This documentation is for WSO2 API Manager 2.0.0. View documentation for the latest release.

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Log in to the API Store (https://<hostname>:9443/store) and click on an API (e.g., PhoneVerification 1.0.0) to open it.


    Tip: In a multi-tenanted API Manager setup, you can access any tenant's store using the URL http://<hostname>:<port>/store?tenant=<tenant_name>.

  2. Note the subscription options for the API.

  3. Click the Applications menu and click Add Application to create a new application.


    Tip: Instead of creating a new application, you can also use the default application.

  4. Give a name and per token quota for the application and click Add
  5. Go back to the API's subscription options and select the application you just created, a tier and click Subscribe.
  6. Click the View Subscriptions button when prompted. The Subscriptions tab opens.

  7. Click the the Production Keys tab and click Generate Keys to create an application access token. You can use this token to invoke all APIs that you subscribe to using the same application tab.


    If you have a supported callback URL which does a callback to a specific server or a program soon after you application request is sent, you can specify it under Callback URL field under Prouction Keys.


    Tip: You can set a token validity period in the given text box. By default, it is set to one hour. If you set a minus value (e.g., -1), the token will never expireexpires.


    By default the grant types ticked in above image will be used to generate access token. You can specify the grant types you require before generating the access token. Refer Token API documentation for more information on supported grant types of WSO2 API Manager.


    If you are using the WSO2 Identity Server as the Key Manager for your API Manager deployment, generating keys will result in creation of a Service Provider on the Identity Server.

  8. Click Generate Keys to create an application access token. You can use this token to invoke all APIs that you subscribe to using the same application.

  9. Install cURL if it is not there in your environment. Note that cURL comes by default in some operating systems. You can also use any other REST client.

  10. Open the command line and execute the following cURL command:

    Code Block
    curl -k -H "Authorization: Bearer <access token>" -v '<API URL>'

    Be sure to replace the placeholders as follows:

    • <access token>: Give the test token generated in step 7
    • <API URL>: Go to the API's Overview tab in the API Store and copy the production URL and append the payload to it. E.g., https://localhost:8243/phoneverify/1.0.0/CheckPhoneNumber?PhoneNumber=18006785432&LicenseKey=0

    Here's an example:

    Code Block
    curl -k -H "Authorization :Bearer de0d324c3b50501955e5d649cf0442e6" 'https://localhost:8243/phoneverify/1.0.0/CheckPhoneNumber?PhoneNumber=18006785432&LicenseKey=0'
  11. Note the result that appears on the command line.

  12. Similarly, invoke the POST method using the following cURL command:

    Code Block
    curl -k -H "Authorization :Bearer de0d324c3b50501955e5d649cf0442e6" --data "PhoneNumber=18006785432&LicenseKey=0" https://localhost:8243/phoneverify/1.0.0/CheckPhoneNumber