This documentation is for WSO2 API Manager 2.2.0. View documentation for the latest release.

All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated screenshots, formatting and made general improvements

...

The examples here use the PhoneVerification REST API, which is was created in the section Create and Publish an API.

  1. Sign in to the WSO2 API Store (https://<hostname>:9443/store) and click on an API (e.g., PhoneVerification 1.0.0) to open it.

    Tip

    In a multi-tenanted WSO2 API Manager setup, you can access any tenant's store using the URL http://<hostname>:<port>/store?tenant=<tenant_name>.

  2. Note the subscription options for the REST API.
    Image Modified

  3. Click the Applications menu and click Add Application to create a new application.
    Image Modified

  4. Enter the name as TestApp and select the per token quota as 50PerMin for the application and click Add
    Image Modified
  5. Click APIs and click on the PhoneVerification API to view the API's subscription options.
  6. Select the application that you just created, a tier, and click Subscribe.
    Image Modified
  7. Click the View Subscriptions button when prompted.
    The Subscriptions tab opens.

  8. Click the Production Keys tab.

    Note

    If you have a supported callback URLwhich that sends a callback to a specific server or a program soon after your application request is sent, you can specify it under the Callback URL field under in the Production Keys tab.

    Anchor
    GenerateKey
    GenerateKey
    Image Removed

  9. Click Generate Keys to create an application access token. You can use this token to invoke all APIs that you subscribe to using the same application. 

    Tip

    You can set a token validity period in the Access token validity period text box. By default, it is set to one hour. If you set a minus value (e.g., -1), the token never expires.

    By default the
    Info
    Info

    By default, the Client Credentials grant type will be is used to generate the access token. Make sure the Client Credentials grant type is selected when generating keys from the UI. Refer Token API for For more information on how to generate supported grant types of WSO2 API Manager, see Token API.

    title Tokens with specific Scopes
    Tip
    • Access
    Access
    • tokens can be generated for specific scopes. A scope acts as a limiting factor on what API resources can be accessed using a token.
    • To generate an access token corresponding to a scope, use the drop down menu
    under Scopes
    • under Scopes and select the required scope parameter.
    • You can set a token validity period in the Access token validity period text box. By default, it is set to one hour. If you set a minus value (e.g., -1), the token never expires.

    Image Added

    Note

    If you are using the WSO2 Identity Server 5.3.0 as the Key Manager for your API Manager deployment, generating keys will result in the creation of a Service Provider service provider on the Identity Server.

  10. Install cURL if it is not there in your environment. 

    Info

    cURL comes by default in some operating systems. You can also use a REST client instead.

  11. Open the command line and execute the following cURL command:

    Localtab Group
    Localtab
    activetrue
    titleFormat
    Code Block
    curl -k -H "Authorization: Bearer <access_token>" -v '<api_url><payload>'

    Be sure to replace the placeholders as follows:

    • <access token>: Give Provide the test token generated in step 89. Click Applications, click on the respective application , which (in this case is TestApp), click Production KeyKeys, and click copy button the copy icon next to the Access Token field to copy the access token.

      Warning

      Make sure you have updated the flash plugin plug-in in your web browser in order to get the copy button workingfor the copying to work.

      Image Modified 

    • <API URL>: Click on the respective API, which in this case is " PhoneVerification - 1.0.0". When the API's Overview tab appears in the API Store, copy the production URL and append the payload to it.
      For example,  https://localhost:8243/phoneverify/1.0.0/CheckPhoneNumber?PhoneNumber=18006785432&LicenseKey=0
      Image Modified

    Localtab
    titleExample
    Code Block
    curl -k -H "Authorization :Bearer 3dfafa3a-b1e3-3550-8a25-88e4b4fe2fb3" 'https://localhost:8243/phoneverify/1.0.0/CheckPhoneNumber?PhoneNumber=18006785432&LicenseKey=0'
    Localtab
    titleOutput

    Note the result <Valid>true</Valid> that appears in the command line.

    Code Block
    <?xml version="1.0" encoding="utf-8"?>
    <PhoneReturn xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://ws.cdyne.com/PhoneVerify/query">
      <Company>Toll Free</Company>
      <Valid>true</Valid>
      <Use>Assigned to a code holder for normal use.</Use>
      <State>TF</State>
      <RC />
      <OCN />
      <OriginalNumber>18006785432</OriginalNumber>
      <CleanNumber>8006785432</CleanNumber>
      <SwitchName />
      <SwitchType />
      <Country>United States</Country>
      <CLLI />
      <PrefixType>Landline</PrefixType>
      <LATA />
      <sms>Landline</sms>
      <Email />
      <AssignDate <AssignDate>Unknown</>AssignDate>
      <TelecomCity />
      <TelecomCounty />
      <TelecomState>TF</TelecomState>
      <TelecomZip />
      <TimeZone />
      <Lat />
      <Long />
      <Wireless>false</Wireless>
      <LRN />
    </PhoneReturn>
    Info
    titleTroubleshooting

    If you get an error that states "Invalid Credentials" error, carryout follow the following steps below to overcome the errorproceed. This error is a result of the access token getting expiredexpiring. The default validity period of the access token is 1 hour.

    1. Optionally, you can update the token validity period in the Access token validity period text box so that the access token will be is valid for a longer period, or you can even set a minus value (e.g., -1) so that the token never expires.

    2. Re-generate the access token.
      Click Applications, click on the respective application (i.e., TestApp), click Production Key, and click Re-generate. Thereafter, use Use the new access token when running the cURL commands.

  12. Similarly, invoke the POST method using the following cURL command:

    Localtab Group
    Localtab
    activetrue
    titleFormat
    Code Block
    curl -k -H "Authorization :Bearer <access token>" --data "PhoneNumber=<phone_number>&LicenseKey=<license_key>" <api_url>
    Localtab
    titleExample
    Code Block
    curl -k -H "Authorization :Bearer 3dfafa3a-b1e3-3550-8a25-88e4b4fe2fb3" --data "PhoneNumber=18006785432&LicenseKey=0" https://localhost:8243/phoneverify/1.0.0/CheckPhoneNumber
    Localtab
    titleOutput
    Code Block
    <?xml version="1.0" encoding="utf-8"?>
    <PhoneReturn xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://ws.cdyne.com/PhoneVerify/query">
      <Company>Toll Free</Company>
      <Valid>true</Valid>
      <Use>Assigned to a code holder for normal use.</Use>
      <State>TF</State>
      <RC />
      <OCN />
      <OriginalNumber>18006785432</OriginalNumber>
      <CleanNumber>8006785432</CleanNumber>
      <SwitchName />
      <SwitchType />
      <Country>United States</Country>
      <CLLI />
      <PrefixType>Landline</PrefixType>
      <LATA />
      <sms>Landline</sms>
      <Email />
      <AssignDate <AssignDate>Unknown</>AssignDate>
      <TelecomCity />
      <TelecomCounty />
      <TelecomState>TF</TelecomState>
      <TelecomZip />
      <TimeZone />
      <Lat />
      <Long />
      <Wireless>false</Wireless>
      <LRN />
    </PhoneReturn>

You have subscribed to an API and invoked it.

Tip

To unsubscribe from an API, click the Applications menu and click View next to the application used for the subscription. Go to the Subscriptions tab, locate the API, and click the Unsubscribe link associated with it.
Image Modified

If you unsubscribe from an API and then resubscribe with a different tier, it takes approximately 15 minutes for the tier change to be reflected. This is because the older tier remains in the cache until it is refreshed periodically by the system.