WSO2 API Manager (WSO2 APIM) has an integrated Swagger UI, which is part of the Swagger project.
Swagger is a 100% open source, standard, language-agnostic specification and a complete framework for describing, producing, consuming, and visualizing RESTful APIs, without the need of a proxy or third-party services. Swagger allows consumers to understand the capabilities of a remote service without accessing its source code and interacts with the service with a minimal amount of implementation logic. Swagger helps describe a service in the same way that interfaces describe lower-level programming code.
For more information also, see the Swagger 2.0 specification.
Let's see how to use the API Console in the Store to invoke an API.
You can only try out HTTPS based APIs via the API Console, because the API Store runs on HTTPS.
The examples here use the
PhoneVerification REST API, which is created in the section Create and Publish an API.
Sign in to the WSO2 API Store and click an API (e.g.,
Subscribe to the API (e.g.,
PhoneVerification1.0.0) using the default application and an available tier.
Click on the Applications menu and open the default application which you used to subscribe to the API. Click the Production Keys tab and click Generate keys to generate a production key.
Production and Sandbox Tokens
To genereate keys for the Sandbox endpoint, go to the Sandbox Keys tab. See Maintaining Separate Production and Sandbox Gateways for more details.
Click on the APIs menu and then click on the API that you want to invoke. When the API opens, go to its API Console tab.
If you have subscribed to an application, the retrieved access token value will appear automatically, as the Authorization Bearer Token.
The Documentation tab contains the relavant documents attached to the API if there are any.
Expand the GET method, provide the required parameters and click Try it Out. For example,
|LicenseKey||Give 0 for testing purpose|
|Authorization||The API console is automatically populated by the access token that you generated in step 3 after subscribing to the API. |
The token is prefixed by the string "Bearer" as per the OAuth bearer token profile. OAuth security is enforced on all published APIs. If the application key is invalid, you get a 401 Unauthorized response in return.
This appears at the bottom of the console. Using the base URL and the parameters, the system creates the API URL in the form
- <resource> - The resource of the URL, if any.
<backend_service>- This refers to the backend service requirements included as parameters, if any.
For example, in the following API URL,
/phoneverifyis the context, 1.0.0 is the version, and
CheckPhoneNumberis the resource:
If you cannot invoke the API's HTTPS endpoint (this causes the SSLPeerUnverified exception), it could be because the security certificate issued by the server is not trusted by your browser. To resolve this issue, access the HTTPS endpoint directly from your browser and accept the security certificate.
If the API Manager has a certificate signed by a Certificate Authority (CA), the HTTPS endpoints should work out of the box.
Note the response for the API invocation. As we used a valid phone number in this example, the response is valid.
You have invoked an API using the Swagger API Console.