Cloud Blog

Trace API calls and responses

To effectively troubleshoot APIs you need to know how your calls get transmitted to the backend and what the backend sends back. We have made this easy with the new gateway log access and tracing mediators. Here’s how.

1. Open for editing the API that you want to trace,

2. Go to step 2 (Implement),

3. Click the Enable Message Mediation checkbox and then select the debug_ sequences from the dropdowns for all 3 flows below it as shown in the picture:


4. Click the Next: Manage button at the bottom of the screen,

5. Click Save & Publish at the bottom of the last step of the editing wizard.

6. Open the live log by clicking the Configure / Admin Dashboard menu, and then clicking Log Analyzer / Live Log Viewer in Admin Dashboard’s left-hand menu pane.

Admin Dashboard log viewer

7. Now invoke the API (for example, in the API Store‘s API Console for that API).

8. You will see detailed information on the API request and response in the log:


9. When you are done troubleshooting, disable the message mediation that you enabled in step 3.

Try it in API Cloud today!

Throttle APIs by IP address, headers, parameters, and JWT claims

We have rolled out Advanced Throttling policies and you can now easily add rate- and bandwidth-limiting based on various parameters including IP address, HTTP headers, query parameters, and JWT claims.

For example, supposed I have an API for phone number verification created as described in our tutorial.

The API accepts 2 parameters: PhoneNumber and LicenseKey. LicenseKey 0 is a demo key so I would like to limit its use: if subscriber supplies 0 as LicenseKey I want to only allow 1 call per minute. For any other key, I will allow 1000 calls.

Here’s how I can set this up in API Cloud:

We will first start by defining the new throttling policy:

1. In API Cloud, click the Configure / Admin Dashboard menu,

2. In the Admin Dashboard’s left-hand menu pane, click Throttling Policies / Advanced Throttling,

3. Click the Add Tier button at the top:


4. Give the new policy a name (I called it ‘ThrottleFreeLicense‘) and set the default limits (I set it to 1000 calls per 1 minute):


5. Now scroll down to the Conditional Groups section and edit the condition.

Policies can have multiple conditional groups but, in our case, we just need one because we only want to set LicenseKey = 0 as the special case.

You can optionally give it a name (such as ‘LicenseKey 0 gets 1 req/min’) and then select which kind of condition you want to include: IP address, HTTP header, query parameter, or JWT claim.

We will pick Query Param Condition, turn it ON, and then set Param Name to LicenseKey and Param Value to 0.


Click the Add button to get the condition added.

6. Now scroll further down and specify the limits when the condition above is met. In my case, when LicenseKey = 0, I want to only one request per minute allowed:


7. Finally, click the Save button to update the policy.

Now we need to assign this new policy to our API:

8. Back in API Cloud’s Publisher, open your API for editing,

9. Go to the third step of API editing (3. Manage).

10. In Advanced Throttling Policies, select Apply to API and select your policy (in my case ThrottleFreeLicense) from the drop-down list:


11. Click the Save & Publish button to make the change take effect.

Note: new policies take effect immediately. If you are modifying an existing policy, your changes will likely take about 15 minutes to take effect due to API caching.

Now you can give it a try.

12. Go to API Store and invoke the API either from the API Console tab or a curl command or any other client. You will see that the first invocation with LicenseKey = 0 succeeds while the immediate next one fails:

$ curl -X GET --header 'Accept: text/xml' --header 'Authorization: Bearer ca115527-25a7-3bba-879a-xxxxxxxxxxxx' ''

<?xml version="1.0" encoding="utf-8"?>
<PhoneReturn xmlns:xsd="" xmlns:xsi="" xmlns="">
<Company>Toll Free</Company>
<Use>Assigned to a code holder for normal use.</Use>

$ curl -X GET --header 'Accept: text/xml' --header 'Authorization: Bearer ca115527-25a7-3bba-879a-xxxxxxxxxxxx' ''

<amt:fault xmlns:amt=""><amt:code>900800</amt:code><amt:message>Message throttled out</amt:message><amt:description>You have exceeded your quota</amt:description><amt:nextAccessTime>2017-Jan-05 17:14:00+0000 UTC</amt:nextAccessTime></amt:fault>$

Besides exact match conditions (like in my example above) you can also specify IP address ranges and regular expressions for HTTP headers and JWT token claims.

Advanced throttling is a powerful mechanism that allows you to fine tune rate limits and bandwidth based on various API call conditions.

Give it a try in API Cloud today!

Adding more backend instances

In WSO2 Integration Cloud (formerly known as App Cloud), you can now easily add more instances to your applications and API backends. More instances mean both better performance and higher availability in case of failures.

To scale up your application, simply:

1. Click the application that you want to scale up,

2. On the application overview screen, in the Replicas section, click the Scale Deployment button:


3. Set the number of instances you want and click the Update button:


4. In the app’s overview, you can now see the additional instances and are able to click View Logs for any of them and see what is happening in this particular instance:

Application with two replicas

This feature is available both in trial and commercial accounts.

Whenever you hit the limit, there is a link that allows you to file a support case to get the limit increased.


Recent Posts

Most Popular Posts