This section explains how to attach a custom workflow to the application registration operation in the API Manager. First, see Workflow Extensions for information on different types of workflow executors.
Introduction to Application registration (Key generation) workflow
Application creation and Application registration are different workflows. After an application is created, you can subscribe to available APIs, but you get the consumer key/secret and access tokens only after registering the application. There are two types of registrations that can be done to an application: production and sandbox. You change the default application registration workflow in situations such as the following:
- To issue only sandbox keys when creating production keys is deferred until testing is complete.
- To restrict untrusted applications from creating production keys. You allow only the creation of sandbox keys.
- To make API subscribers go through an approval process before creating any type of access token.
Before you begin, if you have changed the API Manager's default user and role, make sure you do the following changes:
Change the credentials of the workflow configurations in the registry resource
a. Login to the Management console of WSO2 API Manager in https://localhost:9443/carbon.
b. Click on browse under Resources in left Navigation under Main tab.
c. Go to /_system/governance/apimgt/applicationdata/workflow-extensions.xml location in registry browser and open the workflow-extensions.xml clicking Edit as text.
d. Uncomment the following two sections and change the credentials of API Manager's default user credetials you have given.
This configuration is provided assuming that WSO2 BPS is running with offset 2. If you are running WSO2 BPS in a different offset change the port of serviceEndpoint properties in following configuration according to the changed port offset.
Make sure to comment out the existing ProductionApplicationRegistration and SandboxApplicationRegistration executors as shown below.
Point the database that has the API Manager user permissions to BPS.
In this step you need to share the user store database in WSO2 API Manager with WSO2 BPS.
a. Copy the following datasource configuration in <API-M_HOME>/repository/conf/datasources/master-datasources.xml :
We are using MySQL to configure the datasources in this documentation. You can configure this according to the database you are using. Refer Setting up the Physical Database for more information.
b. Change the datasource to point the WSO2UM_DB by changing the realm configuration in <API-M_HOME>/repository/conf/user-mgt.xml as shown below.
c. Do the configuration described in a and b in <BPS_HOME>/repository/conf/datasources/master-datasources.xml and <BPS_HOME>/repository/conf/user-mgt.xml respectively.
- Share any LDAPs, if exist.
<API-M>/business-processes/application-registration/HumanTask/ApplicationRegistrationTask-1.0.0.zipfile, update the role as follows in the
ApplicationRegsitrationTask.htfile, and ZIP the
Configuring the Business Process Server
- Download WSO2 Business Process Server.
Set an offset of 2 to the default BPS port in the
<BPS_HOME>/repository/conf/carbon.xmlfile. This prevents port conflicts that occur when you start more than one WSO2 product on the same server. For more information, see Changing the Default Ports with Offset.
Tip: If you change the BPS port offset to a value other than 2 or run the API Manager and BPS on different machines (therefore, want to set the
hostnameto a different value than
localhost), you do the following:
- Search and replace the value 9765 in all the files (.epr) inside
<APIM_HOME>/business-processesfolder with the new port (9763 + port offset.)
- Search and replace the value 9765 in all the files (.epr) inside
<BPS_HOME>/repository/conf/humantask.xmlfile and the
<BPS_HOME>/repository/conf/b4p-coordination-config.xmlfile and set the
TaskCoordinationEnabledproperty to true.
Copy the following from the
<API-M_HOME>/business-processes/eprfolder to the
<BPS_HOME>/repository/conf/eprfolder does not exist, create it.
Make sure you give the correct credentials in the
Start the BPS server and log in to its management console (
https://<Server Host>:9443+<port offset>/carbon).
- Select Add under the Processes menu and upload the
<APIM_HOME>/business-processes/application-registration/BPEL/ApplicationRegistrationWorkflowProcess_1.0.0.zip fileto BPS. This is the business process archive file.
- Select Add under the Human Tasks menu and upload the
<APIM_HOME>/business-processes/application-registration/HumanTask/ApplicationRegistrationTask-1.0.0.zipfile to BPS. This is the human task archived file.
Configuring the API Manager
<API-M_HOME>/repository/deployment/server/jaggeryapps/admin/site/conf/site.json file and configure "
workFlowServerURL" under "
workflows" to point to the BPS server (e.g.
Engaging the WS Workflow Executor in the API Manager
First, enable the application registration workflow.
- Log in to the APIM management console (
https://<Server Host>:9443/carbon) and select Browse under Resources.
Go to the
/_system/governance/apimgt/applicationdata/workflow-extensions.xmlresource, disable the Simple Workflow Executor and enable WS Workflow Executor:
Note that all workflow process services of the BPS run on port 9765 because you changed its default port (9763) with an offset of 2.
Go to the API Store and open the application with which you subscribed to the API. In the Production Keys tab, click the Generate Keys button.
It invokes the
ApplicationRegistrationWorkFlowProcess.bpelthat is bundled with the
ApplicationRegistrationWorkflowProcess_1.0.0.zipfile and creates a HumanTask instance that holds the execution of the BPEL process until some action is performed on it.
Note that a message appears saying that the request is successfully submitted if the BPEL was invoked correctly.
Log in to the Admin Portal (
https://<Server Host>:9443/admin) and list all the tasks for application registrations. Click Start to start the Human Task and then change its state. Once you approve the task, it resumes the BPEL process and completes the registration.
Go back to the API Store and view your application.
It shows the application access token, consumer key and consumer secret.
After the registration request is approved, keys are generated by invoking the
APIKeyMgtSubscriberservice hosted in Key Manger nodes. Even when the request is approved, key generation can fail if this service becomes unavailable. To address such failures, you can configure to trigger key generation at a time Key Manager nodes become available again. Given below is the message used to invoke the BPEL process: