Share Your API Subscriptions With Your Team

Products
Technology for your digital platform that you can run yourself, in a private cloud, or as SaaS.
API Management
Integration
Identity & Access Management
Your Digital Platform, as a Service
Platform
- Your internal developer platform as a service to quickly deliver applications.
Solutions
By Technology
- API Management
  Solutions to deliver your APIs in any environment.
- Integration
  Break down data silos, streamline workflows, and unlock insights.
- Identity & Access Management
  Create secure, unique, and compelling digital experiences with ease.
  
  Customer IAM
  
  For Consumers (B2C)
  
  For B2B Applications (B2B CIAM)
  
  For Citizens (G2C)
  
  Workforce IAM
  
  API Access Management
By Industry
- Healthcare
  Provide awesome digital experiences for payers, providers, and patients.
- Finance
  Deliver secure financial experiences at speed.
- Government
  Deliver secure and simplified digital services for governments and citizens.
Featured Blog
- Implementing an Event-Driven GraphQL BFF with Real-Time Notifications
  Read Blog
Resources
- Training and Certification
- Events
Featured Whitepaper
- Transactions in a Microservice World
  Read Whitepaper
Support
- Subscription
  Learn About the Benefits of a WSO2 Subscription for Commercial Use.
- Updates
  Maintain the health and security of your solution.
- Consulting Services
  A full range of services to help you get the most out of your WSO2 project.
Featured Blog
- Self Manage Your WSO2 Support Portal Users
  Read Blog
Company
- About WSO2
  Learn about who we are and our journey.
- Team
  The people behind our innovative technologies.
- Customers
  See how we’ve helped leading enterprises from around the world.
- Careers
  Discover how you can make an impact.
- Partners
  Learn about the benefits of partnering with us.
- News
  The latest updates and insights.
Customer Spotlight
- YOMA x WSO2: Building Better Banking Relationships
  Read Case Study
Community
Contact Us
EN
- French
- German
- Portuguese
- Spanish
Profile

Submitted by amilam.wso2.com on Wed, 01/23/2019 - 16:13

APIs published in WSO2 API Cloud are secured with Oauth tokens. Therefore, before invoking them you need to subscribe to the API and generate an Oauth token. To subscribe to an API you need to create an application (a virtual one). If you are not familiar with the concepts you can find more detail in our tutorials.

One request we had been receiving from our users was the ability to share these subscriptions with others in their teams. This seemed to be a very valid requirement. Most of the times there is a team who develops an application which will consume these APIs. Even-though one person subscribes and generate tokens to invoke an API, it makes sense for others to have some control on that subscription. For example they might need to re-generate a token due to some urgent security reason or subscribe to another API needed by their application without being by the application owner to do it. Basically, this reduces the impact of a centralized ownership in your API consumption process. After considering this, we have released a feature which allows subscriptions to be shared with the team.

How this works?

When users create applications in the API developer portal they can define a group(s) which they want to share the application with. Here, what is meant by a group is a role in their organization. You can read more about roles and assigning users to them from this tutorial.

If there is a "Finance" role in the organization and if it is provided as the group to share the application (as shown in the above image), then anyone signing into the developer portal who has that role is able to see that application.

Others in the team can see the subscriptions made by this application, view the tokens and also re-generate the tokens if needed. But, if they are not the application owner, they cannot do the token generation for the first time. i.e. It has to be the owner who does the first token generation. Application owner has full control over the application and the others have less control. For example, they cannot unsubscribe from an API which was subscribed by the application owner. But the owner can unsubscribe from APIs which were subscribed by others using his/her application.

You can follow the steps in our tutorial to implement this for your organization.

Implementing an Event-Driven GraphQL BFF with Real-Time Notifications

Transactions in a Microservice World

Self Manage Your WSO2 Support Portal Users

YOMA x WSO2: Building Better Banking Relationships

Share Your API Subscriptions With Your Team

API Management

Integration

IAM

Internal Developer Platform

Solutions

Resources

Support

Company

Follow us