Versions Compared

Old Version 8

changes.mady.by.user Former user

Saved on

compared with

New Version 9

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Let's take a look at some concepts and terminology that you need to know in order to follow the use cases.

...

The API Manager comprises of the following high-level components:

Image RemovedImage Added

API Publisher

API development is usually done by someone who understands the technical aspects of the API, interfaces, documentation, versions etc., while API management is typically carried out by someone who understands the business aspects of the APIs. In most business environments, API development is a responsibility that is distinct from API publication and management. 

...

Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources (e.g., fonts, JavaScript) of a Web page to be requested from another domain outside the domain from which the resource originated.

The Swagger API Console that is integrated in the API Manager runs as a JavaScript client in the API Store and makes calls from the Store to the API Gateway. Therefore, if you have the API Store and Gateway running on different ports, enable CORS between them. 

...

Code Block
languagexml
<handlers>
   <handler class="org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler"/>
</handlers>

...

OAuth scopes

Scopes enable fine-grained access control to API resources based on user roles. You define scopes to an API's resources. When a user invokes the API, his/her OAuth 2 bearer token cannot grant access to any API resource beyond its associated scopes.

...

You apply scopes to an API resource at the time the API is created or modified. In the API Publisher, click the API > Add menu (to add a new API) or the Edit link next to an existing API. Then, navigate to the Manage tab and scroll down to see the Add Scopes button under Resources.
Image RemovedImage Added
A screen such as the following appears:Image RemovedOn the screen that appears, enter a scope key, scope name and optionally, allowed roles and a description. Click Add Scope.

Image Added

Scope KeyA unique key for identifying the scope. Typically, it is prefixed by part of the API's name for uniqueness, but is not necessarily reader-friendly.
Scope NameA human-readable name for the scope. It typically says what the scope does.
Roles

The user role(s) that are allowed to obtain a token against this scope. E.g., manager, employee.

To apply the scope, you add the scope to a resource, save and publish the API.
Image RemovedImage Added 

Tip

Tip: When you generate access tokens to for applications with APIs protected by scope/s in the API Store, a Select Scopes button drop down list is displayed in the My Subscriptions page for you to Production Keys tab of the application, where you can select the scope/s first and then generate after the token to itis generated.

Image RemovedImage Added

Scope whitelisting

...