In a typical API Manager deployment, different components talk to the
KeyManager interface to achieve different tasks. For instance -
- After creating an application in API store, subscribers would click on the generate button to register an application. At this point, the API store talks to the
KeyManagerto create an OAuth client and get the Consumer Key/Secret and the Application Access token.
- When the Gateway receives a request, it talks to
KeyManagerand get the token validated. The
KeyManagerchecks if the token is active, and whether the token is usable to invoke the resource being accessed. If the token is valid, the
KeyManagersends additional details about the token (i.e., the Throttling Tier for the subscription and Consumer key) to the Gateway in the response. In turn the Gateway uses these details to determine if the request should be passed to the backend or not.
KeyManager interface acts as the bridge between the OAuth Provider and WSO2 API Manager (WSO2 API-M).