Friday, March 14, 2014

How to customize WSO2 API Manager swagger UI to invoke APIs without auth token


In this post we will see how we can skip providing auth keys when we invoke APIs using swagger user interface(In WSO2 API Manager 1.6.0). One possible approach is marking resource auth type as none. if you marked resource level authentication as none when you create API then you can invoke it through swagger UI without having keys.

Lets look in detail other option. For this we might need to do small customization to swagger users interface and some additional steps. 
01. Add all APIs that need to be invoke through swagger to single application and generate token with some large life time. 
02. Then hard code that token to swagger user interface jaggery js file as instructed below. 
     Open and edit file wso2am-1.6.0/repository/deployment/server/jaggeryapps/store/site/themes/fancy/templates/api/swagger/template.jag 
     Add following generated access token as follows next to supported methods section. 
     headers: { 'Authorization': 'Bearer 7c7a62dd139b819776ea06f845cd48f'}, 
     Then content will be like this 
     window.swaggerUi = new SwaggerUi({ 
                apiKeyName: "authorization", 
                supportHeaderParams: true, 
                supportedSubmitMethods: ['get', 'post', 'put', 'delete', 'options'], 
                headers: { 'Authorization': 'Bearer 7c7a62dd139b819776ea06f845cd48f'}, 
                onComplete: function(swaggerApi, swaggerUi){

03. Then you will be able to invoke APIs without tokens. But in swagger UI we have mandatory field to enter auth token. We can put some random value and invoke APIs(actually hard corded token will be used). 
     But if you wish to remove it follow below instructions. 
         Go to publisher UI and select the API you interested. Then go to docs section and edit Swagger API Definition as follows. 
         You will see for each resource section parameter named Authorization ("name": "Authorization") 
         By default that field is marked as required filed. You have to remove it. Then content would be like this 
                           "name": "Authorization", 
                            "description": "Access Token", 
                            "paramType": "header", 
                            "allowMultiple": false, 
                            "dataType": "String" 

Screenshot from 2014-03-14 16_36_43

Now you will be able to invoke APIs without providing keys using swagger UI.

Screenshot from 2014-03-14 16_41_45

No comments:

Post a Comment