How to call RESTful Store APIs of WSO2 APIM 2.1 which have scope after importing the swagger file?

1
votes

I have created a RESTful API for all the WSO2 store APIs by using the swagger definition. (https://raw.githubusercontent.com/wso2/carbon-apimgt/v6.1.66/components/apimgt/org.wso2.carbon.apimgt.rest.api.store/src/main/resources/store-api.yaml) The GET call which does not require any scope, can be called easily from the Stores API console but when trying to call the APIs which have the (apim:subscribe) scope I get "Unauthenticated Request".

NOTE: I am able to use the curl commands to access the STORE APIs by creating tokens but here I am trying to use the swagger file to publish the Store APIs. I have noticed that in the store under the Application-> Production Keys -> Scope there is the apim:subscribe scope available after I've created this API via the swagger file but even when I try to access the APIs using this scope, I still get the "Unauthenticated Request" error. Can someone tell me what I am missing or doing wrong?

1
restauthenticationwso2swaggerwso2-am
do you have a role assigned to the scope?gusto2
@gusto2 yup as per the swagger file the role "Internal/subscriber" is assigned to apim:subscribe and also I have logged into the store via admin to use the API console and I also checked that admin has this role assigned to it.LeGo
when you regenerate the application token, does the console state it has the requested scope? (usually it's openid, default and am_application)gusto2
@gusto2 yes it does. The scope changes from default to apim:subscribe also if I use default scope tokens I get a "The access token does not allow you to access the requested resource" error but when I change that to apim:subscribe I get "Unauthenticated request".LeGo
I basically just imported the default swagger definition, nothing else so nothing different or extra done. Im just wondering how this is supposed to work, because for other APIs which do not have any Authentication we can simply use the endpoints directly and WSO2 apim only provides basic auth and digest auth for the endpoints, but in case of STORE RESTful APIs we require scope specific tokens to access the URLs and then when these APIs are published in WSO2 they will also need the application tokens as well or are just scope tokens generated from the store sufficient to call these STORE APIs?LeGo

1 Answers

0
votes

The Swagger specification has a Security Definitions Object:

https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-definitions-object

Once you configure it correctly you will have some new elements in the UI, you should see the Authorize button on the top left, and to the right of each action that requires authentication you should see a lock.
enter image description here

See the petstore demo:
http://petstore.swagger.io/

Here are a few more examples: