Subscribing to an API
Follow the instructions below to subscribe to an API.
1. Log in to the API Store using the Login link at the top, right-hand corner of the window. (You can also self sign-up if no account exist).
2. All APIs currently published will be listed. Click on one to view its details. You can also use the search option to search for a specific API.
3. The selected API's information appears. Note that, as a subscribed user, you are allowed to add ratings and provide comments to the API. For example,
4. Choose an application from the "Applications" drop-down list. You can use the default application named as "DefaultApplication" or create a new one right from the drop-down list.
Applications
An application is a logical collection of one or more APIs, and is required when subscribing to an API. Consumers can create a logical application in WSO2 API Manager or use an existing one to subscribe to all the relevant APIs using that application. Also, a key can be obtained to an application, enabling consumers to invoke any API in the application using the obtained key.
Applications decouple the consumers from the APIs and allow a consumer to generate and use a single key to a collection of APIs in an application. Applications also enable a consumer to subscribe to one API multiple times with different SLA levels.
5. If you click the "New Application..." option, you will be navigated to the "Add New Application" window in the "My Applications" tab. From this window, new applications can be created and the existing applications can also be renamed or deleted. For example,
6. Next, select a tier (service level) from the "Tiers" drop-down list. The description of the service selected is shown below the "Tiers" field. For example,
The list of tiers available for a given API are defined through the API Publisher Web application, when creating an API. For more information on defining an API's tiers at the time it is created, refer to section  Adding an API -> Tier Availability.
7. Once an application and a tier is selected, click the "Subscribe" button.
8. If the subscription is successful, a message appears. From their you can chose to view your current subscriptions. Click the relevant button.
9. The "My Subscriptions" tab opens. You have now successfully subscribed to an API.
In order to invoke the API, a key is required. From here, you can manage the API keys (at application level). Click "Generate" to generate the OAuth token, then "Show key" to view the generated string. For testing purposes, you also can create a sandbox key.
API Keys
API keys are generated by API consumers and must be passed in the incoming API requests. The API key (generated Access Token) is a simple string, which must be passed as an HTTP header. For example: "Authorization: Bearer NtBQkXoKElu0H1a1fQ0DWfo6IX4a." It works equally well for SOAP and REST calls.
API keys are generated at the application-level and valid for all APIs which are associated to an application. We leveraged the OAuth2 standard to provide a simple, easy to use key management mechanism.
Info
All access tokens have a fixed expiration time, which is by default set to 60 minutes. Before deploying the API manager to users, extend the default expiration time by editing the <AccessTokenDefaultValidityPeriod> tag in file <PRODUCT_HOME>/repository/conf/identity.xml.
When a token expires, consumers will have to delete current applications and re-subscribe. This process will be enhanced in the next version of the API Manager.
9. Once a key is generated, the service can be invoked through the gateway using the instruction given in section,  Testing an API.
Â