WSO2 API Cloud documentation is getting a whole new look at
Try WSO2 Cloud for Free
Sign in

All docs This doc

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Content Zone

API Creation and Design

  1. I have an existing swagger. How can I create my API in API Cloud?

    You can use publicly hosted Swagger files to create APIs using WSO2 API Cloud or you can simply upload your swagger YAML or JSON file to create an API without a hassle. You can follow the tutorial on how to achieve this. 

  2. How can I create a Mock API?

    You can create a sample API with an inline script and then make it available for testing purpose for your API subscribers. You do not need to have an actual service backend but rather mock the response using the inline script. This is provided through the API Cloud’s prototyped API feature. Follow the tutorial on the steps to achieve this.
  3. How can I create a SOAP API?

    All you need to have is a publicly hosted WSDL and a backend URL and this can be achieved easily in the API Cloud. Follow the tutorial on the comprehensive steps on how to carry this out. 
  4. How can I use a single API to route to different backend services?

    API Cloud provides an out of the box feature called the dynamic endpoint functionality. This allows you to dynamically pick the backend to which each call is routed based on the call’s properties. You can refer to this  post  on how to achieve this.

  5. How can I use dynamic endpoints, with different credentials for each backend?

    Assuming that you have already designed your API, follow the steps below.

    1. Select Non-Secured as the Endpoint Security Scheme in the Implement tab.

    2. Provide your credentials for each endpoint. A sample message mediation sequence is given below. There is an authorization header for each endpoint in the sequence. The corresponding backend will be called with its authorization header.

      Code Block
      <sequence xmlns="" name="dynamic_ep">
          <property expression="json-eval($.operation)" name="operation" />
          <filter regex="menu" source="$ctx:operation">
                  <property name="Authorization" expression="fn:concat('Basic ', 'abcdfffghksjdksk==')" scope="transport"/>
                  <header name="To" value="YOUR_BACKEND_1" />
                 <property name="Authorization" expression="fn:concat('Basic ', 'HjhslhhishhssHH=')" scope="transport"/>
                 <header name="To" value="YOUR_BACKEND_2" />
         <property expression="get-property('To')" name="ENDPOINT_ADDRESS" />
  6. What content types are supported in API Cloud?

    API Cloud Gateway servers process requests and responses with the following content types. If you have a requirement to process payloads of other content types, send a support request to the WSO2 Cloud team.

    • application/x-www-form-urlencoded

    • multipart/form-data

    • text/html

    • application/xml

    • text/xml

    • application/soap+xml

    • text/plain

    • application/json

    • application/vnd.api+json

    • application/json/badgerfish

    • text/javascript

  7. What is meant by Context of an API?

    Context refers to the URI context path of the API which is case sensitive. The supported formats are listed below.

    1. /foo

    2. /foo/bar

    3. /foo/{version}/bar (case sensitive) - allows the version to be within the context

  8. Why should I add tags for an API?

    You can use keywords and common search terms as tags to group APIs that have similar characteristics. After publishing the API, consumers can click these tags to jump to a group of similar APIs.

  9. How can I add documentation for my APIs?

    API documentation helps API subscribers to understand the functionality of the API and for API publishers to market APIs and sustain competition. You can refer the tutorial  on how to add documentation for you APIs
  10. What is meant by each API resource auth types?

    • None: No authentication is applied and the API Gateway skips the authentication process
    • Application: Authentication is done by the application. The resource accepts  application access tokens.
    • Application User: Authentication is done by the  application user. The resource accepts user access tokens.
    • Application and Application User: Both  application level and  application user level authentication is applied. Note that if you select this option in the UI, it appears as Any in the API Cloud internal data storage and data representation, and Any will appear in the response messages as well.
  11. How can I display multiple API versions in the API Store?

    Follow the steps below to show multiple versions of an API in the API Store.

    a. Login to the API Publisher.
    b. Go to the Management Console (
    c. If you are already logged into the API Publisher, you are automatically logged into the Management Console.
    d. Once you log in to the Management Console, navigate to the Browse > Resources section and locate the /_system/config/apimgt/applicationdata/tenant-conf.json file in the registry. This can also be done by searching for the /_system/config/apimgt/applicationdata/tenant-conf.json file directly in the Location field as shown below.

    e. Click Edit as text, add the following properties to the file and click Save Content.

    Code Block

  12. How can I convert a response in the backend from XML to JSON?

    a. Go to edit the API
    b. Select the "Manage" tab
    c. Tick the message mediation checkbox
    d. Select the " xml_to_json_out_message sequence  for the  Out Flow  
    e. Save and publish the API.
  13. Why testing backend connection gives an invalid result even if the backend service is available?

    Clicking Test to check the endpoint will send an HTTP head call with SSL for checking if a given URL is serviceable. The HTTP head call is used here as it is a faster way to verify the endpoints. When the backend does not give any response for HTTP head call it returns a 404 error. This does not imply the backend is failing to serve other HTTP request methods as well. Therefore you get an invalid result when testing.

API Subscription Tiers

  1. How do I edit/add a subscription tier to my API?

    Subscription tiers provide the capability to set the maximum number of requests allowed to the API through the subscribers. By default the API Cloud provides 4 tiers Gold, Silver, Bronze and Unlimited. To change these default tiers or to add a new tier follow the below instructions.
    1. Navigate to the API Cloud.
    2. In the top menu, under the 'Configure' option you will find an item as "Admin Dashboard" in the drop down list. Click on this option which will redirect you to the Admin Dashboard application.
    3. In the Admin dashboard application you will see an option as  Subscription Tiers in the left navigation pane.
    4. To create a new tier, click Add New Tier, specify the required values, and click Save. To edit an existing tier, Select edit, make the changes and save.

API Search

  1. What are the options to search for an API in Publisher listing? 

    OptionSyntax to be used
    API name Default
    API Providerprovider:xxxx
    API Versionversion:xxxx
    API Descriptiondescription:xxxx
    Documentation Contentdoc:xxxx

API Deletion

  1. How can I delete an API with active subscribers?

    1. Go to the Lifecycle tab in the API Overview page.

    2. Change the API state from PUBLISHED to DEPRECATED.

    3. Change the API state from DEPRECATED to RETIRED.
    4.  You will be able to delete the API now.

API Backends and Endpoint Security

  1. How can I host my backend for my API?

    You can use WSO2 Integration Cloud to host the backend applications for your APIs on API Cloud. For instructions on how to do this, see Host the Backend Applications for your APIs
  2. How can I secure the link between my backend services and the API Cloud?

    See Secure your Backend Services.

VPN Connection with API Cloud

  1. How much bandwidth is guaranteed?

    We do not have any bandwidth limitation on our end. There is a defined idle period. If the connection is idle for more than the given period it will be closed. The connection will be reestablished at the next immediate call, when it is active again.

  2. Would DNS resolution in API Cloud be done inside our network or using your own DNS service?

    This will be done in our  DNS  service. However, you need to map the  CNAME  entry on your end as well.

  3. Does your VPN solution have high availability? Do you have replicated VPN nodes?

    We do not have replicated  VPN  nodes on our end instead we use the method of having replicated  VPN  endpoints for automatic fail over which routes to the other endpoint in case one endpoint fails and guarantees high availability. 

Request/Response Transformation

  1. The backend web service does not match the API design that I expect. What should I do?

    You can extend the default message mediation sequence using mediators. The API Cloud comes with a powerful mediation engine that can transform and orchestrate API calls on the fly. See Change the Default Mediation Flow of API Requests .

  2. What type of mediators are supported by the API Cloud?

    See WSO2 Cloud Mediators .

  3. What properties can I retrieve from an API using a property mediator within a sequence?

    SYNAPSE_REST_API_VERSIONRetrieves the version of the API. E.g., 1.0.0.
    REST_SUB_REQUEST_PATHRetrieves the sub request with path and query parameters. E.g., "/CheckPhoneNumber?PhoneNumber=1234567&LicenseKey=0".
    REST_API_CONTEXT or api.ut.contextRetrieves the context of the API in the form /t/tenantDomain/context/version for an API. E.g., "/t/tenant/new/1.0.0".
    REST_FULL_REQUEST_PATHRetrieves the entire request path. E.g., "/t/tenant/new/1.0.0/CheckPhoneNumber?PhoneNumber=1234567&LicenseKey=0".


    For example, "context".
    TRANSPORT_IN_NAMERetrieves the transport. For example, "https".
    SYNAPSE_REST_APIRetrieves the name of the API. For example, "".
    api.ut.HTTP_METHOD The HTTP method which was used for the invocation. (E.g.: GET/POST) The name of the OAuth2 application used for the invocation. (E.g,: DefaultApplication)
    api.ut.apiPublisher The name of the person who published the API.  (E.g.: [email protected]@wso2cloud)
    api.ut.userId The user who invoked the API. (E.g.: [email protected]@wso2cloud)

    See this tutorial to get an idea on how you can use a property mediator within a sequence to change the default mediation flow of API requests. Also, see Property Mediator in the ESB documentation.

  4. How to send a POST request with no payload (no Body) ?

    When carrying out a POST request from the API Cloud to the back-end ,API Cloud expects a request body parameter to be present.This is the default behavior of ESB/API Manager. But in case we need to do a POST request with no body we set the property in the in sequence of the API.

    <property name="FORCE_POST_PUT_NOBODY" value="true" scope="axis2" type="BOOLEAN"/> 

    Setting this property in a custom sequence will allow to do a post without body. However when we set this API cloud will send its default content type which is application/x-www-form-urlencoded and do the post request with no body. We cannot remove the content type completely but we can change the value of it using a property as mentioned below.

    <property name="Content-Type" value="text/plain" scope="transport"/>

    This will change change the content type to text/plain. Simillarly, you can set the expected content type in this property in you custom sequence. You can read this post on how to add custom sequences to your APIs

  5. How can I disable chunking for my APIs?

    This can be done with the use of a custom mediation extension which will disable chunking, as described below.

    Save the content below into an xml file and upload it as the In sequence of your API from the API Publisher.

    Code Block
    <sequence xmlns=""
           <property name="DISABLE_CHUNKING" value="true" scope="axis2" />

    Refer this post on how to add custom sequences to the WSO2 API Cloud.

  6. How to convert incoming and outgoing message formats?

    You can change the message formats of your requests in the API Cloud. For this we use synapse which is a powerful mediation engine. For more information, see how to Convert a JSON Message to SOAP and SOAP to JSON

  7. How can I view the sequences uploaded to my APIs?

    Download and install the WSO2 API Manager Tooling Plug-in if you have not done so already. Open Eclipse by double clicking the file inside the downloaded folder. 

    Go to Preferences > Developer Studio > WSO2 APIManager in the Developer Studio and change the Default sequence location to /_system/governance/apimgt. Restart the Developer Studio to apply the changes.

    Add the registry by clicking the highlighted icon in the top right hand corner, as shown the image below. You can view the API specific as well as global custom sequences as follows,


  1. Does API Cloud send outbound calls to the Microgateway?

    No. The Microgateway only invokes the REST APIs of API Cloud to synchronize API definitions of your organization, update statistics on your API usage, and update the health status of the gateway.
  2. How do I monitor the health of the gateways? Is there any default health check APIs deployed on the gateway?

    You can configure your health check monitoring tool to send a request to http://localhost:8280/services/Version endpoint.
  3. How can I generate OAuth bearer tokens for my APIs using Microgateway? Do I need to use WSO2 API Cloud instead?

    You can generate tokens connecting to the Microgateway token endpoints as well as API Cloud gateway token endpoints.
  4. Can I invoke the APIs deployed in the Cloud and Microgateway both?

    Yes. If the backend API endpoint is reachable from Cloud gateway, you can invoke the API from both.
  5. If my backend API endpoint is only reachable on the internal network, does the Cloud allow me to create the API?

  6. How can I manage different environments in the application development lifecycle?

    Yes. You are required to register multiple organizations corresponding to each development stage and run multiple Microgateways for each organization.
  7. Can I run multiple Microgateways for the same organization?

    Yes. If you are running multiple Microgateways on the same node, set an offset value(<Offset>0</Offset>) in [Microgateway]/repository/conf/carbon.xml file to avoid port conflicts when gateways start.
  8. What is the mechanism of getting the security updates, bug fixes for my Microgateway?

    You can contact [email protected] for the exact details.

API Cloud Gateway

  1. Where is WSO2 API Cloud hosted?

    WSO2 API Cloud is hosted in the AWS US East data center. For compliance or performance reasons, paying customers can choose alternative locations for their API gateways in API Cloud. These include Canada, US West, Brazil (São Paulo), EU (Ireland), EU (Frankfurt), Singapore, Tokyo, Sydney, Seoul, Mumbai, and Beijing.

  2. What are the available global API gateways?

    • Canada

    • US East

    • US West

    • Brazil (São Paulo)

    • EU (Ireland)

    • EU (Frankfurt)

    • Singapore

    • Tokyo

    • Sydney

    • Seoul

    • Mumbai.

  3. How long does it take for a change done in the API Publisher to appear in the global API Gateways?

    It takes a maximum of 10 minutes for a change done in the API Publisher to appear in the global API Gateways. This is due to the artifact synchronizing task that runs every 10 minutes.

  4. What content types are supported in the API Gateway?

    API Cloud Gateway servers process requests and responses with the following content types. If you have a requirement to process payloads of other content types, send a support request to the WSO2 Cloud team.

    • application/x-www-form-urlencoded

    • multipart/form-data

    • text/html

    • application/xml

    • text/xml

    • application/soap+xml

    • text/plain

    • application/json

    • application/vnd.api+json

    • application/json/badgerfish

    • text/javascript

    API Invocation

  1. What is meant by Error codes received at API Gateway?

    Error codeError MessageDescriptionExample
    API blockedThis API has been blocked temporarily. Please try again later or contact the system administrators.Invoke an API which is in the BLOCKED lifecycle state
    Message throttled out

    The maximum number of requests that can be made to the API within a designated time period is reached and the API is throttled for the user.

    Invoke an API exceeding the tier limit
    Hard limit exceededHard throttle limit has been reachedInvoke an API exceeding the hard throttle limit
    900802Resource level throttle outMessage is throttled out because resource level has exceededSending/Receiving messages beyond authorized resource level
    900803Application level throttle outMessage is throttled out because application level is exceededSending/Receiving messages beyond authorized application level

    Unclassified authentication failure

    An unspecified error has occurredBackend service for key validation is not accessible when trying to invoke an API

    Invalid credentials

    Invalid authentication information providedUsing an older access token after an access token has been renewed.

    Missing credentials

    No authentication information providedAccessing an API without Authorization: Bearer header

    Incorrect access token type is provided

    The access token type used is not supported when invoking the API. The supported access token types are application and user accesses tokens. See Access Tokens.

    Invoke an API with application token, where the resource only allows application user tokens

    No matching resource found in the API for the given request

    A resource with the name in the request can not be found in the API.Invoke an API resource that is not available

    The requested API is temporarily blocked

    Happens when the API user is blocked.Invoke API resource with a subscription that has been blocked by the API publisher

    Resource forbidden

    The user invoking the API has not been granted access to the required resource.Invoke an unsubscribed API

    The subscription to the API is inactive

    The status of the API has changed to an inaccessible/unavailable state.Invoke an API resource with a subscription that has not yet been approved by the administrator.

    The access token does not allow you to access the requested resource

    Can not access the required resource with the provided access token. Check the valid resources that can be accessed with this token.

    Invoke API resource with an access token that is not generated to be used with the resource's scope.
    102511Incomplete payloadThe payload sent with the request is too large and the client is unable to keep the connection alive until the payload is completely transferred to the API GatewaySending a large PDF file with the POST request

    Other useful Error Codes

    General errors

    Error Code Detail
    303000Load Balance endpoint is not ready to connect
    303000Recipient List Endpoint is not ready
    303000Failover endpoint is not ready to connect
    303001Address Endpoint is not ready to connect
    303002WSDL Address is not ready to connect

    Failure on endpoint in the session

    Error Code Detail
    309001Session aware load balance endpoint, No ready child endpoints
    309002Session aware load balance endpoint, Invalid reference
    309003Session aware load balance endpoint, Failed session

    Non-fatal warnings

    Error Code Detail
    303100A failover occurred in a Load balance endpoint
    304100A failover occurred in a Failover endpoint

    Referring real endpoint is null

    Error Code Detail
    305100Indirect endpoint not ready

    Callout operation failed

    Error Code Detail
    401000Callout operation failed (from the callout mediator)
  2. Why am I seeing an error as “Missing credentials” as my API’s response?

    The Reason you are seeing this error is since you have not provided the OAuth token for invoking your API. It could be due to one of the following reasons.

    1. You have not yet subscribed to the API. If you have not yet subscribed to your API follow this tutorial on how to achieve that.

    2. You have not selected the correct application which you subscribed the API to - Perhaps the application selected from the dropdown in the API console is not the actual application which you subscribed to and hence the reason the keys are not appearing for your application. Select the correct application from the list and then invoke your API.

  3. Why am I seeing an error as “Invalid credentials” as my API’s response?

    The reason you are seeing this error is since the provided access token is invalid or the provided access token has expired. Please follow these steps in order to re generate the access token. After which you would be able to invoke the API successfully.

  4. How to avoid your backend endpoint getting suspended by the API Gateway?

    • Go to API Publisher and select the API that you want to change. Then click Edit from API Overview.
    • Under the Implement tab, select Advanced Options on the endpoint which you want to re-configure as shown below.

    • Modify the values. If you want to disable the suspension rules, set both Initial Duration and Max Duration to 0.
    • Save changes and re-publish the API.
  5. How to increase endpoint timeout for an API?

          The warning "a callback is not registered (anymore) to process this response" indicates that API gateway has received a response from backend server after exceeding the endpoint timeout duration.

          So, the gateway was unable to handle the response. You can increase the endpoint timeout as follows.

  • Go to API Publisher and select the API that you want to change. Then click Edit from API Overview.
  • Under the Implement tab, select Advanced Options on the endpoint which you want to re-configure as shown below.

  • The endpoint timeout is set to 30s by default. Modify the value to increase the connection timeout.
    Please note that the maximum allowed timeout is 2mins as API gateway has a global timeout value of 2mins.

  • Save changes and re-publish the API.

Access token management

  1. How can I subscribe and generate tokens for my API?

    You  subscribe  to API using the API Store. Follow this tutorial to subscribe and invoke your API.
  2. How can I regenerate access tokens?

    Follow the below steps to re generate the access tokens for the applications for which your APIs are subscribed to.

    1. Navigate to the "Applications" option which is found at the top left hand corner of the Store UI and click it. This will take you to your applications page.

    2. Select the application which your API is subscribed to and go to the Production/Sandbox Keys tab. 

    3. Click on Re-Generate button.

    4. Now that you have regenerated the token you will need to go back to the API. In the top menu where you selected the Production Keys tab you will see an option as "Subscriptions". Click on that tab and select your API.

    5. Now you will be able to invoke your API successfully.

  3. How can I edit scopes of my API?

In WSO2 API Manager once you have created scopes you are not able to edit the scope using API Publisher UI. Using swagger console you can achieve this with following below steps. 

1. On the publisher UI Design tab click Edit Source

2. In the sources you can see scope under x-wso2-security : apim : x-wso2-scopes : (your scope name) 

3. Add or edit scope and roles in this directive

4. Then click Apply Changes (This will only update the swagger file not the API you will not see the role until you save the API)

5. Save the API which will deploy the API with the respective roles for the scope

6. Then you will see the scope updated.  

API Security

  1. How can I block a certain user from accessing my API?

    1. Log in to the Admin Dashboard as the admin user of your organization. (

    2. Click on Black List under the Throttle Policies section and click Add Item (Refer to the screenshot below)
    3. Select the condition type as the user and give the fully qualified username as the value and click to add it as a denylist item. 
    For example, if you want to block the user  [email protected]  from invoking APIs, you have to provide the value as [email protected]@cloudorg  by appending the organization key at the end of the username with the  '@'  character. 
    If you follow the above steps, the user will not be able to invoke APIs until you remove this denylist policy.
  2. How can I control the requests which reach my APIs?

    API Cloud uses a concept called throttling which allows you to limit the number of hits to an API during a given period of time. This can help you to

    • Protect your APIs from security attacks

    • Protect your backend services from overuse

    • Regulate traffic according to infrastructure limitations

    • Regulate usage for monetization.

    For information on different levels of throttling in WSO2 Cloud, see Throttling tiers . For more information on configuring throttling for your APIs refer this tutorial. 
  3. How can I block subscription to my APIs?

    An API creator blocks creator can block subscription to an API as a way of disabling access to it and managing its usage and monetization. If you want to block any subscriptions created by your API consumers all you need to do is follow the simple steps explained in the tutorial.

Consuming APIs through your applications

  1. How can I invoke my APIs through my developed applications in the integration cloud?

    The applications deployed in WSO2 Integration Cloud can  consume the APIs  created in  WSO2 API Cloud. Follow this tutorial on how to achieve this.

Migrating APIs

  1. How can I migrate my APIs among my cloud organizations?

    If you want to duplicate the APIs among your cloud organizations this is possible with the API Cloud. This will reduce the hassle of having to recreate the APIs in each organization for you. Please follow the tutorial on how to achieve this. 

  2. How can I migrate my on premise APIs on API Manager to the Cloud?

    If you have APIs created on your local instance of WSO2 API Manager you can simply follow this tutorial to migrate them to your cloud organization.

Customizing API Store

  1. What are the community features available for the WSO2 API Cloud to market my APIs?

    The API Store provides several community features to build and nurture an active community of users for your APIs. This is required to advertize APIs, learn user requirements and market trends. The following are some of the community features available in the API Store.

    You can refer the tutorial on more information. 

  2. How can I change the theme (look and feel) of my API Store?

    API Cloud provides the capability of customizing the default theme of the API Store to make it more appealing and personalized. Changing the theme is pretty simple and easy to do yourself. You can follow the tutorial on how to change the theme of your API Store in the API Cloud.

API Cloud Monetization - Make money through your APIs

  1. How can I charge my API Consumers(subscribers) for the usage of my APIs?

    Not only can you allow users to use your APis you can now charge them as well with the Monetization feature of the API Store. This feature allows the API publisher to customize the patterns of monetization. You can read more on the monetization feature in the article or simply enable the feature following the tutorial

User Management and Administration

  1. How can I log into the Cloud's advanced Management Console?

    In most cases, default user interfaces are sufficient for your administrative tasks. However, there are some scenarios, such as adding new user roles, that require the use of the advanced Management Console. Such scenarios are indicated in the corresponding documentation articles.

    You can log into the API Gateway's advanced Management Console using the URL .

  2. How can I add new members to my organization?

    You can simply invite members to your organization by providing their email address and the desired role you want them to be invited to. You can follow the tutorial on how to achieve this.

  3. How can I change the role names of the users of my organization?

    You can achieve this using the custom role feature of the cloud. Simply follow the steps mentioned in this tutorial to achieve this task.

  4. How do I customize Invitation emails for subscribers and publishers of my API Cloud organization?

    There are mainly two methods of how external users can be members of your cloud organization.
    • You can invite the members to a desired role of the cloud

    • Users can self-signup to you API Store (given you have enabled the feature for your API Store)

    For more details, see the following. 
  5. How do I remove a user from a role?

    You can simply remove a user from a role by following the below steps.
    For example, let's say you need to remove a user from an API subscriber role.

             1. Click on the 9 square menu icon which is at the top right corner of the webpage
             2. Click on the Members button.
             3. Select the user and click the edit button. When you click that, a list of available roles of the user will be shown.
             4. Uncheck the checkbox corresponding to the subscriber role of the user.

Authenticating external users
  1. How can external users register/sign up to my API Store?

    You can allow users to directly come and register to your API Store. You can additionally also choose to approve/reject these requests through the administrator dashboard of the API Cloud. To enable this feature for your API Store you need to simply carry out the steps mentioned in the tutorial

  2. How can I connect my on premise user store to the API Cloud?

    You can directly connect your internal LDAP user stores to the API Cloud. This allows you to provide authentication for users in the LDAP, without sharing the credentials of the LDAP with WSO2 Cloud. Follow this tutorial on how to connect your on premise user store to the WSO2 Cloud. 

  3. I want to use the LDAP as a secondary user store. How can we map the roles of my underlying userstore to those of the WSO2 API Cloud?

    In the WSO2 API Cloud we can plug in any on premise LDAP secondary user store as mentioned in the documentation. The user needs to provide us with the roles which maps to the roles in their underlying userstore and the mapping would be done for them. The following are the main 4 roles in the API Cloud for which your userstore roles can be mapped against by us.

    • API Subscribe : Roles allowed to subscribe to APIs

    • API Create:  Roles allowed to create APIs

    • API Publish:  Roles allowed to publish APIs

    • Access Admin app: Roles allowed to access the Admin app

  4. How can I connect my own Identity Provider to API Cloud?

    If you want your organization to link their IdP to WSO2 Identity Cloud to provide SSO-based authentication for API Cloud apps you can refer the below tutorial on how to achieve this with WSO2 Cloud.

  5. How can I authenticate subscribers who are not in the WSO2 Cloud user store?

    You can follow one of the two options below to achieve this.

    • The application is already using an Identity Provider (IdP) and now needs to substitute the SAML2 token from that IdP for an OAuth2 token and then invoke the APIs. For more information on this scenario, see SAML Extension Grant .

    • There is a directory or database containing the identities. The application gets the username and password from the end-user and needs to use them to fetch the OAuth2 token and then invoke the APIs. Please refer the tutorial for further information on this use case.

Troubleshooting APIs and Statistics

  1. Why am I not seeing statistics for my APIs?

    The gadgets listed below do not display real time statistics.They are refreshed in time intervals to display the the latest statistics generated, and the data scripts used to update them may take 10-15 minutes to be executed. Following are the time intervals each gadget is updated. Read more on API Cloud statistics here.

    Time Interval
    Last Update Time10 minutes
    API Latency Stats1 hour
    API Throttling Stats

    1 hour

    User Agent Stats1 hour
    Other Stats15 minutes

    After the above mentioned time duration the stats should appear for you. If you are still unable to view the statistics after the mentioned time period please contact the support team by clicking the support menu option or emailing us at [email protected]

  2. How can I find the API Gateway logs? 

    Follow the steps below,

     a. Log in to  WSO2 API Cloud .

     b. Go to the API Cloud Admin dashboard  (click Configure > Admin Dashboard).

     c. On the left navigator, click  Log Analyzer  > Live Log Viewer to view your recent logs on the WSO2 API Gateway.

  3. Why am I seeing “Could not get the logs at this moment” error on my live log viewer?

    If you see an error message similar to the above in the Live Log Viewer,
    • Your current browser session might be corrupted due to some browser actions. Refresh the browser to view the logs.
    • Your browser session may have expired or cleared. Log out from the API Cloud and log in again.
    • It may take some time to retrieve the logs the first time. So if there are any corruptions during this interval, it may lead to this error message. 
    • Refresh the Live Log Viewer page and try again.
  4. Why am I seeing “Too much of logs loaded. Please refresh to get new logs” error on my live log viewer?

If you are getting an error similar to the above, it means that you have reached the maximum limit of log lines during your current session. The limit of the log lines is very large and sufficient for debugging.  Refresh your browser to view the latest logs.

Backup and Storage 

  1. Can we retrieve older version of our APIs from a source control or from the lifecycle?

    You would need to maintain this yourself by using versioning which we provide in the API cloud as a feature.

  2. How can we backup our configuration in the API Cloud?

    There is no out of the box way in which individual users are able to backup the configurations since this is a shared environment hosted in the cloud. However we guarantee that the configurations are not lost. API Cloud has an implemented backup strategy to ensure no loss of data under any circumstance.

API Cloud Subscription

  1. What are the limitations of my API Cloud trial subscription?

    Your trial subscription would only be allowed for 14 days and you can extend this to an additional 14 days on request. If you are happy with your trial you can simply purchase a preferred pricing plan. Our flexible pricing plans allow even budget-constrained startups to scale up to high enterprise volumes because the total subscription depends on the services that are consumed. For detailed information, see pricing plans.
  2. How can I purchase an API Cloud Subscription?

    After your trial expires, click the Trial Expired menu, and then select Purchase Subscription.

    Provide your details in the Purchase Subscription form, and click SUBMIT.

    An account manager will get in touch with you within a day.


  1. How to grant access to WSO2 support team?

    1. Log in to the Cloud and navigate to the 9 dot menu on the top right hand corner

    2. Go to the ‘Organization’ option

    3. Check the checkbox marked as “Allow Access To WSO2 Support“ corresponding to the organization which you want the cloud team to access

      grant access.png
  2. How can I download the Public Certificate of the key used to sign the JWT Token sent to the backend in API Cloud?

    Each tenant in WSO2 Cloud has their own private key and it is used to sign the JWT token. Follow the steps below to get a public certificate.

    1. First, go to the Cloud's advanced Management Console and log in as your tenant admin.
    2. Click List under the Main > Manage > Keystores section.
    3. Click Public Key to download the Keystore's public key.

  3. What can I do when my custom URL certificate expires?

       You can use the updated certificates and follow the appropriate topic in Customizing Cloud Domains depending on the custom URL that you want to change.