- Log in to the API Store Web interface (https://localhost:9443/store) and click the API published before.
- Subscribe to this the API using the Bronze tier.The API opens.
- Generate the access tokens. You need them to invoke the API in the next steps.
Go to the API Console tabto see
, which shows the interactive documentation of the API.
Provide the necessary parameters and click Try it out to call the API. For example, the
PhoneVerificationAPI takes two parameters: the phone number and a license key, which is set to 0 for testing purposes.
Note the following in the above UI:
Base URL Appears at the bottom of the console. Using the base URL and the parameters, the system creates the API URL in the form
http://host:8280/<context>/<version>/<back end service requirements included as parameters>.For example,
Query Parameters Give the API payload as PhoneNumber=18006785432&LicenseKey=0 where /phoneverify is the context and 1.1.0 is the version. The rest of the URL is driven by the backend service requirements. Authorization In the authorization header, pass the application key that was generated at the time a user subscribes to an API. This is prefixed by the string "Bearer". For example, Bearer q6- JeSXxZDDzBnccK3ZZGf5_AZTk.
WSO2 API Manager enforces OAuth security on all the published APIs. Consumers who talk to the API Manager should send their credentials (application key) as per the OAuth bearer token profile. If you don't send an application key or send a wrong key, you will receive a 401 Unauthorized response in return.
- Note the response for the API invocation that appears as follows:
- Within a minute after the first API invocation, make another attempt to invoke the API and note that the second invocation results in a throttling error.
This is because you applied a Bronze tier at the time you subscribed to the API and the Bronze tier only allows one API call per minute.