November 20, 2017
3 min read

APIs to Control Your API Management

In WSO2 API Cloud, everything you do through the web user interface can also be done programmatically via APIs. Detailed API reference can be found in the API Cloud's Product APIs documentation. Today I will show you just a quick example on how you can use Publisher's RESTful APIs to get a list of APIs published (for all other operations you would use a similar approach and simply other REST resources from the API reference).

1. Register client

1.1. Obtain your organization-qualified ID

The first thing we need to do is register our API client and obtain the consumer ID and consumer secret values. The most important piece of information that you need for that is your domain-qualified ID in WSO2 Cloud. This is your email address @ your Organization Key. You can find your Organization Key by clicking Organization on the 9-dot menu at the top right of the cloud interface. For example, on the screenshot below, my Organization Key is wso2dmitry2639:
With my email address [email protected], this gives me the qualified ID of [email protected]@wso2dmitry2639.

1.2. Create registration json

This is just a payload.json file that would have the ID that you have just obtained. In my case that would be:
  "callbackUrl": "",
  "clientName": "rest_api_publisher",
  "tokenScope": "Production",
  "owner": "[email protected]@wso2dmitry2639",
  "grantType": "password refresh_token",
  "saasApp": true
Save that text file as payload.json.

1.3. Encode your credentials

Now you need to take the qualified ID from step 1.1, add a colon (:), add your password and do Base 64 encoding for that string. For example, if my password was [email protected], I would have needed to encode [email protected]@wso2dmitry2639:[email protected] and that would have given me: ZG1pdHJ5QHdzbzIuY29tQHdzbzJkbWl0cnkyNjM5OlBAc3N3MHJk

1.4. Register the client

Now you can just run this curl command in the folder that has your payload.json from step 1.2: curl -X POST -H "Authorization: BasicZG1pdHJ5QHdzbzIuY29tQHdzbzJkbWl0cnkyNjM5OlBAc3N3MHJk" -H "Content-Type: application/json" -d @payload.json This will give you an output like:
  "appOwner":"[email protected]@wso2dmitry2639",
         \"grant_types\":\"password refresh_token\",
This response has everything we need: clientId is your consumer key and clientSecret is your consumer secret.

2. Obtain OAuth token

2.1 Encode consumer key and consumer secret

Now we need to take the clientId and clientSecret values, put a colon between them, and base 64 encode that string. In my case, I need to encode O7buGR5fMVMuNBFF:A3mYNQjHDsXX_T1. When I do that, I get TzdidUdSNWZNVk11TkJGRjpBM21ZTlFqSERzWFhfVDE=

2.2 Find your scope

In the documentation page for the method you want to call, find which scope it needs. I just want to use Retrieve/Search API and this method requires apim:api_view scope.

2.3 Request the token

Now you have everything you need to get the OAuth token. Simply run this (with your own ID, encoded keys, and scope): curl -k -d "grant_type=password&[email protected]@wso2dmitry2639&[email protected]&scope=apim:api_view" -H "Authorization: BasicTzdidUdSNWZNVk11TkJGRjpBM21ZTlFqSERzWFhfVDE=" You then get a response like that:
access_token is the OAuth key you can use for your calls.

3. Use the APIs

Now you can just take that access token and use it with the API call that you pick from the reference page. In my case, for the token that I got, to get a list of all APIs, I would call: curl -k -H "Authorization: Bearer 89c12aab-6f0e-3c3b-8409-d186670ec73c" I then get a response like:
  "description":"Country data API",
  "provider":"[email protected]@wso2dmitry2639",
For my tutorial, I picked just one simple call to list the APIs. Full reference has dozens of methods that you can use to completely bypass our user interfaces and perform any API management operations programmatically. Check out API Cloud's Product APIs documentation and let us know what you think.