This documentation is for WSO2 API Manager 2.1.0. View documentation for the latest release.

All docs This doc

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

You can obtain an access token by providing the resource owner's username and password as an authorization grant. It requires the base64 encoded string of the consumer-key:consumer-secret combination. You need to meet the following prerequisites before using the Token API to generate a token. 

Please refer to the WSO2 IS documentation for a detailed explanation on this grant type  with the use of a sequence diagram.


  • A valid user account in the API Store. You can self sign up if it is enabled by an admin.
  • A valid consumer key and consumer secret pair. Initially, these keys must be generated through the API Store by clicking Generate Keys on the Production Keys tab of the application.
  • A running API Gateway instance (typically an API Manager instance should be running). For instructions on API Gateway, see Components.

  • If the Key Manager is on a different server than the API Gateway, change the server URL (host and ports) of the Key Manager accordingly in the <APIKeyManager><ServerURL> element of the <AM_HOME>/repository/conf/api-manager.xml file.
  • If you have multiple Carbon servers running on the same computer, change the port with an offset to avoid port conflicts.