Try WSO2 Cloud for Free
Sign in
||
Skip to end of metadata
Go to start of metadata


API Creation and Design

  1. I have an existing swagger. How can I create my API in API Cloud?

    You can use publicly hosted Swagger files to create APIs using WSO2 API Cloud or you can simply upload your swagger yaml or json file to create an API without a hassle. You can follow the tutorial on how to achieve this. 

  2. How can I create a Mock API?

    You can create a sample API with an inline script and then make it available for testing purpose for your API subscribers. You do not need to have an actual service backend but rather mock the response using the inline script. This is provided through the API Cloud’s prototyped API feature. Follow the tutorial on the steps to achieve this.
  3. How can i create a SOAP API?

    All you need to have is a publicly hosted WSDL and a backend URL and this can be achieved easily in the API Cloud. Follow the tutorial on the comprehensive steps on how to carry this out. 
  4. How can I use a single API to route to different backend services?

    API Cloud provides an out of the box feature called the dynamic endpoint functionality. This allows you to dynamically pick the backend to which each call is routed based on the call’s properties. You can refer to this post on how to achieve this.

  5. How can i use dynamic endpoints with different credentials for each backend?

    Assuming that you have already designed your API please follow the steps below.

    1. Select “Non-Secured” as the “Endpoint Security Scheme” in the “implement” tab of the API.

    2. Then you should provide your credentials for each endpoint. Please find a sample message mediation sequence below. There is an authorization header for each endpoint in the sequence and the corresponding backend will be called with its authorization header.

    <sequence xmlns="http://ws.apache.org/ns/synapse" name="dynamic_ep">
        <property expression="json-eval($.operation)" name="operation" />
        <filter regex="menu" source="$ctx:operation">
            <then>
                <property name="Authorization" expression="fn:concat('Basic ', 'abcdfffghksjdksk==')" scope="transport"/>
                <header name="To" value="YOUR_BACKEND_1" />
          </then>
         <else>
               <property name="Authorization" expression="fn:concat('Basic ', 'HjhslhhishhssHH=')" scope="transport"/>
               <header name="To" value="YOUR_BACKEND_2" />
         </else>
       </filter>
       <property expression="get-property('To')" name="ENDPOINT_ADDRESS" />
    </sequence>

  6. What content types are supported in API Cloud?

    API Cloud Gateway servers process requests and responses with the following content types. If you have a requirement to process payloads of other content types, send a support request to the WSO2 Cloud team.

    • application/x-www-form-urlencoded

    • multipart/form-data

    • text/html

    • application/xml

    • text/xml

    • application/soap+xml

    • text/plain

    • application/json

    • application/vnd.api+json

    • application/json/badgerfish

    • text/javascript

  7. What is meant by Context of an API?

    Context refers to the URI context path of the API which is case sensitive. The supported formats are as follows.
    1. /foo
    2. /foo/bar
    3. /foo/{version}/bar (case sensitive) - allows the version to be within the context

  8. Why should I add tags for an API?

    Use keywords and common search terms as tags to group APIs that have similar characteristics. After publishing the API, consumers can click these tags to jump to a group of similar APIs.

  9. How can I add documentation for my APIs?

    API documentation helps API subscribers to understand the functionality of the API and for API publishers to market APIs and sustain competition. You can refer the tutorial  on how to add documentation for you APIs
  10. How can I display multiple API versions in the API Store?

    Follow the steps below to show multiple versions of an API in the API Store.

    a. Login to the API Publisher.
    b. Go to the Management Console (https://gatewaymgt.api.cloud.wso2.com/carbon).
    c. If you are already logged into the API Publisher, you are automatically logged into the Management Console.
    d. Once you log in to the Management Console, navigate to the Browse > Resources section and locate the /_system/config/apimgt/applicationdata/tenant-conf.json file in the registry. This can also be done by searching for the /_system/config/apimgt/applicationdata/tenant-conf.json file directly in the Location field as shown below.


    e. Click Edit as text, add the following properties to the file and click Save Content.

    "DisplayMultipleVersions":true
    "DisplayAllAPIs":true

  11. How can I convert response from my backend from XML to JSON?

a. Go to edit the API
b. Select the "Manage" tab
c. Tick the message mediation checkbox
d. Select the "xml_to_json_out_messagesequence for the Out Flow 
e. Save and publish the API.

API Search

  1. What are the options to search for an API in Publisher listing?

    By API name [Default]

    By API Provider [Syntax to be used - provider:xxxx]

    By API Version [Syntax to be used - version:xxxx]

    By Context [Syntax to be used - context:xxxx]

    By Status [Syntax to be used - status:xxxx]

    By API Description [Syntax to be used - description:xxxx]

    By SubContext [Syntax to be used - subcontext:xxxx]

    By Documentation Content [Syntax to be used - doc:xxxx]


API Deletion

  1. How can I delete an API with active subscribers?

1. In API overview, visit the "Lifecycle" tab.
2. Then, change the API state from "PUBLISHED" to "DEPRECATED" as follows.
3. Then "retire" the API in deprecated state as follows.

4. Then, you can delete the API.

API Backends and Endpoint Security

  1. How can I host my backend for my API?

    This is quite simple You can use WSO2 Integration Cloud to host the backend applications for your APIs on API Cloud. Follow this tutorial on how to achive it.

  2. How can I secure the link between my backend services and the API Cloud?

    See Secure your Backend Services.

VPN Connection with API Cloud

  1. How much bandwidth is guaranteed?

    We do not have any bandwidth limitation on our end. There is a defined idle period, if the connection is idle for more than the given period it will close the connection and reestablish at the next immediate call when it is active again.

  2. Would DNS resolution in Api Cloud be done inside our network or using your own DNS service?

    This will be done in our DNS service. However you need to map the CNAME entry on your end as well.

  3. Does your VPN solution have high availability? Do you have replicated VPN nodes?

    We do not have replicated VPN nodes on our end instead we use the method of having replicated VPN endpoints for automatic fail over which routes to the other endpoint in case one endpoint fails and guarantees high availability. 

Request/Response Transformation

  1. The backend web service does not match the API design that I expect. What should I do?

    You can extend the default message mediation sequence using mediators. The API Cloud comes with a powerful mediation engine that can transform and orchestrate API calls on the fly. See Change the Default Mediation Flow of API Requests.

  2. What type of mediators are supported by the API Cloud?

    See WSO2 Cloud Mediators.

  3. What properties can I retrieve from an API using a property mediator within a sequence?

    PropertyDescription
    SYNAPSE_REST_API_VERSIONRetrieves the version of the API. E.g., 1.0.0.
    REST_SUB_REQUEST_PATHRetrieves the sub request with path and query parameters. E.g., "/CheckPhoneNumber?PhoneNumber=1234567&LicenseKey=0".
    REST_API_CONTEXT or api.ut.contextRetrieves the context of the API in the form /t/tenantDomain/context/version for an API. E.g., "/t/tenant/new/1.0.0".
    REST_FULL_REQUEST_PATHRetrieves the entire request path. E.g., "/t/tenant/new/1.0.0/CheckPhoneNumber?PhoneNumber=1234567&LicenseKey=0".

    SYNAPSE_REST_API_VERSION_STRATEGY

    :For example, "context".
    TRANSPORT_IN_NAMERetrieves the transport. For example, "https".
    SYNAPSE_REST_APIRetrieves the name of the API. For example, "admin-AT-tenant.com--NewAPI:v1.0.0".

    See this tutorial to get an idea on how you can use a property mediator within a sequence to change the default mediation flow of API requests. Also, see Property Mediator of the ESB documentation.

  4. How to send a POST request with no payload (no Body) ?

    When carrying out a POST request from the API Cloud to the back-end ,API Cloud expects a request body parameter to be present.This is the default behavior of ESB/API Manager. But in case we need to do a POST request with no body we set the property in the in sequence of the API.

    <property name="FORCE_POST_PUT_NOBODY" value="true" scope="axis2" type="BOOLEAN"/> 

    Setting this property in a custom sequence will allow to do a post without body. However when we set this API cloud will send its default content type which is application/x-www-form-urlencoded and do the post request with no body. We cannot remove the content type completely but we can change the value of it using a property as mentioned below.

    <property name="Content-Type" value="text/plain" scope="transport"/>

    This will change change the content type to text/plain. Simillarly you can set the expected content type in this property in you custom sequence. You can read this post on how to add custom sequences to your APIs

  5. How can I disable chunking for my APIs?

    This can be done with the use of a custom mediation extension which will disable chunking, as described below.

    Save the content below into an xml file and upload it into the in sequence of your API from the WSO2 API Publisher.

    <?xml version="1.0" encoding="UTF-8"?>
    <sequence xmlns="http://ws.apache.org/ns/synapse"
             name="disable-chunking">
           <property name="DISABLE_CHUNKING" value="true" scope="axis2" />
    </sequence>

    Refer this post on how to add custom sequences to the WSO2 API Cloud.

  6. How to convert incoming and outgoing message formats?

You can change the message formats of your requests in the API Cloud. For this we use synapse which is a powerful mediation engine. You can follow the tutorial https://docs.wso2.com/display/APICloud/Convert+a+JSON+Message+to+SOAP+and+SOAP+to+JSON on how to achieve this.

API Cloud Gateway

  1. Where is WSO2 API Cloud hosted?

    WSO2 API Cloud is hosted in the AWS US East data center. For compliance or performance reasons, paying customers can choose alternative locations for their API gateways in API Cloud. These include Canada, US West, Brazil (São Paulo), EU (Ireland), EU (Frankfurt), Singapore, Tokyo, Sydney, Seoul, Mumbai, and Beijing.

  2. What are the available global API gateways?

    • Canada

    • US East

    • US West

    • Brazil (São Paulo)

    • EU (Ireland)

    • EU (Frankfurt)

    • Singapore

    • Tokyo

    • Sydney

    • Seoul

    • Mumbai.

  3. How long does it take for a change done in the API Publisher to appear in the global API Gateways?

    It takes a maximum of 10 minutes for a change done in the API Publisher to appear in the global API Gateways. This is due to the artifact synchronizing task that runs every 10 minutes.

  4. What content types are supported in the API Gateway?

    API Cloud Gateway servers process requests and responses with the following content types. If you have a requirement to process payloads of other content types, send a support request to the WSO2 Cloud team.

    • application/x-www-form-urlencoded

    • multipart/form-data

    • text/html

    • application/xml

    • text/xml

    • application/soap+xml

    • text/plain

    • application/json

    • application/vnd.api+json

    • application/json/badgerfish

    • text/javascript

    API Invocation

  1. What is meant by Error codes received at API Gateway?

    Error codeError MessageDescriptionExample
    700700
    API blockedThis API has been blocked temporarily. Please try again later or contact the system administrators.Invoke an API which is in the BLOCKED lifecycle state
    900800
    Message throttled out

    The maximum number of requests that can be made to the API within a designated time period is reached and the API is throttled for the user.

    Invoke an API exceeding the tier limit
    900801
    Hard limit exceededHard throttle limit has been reachedInvoke an API exceeding the hard throttle limit
    900802Resource level throttle outMessage is throttled out because resource level has exceededSending/Receiving messages beyond authorized resource level
    900803Application level throttle outMessage is throttled out because application level is exceededSending/Receiving messages beyond authorized application level
    900900

    Unclassified authentication failure

    An unspecified error has occurredBackend service for key validation is not accessible when trying to invoke an API
    900901

    Invalid credentials

    Invalid authentication information providedUsing an older access token after an access token has been renewed.
    900902

    Missing credentials

    No authentication information providedAccessing an API without Authorization: Bearer header
    900905

    Incorrect access token type is provided

    The access token type used is not supported when invoking the API. The supported access token types are application and user accesses tokens. See Access Tokens.

    Invoke an API with application token, where the resource only allows application user tokens
    900906

    No matching resource found in the API for the given request

    A resource with the name in the request can not be found in the API.Invoke an API resource that is not available
    900907

    The requested API is temporarily blocked

    Happens when the API user is blocked.Invoke API resource with a subscription that has been blocked by the API publisher
    900908

    Resource forbidden

    The user invoking the API has not been granted access to the required resource.Invoke an unsubscribed API
    900909

    The subscription to the API is inactive

    The status of the API has changed to an inaccessible/unavailable state.Invoke an API resource with a subscription that has not yet been approved by the administrator.
    900910

    The access token does not allow you to access the requested resource

    Can not access the required resource with the provided access token. Check the valid resources that can be accessed with this token.

    Invoke API resource with an access token that is not generated to be used with the resource's scope.
    102511Incomplete payloadThe payload sent with the request is too large and the client is unable to keep the connection alive until the payload is completely transferred to the API GatewaySending a large PDF file with the POST request
  2. Why am I seeing an error as “Missing credentials” as my API’s response?


    The Reason you are seeing this error is since you have not provided the OAuth token for invoking your API. It could be due to one of the following reasons.


    1. You have not yet subscribed to the API. If you have not yet subscribed to your API follow this tutorial on how to achieve that.

    2. You have not selected the correct application which you subscribed the API to - Perhaps the application selected from the dropdown in the API console is not the actual application which you subscribed to and hence the reason the keys are not appearing for your application. Select the correct application from the list and then invoke your API.

  3. Why am I seeing an error as “Invalid credentials” as my API’s response?

    The reason you are seeing this error is since the provided access token is invalid or the provided access token has expired. Please follow these steps in order to re generate the access token. After which you would be able to invoke the API successfully.

    Access token management

  1. How can I subscribe and generate tokens for my API?

    You subscribe to API using the API Store. Follow this tutorial to subscribe and invoke your API.
  2. How can I regenerate access tokens?

    Follow the below steps to re generate the access tokens for the applications for which your APIs are subscribed to.

    1. Navigate to the "Applications" option which is found at the top left hand corner of the Store UI and click it. This will take you to your applications page.

    2. Select the application which your API is subscribed to and select the Production/Sandbox Keys tab. 

    3. Click on the "Re-Generate" button.

    4. Now that you have regenerated the token you will need to go back to the API. In the top menu where you selected the Production Keys tab you will see an option as "Subscriptions". Click on that tab and select your API.

    5. Now you will be able to invoke your API successfully.

  3. Why am I seeing an error as “Missing credentials” as my API’s response?


    The Reason you are seeing this error is since you have not provided the OAuth token for invoking your API. It could be due to one of the following reasons.


    1. You have not yet subscribed to the API. If you have not yet subscribed to your API follow this tutorial on how to achieve that.

    2. You have not selected the correct application which you subscribed the API to - Perhaps the application selected from the dropdown in the API console is not the actual application which you subscribed to and hence the reason the keys are not appearing for your application. Select the correct application from the list and then invoke your API.

  4. Why am I seeing an error as “Invalid credentials” as my API’s response?

    The reason you are seeing this error is since the provided access token is invalid or the provided access token has expired. Please follow these steps in order to re generate the access token. After which you would be able to invoke the API successfully.

API Security

  1. How can I block a certain user from accessing my API?

    1. Log in to the Admin Dashboard as the admin user of your organization. (https://api.cloud.wso2.com/admin/)

    2. Click on Black List under the Throttle Policies section and click Add Item (Refer to the screenshot below)

    3. Select the condition type as the user and give the fully qualified username as the value and click to blacklist.
    For example, if you want to block the user cloud@wso2.com from invoking APIs, you have to provide the value as cloud@wso2.com@cloudorg by appending the organization key at the end of the username with the '@' character. 
    If you follow the above steps, the user will not be able to invoke APIs until you remove this the blacklist policy.
  2. How can i control the requests which reach my APIs?

    API Cloud uses a concept called throttling which allows you to limit the number of hits to an API during a given period of time. This can help you to

    • Protect your APIs from security attacks

    • Protect your backend services from overuse

    • Regulate traffic according to infrastructure limitations

    • Regulate usage for monetization.


    For information on different levels of throttling in WSO2 Cloud, see Throttling tiers. For more information on configuring throttling for your APIs refer this tutorial. 
  3. How can I block subscription to my APIs?
An API creator blocks subscription to an API as a way of disabling access to it and managing its usage and monetization. If you want to block any subscriptions created by your API consumers all you need to do is follow the simple steps explained in the tutorial.

Consuming APIs through your applications

  1. How can I invoke my APIs through my developed applications in the integration cloud?

    The applications deployed in WSO2 Integration Cloud can consume the APIs created in WSO2 API Cloud. Follow this tutorial on how to achieve this.

Migrating APIs



  1. How can I migrate my APIs among my cloud organizations?

    If you want to duplicate the APIs among your cloud organizations this is possible with the API Cloud. This will reduce the hassle of having to recreate the APIs in each organization for you. Please follow the tutorial on how to achieve this. 

  2. How can I migrate my on premise APIs on API Manager to the Cloud?

    If you have APIs created on your local instance of WSO2 API Manager you can simply follow this tutorial to migrate them to your cloud organization.

    Customizing API Store

  1. What are the community features available for the WSO2 API Cloud to market my APIs?

    The API Store provides several community features to build and nurture an active community of users for your APIs. This is required to advertize APIs, learn user requirements and market trends. The following are some of the community features available in the API Store.


    You can refer the tutorial on more information. 

  2. How can I change the theme (look and feel) of my API Store?

    API Cloud provides the capability of customizing the default theme of the API Store to make it more appealing and personalized. Changing the theme is pretty simple and easy to do yourself. You can follow the tutorial on how to change the theme of your API Store in the API Cloud.

    API Cloud Monetization - Make money through your APIs

  1. How can I charge my API Consumers(subscribers) for the usage of my APIs?

    Not only can you allow users to use your APis you can now charge them as well with the Monetization feature of the API Store. This feature allows the API publisher to customize the patterns of monetization. You can read more on the monetization feature in the article or simply enable the feature following the tutorial

    User Management and Administration

  1. How can I log into the Cloud's advanced Management Console?

    In most cases, default user interfaces are sufficient for your administrative tasks. However, there are some scenarios, such as adding new user roles, that require the use of the advanced Management Console. Such scenarios are indicated in the corresponding documentation articles.

    You can log into the API Gateway's advanced Management Console using the URL https://gatewaymgt.api.cloud.wso2.com/carbon.

  2. How can I add new members to my organization?

    You can simply invite members to your organization by providing their email address and the desired role you want them to be invited to. You can follow the tutorial on how to achieve this.


  3. How can I change the role names of the users of my organization?

    You can achieve this using the custom role feature of the cloud. Simply follow the steps mentioned in this tutorial to achieve this task.

  4. How do I customize Invitation emails for subscribers and publishers of my API Cloud organization?

    There are mainly two methods on how external users can be members of your cloud organization.

    • You can invite the members to a desired role of the cloud

    • Users can self signup to you API Store (given you have enabled the feature for your API Store)

    Please find how you can customize the emails for the above mentioned categories.

    Authenticating external users

  1. How can external users register/sign up to my API Store?

    You can allow users to directly come and register to your API Store. You can additionally also choose to approve/reject these requests through the administrator dashboard of the API Cloud. To enable this feature for your API Store you need to simply carry out the steps mentioned in the tutorial

  2. How can I connect my on premise user store to the API Cloud?

    You can directly connect your internal LDAP user stores to the API Cloud. This allows you to provide authentication for users in the LDAP, without sharing the credentials of the LDAP with WSO2 Cloud. Follow this tutorial on how to connect your on premise user store to the WSO2 Cloud. 

  3. I want to use the LDAP as a secondary user store. How can we map the roles of my underlying userstore to those of the WSO2 API Cloud?

    In the WSO2 API Cloud we can plug in any on premise LDAP secondary user store as mentioned in the documentation.The user needs to provide us with the roles which maps to the roles in their underlying userstore and the mapping would be done for them. The following are the main 4 roles in the API Cloud for which your userstore roles can be mapped against by us.

    • API Subscribe : Roles allowed to subscribe to APIs

    • API Create:  Roles allowed to create APIs

    • API Publish:  Roles allowed to publish APIs

    • Access Admin app: Roles allowed to access the Admin app

  4. How can I connect my own Identity Provider to API Cloud?

    If you want your organization to link their IdP to WSO2 Identity Cloud to provide SSO-based authentication for API Cloud apps you can refer the below tutorial on how to achieve this with WSO2 Cloud.

  5. How can I authenticate subscribers who are not in the WSO2 Cloud user store?

    You can follow one of the two options below to achieve this.


    • The application is already using an Identity Provider (IdP) and now needs to substitute the SAML2 token from that IdP for an OAuth2 token and then invoke the APIs. For more information on this scenario, see SAML Extension Grant.

    • There is a directory or database containing the identities. The application gets the username and password from the end-user and needs to use them to fetch the OAuth2 token and then invoke the APIs. Please refer the tutorial for further information on this use case.

Troubleshooting APIs and Statistics


  1. Why am I not seeing statistics for my APIs?

    The gadgets listed below do not display real time statistics.They are refreshed in time intervals to display the the latest statistics generated, and the data scripts used to update them may take 10-15 minutes to be executed. Following are the time intervals each gadget is updated. Read more on API Cloud statistics here.

    Gadget
    Time Interval
    Last Update Time10 minutes
    API Latency Stats1 hour
    API Throttling Stats

    1 hour

    User Agent Stats1 hour
    Other Stats15 minutes


    After the above mentioned time duration the stats should appear for you. If you are still unable to view the statistics after the mentioned time period please contact the support team by clicking the support menu option or emailing us at cloud@wso2.com

  2. How can I find the API Gateway logs? 

    Follow the steps below,

     a. Log in to WSO2 API Cloud.

     b. Go to the API Cloud Admin dashboard (click Configure > Admin Dashboard).

     c. On the left navigator, click Log Analyzer > Live Log Viewer to view your recent logs on the WSO2 API Gateway.

    a. Why am I seeing “Could not get the logs at this moment” error on my live log viewer?

    If you see an error message similar to the above in the Live Log Viewer,

        • Your current browser session might be corrupted due to some browser actions. Refresh the browser to view the logs.
        • Your browser session may have expired or cleared. Log out from the API Cloud and log in again.
        • It may take some time to retrieve the logs the first time. So if there are any corruptions during this interval, it may lead to this error message. Refresh the Live Log Viewer page and try again.


         b. Why am I seeing “Too much of logs loaded. Please refresh to get new logs” error on my live log viewer?

        

If you are getting an error similar to the above, it means that you have reached the maximum limit of log lines during your current session. The limit of the log lines is very large and sufficient for debugging.  Refresh your browser to view the latest logs.


Backups and Storage 

  1. Can we retrieve older version of our APIs from a source control or from the lifecycle?

    You would need to maintain this yourself by using versioning which we provide in the API cloud as a feature.

  2. How can we backup our configuration in the API Cloud?

    There is no out of the box way in which individual users are able to backup the configurations since this is a shared environment hosted in the cloud. However we guarantee that the configurations are not lost. API Cloud has an implemented backup strategy to ensure no loss of data under any circumstance.

API Cloud Subscription

  1. What are the limitations of my API Cloud trial subscription?


    Your trial subscription would only be allowed for 14 days and you can extend this an additional 14 days on request. During that period you would only be allowed 5 API Calls/Second and 100,000 calls per day. You will be allowed to invite a maximum of 10 members only to your organization. If you are happy with your trial you can simply upgrade to a paid plan with increased benefits and features starting from as little as $142 per month. For more information refer our pricing at https://wso2.com/api-management/cloud/
  2. How can I upgrade my API Cloud Trial Subscription?

    Full account pricing starts at just $142 / month, no long term commitments are required and you can cancel at any time. We also offer annual subscriptions which give you a 10% discount on your monthly charge so you save more while enjoying more benefits through your WSO2 API Cloud paid subscription. Simply upgrade your account from here https://wso2.com/api-management/cloud/ or contact the WSO2 Support team and we can help you with the upgrade or answer to any further questions which you may have.

    General

  1. How to grant access to WSO2 support team?

    1. Log in to the Cloud and navigate to the 9 dot menu on the top right hand corner

    2. Go to the ‘Organization’ option

    3. Check the checkbox marked as “Allow Access To WSO2 Support“ corresponding to the organization which you want the cloud team to access.

    grant access.png

  2. How can I download the Public Certificate of the key used to sign the JWT Token sent to the backend in API Cloud?

    Each tenant in WSO2 Cloud has their own private key and it is used to sign the JWT token. Please follow the steps below to get the public certificate.

    1. First, go to the Cloud's advanced Management Console and login as your tenant admin.
    2. Click List under the Main > Manage > Keystores section.
    3. Click Public Key to download the Keystore's public key.

  • No labels