Expose unsecured url via WSO2 API Manager

2
votes

I have an API that I have setup in WSO2's API Manager Publisher tool. All the calls work fine when called correctly with an Access Token.

But I have one url that I want anyone to be able to call. (It is a customized Swagger UI page (different from the one built into the WSO2 tooling).)

To do this I add the Swagger UI url as a resource. But when I go there it says:

Required OAuth credentials not provided. Make sure your API invocation call has a header: 'Authorization : Bearer ACCESS_TOKEN'

Generally, I really like this default. (I want all my other API resources to require an Access Token.) But for this one I don't have an access token and don't expect to.)

Is it possible to publish one resource and not need any authentication?

2
wso2wso2-am

2 Answers

3
votes

This can be done as mentioned in https://stackoverflow.com/a/61133046/3176125

Basically you can turn off for one of the resources while you allow security for the rest of the resources.

3
votes

Also it can be done in 2.x versions of API Manager through disabling for each endpoint the security in publisher tool. In manage tab, resources section, for each resource/endpoint set the value x-auth-type to "None". Default value is "Application & Application User". This disable security and then authentication required for accesing to the selected API resources.

enter image description here