Friday, August 29, 2014

How to configure api-key for the back-end service/API during the publishing process

This blog explains how to configure api-key for the back-end service/API during publishing process.

The API key would be always constant. The scenario is: one user will register for the public API, obtain the non-expiring API-Key(let's call it as x-api-key) and publish that API on the WSO2 API Manager. Once the API is published the consumer of the API need not pass the x-api-key each time he/she is invoking the API, he/she only needs to pass the WSO2 Access Token and necessary parameters for the API.


You can set the api-key as follows

1. Create custom sequence as follows and save it in a xml file.

<sequence xmlns="http://ws.apache.org/ns/synapse" name="xxxxx">
<in>
<header name="api-key" scope="transport" value="123456789"/>
</in>
</sequence>

name the sequence as <API_NAME>:v<VERSION>--<DIRECTION>

2. login to the https://localhost:9443/carbon and add the xml file to the /_system/governance/apimgt/customsequences/in registry location

3. login to the https://localhost:9443/publisher and edit the published API

- go to the Manage page
- check “Sequences:” check box
- select the sequence you created under "In Flow"

For more information, you can refer https://docs.wso2.com/display/AM170/Adding+Mediation+Extensions#AddingMediationExtensions-APIExtension 

No comments: