This documentation is for WSO2 API Manager 2.1.0. View documentation for the latest release.

All docs This doc
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

In a typical API Manager deployment, different components talk to the KeyManager interface to achieve different tasks. For instance -

  • After creating an application in API store, subscribers would click on the generate button to register an application. At this point, the API store talks to the KeyManager to create an OAuth client and get the Consumer Key/Secret and the Application Access token.
  • When the Gateway receives a request, it talks to KeyManager and get the token validated. The KeyManager checks if the token is active, and whether the token is usable to invoke the resource being accessed. If the token is valid, the KeyManager sends additional details about the token (i.e., the Throttling Tier for the subscription and Consumer key) to the Gateway in the response. In turn the Gateway uses these details to determine if the request should be passed to the backend or not. 

Therefore, the KeyManager interface acts as the bridge between the OAuth Provider and WSO2 API Manager (WSO2 API-M). 

  • No labels