This documentation is for WSO2 API Manager 2.5.0. View documentation for the latest release.

All docs This doc

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated the production and sandbox endpoints


  1. Download and install the WSO2 API Manager Tooling Plug-in if you have not done so already. Open Eclipse by double clicking the file inside the downloaded folder. 

  2. Click Window > Open Perspective > Other to open the Eclipse perspective selection window. Alternatively, click the Open Perspective icon shown below at the top right corner.

  3. On the dialog box that appears, click WSO2 APIManager and click OK.
  4. On the APIM perspective, click the Login icon as shown below.
  5. On the dialog box that appears, enter the URL, username and password (by default admin) of the Publisher server.
  6. On the tree view that appears, expand the folder structure of the existing API.
  7. Right-click on the in sequence folder and click Create to create a new in sequence.
  8.  Name the sequence TokenExchange.

  9. Your sequence now appears on the APIM perspective. From under the Mediators section, drag and drop a Property mediator to your sequence and give the following values to the mediator.


    Tip: The Property Mediator has no direct impact on a message, but rather on the message context flowing through Synapse. For more information, see Property Mediator in the WSO2 EI documentation.

    The following property mediator is used to assign the Custom transport level property to another property called Custom.

    Property NameNew Property
    New Property NameCustom
    Value TypeEXPRESSION
    Value Expressionget-property('transport', 'Custom')

  10. Similarly, add another Property mediator to your sequence and give the following values to the mediator. This property mediator is used to construct a transport level property called Authorization and assign itself the value of the Custom property created above.

    Property NameNew Property
    New Property NameAuthorization
    Value TypeEXPRESSION
    Value Expressionget-property('Custom')
    Property Scopetransport

  11. Add a third Property mediator to your sequence and give the following values to the mediator. This property mediator is used to remove the Custom property from the transport level.

    Property NameNew Property
    New Property NameCustom
    Property Actionremove
    Property Scopetransport

  12. Save the sequence. 

  13. Right-click on the sequence and click Commit File to push the changes to the Publisher server.

    Let's create a new API and engage the sequence you created to it.

  14. Log in to the API Publisher, click the Add link and give the information in the table below.

    FieldSample value

  15. Leave the Resources section blank, and click Next: Implement >. Add a wildcard resource (/*) when prompted. Click Next: Implement > again to move to the Implement tab.

  16. The Implement tab opens. Give the information in the table below. 

    FieldSample value
    Endpoint typeHTTP endpoint
    Production endpoint


    Sandbox endpointhttps
    Image Removed
  17. Select the Enable Message Mediation check box, engage the In sequence that you created earlier and click Manage.


    In Flow, Out Flow and Fault Flow represent the custom In, Out and Fault sequences attached to the API by the user other than the default sequence definition of the API.

  18. In the Manage tab, select the Gold tier and click Save and Publish to publish the API to the API Store.

    Let's subscribe to the API and invoke it.

  19. Log in to the API Store and subscribe to the API using an available application and the Gold tier. If there are no applications available by default, create one. 

  20. Click the View Subscriptions button when prompted. The Subscriptions tab opens.

  21. Click the Production Keys tab and click Generate Keys to create an application access token. 

  22. Install any REST client in your machine. We use cURL here.

  23. Go to the command line, and invoke the API using the following cURL command. In this command, you pass the token that the backend expects, i.e., 1234, in the Custom header with the authorization token that the system generates in the Authorization header. 

    Code Block
    curl -H "Authorization: Bearer <access token>" -H "Custom: Bearer 1234" <API URL>

    Note the following:

    • <access token> is the token that you got in step 20.
    • <API URL> appears on the API's Overview page in the API Store. Copy the HTTP endpoint. If you select the HTTPs endpoint, be sure to run the cURL command with the -k option.

    Here's an example:

    Code Block
    curl -k -H "Authorization: Bearer 2e25097b2b3fbbfb44f5642fa8a495a1" -H "Custom: Bearer 1234" https://localhost:8243/test/1.0.0
  24. Note the response that you get in the command line. According to the sample backend used in this tutorial, you get the response as "Request Received."