With WSO2 API Manager, you can maintain a production and a sandbox endpoint for a given API. The production endpoint is the actual location of the API, whereas the sandbox endpoint points to its testing/pre-production environment.
When you publish an API using the API Publisher, it gets deployed on the API Gateway. By default, there's a single Gateway instance (deployed either externally or embedded within the publisher), but you can also set up multiple Gateways:
Single Gateway to handle both production and sandbox requests
This is the default scenario. Because this Gateway instance handles both production and sandbox token traffic, it is called a hybrid API Gateway. When an API request comes to the API Gateway, it checks whether the requesting token is of type PRODUCTION or SANDBOX and forwards the request to the appropriate endpoint. The diagram below depicts this scenario.
Multiple Gateways to handle production and sandbox requests separately
Having a single gateway instance to pass through both types of requests can negatively impact the performance of the production server. To avoid this, you can set up separate API Gateways. The production API Gateway handles requests that are made using PRODUCTION type tokens and the sandbox API Gateway handles requests that are made using SANDBOX type tokens.
The diagram below depicts this using two Gateways:
In either of the two approaches, if an API Gateway receives an invalid token, it returns an error to the requesting client saying that the token is invalid.
You configure production and sandbox gateways using the
<Environments> element in the
<AM_HOME>/repository/conf/api-manager.xml file as shown in the following example:
type attribute of the
<Environment> element can take the following values:
- Production: A production type Gateway
- Sandbox: A sandbox type Gateway
- Hybrid: The Gateway handles both types of tokens
If you work with Gateways in different geographical locations, configuring multiple environments using the <APIGateway> element in the <APIM_HOME>/repository/conf/api-manager.xml file is recommended. The diagram below depicts a sample setup:
Figure: API Gateways in different geographical regions