Twitter API version 1.0 is retired from 11th June 2013 and the API version 1.1 cannot be accessed the way described in this sample
This sample demonstrates how to subscribe to a published API and consume its functionality using the API Store Web application. The API used here provides search functionality in Twitter.
- Execute the steps in Samples Setup. When you are done, you will have the API Manager started and the relevant scripts run to create user accounts for API Publisher and API Store.
Building the sample
- First, we need to add an API in the API Publisher and publish it to the API Store. To do that, simply run the APIPopulator.sh (for Linux) or APIPopulator.bat (for Windows) files from folder, <AM_HOME>/samples/TwitterSearch.
- The script will add an API to the API Publisher in Published state. This API can then be consumed by any user signed in to the API Store.
Executing the sample
Subscribing to the API
- Log in to the API Store (https://localhost:9443/store) with credentials subscriber1/subscriber1.
- Click the APIs tab at the top of the page and select the TwitterSearch API.
- Next, subscribe to this API. Simply select the default application and throttling tier as Gold.
- You will be asked to navigate to My Subscriptions tab.
- Next, generate a key to the application. You need this access key to invoke APIs subscribed under this application. Click on the Generate option in the box titled Production to obtain an Application key. For example,
Invoking the API
- Once you have obtained a key, you can invoke the API using a REST client of your choice. In this example, we use cURL (http://curl.haxx.se).
Copy and paste following into a new console window and execute it.
where, API key =
9nEQnijLZ0Gi0gZ6a3pZICktVUca. Replace this value with the API key you generated through the API Store in step 5 above.
<API Key>is passed in the Authorization header as a value of
Bearer. The Authorization header of the message is prefixed by the string "Bearer". This is because, WSO2 API Manager enforces OAuth security on all the published APIs. Any consumer that talks to the API Manager should send their credential (application key) as per the OAuth bearer token profile. If you don't send an application key or send a wrong key, you will receive a 401 Unauthorized response in return
You should be able to see search results from Twitter on your console. For example,
Executing the above command several times with different API keys. Note the authentication failures returned by the API gateway when you pass invalid API keys. After a few invocations, the throttling policy of the API will get activated and the API gateway will start responding with 503 Service Unavailable response messages.