WSO2 API Manager is a complete solution for designing and publishing APIs, creating and managing a developer community, and for securing and routing API traffic in a scalable mannerway. It leverages the integration, security and governance proven components from the WSO2 Enterprise Service Bus, WSO2 Identity Server, and WSO2 Governance Registryplatform to secure, integrate and manage APIs. In addition, as it is powered by the WSO2 Data Analytics Server (DAS), the WSO2 API Manager is ready for massively scalable deployments immediately.
it integrates with the WSO2 analytics platform and provides out of the box reports and alerts, giving you instant insights into the APIs behavior.
Before you begin,
- An access token is used to identify and authenticate a whole application.
- An access token is used to identify the final user of an application (for example, the final user of a mobile application deployed on many different devices devices).
Application access token: Application access tokens are generated by the API consumer and must be passed in the incoming API requests. The API Manager uses the OAuth2 standard to provide key management. An API key is a simple string that you pass with an HTTP header (e.g., "
Authorization: Bearer NtBQkXoKElu0H1a1fQ0DWfo6IX4a,") and it works equally well for SOAP and REST calls.
To generate a new access token, you issue a Token API call with the above parameters where
grant_type=password. The Token API then returns two tokens: an access token and a refresh token. The access token is saved in a session on the client side (the application itself does not need to manage users and passwords). On the API Gateway side, the access token is validated for each API call. When the token expires, you refresh the token by issuing a token API call with the above parameters where
grant_type=refresh_token and passing the refresh token as a parameter.
- verbs: Specifies the HTTP verbs a particular resource accepts. Allowed values are GET, POST, PUT, PATCH, OPTIONS, DELETE. You can give multiple values at once.
- uri-template: A URI template as defined in http://tools.ietf.org/html/rfc6570. E.g.,
- url-mapping: A URL mapping defined as per the servlet specification (extension mappings, path mappings, and exact mappings).
- Throttling tiers: Limits the number of hits to a resource during a given period of time.
- Auth-Type: Specifies the Resource level authentication along the HTTP verbs. Auth-type can be None, Application, or Application User.
- None: Can access the particular API resource without any access tokens.
- Application: An application access token is required to access the API resource.
- Application User: A user access token is required to access the API resource.
- Log in to the API Publisher (
Select the option to design a new API and click Start Creating.
Give the information in the table below and click Implement to move on to the next page.
Field Sample value NamePhoneVerificationContext/phoneverify Version 1.0.0 Visibility Public API Definition
URL pattern: CheckPhoneNumber
Note that this URL Pattern is the name of one of the resources that we are going to invoke from the backend service.
- Request types: GET, POST
Select the Managed API option.
Give the following information in the Implement tab that opens and click Manage once you are done.
Field Sample value Endpoint type HTTP Production endpoint
In this guide, we work with a service exposed by the Cdyne services provider. We use their phone validation service, which has SOAP and REST interfaces. Endpoint is http://ws.cdyne.com/phoneverify/phoneverify.asmx.
This sample service has two operations:
CheckPhoneNumbers. Let's use
Click Manage to go to the
Managetab and provide the following information. Leave default values for the rest of the parameters in the UI.
Field Value Description Tier Availability <Select all available tiers> The API can be available at different levels of service. They allow you to limit the number of successful hits to an API during a given period .
Once you are done, click Save.
After saving the API, click its thumbnail in the API Publisher to open it.
Click on the API's Docs tab and click the Add New Document link.
The document options appear. Note that you can create documentation inline, via a URL, or as a file. For inline documentation, you can edit the content directly from the API publisher interface. You get several documents types:
- How To
- Samples and SDK
- Public forum / Support forum (external link only)
- API message formats
Create a 'How To' named
PhoneVerification, specifying in-line content as the source and optionally entering a summary. When you have finished, click Add Document.
Once the document is added, click Edit Content associated with it to open an embedded editor.
Enter your API's documentation.
Swagger is a 100% open source, standard, language-agnostic specification and a complete framework for describing, producing, consuming, and visualizing RESTful APIs, without the need of a proxy or third-party services. Swagger allows consumers to understand the capabilities of a remote service without accessing its source code and interact with the service with a minimal amount of implementation logic. Swagger helps describe a services in the same way that interfaces describe lower-level programming code.
- Log in to the API Publisher as
apicreatorif you are not logged in already.
- Click the
PhoneVerificationAPI, and then the click on the Create New Version button that appears in its Overview tab.
Give a new version number (e.g., 2.0.0) and click Done.
Note that the new version of the API is created in the API Publisher.
- Number of subscriptions per API (across all versions of an API)
- Number of API calls being made per API (across all versions of an API)
- The subscribers who did made the last 10 latest API invocations and the APIs/versions they invoked
Usage of an API and from which resource path (per API version)
- Number of times a user has accessed an API
- The number of API invocations that failed to reach the endpoint per API per user
- API usage per application
- Users who make the most API invocations , per application
API usage from resource path , per application
The steps below explain how to configure WSO2 Business Activity Monitor (BAM) 2.5.0Data Analytics Server with the API Manager. The statistics in these dashboards are based on data from the BAMWSO2 DAS. The steps below explain how to configure WSO2 BAM 2.5.0 DAS with the API Manager.
If you are on Windows, note the following:
Let's do the configurations first.
Apply an offset of 3 to the default BAM port by editing the
<BAM_HOME>/repository/conf/carbon.xml file. This makes the BAM server run on port 9446 instead of the default port 9443, and avoids port conflicts when multiple WSO2 products run on the same host.
Go to the command-line and issue the following commands to connect to the MySQL server and create a database (e.g., TestStatsDB). This database is used to save the statistical data collected by the BAM. You do not need to create any tables in it.
mysql -u <username> -p <password> -h <host_name or IP>; CREATE DATABASE TestStatsDB;
Save the MySQL connector JAR inside both the
Give the datasource definition under the
<datasource> element in the
<BAM_HOME>/repository/conf/datasources/master-datasources.xml file. For example,
<datasource> <name>WSO2AM_STATS_DB</name> <description>The datasource used for getting statistics to API Manager</description> <jndiConfig> <name>jdbc/WSO2AM_STATS_DB</name> </jndiConfig> <definition type="RDBMS"> <configuration> <url>jdbc:mysql://localhost:3306/TestStatsDB</url> <username>db_username</username> <password>db_password</password> <driverClassName>com.mysql.jdbc.Driver</driverClassName> <maxActive>50</maxActive> <maxWait>60000</maxWait> <testOnBorrow>true</testOnBorrow> <validationQuery>SELECT 1</validationQuery> <validationInterval>30000</validationInterval> </configuration> </definition> </datasource>
Let's do the configurations first.
Apply an offset of 3 to the default DAS port by editing the
<DAS_HOME>/repository/conf/carbon.xmlfile. This makes the DAS server run on port 9446 instead of the default port 9443, and avoids port conflicts when multiple WSO2 products run on the same host.
Code Block language xml
Start the DAS server by running either of the following commands in the command line:
- On Windows:
On Linux/Solaris/Mac OS:
- On Windows:
- Start the API Manager and log in to its Admin Dashboard Web application (
https://<Server Host>:9443/admin-dashboard) with admin/admin credentials.
Click the Click Configure Analytics menu under the Settings section.
Select the check box to enable statistical data publishing and add the following:
- Add a URL group as tcp://<BAM <DAS server IP>:7614 and click Add URL Group.
- Fill the details under Statistics Summary Database according to the information you added to the
master-datasources.xmlfile in step 4.
- Set the DAS server configurations (
https://localhost:9446) under the Data Analyzer Configurations section.
Click Save. The BAM deploys the Analytics toolbox, which describes the information collected, how to analyze the data, and the location of the database where the analyzed data is stored, is deployed.
Invoke several APIs to generate some statistical data and wait a few seconds.
- Connect to the API Publisher as a creator or publisher and click the statistical dashboards available under the All Statistics and Statistics menus. For example,
The All Statistics menu is available for both API creators and publishers. It shows statistics of all APIs. The Statistics menu is available for API creators to see statistics of only the APIs created by them.