I am trying to configure gateway access log of wso2 apim (4.0.0) so that it should contain api username and api name in a log file. I followed this documentation.
The log file structure I would like to have as below:
datetime | remoteIp | username | invoked_api_name | api_url | request | response
Any help is appreciated
The invoked_api_name and username are not available at the Access Log level. Therefore, you can implement a custom Synapse Handler to log the relevant information to either wso2carbon.log or separate logs as per your need.
This is a sample written for API Manager 3.2.0 Custom API Log Handler. You can also refer to the Handler mentioned by #Ishara Cooray.
Update the dependencies to align with the API Manager 4.0.0 environment. The TOML configuration to engage the Handlers will be as following (it is slightly different from the configs in 3.2.0)
[synapse_handlers.<custom_name>]
enabled = true
class = '<package-name.class>'
For example
[synapse_handlers.api_log_handler]
enabled = true
class = 'com.sample.handlers.APILogHandler'
Update
I have updated the custom handler implementation with API Manager 4.0.0 dependencies. Find the branch and updated README here.
you are not be able to include username in the access_log as this information is not available at this level.
You may write a custom handler to log the required information in a log file.
https://github.com/CrowleyRajapakse/CustomLogHandler
Related
In previous api-manager version when we create an api, api synapse files were recorded in Users/bilal/test/api-manager/wso2am-2.6.0/repository/deployment/server/synapse-configs/default/api. But in 410 only default apis are there and my apis' synapse file is not there. But the api can be called without issue. Same thing for sequences.
I need to check and change the mediation that was applied. Always changing and uploading from the publisher is too much of work.
Adding to what pubudu has mentioned above. From APIM 3.2.0 onwards, we have introduced inbuilt artifact synchronizer and this will store the API artifacts such as synapse api definition, mediation sequences and endpoints to the database. It will then use events to distribute these artifact across gateways.
Previously, artifacts were saved to the file system and if you had multiple gateway nodes, file based synchronizers such as NFS, rsync had to be used to deploy these artifacts across gateway cluster.
Because of this new architecture, we removed the artifacts being saved to the file system and provided a gateway rest API, that you can use to view the deployed artifacts or redeploy artifacts in each gateway. If your requirement is to verify the deployed artifact, you can use this API.
And from APIM 4.1.0, we have changed the mediation policies feature to the new API policies framework.
If your requirement is to change the meditation sequence manually, you still can create a mediation sequence as you have created for APIM 2.6.0 and use the correct naming convention <API_NAME>:<VERSION>--<Direction> (eg: PizzaShackAPI:v1.0.0--In) and add it to the sequence directory. This will deploy the policy in the gateway and will be engaged when you invoke the API. However since we no longer keep artifacts in the file system, every restart will clear these directories and only keep the whitelisted files. That's where pubudu's above configurations are used for and you need to add your sequences' name to this configuration under sequences.
Please note that never to use these file based artifacts in your production deployment and only use them for testing progress. This is because whenever you add a policy from the publisher and deploy it in the gateway, this mediation policy will be undeployed and that file will deploy. At the server startup, this will create a inconsistent behaviour. so my recommendation is, you can use this apporach during the sequence development phase and once you have satisfied with it, use the correct apporach and add it as an API policy.
In the latest API Manager version, you can't find those files as those are not written into those files. Those data is kept in the memory.
You can add the following config to the deployment.toml to provide files from the file system.
[apim.sync_runtime_artifacts.gateway.skip_list]
apis = ["api1.xml","api2.xml"]
endpoints = ["endpoint1.xml"]
sequences = ["post_with_nobody.xml"]
local_entries = ["file.xml"]
I am using wso2is-km-5.9.0 for serving our application authentication and SSO needs and we have coupled wso2is-analytics-5.8.0 with our Identity Server. I have followed the steps mentioned in the offical documentation i.e setting Analytics in api-manager.xml to True and enabling the eventpublishers but I'm unable to see any data in Analytics dashboard. Please refer the error logs for the same attached.
Why is the data not being populated in WSO2 analytics dashboard??
Analytics error log
Identity Server error log
With the new config model introduction, you should not edit the api-manager.xml file. It should be done via deployement.toml file.
Moreover you have to enable event listeners and publishes in deployment.toml file. This will enable publishing data to the analytics. You should refer the documentation in https://is.docs.wso2.com/en/5.9.0/learn/configuring-identity-analytics/ because IS and IS-KM is more similar, difference is having an apim-manger.xml file.
[[event_listener]]
id = "authn_data_publisher_proxy"
type = "org.wso2.carbon.identity.core.handler.AbstractIdentityMessageHandler"
name = "org.wso2.carbon.identity.data.publisher.application.authentication.AuthnDataPublisherProxy"
order = 11
[identity_mgt.analytics_login_data_publisher]
enable=true
[identity_mgt.analytics_session_data_publisher]
enable=true
I have a custom page where I obtain Published API list using WSO2 Store Restful API
https://docs.wso2.com/display/AM220/apidocs/store/#!/operations#APICollection#apisGet
The problem is the returned result does not includes API Rating and Business Information whereas the Jaggery API that has been used by the default API Manager UI does include it. Is there any way to configure it so the REST API returns that data?
If I use the jaggery API instead, it is cookie based while I am using OAuth2 OIDC Service Provider of the IS. I cant obtain API that has visibility to only its own domain by passing access token to the Authorization header.
APIM Version: 2.2
Please Advice. Thanks!
There is no such a way which will change the output response of defined APIs.
If you want to do that, get source code of wso2 from github & edit the APIs & use the edited source to deploy your application. (But this will add lots of maintenance issue)
The quickest way is to call the get details of api.
It will return the business information object as well as below:
"businessInformation": {
"technicalOwner": "John Doe",
"technicalOwnerEmail": "architecture#pizzashack.com",
"businessOwner": "Jane Roe",
"businessOwnerEmail": "marketing#pizzashack.com"
},
Here you will get the heavy response as it returns the complete swagger definition as well.
Is there any redmine REST API available for company admin to get the details of user by giving users email id.
details like redmine KEY etc
Yes there is, you can do what you want in 2 API requests:
1) http://your-redmine-url/users.json?name=user#email.com
Using this request you will get basic details for user with email user#email.com
2) http://your-redmine-url/users/193.json?include=memberships,groups
Using this request you will get additional details for user with ID 193 (which we got from previous request) like user's API key, status etc.
Also note the following:
you need to use account with admin privileges to get these additional details
user's API key is only available through API starting from Redmine 2.3.0
user's status is only available through API starting from Redmine 2.4.0
All this info is from Redmine docs, which you can find here.
You can install this Redmine Shared API
This is a plugin share some endpoints of API.
New endpoints for NON-admin users
[GET] /shared/custom_fields.xml | .json
[GET] /shared/users.xml | .json
[GET] /shared/settings.xml | .json
New endpoints for NON authorized (public) users:
[GET] /public/settings.xml | .json
I've created a simple API and I'm trying to publish it using WSO2's API Publisher (aka API Cloud). I've gone through all the steps, but it seems to require an Authorization header to access my endpoint. In older documentation, it says that I can change the "Auth Type" at the resource level.
https://docs.wso2.com/display/AM160/API+Resources
However, this option doesn't seem to be there in the current version. I tried to make it so the Authorization header was not required. Unfortunately, I still get the following error:
<ams:fault xmlns:ams="http://wso2.org/apimanager/security">
<ams:code>900902</ams:code>
<ams:message>Missing Credentials</ams:message>
<ams:description>Required OAuth credentials not provided</ams:description>
</ams:fault>
Is it possible to disable authentication for my API? I don't need it at this point in my project.
The document you have referred is from APIM 1.6. From APIM 1.7, the APIM team changed the API creation process to a 3-step process. It involves API Design, Implement and Manage. I think you have experienced this by now. In the Manage section, at the very bottom, it lists down the available resources of the API, their auth type, allowed tier and the scope allowed.
Default auth type is application & application user. If you click on that, you will get a drop down where you will see "None" as an option. If you set the auth type as none, you will be able to invoke the API without providing the OAuth token.
See the following screenshot where I have selected different Auth types when creating an API.
Open the configuration related to your API in ${AM_HOME}/repository/deployment/server/synapse-configs/default/api/ and remove the following part.
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler"/>