **Accept**: application/json
+
+### HTTP response details
+| Status code | Description | Response headers |
+|-------------|-------------|------------------|
+**200** | OK. The Certificate deleted successfully.  |  * Content-Type - The content type of the body.  <br>  |
+**400** | Bad Request. Invalid request or validation error. |  -  |
+**404** | Not Found. The specified resource does not exist. |  -  |
+**500** | Internal Server Error. |  -  |
+
 <a name="getAPIClientCertificateByAlias"></a>
 # **getAPIClientCertificateByAlias**
 > CertificateInfoDTO getAPIClientCertificateByAlias(alias, apiId)
@@ -230,6 +386,80 @@ Name | Type | Description  | Notes
 **404** | Not Found. The specified resource does not exist. |  -  |
 **500** | Internal Server Error. |  -  |
 
+<a name="getAPIClientCertificateByKeyTypeAndAlias"></a>
+# **getAPIClientCertificateByKeyTypeAndAlias**
+> CertificateInfoDTO getAPIClientCertificateByKeyTypeAndAlias(keyType, alias, apiId)
+
+Get the Certificate Information of a Given Key Type
+
+This operation can be used to get the information about a certificate of a given key type. 
+
+### Example
+```java
+// Import classes:
+import org.wso2.am.integration.clients.publisher.api.ApiClient;
+import org.wso2.am.integration.clients.publisher.api.ApiException;
+import org.wso2.am.integration.clients.publisher.api.Configuration;
+import org.wso2.am.integration.clients.publisher.api.auth.*;
+import org.wso2.am.integration.clients.publisher.api.models.*;
+import org.wso2.am.integration.clients.publisher.api.v1.ClientCertificatesApi;
+
+public class Example {
+  public static void main(String[] args) {
+    ApiClient defaultClient = Configuration.getDefaultApiClient();
+    defaultClient.setBasePath("https://apis.wso2.com/api/am/publisher/v4");
+    
+    // Configure OAuth2 access token for authorization: OAuth2Security
+    OAuth OAuth2Security = (OAuth) defaultClient.getAuthentication("OAuth2Security");
+    OAuth2Security.setAccessToken("YOUR ACCESS TOKEN");
+
+    ClientCertificatesApi apiInstance = new ClientCertificatesApi(defaultClient);
+    String keyType = "keyType_example"; // String | Key type for the certificate
+    String alias = "alias_example"; // String | 
+    String apiId = "apiId_example"; // String | **API ID** consisting of the **UUID** of the API. 
+    try {
+      CertificateInfoDTO result = apiInstance.getAPIClientCertificateByKeyTypeAndAlias(keyType, alias, apiId);
+      System.out.println(result);
+    } catch (ApiException e) {
+      System.err.println("Exception when calling ClientCertificatesApi#getAPIClientCertificateByKeyTypeAndAlias");
+      System.err.println("Status code: " + e.getCode());
+      System.err.println("Reason: " + e.getResponseBody());
+      System.err.println("Response headers: " + e.getResponseHeaders());
+      e.printStackTrace();
+    }
+  }
+}
+```
+
+### Parameters
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **keyType** | **String**| Key type for the certificate |
+ **alias** | **String**|  |
+ **apiId** | **String**| **API ID** consisting of the **UUID** of the API.  |
+
+### Return type
+
+[**CertificateInfoDTO**](CertificateInfoDTO.md)
+
+### Authorization
+
+[OAuth2Security](../README.md#OAuth2Security)
+
+### HTTP request headers
+
+ - **Content-Type**: Not defined
+ - **Accept**: application/json
+
+### HTTP response details
+| Status code | Description | Response headers |
+|-------------|-------------|------------------|
+**200** | OK.  |  * Content-Type - The content type of the body.  <br>  |
+**400** | Bad Request. Invalid request or validation error. |  -  |
+**404** | Not Found. The specified resource does not exist. |  -  |
+**500** | Internal Server Error. |  -  |
+
 <a name="getAPIClientCertificateContentByAlias"></a>
 # **getAPIClientCertificateContentByAlias**
 > getAPIClientCertificateContentByAlias(apiId, alias)
@@ -301,6 +531,79 @@ null (empty response body)
 **404** | Not Found. The specified resource does not exist. |  -  |
 **500** | Internal Server Error. |  -  |
 
+<a name="getAPIClientCertificateContentByKeyTypeAndAlias"></a>
+# **getAPIClientCertificateContentByKeyTypeAndAlias**
+> getAPIClientCertificateContentByKeyTypeAndAlias(apiId, alias, keyType)
+
+Download a Certificate of Given Key Type
+
+This operation can be used to download a certificate which matches the given alias and key type. 
+
+### Example
+```java
+// Import classes:
+import org.wso2.am.integration.clients.publisher.api.ApiClient;
+import org.wso2.am.integration.clients.publisher.api.ApiException;
+import org.wso2.am.integration.clients.publisher.api.Configuration;
+import org.wso2.am.integration.clients.publisher.api.auth.*;
+import org.wso2.am.integration.clients.publisher.api.models.*;
+import org.wso2.am.integration.clients.publisher.api.v1.ClientCertificatesApi;
+
+public class Example {
+  public static void main(String[] args) {
+    ApiClient defaultClient = Configuration.getDefaultApiClient();
+    defaultClient.setBasePath("https://apis.wso2.com/api/am/publisher/v4");
+    
+    // Configure OAuth2 access token for authorization: OAuth2Security
+    OAuth OAuth2Security = (OAuth) defaultClient.getAuthentication("OAuth2Security");
+    OAuth2Security.setAccessToken("YOUR ACCESS TOKEN");
+
+    ClientCertificatesApi apiInstance = new ClientCertificatesApi(defaultClient);
+    String apiId = "apiId_example"; // String | **API ID** consisting of the **UUID** of the API. 
+    String alias = "alias_example"; // String | 
+    String keyType = "keyType_example"; // String | The key type of the certificate that should be deleted. 
+    try {
+      apiInstance.getAPIClientCertificateContentByKeyTypeAndAlias(apiId, alias, keyType);
+    } catch (ApiException e) {
+      System.err.println("Exception when calling ClientCertificatesApi#getAPIClientCertificateContentByKeyTypeAndAlias");
+      System.err.println("Status code: " + e.getCode());
+      System.err.println("Reason: " + e.getResponseBody());
+      System.err.println("Response headers: " + e.getResponseHeaders());
+      e.printStackTrace();
+    }
+  }
+}
+```
+
+### Parameters
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **apiId** | **String**| **API ID** consisting of the **UUID** of the API.  |
+ **alias** | **String**|  |
+ **keyType** | **String**| The key type of the certificate that should be deleted.  |
+
+### Return type
+
+null (empty response body)
+
+### Authorization
+
+[OAuth2Security](../README.md#OAuth2Security)
+
+### HTTP request headers
+
+ - **Content-Type**: Not defined
+ - **Accept**: application/json
+
+### HTTP response details
+| Status code | Description | Response headers |
+|-------------|-------------|------------------|
+**200** | OK.  |  * Content-Type - The content type of the body.  <br>  |
+**400** | Bad Request. Invalid request or validation error. |  -  |
+**404** | Not Found. The specified resource does not exist. |  -  |
+**500** | Internal Server Error. |  -  |
+
 <a name="getAPIClientCertificates"></a>
 # **getAPIClientCertificates**
 > ClientCertificatesDTO getAPIClientCertificates(apiId, limit, offset, alias)
@@ -376,6 +679,83 @@ Name | Type | Description  | Notes
 **400** | Bad Request. Invalid request or validation error. |  -  |
 **500** | Internal Server Error. |  -  |
 
+<a name="getAPIClientCertificatesByKeyType"></a>
+# **getAPIClientCertificatesByKeyType**
+> ClientCertificatesDTO getAPIClientCertificatesByKeyType(keyType, apiId, limit, offset, alias)
+
+Retrieve/ Search Uploaded Client Certificates of a given key type
+
+This operation can be used to retrieve and search the uploaded client certificates of a given key type. 
+
+### Example
+```java
+// Import classes:
+import org.wso2.am.integration.clients.publisher.api.ApiClient;
+import org.wso2.am.integration.clients.publisher.api.ApiException;
+import org.wso2.am.integration.clients.publisher.api.Configuration;
+import org.wso2.am.integration.clients.publisher.api.auth.*;
+import org.wso2.am.integration.clients.publisher.api.models.*;
+import org.wso2.am.integration.clients.publisher.api.v1.ClientCertificatesApi;
+
+public class Example {
+  public static void main(String[] args) {
+    ApiClient defaultClient = Configuration.getDefaultApiClient();
+    defaultClient.setBasePath("https://apis.wso2.com/api/am/publisher/v4");
+    
+    // Configure OAuth2 access token for authorization: OAuth2Security
+    OAuth OAuth2Security = (OAuth) defaultClient.getAuthentication("OAuth2Security");
+    OAuth2Security.setAccessToken("YOUR ACCESS TOKEN");
+
+    ClientCertificatesApi apiInstance = new ClientCertificatesApi(defaultClient);
+    String keyType = "keyType_example"; // String | Key type for the certificate
+    String apiId = "apiId_example"; // String | **API ID** consisting of the **UUID** of the API. 
+    Integer limit = 25; // Integer | Maximum size of resource array to return. 
+    Integer offset = 0; // Integer | Starting point within the complete list of items qualified. 
+    String alias = "alias_example"; // String | Alias for the client certificate
+    try {
+      ClientCertificatesDTO result = apiInstance.getAPIClientCertificatesByKeyType(keyType, apiId, limit, offset, alias);
+      System.out.println(result);
+    } catch (ApiException e) {
+      System.err.println("Exception when calling ClientCertificatesApi#getAPIClientCertificatesByKeyType");
+      System.err.println("Status code: " + e.getCode());
+      System.err.println("Reason: " + e.getResponseBody());
+      System.err.println("Response headers: " + e.getResponseHeaders());
+      e.printStackTrace();
+    }
+  }
+}
+```
+
+### Parameters
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **keyType** | **String**| Key type for the certificate |
+ **apiId** | **String**| **API ID** consisting of the **UUID** of the API.  |
+ **limit** | **Integer**| Maximum size of resource array to return.  | [optional] [default to 25]
+ **offset** | **Integer**| Starting point within the complete list of items qualified.  | [optional] [default to 0]
+ **alias** | **String**| Alias for the client certificate | [optional]
+
+### Return type
+
+[**ClientCertificatesDTO**](ClientCertificatesDTO.md)
+
+### Authorization
+
+[OAuth2Security](../README.md#OAuth2Security)
+
+### HTTP request headers
+
+ - **Content-Type**: Not defined
+ - **Accept**: application/json
+
+### HTTP response details
+| Status code | Description | Response headers |
+|-------------|-------------|------------------|
+**200** | OK. Successful response with the list of matching certificate information in the body.  |  * Content-Type - The content type of the body.  <br>  |
+**400** | Bad Request. Invalid request or validation error. |  -  |
+**500** | Internal Server Error. |  -  |
+
 <a name="updateAPIClientCertificateByAlias"></a>
 # **updateAPIClientCertificateByAlias**
 > ClientCertMetadataDTO updateAPIClientCertificateByAlias(alias, apiId, certificate, tier)
@@ -452,3 +832,81 @@ Name | Type | Description  | Notes
 **404** | Not Found. The specified resource does not exist. |  -  |
 **500** | Internal Server Error. |  -  |
 
+<a name="updateAPIClientCertificateByKeyTypeAndAlias"></a>
+# **updateAPIClientCertificateByKeyTypeAndAlias**
+> ClientCertMetadataDTO updateAPIClientCertificateByKeyTypeAndAlias(keyType, alias, apiId, certificate, tier)
+
+Update a Certificate of a Given Key Type
+
+This operation can be used to update an uploaded certificate of a given key type. 
+
+### Example
+```java
+// Import classes:
+import org.wso2.am.integration.clients.publisher.api.ApiClient;
+import org.wso2.am.integration.clients.publisher.api.ApiException;
+import org.wso2.am.integration.clients.publisher.api.Configuration;
+import org.wso2.am.integration.clients.publisher.api.auth.*;
+import org.wso2.am.integration.clients.publisher.api.models.*;
+import org.wso2.am.integration.clients.publisher.api.v1.ClientCertificatesApi;
+
+public class Example {
+  public static void main(String[] args) {
+    ApiClient defaultClient = Configuration.getDefaultApiClient();
+    defaultClient.setBasePath("https://apis.wso2.com/api/am/publisher/v4");
+    
+    // Configure OAuth2 access token for authorization: OAuth2Security
+    OAuth OAuth2Security = (OAuth) defaultClient.getAuthentication("OAuth2Security");
+    OAuth2Security.setAccessToken("YOUR ACCESS TOKEN");
+
+    ClientCertificatesApi apiInstance = new ClientCertificatesApi(defaultClient);
+    String keyType = "keyType_example"; // String | Key type for the certificate
+    String alias = "alias_example"; // String | Alias for the certificate
+    String apiId = "apiId_example"; // String | **API ID** consisting of the **UUID** of the API. 
+    File certificate = new File("/path/to/file"); // File | The certificate that needs to be uploaded.
+    String tier = "tier_example"; // String | The tier of the certificate
+    try {
+      ClientCertMetadataDTO result = apiInstance.updateAPIClientCertificateByKeyTypeAndAlias(keyType, alias, apiId, certificate, tier);
+      System.out.println(result);
+    } catch (ApiException e) {
+      System.err.println("Exception when calling ClientCertificatesApi#updateAPIClientCertificateByKeyTypeAndAlias");
+      System.err.println("Status code: " + e.getCode());
+      System.err.println("Reason: " + e.getResponseBody());
+      System.err.println("Response headers: " + e.getResponseHeaders());
+      e.printStackTrace();
+    }
+  }
+}
+```
+
+### Parameters
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **keyType** | **String**| Key type for the certificate |
+ **alias** | **String**| Alias for the certificate |
+ **apiId** | **String**| **API ID** consisting of the **UUID** of the API.  |
+ **certificate** | **File**| The certificate that needs to be uploaded. | [optional]
+ **tier** | **String**| The tier of the certificate | [optional]
+
+### Return type
+
+[**ClientCertMetadataDTO**](ClientCertMetadataDTO.md)
+
+### Authorization
+
+[OAuth2Security](../README.md#OAuth2Security)
+
+### HTTP request headers
+
+ - **Content-Type**: multipart/form-data
+ - **Accept**: application/json
+
+### HTTP response details
+| Status code | Description | Response headers |
+|-------------|-------------|------------------|
+**200** | OK. The Certificate updated successfully.  |  * Location - The URL of the newly created resource.  <br>  * Content-Type - The content type of the body.  <br>  |
+**400** | Bad Request. Invalid request or validation error. |  -  |
+**404** | Not Found. The specified resource does not exist. |  -  |
+**500** | Internal Server Error. |  -  |
+
diff --git a/modules/integration/tests-common/clients/publisher/src/gen/java/org/wso2/am/integration/clients/publisher/api/v1/ClientCertificatesApi.java b/modules/integration/tests-common/clients/publisher/src/gen/java/org/wso2/am/integration/clients/publisher/api/v1/ClientCertificatesApi.java
index 6d4ba0be43..9067e74037 100644
--- a/modules/integration/tests-common/clients/publisher/src/gen/java/org/wso2/am/integration/clients/publisher/api/v1/ClientCertificatesApi.java
+++ b/modules/integration/tests-common/clients/publisher/src/gen/java/org/wso2/am/integration/clients/publisher/api/v1/ClientCertificatesApi.java
@@ -216,6 +216,174 @@ public okhttp3.Call addAPIClientCertificateAsync(String apiId, File certificate,
         localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback);
         return localVarCall;
     }
+    /**
+     * Build call for addAPIClientCertificateOfGivenKeyType
+     * @param keyType Key type for the certificate (required)
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @param certificate The certificate that needs to be uploaded. (required)
+     * @param alias Alias for the certificate (required)
+     * @param tier API tier to which the certificate should be applied. (required)
+     * @param _callback Callback for upload/download progress
+     * @return Call to execute
+     * @throws ApiException If fail to serialize the request body object
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK. The Certificate added successfully.  </td><td>  * Location - The URL of the newly created resource.  <br>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public okhttp3.Call addAPIClientCertificateOfGivenKeyTypeCall(String keyType, String apiId, File certificate, String alias, String tier, final ApiCallback _callback) throws ApiException {
+        Object localVarPostBody = null;
+
+        // create path and map variables
+        String localVarPath = "/apis/{apiId}/client-certs/{keyType}"
+            .replaceAll("\\{" + "keyType" + "\\}", localVarApiClient.escapeString(keyType.toString()))
+            .replaceAll("\\{" + "apiId" + "\\}", localVarApiClient.escapeString(apiId.toString()));
+
+        List<Pair> localVarQueryParams = new ArrayList<Pair>();
+        List<Pair> localVarCollectionQueryParams = new ArrayList<Pair>();
+        Map<String, String> localVarHeaderParams = new HashMap<String, String>();
+        Map<String, String> localVarCookieParams = new HashMap<String, String>();
+        Map<String, Object> localVarFormParams = new HashMap<String, Object>();
+        if (certificate != null) {
+            localVarFormParams.put("certificate", certificate);
+        }
+
+        if (alias != null) {
+            localVarFormParams.put("alias", alias);
+        }
+
+        if (tier != null) {
+            localVarFormParams.put("tier", tier);
+        }
+
+        final String[] localVarAccepts = {
+            "application/json"
+        };
+        final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts);
+        if (localVarAccept != null) {
+            localVarHeaderParams.put("Accept", localVarAccept);
+        }
+
+        final String[] localVarContentTypes = {
+            "multipart/form-data"
+        };
+        final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes);
+        localVarHeaderParams.put("Content-Type", localVarContentType);
+
+        String[] localVarAuthNames = new String[] { "OAuth2Security" };
+        return localVarApiClient.buildCall(localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback);
+    }
+
+    @SuppressWarnings("rawtypes")
+    private okhttp3.Call addAPIClientCertificateOfGivenKeyTypeValidateBeforeCall(String keyType, String apiId, File certificate, String alias, String tier, final ApiCallback _callback) throws ApiException {
+        
+        // verify the required parameter 'keyType' is set
+        if (keyType == null) {
+            throw new ApiException("Missing the required parameter 'keyType' when calling addAPIClientCertificateOfGivenKeyType(Async)");
+        }
+        
+        // verify the required parameter 'apiId' is set
+        if (apiId == null) {
+            throw new ApiException("Missing the required parameter 'apiId' when calling addAPIClientCertificateOfGivenKeyType(Async)");
+        }
+        
+        // verify the required parameter 'certificate' is set
+        if (certificate == null) {
+            throw new ApiException("Missing the required parameter 'certificate' when calling addAPIClientCertificateOfGivenKeyType(Async)");
+        }
+        
+        // verify the required parameter 'alias' is set
+        if (alias == null) {
+            throw new ApiException("Missing the required parameter 'alias' when calling addAPIClientCertificateOfGivenKeyType(Async)");
+        }
+        
+        // verify the required parameter 'tier' is set
+        if (tier == null) {
+            throw new ApiException("Missing the required parameter 'tier' when calling addAPIClientCertificateOfGivenKeyType(Async)");
+        }
+        
+
+        okhttp3.Call localVarCall = addAPIClientCertificateOfGivenKeyTypeCall(keyType, apiId, certificate, alias, tier, _callback);
+        return localVarCall;
+
+    }
+
+    /**
+     * Upload a New Certificate of the given key type
+     * This operation can be used to upload a new certificate for an endpoint of the given type. 
+     * @param keyType Key type for the certificate (required)
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @param certificate The certificate that needs to be uploaded. (required)
+     * @param alias Alias for the certificate (required)
+     * @param tier API tier to which the certificate should be applied. (required)
+     * @return ClientCertMetadataDTO
+     * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK. The Certificate added successfully.  </td><td>  * Location - The URL of the newly created resource.  <br>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public ClientCertMetadataDTO addAPIClientCertificateOfGivenKeyType(String keyType, String apiId, File certificate, String alias, String tier) throws ApiException {
+        ApiResponse<ClientCertMetadataDTO> localVarResp = addAPIClientCertificateOfGivenKeyTypeWithHttpInfo(keyType, apiId, certificate, alias, tier);
+        return localVarResp.getData();
+    }
+
+    /**
+     * Upload a New Certificate of the given key type
+     * This operation can be used to upload a new certificate for an endpoint of the given type. 
+     * @param keyType Key type for the certificate (required)
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @param certificate The certificate that needs to be uploaded. (required)
+     * @param alias Alias for the certificate (required)
+     * @param tier API tier to which the certificate should be applied. (required)
+     * @return ApiResponse&lt;ClientCertMetadataDTO&gt;
+     * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK. The Certificate added successfully.  </td><td>  * Location - The URL of the newly created resource.  <br>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public ApiResponse<ClientCertMetadataDTO> addAPIClientCertificateOfGivenKeyTypeWithHttpInfo(String keyType, String apiId, File certificate, String alias, String tier) throws ApiException {
+        okhttp3.Call localVarCall = addAPIClientCertificateOfGivenKeyTypeValidateBeforeCall(keyType, apiId, certificate, alias, tier, null);
+        Type localVarReturnType = new TypeToken<ClientCertMetadataDTO>(){}.getType();
+        return localVarApiClient.execute(localVarCall, localVarReturnType);
+    }
+
+    /**
+     * Upload a New Certificate of the given key type (asynchronously)
+     * This operation can be used to upload a new certificate for an endpoint of the given type. 
+     * @param keyType Key type for the certificate (required)
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @param certificate The certificate that needs to be uploaded. (required)
+     * @param alias Alias for the certificate (required)
+     * @param tier API tier to which the certificate should be applied. (required)
+     * @param _callback The callback to be executed when the API call finishes
+     * @return The request call
+     * @throws ApiException If fail to process the API call, e.g. serializing the request body object
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK. The Certificate added successfully.  </td><td>  * Location - The URL of the newly created resource.  <br>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public okhttp3.Call addAPIClientCertificateOfGivenKeyTypeAsync(String keyType, String apiId, File certificate, String alias, String tier, final ApiCallback<ClientCertMetadataDTO> _callback) throws ApiException {
+
+        okhttp3.Call localVarCall = addAPIClientCertificateOfGivenKeyTypeValidateBeforeCall(keyType, apiId, certificate, alias, tier, _callback);
+        Type localVarReturnType = new TypeToken<ClientCertMetadataDTO>(){}.getType();
+        localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback);
+        return localVarCall;
+    }
     /**
      * Build call for deleteAPIClientCertificateByAlias
      * @param alias The alias of the certificate that should be deleted.  (required)
@@ -345,6 +513,145 @@ public okhttp3.Call deleteAPIClientCertificateByAliasAsync(String alias, String
         localVarApiClient.executeAsync(localVarCall, _callback);
         return localVarCall;
     }
+    /**
+     * Build call for deleteAPIClientCertificateByKeyTypeAndAlias
+     * @param keyType Key type for the certificate (required)
+     * @param alias The alias of the certificate that should be deleted.  (required)
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @param _callback Callback for upload/download progress
+     * @return Call to execute
+     * @throws ApiException If fail to serialize the request body object
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK. The Certificate deleted successfully.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public okhttp3.Call deleteAPIClientCertificateByKeyTypeAndAliasCall(String keyType, String alias, String apiId, final ApiCallback _callback) throws ApiException {
+        Object localVarPostBody = null;
+
+        // create path and map variables
+        String localVarPath = "/apis/{apiId}/client-certs/{keyType}/{alias}"
+            .replaceAll("\\{" + "keyType" + "\\}", localVarApiClient.escapeString(keyType.toString()))
+            .replaceAll("\\{" + "alias" + "\\}", localVarApiClient.escapeString(alias.toString()))
+            .replaceAll("\\{" + "apiId" + "\\}", localVarApiClient.escapeString(apiId.toString()));
+
+        List<Pair> localVarQueryParams = new ArrayList<Pair>();
+        List<Pair> localVarCollectionQueryParams = new ArrayList<Pair>();
+        Map<String, String> localVarHeaderParams = new HashMap<String, String>();
+        Map<String, String> localVarCookieParams = new HashMap<String, String>();
+        Map<String, Object> localVarFormParams = new HashMap<String, Object>();
+        final String[] localVarAccepts = {
+            "application/json"
+        };
+        final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts);
+        if (localVarAccept != null) {
+            localVarHeaderParams.put("Accept", localVarAccept);
+        }
+
+        final String[] localVarContentTypes = {
+            
+        };
+        final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes);
+        localVarHeaderParams.put("Content-Type", localVarContentType);
+
+        String[] localVarAuthNames = new String[] { "OAuth2Security" };
+        return localVarApiClient.buildCall(localVarPath, "DELETE", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback);
+    }
+
+    @SuppressWarnings("rawtypes")
+    private okhttp3.Call deleteAPIClientCertificateByKeyTypeAndAliasValidateBeforeCall(String keyType, String alias, String apiId, final ApiCallback _callback) throws ApiException {
+        
+        // verify the required parameter 'keyType' is set
+        if (keyType == null) {
+            throw new ApiException("Missing the required parameter 'keyType' when calling deleteAPIClientCertificateByKeyTypeAndAlias(Async)");
+        }
+        
+        // verify the required parameter 'alias' is set
+        if (alias == null) {
+            throw new ApiException("Missing the required parameter 'alias' when calling deleteAPIClientCertificateByKeyTypeAndAlias(Async)");
+        }
+        
+        // verify the required parameter 'apiId' is set
+        if (apiId == null) {
+            throw new ApiException("Missing the required parameter 'apiId' when calling deleteAPIClientCertificateByKeyTypeAndAlias(Async)");
+        }
+        
+
+        okhttp3.Call localVarCall = deleteAPIClientCertificateByKeyTypeAndAliasCall(keyType, alias, apiId, _callback);
+        return localVarCall;
+
+    }
+
+    /**
+     * Delete a Certificate of a Given Key Type
+     * This operation can be used to delete an uploaded certificate of a given key type. 
+     * @param keyType Key type for the certificate (required)
+     * @param alias The alias of the certificate that should be deleted.  (required)
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK. The Certificate deleted successfully.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public void deleteAPIClientCertificateByKeyTypeAndAlias(String keyType, String alias, String apiId) throws ApiException {
+        deleteAPIClientCertificateByKeyTypeAndAliasWithHttpInfo(keyType, alias, apiId);
+    }
+
+    /**
+     * Delete a Certificate of a Given Key Type
+     * This operation can be used to delete an uploaded certificate of a given key type. 
+     * @param keyType Key type for the certificate (required)
+     * @param alias The alias of the certificate that should be deleted.  (required)
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @return ApiResponse&lt;Void&gt;
+     * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK. The Certificate deleted successfully.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public ApiResponse<Void> deleteAPIClientCertificateByKeyTypeAndAliasWithHttpInfo(String keyType, String alias, String apiId) throws ApiException {
+        okhttp3.Call localVarCall = deleteAPIClientCertificateByKeyTypeAndAliasValidateBeforeCall(keyType, alias, apiId, null);
+        return localVarApiClient.execute(localVarCall);
+    }
+
+    /**
+     * Delete a Certificate of a Given Key Type (asynchronously)
+     * This operation can be used to delete an uploaded certificate of a given key type. 
+     * @param keyType Key type for the certificate (required)
+     * @param alias The alias of the certificate that should be deleted.  (required)
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @param _callback The callback to be executed when the API call finishes
+     * @return The request call
+     * @throws ApiException If fail to process the API call, e.g. serializing the request body object
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK. The Certificate deleted successfully.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public okhttp3.Call deleteAPIClientCertificateByKeyTypeAndAliasAsync(String keyType, String alias, String apiId, final ApiCallback<Void> _callback) throws ApiException {
+
+        okhttp3.Call localVarCall = deleteAPIClientCertificateByKeyTypeAndAliasValidateBeforeCall(keyType, alias, apiId, _callback);
+        localVarApiClient.executeAsync(localVarCall, _callback);
+        return localVarCall;
+    }
     /**
      * Build call for getAPIClientCertificateByAlias
      * @param alias  (required)
@@ -455,10 +762,422 @@ public ApiResponse<CertificateInfoDTO> getAPIClientCertificateByAliasWithHttpInf
     }
 
     /**
-     * Get the Certificate Information (asynchronously)
-     * This operation can be used to get the information about a certificate. 
-     * @param alias  (required)
+     * Get the Certificate Information (asynchronously)
+     * This operation can be used to get the information about a certificate. 
+     * @param alias  (required)
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @param _callback The callback to be executed when the API call finishes
+     * @return The request call
+     * @throws ApiException If fail to process the API call, e.g. serializing the request body object
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public okhttp3.Call getAPIClientCertificateByAliasAsync(String alias, String apiId, final ApiCallback<CertificateInfoDTO> _callback) throws ApiException {
+
+        okhttp3.Call localVarCall = getAPIClientCertificateByAliasValidateBeforeCall(alias, apiId, _callback);
+        Type localVarReturnType = new TypeToken<CertificateInfoDTO>(){}.getType();
+        localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback);
+        return localVarCall;
+    }
+    /**
+     * Build call for getAPIClientCertificateByKeyTypeAndAlias
+     * @param keyType Key type for the certificate (required)
+     * @param alias  (required)
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @param _callback Callback for upload/download progress
+     * @return Call to execute
+     * @throws ApiException If fail to serialize the request body object
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public okhttp3.Call getAPIClientCertificateByKeyTypeAndAliasCall(String keyType, String alias, String apiId, final ApiCallback _callback) throws ApiException {
+        Object localVarPostBody = null;
+
+        // create path and map variables
+        String localVarPath = "/apis/{apiId}/client-certs/{keyType}/{alias}"
+            .replaceAll("\\{" + "keyType" + "\\}", localVarApiClient.escapeString(keyType.toString()))
+            .replaceAll("\\{" + "alias" + "\\}", localVarApiClient.escapeString(alias.toString()))
+            .replaceAll("\\{" + "apiId" + "\\}", localVarApiClient.escapeString(apiId.toString()));
+
+        List<Pair> localVarQueryParams = new ArrayList<Pair>();
+        List<Pair> localVarCollectionQueryParams = new ArrayList<Pair>();
+        Map<String, String> localVarHeaderParams = new HashMap<String, String>();
+        Map<String, String> localVarCookieParams = new HashMap<String, String>();
+        Map<String, Object> localVarFormParams = new HashMap<String, Object>();
+        final String[] localVarAccepts = {
+            "application/json"
+        };
+        final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts);
+        if (localVarAccept != null) {
+            localVarHeaderParams.put("Accept", localVarAccept);
+        }
+
+        final String[] localVarContentTypes = {
+            
+        };
+        final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes);
+        localVarHeaderParams.put("Content-Type", localVarContentType);
+
+        String[] localVarAuthNames = new String[] { "OAuth2Security" };
+        return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback);
+    }
+
+    @SuppressWarnings("rawtypes")
+    private okhttp3.Call getAPIClientCertificateByKeyTypeAndAliasValidateBeforeCall(String keyType, String alias, String apiId, final ApiCallback _callback) throws ApiException {
+        
+        // verify the required parameter 'keyType' is set
+        if (keyType == null) {
+            throw new ApiException("Missing the required parameter 'keyType' when calling getAPIClientCertificateByKeyTypeAndAlias(Async)");
+        }
+        
+        // verify the required parameter 'alias' is set
+        if (alias == null) {
+            throw new ApiException("Missing the required parameter 'alias' when calling getAPIClientCertificateByKeyTypeAndAlias(Async)");
+        }
+        
+        // verify the required parameter 'apiId' is set
+        if (apiId == null) {
+            throw new ApiException("Missing the required parameter 'apiId' when calling getAPIClientCertificateByKeyTypeAndAlias(Async)");
+        }
+        
+
+        okhttp3.Call localVarCall = getAPIClientCertificateByKeyTypeAndAliasCall(keyType, alias, apiId, _callback);
+        return localVarCall;
+
+    }
+
+    /**
+     * Get the Certificate Information of a Given Key Type
+     * This operation can be used to get the information about a certificate of a given key type. 
+     * @param keyType Key type for the certificate (required)
+     * @param alias  (required)
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @return CertificateInfoDTO
+     * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public CertificateInfoDTO getAPIClientCertificateByKeyTypeAndAlias(String keyType, String alias, String apiId) throws ApiException {
+        ApiResponse<CertificateInfoDTO> localVarResp = getAPIClientCertificateByKeyTypeAndAliasWithHttpInfo(keyType, alias, apiId);
+        return localVarResp.getData();
+    }
+
+    /**
+     * Get the Certificate Information of a Given Key Type
+     * This operation can be used to get the information about a certificate of a given key type. 
+     * @param keyType Key type for the certificate (required)
+     * @param alias  (required)
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @return ApiResponse&lt;CertificateInfoDTO&gt;
+     * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public ApiResponse<CertificateInfoDTO> getAPIClientCertificateByKeyTypeAndAliasWithHttpInfo(String keyType, String alias, String apiId) throws ApiException {
+        okhttp3.Call localVarCall = getAPIClientCertificateByKeyTypeAndAliasValidateBeforeCall(keyType, alias, apiId, null);
+        Type localVarReturnType = new TypeToken<CertificateInfoDTO>(){}.getType();
+        return localVarApiClient.execute(localVarCall, localVarReturnType);
+    }
+
+    /**
+     * Get the Certificate Information of a Given Key Type (asynchronously)
+     * This operation can be used to get the information about a certificate of a given key type. 
+     * @param keyType Key type for the certificate (required)
+     * @param alias  (required)
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @param _callback The callback to be executed when the API call finishes
+     * @return The request call
+     * @throws ApiException If fail to process the API call, e.g. serializing the request body object
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public okhttp3.Call getAPIClientCertificateByKeyTypeAndAliasAsync(String keyType, String alias, String apiId, final ApiCallback<CertificateInfoDTO> _callback) throws ApiException {
+
+        okhttp3.Call localVarCall = getAPIClientCertificateByKeyTypeAndAliasValidateBeforeCall(keyType, alias, apiId, _callback);
+        Type localVarReturnType = new TypeToken<CertificateInfoDTO>(){}.getType();
+        localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback);
+        return localVarCall;
+    }
+    /**
+     * Build call for getAPIClientCertificateContentByAlias
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @param alias  (required)
+     * @param _callback Callback for upload/download progress
+     * @return Call to execute
+     * @throws ApiException If fail to serialize the request body object
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public okhttp3.Call getAPIClientCertificateContentByAliasCall(String apiId, String alias, final ApiCallback _callback) throws ApiException {
+        Object localVarPostBody = null;
+
+        // create path and map variables
+        String localVarPath = "/apis/{apiId}/client-certificates/{alias}/content"
+            .replaceAll("\\{" + "apiId" + "\\}", localVarApiClient.escapeString(apiId.toString()))
+            .replaceAll("\\{" + "alias" + "\\}", localVarApiClient.escapeString(alias.toString()));
+
+        List<Pair> localVarQueryParams = new ArrayList<Pair>();
+        List<Pair> localVarCollectionQueryParams = new ArrayList<Pair>();
+        Map<String, String> localVarHeaderParams = new HashMap<String, String>();
+        Map<String, String> localVarCookieParams = new HashMap<String, String>();
+        Map<String, Object> localVarFormParams = new HashMap<String, Object>();
+        final String[] localVarAccepts = {
+            "application/json"
+        };
+        final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts);
+        if (localVarAccept != null) {
+            localVarHeaderParams.put("Accept", localVarAccept);
+        }
+
+        final String[] localVarContentTypes = {
+            
+        };
+        final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes);
+        localVarHeaderParams.put("Content-Type", localVarContentType);
+
+        String[] localVarAuthNames = new String[] { "OAuth2Security" };
+        return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback);
+    }
+
+    @SuppressWarnings("rawtypes")
+    private okhttp3.Call getAPIClientCertificateContentByAliasValidateBeforeCall(String apiId, String alias, final ApiCallback _callback) throws ApiException {
+        
+        // verify the required parameter 'apiId' is set
+        if (apiId == null) {
+            throw new ApiException("Missing the required parameter 'apiId' when calling getAPIClientCertificateContentByAlias(Async)");
+        }
+        
+        // verify the required parameter 'alias' is set
+        if (alias == null) {
+            throw new ApiException("Missing the required parameter 'alias' when calling getAPIClientCertificateContentByAlias(Async)");
+        }
+        
+
+        okhttp3.Call localVarCall = getAPIClientCertificateContentByAliasCall(apiId, alias, _callback);
+        return localVarCall;
+
+    }
+
+    /**
+     * Download a Certificate
+     * This operation can be used to download a certificate which matches the given alias. 
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @param alias  (required)
+     * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public void getAPIClientCertificateContentByAlias(String apiId, String alias) throws ApiException {
+        getAPIClientCertificateContentByAliasWithHttpInfo(apiId, alias);
+    }
+
+    /**
+     * Download a Certificate
+     * This operation can be used to download a certificate which matches the given alias. 
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @param alias  (required)
+     * @return ApiResponse&lt;Void&gt;
+     * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public ApiResponse<Void> getAPIClientCertificateContentByAliasWithHttpInfo(String apiId, String alias) throws ApiException {
+        okhttp3.Call localVarCall = getAPIClientCertificateContentByAliasValidateBeforeCall(apiId, alias, null);
+        return localVarApiClient.execute(localVarCall);
+    }
+
+    /**
+     * Download a Certificate (asynchronously)
+     * This operation can be used to download a certificate which matches the given alias. 
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @param alias  (required)
+     * @param _callback The callback to be executed when the API call finishes
+     * @return The request call
+     * @throws ApiException If fail to process the API call, e.g. serializing the request body object
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public okhttp3.Call getAPIClientCertificateContentByAliasAsync(String apiId, String alias, final ApiCallback<Void> _callback) throws ApiException {
+
+        okhttp3.Call localVarCall = getAPIClientCertificateContentByAliasValidateBeforeCall(apiId, alias, _callback);
+        localVarApiClient.executeAsync(localVarCall, _callback);
+        return localVarCall;
+    }
+    /**
+     * Build call for getAPIClientCertificateContentByKeyTypeAndAlias
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @param alias  (required)
+     * @param keyType The key type of the certificate that should be deleted.  (required)
+     * @param _callback Callback for upload/download progress
+     * @return Call to execute
+     * @throws ApiException If fail to serialize the request body object
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public okhttp3.Call getAPIClientCertificateContentByKeyTypeAndAliasCall(String apiId, String alias, String keyType, final ApiCallback _callback) throws ApiException {
+        Object localVarPostBody = null;
+
+        // create path and map variables
+        String localVarPath = "/apis/{apiId}/client-certs/{keyType}/{alias}/content"
+            .replaceAll("\\{" + "apiId" + "\\}", localVarApiClient.escapeString(apiId.toString()))
+            .replaceAll("\\{" + "alias" + "\\}", localVarApiClient.escapeString(alias.toString()))
+            .replaceAll("\\{" + "keyType" + "\\}", localVarApiClient.escapeString(keyType.toString()));
+
+        List<Pair> localVarQueryParams = new ArrayList<Pair>();
+        List<Pair> localVarCollectionQueryParams = new ArrayList<Pair>();
+        Map<String, String> localVarHeaderParams = new HashMap<String, String>();
+        Map<String, String> localVarCookieParams = new HashMap<String, String>();
+        Map<String, Object> localVarFormParams = new HashMap<String, Object>();
+        final String[] localVarAccepts = {
+            "application/json"
+        };
+        final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts);
+        if (localVarAccept != null) {
+            localVarHeaderParams.put("Accept", localVarAccept);
+        }
+
+        final String[] localVarContentTypes = {
+            
+        };
+        final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes);
+        localVarHeaderParams.put("Content-Type", localVarContentType);
+
+        String[] localVarAuthNames = new String[] { "OAuth2Security" };
+        return localVarApiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback);
+    }
+
+    @SuppressWarnings("rawtypes")
+    private okhttp3.Call getAPIClientCertificateContentByKeyTypeAndAliasValidateBeforeCall(String apiId, String alias, String keyType, final ApiCallback _callback) throws ApiException {
+        
+        // verify the required parameter 'apiId' is set
+        if (apiId == null) {
+            throw new ApiException("Missing the required parameter 'apiId' when calling getAPIClientCertificateContentByKeyTypeAndAlias(Async)");
+        }
+        
+        // verify the required parameter 'alias' is set
+        if (alias == null) {
+            throw new ApiException("Missing the required parameter 'alias' when calling getAPIClientCertificateContentByKeyTypeAndAlias(Async)");
+        }
+        
+        // verify the required parameter 'keyType' is set
+        if (keyType == null) {
+            throw new ApiException("Missing the required parameter 'keyType' when calling getAPIClientCertificateContentByKeyTypeAndAlias(Async)");
+        }
+        
+
+        okhttp3.Call localVarCall = getAPIClientCertificateContentByKeyTypeAndAliasCall(apiId, alias, keyType, _callback);
+        return localVarCall;
+
+    }
+
+    /**
+     * Download a Certificate of Given Key Type
+     * This operation can be used to download a certificate which matches the given alias and key type. 
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @param alias  (required)
+     * @param keyType The key type of the certificate that should be deleted.  (required)
+     * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public void getAPIClientCertificateContentByKeyTypeAndAlias(String apiId, String alias, String keyType) throws ApiException {
+        getAPIClientCertificateContentByKeyTypeAndAliasWithHttpInfo(apiId, alias, keyType);
+    }
+
+    /**
+     * Download a Certificate of Given Key Type
+     * This operation can be used to download a certificate which matches the given alias and key type. 
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @param alias  (required)
+     * @param keyType The key type of the certificate that should be deleted.  (required)
+     * @return ApiResponse&lt;Void&gt;
+     * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public ApiResponse<Void> getAPIClientCertificateContentByKeyTypeAndAliasWithHttpInfo(String apiId, String alias, String keyType) throws ApiException {
+        okhttp3.Call localVarCall = getAPIClientCertificateContentByKeyTypeAndAliasValidateBeforeCall(apiId, alias, keyType, null);
+        return localVarApiClient.execute(localVarCall);
+    }
+
+    /**
+     * Download a Certificate of Given Key Type (asynchronously)
+     * This operation can be used to download a certificate which matches the given alias and key type. 
      * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @param alias  (required)
+     * @param keyType The key type of the certificate that should be deleted.  (required)
      * @param _callback The callback to be executed when the API call finishes
      * @return The request call
      * @throws ApiException If fail to process the API call, e.g. serializing the request body object
@@ -471,39 +1190,50 @@ public ApiResponse<CertificateInfoDTO> getAPIClientCertificateByAliasWithHttpInf
         <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
      </table>
      */
-    public okhttp3.Call getAPIClientCertificateByAliasAsync(String alias, String apiId, final ApiCallback<CertificateInfoDTO> _callback) throws ApiException {
+    public okhttp3.Call getAPIClientCertificateContentByKeyTypeAndAliasAsync(String apiId, String alias, String keyType, final ApiCallback<Void> _callback) throws ApiException {
 
-        okhttp3.Call localVarCall = getAPIClientCertificateByAliasValidateBeforeCall(alias, apiId, _callback);
-        Type localVarReturnType = new TypeToken<CertificateInfoDTO>(){}.getType();
-        localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback);
+        okhttp3.Call localVarCall = getAPIClientCertificateContentByKeyTypeAndAliasValidateBeforeCall(apiId, alias, keyType, _callback);
+        localVarApiClient.executeAsync(localVarCall, _callback);
         return localVarCall;
     }
     /**
-     * Build call for getAPIClientCertificateContentByAlias
+     * Build call for getAPIClientCertificates
      * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
-     * @param alias  (required)
+     * @param limit Maximum size of resource array to return.  (optional, default to 25)
+     * @param offset Starting point within the complete list of items qualified.  (optional, default to 0)
+     * @param alias Alias for the client certificate (optional)
      * @param _callback Callback for upload/download progress
      * @return Call to execute
      * @throws ApiException If fail to serialize the request body object
      * @http.response.details
      <table summary="Response Details" border="1">
         <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
-        <tr><td> 200 </td><td> OK.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 200 </td><td> OK. Successful response with the list of matching certificate information in the body.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
         <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
-        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
         <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
      </table>
      */
-    public okhttp3.Call getAPIClientCertificateContentByAliasCall(String apiId, String alias, final ApiCallback _callback) throws ApiException {
+    public okhttp3.Call getAPIClientCertificatesCall(String apiId, Integer limit, Integer offset, String alias, final ApiCallback _callback) throws ApiException {
         Object localVarPostBody = null;
 
         // create path and map variables
-        String localVarPath = "/apis/{apiId}/client-certificates/{alias}/content"
-            .replaceAll("\\{" + "apiId" + "\\}", localVarApiClient.escapeString(apiId.toString()))
-            .replaceAll("\\{" + "alias" + "\\}", localVarApiClient.escapeString(alias.toString()));
+        String localVarPath = "/apis/{apiId}/client-certificates"
+            .replaceAll("\\{" + "apiId" + "\\}", localVarApiClient.escapeString(apiId.toString()));
 
         List<Pair> localVarQueryParams = new ArrayList<Pair>();
         List<Pair> localVarCollectionQueryParams = new ArrayList<Pair>();
+        if (limit != null) {
+            localVarQueryParams.addAll(localVarApiClient.parameterToPair("limit", limit));
+        }
+
+        if (offset != null) {
+            localVarQueryParams.addAll(localVarApiClient.parameterToPair("offset", offset));
+        }
+
+        if (alias != null) {
+            localVarQueryParams.addAll(localVarApiClient.parameterToPair("alias", alias));
+        }
+
         Map<String, String> localVarHeaderParams = new HashMap<String, String>();
         Map<String, String> localVarCookieParams = new HashMap<String, String>();
         Map<String, Object> localVarFormParams = new HashMap<String, Object>();
@@ -526,89 +1256,92 @@ public okhttp3.Call getAPIClientCertificateContentByAliasCall(String apiId, Stri
     }
 
     @SuppressWarnings("rawtypes")
-    private okhttp3.Call getAPIClientCertificateContentByAliasValidateBeforeCall(String apiId, String alias, final ApiCallback _callback) throws ApiException {
+    private okhttp3.Call getAPIClientCertificatesValidateBeforeCall(String apiId, Integer limit, Integer offset, String alias, final ApiCallback _callback) throws ApiException {
         
         // verify the required parameter 'apiId' is set
         if (apiId == null) {
-            throw new ApiException("Missing the required parameter 'apiId' when calling getAPIClientCertificateContentByAlias(Async)");
-        }
-        
-        // verify the required parameter 'alias' is set
-        if (alias == null) {
-            throw new ApiException("Missing the required parameter 'alias' when calling getAPIClientCertificateContentByAlias(Async)");
+            throw new ApiException("Missing the required parameter 'apiId' when calling getAPIClientCertificates(Async)");
         }
         
 
-        okhttp3.Call localVarCall = getAPIClientCertificateContentByAliasCall(apiId, alias, _callback);
+        okhttp3.Call localVarCall = getAPIClientCertificatesCall(apiId, limit, offset, alias, _callback);
         return localVarCall;
 
     }
 
     /**
-     * Download a Certificate
-     * This operation can be used to download a certificate which matches the given alias. 
+     * Retrieve/ Search Uploaded Client Certificates
+     * This operation can be used to retrieve and search the uploaded client certificates. 
      * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
-     * @param alias  (required)
+     * @param limit Maximum size of resource array to return.  (optional, default to 25)
+     * @param offset Starting point within the complete list of items qualified.  (optional, default to 0)
+     * @param alias Alias for the client certificate (optional)
+     * @return ClientCertificatesDTO
      * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body
      * @http.response.details
      <table summary="Response Details" border="1">
         <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
-        <tr><td> 200 </td><td> OK.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 200 </td><td> OK. Successful response with the list of matching certificate information in the body.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
         <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
-        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
         <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
      </table>
      */
-    public void getAPIClientCertificateContentByAlias(String apiId, String alias) throws ApiException {
-        getAPIClientCertificateContentByAliasWithHttpInfo(apiId, alias);
+    public ClientCertificatesDTO getAPIClientCertificates(String apiId, Integer limit, Integer offset, String alias) throws ApiException {
+        ApiResponse<ClientCertificatesDTO> localVarResp = getAPIClientCertificatesWithHttpInfo(apiId, limit, offset, alias);
+        return localVarResp.getData();
     }
 
     /**
-     * Download a Certificate
-     * This operation can be used to download a certificate which matches the given alias. 
+     * Retrieve/ Search Uploaded Client Certificates
+     * This operation can be used to retrieve and search the uploaded client certificates. 
      * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
-     * @param alias  (required)
-     * @return ApiResponse&lt;Void&gt;
+     * @param limit Maximum size of resource array to return.  (optional, default to 25)
+     * @param offset Starting point within the complete list of items qualified.  (optional, default to 0)
+     * @param alias Alias for the client certificate (optional)
+     * @return ApiResponse&lt;ClientCertificatesDTO&gt;
      * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body
      * @http.response.details
      <table summary="Response Details" border="1">
         <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
-        <tr><td> 200 </td><td> OK.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 200 </td><td> OK. Successful response with the list of matching certificate information in the body.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
         <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
-        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
         <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
      </table>
      */
-    public ApiResponse<Void> getAPIClientCertificateContentByAliasWithHttpInfo(String apiId, String alias) throws ApiException {
-        okhttp3.Call localVarCall = getAPIClientCertificateContentByAliasValidateBeforeCall(apiId, alias, null);
-        return localVarApiClient.execute(localVarCall);
+    public ApiResponse<ClientCertificatesDTO> getAPIClientCertificatesWithHttpInfo(String apiId, Integer limit, Integer offset, String alias) throws ApiException {
+        okhttp3.Call localVarCall = getAPIClientCertificatesValidateBeforeCall(apiId, limit, offset, alias, null);
+        Type localVarReturnType = new TypeToken<ClientCertificatesDTO>(){}.getType();
+        return localVarApiClient.execute(localVarCall, localVarReturnType);
     }
 
     /**
-     * Download a Certificate (asynchronously)
-     * This operation can be used to download a certificate which matches the given alias. 
+     * Retrieve/ Search Uploaded Client Certificates (asynchronously)
+     * This operation can be used to retrieve and search the uploaded client certificates. 
      * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
-     * @param alias  (required)
+     * @param limit Maximum size of resource array to return.  (optional, default to 25)
+     * @param offset Starting point within the complete list of items qualified.  (optional, default to 0)
+     * @param alias Alias for the client certificate (optional)
      * @param _callback The callback to be executed when the API call finishes
      * @return The request call
      * @throws ApiException If fail to process the API call, e.g. serializing the request body object
      * @http.response.details
      <table summary="Response Details" border="1">
         <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
-        <tr><td> 200 </td><td> OK.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 200 </td><td> OK. Successful response with the list of matching certificate information in the body.  </td><td>  * Content-Type - The content type of the body.  <br>  </td></tr>
         <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
-        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
         <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
      </table>
      */
-    public okhttp3.Call getAPIClientCertificateContentByAliasAsync(String apiId, String alias, final ApiCallback<Void> _callback) throws ApiException {
+    public okhttp3.Call getAPIClientCertificatesAsync(String apiId, Integer limit, Integer offset, String alias, final ApiCallback<ClientCertificatesDTO> _callback) throws ApiException {
 
-        okhttp3.Call localVarCall = getAPIClientCertificateContentByAliasValidateBeforeCall(apiId, alias, _callback);
-        localVarApiClient.executeAsync(localVarCall, _callback);
+        okhttp3.Call localVarCall = getAPIClientCertificatesValidateBeforeCall(apiId, limit, offset, alias, _callback);
+        Type localVarReturnType = new TypeToken<ClientCertificatesDTO>(){}.getType();
+        localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback);
         return localVarCall;
     }
     /**
-     * Build call for getAPIClientCertificates
+     * Build call for getAPIClientCertificatesByKeyType
+     * @param keyType Key type for the certificate (required)
      * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
      * @param limit Maximum size of resource array to return.  (optional, default to 25)
      * @param offset Starting point within the complete list of items qualified.  (optional, default to 0)
@@ -624,11 +1357,12 @@ public okhttp3.Call getAPIClientCertificateContentByAliasAsync(String apiId, Str
         <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
      </table>
      */
-    public okhttp3.Call getAPIClientCertificatesCall(String apiId, Integer limit, Integer offset, String alias, final ApiCallback _callback) throws ApiException {
+    public okhttp3.Call getAPIClientCertificatesByKeyTypeCall(String keyType, String apiId, Integer limit, Integer offset, String alias, final ApiCallback _callback) throws ApiException {
         Object localVarPostBody = null;
 
         // create path and map variables
-        String localVarPath = "/apis/{apiId}/client-certificates"
+        String localVarPath = "/apis/{apiId}/client-certs/{keyType}"
+            .replaceAll("\\{" + "keyType" + "\\}", localVarApiClient.escapeString(keyType.toString()))
             .replaceAll("\\{" + "apiId" + "\\}", localVarApiClient.escapeString(apiId.toString()));
 
         List<Pair> localVarQueryParams = new ArrayList<Pair>();
@@ -667,22 +1401,28 @@ public okhttp3.Call getAPIClientCertificatesCall(String apiId, Integer limit, In
     }
 
     @SuppressWarnings("rawtypes")
-    private okhttp3.Call getAPIClientCertificatesValidateBeforeCall(String apiId, Integer limit, Integer offset, String alias, final ApiCallback _callback) throws ApiException {
+    private okhttp3.Call getAPIClientCertificatesByKeyTypeValidateBeforeCall(String keyType, String apiId, Integer limit, Integer offset, String alias, final ApiCallback _callback) throws ApiException {
+        
+        // verify the required parameter 'keyType' is set
+        if (keyType == null) {
+            throw new ApiException("Missing the required parameter 'keyType' when calling getAPIClientCertificatesByKeyType(Async)");
+        }
         
         // verify the required parameter 'apiId' is set
         if (apiId == null) {
-            throw new ApiException("Missing the required parameter 'apiId' when calling getAPIClientCertificates(Async)");
+            throw new ApiException("Missing the required parameter 'apiId' when calling getAPIClientCertificatesByKeyType(Async)");
         }
         
 
-        okhttp3.Call localVarCall = getAPIClientCertificatesCall(apiId, limit, offset, alias, _callback);
+        okhttp3.Call localVarCall = getAPIClientCertificatesByKeyTypeCall(keyType, apiId, limit, offset, alias, _callback);
         return localVarCall;
 
     }
 
     /**
-     * Retrieve/ Search Uploaded Client Certificates
-     * This operation can be used to retrieve and search the uploaded client certificates. 
+     * Retrieve/ Search Uploaded Client Certificates of a given key type
+     * This operation can be used to retrieve and search the uploaded client certificates of a given key type. 
+     * @param keyType Key type for the certificate (required)
      * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
      * @param limit Maximum size of resource array to return.  (optional, default to 25)
      * @param offset Starting point within the complete list of items qualified.  (optional, default to 0)
@@ -697,14 +1437,15 @@ private okhttp3.Call getAPIClientCertificatesValidateBeforeCall(String apiId, In
         <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
      </table>
      */
-    public ClientCertificatesDTO getAPIClientCertificates(String apiId, Integer limit, Integer offset, String alias) throws ApiException {
-        ApiResponse<ClientCertificatesDTO> localVarResp = getAPIClientCertificatesWithHttpInfo(apiId, limit, offset, alias);
+    public ClientCertificatesDTO getAPIClientCertificatesByKeyType(String keyType, String apiId, Integer limit, Integer offset, String alias) throws ApiException {
+        ApiResponse<ClientCertificatesDTO> localVarResp = getAPIClientCertificatesByKeyTypeWithHttpInfo(keyType, apiId, limit, offset, alias);
         return localVarResp.getData();
     }
 
     /**
-     * Retrieve/ Search Uploaded Client Certificates
-     * This operation can be used to retrieve and search the uploaded client certificates. 
+     * Retrieve/ Search Uploaded Client Certificates of a given key type
+     * This operation can be used to retrieve and search the uploaded client certificates of a given key type. 
+     * @param keyType Key type for the certificate (required)
      * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
      * @param limit Maximum size of resource array to return.  (optional, default to 25)
      * @param offset Starting point within the complete list of items qualified.  (optional, default to 0)
@@ -719,15 +1460,16 @@ public ClientCertificatesDTO getAPIClientCertificates(String apiId, Integer limi
         <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
      </table>
      */
-    public ApiResponse<ClientCertificatesDTO> getAPIClientCertificatesWithHttpInfo(String apiId, Integer limit, Integer offset, String alias) throws ApiException {
-        okhttp3.Call localVarCall = getAPIClientCertificatesValidateBeforeCall(apiId, limit, offset, alias, null);
+    public ApiResponse<ClientCertificatesDTO> getAPIClientCertificatesByKeyTypeWithHttpInfo(String keyType, String apiId, Integer limit, Integer offset, String alias) throws ApiException {
+        okhttp3.Call localVarCall = getAPIClientCertificatesByKeyTypeValidateBeforeCall(keyType, apiId, limit, offset, alias, null);
         Type localVarReturnType = new TypeToken<ClientCertificatesDTO>(){}.getType();
         return localVarApiClient.execute(localVarCall, localVarReturnType);
     }
 
     /**
-     * Retrieve/ Search Uploaded Client Certificates (asynchronously)
-     * This operation can be used to retrieve and search the uploaded client certificates. 
+     * Retrieve/ Search Uploaded Client Certificates of a given key type (asynchronously)
+     * This operation can be used to retrieve and search the uploaded client certificates of a given key type. 
+     * @param keyType Key type for the certificate (required)
      * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
      * @param limit Maximum size of resource array to return.  (optional, default to 25)
      * @param offset Starting point within the complete list of items qualified.  (optional, default to 0)
@@ -743,9 +1485,9 @@ public ApiResponse<ClientCertificatesDTO> getAPIClientCertificatesWithHttpInfo(S
         <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
      </table>
      */
-    public okhttp3.Call getAPIClientCertificatesAsync(String apiId, Integer limit, Integer offset, String alias, final ApiCallback<ClientCertificatesDTO> _callback) throws ApiException {
+    public okhttp3.Call getAPIClientCertificatesByKeyTypeAsync(String keyType, String apiId, Integer limit, Integer offset, String alias, final ApiCallback<ClientCertificatesDTO> _callback) throws ApiException {
 
-        okhttp3.Call localVarCall = getAPIClientCertificatesValidateBeforeCall(apiId, limit, offset, alias, _callback);
+        okhttp3.Call localVarCall = getAPIClientCertificatesByKeyTypeValidateBeforeCall(keyType, apiId, limit, offset, alias, _callback);
         Type localVarReturnType = new TypeToken<ClientCertificatesDTO>(){}.getType();
         localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback);
         return localVarCall;
@@ -899,4 +1641,163 @@ public okhttp3.Call updateAPIClientCertificateByAliasAsync(String alias, String
         localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback);
         return localVarCall;
     }
+    /**
+     * Build call for updateAPIClientCertificateByKeyTypeAndAlias
+     * @param keyType Key type for the certificate (required)
+     * @param alias Alias for the certificate (required)
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @param certificate The certificate that needs to be uploaded. (optional)
+     * @param tier The tier of the certificate (optional)
+     * @param _callback Callback for upload/download progress
+     * @return Call to execute
+     * @throws ApiException If fail to serialize the request body object
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK. The Certificate updated successfully.  </td><td>  * Location - The URL of the newly created resource.  <br>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public okhttp3.Call updateAPIClientCertificateByKeyTypeAndAliasCall(String keyType, String alias, String apiId, File certificate, String tier, final ApiCallback _callback) throws ApiException {
+        Object localVarPostBody = null;
+
+        // create path and map variables
+        String localVarPath = "/apis/{apiId}/client-certs/{keyType}/{alias}"
+            .replaceAll("\\{" + "keyType" + "\\}", localVarApiClient.escapeString(keyType.toString()))
+            .replaceAll("\\{" + "alias" + "\\}", localVarApiClient.escapeString(alias.toString()))
+            .replaceAll("\\{" + "apiId" + "\\}", localVarApiClient.escapeString(apiId.toString()));
+
+        List<Pair> localVarQueryParams = new ArrayList<Pair>();
+        List<Pair> localVarCollectionQueryParams = new ArrayList<Pair>();
+        Map<String, String> localVarHeaderParams = new HashMap<String, String>();
+        Map<String, String> localVarCookieParams = new HashMap<String, String>();
+        Map<String, Object> localVarFormParams = new HashMap<String, Object>();
+        if (certificate != null) {
+            localVarFormParams.put("certificate", certificate);
+        }
+
+        if (tier != null) {
+            localVarFormParams.put("tier", tier);
+        }
+
+        final String[] localVarAccepts = {
+            "application/json"
+        };
+        final String localVarAccept = localVarApiClient.selectHeaderAccept(localVarAccepts);
+        if (localVarAccept != null) {
+            localVarHeaderParams.put("Accept", localVarAccept);
+        }
+
+        final String[] localVarContentTypes = {
+            "multipart/form-data"
+        };
+        final String localVarContentType = localVarApiClient.selectHeaderContentType(localVarContentTypes);
+        localVarHeaderParams.put("Content-Type", localVarContentType);
+
+        String[] localVarAuthNames = new String[] { "OAuth2Security" };
+        return localVarApiClient.buildCall(localVarPath, "PUT", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback);
+    }
+
+    @SuppressWarnings("rawtypes")
+    private okhttp3.Call updateAPIClientCertificateByKeyTypeAndAliasValidateBeforeCall(String keyType, String alias, String apiId, File certificate, String tier, final ApiCallback _callback) throws ApiException {
+        
+        // verify the required parameter 'keyType' is set
+        if (keyType == null) {
+            throw new ApiException("Missing the required parameter 'keyType' when calling updateAPIClientCertificateByKeyTypeAndAlias(Async)");
+        }
+        
+        // verify the required parameter 'alias' is set
+        if (alias == null) {
+            throw new ApiException("Missing the required parameter 'alias' when calling updateAPIClientCertificateByKeyTypeAndAlias(Async)");
+        }
+        
+        // verify the required parameter 'apiId' is set
+        if (apiId == null) {
+            throw new ApiException("Missing the required parameter 'apiId' when calling updateAPIClientCertificateByKeyTypeAndAlias(Async)");
+        }
+        
+
+        okhttp3.Call localVarCall = updateAPIClientCertificateByKeyTypeAndAliasCall(keyType, alias, apiId, certificate, tier, _callback);
+        return localVarCall;
+
+    }
+
+    /**
+     * Update a Certificate of a Given Key Type
+     * This operation can be used to update an uploaded certificate of a given key type. 
+     * @param keyType Key type for the certificate (required)
+     * @param alias Alias for the certificate (required)
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @param certificate The certificate that needs to be uploaded. (optional)
+     * @param tier The tier of the certificate (optional)
+     * @return ClientCertMetadataDTO
+     * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK. The Certificate updated successfully.  </td><td>  * Location - The URL of the newly created resource.  <br>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public ClientCertMetadataDTO updateAPIClientCertificateByKeyTypeAndAlias(String keyType, String alias, String apiId, File certificate, String tier) throws ApiException {
+        ApiResponse<ClientCertMetadataDTO> localVarResp = updateAPIClientCertificateByKeyTypeAndAliasWithHttpInfo(keyType, alias, apiId, certificate, tier);
+        return localVarResp.getData();
+    }
+
+    /**
+     * Update a Certificate of a Given Key Type
+     * This operation can be used to update an uploaded certificate of a given key type. 
+     * @param keyType Key type for the certificate (required)
+     * @param alias Alias for the certificate (required)
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @param certificate The certificate that needs to be uploaded. (optional)
+     * @param tier The tier of the certificate (optional)
+     * @return ApiResponse&lt;ClientCertMetadataDTO&gt;
+     * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK. The Certificate updated successfully.  </td><td>  * Location - The URL of the newly created resource.  <br>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public ApiResponse<ClientCertMetadataDTO> updateAPIClientCertificateByKeyTypeAndAliasWithHttpInfo(String keyType, String alias, String apiId, File certificate, String tier) throws ApiException {
+        okhttp3.Call localVarCall = updateAPIClientCertificateByKeyTypeAndAliasValidateBeforeCall(keyType, alias, apiId, certificate, tier, null);
+        Type localVarReturnType = new TypeToken<ClientCertMetadataDTO>(){}.getType();
+        return localVarApiClient.execute(localVarCall, localVarReturnType);
+    }
+
+    /**
+     * Update a Certificate of a Given Key Type (asynchronously)
+     * This operation can be used to update an uploaded certificate of a given key type. 
+     * @param keyType Key type for the certificate (required)
+     * @param alias Alias for the certificate (required)
+     * @param apiId **API ID** consisting of the **UUID** of the API.  (required)
+     * @param certificate The certificate that needs to be uploaded. (optional)
+     * @param tier The tier of the certificate (optional)
+     * @param _callback The callback to be executed when the API call finishes
+     * @return The request call
+     * @throws ApiException If fail to process the API call, e.g. serializing the request body object
+     * @http.response.details
+     <table summary="Response Details" border="1">
+        <tr><td> Status Code </td><td> Description </td><td> Response Headers </td></tr>
+        <tr><td> 200 </td><td> OK. The Certificate updated successfully.  </td><td>  * Location - The URL of the newly created resource.  <br>  * Content-Type - The content type of the body.  <br>  </td></tr>
+        <tr><td> 400 </td><td> Bad Request. Invalid request or validation error. </td><td>  -  </td></tr>
+        <tr><td> 404 </td><td> Not Found. The specified resource does not exist. </td><td>  -  </td></tr>
+        <tr><td> 500 </td><td> Internal Server Error. </td><td>  -  </td></tr>
+     </table>
+     */
+    public okhttp3.Call updateAPIClientCertificateByKeyTypeAndAliasAsync(String keyType, String alias, String apiId, File certificate, String tier, final ApiCallback<ClientCertMetadataDTO> _callback) throws ApiException {
+
+        okhttp3.Call localVarCall = updateAPIClientCertificateByKeyTypeAndAliasValidateBeforeCall(keyType, alias, apiId, certificate, tier, _callback);
+        Type localVarReturnType = new TypeToken<ClientCertMetadataDTO>(){}.getType();
+        localVarApiClient.executeAsync(localVarCall, localVarReturnType, _callback);
+        return localVarCall;
+    }
 }
diff --git a/modules/integration/tests-common/clients/publisher/src/main/resources/publisher-api.yaml b/modules/integration/tests-common/clients/publisher/src/main/resources/publisher-api.yaml
index 674937c137..dd8ab18773 100644
--- a/modules/integration/tests-common/clients/publisher/src/main/resources/publisher-api.yaml
+++ b/modules/integration/tests-common/clients/publisher/src/main/resources/publisher-api.yaml
@@ -4596,6 +4596,9 @@ paths:
           source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
           "https://127.0.0.1:9443/api/am/publisher/v4/throttling-policies/api/Platinum"'
 
+  ######################################################
+  # The "Client Certificates" resource APIs (Deprecated)
+  ######################################################
   /apis/{apiId}/client-certificates:
     get:
       tags:
@@ -4909,6 +4912,342 @@ paths:
           "https://127.0.0.1:9443/api/am/publisher/v4/apis/d48a3412-1b85-49be-99f4-b81a3722ae73/client-certificates/wso2carbon/content"'
       operationId: getAPIClientCertificateContentByAlias
 
+  ######################################################
+  # The "Client Certificates" resource APIs (New)
+  ######################################################
+  /apis/{apiId}/client-certs/{keyType}:
+    parameters:
+      - in: path
+        name: keyType
+        schema:
+          type: string
+        required: true
+        description: Key type for the certificate
+    get:
+      tags:
+        - Client Certificates
+      summary: Retrieve/ Search Uploaded Client Certificates of a given key type
+      description: |
+        This operation can be used to retrieve and search the uploaded client certificates of a given key type.
+      parameters:
+        - $ref: '#/components/parameters/limit'
+        - $ref: '#/components/parameters/offset'
+        - name: alias
+          in: query
+          description: Alias for the client certificate
+          schema:
+            type: string
+        - $ref: '#/components/parameters/apiId'
+      responses:
+        200:
+          description: |
+            OK. Successful response with the list of matching certificate information in the body.
+          headers:
+            Content-Type:
+              description: |
+                The content type of the body.
+              schema:
+                type: string
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ClientCertificates'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        500:
+          $ref: '#/components/responses/InternalServerError'
+      security:
+        - OAuth2Security:
+            - apim:api_view
+            - apim:api_manage
+            - apim:client_certificates_view
+            - apim:client_certificates_manage
+      x-code-samples:
+        - lang: Curl
+          source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
+          "https://127.0.0.1:9443/api/am/publisher/v4/apis/d48a3412-1b85-49be-99f4-b81a3722ae73/client-certs/PRODUCTION?alias=wso2carbon"'
+      operationId: getAPIClientCertificatesByKeyType
+    post:
+      tags:
+        - Client Certificates
+      summary: Upload a New Certificate of the given key type
+      description: |
+        This operation can be used to upload a new certificate for an endpoint of the given type.
+      parameters:
+        - $ref: '#/components/parameters/apiId'
+      requestBody:
+        content:
+          multipart/form-data:
+            schema:
+              required:
+                - alias
+                - certificate
+                - tier
+              properties:
+                certificate:
+                  type: string
+                  description: The certificate that needs to be uploaded.
+                  format: binary
+                alias:
+                  maxLength: 30
+                  minLength: 1
+                  type: string
+                  description: Alias for the certificate
+                tier:
+                  type: string
+                  description: API tier to which the certificate should be applied.
+        required: true
+      responses:
+        200:
+          description: |
+            OK.
+            The Certificate added successfully.
+          headers:
+            Location:
+              description: |
+                The URL of the newly created resource.
+              schema:
+                type: string
+            Content-Type:
+              description: |
+                The content type of the body.
+              schema:
+                type: string
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ClientCertMetadata'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        500:
+          $ref: '#/components/responses/InternalServerError'
+      security:
+        - OAuth2Security:
+            - apim:api_create
+            - apim:api_manage
+            - apim:client_certificates_add
+            - apim:client_certificates_manage
+      x-code-samples:
+        - lang: Curl
+          source: 'curl -k -X POST -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
+          -H "Content-Type: multipart/form-data" -F certificate=@test.crt -F alias=wso2carbon -F tier=Gold
+          "https://127.0.0.1:9443/api/am/publisher/v4/apis/d48a3412-1b85-49be-99f4-b81a3722ae73/client-certs/PRODUCTION"'
+      operationId: addAPIClientCertificateOfGivenKeyType
+
+  /apis/{apiId}/client-certs/{keyType}/{alias}:
+    parameters:
+      - in: path
+        name: keyType
+        schema:
+          type: string
+        required: true
+        description: Key type for the certificate
+    get:
+      tags:
+        - Client Certificates
+      summary: Get the Certificate Information of a Given Key Type
+      description: |
+        This operation can be used to get the information about a certificate of a given key type.
+      parameters:
+        - name: alias
+          in: path
+          required: true
+          schema:
+            type: string
+        - $ref: '#/components/parameters/apiId'
+      responses:
+        200:
+          description: |
+            OK.
+          headers:
+            Content-Type:
+              description: |
+                The content type of the body.
+              schema:
+                type: string
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CertificateInfo'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        404:
+          $ref: '#/components/responses/NotFound'
+        500:
+          $ref: '#/components/responses/InternalServerError'
+      security:
+        - OAuth2Security:
+            - apim:api_view
+            - apim:api_manage
+            - apim:client_certificates_view
+            - apim:client_certificates_manage
+      x-code-samples:
+        - lang: Curl
+          source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
+          "https://127.0.0.1:9443/api/am/publisher/v4/apis/d48a3412-1b85-49be-99f4-b81a3722ae73/client-certs/PRODUCTION/wso2carbon"'
+      operationId: getAPIClientCertificateByKeyTypeAndAlias
+
+    put:
+      tags:
+        - Client Certificates
+      summary: Update a Certificate of a Given Key Type
+      description: |
+        This operation can be used to update an uploaded certificate of a given key type.
+      parameters:
+        - name: alias
+          in: path
+          description: Alias for the certificate
+          required: true
+          schema:
+            maxLength: 30
+            minLength: 1
+            type: string
+        - $ref: '#/components/parameters/apiId'
+      requestBody:
+        content:
+          multipart/form-data:
+            schema:
+              properties:
+                certificate:
+                  type: string
+                  description: The certificate that needs to be uploaded.
+                  format: binary
+                tier:
+                  type: string
+                  description: The tier of the certificate
+      responses:
+        200:
+          description: |
+            OK.
+            The Certificate updated successfully.
+          headers:
+            Location:
+              description: |
+                The URL of the newly created resource.
+              schema:
+                type: string
+            Content-Type:
+              description: |
+                The content type of the body.
+              schema:
+                type: string
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ClientCertMetadata'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        404:
+          $ref: '#/components/responses/NotFound'
+        500:
+          $ref: '#/components/responses/InternalServerError'
+      security:
+        - OAuth2Security:
+            - apim:api_create
+            - apim:api_manage
+            - apim:client_certificates_update
+            - apim:client_certificates_manage
+      x-code-samples:
+        - lang: Curl
+          source: 'curl -k -X PUT -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
+          -H "Content-Type: multipart/form-data" -F certificate=@test.crt -F alias=wso2carbon
+          -F apiId=fea749dd-d548-4a8b-b308-34903b39a34b -F tier=Gold "https://127.0.0.1:9443/api/am/publisher/v4/apis/d48a3412-1b85-49be-99f4-b81a3722ae73/client-certs/PRODUCTION/wso2carbon"'
+      operationId: updateAPIClientCertificateByKeyTypeAndAlias
+
+    delete:
+      tags:
+        - Client Certificates
+      summary: Delete a Certificate of a Given Key Type
+      description: |
+        This operation can be used to delete an uploaded certificate of a given key type.
+      parameters:
+        - name: alias
+          in: path
+          description: |
+            The alias of the certificate that should be deleted.
+          required: true
+          schema:
+            type: string
+        - $ref: '#/components/parameters/apiId'
+      responses:
+        200:
+          description: |
+            OK.
+            The Certificate deleted successfully.
+          headers:
+            Content-Type:
+              description: |
+                The content type of the body.
+              schema:
+                type: string
+          content: { }
+        400:
+          $ref: '#/components/responses/BadRequest'
+        404:
+          $ref: '#/components/responses/NotFound'
+        500:
+          $ref: '#/components/responses/InternalServerError'
+      security:
+        - OAuth2Security:
+            - apim:api_create
+            - apim:api_manage
+            - apim:client_certificates_update
+      x-code-samples:
+        - lang: Curl
+          source: 'curl -k -X DELETE -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
+          "https://127.0.0.1:9443/api/am/publisher/v4/apis/d48a3412-1b85-49be-99f4-b81a3722ae73/client-certificates/wso2carbon"'
+      operationId: deleteAPIClientCertificateByKeyTypeAndAlias
+
+  /apis/{apiId}/client-certs/{keyType}/{alias}/content:
+    get:
+      tags:
+        - Client Certificates
+      summary: Download a Certificate of Given Key Type
+      description: |
+        This operation can be used to download a certificate which matches the given alias and key type.
+      parameters:
+        - $ref: '#/components/parameters/apiId'
+        - name: alias
+          in: path
+          required: true
+          schema:
+            type: string
+        - name: keyType
+          in: path
+          description: |
+            The key type of the certificate that should be deleted.
+          required: true
+          schema:
+            type: string
+      responses:
+        200:
+          description: |
+            OK.
+          headers:
+            Content-Type:
+              description: |
+                The content type of the body.
+              schema:
+                type: string
+          content: {}
+        400:
+          $ref: '#/components/responses/BadRequest'
+        404:
+          $ref: '#/components/responses/NotFound'
+        500:
+          $ref: '#/components/responses/InternalServerError'
+      security:
+        - OAuth2Security:
+            - apim:api_view
+            - apim:api_manage
+            - apim:client_certificates_view
+            - apim:client_certificates_manage
+      x-code-samples:
+        - lang: Curl
+          source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
+            "https://127.0.0.1:9443/api/am/publisher/v4/apis/d48a3412-1b85-49be-99f4-b81a3722ae73/client-certs/PRODUCTION/wso2carbon/content" > test.crt'
+      operationId: getAPIClientCertificateContentByKeyTypeAndAlias
+
   ######################################################
   # The "Certificate Management" resource APIs
   ######################################################
diff --git a/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIPublisherImpl.java b/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIPublisherImpl.java
index 1beec99354..0e0b354dbf 100644
--- a/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIPublisherImpl.java
+++ b/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIPublisherImpl.java
@@ -1419,14 +1419,15 @@ public APIDTO addAPI(APICreationRequestBean apiCreationRequestBean) throws ApiEx
      *
      * @param certificate certificate
      * @param alias       alis
+     * @param keyType key type (whether PRODUCTION or SANDBOX)
      * @return
      * @throws ApiException if an error occurred while uploading the certificate.
      */
-    public HttpResponse uploadCertificate(File certificate, String alias, String apiId, String tier)
+    public HttpResponse uploadCertificate(File certificate, String alias, String apiId, String tier, String keyType)
             throws ApiException {
 
-        ClientCertMetadataDTO certificateDTO = clientCertificatesApi.addAPIClientCertificate(apiId, certificate,
-                alias, tier);
+        ClientCertMetadataDTO certificateDTO = clientCertificatesApi.addAPIClientCertificateOfGivenKeyType(keyType,
+                apiId, certificate, alias, tier);
         HttpResponse response = null;
         if (StringUtils.isNotEmpty(certificateDTO.getAlias())) {
             response = new HttpResponse("Successfully uploaded the certificate", 200);
diff --git a/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/utils/base/APIMIntegrationConstants.java b/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/utils/base/APIMIntegrationConstants.java
index a1f561ddbf..08cbe90238 100644
--- a/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/utils/base/APIMIntegrationConstants.java
+++ b/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/utils/base/APIMIntegrationConstants.java
@@ -127,6 +127,11 @@ public static class API_TIER {
 
     }
 
+    public static class KEY_TYPE {
+        public static final String PRODUCTION = "PRODUCTION";
+        public static final String SANDBOX = "SANDBOX";
+    }
+
     public static class GRANT_TYPE {
         public static final String PASSWORD = "password";
         public static final String CLIENT_CREDENTIAL = "client_credentials";
diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/APICreationTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/APICreationTestCase.java
index ea416f595e..5b99f2d598 100644
--- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/APICreationTestCase.java
+++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/APICreationTestCase.java
@@ -83,7 +83,7 @@ public void testCreateAndDeployApiWithMutualSSLEnabled() throws Exception {
         String certificate = getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl"
                 + File.separator + "example.crt";
         restAPIPublisher.uploadCertificate(new File(certificate), "example", apiId,
-                APIMIntegrationConstants.API_TIER.UNLIMITED);
+                APIMIntegrationConstants.API_TIER.UNLIMITED, APIMIntegrationConstants.KEY_TYPE.SANDBOX);
 
         // Verify deployment of API with Mutual SSL enabled
         String revisionUUID = createAPIRevisionAndDeployUsingRest(apiId, restAPIPublisher);
diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/APISecurityMutualSSLCertificateChainValidationTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/APISecurityMutualSSLCertificateChainValidationTestCase.java
index 41bc01cd91..cf94a3f203 100644
--- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/APISecurityMutualSSLCertificateChainValidationTestCase.java
+++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/APISecurityMutualSSLCertificateChainValidationTestCase.java
@@ -117,7 +117,7 @@ public void initialize() throws APIManagerIntegrationTestException, IOException,
         String rootCertPath = getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl"
                 + File.separator + "cert_chain_root.cer";
         restAPIPublisher.uploadCertificate(new File(rootCertPath), "cert_chain_root", apiId1,
-                APIMIntegrationConstants.API_TIER.UNLIMITED);
+                APIMIntegrationConstants.API_TIER.UNLIMITED, APIMIntegrationConstants.KEY_TYPE.SANDBOX);
         createAPIRevisionAndDeployUsingRest(apiId1, restAPIPublisher);
 
         APIRequest apiRequest2 = new APIRequest(intermediateCertAPI, intermediateCertAPI, new URL(apiEndPointUrl));
@@ -139,7 +139,7 @@ public void initialize() throws APIManagerIntegrationTestException, IOException,
         String intermediateCertPath = getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl"
                 + File.separator + "cert_chain_intermediate.cer";
         restAPIPublisher.uploadCertificate(new File(intermediateCertPath), "cert_chain_intermediate", apiId2,
-                APIMIntegrationConstants.API_TIER.UNLIMITED);
+                APIMIntegrationConstants.API_TIER.UNLIMITED, APIMIntegrationConstants.KEY_TYPE.SANDBOX);
         createAPIRevisionAndDeployUsingRest(apiId2, restAPIPublisher);
 
         waitForAPIDeploymentSync(user.getUserName(), rootCertAPI, API_VERSION_1_0_0,
diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/APISecurityTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/APISecurityTestCase.java
index 1f1f3e9fcc..ec3793a745 100644
--- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/APISecurityTestCase.java
+++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/APISecurityTestCase.java
@@ -110,7 +110,8 @@ public class APISecurityTestCase extends APIManagerLifecycleBaseTest {
     private final String API_VERSION_1_0_0 = "1.0.0";
     private final String APPLICATION_NAME = "AccessibilityOfDeprecatedOldAPIAndPublishedCopyAPITestCase";
     private String accessToken;
-    private final String API_END_POINT_POSTFIX_URL = "jaxrs_basic/services/customers/customerservice/";
+    private final String API_END_POINT_POSTFIX_URL1 = "jaxrs_basic/services/customers/customerservice/";
+    private final String API_END_POINT_POSTFIX_URL2 = "jaxrs_basic/services/customers/customerservice2/";
     private String apiEndPointUrl;
     private String applicationId;
     private String consumerKey;
@@ -156,9 +157,11 @@ public void initialize()
             UserStoreException {
         super.init(userMode);
         createUser();
-        apiEndPointUrl = backEndServerUrl.getWebAppURLHttp() + API_END_POINT_POSTFIX_URL;
+        String apiSandboxEndPointUrl = backEndServerUrl.getWebAppURLHttp() + API_END_POINT_POSTFIX_URL2;
+        apiEndPointUrl = backEndServerUrl.getWebAppURLHttp() + API_END_POINT_POSTFIX_URL1;
 
-        APIRequest apiRequest1 = new APIRequest(mutualSSLOnlyAPIName, mutualSSLOnlyAPIContext, new URL(apiEndPointUrl));
+        APIRequest apiRequest1 = new APIRequest(mutualSSLOnlyAPIName, mutualSSLOnlyAPIContext,
+                new URL(apiEndPointUrl), new URL(apiSandboxEndPointUrl));
         apiRequest1.setVersion(API_VERSION_1_0_0);
         apiRequest1.setTiersCollection(APIMIntegrationConstants.API_TIER.UNLIMITED);
         apiRequest1.setTier(APIMIntegrationConstants.API_TIER.UNLIMITED);
@@ -186,10 +189,16 @@ public void initialize()
         HttpResponse response1 = restAPIPublisher.addAPI(apiRequest1);
         apiId1 = response1.getData();
 
-        String certOne = getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl"
+        String certOneSandbox = getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl"
+                + File.separator + "abcde.crt";
+
+        String certOneProduction = getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl"
                 + File.separator + "example.crt";
-        restAPIPublisher.uploadCertificate(new File(certOne), "example", apiId1,
-                APIMIntegrationConstants.API_TIER.UNLIMITED);
+
+        restAPIPublisher.uploadCertificate(new File(certOneSandbox), "example_sand", apiId1,
+                APIMIntegrationConstants.API_TIER.UNLIMITED, APIMIntegrationConstants.KEY_TYPE.SANDBOX);
+        restAPIPublisher.uploadCertificate(new File(certOneProduction), "example_prod", apiId1,
+                APIMIntegrationConstants.API_TIER.UNLIMITED, APIMIntegrationConstants.KEY_TYPE.PRODUCTION);
 
         APIRequest apiRequest2 = new APIRequest(mutualSSLWithOAuthAPI, mutualSSLWithOAuthAPIContext,
                 new URL(apiEndPointUrl));
@@ -217,7 +226,7 @@ public void initialize()
         String certTwo = getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl"
                 + File.separator + "example.crt";
         restAPIPublisher.uploadCertificate(new File(certTwo), "abcde", apiId2,
-                APIMIntegrationConstants.API_TIER.UNLIMITED);
+                APIMIntegrationConstants.API_TIER.UNLIMITED, APIMIntegrationConstants.KEY_TYPE.SANDBOX);
 
 
         APIRequest apiRequest3 = new APIRequest(mutualSSLandOauthMandatoryAPI, mutualSSLandOAuthMandatoryAPIContext,
@@ -245,8 +254,8 @@ public void initialize()
         apiId3 = response3.getData();
         String certThree = getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl"
                 + File.separator + "example.crt";
-        restAPIPublisher
-                .uploadCertificate(new File(certThree), "abcdef", apiId3, APIMIntegrationConstants.API_TIER.UNLIMITED);
+        restAPIPublisher.uploadCertificate(new File(certThree), "abcdef", apiId3,
+                        APIMIntegrationConstants.API_TIER.UNLIMITED, APIMIntegrationConstants.KEY_TYPE.SANDBOX);
         // Create Revision and Deploy to Gateway
 
         // Add an API Secured with APIKey only
@@ -531,6 +540,37 @@ public void testAPIInvocationWithMutualSSLOnlyAPINegative()
         Assert.assertEquals(defaultResponse.getResponseCode(), HttpStatus.SC_UNAUTHORIZED);
     }
 
+    @Test(description = "Invoke mutual SSL only API with supported certificate", dependsOnMethods =
+            "testAPIInvocationWithMutualSSLOnlyAPINegative")
+    public void testAPIInvocationWithMutualSSLOnlyAPI()
+            throws IOException, XPathExpressionException,
+            NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException {
+        Map<String, String> requestHeaders = new HashMap<>();
+        requestHeaders.put("accept", "text/xml");
+        //(production) example.crt ->test.jks
+        //(sandbox) abcde.crt -> new-keystore.jks
+        HttpResponse response1 = HTTPSClientUtils.doMutulSSLGet(
+                getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl"
+                        + File.separator + "new-keystore.jks",
+                getAPIInvocationURLHttps(mutualSSLOnlyAPIName, API_VERSION_1_0_0) + API_END_POINT_METHOD,
+                requestHeaders);
+        HttpResponse defaultResponse1 = HTTPSClientUtils.doMutulSSLGet(
+                getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl"
+                        + File.separator + "new-keystore.jks",
+                getAPIInvocationURLHttps(mutualSSLOnlyAPIName) + API_END_POINT_METHOD,
+                requestHeaders);
+
+        HttpResponse response2 = HTTPSClientUtils.doMutulSSLGet(
+                getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl"
+                        + File.separator + "test.jks",
+                getAPIInvocationURLHttps(mutualSSLOnlyAPIName, API_VERSION_1_0_0) + API_END_POINT_METHOD,
+                requestHeaders);
+        Assert.assertEquals(response1.getResponseCode(), HttpStatus.SC_OK);
+        Assert.assertEquals(defaultResponse1.getResponseCode(), HttpStatus.SC_OK);
+        Assert.assertNotEquals(response2.getResponseCode(), HttpStatus.SC_OK);
+    }
+
+
     @Test(description = "This method test to validate how application security mandatory and mutual ssl optional api " +
             "behaviour in success scenario",
             dependsOnMethods = "testCreateAndPublishAPIWithOAuth2")
diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/AudienceValidationTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/AudienceValidationTestCase.java
index 3ea82588fa..1231d5c474 100644
--- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/AudienceValidationTestCase.java
+++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/lifecycle/AudienceValidationTestCase.java
@@ -20,27 +20,57 @@
 
 import com.google.gson.Gson;
 import org.apache.commons.httpclient.HttpStatus;
+import org.apache.commons.io.IOUtils;
+import org.apache.http.Header;
+import org.apache.http.client.HttpClient;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.testng.Assert;
 import org.testng.annotations.AfterClass;
 import org.testng.annotations.BeforeClass;
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Factory;
 import org.testng.annotations.Test;
+import org.wso2.am.integration.clients.publisher.api.ApiException;
 import org.wso2.am.integration.clients.publisher.api.v1.dto.APIDTO;
 import org.wso2.am.integration.clients.publisher.api.v1.dto.APIOperationsDTO;
+import org.wso2.am.integration.clients.publisher.api.v1.dto.APIProductDTO;
+import org.wso2.am.integration.clients.publisher.api.v1.dto.LifecycleStateDTO;
+import org.wso2.am.integration.clients.publisher.api.v1.dto.WorkflowResponseDTO;
 import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationDTO;
 import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyDTO;
 import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyGenerateRequestDTO;
+import org.wso2.am.integration.test.impl.ApiProductTestHelper;
+import org.wso2.am.integration.test.impl.ApiTestHelper;
+import org.wso2.am.integration.test.impl.RestAPIPublisherImpl;
+import org.wso2.am.integration.test.utils.APIManagerIntegrationTestException;
 import org.wso2.am.integration.test.utils.base.APIMIntegrationConstants;
+import org.wso2.am.integration.test.utils.bean.APILifeCycleState;
 import org.wso2.am.integration.test.utils.bean.APIRequest;
 import org.wso2.am.integration.test.utils.http.HTTPSClientUtils;
 import org.wso2.am.integration.tests.restapi.RESTAPITestConstants;
 import org.wso2.carbon.apimgt.api.model.APIIdentifier;
+import org.wso2.carbon.automation.engine.context.TestUserMode;
+import org.wso2.carbon.automation.test.utils.common.TestConfigurationProvider;
 import org.wso2.carbon.automation.test.utils.http.client.HttpResponse;
+import org.wso2.carbon.integration.common.admin.client.UserManagementClient;
 
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
 import java.net.URL;
 import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
+import java.util.UUID;
 
-import static org.testng.Assert.*;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.assertNotNull;
+//import static org.testng.Assert.*;
 
 /**
  * Change the Auth type of the Resource and invoke the APi
@@ -52,6 +82,9 @@ public class AudienceValidationTestCase extends APIManagerLifecycleBaseTest {
     private final String API_END_POINT_POSTFIX_URL = "jaxrs_basic/services/customers/customerservice/";
     private final String API_DESCRIPTION = "This is test API create by API manager integration test";
     private final String API_VERSION_1_0_0 = "1.0.0";
+    private final String API_PRODUCT_NAME = "AudienceValidationApiProduct";
+    private final String API_PRODUCT_CONTEXT = "AudienceValidationApiProduct";
+    private final String API_PRODUCT_VERSION_1_0_0 = "1.0.0";
     private final String RESPONSE_GET = "<id>123</id><name>John</name></Customer>";
     private final String AUTH_VALIDATION_ERROR_CODE = "900914";
     private final String API_GET_ENDPOINT_METHOD = "customers/123";
@@ -64,23 +97,64 @@ public class AudienceValidationTestCase extends APIManagerLifecycleBaseTest {
     private HashMap<String, String> requestHeadersGet;
     private ArrayList<String> grantTypes = new ArrayList<>();
     private APIIdentifier apiIdentifier;
+    private ArrayList<String> audiences = new ArrayList<String>();
+    private ApiProductTestHelper apiProductTestHelper;
+    private HttpResponse getAPIResponse;
+    private APIDTO apidto;
+    private ApplicationKeyDTO applicationKeyDTO;
+    private APIProductDTO apiProductDTO;
+    private ApiTestHelper apiTestHelper;
+    private String sandboxToken;
+    private ApplicationKeyDTO sandboxAppKey;
+    private String resourcePath;
+    private static final String INTERNAL_ROLE_SUBSCRIBER = "Internal/subscriber";
+    private static final String STANDARD_SUBSCRIBER = "standard_user";
+    private static final String PASSWORD = "$3213#@sd";
+
+    @Factory(dataProvider = "userModeDataProvider")
+    public AudienceValidationTestCase(TestUserMode userMode) {
+
+        this.userMode = userMode;
+    }
+    @DataProvider
+    public static Object[][] userModeDataProvider() {
 
+        return new Object[][]{
+                new Object[]{TestUserMode.SUPER_TENANT_ADMIN},
+                new Object[]{TestUserMode.TENANT_ADMIN},
+        };
+    }
 
     @BeforeClass(alwaysRun = true)
     public void initialize() throws Exception {
         super.init();
+        resourcePath = TestConfigurationProvider.getResourceLocation() + File.separator + "oas" + File.separator + "v3"
+                + File.separator + "api-product" + File.separator;
+        userManagementClient = new UserManagementClient(keyManagerContext.getContextUrls().getBackEndUrl(),
+                                                        createSession(keyManagerContext));
+        apiTestHelper  = new ApiTestHelper(restAPIPublisher, restAPIStore, getAMResourceLocation(),
+                                           keyManagerContext.getContextTenant().getDomain(), keyManagerHTTPSURL, user);
+        apiProductTestHelper = new ApiProductTestHelper(restAPIPublisher, restAPIStore);
+
+        if (userManagementClient.userNameExists(INTERNAL_ROLE_SUBSCRIBER, STANDARD_SUBSCRIBER)) {
+            userManagementClient.deleteUser(STANDARD_SUBSCRIBER);
+        }
+
+        userManagementClient.addUser(STANDARD_SUBSCRIBER, PASSWORD,
+                                     new String[]{INTERNAL_ROLE_SUBSCRIBER}, null);
+
         apiEndPointUrl = backEndServerUrl.getWebAppURLHttp()+ API_END_POINT_POSTFIX_URL;
         providerName = user.getUserName();
         requestHeadersGet = new HashMap<>();
         requestHeadersGet.put("accept", "text/xml");
-        //Create publish and subscribe a API
+
         apiIdentifier = new APIIdentifier(providerName, API_NAME, API_VERSION_1_0_0);
 
-        //Create application
         HttpResponse applicationResponse = restAPIStore.createApplication(APPLICATION_NAME,
                                                                           "Test Application", APIMIntegrationConstants.APPLICATION_TIER.DEFAULT_APP_POLICY_FIFTY_REQ_PER_MIN,
                                                                           ApplicationDTO.TokenTypeEnum.JWT);
-        assertEquals(applicationResponse.getResponseCode(), HttpStatus.SC_OK, "Response code is not as expected");
+        Assert.assertEquals(applicationResponse.getResponseCode(), HttpStatus.SC_OK, "Response code is not as "
+                + "expected");
 
         applicationId = applicationResponse.getData();
 
@@ -104,23 +178,63 @@ public void initialize() throws Exception {
         waitForAPIDeploymentSync(apiRequest.getProvider(), apiRequest.getName(), apiRequest.getVersion(),
                                  APIMIntegrationConstants.IS_API_EXISTS);
         grantTypes.add(APIMIntegrationConstants.GRANT_TYPE.CLIENT_CREDENTIAL);
+        grantTypes.add(APIMIntegrationConstants.GRANT_TYPE.PASSWORD);
 
-    }
-
-
-    @Test(groups = {"wso2.am"}, description = "Invoke a resource with auth type Application And Application User")
-    public void testInvokeApiWithoutAudienceValidation() throws Exception {
-        //generate keys for the subscription
-        ApplicationKeyDTO applicationKeyDTO = restAPIStore
+        applicationKeyDTO = restAPIStore
                 .generateKeys(applicationId, "3600", "", ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION,
                               null, grantTypes);
 
         consumerKey = applicationKeyDTO.getConsumerKey();
         consumerSecret = applicationKeyDTO.getConsumerSecret();
-        assertNotNull(consumerKey, "Consumer Key not found");
-        assertNotNull(consumerSecret, "Consumer Secret not found ");
 
-        assertNotNull(applicationKeyDTO.getToken().getAccessToken());
+        getAPIResponse = restAPIPublisher.getAPI(apiId);
+        apidto = new Gson().fromJson(getAPIResponse.getData(), APIDTO.class);
+
+        List<APIDTO> apisToBeUsed = new ArrayList<>();
+        apisToBeUsed.add(apidto);
+
+
+        List<String> policies = Arrays.asList(TIER_UNLIMITED, TIER_GOLD);
+
+        apiProductTestHelper = new ApiProductTestHelper(restAPIPublisher, restAPIStore);
+        apiProductDTO = apiProductTestHelper.createAPIProductInPublisher(user.getUserName(), API_PRODUCT_NAME,
+                                                                         "/"+API_PRODUCT_CONTEXT,
+                                                                         API_PRODUCT_VERSION_1_0_0,
+                                                                         apisToBeUsed, policies);
+
+        createAPIProductRevisionAndDeployUsingRest(apiProductDTO.getId(), restAPIPublisher);
+        waitForAPIDeployment();
+
+        apiProductDTO = publishAPIProduct(apiProductDTO.getId());
+
+        org.wso2.am.integration.clients.store.api.v1.dto.APIDTO apiDTO =
+                apiProductTestHelper.verifyApiProductInPortal(apiProductDTO);
+
+
+        apiTestHelper = new ApiTestHelper(restAPIPublisher, restAPIStore, getAMResourceLocation(),
+                                          keyManagerContext.getContextTenant().getDomain(), keyManagerHTTPSURL, user);
+
+        ApplicationDTO applicationDTO = apiTestHelper.verifySubscription(apiDTO, UUID.randomUUID().toString(),
+                                                                         TIER_UNLIMITED);
+
+        sandboxAppKey = apiTestHelper.verifyKeyGeneration(applicationDTO,
+                                                          ApplicationKeyGenerateRequestDTO.KeyTypeEnum.SANDBOX, new ArrayList<>(), grantTypes);
+
+        sandboxToken = apiTestHelper.generateTokenPasswordGrant(sandboxAppKey.getConsumerKey(),
+                                                                sandboxAppKey.getConsumerSecret(), STANDARD_SUBSCRIBER, PASSWORD,
+                                                                Collections.emptyList());
+
+        requestHeadersGet.put("Authorization", "Bearer " + sandboxToken);
+    }
+
+
+    @Test(groups = {"wso2.am"}, description = "Invoke a API without audience validation")
+    public void testInvokeApiWithoutAudienceValidation() throws Exception {
+
+        Assert.assertNotNull(consumerKey, "Consumer Key not found");
+        Assert.assertNotNull(consumerSecret, "Consumer Secret not found ");
+
+        Assert.assertNotNull(applicationKeyDTO.getToken().getAccessToken());
         requestHeadersGet.put("Authorization", "Bearer " + applicationKeyDTO.getToken().getAccessToken());
 
         //Send GET request
@@ -128,23 +242,33 @@ public void testInvokeApiWithoutAudienceValidation() throws Exception {
         HttpResponse httpResponseGet =
                 HTTPSClientUtils.doGet(getAPIInvocationURLHttp(API_CONTEXT, API_VERSION_1_0_0)  + "/" + API_GET_ENDPOINT_METHOD,
                                        requestHeadersGet);
-        assertEquals(httpResponseGet.getResponseCode(), HTTP_RESPONSE_CODE_OK, "Invocation fails for GET request for " +
-                "audience validation test when audience validation disabled");
-        assertTrue(httpResponseGet.getData().contains(RESPONSE_GET), "Response Data not match for GET request for" +
+        Assert.assertEquals(httpResponseGet.getResponseCode(), HTTP_RESPONSE_CODE_OK, "API invocation fails  when audience " +
+                "validation disabled");
+        Assert.assertTrue(httpResponseGet.getData().contains(RESPONSE_GET), "Response Data not match for GET request for" +
                 " audience validation test. Expected value :\"" + RESPONSE_GET + "\" not contains" +
                 " in response data:\"" + httpResponseGet.getData() + "\"");
 
+        requestHeadersGet.put("Authorization", "Bearer " + sandboxToken);
+
+        HttpResponse httpResponse = invokeWithGet(getAPIInvocationURLHttp(API_PRODUCT_CONTEXT, API_PRODUCT_VERSION_1_0_0)  + "/" + API_GET_ENDPOINT_METHOD,
+                                                  requestHeadersGet);
+
+        Assert.assertEquals(httpResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, "API product invocation fails  "
+                + "when audience validation disabled");
+        Assert.assertTrue(httpResponse.getData().contains(RESPONSE_GET), "Response Data not match for GET request for" +
+                " audience validation test. Expected value :\"" + RESPONSE_GET + "\" not contains" +
+                " in response data:\"" + httpResponse.getData() + "\"");
+
+
 
     }
 
 
-    @Test(groups = {"wso2.am"}, description = "Invoke a resource with auth type Application",
+    @Test(groups = {"wso2.am"}, description = "Invoke a API with invalid audience",
             dependsOnMethods = "testInvokeApiWithoutAudienceValidation")
-    public void testInvokeApiWithAudienceValidation() throws Exception {
-        HttpResponse getAPIResponse = restAPIPublisher.getAPI(apiId);
-        APIDTO apidto = new Gson().fromJson(getAPIResponse.getData(), APIDTO.class);
+    public void testInvokeApiWithAudienceValidationFail() throws Exception {
+
 
-        List<String> audiences = new ArrayList<String>();
         audiences.add("Hello");
         apidto.setAudiences(audiences);
 
@@ -153,17 +277,41 @@ public void testInvokeApiWithAudienceValidation() throws Exception {
         createAPIRevisionAndDeployUsingRest(apiId, restAPIPublisher);
         waitForAPIDeployment();
 
+        requestHeadersGet.put("Authorization", "Bearer " + applicationKeyDTO.getToken().getAccessToken());
 
         HttpResponse httpResponseGet =
                 HTTPSClientUtils.doGet(getAPIInvocationURLHttp(API_CONTEXT, API_VERSION_1_0_0)  + "/" + API_GET_ENDPOINT_METHOD,
                                        requestHeadersGet);
 
-        assertEquals(httpResponseGet.getResponseCode(), HTTP_RESPONSE_CODE_FORBIDDEN, "Invocation fails to forbid "
+        Assert.assertEquals(httpResponseGet.getResponseCode(), HTTP_RESPONSE_CODE_FORBIDDEN, "API invocation fails to forbid "
                 + "token with invalid audience");
-        assertTrue(httpResponseGet.getData().contains(AUTH_VALIDATION_ERROR_CODE), "Response do not contains expected"
+        Assert.assertTrue(httpResponseGet.getData().contains(AUTH_VALIDATION_ERROR_CODE), "Response do not contains expected"
                 + " error code :\"" + AUTH_VALIDATION_ERROR_CODE + "\". The response received : \"" + httpResponseGet.getData() + "\"");
 
 
+        apiProductDTO.setAudiences(audiences);
+        restAPIPublisher.updateAPIProduct(apiProductDTO);
+
+        createAPIProductRevisionAndDeployUsingRest(apiProductDTO.getId(), restAPIPublisher);
+        waitForAPIDeployment();
+
+        requestHeadersGet.put("Authorization", "Bearer " + sandboxToken);
+
+        HttpResponse httpResponse = invokeWithGet(getAPIInvocationURLHttp(API_PRODUCT_CONTEXT, API_PRODUCT_VERSION_1_0_0)  + "/" + API_GET_ENDPOINT_METHOD,
+                                                  requestHeadersGet);
+
+        Assert.assertEquals(httpResponse.getResponseCode(), HTTP_RESPONSE_CODE_FORBIDDEN, "API product invocation "
+                + "fails to forbid token with invalid audience");
+        Assert.assertTrue(httpResponse.getData().contains(AUTH_VALIDATION_ERROR_CODE), "Response do not contains expected"
+                + " error code :\"" + AUTH_VALIDATION_ERROR_CODE + "\". The response received : \"" + httpResponse.getData() + "\"");
+
+    }
+
+
+    @Test(groups = {"wso2.am"}, description = "Invoke API with valid audience",
+            dependsOnMethods = "testInvokeApiWithoutAudienceValidation")
+    public void testInvokeApiWithAudienceValidationPass() throws Exception {
+
         audiences.add(consumerKey);
         apidto.setAudiences(audiences);
 
@@ -172,24 +320,73 @@ public void testInvokeApiWithAudienceValidation() throws Exception {
         createAPIRevisionAndDeployUsingRest(apiId, restAPIPublisher);
         waitForAPIDeployment();
 
+        requestHeadersGet.put("Authorization", "Bearer " + applicationKeyDTO.getToken().getAccessToken());
 
-        httpResponseGet = HTTPSClientUtils.doGet(getAPIInvocationURLHttp(API_CONTEXT, API_VERSION_1_0_0)  + "/" + API_GET_ENDPOINT_METHOD,
-                                                 requestHeadersGet);
+        HttpResponse httpResponseGet =
+                HTTPSClientUtils.doGet(getAPIInvocationURLHttp(API_CONTEXT, API_VERSION_1_0_0)  + "/" + API_GET_ENDPOINT_METHOD,
+                                       requestHeadersGet);
 
-        assertEquals(httpResponseGet.getResponseCode(), HTTP_RESPONSE_CODE_OK, "Invocation fails for GET request for " +
-                "audience validation test when audience validation enabled and valid audience is passed");
-        assertTrue(httpResponseGet.getData().contains(RESPONSE_GET), "Response Data not match for GET request for" +
+        Assert.assertEquals(httpResponseGet.getResponseCode(), HTTP_RESPONSE_CODE_OK, "API invocation fails when audience "
+                + "validation enabled and valid audience is passed");
+        Assert.assertTrue(httpResponseGet.getData().contains(RESPONSE_GET), "Response Data not match for GET request for" +
                 " audience validation test. Expected value :\"" + RESPONSE_GET + "\" not contains" +
                 " in response data:\"" + httpResponseGet.getData() + "\"");
-    }
+
+        audiences.add(sandboxAppKey.getConsumerKey());
+        apiProductDTO.setAudiences(audiences);
+        restAPIPublisher.updateAPIProduct(apiProductDTO);
+
+        createAPIProductRevisionAndDeployUsingRest(apiProductDTO.getId(), restAPIPublisher);
+        waitForAPIDeployment();
+
+        requestHeadersGet.put("Authorization", "Bearer " + sandboxToken);
+
+        HttpResponse httpResponse = invokeWithGet(getAPIInvocationURLHttp(API_PRODUCT_CONTEXT, API_PRODUCT_VERSION_1_0_0)  + "/" + API_GET_ENDPOINT_METHOD,
+                                                  requestHeadersGet);
+
+        Assert.assertEquals(httpResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, "API product invocation fails when"
+                + " audience validation enabled and valid audience is passed");
+        Assert.assertTrue(httpResponse.getData().contains(RESPONSE_GET), "Response Data not match for GET request for" +
+                " audience validation test. Expected value :\"" + RESPONSE_GET + "\" not contains" +
+                " in response data:\"" + httpResponse.getData() + "\"");
 
 
+    }
+
     @AfterClass(alwaysRun = true)
     public void cleanUpArtifacts() throws Exception {
-        restAPIStore.deleteApplication(applicationId);
         undeployAndDeleteAPIRevisionsUsingRest(apiId, restAPIPublisher);
-        restAPIPublisher.deleteAPI(apiId);
+        undeployAndDeleteAPIProductRevisionsUsingRest(apiProductDTO.getId(), restAPIPublisher);
         super.cleanUp();
+        userManagementClient.deleteUser(STANDARD_SUBSCRIBER);
+    }
+
+    private APIProductDTO publishAPIProduct(String uuid) throws ApiException, APIManagerIntegrationTestException {
+
+        WorkflowResponseDTO workflowResponseDTO = apiProductTestHelper.changeLifecycleStateOfApiProduct(uuid,
+                                                                                                        "Publish", null);
+        Assert.assertNotNull(workflowResponseDTO);
+        LifecycleStateDTO lifecycleStateDTO = workflowResponseDTO.getLifecycleState();
+        Assert.assertNotNull(lifecycleStateDTO);
+        Assert.assertEquals("APPROVED", workflowResponseDTO.getWorkflowStatus().getValue());
+        assert APILifeCycleState.PUBLISHED.getState().equals(lifecycleStateDTO.getState());
+
+        return restAPIPublisher.getApiProduct(uuid);
+    }
+
+    private HttpResponse invokeWithGet(String url, Map<String, String> headers) throws IOException {
+
+        HttpClient httpclient = HttpClientBuilder.create().build();
+        HttpGet get = new HttpGet(url);
+        headers.forEach(get::addHeader);
+        org.apache.http.HttpResponse response = httpclient.execute(get);
+        InputStream stream = response.getEntity().getContent();
+        String content = IOUtils.toString(stream);
+        Map<String, String> outputHeaders = new HashMap();
+        for (Header header : response.getAllHeaders()) {
+            outputHeaders.put(header.getName(), header.getValue());
+        }
+        return new HttpResponse(content, response.getStatusLine().getStatusCode(), outputHeaders);
     }
 
 }
diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/apiproduct/APIProductCreationTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/apiproduct/APIProductCreationTestCase.java
index 09f520f769..4d00b19ce8 100644
--- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/apiproduct/APIProductCreationTestCase.java
+++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/apiproduct/APIProductCreationTestCase.java
@@ -735,7 +735,7 @@ public void testCreateAndDeployApiProductWithMutualSSLEnabled() throws Exception
         String certificate = getAMResourceLocation() + File.separator + "lifecycletest" + File.separator + "mutualssl"
                 + File.separator + "example.crt";
         restAPIPublisher.uploadCertificate(new File(certificate), "example", apiProductDTO.getId(),
-                APIMIntegrationConstants.API_TIER.UNLIMITED);
+                APIMIntegrationConstants.API_TIER.UNLIMITED, APIMIntegrationConstants.KEY_TYPE.SANDBOX);
 
         // Step 4: Verify deployment of APIProduct with Mutual SSL enabled
         String revisionUUID = createAPIProductRevisionAndDeployUsingRest(apiProductDTO.getId(), restAPIPublisher);
diff --git a/pom.xml b/pom.xml
index 9328d2fa0f..d32cd5e327 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1284,11 +1284,11 @@
         <carbon.analytics.common.version>5.3.11</carbon.analytics.common.version>
 
         <!-- APIM Portals Component Version -->
-        <carbon.apimgt.ui.version>9.1.97</carbon.apimgt.ui.version>
+        <carbon.apimgt.ui.version>9.1.103</carbon.apimgt.ui.version>
 
         <!-- APIM Component Version -->
 
-        <carbon.apimgt.version>9.29.171</carbon.apimgt.version>
+        <carbon.apimgt.version>9.29.186</carbon.apimgt.version>
 
         <carbon.apimgt.imp.pkg.version>[9.0.0, 10.0.0)</carbon.apimgt.imp.pkg.version>