How to access API definitions from the WSO2 API Manager

WSO2 API Manager provides an intuitive UI that can be used to add and configure API’s that are exposed via the API Manager. However not all the capabilities of an API can be manipulated from the API Publisher’s UI. Certain tweaks require the access to the API definitions directly. There are two possible ways of doing this.

1. Via the Management console of the API Manager

Access the Management console of the API Manager from the following URL and log-in using the admin credentials.


Once inside the management console, you can see the source view icon on the left hand side navigation bar as indicated below. Navigate to the source view page.

Here you would find all the API definitions, you can change the API definitions as required.

2. Directly accessing the API definition from the file system of the API Gateway.

API definition is stored in the file-system of the API Gateway, you can access this from the following folder path.


Each API is represented by a xml file. You can change the definition by changing the contents of the file. The changes would be hot deployed to the API Gateway.

Please be mindful of the changes you make as it affect the exposed API’s. API’s are defined in Apache Synapse hence you would need some level of knowledge on Apache Synapse to manipulate these files.


Restricting grant types for an application in WSO2 API Manager

WSO2 API Manager has the capability of restricting which grant types are enabled to a given application. This functionality is provided via the management console of the API Manager. Given below are the steps required

1. App developers should have the required permission in order to restrict the grant types available for an application. Permission given below should be set to a user role associate to the App developer.

2. Once this is done please log out and log into the API Manager’s admin console

3. Now you would see the OAuth URL available in the left navigation, click on this.

4. Here you would see all the applications that are created by the App developer, from this menu select the relevant application to which the grant types should be restricted.

5. Once you are inside the selected application you can define which grant types should be allowed to a given application. By default all grant types are ‘un-checked’ and all grant types are allowed. If you want to override this default configuration select on the required grant types that should be allowed to a given application.

6. Once you are done click on the update button and the configuration would be updated.

How to retrieve token information using REST API in WSO2 API Manager

WSO2 API Manager provides a host of REST API’s that are capable of performing many operations in the API Manager. Given below are the steps to follow to retrieve token information such as the Consumer Key,Consumer Secret, and Access Token using the REST API. In order to perform this we assume that an instance of the API Manager is running(in port offset 0) and an application is already available in the API Store.

1. Initially you need to login to the API Store and create a cookie that can be used in subsequent REST calls. Login to the store using the following command. Replace the username and the password with the relavent value

curl -X POST -c cookies http://localhost:9763/store/site/blocks/user/login/ajax/login.jag -d "action=login&username=xxxx&password=xxxx"

2. Call the Generate Application Key API that would generate the required access keys. Use the below command to generate the application keys. The following command would generate keys for the default applications. Change the parameters accordingly based on your application.

curl -X POST -b cookies http://localhost:9763/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag -d "action=generateApplicationKey&application=DefaultApplication&keytype=PRODUCTION&provider=&tier=&version=&callbackUrl=&authorizedDomains="

Integrating WSO2 API Manager with a 3rd Party Billing tool

How can we integrate 3rd party billing to the WSO2 API Manager?

WSO2 API Manager with the integration of WSO2 Business Activity Monitor (WSO2 BAM) provides out of the box capability to generate API statistics. However some organisation would require the API Manager to be used with their own (3rd party) billing systems. There are few ways that this can be done. These methods are illustrated in the diagram below
3rd party
1. The API Manager already collects all API related data when an API invocation is made by a service consumer. The API Manager can publish them to WSO2 BAM, which the WSO2 BAM uses to generate information required for API statistics. The same process can be utilized by a 3rd party tool to access API information from the API Manager. Once the data is published to the WSO2 BAM, WSO2 BAM would stores the data in a Cassandra data-store and summarize these data periodically based on a set of Apache Hive queries. The summarized information can then be inserted to a RDBMS which can be accessed by the 3rd party billing tool.
2. API Manager can publish to any thrift data endpoint which can be utilized by the 3rd party billing system to recieve data from WSO2 API Manager. This would provide direct integration with the 3rd party billing system.
3. API Manager uses a thrift data publisher to publish data to a billing system, it is possible to write an extension in the WSO2 API Manager to provide the capability to publish data in a different protocol to a 3rd party billing tool. This extends the capability of API Manager to work with any billing system that can recieve data using standard web API’s.
The WSO2 API Manager is shipped with a standard set of Hive queries(As part of the BAM toolbox) to summarize API data. It is possible to modify or write your own Hive queries to summarize the API information based on your own KPI’s to fit the needs of the 3rd party billing system. The billing system can directly access the RDBMS and use it as a data source to generate billing information.