WSO2 API Manager is an open-source solution for creating, publishing, and managing APIs throughout their lifecycle. It includes functionalities for API versioning, monitoring, governance, security, and community engagement. The document outlines key management and OAuth application management features, along with implementation details and various resource endpoints.

1. Last Updated: Jan. 2014

2. ๏
๏

3. ● WSO2 API Manager is a complete open-source solution for creating and
publishing APIs and managing all aspects of their lifecycle.
● Using WSO2 APIM, you can
-- Create and publish APIs
-- Advertise APIs in the storefront
-- Version APIs
-- Manage the lifecycle
-- Monitor and Analyze API Usage
-- Implement governance and security
-- Facilitate community engagement
-- Provide extension points
https://docs.wso2.com/display/AM190/Introducing+the+API+Manager

5. ●
●

6. ●
●

7. ●

8. ●
●
●
●

9. Connect the web app to protected resource / API
Simple web app Protected resource /
API.

10. End user
Web app
Initial
request
authenticate / authorize
Redirect
Authorization
code.
Token
Protected resource.
OAuth2
Authorization
manager
12
3
4
5
6
7

11. Source :- http://wso2.com/library/blog-post/2014/10/blog-post-revamping-wso2-api-manager-key-management-
architecture-around-open-standards/

12. ●
●

13. ●
●

14. ● WSO2 identity server.
https://wso2.com/products/identity-server/
● Open AM
https://www.forgerock.com/products/access-management/
● mitreid-connect
https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
● Surf oAuth
https://github.com/OAuth-Apis/apis

15. OpenID Connect reference implementation in Java on the Spring platform.
https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/

17. <APIKeyManager>
<KeyManagerClientImpl>org.wso2.carbon.mit.
OpenIDClientImpl</KeyManagerClientImpl>
<Configuration>
…………………………………………………………..
<ResourceRegistrationEndpoint>
http://localhost:8080/openid-connect-server-webapp/resource
</ResourceRegistrationEndpoint>
<OIDCDcrEndpoint>
http://localhost:8080/openid-connect-server-webapp/register
</OIDCDcrEndpoint>
……………………………………………………………..
</Configuration>
</APIKeyManager>

18. <APIKeyValidator>
<!--
Specifies the implementation to be used for KeyValidationHandler. Steps for validating a token
can be controlled by plugging in a custom KeyValidation Handler
--> <KeyValidationHandlerClassName>org.wso2.carbon.apimgt.keymgt.handlers.
DefaultKeyValidationHandler</KeyValidationHandlerClassName>
</APIKeyValidator>

19. ● Implement KeyManager interface when you are writing your own implementation.
<KeyManagerClientImpl>org.wso2.carbon.mit.OpenIDClientImpl</KeyManagerClientImpl>
-- createApplication() -Create a new OAuth application in the Authorization Server
-- updateApplication()-Update an OAuth application
-- retrieveApplication()- Retrieve an Oauth application
-- getNewApplicationAccessToken()-Store calls this method to get a new Application Access Token.
-- getTokenMetaData()-Get details about an access token
-- getKeyManagerConfiguration()- Get Key manager implementation from a json file
-- buildAccessTokenRequestFromJSON()
-- mapOAuthApplication()-Use when to create a OAuth application in semi-manual mode
-- buildAccessTokenRequestFromOAuthApp()
https://github.com/wso2/carbon-apimgt/blob/release-1.9.1/components/apimgt/org.wso2.carbon.

20. -- loadConfiguration()
-- registerNewResource()
-- getResourceByApiId()
-- updateRegisteredResource()
-- deleteRegisteredResourceByAPIId()
-- deleteMappedApplication()
-- getActiveTokensByConsumerKey()
-- getAccessTokenByConsumerKey()
https://github.com/wso2/carbon-apimgt/blob/release-1.9.1/components/apimgt/org.wso2.carbon.
apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/KeyManager.java

21. ● Implement KeyValidationHandler interface when you are writing your own implementation.
<KeyValidationHandlerClassName>org.wso2.carbon.apimgt.keymgt.handlers.
DefaultKeyValidationHandler</KeyValidationHandlerClassName>
-- validateToken()
-- validateSubscription()
-- validateScopes()
-- generateConsumeToken()- JWT token this will use to default implementation
https://github.com/wso2/carbon-apimgt/blob/release-1.9.1/components/apimgt/org.wso2.carbon.
apimgt.keymgt/src/main/java/org/wso2/carbon/apimgt/keymgt/handlers/KeyValidationHandler.java

22. Create OAuth client at key manager
curl -k -X POST -b cookies https://localhost:9443/store/site/blocks/subscription/subscription-
add/ajax/subscription-add.jag -d
'action=generateApplicationKey&application=NewApp1&keytype=PRODUCTION&authorizedDo
mains=ALL&callbackUrl=&validityTime=3600&tokenScope=&jsonParams={"paramname":"
paramvalue"}'
Sample jsonParams for MITred-Connect implementation
{"allowDomains":"ALL","callback_url":["dfsds"],"client_name":"jh_sandbox","contact":[],"
grant_types":[],"response_types":[],"scope":["phone","openid","offline_access","address","
email","profile"],"token_endpoint_auth_method":null}
https://docs.wso2.com/display/AM190/Store+APIs

23. Update OAuth client
curl -k -X POST -b cookies https://localhost:9443/store/site/blocks/subscription/subscription-
add/ajax/subscription-add.jag -d
'action=updateClientApplication&application=NewApp1&keytype=PRODUCTION&authorizedDo
mains=ALL&callbackUrl=&validityTime=3600&tokenScope=&jsonParams={"paramname":"
paramvalue"}'
Sample jsonParams for MITred-Connect implementation
{"allowDomains":"ALL","callback_url":["dfsds"],"client_name":"jh_sandbox","contact":[],"
grant_types":[],"response_types":[],"scope":["phone","openid","offline_access","address","
email","profile"],"token_endpoint_auth_method":null}

24. Retrieve an OAuth application data
curl -b cookies 'http://localhost:
9763/store/site/blocks/subscription/subscription-list/ajax/subscription-list.
jag?action=getAllSubscriptions&selectedApp=NewApp1'

25. Delete an oAuth application
curl -k -X POST -b cookies http://localhost:
9763/store/site/blocks/subscription/subscription-add/ajax/subscription-add.
jag -d
'action=deleteAuthApplication&consumerKey=4lHddsxCtpFa2zJE1EbBp
Jy_NIQa'