This documentation is for WSO2 API Manager 1.8.0 View documentation for the latest release.
Invoke an API using REST Clients - API Manager 1.8.0 - WSO2 Documentation
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

You can use the default REST client in the API Store to invoke an API. It has a simple Web interface and facilitates a range of HTTP verbs (GET, POST, PUT, DELETE, OPTIONS), header and payload fields. Alternatively, you can use third-party tools like cURL or the Swagger API console.  

See the following topics for a description of the concepts that you need to know when invoking an API:

The examples here use the PhoneVerification API, which is created in section Create and Publish an API.

  1. Log in to the API Store.
  2. Click an API that you want to invoke (e.g., PhoneVerification).
  3. The API's Overview page opens. Select an application, the Bronze tier and subscribe to the API.
  4. Go to the My Subscriptions page and generate a production key to the default application using which you subscribed to the API.
  5. Copy the access token to the clipboard as you need it later to invoke the API.
  6. Click the RESTClient menu that appears under the Tools menu in the API Store.

  7. The REST client opens. Select the GET method and provide the following information in the rest of the fields:


    To get the URL, go to the API's Overview tab in the API Store. The URL takes the form http://<host_name>:8280/<context>/<version>/<Resource, if any><back end service requirements included as parameters, if any>. For example, where /phoneverify is the context, 1.0.0 is the version and CheckPhoneNumber is the resource.

    As you are going to make an HTTP GET call in this tutorial, append the payload to the URL. For example,


    Authorization:Bearer <give the access token that you generated in step 4>
    E.g, Authorization:Bearer U9znDo4OSYPfzoW16S2puHmKahga

    OAuth security is enforced on all published APIs. Consumers must send the credentials (application access token) as per the OAuth bearer token profile. If not, you receive a 401 Unauthorized response in return.

  8. Click the Send button to invoke the API. The response appears in the console.
    As we used a valid phone number in this example, the response returns as valid.

  9. Within a minute after the first API invocation, make another attempt to invoke the API.
  10. Note that you get a throttling error. This is because you applied a Bronze tier at the time you subscribed to the API and the Bronze tier only allows one API call per minute.

You have invoked an API using the REST client integrated in the API Store.


  • No labels