...
An application can be available to a consumer at different levels of service. For example, if you have infrastructure limitations in facilitating more than a certain number of requests to an application at a time, the throttling tiers can be set accordingly so that the application can have a defined maximum number of requests within a defined time. Which means that there is a maximum number of users who can subscribe to APIs using an application within a specific time frame. WSO2 API Manager comes with three default tiers, which are 'Gold', 'Silver' and 'Bronze' as defined below:
- Bronze - Allows 1 request for the API per minute.
- Silver - Allows 5 requests for the API per minute.
- Gold - Allows 20 requests for the API per minute.
In addition, there is also a special tier called 'Unlimited' which allows unlimited access. Note that the The WSO2 API Manager provides an application out-of-the-box by the name "DefaultApplication" and it can have any number of requests per minute. You can change this and set it to a restricted limit through the Management Console by editing the default application.
In addition to application-level throttling, you can also define API-level throttling tiers. The final request limit granted to a given user on a given API is ultimately defined by both the application-level as well as the API-level throttling limits. For example, lets say two users subscribe to an API using the Gold subscription which allows 20 requests per minute. They both use the application App1 for this subscription, which again has a throttling tier set as 20 requests per minute. In this scenario, although both users are eligible for 20 requests per minute access to the API, each ideally has a limit of only 10 requests per minute. This is due to the application-level limitation of 20 requests per minute.
6. Once an application is selected, next select a tier (service API-level throttling tier) for the subscription from the "Tiers" drop-down list. This list of tiers is populated by the throttling tiers defined for the API at the time of API creation using the API Publisher Web application. For more information on defining throttling tiers for an API, refer to as described in section Adding an API -> Tier Availability.
The description of the service selected each tier is shown below the "Tiers" field. For example,
...
In order to invoke the API, a key is required. From here, you can manage the API keys (at application level). Click "Generate" to generate the OAuth token, then "Show key" to view the generated string. For testing purposes, you also can create a sandbox key.
The generated keys, namely an access token, a consumer key and a consumer secret will all be displayed as in the example below:
For information on renewing an access token, to generate an access token using the API Manager Login API etc. refer to section User Tokens.
API Keys
Anchor | ||||
---|---|---|---|---|
|
API keys are generated by API consumers and must be passed in the incoming API requests. The API key (generated Access Token) is a simple string, which must be passed as an HTTP header. For example: "Authorization: Bearer NtBQkXoKElu0H1a1fQ0DWfo6IX4a." It works equally well for SOAP and REST calls.
...