Page Comparison

An API creator blocks subscription to an API as a way of disabling access to it and managing its usage and monetization. A blocking can be temporary or permanent. You get an unblock option to allow API invocations again.

Panel

bgColor	#d3d3d3

In this tutorial, you block subscription to an API in the API Publisher and observe how the subscribers can interact with it in the API Store. You also observe how the subscriber experience changes when you unblock the API again.

...

Note

You block APIs by subscriptions. That is, a given user is blocked access to a given API subscribed to using a given application. If a user is subscribed to two APIs using the same application and you block access to only one of the APIs, s/he can still continue to invoke the other APIs that s/he subscribed to using the same application. Also, s/he can continue to access the same API subscribed to using different applications.

Blocking can be done happens in two levels:

Block production and sandbox access: API access is blocked with both production and sandbox keys.
Block production access only: Allows sandbox access only. Useful when you wants want to fix and test an issue in an API. Rather than blocking all access, you can block production access only, allowing the developer to fix and test.

When When the API Gateway caching is enabled (it is enabled by default), even after blocking a subscription, consumers might still be able to access APIs until the cache expires, which happens approximately every 15 minutes.

Let's get started. See the video tutorial here or a step-by-step walk-through of the video tutorial below.

Widget Connector

width	900
url	https://www.youtube.com/watch?v=DKa2OKML1x8
height	600

...

Log in to the API Publisher.
Create two APIs by the names TestAPI1 and TestAPI2 and publish them to the API Store.
Image RemovedImage Added
Log in to the API Store. Click the APIs menu and note that the two APIs are visible in the APIs page.
Image RemovedImage Added
Subscribe to both APIs using the same application. You can use an existing application or create a new one.
Image RemovedGo to the My Subscriptions page and create an access token to the default application.
Image RemovedImage Added
Click the APPLICATIONS menu, click the application that you used to subscribe to the API with (DefaultApplication in this example), go to its Production Keys tab, and re-generate its access token. By default, access tokens expire an hour after creation application.
Image Added

Invoke both APIs using the access token you got in the previous step. We use cURL here. The command is,

Code Block
curl -k -H "Authorization: Bearer <access token>" '<API URL>'

Be sure to replace the placeholders as follows:

<access token>: Give the token generated in step 5
<API URL>: Go to the API's Overview tab in the API Store and copy the production URL and append the payload to it.

Here's an example:

Code Block

curl -k -H "Authorization: Bearer f5aa6e4c3e592339a4a64f4a05c1eb8f1d4d097-ebcc-3f02-8d91-0bd4e882ffcd" 'https://gateway.api.cloud.wso2.com:8243443/t/companyncompanyn3/test1/1.0.0/CheckPhoneNumber?PhoneNumber=18006785432&LicenseKey=0'

You have subscribed to two APIs and invoked them successfully. Let's block one subscription and see the outcome.

Log back to the Block an API.Block subscription for TestAPI1 using the DefaultApplication. Select the production and sandbox option and click the Block link.
Image Removed
1. Sign back into the API Publisher.
Click the Subscriptions menu to open the Subscriptions page. It shows all APIs/applications that each user is subscribed to.
Image Removed
1. Click on the API that you need to block.
  In this case, click on the TestAPI1 API.
2. Click Subscriptions to navigate to the managed subscription section.
  Image Added
3. Click Block.
  Note that the Block link immediately turns to Unblock, allowing you to activate the subscription back at any time.
Log back
Invoke the APIs to test the blocked API.
1. Sign back in to the API Store.
2. Invoke the two APIs (TestAPI1 and TestAPI2) again.

Invoke the two APIs (TestAPI1 and TestAPI2) again.

Note
You might have to regenerate the access token for `DefaultApplication` as done in step5, if the access token expiration time (1 hour by default) has passed since the last time you generated it. You can refresh the access token by going to the My Subscriptions page in the Store.

Note that you can invoke TestAPI2 again but when you invoke TestAPI1, it gives a message that the requested API is temporarily blocked. Neither the API creator nor any subscriber can invoke the API until the block is removed.
Tip
Tip: You might still be able to invoke an API within 15 minutes after blocking a subscription, until the cache is renewed.
Go to the My Subscriptions page Back in the API Store, click the APPLICATIONS menu, select the application that you used to subscribe to the API two APIs earlier, click its Subscriptions tab, and note that your subscription is now blocked.
Image Removed
Image Added
Unblock the API.
1. Go back to the API Publisher
's Subscriptions page and unblock the subscription. Invoke TestAPI1 again and note that you can invoke it as usual
1. .
2. Click on the respective API
  In this case click TestAPI1 1.0.0.
3. Click Subscriptions and click Unblock corresponding to the respective subscription.
  Make sure to click on the subscription that corresponds to the correct Application.
If you invoke TestAPI1 again, you will notice that you can invoke the API as usual.
Tip
Tip: You might still be unable to invoke an API within 15 minutes after unblocking a subscription, until the cache is renewed.
You have subscribed to two APIs, blocked subscription to one and tested that you cannot invoke the blocked API.

Versions Compared

Old Version 15

New Version Current

Key