I have a REST API that does authentication using Basic Auth. I added this API to WSO2 API manager and got production urls for that API. Basically I need API manager to view statistics of API usage. I need not API manager to worry about authentication of the API. So simply I sent my request to API manager with Authorization header. But when API manager call my API I can not see that Authorization header I sent in the request. What could be the reason for that?
1
votes
2 Answers
4
votes
2
votes
To add here, my scenario was a little more complex variation of this. I needed to secure some of the services through WSO2 API Manager but some of the APIs need to be authenticated at the back-end service following Basic authentication. So the solution is you set to false as stated above and then turn off the security check for the WSO2 APIs that you need to be authenticated at the back-end. Check this - "WSO2 API Manager, is it possible to disable the access-token mechanism". However this opens up the vulnerability of the WSO2 API without any security to DoS attacks unless throttling at the WSO2 level is applied. I hope that the throttling would work even if I am not doing authentication at the WSO2 level. I need to test this out and will report the outcome.
