Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added sample in JSON format on setting API visibility

Let's take a look at some concepts and terminology that you need to know in order to follow the use cases.

...

API visiblity level specified in the UIAPI visiblity level specified in the REST API
Publicpublic i.e. visibility=public "visibility": "PUBLIC"
Visible to my domainprivate i.e. visibility=private "visibility": "PRIVATE"
Restricted by rolesrestricted i.e. visibility=restricted&roles=role1,role2,role3"visibility" :"RESTRICTED" , visibleRoles :["role1","role2", "role3"]

Subscription availability

...

Cross-origin resource sharing ( CORS ) is a mechanism that allows restricted resources (e.g., fonts, JavaScript) of a Web page to be requested from another domain outside the domain from which the resource originated.

The Swagger API Console that is integrated in the API Manager runs as a JavaScript client in the API Store and makes calls from the Store to the API Gateway. Therefore, if you have the API Store and Gateway running on different ports, enable CORS between them. 

...

Code Block
languagexml
<handlers>
   <handler class="org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler"/>
</handlers>

...

OAuth scopes

Scopes enable fine-grained access control to API resources based on user roles. You define scopes to an API's resources. When a user invokes the API, his/her OAuth 2 bearer token cannot grant access to any API resource beyond its associated scopes.

Info

OAuth provides a method for clients to access a protected resource on behalf of a resource owner. OAuth 2 bearer token is a security token that any party in possession of it can use the token for authentication. Refer OAuth 2.0 Specification of Bearer Token Usage for more information.

How scopes work

To illustrate the functionality of scopes, assume you have the following scopes attached to resources of an API: 

...