Log in to the API Cloud and the API Publisher will open automatically.
Click the Go to API Store link in the top right-hand corner of the API Publisher to open your default API Store.
Tip: You can access any tenant's store using the URL
http://<hostname>/Store?tenant=<tenant_name>
.- Click the RESTClient menu that appears under the Tools menu in the API Store.
The REST client opens. Select the GET method and provide the following information in the rest of the fields:
API URL To get the URL, go to the API's Overview tab in the API Store. The URL takes the form
http://<host_name>:8280/<context>/<version>/<Resource, if any><back end service requirements included as parameters, if any>.
For example,http://gateway.api.cloud.wso2.com:8280/t/yashiracom/phoneverify/1.0.0/CheckPhoneNumber
where/phoneverify
is the context, 1.0.0 is the version andCheckPhoneNumber
is the resource.As you are going to make an HTTP GET call in this tutorial, append the payload to the URL. For example,
http://gateway.api.cloud.wso2.com:8280/t/yashiracom/phoneverify/1.0.0/CheckPhoneNumber ? PhoneNumber=18006785432&LicenseKey=0
.Header Authorization:Bearer <give the access token that you generated in step 4>
E.g, Authorization:Bearer U9znDo4OSYPfzoW16S2puHmKahgaOAuth security is enforced on all published APIs. Consumers must send the credentials (application access token) as per the OAuth bearer token profile. If not, you receive a 401 Unauthorized response in return.
Click the Send button to invoke the API. The response appears in the console.
As we used a valid phone number in this example, the response returns as valid.
- Within a minute after the first API invocation, make another attempt to invoke the API.
- Note that you get a throttling error saying that you exceeded your quota. This is because you subscribed to the API on the Bronze throttling tier and the Bronze tier only allows you to make one call to the API per minute.
In the REST client, select the DELETE method and invoke the API again.
- The call gets blocked by the API Gateway. It doesn't reach your backend services as you did not allow the DELETE method for the resource when creating the API.
- In the REST client, select the GET method again but this time, give the resource name as
CheckPhoneNumbers
instead ofCheckPhoneNumber
.
- Again, you get the same 'no matching resource' message that you got in step 9. This is because you are trying to access a REST resource that is not defined for the API.
You have seen how the API Gateway enforces throttling and resource access policies for APIs.