Is there any way in WSO2 API Manger, to read a parameter value from the request xml/json (payload) and based on that value, route the request to different backend endpoints?
You can try using mediator extensions.
The API Manager has a default mediation flow for the API invocation requests that it receives. You can extend this default mediation flow to route the request.
First write a sequence file to change the flow. Sample sequence as
follows.
<sequence xmlns="http://ws.apache.org/ns/synapse" name="YahooWeather2">
<property name="YQL"
type="Expression"
expression="concat('?q=select%20*%20from%20weather.forecast%20where%20woeid%20in%20(select%20woeid%20from%20geo.places(1)%20where%20text%3D%22',syn:get-property('uri.var.zipcode'),',',syn:get-property('uri.var.country'),'%22)format=json')"/>
<property name="REST_URL_POSTFIX" type="Expression" expression="get-property('YQL')" scope="Axis2"/>
</sequence>
To upload the sequence file to APIM, login as admin go to main->
Resources-> Browse
Go to /_system/governance/apimgt/customsequences/in. from the
tree view
Click on Add Resource upload the sequence file you created.
Login to API Publisher ,select the api and click on edit and go
to Manage tab.
Click on check box for Check to select a custom sequence to be
executed in the message flow and in the In Flow dropdown
select your sequence(in sample case YahooWeather2) and do
Save & Publish .
Login to API store and subscribe the api and generate an access
token.
You can check availability from API Console in API store. for ferther details refer https://docs.wso2.com/display/AM191/Change+the+Default+Mediation+Flow+of+API+Requests
Related
I need to configure a set of apis which are secured and uses client credentials and password alone with client key and secret key.
And how to track the users that are trying to access the API.
I tried by adding proxy mediators.
By default, the API which you will create in WSO2 API Manager will have secure feature.
You can secure the APIs with
oauth which comes inbuilt in the application or
you can integrate the WSO2 Identity Server to be used as Identity Provider for WSO2 APIM.
Below link will show how to create and publish APIs in APIM Manager.
[https://docs.wso2.com/display/AM250/Create+and+Publish+an+API]
Once you are able to invoke the created API, you can check the usage of that API by checking on the Analytics profile for it. You can have it integrated with the API Manager.
Below link is useful to setup Analytics profile for APIM 2.5.0
[https://docs.wso2.com/display/AM250/Configuring+APIM+Analytics/]
Once the Analytics is setup for APIM, you can use the DB to fetch the usage of the APIs.
To solve your query, this is how you should proceed.
You can add a custom sequence in the inflow of the API ( you can do that from API Publisher only by editing it) [https://docs.wso2.com/display/AM260/Adding+Mediation+Extensions]
Sequence Code will be like below:
<sequence xmlns="http://ws.apache.org/ns/synapse" name="custom-sequence_name">
<property xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"
xmlns:ns3="http://org.apache.synapse/xsd"
name="accesstoken"
value="put your token here"
scope="transport"
type="STRING"/>
</sequence>
This above one is for token for backend which is static. For dynamic token you can create a sequence accordingly.
This should solve your query :)
For dynamic, go here [How the external authentication handled in WSO2 APIM for an external/Third Party APIs
If your backend is oauth secured then you can use one of the following methods
Method-1
OAuth mediator which can be used for generating OAuth 2.0 tokens and for calling the backends that are secured with OAuth 2.0 protocol. Refer this.
Method-2
writing a mediation sequence which generates an access token for the backend and making a connection to the OAuth 2.0 secured backend.Refer this blog.
I have a situation here where as I need to create a API flow such as below.
I manage to create an API using the GET method and Call Mediator for the login request. However, when i change the API method to POST (because I need to send something in the body) and using Call Mediator for the Login request, it prompt me an error.
I am not sure whether POST method API is not allowed to be using together with the Call Mediator or not.
Is the flow I want to create above, is achievable just using API or do i need to create a Business Process Management Project?
If I wanna use POST method together with Send Mediator, how would it be ? I was aware that I can not put any mediator after the Send Mediator
Any advice would be grateful. Thank you again.
What is the error that you got? and Try removing REST_URL_POSTFIX property before calling to your endpoint.
<property name="REST_URL_POSTFIX" action="remove" scope="axis2"/>
I have endpoint from thirdparty that require us to authenticate.
The response from endpoint authenticate is a cookie session.
I need to fetch the cookie response from this authentication endpoint, and then to call another endpoint (e.g : search endpoint) with this cookie.
I'm trying without wso2 and no problem with it, and the problem is while using wso2 ESB.
I have successfuly request endpoint authentication via wso2 ESB and, the response is return success,
Then i try to call another endpoint (e.g : search endpoint), the response is 403 forbidden (authenticate failed), that mean cookie is not send/set in search endpoint.
How can i fix this ?
I have try :
1. WSO2 ESB Getting a cookie from transport header with multiple cookies
2. In WSO2 ESB, how to store cookies and use them later for authentication?
Thanks a lot
Have you set the cookie?As you haven't provided details of your code.
<property xmlns:ns="http://org.apache.synapse/xsd" name="Cookie" expression="$trp.Set-Cookie"></property>
<property name="Cookie" value="JSESSIONID=1" scope="transport"/>
If the response from first call is a cookie session then i would suggest that you can write the session in a registry file so that you can fetch the session whenever you want.
I am using WSO2 API Gateway to service API calls. The backend requires custom user attributes (username, e-mail, etc.) to be sent as part of the query string in the URL. The values for the query string pairs will be provided in the SAML2 token embedded in the API call.
How can a mediator access these custom SAML2 attributes?
You can create a custom mediator or custom handler to parse the saml token and set it to a header or something . see Writing Custom+Handlers for sample handler which reads a header .
I used WSO2 Publisher application to create & publish an API with following configs:
Context = a
Version = v1.0
URL Pattern: /b/{bId}/c/{cId}
HTTP Verb: GET
Endpoint Type: HTTP Endpoint
Production Endpoint: http://backendserver:port/services/rest/GetXYZ
In the store I subscribed to the API, generated an application token and invoked the API with following URL:
https://gatewayserver:port/a/v1.0/b/123/c/456
However, when the gateway calls the backend service it somehow automatically changes the endpoint to the following:
http://backendserver:port/services/rest/456
instead of the expected:
http://backendserver:port/services/rest/GetXYZ
I verified the synapse config of the API and it captured the endpoint correctly as defined. what changes that backend endpoint automatically? How can it be avoided?
What version of Api manager are you using? if It is API manager 1.10, you would get a request to backend like this for default http endpoint
GET /services/rest/GetXYZ/b/123/c/456
The default behavior is appending the resource path to the backend endpoint when request is going out from the api manager
ex: if endpoint is http://test.com/abc and api has a resource defined as /testresource/123 then the request would be http://test.com/abc/testresource/123 to the backend with the default endpoint type (HTTP endpoint)
If you want to call the backend without appending the resource to the request, you can add the following property to the synapse configuration.
<property name="REST_URL_POSTFIX" scope="axis2" action="remove"/>
You can do this by using the mediator extension feature provided in API manager. see
https://docs.wso2.com/display/AM1100/Adding+Mediation+Extensions.
following is a sample extension file
<sequence xmlns="http://ws.apache.org/ns/synapse" name="removeresource">
<property name="REST_URL_POSTFIX" scope="axis2" action="remove"/>
</sequence>
Upload this and then import this to the 'IN flow' sequence in the api. see https://docs.wso2.com/display/AM1100/Change+the+Default+Mediation+Flow+of+API+Requests