August 25, 2015
3 min read

Disabling OAuth in API Cloud

OAuth2 has become the industry standard for secure API access, and is the default security mechanism that you get for your API subscribers in WSO2 API Cloud. API Cloud fully automates OAuth key generation and management. However, there are circumstances when you might want to temporarily have your APIs available with no security required. For example, this might be the way you decide to launch them initially while you are still on the prototype phase. WSO2 API Cloud gives you two ways of achieving this:
  • By publishing your API as Prototype, or
  • By setting required resource authentication level to None.
Publishing as Prototype Prototypes are different from common published APIs because they are meant to run your ideas across your community to quickly collect feedback. They can be implemented with a proper backend webservice (just like other managed APIs) or JavaScript. Either way, they require no subscription. Your users will be able to give them a try without having to subscribe to them. To publish an API as prototype:
  1. Pick Prototype on the second step of API creation (Implement),
  2. Provide JavaScript or backend URL,
  3. Click Deploy as Prototype.
Deploying an API as prototype (JavaScript or backend) on Step 2 of API implementation The API will appear on the Prototypes tab of API Store and will not require authentication for access. API prototype in WSO2 API Store Authentication Type: None You can also remove authentication requirements for regular managed APIs. This is useful when you want to still have the API listed on the API Store home screen and/or when you want to disable authentication requirement for individual resources of an API. For that, go all the way till the last (Manage) step of API creation, and then change Authentication Type to None in the drop down next to each API resource at the bottom of the screen: Setting REST resource Authentication Type from OAuth2 to None Happy API management!