WSO2 API Manager core functionality is of course creation and management of APIs. The Publisher and Devportal are the two main components to do this. Where The Publisher is meant for the organisation itself that publishes the APIs, the Devportal (or store as it used to be called) is where developers can try out the functionality of the API, look at the documentation and interact with the APIs developers.
API Manager Devportal
In the last couple of versions, the API Manager’s Devportal has the possibility to not only download the Swagger file (or OpenAPI as it is also called) but also something called a Postman Collection.
Postman
For those of you who are unfamiliar with Postman, A Postman Collection is a group of saved requests. For the Pizzashack API of which I downloaded the collection it means the API and all the resources / HTTP verbs are loaded into Postman.
We will look Postman installation later on but first, what does a collection look like and how is it different from OpenAPI definition?
As you can see, the content looks the same. Where OpenAPI is more generic and is also used for the creation of the API and schema validation. However, the Postman collection should be considered a subset of the OpenAPI definition. There are tools to take a Postman collection and transform it into an OpenAPI definition with the addition of some extra fields required.
Postman install
The installation of postman depends on your operating system. For my Linux training machines I use this resource for the manual install. Other OS can go to the downloads page of Postman.
Postman is not a free tool but has a Free version which suffices for the purpose of this blog, testing a Postman collection. If you need more functionality, take a look at the pricing page.
Software that adds value to you deserves a paid version! There is also a browser-based version of Postman, but I describe the desktop app in this blog.
After Downloading, create a Free account, you will need it in order to import the collection in a workspace.
Use the default workspace or create a new one. Select Import.
Click on Import and upload the file we downloaded from the Devportal. I will be in the downloads directory when downloaded via a browser in most cases.
The Collection is shown in the Workspace. Here I opened all the resources.
Clicking on get shows the GET on the /menu resource.
I am actually getting a 404 not found on the invocation. CORS was indicated to be the issue. I’ve enabled the CORS in the Publishers API Configuration and created a new deployment.
Devportal gives me a response, Postman does not. Well, it does give me a response, but it is
{"code":"900902","message":"Missing Credentials","description":"Invalid Credentials. Make sure your API invocation call has a header:
'Authorization : Bearer ACCESS_TOKEN' or 'Authorization : Basic ACCESS_TOKEN' or 'apikey: API_KEY'"}Which makes sense since I did not add a token. Copy the token from the devportal into the AUTH config of Postman.
The token is a JWT token and quite long. You only see part of it. Click on send.
You will see the response:
This shows how you can test your API using Postman with the benefit of having more control over the Request and Response than in the Devportal. Generation of a token in Postman is also possible, copy these fields to the Postman AUTH config.
And Press Get New Access Token.
You will get
You can now Press Send again. The token will be used.
More Collections
There will be collections for all you APIs but there are more valuable collections as well. Like the APIs that the API Manager exposes.
If you click on the Run In Postman from the browser, it will connect to your Postman app and import the Collection in a workspace of choice.
The result looks like this:
You see the Authentication part (required for first time use) and the exposed APIs for the Publisher. For the other APIs like the devportal, admin and so on there are similar collections.
