How in WSO2 API Manager 3.2 disable the access-token mechanism?
I want to access my API directly, no authorization, no access tokens. How can I turn them off? Alas, I didn’t find any information other than this: x-auth-type: No, but I didn’t find in which file to change it.
You can disable the Security for each API Resource from the Publisher Portal. Open the API that you don't want security-enabled and navigate to the Resources tab. Expand the resources, and turn off the Security.
This will disable the security for that particular API Resource, and you will be able to invoke the respective Resource without any Access Tokens. You can learn more about the configurations and steps in this Doc: Under Point 7 > b > iii
Related
I'm a newer in wso2 and having some confusions regarding subscribers who log into the developer portal for subscribe to APIs. In fact,i created a user with the role internal\subscriber and internal\selfsignup and after logging in with this user, I expected that he could only see the APIs created and subscribed to them with the applications created in the /publisher page, but it seems that this user has the possibility to create these own applications and I do not see how to withdraw these privileges. I want it to use also the apps created in /publisher.
Best regards
The question is a little confusing. Please find the basic ideas of API visibility and API subscription availability below.
You can create applications in the devportal or store portal
You can create APIs in the publisher portal
In general, when you create an API in the publisher portal and publish it without any role visibility restrictions, anyone can view those APIs. To view these publicly available APIs in devportal, you don't even have to log in to the devportal. This is can be viewed in anonymous mode.
In case if you have restricted the API visibility in devportal based on roles, then only the users with the allowed roles can view those APIs.
Similar to API visibility, you also can control the API subscription in the devportal. The subscription availability option will only be displayed if there are tenants in your environment.
Please refer to the official document for more details on this topic.
By default, user can access API store URL and can see published API without having to login. Is it possible to configure API Manager to force the user to always login first before they can see the published API.
Thank you very much.
You can restrict API visibility on the Store via the Publisher (https://docs.wso2.com/display/AM1100/Key+Concepts#KeyConcepts-APIvisibilityandsubscription) , so that only registered users can see published APIs.
Restricting access to the /store domain is a network/proxy matter.
I have several questions about WSO2 API Manager that I am not able to figure out reading the documentation:
Is it possible to setup a "default" basepath for all API? for example if I have to switch my endpoints from localhost:8080/rest/myapi to 12.43.56.89:8080/rest/myapi is it possible to do it without editing any single API's enpoint?
Is it possible to create create a role which allows access only to sandbox endpoint but not to production endpoint? The only way to do this, as far as I know, is to manually block the access to production once the user has subscribed the API. My idea is to allow all users to access the sandbox but enable only trusted users to access the production APIs once their applications have been validated.
Is it possible to distribute several instances of the AM Gateway? Accordingly with documentation it seems that is only possible to run gateway, store, and publisher+keymanager on different servers but not to run multiple instance of the gateway in parallel.
Thank you!
1) You can use a variable for endpoint base path like this.
http://{uri.var.host}:{uri.var.port}/apis/weather
These variables can be taken from system variables. See this for how to do it.
2) You can use Key Generation (i.e. OAuth App Registration) Workflows for this. This will send a approval request to admin user. If you want to automate it to approve based in user roles or something, you can customize workflows.
3) You can have multiple gateways.
We're trying to make Salesforce send a message to one of our APIs through WSO2 API Manager 1.9.0. However, it seems that Salesforce is unable to authenticate and recommends using IP-restrictions.
So, is it possible to allow an anonymous/unauthenticated user to use an API in API Manager? IP-restriction I can take care of with firewalls, I don't have to do that in API Manager.
When you create an API, in the Manage tap, you can select No Authentication for an API resource. Then you will be able to access the API resource without access token. See my answer for the similar question.
I'm using SWO2 API Manager 1.4.0. When user logs in to API Store and opens API with visibility "Restricted By Roles", it asks user's credentials again.
It happens when Swagger loads api-doc.json from
/registry/resource/_system/governance/apimgt/applicationdata/api-docs/ApiName-Version/api-doc.json
and receives code 401 in answer.
The question is: how should I configure API Manager to make it use user's credentials for any calls to Governance Registry?
We give anonymous permissions for the swagger json resource when creating the API. So I am not sure how this issue is appearing to you. Can you please check what is the permission assigned for the api-doc.json? This can be checked by accessing the resource through registry browser in management console and expanding the Permissions.