This documentation is for WSO2 API Manager 1.5.0 View documentation for the latest release.
Publishing to API Stores - API Manager 1.5.0 - WSO2 Documentation
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

While an API is the published interface, a corresponding service running in the back-end handles its actual implementation. APIs have their own lifecycle, independent from the back-end service they rely on. This section covers the following:

The default API lifecycle

The default API lifecycle has the following stages:

  • CREATED: API metadata is saved, but it is not visible to subscribers yet, nor deployed to the API Gateway.
  • PUBLISHED: API is visible in API Store, and eventually published if the Propagate Changes to API Gateway option is selected at publishing time.
  • DEPRECATED: API is still deployed into API Gateway (available at runtime to existing users), but not visible to subscribers. An API is automatically deprecated when a new version is published.
  • RETIRED: API is unpublished from the API gateway and deleted from the store.
  • BLOCKED: Access is temporarily blocked. Runtime calls are blocked and the API is not shown in the API store anymore.

The diagram below shows the general API and backend service life cycle elements.

Figure: API and backend service life cycle elements

API Publisher has a separate tab called Lifecycle using which you can publish APIs to the API Store, depreciate, retire and perform other operations to an API. The Life Cycle tab is only visible to and manageable by a user who is assigned the publisher role. For instructions on creating a user with the publisher role, refer to section User Management .

Let's take a look at how to perform some common life cycle operations on an API.

Publishing an API

  1. Log in to the API Publisher (https://<HostName>:9443/store) as a user who has the publisher role assigned. 
  2. From the All APIs window that opens, click on the API you want to publish.
  3. The API's overview window opens. Click the Life Cycle tab, which displays the API's available states.

    The Life Cycle tab is only visible to users with publisher privileges.


  4. To publish the API, select the PUBLISHED state from the drop-down list. You get three check boxes to select as follows:

    Propagate Changes to API Gateway

    Used to define an API proxy in the API Gateway runtime component, allowing the API to be exposed to the consumers via the API Gateway. If this option is left unselected, the API metadata will not change and you will have to manually configure the API Gateway according to the information published in the API Store.

    Deprecate Old Versions

    If selected, any prior versions of the API will be set to the DEPRECATED state automatically.

    Require Re-Subscription

    Invalidates current user subscriptions, forcing users to subscribe again.

  5. Select the necessary options and click the Update button to publish the API to the API Store. Note the API life cycle history visible at the bottom of the page. 

Publishing to multiple external API stores

API publishers can share an API to application developers who are subscribed to multiple tenant-specific WSO2 API Stores, in order to expose the API to a wider community.

From WSO2 API Manager 1.5.0 onwards, you can publish APIs only to WSO2-specific external API Stores.

Follow the steps below to configure:

  1. Uncomment the existing <ExternalAPIStores> element in <AM_Home>/repository/conf/api-manager.xml file of the API Publisher node, and configure an <ExternalAPIStores> element for each external WSO2 API Stores that you need to publish APIs to. For example,

           <ExternalAPIStore id=”Store1” type="wso2">
  2. d


In above configuration,

  • id : The external store identifier. This is an unique value.
  • type : Store type. Currently we support only WSO2-specific API Stores
  • <DisplayName> : The name of the Store that is displayed in the publisher UI
  • <Endpoint> : URL of the API Store
  • <Username> & <Password> : Credentials of a user who has permissions to create and publish APIs


Add secure vault configuration for user-credential defined in <ExternalAPIStore> configuration


To secure the user’s credentials which used in above configuration secure-vault implementation can be used.


Enter a similar configuration to in the location {AM_Home}/repository/conf/security for each external APIStore config as below.




Then in the file in the location {AM_Home}/repository/conf/security,add the below configuration;




Then using the cipher tool to generate the encrypted values for above password configuration and use that encrypted password for above configuration in api-manager.xml.

 Once enable,the above configuration,start the AM server and create an API.Once browse that created API,there will be a new tab created called ‘External API Stores’ as shown below.


Similarly, you can deprecate, retire and block APIs. Next, see how to manage subscriptions and access tokens in Managing API Usage.

  • No labels