This documentation is for WSO2 API Manager 2.1.0. View documentation for the latest release.

All docs This doc

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

In a typical API Manager deployment, different components talk to the KeyManager interface to achieve different tasks. For instance -

  • After creating an application in API store, subscribers would click on the generate button to register an application. At this point, the API store talks to the KeyManager to create an OAuth client and get the Consumer Key/Secret and the Application Access token.
  • When the Gateway receives a request, it talks to KeyManager and get the token validated. The KeyManager checks if the token is active, and whether the token is usable to invoke the resource being accessed. If the token is valid, the KeyManager sends additional details about the token (i.e., the Throttling Tier for the subscription and Consumer key) to the Gateway in the response. In turn the Gateway uses these details to determine if the request should be passed to the backend or not. 

Therefore, the KeyManager interface acts as the bridge between the OAuth Provider and WSO2 API Manager (WSO2 API-M).