Here's how you can do it. (Pseudo-code)

1. Create the api. This is the "bundle" or container for everything else.

   :org = yourorgname
   :env = test
   POST :mgmtserver/v1/o/:org/apis
   Authorization: :edge-auth
   content-type: application/xml
   
   <APIProxy name='TestBundle'/>
   	

2. add a policy to the API bundle

   POST :mgmtserver/v1/o/:org/apis/TestBundle/revisions/1/policies
   Authorization: :edge-auth
   content-type: application/xml
   
   <RaiseFault name='RF-BadRequest'>
     <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
     <FaultResponse>
       <Set>
         <Payload contentType='text/plain'>error</Payload>
         <StatusCode>400</StatusCode>
         <ReasonPhrase>Bad Request</ReasonPhrase>
       </Set>
     </FaultResponse>
   </RaiseFault>
   	

3. add another policy to the API bundle

   POST :mgmtserver/v1/o/:org/apis/TestBundle/revisions/1/policies
   Authorization: :edge-auth
   content-type: application/xml
   
   <AssignMessage name='AM-Response'>
     <AssignTo createNew='false' transport='http' type='response'></AssignTo>
     <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
     <Set>
       <Payload contentType='text/plain'>OK</Payload>
       <StatusCode>200</StatusCode>
       <ReasonPhrase>OK</ReasonPhrase>
     </Set>
   </AssignMessage>
   	

4. attach a proxyendpoint to the API, that references those policies.

   POST :mgmtserver/v1/o/:org/apis/TestBundle/revisions/1/proxies
   Authorization: :edge-auth
   content-type: application/xml
   
   <ProxyEndpoint name="endpoint1">
       <Description></Description>
       <HTTPProxyConnection>
           <BasePath>/apibasepath</BasePath>
           <VirtualHost>secure</VirtualHost>
       </HTTPProxyConnection>
     <FaultRules/>
     <PreFlow name="PreFlow">
       <Request/>
       <Response/>
     </PreFlow>
     <PostFlow name="PostFlow">
       <Request/>
       <Response/>
     </PostFlow>
     <Flows>
       <Flow name='t1'>
         <Request>
         </Request>
         <Response>
           <Step><Name>AM-Response</Name></Step>
         </Response>
         <Condition>proxy.pathsuffix MatchesPath "/t1" and request.verb = "GET"</Condition>
       </Flow>
       <Flow name='unknown request'>
         <Request>
           <Step><Name>RF-BadRequest</Name></Step>
         </Request>
         <Response>
         </Response>
       </Flow>
     </Flows>
     <RouteRule name='noroute'/>
   </ProxyEndpoint>
   	

   You can attach target endpoints similarly. POST to the /targets collection. There is also a /resources collection to which you can POST XSD, WSDL, JAR, nodejs, etc.

5. deploy the proxy

   POST :mgmtserver/ v1/ o/ :org/ e/ :env/ apis/ TestBundle/ revisions/ 1/ deployments ? action=deploy
   Authorization: :edge-auth
   Content-type: application/ x-www-form-urlencoded
   
   	

You can also use JSON to format these various entities. Change the content-type headers if you do that.