API Management With WSO2

API management is the process of publishing, documenting, and overseeing application programming interfaces (APIs) in a secure, scalable environment. The goal of API management is to allow an organization that publishes an API to monitor the interface’s lifecycle and make sure the needs of developers and applications using the API are being met.

API management software tools typically provide the following functions:

1. Automate and control connections between an API and the applications that use it.
2. Ensure consistency between multiple API implementations and versions.
3. Monitor traffic from individual apps.
4. Provide memory management and caching mechanisms to improve application performance.
5. Protect the API from misuse by wrapping it in security procedures and policies.

The default API contains the following stages when we are trying to publish the APIs

  • Create: it is not visible to anyone because it is under construction
  • Prototype: this is also not visible to outsiders (developers) because it is in testing stage
  • Publish: these APIs are visible to everyone
  • Deprecated: it is visible to the available users only
  • Retired: it’s unpublished and deleted
  • Blocked: The access is temporarily blocked

Installation process:
WSO2 API Manager is a complete solution for designing and publishing APIs, creating and managing a developer community, and for securing and routeing the API traffic in a scalable way. It leverages proven components from the WSO2 platform to secure, integrate and manage APIs. In addition, it integrates with the WSO2 analytics platform and provides out-of-the-box reports and alerts, giving you instant insights into the APIs’ behaviour.

Before you begin,

  • Install Oracle Java SE Development Kit (JDK) version 1.7.* or 1.8.* and set the JAVA_HOME environment variable.
  • Download WSO2 API Manager.
  • Start the API Manager by going to <APIM_HOME>/bin using the command-line and executing WSO2server.bat (for Windows) or WSO2server.sh (for Linux.)

There are several tools in the market that are related to the API management like WSO2 and apigee etc. Now, let’s install the WSO2 tool.

  • This WSO2 tool is available in WSO2’s official website: http://wso2.com/api-management/#download
  • And download the server which is about 450mb
  • After downloading the WSO2, unzip the file
  • This WSO2 can run on any environment like Linux, Windows
  • To run the WSO2 server, open the command prompt and go to the location of the unzipped folder.
  • Then, go into folder and go to /bin folder
  • Then there is file called WSO2server.bat, run that file then the server will start
  • For Linux, there is a file called WSO2server.sh to run that file type /WSO2server.sh

There are 3 URLs

For publisher
For store
For carbon

Which give 3 separate URLs for each module.

By default, the server runs on the port 9443

For example

Create and Publish an API in WSo2
API creation is the process of linking an existing backend API implementation to the API Publisher so that you can manage and monitor the API’s life cycle, documentation, security, community and subscriptions. Alternatively, you can provide the API implementation in-line in the API Publisher itself.

  • Login into WSO2 API publisher UI by using admin/admin as credentials
  • Create the new API
  • If you have the swagger documentation for your APIs then you can simply publish your APIs using swagger URL.
  • By clicking on the ‘I have an Existing API’, you can publish your APIs
  • Otherwise, we need to create the APIs from scratch level. In this blog, we’ll show you how to create and publish APIs from the scratch.
  • To create new REST API click on the “Design new REST API”

You need to fill the details in the fields.

In the above, you’ll need to fill the details like name of the APIs, context and version.

When you give the context name and version that will appear in the base URL and will look like this:

In the above, the pricing is a context and 1.0.0 is the version which you gave in the field.

Creating API
If you want to build the APIs in WSO2 for an already existing API:

Consider this is an URL of an API:


Base URL: http://localhost:9666/

Path of API: /zipcodes

Path variable: /1

Like the above API URL, we need to create the API URLs in the WSO2 with the same path and path variable.

This is how we need to configure the APIs in the WSO2 design section. After that click on the next.

In this section, we need to link the API which we created in the WSO2 to the actual hitting URL.

This means when we try to hit the URL http://localhost:8245/pricing/1.0.0/zipcodes/1, it must hit the original URL which is http://localhost:9666/zipcodes/1.

In the implementation section, there are two sub sections

  • ManageAPI
  • Prototyped API

In the two fields, we need to give the base URL of your production API which is where your APIs are running i.e. http://localhost:9666

Manage section:
In the Manage section, we need to give the subscription tiers for the number of requests it can handle.

There are several tiers like

Unlimited: it can handle unlimited requests

Gold: it can allow 5000 requests

Silver: it can allow 2000 requests

Bronze: it can allow 1000 requests

Then click on the save and publish them to your APIs are moved to the store.

Store: Where all the API are published.

Subscribe APIs
If you want to access any API from the store you must subscribe to the APIs then only you can access that API. Because we need an API token to access that API.

  • You should first sign up and then log in.
  • Create an application in the store
  • We’re creating the app in your account for the app to make use of the API.
  • To create the app, go to application and click on add application
  • Then fill data and click add

Then subscribe to the API of your choice.

  • Go to APIs section click on APIs
  • Select the application you want for the API.
  • And select the tier of the application means gold, silver, bronze.
  • Click on subscribe

Now you need to generate the API token for your app. Go to your applications click on the app.

  • Click on the generate keys
  • Then it will generate the consumer key
  • Go to the Consumer secret key and access token which will be displayed as below

We can also regenerate the access token

Run the APIs:

  • Go to the APIs section and go to the API console where you will find the all the URLs of APIs
  • Then by default, your Access token is configured
  • And click on the API URL

Then it will hit the actual server APIs and give the results in the form of JSON.

When you click on ‘Try it out’, you’ll get the following response.

Publisher: The role itself indicates that he will publish the APIs

Store: This is like a market where all the APIs are placed. The developers subscribe to the APIs.


Here are a few references:

Public API to practice: http://jsonplaceholder.typicode.com/posts

Blog: http://searchmicroservices.techtarget.com/definition/API-management

Video: https://www.youtube.com/watch?v=xc8LxQSxr_Y

Publish API Video: https://www.youtube.com/watch?v=kxzRAH-pH2k

Invoke API Video: https://www.youtube.com/watch?v=ttgAYxbE9-E