Monday, July 17, 2017

How to block a particular user from accessing an API

1. Login to Admin Dashboard from the admin user. (

2. Click Black List under the Throttle Policies section and click Add Item (Refer to the screenshot below)

3. Select the condition type as the user and give the full qualified username as the value and click blacklist. (Refer to the screenshot below)

For example, if you want to block the user from invoking APIs, you have to provide the value as by appending the organization key at the end of the username with '@' character. 

If you follow the above steps, the user will not be able to invoke APIs. Also please note that if you blacklist, the user will not be able to invoke any API until you remove the blacklist policy.

How to use FHIR connector in WSO2 Integration Cloud

In WSO2 Integration Cloud, we provide WSO2 ESB as an app type. So you can configure to FHIR connector on WSO2 ESB.  

At the moment we don't have a specific document on configuring the FHIR connector on WSO2 Integration Cloud. But, we have included an example document [1] on how to configure a sample (Twitter) connector. This is a general guide a user can follow, it shows how to create a CAR file and import it onto the Integration Cloud.

For information on configuring the FHIR connector, you can follow the document here.[2]

Please note that if you wants to add custom server certificates into the client truststore or requires any custom configurations, you need to create custom docker image and deploy it in WSO2 Integration Cloud. [3]

Sunday, July 16, 2017

How to insert a Getting started guide into my WSO2 API Store

Let's say I have published a API and I want to let my API store users how they can use the API.

Currently this can be done by adding API documentation. So with this you will need to add the documentation to each API. The documentation types supported in the API Publisher are as follows:
Please refer [1] for more information regarding this. 

If your requirement is to add a generic guide to the store unfortunately this is something not possible at the moment. 

How to allow WSO2 cloud team to access your tenant

Sometimes, you may require to access your tenant by WSO2 cloud team, to investigate a issue, do some configurations changes on behalf of you, etc...

This blog will say how you can allow WSO2 cloud team to access your tenant.

1. Go to cloud organization management portal:

2. Click on check box (Allow Access to WSO2 Support) inline with your tenant name

Later you can remove it clicking on the check box agina.

Monday, June 19, 2017

How to remove a thumbnail from an API

Let's say you have created an API in API cloud and you have added thumbnail image to it. Now you want to remove it.

When you go to the edit api view it allows you to change the thumbnail, but not remove. Let's see how we can remove it.

1. login to the carbon console of gateway node as tenant admin

2. Go to Resource -> Browse under main menu

3. Go to "/_system/governance/apimgt/applicationdata/provider" 

4. Click on the relevant tenant - you will see list of APIs (eg:

5. Select relevant API - you will see api artifact   (eg: api1 under version 1.0.0)

6. Click on "api" - you will see list of meta data for that api

7. Remove the thumbnail value from attribute "Thumbnail"

8. Save the API

9. Then logout from the API publisher UI and login in incognito window, you will see thumbnail has removed from your API.

Friday, June 2, 2017

How to start multiple services as a group in WSO2 Integration Cloud

Let's say, we have a use case which is deployed in Integration Cloud and that involves number of applications.
There can be a PHP/Web application which user interact, ESB which provide integration with number of systems and DSS to manipulate database.

So let's say we want to start/stop these 3 applications as a group. But at the moment, Integration Cloud does not provide any grouping. So you have to login to the Integration Cloud and go to each and every application and start/stop those.

To make this little easier, we can use Integration Cloud REST API and write our own script.

This is the script to start the all applications as a group. You need to provide username, password, organization name and file which contains application list with versions

How to execute this script
./ <username> <password> <orgnaizationName> wso2Project.txt

wso2Project.txt file content should be like this. There you should provide applicationName and version separated with [ | ] pipe character

As shown above you can keep number of project files and start using script.

Monday, April 10, 2017

Add multiple database users with different privileges for the same database

Currently, the WSO2 Integration Cloud supports adding multiple database users for a same database, but does not support changing user privileges.

Let's say someone has a requirement of using same database via two different user, one user has full access, where other user should have READ_ONLY access. How we do this in Integration Cloud?
We are planning to add this as feature to change the user permissions, but until that you can do it as I have mentioned below.


1. Login Create a database with a user

2. Once you create a database you can see it as below, and you can add another user when clicking on the All users icon

3. There you can create new user or you can attach existing user to the same database

I added two users u_mb_2NNq0tjT and test_2NNq0tjT to the database wso2mb_esbtenant1
My requirement is to give full access to the u_mb_2NNq0tjT user and remove INSERT permission from test_2NNq0tjT user.

4. Login to the via mysql client as user u_mb_2NNq0tjT and revoke the INSERT permission of test_2NNq0tjT

first login as test_2NNq0tjT and check grants
mysql -u  test_2NNq0tjT -pXXXXX -h

show grants
| Grants for test_2NNq0tjT@%                                                             |
| GRANT USAGE ON *.* TO 'test_2NNq0tjT'@'%' IDENTIFIED BY PASSWORD <secret>              |
| GRANT ALL PRIVILEGES ON `wso2mb_esbtenant1`.* TO 'test_2NNq0tjT'@'%' WITH GRANT OPTION |

login as u_mb_2NNq0tjT and revoke the insert permission
mysql -u  u_mb_2NNq0tjT -pXXXXX -h

REVOKE INSERT ON wso2mb_esbtenant1.* FROM 'test_2NNq0tjT'@'%';

login again as test_2NNq0tjT and check grants
mysql -u  test_2NNq0tjT -pXXXXX -h

show grants

| Grants for test_2NNq0tjT@%                                                                                                                                                                                                                                   |
| GRANT USAGE ON *.* TO 'test_2NNq0tjT'@'%' IDENTIFIED BY PASSWORD <secret>                                                                                                                                                                                    |
2 rows in set (0.24 sec)

With this approach we can change the permissions of another user who is attached to the same database.

To make an read-only user you need to revoke the permissions as follows

Please note: after you change the user privileges, do not detach/attach the test_2NNq0tjT user to the same or different database. Then it will set the all privileges automatically.