I am using WSO2 APIM 3.0.0 version & I have published an API in WSO2 using an existing swagger definition.
I am using a hybrid gateway environment, with the "Production" & "Sandbox" URLs configured to different code environments (for testing purposes the "Production" URL hits our qa box and "Sandbox" hits my local environment). I have just noticed that WSO2 is always routing calls to the sandbox environment (my local) even when I use the "Production" access token.
Is there something else I need to do apart from simply generating different access tokens for prod & sandbox from the devportal for it to route to the desired environment?
And does this mean that I MUST always have different gateways for different environments?
I tested this using OAUTH & JWT token types, with different grant mechanisms, and it still does the same thing.
synapse-config attached as requested:
<?xml version="1.0" encoding="UTF-8"?><api xmlns="http://ws.apache.org/ns/synapse" name="admin--XXXBackendPlatform" context="/WSO2/1.0.0" version="1.0.0" version-type="context">
<resource methods="POST" url-mapping="xxxxx" faultSequence="fault">
<inSequence>
<property name="api.ut.backendRequestTime" expression="get-property('SYSTEM_TIME')"/>
<filter source="$ctx:AM_KEY_TYPE" regex="SANDBOX">
<then>
<send>
<endpoint key="XXXBackendPlatform--v1.0.0_APIsandboxEndpoint"/>
</send>
</then>
<else>
<sequence key="_production_key_error_"/>
</else>
</filter>
</inSequence>
<outSequence>
<class name="org.wso2.carbon.apimgt.gateway.handlers.analytics.APIMgtResponseHandler"/>
<send/>
</outSequence>
</resource>
<handlers>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.common.APIMgtLatencyStatsHandler">
<property name="apiUUID" value="6535a4b7-759b-4f0e-8980-eab80aaee847"/>
</handler>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler">
<property name="apiImplementationType" value="ENDPOINT"/>
<property name="AuthorizationHeader" value="WSO2_Auth"/>
</handler>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler">
<property name="RemoveOAuthHeadersFromOutMessage" value="true"/>
<property name="APILevelPolicy" value="Unlimited"/>
<property name="AuthorizationHeader" value="WSO2_Auth"/>
<property name="CertificateInformation" value="{}"/>
<property name="APISecurity" value="oauth2,oauth_basic_auth_api_key_mandatory"/>
<property name="apiUUID" value="6535a4b7-759b-4f0e-8980-eab80aaee847"/>
</handler>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.throttling.ThrottleHandler"/>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.analytics.APIMgtUsageHandler"/>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.analytics.APIMgtGoogleAnalyticsTrackingHandler">
<property name="configKey" value="gov:/apimgt/statistics/ga-config.xml"/>
</handler>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerExtensionHandler"/>
</handlers>
</api>