This documentation is for WSO2 API Manager 2.1.0 View documentation for the latest release.
Invoke an API using the Integrated API Console - API Manager 2.1.0 - WSO2 Documentation

All docs This doc
Provide Feedback
||
Skip to end of metadata
Go to start of metadata

WSO2 API Manager (WSO2 APIM) has an integrated Swagger UI, which is part of the Swagger project. 

Swagger is a 100% open source, standard, language-agnostic specification and a complete framework for describing, producing, consuming, and visualizing RESTful APIs, without the need of a proxy or third-party services. Swagger allows consumers to understand the capabilities of a remote service without accessing its source code and interacts with the service with a minimal amount of implementation logic. Swagger helps describe a service in the same way that interfaces describe lower-level programming code. 

The Swagger UI is a dependency-free collection of HTML, JavaScript, and CSS that dynamically generate documentation from a Swagger-compliant API. Swagger-compliant APIs give you interactive documentation, client SDK generation and more discoverability. The Swagger UI has JSON code and its UI facilitates easier code indentation, keyword highlighting, and shows syntax errors on the fly. You can add resource parameters, summaries, and descriptions to your APIs using the Swagger UI.

For more information also, see the Swagger 2.0 specification.

Let's see how to use the API Console in the Store to invoke an API.

See the following topics for a description of the concepts that you need to know when invoking an API:

You can only try out HTTPS based APIs via the API Console, because the API Store runs on HTTPS.

The examples here use the PhoneVerification REST API, which is created in the section Create and Publish an API.

  1. Sign in to the WSO2 API Store and click an API (e.g., PhoneVerification).
    https://<hostname>:9443/store

  2. Subscribe to the API (e.g., PhoneVerification 1.0.0) using the default application and an available tier.

  3. Click on the Applications menu and open the default application which you used to subscribe to the API. Click the Production Keys tab and click Generate keys to generate a production key.

    Production and Sandbox Tokens

    To genereate keys for the Sandbox endpoint, go to the Sandbox Keys tab. See Maintaining Separate Production and Sandbox Gateways for more details.

  4. Click on the APIs menu and then click on the API that you want to invoke. When the API opens, go to its API Console tab.

    If you have subscribed to an application, the retrieved access token value will appear automatically, as the Authorization Bearer Token.

    Documentation

    The Documentation tab contains the relavant documents attached to the API if there are any.

Expand the GET method, provide the required parameters and click Try it Out. For example,

PhoneNumberE.g., 18006785432
LicenseKeyGive 0 for testing purpose
AuthorizationThe API console is automatically populated by the access token that you generated in step 3 after subscribing to the API. 

The token is prefixed by the string "Bearer" as per the OAuth bearer token profile. OAuth security is enforced on all published APIs. If the application key is invalid, you get a 401 Unauthorized response in return.

BASE URL

This appears at the bottom of the console. Using the base URL and the parameters, the system creates the API URL in the form https://<host_name>:8243/<context>/<version>/<resource><backend_service>

  • <resource> - The resource of the URL, if any.
  • <backend_service> - This refers to the backend service requirements included as parameters, if any.
    For example, in the following API URL, /phoneverify is the context, 1.0.0 is the version, and CheckPhoneNumber is the resource: https://localhost:8243/phoneverify/1.0.0/CheckPhoneNumber

Troubleshooting

If you cannot invoke the API's HTTPS endpoint (this causes the SSLPeerUnverified exception), it could be because the security certificate issued by the server is not trusted by your browser. To resolve this issue, access the HTTPS endpoint directly from your browser and accept the security certificate.

If the API Manager has a certificate signed by a Certificate Authority (CA), the HTTPS endpoints should work out of the box.

Note the response for the API invocation. As we used a valid phone number in this example, the response is valid.

 You have invoked an API using the Swagger API Console.

  • No labels