2

I've created a simple API and I'm trying to publish it using WSO2's API Publisher (aka API Cloud). I've gone through all the steps, but it seems to require an Authorization header to access my endpoint. In older documentation, it says that I can change the "Auth Type" at the resource level.

https://docs.wso2.com/display/AM160/API+Resources

However, this option doesn't seem to be there in the current version. I tried to make it so the Authorization header was not required. Unfortunately, I still get the following error:

<ams:fault xmlns:ams="http://wso2.org/apimanager/security">
    <ams:code>900902</ams:code>
    <ams:message>Missing Credentials</ams:message>
    <ams:description>Required OAuth credentials not provided</ams:description>
</ams:fault>

Is it possible to disable authentication for my API? I don't need it at this point in my project.

Amila Maharachchi
  • 2,121
  • 2
  • 15
  • 21
Matt Raible
  • 8,187
  • 9
  • 61
  • 120

2 Answers2

9

The document you have referred is from APIM 1.6. From APIM 1.7, the APIM team changed the API creation process to a 3-step process. It involves API Design, Implement and Manage. I think you have experienced this by now. In the Manage section, at the very bottom, it lists down the available resources of the API, their auth type, allowed tier and the scope allowed.

Default auth type is application & application user. If you click on that, you will get a drop down where you will see "None" as an option. If you set the auth type as none, you will be able to invoke the API without providing the OAuth token.

See the following screenshot where I have selected different Auth types when creating an API.

enter image description here

Amila Maharachchi
  • 2,121
  • 2
  • 15
  • 21
1

Open the configuration related to your API in ${AM_HOME}/repository/deployment/server/synapse-configs/default/api/ and remove the following part.

<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler"/>

Eranda
  • 1,439
  • 1
  • 17
  • 30