WSO2 API Manager : Sharing API Subscriptions between developers

Subscription management is a crucial part of an API Management solution. WSO2 API Manager provides this capability to API developers via the API Portal (API Store) or via exposed portal APIs. API subscriptions are associated with applications. An API needs to be subscribed under an application and the application can have one or many APIs subscribed to it. This application is a logical space that represent a real life application. Each application would have an associated API key through which the API Can be consumed, This concept can be explained with the following example.


Lets look at this from the perspective of a local met department which exposes a set of APIs for consumption. They would be using WSO2 API Manager to expose the APIs. Lets consider WeatherNow as a company that would build an app to provide weather information. WeatherNow would consume multiple APIs provided by the local met department to display weather information on the app.



They need access to multiple APIs exposed by the local met department in order to get this app up and running. The app would provide information on the temperature, rainfall, snowfall and wind speed of a given location. All these data are exposed as individual APIs by the Met department. Developers from WeatherNow would need to subscribe to the required weather APIs from the met department. WeatherNow would create an application in API Manager to do so. This is illustrated in the diagram below




This works perfectly if you have just one developer from WeatherNow to access the developer portal and subscriptions, but what if there are multiple developers from WeatherNow working on these APIs. They cannot create their own subscriptions but is required to share the same subscription with each other. WSO2 API Manager facilitate this capability via the API Store. It is possible to enable subscription sharing where developers in the same organization share subscriptions with the other developers belonging to the same organization.




This capability is disabled by default in the API Manager and can be enabled by commenting the following in api-manager.xml (<API-Manager_Home>\repository\conf\api-manager.xml).



This capability takes into account the claim name ‘Organization’ in the user store to group the users. The DefaultGroupIDExtractorImpl can be modified to consider any other claim to group the users.

Please note that the this default extractor doesn’t work with SAML SSO. You need to write a custom implementation using the class as an example.