using wso2 AM 1.10 I published an API logged in as the default admin user. I tried to create a new user using the management console and assigned the Subsriber role to that user. However when i log in to the store using that user, the published API is not visible. I made sure that the API is set to public while publishing the API. Also, I dont see the options in the manage tab as described here. https://docs.wso2.com/display/AM1100/Key+Concepts#KeyConcepts-APIvisibilityandsubscription
What could be the reason for the newly created subsriber not able to view the pubslished API? What is the criteria for the API to show up in store for the newly created subscriber?
For APIs to be visible, the API needs to be in published state and the user's role needs to have subscriber permissions.
Related
I am using wso2 apim 4.0.0. Some dozen of apis are deployed and published on it by admin user. Consequently the provider of those apis is admin(in wso2 db). The question that I would like to ask is if it possible to change api provider to another user. If it is then how to do that?
I tried to change it directly in wso2am_db (wso2 api manager database), but haven't succeeded.
this is not possible. Provider is user who created api. You can log in like admin, delete your api. Log in(in publisher or restfull api) like a different user and then create/deploy your api.
The API Provider will always be the user who creates the API. Directly updating the tables may result in data inconsistency. If you want to show it as owned by a different user in Developer Portal, you can add that user as Business Owner of the API, under Business Info.
I'm a newer in wso2 and having some confusions regarding subscribers who log into the developer portal for subscribe to APIs. In fact,i created a user with the role internal\subscriber and internal\selfsignup and after logging in with this user, I expected that he could only see the APIs created and subscribed to them with the applications created in the /publisher page, but it seems that this user has the possibility to create these own applications and I do not see how to withdraw these privileges. I want it to use also the apps created in /publisher.
Best regards
The question is a little confusing. Please find the basic ideas of API visibility and API subscription availability below.
You can create applications in the devportal or store portal
You can create APIs in the publisher portal
In general, when you create an API in the publisher portal and publish it without any role visibility restrictions, anyone can view those APIs. To view these publicly available APIs in devportal, you don't even have to log in to the devportal. This is can be viewed in anonymous mode.
In case if you have restricted the API visibility in devportal based on roles, then only the users with the allowed roles can view those APIs.
Similar to API visibility, you also can control the API subscription in the devportal. The subscription availability option will only be displayed if there are tenants in your environment.
Please refer to the official document for more details on this topic.
I am currently doing a PoC on WSO2 API manager (v2.6.0). I am already having a Web application (Ex: Pizza booking) and also registered customers (end users) who is using the application for pizza booking. Now I wanted to bring the backend services of the pizza booking app such as,
Choose store location,
Book pizza,
Track order, etc.
as APIs into the WSO2 API Manager. For this, I would create the required apis in API manager. Then I wanted to bring my existing web application users (end users) into the API manager and provide access to those apis.
What would be the best way to implement this?
Bring my users under WSO2 identity server and use identity server as a key manager to my API manager?
Bring my users under secondary user store/ use custom user store of API manager?
Out in that case, how would I provide access to particular API's (subscribing to API's) without logging to API manager store and subscribing manually for every user?
Also,
What is the use of creating a Service provider and creating an Oauth application under Inbound authentication?
What can I do with this application?
Is this same as the application we create before subscribing to an API in API manager store?
Can I add users to this application and grant access to them in common?
Can I subscribe to API's using this application so that all users under this application will have access to it?
You can do it either way. Using IS as Key manager (if you already using IS), or adding as a secondary user store.
So, if you are already using WSO2 Identity Server in your deployment, configuring it as key manager (by sharing user stores), will automatically enable all the users in IS (with proper permission) to access the apis.
If you do not use the IS currently, the best option is to add as a secondary user store to the existing APIM deployment.
Please find the answers to the other questions below.
What is the use of creating a Service provider and creating an Oauth application under Inbound authentication?
What can I do with this application?
Is this same as the application we create before subscribing to an API in API manager store?
Can I add users to this application and grant access to them in common?
Can I subscribe to API's using this application so that all users under this application will have access to it?
Answer
The Service Provider is created automatically when an Oauth application is created and generate keys. But, there are different aspects of these two entities.
The Service provider is generally used for generating application keys to get an access token to invoke the apis.
OAuth Application (when you create through API store) has several other uses such as subscribing to APIs, enforcing throttling policies for subscriptions etc.
In order to use the token generated by an Application, the respective API should be subscribed by the application. Otherwise, you will not be able to invoke that API although you have a valid access token.
You can subscribe to an API only from the OAuth application created through the API Store.
Your users can use the same OAuth application (which is created via Store portal and subscribed to an API) to generate an access token for them. That is by providing them with the application keys and using password grant type, they can generate token for them
Refer this documentation for more info on the token API and grant types. https://docs.wso2.com/display/AM260/Token+API
Adding to what #Menaka has explained.
Your end-users don't have to subscribe to APIs. Only the application developer has to subscribe and embed the consumer key/secret to their app. Then the application should generate tokens for the end-users using those keypair+end user credentials.
By default, user can access API store URL and can see published API without having to login. Is it possible to configure API Manager to force the user to always login first before they can see the published API.
Thank you very much.
You can restrict API visibility on the Store via the Publisher (https://docs.wso2.com/display/AM1100/Key+Concepts#KeyConcepts-APIvisibilityandsubscription) , so that only registered users can see published APIs.
Restricting access to the /store domain is a network/proxy matter.
I'm using SWO2 API Manager 1.4.0. When user logs in to API Store and opens API with visibility "Restricted By Roles", it asks user's credentials again.
It happens when Swagger loads api-doc.json from
/registry/resource/_system/governance/apimgt/applicationdata/api-docs/ApiName-Version/api-doc.json
and receives code 401 in answer.
The question is: how should I configure API Manager to make it use user's credentials for any calls to Governance Registry?
We give anonymous permissions for the swagger json resource when creating the API. So I am not sure how this issue is appearing to you. Can you please check what is the permission assigned for the api-doc.json? This can be checked by accessing the resource through registry browser in management console and expanding the Permissions.