This documentation is for WSO2 API Manager 2.1.0. View documentation for the latest release.

All docs This doc

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Start the API Manager server and log into the API Store.
  2. Create an application. On the Production Keys tab of your application, click Generate Keys.
  3. Obtain the Base64 encoded representation of the Consumer Key and the Consumer Secret separated by a colon according to the following format.

    Code Block

    You can also use the curl request listed under the Generate Access Tokens section for the steps 3 and 4 based on the grant type.

  4. Use the Base64 encoded value obtained above in the Authorization header when invoking the following command. This is used to get the token by calling the token API.


    Make sure you include a random scope in the request which will be any value suitable for the name of the scope.

    Code Block
    curl -k -d "grant_type=password&username=admin&password=admin&scope=some_random_scope" -H "Authorization: Basic WmRFUFBvZmZwYVFnR25ScG5iZldtcUtSS3IwYTpSaG5ocEVJYUVCMEN3T1FReWpiZTJwaDBzc1Vh" -H "Content-Type: application/x-www-form-urlencoded"

    Along with the token, you receive a response from the server similar to the one below.

    Code Block

    You may not see the scope you requested for in this response as it has not been whitelisted yet.

  5. Shut down the server.

  6. To whitelist the scope, add the following under the <OAuthConfigurations> element in the <APIM_HOME>/repository/conf/api-manager.xml file and restart the server. 

    Code Block
  7. Call the token API using the same request used in step 4. You will receive a response similar to the one below.

    Code Block

    You see a successful response along with the whitelisted scope for which you requested.