Thursday, July 28, 2016

Why API cal fails when HTTP transport is only enabled in api gateway but curl works - WSO2 API Manager

Sometimes you may noticed when http transport is only enabled in api gateway API cal fails from  API console but curl works. Reason for this issue is you are on http browser session and call https URL.

You are seeing this issue because you are trying to access HTTP back end from HTTPS browser sessions. Browser will not allow to call HTTP back end from HTTPS session. This pattern called mixed content[1] and most of the browsers will not allow it as mixed content weaken HTTPS. If you need to access HTTP back end from user them what you need to do is go to HTTP store URL with 9763(http://127.0.0.1:9763/store/) and invoke API. So i believe we need to fix this from browser side or client side.

Also usually in production we do not recommend to use http transport for API calls. And according to oauth specifications it was recommend to use oauth tokens over HTTPS.


[1]https://developers.google.com/web/fundamentals/security/prevent-mixed-content/what-is-mixed-content?hl=en

No comments:

Post a Comment