This documentation is for WSO2 API Manager 1.8.0 View documentation for the latest release.
Invoke an API using the Integrated API Console - API Manager 1.8.0 - WSO2 Documentation
Skip to end of metadata
Go to start of metadata

There are different ways to invoke an API: using the integrated API console, the integrated WSO2 REST Client or a third-party tool like cURL.

Swagger ( is a specification and a complete framework for describing, producing, consuming, and visualizing RESTful Web services as interactive documentation. For the Swagger specification of API declaration, see 

The API Publisher has integrated Swagger to facilitate simple, interactive API documentation and invocation. The documentation is given in a Swagger API definition, which is the JSON representation of the API that is created using the information provided at the time the API is created. The Swagger JSON files are saved in the registry. You can edit the API definition using the JSONMate text editor in the API Publisher.

Let's see how to use the API Publisher to edit the Swagger API definition and then use the API Console in the Store to invoke the API.

See the following topics for a description of the concepts that you need to know when invoking an API:

The examples here use the PhoneVerification API, which is created in section Create and Publish an API.

  1. Log in to the API Store and click an API (e.g., PhoneVerification).

  2. Subscribe to the API (e.g., PhoneVerification 1.0.0) using the default application and an available tier.

  3. Go to the My Subscriptions page and generate a production key to the default application using which you subscribed to the API.

  4. Click the APIs menu in the API Store and then click on the API that you want to invoke. When the API opens, go to its API Console tab.

  5. Expand the GET method, provide the required parameters and click Try it Out. For example,

    PhoneNumberE.g., 18006785432
    LicenseKeyGive 0 for testing purpose
    AuthorizationThe API console is automatically populated by the access token that you generated in step 3 after subscribing to the API. 

    The token is prefixed by the string "Bearer" as per the OAuth bearer token profile. OAuth security is enforced on all published APIs. If the application key is invalid, you get a 401 Unauthorized response in return.

    Base URL

    Appears at the bottom of the console. Using the base URL and the parameters, the system creates the API URL in the form http://<host_name>:8280/<context>/<version>/<Resource, if any><backend service requirements included as parameters, if any>. For example, http://localhost:8280/phoneverify/1.0.0/CheckPhoneNumber. /phoneverify is the context, 1.0.0 is the version and CheckPhoneNumber is the resource.

    If you cannot invoke the API's HTTPS endpoint (causes the SSLPeerUnverified exception), it could be because the security certificate issued by the server is not trusted by your browser. To resolve this issue, access the HTTPS endpoint directly from your browser and accept the security certificate.

    Tip: If HTTP invocation is blocked in your corporate environment, you have to change the base path of the API to its HTTPS endpoint in the Swagger definition. This ensures that API invocations do not fail as a result of browsers blocking HTTP calls within HTTPS sessions.

    Tip: Your API's resource must have the OPTIONS method selected to allow subscribers to invoke the API using the API Console.

    For the resources that have methods requiring authentication (i.e., Auth Type is not NONE), you set None as the Auth type ofOPTIONS to support CORS (Cross Origin Resource Sharing) between the API Store and Gateway.

  6. Note the response for the API invocation. As we used a valid phone number in this example, the response is valid.

 You have invoked an API using the Swagger API console.

  • No labels