WSO2 API manager security layer

Question

I hope to use wso2 api manager to expose my webservices to a mobile app.I want to store an api key in the localstorage of the client and use it along with the api calls for the authentication. So how can I pass the automatically generated api key by the wso2 api manager for each web service and pass it to the client? Are there any alternatives for this?

Answer 1

You can achieve your requirement using the 'jaggery' APIs WSO2 API Manager provides.

'jaggey' is basically a server side java script language developed by WSO2 itself. The WSO2 API Manager's API Store and API Publisher web applications are powered using 'jaggery'. The syntax of jaggery is much like java script but its functionality is more like JSP since it executes in the server. All the API Manager back-end functionality is exposed as jaggery APIs. However currently there is no documentation on these APIs.

I would suggest you to download the WSO2 API Manager source code [1] and look at the following files to get a better understanding of how you can achieve this. In order to generate the application keys from a client application you need to invoke HTTP requests to a certain jaggery page [2]. As an example, how this invocation happens in the API Store application can be found at [3]. You will have to send a similar HTTP request to get the same response as in the API Store. Before generating keys the client will also have to login. For this you need to send an HTTP request to [4]. How this invocation happens in the API Store application can be found at [5].

[1] https://svn.wso2.org/repos/wso2/carbon/platform/branches/4.0.0/components/apimgt

[2] apimgt/api-store-web/src/site/blocks/subscription/subscription-add/ajax/subscription-add.jag

[3] apimgt/api-store-web/src/site/themes/fancy/templates/subscription/subscription-list/js/subscription-list.js

[4] apimgt/api-store-web/src/site/themes/fancy/templates/user/login/js/login.js

[5] apimgt/api-store-web/src/site/blocks/user/login/ajax/login.jag