Subscribe to an API
You subscribe to a published API before using it in your applications. Subscription enables you to receive access tokens and be authenticated to invoke the API.
See the following topics for a description of the concepts that you need to know when subscribing to an API:
The examples here use the PhoneVerification
API, which is created in section Create and Publish an API.
Log in to the API Store (
https://<hostname>:9443/store
) and click on an API (e.g.,PhoneVerification 1.0.0
) to open it.Tip: In a multi-tenanted API Manager setup, you can access any tenant's store using the URL
http://<hostname>:<port>/store?tenant=<tenant_name>
.Note the subscription options for the API.
Click the Applications menu and click Add Application to create a new application.
Tip: Instead of creating a new application, you can also use the default application.
- Give a name and per token quota for the application and click Add.
- Go back to the API's subscription options and select the application you just created, a tier and click Subscribe.
Click the View Subscriptions button when prompted. The Subscriptions tab opens.
Click the Production Keys tab.
If you have a supported callback URL which does a callback to a specific server or a program soon after you application request is sent, you can specify it under Callback URL field under Prouction Keys.
Tip: You can set a token validity period in the given text box. By default, it is set to one hour. If you set a minus value (e.g., -1), the token will never expires.
By default the grant types ticked in above image will be used to generate access token. You can specify the grant types you require before generating the access token. Refer Token API documentation for more information on supported grant types of WSO2 API Manager.
If you are using the WSO2 Identity Server as the Key Manager for your API Manager deployment, generating keys will result in creation of a Service Provider on the Identity Server.
Click Generate Keys to create an application access token. You can use this token to invoke all APIs that you subscribe to using the same application.
Install cURL if it is not there in your environment. Note that cURL comes by default in some operating systems. You can also use any other REST client.
Open the command line and execute the following cURL command:
curl -k -H "Authorization: Bearer <access token>" -v '<API URL>'
Be sure to replace the placeholders as follows:
- <access token>: Give the test token generated in step 7
<API URL>: Go to the API's Overview tab in the API Store and copy the production URL and append the payload to it. E.g.,
https://localhost:8243/phoneverify/1.0.0/CheckPhoneNumber?PhoneNumber=18006785432&LicenseKey=0
Here's an example:
curl -k -H "Authorization :Bearer de0d324c3b50501955e5d649cf0442e6" 'https://localhost:8243/phoneverify/1.0.0/CheckPhoneNumber?PhoneNumber=18006785432&LicenseKey=0'
Note the result that appears on the command line.
Similarly, invoke the POST method using the following cURL command:
curl -k -H "Authorization :Bearer de0d324c3b50501955e5d649cf0442e6" --data "PhoneNumber=18006785432&LicenseKey=0" https://localhost:8243/phoneverify/1.0.0/CheckPhoneNumber
You have subscribed to an API and invoked it.
To unsubscribe from an API, click the Applications menu and click View next to the application used for the subscription. Go to the Subscriptions tab, find the API and click the Unsubscribe link associated with it.
If you unsubscribe from an API and then resubscribe with a different tier, it takes approximately 15 minutes for the tier change to be reflected. This is because the older tier remains in the cache until it is refreshed periodically by the system.