This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

  1. Log in to the API Cloud and the API Publisher will open automatically.

  2. Click the Go to API Store link in the top right-hand corner of the API Publisher to open your default API Store.  
    API Store 

    Tip: You can access any tenant's store using the URL http://<hostname>/Store?tenant=<tenant_name>.

  3. Click the RESTClient menu that appears under the Tools menu in the API Store.

  4. The REST client opens. Select the GET method and provide the following information in the rest of the fields:

    API URL

    To get the URL, go to the API's Overview tab in the API Store. The URL takes the form http://<host_name>:8280/<context>/<version>/<Resource, if any><back end service requirements included as parameters, if any>. For example, http://gateway.api.cloud.wso2.com:8280/t/yashiracom/phoneverify/1.0.0/CheckPhoneNumber where /phoneverify is the context, 1.0.0 is the version and CheckPhoneNumber is the resource.

    As you are going to make an HTTP GET call in this tutorial, append the payload to the URL. For example, http://gateway.api.cloud.wso2.com:8280/t/yashiracom/phoneverify/1.0.0/CheckPhoneNumber ? PhoneNumber=18006785432&LicenseKey=0 .

    Header

    Authorization:Bearer <give the access token that you generated in step 4>
    E.g, Authorization:Bearer U9znDo4OSYPfzoW16S2puHmKahga

    OAuth security is enforced on all published APIs. Consumers must send the credentials (application access token) as per the OAuth bearer token profile. If not, you receive a 401 Unauthorized response in return.

  5. Click the Send button to invoke the API. The response appears in the console.
    As we used a valid phone number in this example, the response returns as valid.

  6. Within a minute after the first API invocation, make another attempt to invoke the API.
  7. Note that you get a throttling error saying that you exceeded your quota. This is because you subscribed to the API on the Bronze throttling tier and the Bronze tier only allows you to make one call to the API per minute.

  8. In the REST client, select the DELETE method and invoke the API again.

  9. The call gets blocked by the API Gateway. It doesn't reach your backend services as you did not allow the DELETE method for the resource when creating the API.
  10. In the REST client, select the GET method again but this time, give the resource name as CheckPhoneNumbers instead of CheckPhoneNumber.
  11. Again, you get the same 'no matching resource' message that you got in step 9. This is because you are trying to access a REST resource that is not defined for the API.
     

You have seen how the API Gateway enforces throttling and resource access policies for APIs.

  • No labels