Introduction to Handlers
When an API is created, a file with its synapse configuration is added to the API Gateway. You can find it in the
<APIM_HOME>/repository/deployment/server/synapse-configs/default/api folder. It has a set of handlers, each of which is executed on the APIs in the same order they appear in the configuration. You find the default handlers in any API's Synapse definition as shown below.
Let's see what each handler does:
APIAuthenticationHandler:Validates the OAuth2 bearer token used to invoke the API. It also determines whether the token is of type
MessageContextvariables as appropriate.
APIThrottleHandler:Throttles requests based on the throttling policy specified by the
policyKeyproperty. Throttling is applied both at the application level as well as subscription level.
APIMgtUsageHandler:Publishes events to BAM for collection and analysis of statistics. This handler only comes to effect if . See Publishing API Runtime Statistics for more information.
APIMgtGoogleAnalyticsTrackingHandler:Publishes events to Google Analytics. This handler only comes into effect if Google analytics tracking is enabled. See for more information.
APIManagerExtensionHandler:Extends the mediation flow of messages passing through the API Gateway. See s for more information.
Writing a custom handler
WSO2 API Manager provides OAuth2 bearer token as its default authentication mechanism. The source code of the implementation is here. Similarly, you can extend the API Manager to support any custom authentication mechanism by writing your own authentication handler class. This custom handler must extend
org.apache.synapse.rest.AbstractHandler class and implement the
Given below is an example implementation:
After implementing the custom handler as explained above,
- Build the class and copy the jar file to
- Log in to the management console and select Service Bus > Source View in the Main menu.
In the ESB configuration that opens, the following line appears as the first handler. This is the current authentication handler used in the API Manager.
Replace the above line with the handler that you created to engage your custom handler to the API Manager instance. According to this example, it is as follows: