This sample demonstrates how to subscribe to a published API and consume its functionality using the API Store Web application. The API used here provides YouTube feeds.
1. Execute the steps in Samples Setup. When you are done, you will have the API Manager started and the relevant scripts run to create user accounts for API Publisher and API Store.
Building the Sample
1. First, we need to add an API in the API Publisher and publish it to the API Store. To do that, simply run the APIPopulator.sh (for Linux) or APIPopulator.bat (for Windows) files from folder, <AM_HOME>/samples/YoutubeFeeds.
2. The script will add an API to the API Publisher in Published state. This API can then be consumed by any user signed in to the API Store.
Executing the Sample
Subscribing to the API
1. Log in to the https://localhost:9443/store) with credentials subscriber1/subscriber1.(
2. Click the APIs tab at the top of the page and select the YoutubeFeeds API.
3. Next, subscribe to this API. Simply select the default application and throttling tier as Gold.
4. You will be asked to navigate to My Subscriptions tab.
5. Next, you can generate a key to the application. This key allows you to invoke APIs subscribed under a given application. Click on the Generate option to obtain an Application key. For example,
Invoking the API
6. Once you have obtained a key, you can invoke the API using a REST client of your choice. In this example, we use cURL (http://curl.haxx.se).
7. Copy and paste following into a new console window and execute it.
where, access token =
9nEQnijLZ0Gi0gZ6a3pZICktVUca. Replace this value with the access token you generated through the API Store in step 5 above.
The access token is passed in the Authorization header as a value of "Bearer". The Authorization header of the message is prefixed by the string "Bearer". This is because, WSO2 API Manager enforces OAuth security on all the published APIs. Any consumer that talks to the API Manager should send their credential (application key) as per the OAuth bearer token profile. If you don't send an application key or send a wrong key, you will receive a 401 Unauthorized response in return.
8. You should be able to see results from YouTube on your console. For example,
9. Access various other feeds in the YouTube API by changing the last segment of the invoked URL. For example,
9nEQnijLZ0Gi0gZ6a3pZICktVUca with the access token you generated through the API Store in step 5 above.