Testing APIs
There is a number of utilities available for testing APIs. Some of them are covered in the following topics:
Browser-based REST clients
WSO2 API Manager is shipped with a REST Client by default in order to invoke and test an API through the API Store. WSO2 REST Client has a simple Web interface and facilitates a range of HTTP verbs from simple GET method to POST, PUT, DELETE, OPTIONS. It also includes capability to move data around in header and payload fields. The REST Client is a useful alternative to similar tools like cURL.
Follow the instructions below to invoke the REST Client.
- Open the API Store (
https:
//<YourHostName>:9443/store
) in a Web browser. - The REST Client menu appears under the Tools menu. Clicking it opens the REST client on a global level.
 For example, shown below is how the TwitterSearch API created in sample Access Twitter's Search Using an API can be invoked using the REST Client.
Twitter API version 1.0 is retired from 11th June 2013 and the API version 1.1 cannot be invoked in the following way. We have shown this only as an example.
API URL
The API URL takes the form http://host:8280/<context>/<version>/<back end service requirements included as parameters>
. For example,
http://host:8280/phoneverify/1.0.1/CheckPhoneNumber?PhoneNumber=XXXX&LicenseKey=0
Header
In the above request, the application key generated at the time a user subscribes to an API is passed with the authorization header, which is prefixed by the string "Bearer". This is because, WSO2 API Manager enforces OAuth security on all the published APIs. Any consumer that talks to the API Manager should send their credential (application key) as per the OAuth bearer token profile. If you don't send an application key or send a wrong key, you will receive a 401 Unauthorized response in return.