You subscribe to a published API before using it in your applications. Subscription enables you to receive access tokens and be authenticated to invoke the API.
See the following topics for a description of the concepts that you need to know when subscribing to an API:
The examples here use the PhoneVerification
API, which is created in section Create and Publish an API.
Log in to the API Store (
https://<hostname>:9443/store
) and click on an API (e.g.,PhoneVerification
1.0.0) to open it.
Tip: In a multi-tenanted API Manager setup, you can access any tenant's store using the URL
http://<hostname>/Store?tenant=<tenant_name>
.Note the subscription options on the API's Overview page.
Click the My Applications menu and create a new application.
Tip: Instead of creating a new application, you can also use the default application.
Go back to the API's subscription options and select the application you just created, a tier and click Subscribe.
Click the Go to My Subscriptions button when prompted. The subscriptions page opens.
Select the application from the drop-down list and click Generate to create an application access token. You can use this token to invoke all APIs that you subscribe to using the same application.
Tip: You can set a token validity period in the given text box. By default, it is set to one hour. If you set a minus value (e.g., -1), the token will never expire.
If you are using the WSO2 Identity Server 5.0.0 (with service pack 1) as the Key Manager for your API Manager deployment, generating keys will result in creation of a Service Provider on the Identity Server.
Install cURL if it is not there in your environment. Note that cURL comes by default in some operating systems. You can also use any other REST client.
Open the command line and execute the following cURL command:
curl -k -H "Authorization: Bearer <access token>" -v '<API URL>'
Be sure to replace the placeholders as follows:
- <access token>: Give the token generated in step 8
<API URL>: Go to the API's Overview tab in the API Store and copy the production URL and append the payload to it. E.g., https://localhost:8243/phoneverify/1.0.0/CheckPhoneNumber?PhoneNumber=18006785432&LicenseKey=0
Here's an example:
curl -k -H "Authorization :Bearer 8e64c4201d1c311c76a9c540856d1043" 'https://localhost:8243/phoneverify/1.0.0/CheckPhoneNumber?PhoneNumber=18006785432&LicenseKey=0'
Note the result that appears on the command line.
Similarly, invoke the POST method using the following cURL command:
curl -k -H "Authorization :Bearer e9c8e79669041b4f73ab922f82692fa" --data "PhoneNumber=18006785432&LicenseKey=0" https://localhost:8243/phoneverify/1.0.0/CheckPhoneNumber
You have subscribed to an API and invoked it.
To unsubscribe from an API, go to the My Subscriptions menu in the API Store, select the application used for the subscription, find the API under the Subscribed APIs section and click the delete icon associated with it.
If you unsubscribe from an API and then resubscribe with a different tier, it takes approximately 15 minutes for the tier change to be reflected. This is because the older tier remains in the cache until it is refreshed periodically by the system.