You subscribe to a published API before using it in your applications. Subscription enables you to receive access tokens and be authenticated to invoke the API.
The examples here use the
PhoneVerification REST API, which is created in the section Create and Publish an API.
Sign in to the WSO2 API Store (
https://<hostname>:9443/store) and click on an API (e.g.,
PhoneVerification 1.0.0) to open it.
In a multi-tenanted WSO2 API Manager setup, you can access any tenant's store using the URL
Note the subscription options for the REST API.
Click the Applications menu and click Add Application to create a new application.
Alternatively, you can add an application by selecting "New Application" from the Application dropdown, on the API detail page. This will take you to step 5.
- Enter the name as TestApp and select the per token quota as 50PerMin for the application and click Add.
- Click APIs and click on the PhoneVerification API to view the API's subscription options.
- Select the application that you just created, a tier, and click Subscribe.
Click the View Subscriptions button when prompted.
The Subscriptions tab opens.
Click the Production Keys tab.
If you have a supported callback URL which sends a callback to a specific server or a program soon after your application request is sent, you can specify it under Callback URL field under Production Keys.
Click Generate Keys to create an application access token. You can use this token to invoke all APIs that you subscribe to using the same application.
You can set a token validity period in the Access token validity period text box. By default, it is set to one hour. If you set a minus value (e.g., -1), the token never expires.
By default the Client Credentials grant type will be used to generate access token. Make sure the Client Credentials grant type is selected when generating keys from the UI. Refer Token API for more information on how to generate supported grant types of WSO2 API Manager.
Access Tokens with specific Scopes
Access tokens can be generated for specific scopes. A scope acts as a limiting factor on what API resources can be accessed using a token.
To generate an access token corresponding to a scope, use the drop down menu under Scopes and select the required scope parameter.
If you are using the WSO2 Identity Server 5.3.0 as the Key Manager for your API Manager deployment, generating keys will result in creation of a Service Provider on the Identity Server.
Install cURL if it is not there in your environment.
cURL comes by default in some operating systems. You can also use a REST client instead.
Open the command line and execute the following cURL command:
Be sure to replace the placeholders as follows:
<access token>: Give the test token generated in step 8. Click Applications, click on the respective application, which in this case is TestApp, click Production Key, and click copy button to copy the access token.
Make sure you have updated flash plugin in your web browser in order to get the copy button working.
<API URL>: Click on the respective API, which in this case is "PhoneVerification - 1.0.0". When the API's Overview tab appears in the API Store copy the production URL and append the payload to it.
Note the result
<Valid>true</Valid>that appears in the command line.
If you get an error that states "Invalid Credentials", carryout the following steps to overcome the error. This error is a result of the access token getting expired. The default validity period of the access token is 1 hour.
Optionally, you can update the token validity period in the Access token validity period text box so that the access token will be valid for a longer period, or you can even set a minus value (e.g., -1) so that the token never expires.
Re-generate the access token.
Click Applications, click on the respective application (i.e., TestApp), click Production Key, and click Re-generate. Thereafter, use the new access token when running the cURL commands.
Similarly, invoke the POST method using the following cURL command:
You have subscribed to an API and invoked it.
To unsubscribe from an API, click the Applications menu and click View next to the application used for the subscription. Go to the Subscriptions tab, locate the API, and click the Unsubscribe link associated with it.
If you unsubscribe from an API and then resubscribe with a different tier, it takes approximately 15 minutes for the tier change to be reflected. This is because the older tier remains in the cache until it is refreshed periodically by the system.