This documentation is for WSO2 API Manager 1.9.0. View documentation for the latest release.
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

An API creator blocks subscription to an API as a way of disabling access to it and managing its usage and monetization. A blocking can be temporary or permanent. There is an unblocking facility to allow API invocations back.

You block APIs by subscriptions. That is, a given user is blocked access to a given API subscribed to using a given application. If a user is subscribed to two APIs using the same application and you block access to only one of the APIs, s/he can still continue to invoke the other APIs that s/he subscribed to using the same application. Also, s/he can continue to access the same API subscribed to using different applications.

 Blocking can be done in two levels:

  • Block production and sandbox access: API access is blocked with both production and sandbox keys
  • Block production access only: Allows sandbox access only. Useful when you wants to fix and test an issue in an API. Rather than blocking all access, you can block production access only, allowing the developer to fix and test.

When API Gateway caching is enabled (it is enabled by default), even after blocking a subscription, consumers might still be able to access APIs until the cache expires, which happens approximately every 15 minutes.

See the following topics for a description of the concepts that you need to know when you block subscriptions to an API:

  1. Log in to the API Publisher.
  2. Create two APIs by the names TestAPI1 and TestAPI2 and publish them to the API Store. In this example, the two APIs use the same backend and resources that were used when creating the PhoneVerification API in the first tutorial.
  3. Log in to the API Store, click the APIs menu and note that the two APIs are visible in the APIs page.
  4. Subscribe to both APIs using the same application. You can use a default application or a new one.
  5. Go to the My Subscriptions page and create an access token to the application.
  6. Invoke both APIs using the access token you got in the previous step. In this example, we use the API Console tab of the APIs to invoke it.
  7. Note that you can successfully invoke both APIs.

    You have subscribed to and invoked two APIs. Let's block one subscription and see the outcome.
  8. Log in to the API Publisher and click the Subscriptions menu to open the Subscriptions page. It shows all APIs/applications that each user is subscribed to.
  9. Block your previous subscription for TestAPI1. Select the production and sandbox option and click the Block link.

  10. Note that the Block link immediately turns to Unblock, allowing you to activate the subscription back at any time.
  11. Log back to the API Store and invoke the two APIs (TestAPI1 and TestAPI2) again.

    You might have to regenerate the access token for DefaultApplication if the access token expiration time (1 hour by default) has passed since the last time you generated it. You can refresh the access token by going to the My Subscriptions page in the Store.

  12. Note that you can invoke only TestAPI2 again. When you invoke TestAPI1, it gives a message that the requested API is temporarily blocked. Neither the API creator nor any subscriber can invoke the API until the block is removed.
  13. Go back to the API Publisher's Subscriptions page and unblock the subscription. 
  14. Invoke TestAPI1 again and note that you can invoke it as usual.

You have subscribed to two APIs, blocked subscription to one and tested that you cannot invoke the blocked API.


  • No labels