WSO2 API Manager has an integrated Swagger UI, which is part of the Swagger project.
Swagger is a 100% open source, standard, language-agnostic specification and a complete framework for describing, producing, consuming, and visualizing RESTful APIs, without the need of a proxy or third-party services. Swagger allows consumers to understand the capabilities of a remote service without accessing its source code and interacts with the service with a minimal amount of implementation logic. Swagger helps describe a service in the same way that interfaces describe lower-level programming code.
Also, see the Swagger 2.0 specification.
Let's see how to use the API Console in the Store to invoke an API.
You can only try out HTTPS based APIs via the API Console, because the API Store runs on HTTPS.
The examples here use the
PhoneVerification API, which is created in section Create and Publish an API.
Log in to the API Store and click an API (e.g.,
Subscribe to the API (e.g.,
PhoneVerification1.0.0) using the default application and an available tier.
Click the Applications menu and open the default application using which you subscribed to the API. Click the Production Keys tab and generate a production key.
Production and Sandbox Tokens
To genereate keys for the Sandbox endpoint, go to the Sandbox Keys tab. See Maintaining Separate Production and Sandbox Gateways for more details.
Click the APIs menu and then click on the API that you want to invoke. When the API opens, go to its API Console tab.
If you have subscribed to an application, the retrieved access token value will appear automatically, as the Authorization Bearer Token.
Expand the GET method, provide the required parameters and click Try it Out. For example,
PhoneNumber E.g., 18006785432 LicenseKey Give 0 for testing purpose Authorization The API console is automatically populated by the access token that you generated in step 3 after subscribing to the API.
The token is prefixed by the string "Bearer" as per the OAuth bearer token profile. OAuth security is enforced on all published APIs. If the application key is invalid, you get a 401 Unauthorized response in return.
Appears at the bottom of the console. Using the base URL and the parameters, the system creates the API URL in the form
https://<host_name>:8243/<context>/<version>/<Resource, if any><backend service requirements included as parameters, if any>.For example, in
/phoneverifyis the context, 1.0.0 is the version and
CheckPhoneNumberis the resource.
If you cannot invoke the API's HTTPS endpoint (causes the SSLPeerUnverified exception), it could be because the security certificate issued by the server is not trusted by your browser. To resolve this issue, access the HTTPS endpoint directly from your browser and accept the security certificate.
If the API Manager has a certificate signed by a Certificate Authority (CA), the HTTPS endpoints should work out of the box.
Note the response for the API invocation. As we used a valid phone number in this example, the response is valid.
You have invoked an API using the Swagger API console.