This documentation is for WSO2 API Manager 2.1.0. View documentation for the latest release.

All docs This doc

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Replaced APIKeyValidator with <OAuthConfigurations>


When scopes which cannot be associated to roles are requested, the token should be issued without validating the scope. In WSO2 API Manager, you do this by whitelisting the scope through configuration. Patterns of the whitelisted scopes are specified via a configuration under the APIKeyValidator <OAuthConfigurations> element in the <APIM_HOME>/repository/conf/api-manager.xml file. Scopes that match the pattern are not validated by role and are available to anyone requesting it.