Unknown macro: {next_previous_links}
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

Follow the instructions below to subscribe to an API.

1. Log in to the API Store using the Login link at the top, right-hand corner of the window. (You can also self sign-up if no account exists).

2. All APIs currently published to the API Store will be listed. Select an API and click on one to view its details. To select an API, you can also use the search facility or tags.

3. Once selected, the API's information appears. Note that, as a subscribed user, you are allowed to add ratings and provide comments to the API. For example,

4. Choose an application from the "Applications" drop-down list. You can use the default application named as "DefaultApplication" or create a new one right from the drop-down list.

Applications

An application is a logical collection of one or more APIs, and is required when subscribing to an API. Consumers can create a logical application in WSO2 API Manager or use an existing one to subscribe to all the relevant APIs using that application. Also, a key can be obtained to an application, enabling consumers to invoke any API in the application using the obtained key.

Applications decouple the consumers from the APIs and allow a consumer to generate and use a single key to a collection of APIs in an application. Applications also enable a consumer to subscribe to one API multiple times with different SLA levels.

5. If you click the "New Application..." option, you will be navigated to the "Add New Application" window in the "My Applications" tab. For example,

Through this window, new applications can be created, and the existing applications can be edited or deleted.

Application-Level Throttling Tiers

In addition, there is also a special tier called 'Unlimited' which allows unlimited access. The WSO2 API Manager provides an application out-of-the-box by the name "DefaultApplication" and it can have any number of requests per minute. You can change this and set it to a restricted limit by editing the default application.

In addition to application-level throttling, you can also define API-level throttling tiers. The final request limit granted to a given user on a given API is ultimately defined by both the application-level as well as the API-level throttling limits. For example, lets say two users subscribe to an API using the Gold subscription which allows 20 requests per minute. They both use the application App1 for this subscription, which again has a throttling tier set as 20 requests per minute. In this scenario, although both users are eligible for 20 requests per minute access to the API, each ideally has a limit of only 10 requests per minute. This is due to the application-level limitation of 20 requests per minute.

6. Once an application is selected, next select a tier (API-level throttling tier) for the subscription from the "Tiers" drop-down list. This list of tiers is defined for the API at the time of API creation as described in section Adding an API -> Tier Availability.

The description of each tier is shown below the "Tiers" field. For example,

7. Once an application and a tier is selected, click the "Subscribe" button.

8. If the subscription is successful, a message appears. From their you can chose to view your current subscriptions. Click the relevant button.

9. The "My Subscriptions" tab opens. You have now successfully subscribed to an API.

In order to invoke the API, a key is required. From here, you can manage the API keys (at application level). Click "Generate" to generate the OAuth token, then "Show key" to view the generated string. For testing purposes, you also can create a sandbox key.

API Keys

API keys are generated by API consumers and must be passed in the incoming API requests. The API key (generated Access Token) is a simple string, which must be passed as an HTTP header. For example: "Authorization: Bearer NtBQkXoKElu0H1a1fQ0DWfo6IX4a." It works equally well for SOAP and REST calls.

API keys are generated at the application-level and valid for all APIs which are associated to an application. The OAuth2 standard is leveraged to provide a simple, easy-to -se key management mechanism.

Info

All access tokens have a fixed expiration time, which is by default set to 60 minutes. Before deploying the API manager to users, extend the default expiration time by editing the <AccessTokenDefaultValidityPeriod> tag in file <PRODUCT_HOME>/repository/conf/identity.xml.

When a token expires, consumers will have to delete current applications and re-subscribe. This process will be enhanced in the next version of the API Manager.

9. Once a key is generated, the service can be invoked through the gateway using the instruction given in section,  Testing an API.


  • No labels