Monday, August 8, 2016

How to manage 2 different environments(production and sandbox) and let only paying users to access production environment- WSO2 API Manager

Requirement.
Let users to come to store and consume APIs.
Then users should be able to try APIs and test them.
Once they ready to pay for them and use it for production scenarios then they should go through approval process. If they validated then only will be able to use production APIs.

Solution
Let users to self signup or create by admin via management console.
Then let them to subscribe APIs and use them. At the time they subscribe we will show message saying “You can invoke API 10 times per minute with sandbox token and if you need to use it for production then need to go through approval process and generate production keys”.
Sandbox key generation do not need to have workflow and anyone should be able to create sandbox keys and invoke APIs with them.
Then users should use sandbox keys until they need to use them for real production usage.

We need to implement new handler to throttle sandbox API requests. Inside the handler you can check user is invoking production or sandbox with following code block.

if (APIConstants.API_KEY_TYPE_SANDBOX.equals(authContext.getApiKey())) {
//Write logic to generate concurrent controller and throttle requests according to predefined way
}

Then users will throttle out when they invoke APIs with sandbox keys more than what they allowed with sandbox limits.

When they need to use APIs for production usage they need to go through production key generation approval process and admin user can decide what to do. If payment required or manual approval need we can handle it.

Then they can invoke APIs with production keys and invoke real back end. 

No comments:

Post a Comment