WSO2 API Cloud documentation is getting a whole new look at
Try WSO2 Cloud for Free
Sign in

All docs This doc

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Log in to the API Publisher.
  2. Create two APIs by the names TestAPI1 and TestAPI2 and publish them to the API Store.
    Image RemovedImage Added
  3. Log in to the API Store. Click the APIs menu and note that the two APIs are visible in the APIs page.
    Image RemovedImage Added
  4. Subscribe to both APIs using the same application. You can use an existing application or create a new one. 
    Image RemovedImage Added
  5. Click the APPLICATIONS menu, click the application that you used to subscribe to the API with (DefaultApplication in this example), go to its Production Keys tab, and re-generate its access token. By default, access tokens expire an hour after creation.application.
  6. Invoke both APIs using the access token you got in the previous step. We use cURL here. The command is,

    Code Block
    curl -k -H "Authorization: Bearer <access token>" '<API URL>'

    Be sure to replace the placeholders as follows:

    • <access token>: Give the token generated in step 5
    • <API URL>: Go to the API's Overview tab in the API Store and copy the production URL and append the payload to it. 

    Here's an example:

    Code Block
    curl -k -H "Authorization: Bearer f1d4d097-ebcc-3f02-8d91-0bd4e882ffcd" ''

    You have subscribed to two APIs and invoked them successfully. Let's block one subscription and see the outcome.

  7. Log back to the API Publisher.
  8. Click MANAGE SUBSCRIPTIONS. It shows all APIs/applications that each user is subscribed to.
  9. Block subscription for TestAPI1 using the DefaultApplication. Select the production and sandbox option and click the Block link.
  10. Note that the Block link turns to Unblock, allowing you to activate the subscription back at any time.
  11. Invoke the two APIs (TestAPI1 and TestAPI2) again.


    You might have to regenerate the access token for DefaultApplication as done in step 5, if the access token expiration time (1 hour by default) has passed since the last time you generated it.

  12. Note that you can invoke TestAPI2 again but when you invoke TestAPI1, it gives a message that the requested API is temporarily blocked. Neither the API creator nor any subscriber can invoke the API until the block is removed.


    Tip: You might still be able to invoke an API within 15 minutes after blocking a subscription, until the cache is renewed.

  13. Back in the API Store, click the APPLICATIONS menu, select the application that you used to subscribe to the two APIs earlier, click its Subscriptions tab, and note that your subscription is now blocked.