Saturday, May 2, 2015

Invoking an API published in WSO2 API Manager using Chrome Advanced REST Client

This blog post describes how Chrome Advanced REST Client can be used to invoke an API published in API published in WSO2 API Manager.

WSO2 API Manager

WSO2 API Manager is one of the major open source products of WSO2. It facilitates the API providers with various features such as API creation, publication, versioning, monetization, governance, security etc. It provides a user friendly user interface as well as performance rich back-end. Customers can subscribe to the APIs published by the providers to consume them. You can find more details of WSO2 Manager from here and in API Manager documentation.

Get the latest version of WSO2 API Manager from here. Start the pack running the .bat file (for windows) or .sh file (for Unix and Mac os x) in the bin directory of the extracted pack. After the the server started you will get the URLs for Management console, publisher API and, Store API respectively. WSO2 API Manager documentation  will guide you to create user roles and log in to each of them.

Following is an example terminal output of running the file in a linux machine.

Publishing an API 

In WSO2 Manager 1.9.0 publisher API you are facilitated to Add an existing API by giving a swagger file or a swagger URL, or giving a SOAP endpoint (WSDL), or if you want design a new API.

You can follow the WSO2 API Manager documentation to add an API. Here I am using an API created to expose the Phone Validation Service by the Cdyne services provider. It has SOAP and REST interfaces. The endpoint is

This Phone Validation Service has two operations. Those are CheckPhoneNumber and CheckPhoneNumbers. In the following example I am using CheckPhoneNumber operation.

The API is created in three stages. Those are design stage, implementation stage and manage stage. At the third stage, you can save and publish it. Then the status of the API become published. if in case you want to change the state of the API, you can go to API Life cycle and change to one of the status provided there.

Invoking the API

After publish the API, log into API store. There you can see the published API in the store.

Go to the My Applications tab and create an application. You can specify the throttling tier you want. You can find more information in API throttling tiers in WSO2 API Manager from here

Now you have to subscribe to the API. Click on the Phone Verification API and go to the subscription page. 

There you can specify your created application and the throttling tier you want to and subscribe to the API by clicking on the subscribe button.

When clicking on it you will be asked to "Go to My subscriptions". Click on that button and go to My Subscriptions Tag and generate the keys for the application. For that click on the "Generate Keys" button. 

Now you have taken an Access token for the application to invoke the API. Now click on the API and go to the API console Tab in the UI. There you can see the set Request Header you got.

Well. Now it is the time to start Chrome Advanced REST Client. 
Go to the following link and Launch the app. 

Now you can see the Following UI of the REST Client.

Give following details and click send. Here I am going to send a request with GET method.

URL : https://<your IP>:<port>/phoneverify/<version>?PhoneNumber=<sample_phoneNumber>&LicenseKey=<0_or_licence_key_you_have> 
example : https://<your IP>:9443/phoneverify/1.0.0?PhoneNumber=0112344567&LicenseKey=0 

Key : Authorization  (select from the drop down list)

Method: GET

Value: Bearer<space><Access_token>
           example : Bearer 52cc104b661dc27f76e14aa1f739e7ba

After sending the request on success you will get the following response. 

It gives the response by invoking the Phone Verification API. Validity of the phone number, if not valid the original phone number, Clean number, Whether it is wireless or not are the information provided here.


You have invoked the Phone Verification API published in WSO2 API Manager.

For a unit time period (minute) API Manager allow to send a particular number of requests predefined by the throttling tiers. 
  • Bronze      - one request per minute
  • Silver        - 5 requests per minute
  • Gold          - 20 requests per minute
  • Unlimited  - unlimited requests per minute

If you exceed the number of requests send you will get the following message in the Chrome Advanced REST Client interface.

<amt:message>Message Throttled Out</amt:message>
<amt:description>You have exceeded your quota</amt:description>

Then you can wait for that particular time period and send number of requests permitted in a minute until the validity time of the access token expires.

Thats All!