WSO2 API Manager (WSO2 API-M) has an integrated Swagger UI, which is part of the Swagger project.
Swagger is a 100% open source, standard, language-agnostic specification and a complete framework for describing, producing, consuming, and visualizing RESTful APIs, without the need of a proxy or third-party services. Swagger allows consumers to understand the capabilities of a remote service without accessing its source code and interacts with the service with a minimal amount of implementation logic. Swagger helps describe a service in the same way that interfaces describe lower-level programming code.
For more information also, see the Swagger 2.0 specification.
Let's see how to use the API Console in the Store to invoke an API.
You can only try out HTTPS based APIs via the API Console because the API Store runs on HTTPS.
The examples here use the
PhoneVerification REST API, which was created in Create and Publish an API.
Sign in to the WSO2 API Store and click an API (e.g.,
Subscribe to the API (e.g.,
PhoneVerification1.0.0) using the default application and an available tier.
On the Applications menu, open the default application you used to subscribe to the API. Click the Production Keys tab and click Generate keys to generate a production key.
Production and Sandbox Tokens
To generate keys for the Sandbox endpoint, go to the Sandbox Keys tab. For more details, see Maintaining Separate Production and Sandbox Gateways.
On the APIs menu, select the API that you want to invoke. When the API opens, go to its API Console tab.
If you have subscribed to an application, the retrieved access token value appears automatically as the Authorization Bearer Token.
The Documentation tab contains any relevant documents that are attached to the API.
Expand the GET method and click Try it out. Provide the required parameters and click Execute. For example,
PhoneNumber E.g., 18006785432 LicenseKey Give 0 for testing purpose Authorization The API console is automatically populated by the access token that you generated in step 3 after subscribing to the API.
The token is prefixed by the string "Bearer" as per the OAuth bearer token profile. OAuth security is enforced on all published APIs. If the application key is invalid, you get a 401 Unauthorized response in return.
If you cannot invoke the API's HTTPS endpoint (this causes the SSLPeerUnverified exception), it could be because the security certificate issued by the server is not trusted by your browser. To resolve this issue, access the HTTPS endpoint directly from your browser and accept the security certificate.
If the API Manager has a certificate signed by a Certificate Authority (CA), the HTTPS endpoints should work out of the box.
Note the response for the API invocation. As we used a valid phone number in this example, the response is valid.
You have invoked an API using the Swagger API Console.