WSO2 App Factory has inbuilt support for WSO2 API Manager. When an application is created in App Factory, it is automatically linked to API Manager's storefront, allowing that application to easily consume enterprise APIs readily available. The API Store gives the application developers an understanding of what capabilities are already available for reuse before starting new developments. This reduces cost of rework and time to market.
Follow the instructions below to consume APIs from your application. Only application owner can subscribe to APIs via API Manager and re/generate keys. Other roles ( i.e Developers, QAs and DevOps ) can only view subscribed APIs and keys generated by the application owner.
- Log in to the App Factory and choose an application where logged in user is the application owner and click the Resources tab from the left panel.
- The Resource Overview window opens with separate tabs for each resource. Scroll down to the APIs section and click the Subscribe to APIs button.
- The WSO2 API Store opens in a separate browser tab. It displays all published APIs in the store and you are already signed in with the same credentials of App Factory.
Subscribing to APIs
- Select an API in the store. You can use the search facility to search for a particular API or Tags to quickly jump to an API category of your choice.
- After selecting an API, click on it to view its details. You can read the API's overview/documentation to get an idea of the functionality it provides. It is also possible for users to rate and comment on the API so you a live update of the community's engagements on it.
- To subscribe to an API from your application, select your application from the Applications drop-down list and a tier and click the Subscribe button.
Application-level throttling tiers
- If the subscription is successful, a message appears. If you chose to view your current subscriptions, you are navigated to the My Subscriptions window. You have now successfully subscribed to an API.
- Go back to the App Factory portal, click the Resources tab from the left panel and then click the APIs tab. It shows the API you just subscribed to along with keys to invoke the API automatically generated from the system. For example,
You must pass the API keys in the incoming API requests when invoking an API. The API key (generated Access Token) is a simple string, which must be passed as an HTTP header. For example: "Authorization: Bearer NtBQkXoKElu0H1a1fQ0DWfo6IX4a." It works equally well for SOAP and REST calls.
API keys are generated at the application-level and valid for all APIs which are associated to an application. The OAuth2 standard is leveraged to provide a simple, easy-to -use key management mechanism.
Renewing API Keys
All API keys generated in the above step have a fixed expiration time. You can extend this default expiration time by editing the <AccessTokenDefaultValidityPeriod> tag in file <API_Manager_Home>/repository/conf/identity.xml
When a key expires, application owner has to login to API Manager and regenerate keys. By clicking Renew API Keys button, newly generated keys can be viewd by App Factory.