Testing an API

In order to invoke and test an API, any REST client can be used. Given below are few recommendations:

Curl : A command line tool - http://curl.haxx.se
Jmeter : Pure Java application for testing with a GUI - http://jmeter.apache.org
SOAP UI : An open source, cross-platform, functional testing solution with a GUI - http://www.soapui.org
Advanced REST Client : An open source tool with a GUI - https://chrome.google.com/webstore/detail/hgmloofddffdnphfgcellkdfbfbjeloo

Example 1: Shown below is an example of how the 'Advanced REST Client for Chrome' can be invoked to test the API.

Example 2 : If Curl is used to invoke the API, the following command can be executed:

curl -v -H "Authorization: Bearer <API Key>" <API URL>

API Key

The <API Key> is generated when subscribing to an API and is passed in the Authorization header as a value of "Bearer". For example, if the the <API Key> generated by the API Manager is "wU62DjlyDBnq87GlBwplfqvmAbAa", the Authorization header looks as shown below:

Authorization: Bearer wU62DjlyDBnq87GlBwplfqvmAbAa

The API key is passed in the Authorization header of the message, prefixed by the string "Bearer". This is because, WSO2 API Manager enforces OAuth security on all the published APIs. Any consumer that talks to the API Manager should send their credential (application key) as per the OAuth bearer token profile. If you don't send an application key or send a wrong key, you will receive a 401 Unauthorized response in return.

API URL

The API URL takes the form http://host:8280/<context>/<version>/<back end service requirements included as parameters>. For example,

http://host:8280/phoneverify/1.0.1/CheckPhoneNumber?PhoneNumber=XXXX&LicenseKey=0

Request Limit

Each tier that is selected when subscribing to an API, allows only a limited number of requests. For example, if a consumer subscribed to an API using the "Gold" tier which only allows 20 requests per minute, after 20 requests, the throttling policy will kick in and the user will start receiving 503 responses.