1

I'm using WSO2 to create API (Bearer token). Then I want to configure it to auto-generate token (Basic Auth) and use response as access-token. How can I get that? Thank you so much!

Athiththan
  • 1,874
  • 8
  • 18
hieulm
  • 19
  • 4
  • Can you explain your requirement further? You can create APIs in WSO2 API Manager and then invoke that using a bearer access token. If you mark this as unsecure, you don't need a token to access the API. – Pubci Jul 03 '21 at 10:30
  • I do need to secure it, but for some reasons, I want to make it automatically generate token (pass 3 params: URL, user:pass). So the client, like using Postman, can invoke API without geting token manually. – hieulm Jul 04 '21 at 01:06
  • i think it is my answer but I can't create one to invoke API and get the response as token. https://docs.wso2.com/display/ESB500/Sample+380%3A+Writing+your+own+Custom+Mediation+in+Java – hieulm Jul 04 '21 at 01:13
  • You can do this at client side. For example if you are using a postman, postman can pass values from one API call to another. – Pubci Jul 04 '21 at 11:37
  • I refer to this question. I solved it by using mediator. https://stackoverflow.com/questions/68252011/wso2-ei-can-i-use-mediator-to-request-another-api-and-pass-its-response-to-the – hieulm Aug 03 '21 at 06:58

1 Answers1

0

In WSO2 APIM, you can protect your API resources with different mechanisms (OAuth2, API Key, Basic Authentication) or you can disable the security.

1. Disable API resource security

If you don't want any securities to your API you can disable them in the publisher portal --> Select the API --> Resources --> Expand the resource --> Disable the Security button --> Save

enter image description here

2. Secure API with Basic Authentication

If you want to secure your API resources with username and password (Basic Authentication) you can enable it by navigating to the publisher portal --> Select the API --> Runtime Configurations --> Application Level Security --> Select Basic --> Save enter image description here

In the developer portal, you can invoke the API resources with the username and password. The sample curl command is provided below.

curl -X GET "https://localhost:8243/pizzashack/1.0.0/menu" -H "accept: application/json" -H "Authorization: Basic YWRtaW46YWRtaW4="

Please note that the above solution is given for APIM-3.2.0. For more details on securing the APIs using Basic Authentication please refer https://apim.docs.wso2.com/en/latest/design/api-security/api-authentication/secure-apis-using-basic-authentication/

Saranki Magenthirarajah
  • 481
  • 1
  • 5
  • 14