This documentation is for WSO2 API Manager 2.1.0. View documentation for the latest release.

All docs This doc

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Start the API Manager server and log into the API Store.
  2. Create an application. On the Production Keys tab of your application, click Generate Keys.
  3. Get the consumer key and consumer secret and create a command to call the token API.Obtain the Base64 encoded representation of the Consumer Key and the Consumer Secret separated by a colon according to the following format.

    Code Block


    You can simply select the relevant grant types.

  4. Get Use the Base64 encoded value obtained above in the Authorization header when invoking the following command. This is used to get the token by calling the token API.


    Make sure you include a random scope in the request.

    Code Block
    curl -k -d "grant_type=password&username=admin&password=admin&scope=some_random_scope" -H "Authorization: Basic WmRFUFBvZmZwYVFnR25ScG5iZldtcUtSS3IwYTpSaG5ocEVJYUVCMEN3T1FReWpiZTJwaDBzc1Vh" -H "Content-Type: application/x-www-form-urlencoded"

    Along with the token, you receive a response from the server similar to the one below.

    Code Block

    You may not see the scope you requested for in this response as it has not been whitelisted yet.

  5. Shut down the server.

  6. To whitelist the scope, add the following under the <OAuthConfigurations> element in the <APIM_HOME>/repository/conf/api-manager.xml file and restart the server. 

    Code Block
  7. Call the token API using the same request used in step 4. You will receive a response similar to the one below.

    Code Block

    You see a successful response along with the whitelisted scope for which you requested.