Try WSO2 Cloud for Free
Sign in

All docs This doc
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

This page is work in progress

WSO2 API Cloud allows you to expose your backend APIs as managed and secured APIs. API Cloud supports Basic and Digest OAuth protocols out of the box for securing backend APIs. However, there can be situations where back-ends are secured with OAuth2. This tutorial shows you how to integrate WSO2 API Cloud with a backend secured with OAuth2. 

  1. Create and publish an API.
  2. Go to the API Store (<tenant_name>). Subscribe to and invoke the API. You will get an error from the backend saying credentials are missing in the request. This is beacuse we are not passing the access token requerd for accessing the backend.

Follow the steps given below to do the configurations for generating and passing an access token to the backend.

Step 1 - Add sequence to the API

  1. Copy the following sequence and save it as an xml file.

    <?xml version="1.0" encoding="UTF-8"?>
    <sequence name="simple-token-gen" trace="disable" xmlns="">
        <property description="access_token" expression="get-property('registry', 'local:/api-backend-credentials/pizzaOrderingAPI/access_Token')" name="access_token" scope="default" type="STRING"/>
        <property description="generated_time" expression="get-property('registry','local:/api-backend-credentials/pizzaOrderingAPI/generated_Time')" name="generated-time" scope="default" type="LONG"/>
        <property description="client_credentials" name="app-client-auth" scope="default" type="STRING" value="{base64encoded(clientKey:clientSecret)}"/>
        <property expression="json-eval($)" name="message-body" scope="default" type="STRING"/>
        <property expression="get-property('axis2','REST_URL_POSTFIX')" name="resource" scope="default" type="STRING"/>
        <filter description="" xpath="get-property('SYSTEM_TIME') - get-property('generated-time') > 3600000 or get-property('access_token') = ''">
                <payloadFactory media-type="xml">
                        <soapenv:Envelope xmlns:soapenv="">
                                <root xmlns="">
                <header expression="fn:concat('Basic ', get-property('app-client-auth'))" name="Authorization" scope="transport"/>
                <header name="Content-Type" scope="transport" value="application/x-www-form-urlencoded"/>
                <property description="messageType" name="messageType" scope="axis2" type="STRING" value="application/x-www-form-urlencoded"/>
                <property description="REST_URL_POSTFIx" name="REST_URL_POSTFIX" scope="axis2" type="STRING" value=""/>
                <call blocking="true">
                    <endpoint name="token">
                        <http method="post" uri-template="{token-endpoint-url}"/>
                <property expression="get-property('resource')" name="REST_URL_POSTFIX" scope="axis2" type="STRING"/>
                <property description="generated Time Setter" expression="get-property('SYSTEM_TIME')" name="local:/api-backend-credentials/pizzaOrderingAPI/generated_Time" scope="registry" type="LONG"/>
                <property description="generated_token" expression="json-eval($.access_token)" name="generated-access-token" scope="default" type="STRING"/>
                <property description="new Token setter" expression="get-property('generated-access-token')" name="local:/api-backend-credentials/pizzaOrderingAPI/access_Token" scope="registry" type="STRING"/>
                <header expression="fn:concat('Bearer ', get-property('generated-access-token'))" name="Authorization" scope="transport"/>
                <payloadFactory media-type="json">
                        <arg evaluator="xml" expression="get-property('message-body')"/>
                <header expression="fn:concat('Bearer ', get-property('access_token'))" name="Authorization" scope="transport"/>
  2. Replace the place holder with corresponding values.
    1. {base64encoded(clientKey:clientSecret)} - base64 encoded, colon seperated client key and client secret values.
    2. {token-endpoint-url} - token endpoint url of the backend authorization server.
  3. Log in to the API Publisher
  4. Select your API and click Edit. Go to the Implement tab and select Enable Message Mediation.
  5. Click Upload In flow and upload the saved sequence file.
  6. Save and publish the API.

You can now successfully invoke your API.

  • No labels