You subscribe to a published API before using it in your applications. Subscription enables you to receive access tokens and be authenticated to invoke the API.
The examples here use the
PhoneVerification REST API, which was created in the section Create and Publish an API.
Sign in to the WSO2 API Store (
https://<hostname>:9443/store) and click on an API (e.g.,
PhoneVerification 1.0.0) to open it.
In a multi-tenanted WSO2 API Manager setup, you can access any tenant's store using the URL
Note the subscription options for the REST API.
Click the Applications menu and click Add Application to create a new application.
- Enter the name as TestApp and select the per token quota as 50PerMin for the application and click Add.
- Click APIs and click on the PhoneVerification API to view the API's subscription options.
- Select the application that you just created, a tier, and click Subscribe.
Click the View Subscriptions button when prompted.
The Subscriptions tab opens.
Click the Production Keys tab.
If you have a supported callback URL that sends a callback to a specific server or a program soon after your application request is sent, you can specify it under the Callback URL field in the Production Keys tab.
Click Generate Keys to create an application access token. You can use this token to invoke all APIs that you subscribe to using the same application.
By default, the Client Credentials grant type is used to generate the access token. Make sure the Client Credentials grant type is selected when generating keys from the UI. For more information on how to generate supported grant types of WSO2 API Manager, see Token API.
- Access tokens can be generated for specific scopes. A scope acts as a limiting factor on what API resources can be accessed using a token. To generate an access token corresponding to a scope, use the drop down menu under Scopes and select the required scope parameter.
- You can set a token validity period in the Access token validity period text box. By default, it is set to one hour. If you set a minus value (e.g., -1), the token never expires.
If you are using WSO2 Identity Server as the Key Manager for your API Manager deployment, generating keys will result in the creation of a service provider on the Identity Server.
Install cURL if it is not there in your environment.
cURL comes by default in some operating systems. You can also use a REST client instead.
Open the command line and execute the following cURL command:
Be sure to replace the placeholders as follows:
<access token>: Provide the test token generated in step 9. Click Applications, click the respective application (in this case TestApp), click Production Keys, and click the copy icon next to the Access Token field to copy the access token.
Make sure you have updated the flash plug-in in your web browser for the copying to work.
<API URL>: Click the respective API, in this case PhoneVerification. When the API's Overview tab appears in the API Store, copy the production URL and append the payload to it.
Note the result
<Valid>true</Valid>that appears in the command line.
If you get an
Invalid Credentialserror, follow the steps below to proceed. This error is a result of the access token expiring. The default validity period of the access token is 1 hour.
Optionally, update the token validity period in the Access token validity period text box so that the access token is valid for a longer period, or you can even set a minus value (e.g., -1) so that the token never expires.
Re-generate the access token.
Click Applications, click the respective application (i.e., TestApp), click Production Key, and click Re-generate. Use the new access token when running the cURL commands.
Similarly, invoke the POST method using the following cURL command:
You have subscribed to an API and invoked it.
To unsubscribe from an API, click the Applications menu and click View next to the application used for the subscription. Go to the Subscriptions tab, locate the API, and click the Unsubscribe link associated with it.
If you unsubscribe from an API and then resubscribe with a different tier, it takes approximately 15 minutes for the tier change to be reflected. This is because the older tier remains in the cache until it is refreshed periodically by the system.