WSO2 Api Manager - Sandbox/Production keys

Question

Using WSO2 Api-M On-Prem v3.1.0.

I have set up an API in Publisher with different endpoints for Production and Sandbox. Using API Key as Application Level Security. Enabled Security for my GET resource.

In DevPortal I created an Application and set up an subscription for my API. Generated Sandbox API Key and used "Try Out" in DevPortal. I can select Key Type "Production" and enter my Sandbox Key, I get OK response from Production endpoint.

Try-Out screenshot

If I change Key Type to Sandbox, I still get response from Production endpoint. I see in http_access_.YYYY-MM-DD log that both requests are sent to my production endpoint.

Why isn't my request sent to Sandbox when I use Sandbox API-Key as described in documentation:

https://apim.docs.wso2.com/en/3.0.0/learn/api-gateway/maintaining-separate-production-and-sandbox-gateways/

Tharika Madurapperuma Tharika Madurapperuma · Accepted Answer · 2020-06-28T12:33:06

I reproduced this issue in API Manager version 3.1.0. This is a bug and needs to be fixed. I have created a GitHub issue for this. Please check [1].

As a workaround for your scenario, please enable OAuth2 Application level security as well under the Runtime Configurations of your API in Publisher. So both OAuth2 and API Key needs to be selected.

[1] https://github.com/wso2/product-apim/issues/8483

WSO2 Api Manager - Sandbox/Production keys

1 Answers