This documentation is for WSO2 API Manager 1.10.0 View documentation for the latest release.
Page Comparison - Quick Start Guide (v.8 vs v.13) - API Manager 1.10.0 - WSO2 Documentation

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

WSO2 API Manager is a complete solution for designing and publishing APIs, creating and managing a developer community, and for securing and routing API traffic in a scalable mannerway. It leverages the integration, security and governance proven components from the WSO2 Enterprise Service Bus, WSO2 Identity Server, and WSO2 Governance Registryplatform to secure, integrate and manage APIs. In addition, as it is powered by the WSO2 Data Analytics Server (DAS), the WSO2 API Manager is ready for massively scalable deployments immediately.


it integrates with the WSO2 analytics platform and provides out of the box reports and alerts, giving you instant insights into the APIs behavior.


Before you begin

  1. Install Oracle Java SE Development Kit (JDK) version 1.7.* or 1.8.* and set the JAVA_HOME environment variable.
  2. Download WSO2 API Manager.
  3. Start the API Manager by going to <APIM_HOME>/bin using the command-line and executing wso2server.bat  (for Windows) or  (for Linux.) 


  • An access token is used to identify and authenticate a whole application.
  • An access token is used to identify the final user of an application (for example, the final user of a mobile application deployed on many different devices devices).

Application access token: Application access tokens are generated by the API consumer and must be passed in the incoming API requests. The API Manager uses the OAuth2 standard to provide key management. An API key is a simple string that you pass with an HTTP header (e.g., "Authorization: Bearer NtBQkXoKElu0H1a1fQ0DWfo6IX4a,") and it works equally well for SOAP and REST calls.


To generate a new access token, you issue a Token API call with the above parameters where grant_type=password. The Token API then returns two tokens: an access token and a refresh token. The access token is saved in a session on the client side (the application itself does not need to manage users and passwords). On the API Gateway side, the access token is validated for each API call. When the token expires, you refresh the token by issuing a token API call with the above parameters where grant_type=refresh_token and passing the refresh token as a parameter.


  • verbs: Specifies the HTTP verbs a particular resource accepts. Allowed values are GET, POST, PUT, PATCH, OPTIONS, DELETE. You can give multiple values at once.  
  • uri-template: A URI template as defined in, /phoneverify/<phoneNumber>.
  • url-mapping: A URL mapping defined as per the servlet specification (extension mappings, path mappings, and exact mappings).
  • Throttling tiers: Limits the number of hits to a resource during a given period of time.
  • Auth-Type: Specifies the Resource level authentication along the HTTP verbs. Auth-type can be None, Application, or Application User.  
    • None: Can access the particular API resource without any access tokens.
    • Application: An application access token is required to access the API resource.
    • Application User: A user access token is required to access the API resource.


  1. Log in to the API Publisher (https://<hostname>:9443/publisher) as apicreator.
  2. Select the option to design a new API and click Start Creating.

  3. Give the information in the table below and click Implement to move on to the next page.

    FieldSample value
    API Definition
    • URL pattern: CheckPhoneNumber  


      Note that this URL Pattern is the name of one of the resources that we are going to invoke from the backend service.

    • Request types: GET, POST

  4. Select the Managed API option.

  5. Give the following information in the Implement tab that opens and click Manage once you are done.

    FieldSample value
    Endpoint typeHTTP
    Production endpoint

    In this guide, we work with a service exposed by the Cdyne services provider. We use their phone validation service, which has SOAP and REST interfaces. Endpoint is 

    This sample service has two operations: CheckPhoneNumber and CheckPhoneNumbers. Let's use CheckPhoneNumber here.

  6. Click Manage to go to the Manage tab and provide the following information. Leave default values for the rest of the parameters in the UI.

    Tier Availability<Select all available tiers>The API can be available at different levels of service. They allow you to limit the number of successful hits to an API during a given period
    of time

  7. Once you are done, click Save


  1. After saving the API, click its thumbnail in the API Publisher to open it.

  2. Click on the API's Docs tab and click the Add New Document link.

  3. The document options appear. Note that you can create documentation inline, via a URL, or as a file. For inline documentation, you can edit the content directly from the API publisher interface. You get several documents types:

    • How To
    • Samples and SDK
    • Public forum / Support forum (external link only)
    • API message formats
    • Other
  4. Create a 'How To' named PhoneVerification, specifying in-line content as the source and optionally entering a summary. When you have finished, click Add Document.

  5. Once the document is added, click Edit Content associated with it to open an embedded editor.

  6. Enter your API's documentation.


Swagger is a 100% open source, standard, language-agnostic specification and a complete framework for describing, producing, consuming, and visualizing RESTful APIs, without the need of a  proxy or third-party services. Swagger allows consumers to understand the capabilities of a remote service without accessing its source code and interact with the service with a minimal amount of implementation logic. Swagger helps describe a services in the same way that interfaces describe lower-level programming code. 


  1. Log in to the API Publisher as apicreator if you are not logged in already.
  2. Click the PhoneVerification API, and then the click  on the Create New Version button that appears in its Overview tab.
  3. Give a new version number (e.g., 2.0.0) and click Done.

  4. Note that the new version of the API is created in the API Publisher.


  • Number of subscriptions per API (across all versions of an API)
  • Number of API calls being made per API (across all versions of an API)
  • The subscribers who did made the last 10 latest API invocations and the APIs/versions they invoked
  • Usage of an API and from which resource path (per API version)

  • Number of times a user has accessed an API
  • The number of API invocations that failed to reach the endpoint per API per user
  • API usage per application
  • Users who make the most API invocations , per application
  • API usage from resource path , per application

The steps below explain how to configure WSO2 Business Activity Monitor (BAM) 2.5.0Data Analytics Server with the API Manager. The statistics in these dashboards are based on data from the BAMWSO2 DAS. The steps below explain how to configure WSO2 BAM 2.5.0 DAS with the API Manager.


If you are on Windows, note the following:

  • If you installed the JDK in Program Files in the Windows environment, avoid the space by using PROGRA~1 when specifying environment variables for JAVA_HOME and PATH. Otherwise, the server throws an exception.
  • Install Cygwin ( WSO2 BAM depends on Apache Hadoop, which requires Cygwin in order to run on Windows. Install at least the basic net (OpenSSH,tcp_wrapper packages) and security-related Cygwin packages. After Cygwin installation, update the PATH variable with C:/cygwin/bin. If you already have WSO2 BAM running, you must restart it now.

Let's do the configurations first.


Apply an offset of 3 to the default BAM port by editing the <BAM_HOME>/repository/conf/carbon.xml file. This makes the BAM server run on port 9446 instead of the default port 9443, and avoids port conflicts when multiple WSO2 products run on the same host.

Code Block


Go to the command-line and issue the following commands to connect to the MySQL server and create a database (e.g., TestStatsDB). This database is used to save the statistical data collected by the BAM. You do not need to create any tables in it.

Code Block
mysql -u <username> -p <password> -h <host_name or IP>;


Save the MySQL connector JAR inside both the <APIM_HOME>/repository/components/lib and <BAM_HOME>/repository/components/lib folders.


Give the datasource definition under the <datasource> element in the <BAM_HOME>/repository/conf/datasources/master-datasources.xml file. For example,

Code Block
   <description>The datasource used for getting statistics to API Manager</description>
   <definition type="RDBMS">
           <validationQuery>SELECT 1</validationQuery>


Let's do the configurations first.

  1. Apply an offset of 3 to the default DAS port by editing the <DAS_HOME>/repository/conf/carbon.xml file. This makes the DAS server run on port 9446 instead of the default port 9443, and avoids port conflicts when multiple WSO2 products run on the same host.

    Code Block
  2. Start the DAS server by running either of the following commands in the command line:

    • On Windows:  <PRODUCT_HOME>\bin\wso2server.bat --run
    • On Linux/Solaris/Mac OS:  sh <PRODUCT_HOME>/bin/

  3. Start the API Manager and log in to its Admin Dashboard Web application (https://<Server Host>:9443/admin-dashboard) with admin/admin credentials.
  4. Click the Click Configure Analytics menu under the Settings section. 

  5. Select the  check box to enable statistical data publishing and add the following:

    • Add a URL group as tcp://<BAM <DAS server IP>:7614 and click Add URL Group.
    • Fill the details under Statistics Summary Database according to the information you added to the master-datasources.xml file in step 4.
    Image Removed
    • Set the DAS server configurations (https://localhost:9446) under the Data Analyzer Configurations section.

    Image Added

  6. Click Save. The BAM deploys the Analytics toolbox, which describes the information collected, how to analyze the data, and the location of the database where the analyzed data is stored, is deployed.

  7. Invoke several APIs to generate some statistical data and wait a few seconds. 

  8. Connect to the API Publisher as a creator or publisher and click the statistical dashboards available under the All Statistics and Statistics menus. For example,
    Image Added
    Image RemovedThe All Statistics menu is available for both API creators and publishers. It shows statistics of all APIs. The Statistics menu is available for API creators to see statistics of only the APIs created by them.