Digital Transformation . API . Integration . IAM

In this blog post I'll share my experience in fixing the issue for APIs loading in publisher and devportal of WSO2 API Manager v3.2.  My WSO2 API Manager instance was running fine with respective functionality. I stopped the server due to infra/maintenance activity and started the same after 2 days. However, my publisher portal was opening, and login works fine but I found an issue post login in  Publisher  portal and the Developer. Portal  The Publisher and Developer Portal fail to retrieve APIs, displaying an HTTP 500 error. This blog post explores the root cause and solution for this problem. Environment WSO2 APIM v3.2.0.xxx DB- MSSQL Server as database OS- RHEL The Issue In a recent scenario, WSO2 API Manager’s Publisher and Developer Portal were failing to list APIs, showing an HTTP 500 error. The error trace in the logs pointed to a failure in searching for APIs: ApisApiServiceImpl Error while retrieving APIs org.wso2.carbon.apimgt.api.APIManagementEx...

Cross-Origin Resource Sharing (CORS) is a critical mechanism that allows web applications to securely interact with resources from different origins. In WSO2 API Manager (APIM), configuring CORS correctly is essential for ensuring seamless API consumption. However, sometimes things don’t go as planned, even when the configurations seem correct. In this blog, I’ll share my experience of troubleshooting a CORS issue in WSO2 APIM v3.2 and how I resolved it. Environment Openshift Based deployment WSO2 API Manager v3.2 Problem Statement Despite applying the correct CORS configurations via the WSO2 APIM Publisher portal on a per-API basis, the API calls were failing with the following CORS error: Access to XMLHttpRequest at 'http://192.190.29.1/api/getdetails' from origin 'null' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. This error i...

I recently encountered a strange issue with API visibility in the publisher portal. Here is what happened and how I overcome to this issue- Environment WSO2 APIM- v3.2.x Openshift: 4.x MSSQL Database 19.x Using PV/PVC for synapse-config and executionplans Problem Statement : There was OpenShift upgrade happened and we have restart the server i.e. re-creation of the pods. This has caused an issue in API listing inside publisher portal. We have verified the API in the database system but the same was not visible in the publisher portal. When we tried to re-create the same via publisher portal; it didn't worked and we got an error that the API exists with the same context. Root Cause:  These issues occurs due to indexing issues and not limited to underlying infra upgrade. This may happen due to multiple reasons that causes indexing failure Solution: Re-building the index solves this issue in following ways- Option 1:  Open the management console/ carbon portal and click on the re...

Problem Statement We have created a custom docker image for WSO2 APIMv3.2.x and deployed the same in OpenShift cluster 4.x. However, the pods won't getting in Ready state and below error observed while checking the events (oc get events) wso2am-pattern-1-am-1-deployment-0 in StatefulSet wso2am-pattern-1-am-1-deployment failed error: pods "wso2am-pattern-1-am-1-deployment-0" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, spec.initContainers[0].securityContext.runAsUser: Invalid value: 1000670000: must be in the ranges: [1000710000, 1000719999], spec.containers[0].securityContext.runAsUser: Invalid value: 1000670000: must be in the ranges: [1000710000, 1000719999], provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "elasticsearch-scc": F...

Hi everyone, I am going to share how to update your WSO2 API Manager using Update 2.0 tool provided by WSO2.  So, WSO2 provides the latest utility/tool for updating the products called  Update2.0 This tool helps to update your product as an in-place update. Environment: RHEL 8.3 WSO2 APIM Version : 3.2.0.x WSO2 Update tool: Update 2.0 Step 1: Unzip the current pack of WSO2 APIM i.e. wso2-apim_3.2.0 and navigate to bin directory.    [appdev@linuxhost]cd $APIM_HOME/bin Step 2: Run the shell script wso2update_linux [appdev@linuxhost]./wso2update_linux Step 3: Now, you should provide valid subscription details with WSO2; typically it's an email id and the password and it's the same as credentials to the support portal. So, we need to execute the update script located inside $APIM_HOME/bin, where $APIM_HOME refers to the APIM pack base location [appdev@linuxhost bin]   ./wso2update_linux Authentication failed Initializing updates with credentials If you already have...

I am writing this article to share my experience while working with a secondary user store requirement in WSO2 API Manager. So, WSO2 provides an in-built user store for user management capabilities and facilitates integration with a secondary user store as well. A Secondary user store could be an LDAP, Microsoft Active Directory, or even an RDBMS user store as well. In this article, I'll cover LDAP user store integration with WSO2 API Manager and you can follow the path if you have a similar kind of business requirement. Business Requirement So, my business requirement was to provide token-based API access and to proceed with password grant type for token API while the user base remains in an external user store. Technical Feasibility in WSO2 APIM The requirement is technically feasible as an OOTB capability provided by WSO2 with some configurations via the carbon console. This article assumes you have existing LDAP server running. So I have to procure the following details from LD...

Hi everyone!  Let me share another troubleshooting experience with WSO2 API Manager.  Environment: RHEL8.3 WSO2 APIM Version: 3.2.0.x Tools: apictl (API Controller) Problem I have tried importing an API from one environment to the other via apictl. This API contains a custom sequence as well. However, the apictl api-import command returned the HTTP 500 error with following message Response: {"code":500,"message":"Internal server error", "description":"Error while importing API","moreInfo":"","error":[]} Further, WSO2 carbon logs shows the below error message- [2022-12-28 15:19:29,139] ERROR - APIUtil Issue is in accessing the Registry [2022-12-28 15:19:29,140] ERROR - APIMappingUtil Error occurred while getting the uuid of the mediation sequence org.wso2.carbon.apimgt.api.APIManagementException: Issue is in accessing the Registry         at org.wso2.carbon.apimgt.impl.utils.APIUtil.getMediationPolicyAttribu...

Hi All, let me share another experience of WSO2 APIM with you all. Environment- WSO2 APIMv3.2.x, MSSQL, OpenShift Problem Statement Recently I have added 3 new resources to an existing API having 10 resources.. I re-deployed the API and tried testing the same via developer portal but the gateway responded with No Matching Resources error; though the resources are present and hence it was shown in the devportal. Below is the error message-  <ams:fault xmlns:ams="http://wso2.org/apimanager/security">     <ams:code>900906</ams:code>     <ams:message>No matching resource found in the API for the given request</ams:message>     <ams:description>Access failure for API: /reports/v1.0.0, version: v1.0.0 status: (900906) - No matching resource found in the API for the given request. Check the API documentation and add a proper REST resource path to the invocation URL</ams:description> </ams:fault> Root Cause This ...

Hello WSO2 folks, I'll be sharing another good experience of WSO2 APIM production monitoring & troubleshooting. Environment WSO2 API Manager v3.2.0.x Use Case We have deployed WSO2 API Manager v3.2.0.x on the OpenShift Container platform and got some critical observations in carbon logs. The initial deployment was successful and carbon logs were not printing any error messages. So the APIs are configured via the publisher portal, and subscriptions are done via the dev portal. API calls started and traffic on gateway components started. However, after some time we noticed that the API gateway calls are getting failed with HTTP 5XX error codes . Root Cause Analysis We have done the analysis of the issue and found that there is a heap size issue in the carbon server and it's resulting in the API gateway component going down. Following error logs were identified- j ava.lang.OutOfMemoryError: Java heap space Ther Solution This problem has arisen due to insufficient memory i.e. R...

Hello WSO2 folks! In this blog, I am going to share a use case where I've to generate new API Key In WSO2 API Manager with a new subscription tier. Environment WSO2 API Manager v3.2.0.x Use Case There was an API subscribed with an application with subscription tier 10 Request/Minute i.e. the default one and the API consumer was using the same with API Key. The API consumer was not provided the dev portal access and shared the API  Key over the email.  After some time, the API consumer has reported that sometimes they are getting HTTP 429 Too Many Requests Error and API call is failed. This issue was intermittently reported by the API consumer. Analysis We have done further investigation and found that they have provisioned a batch process that also calls the same API with 8 Request/Sec i.e. 480 Request/Minute. So we have created a custom rate-limiting policy with 1000 Request/Minute and attached it to the same application. However, the issue remains the same. The Solution We ...

Hi everyone, I will be sharing my another experience with the WSO2 API Manager sample use case for API throttling. Scenario So I had a situation encountered where I have to see the throttling messages in my wso2carbon.log file. By default, it has not been enabled and we have to make some changes to see the required output in the wso2carbon log file.   API Manager Version 3.2.0 Changes done WSO2 Sequence to print throttling messages in wso2carbon.log file Navigate to <APIM_HOME>/repository/deployment/server/synapse-configs/default/sequences directory. Open the file named _throttle_out_handler_.xml. Update the contents of file _throttle_out_handler_.xml as per the below custom changes <sequence name="_throttle_out_handler_" xmlns="http://ws.apache.org/ns/synapse">         <property name="X-JWT-Assertion" scope="transport" action="remove"/>     <class name="org.wso2.carbon.apimgt.gateway.handlers.analytics.AP...

Recently I have been trying to run WSO2 APIM V4 on my MacBook Air but it was taking too long to start. I have also faced the similar issue in linux environment previously. To overcome this issue,  need to map hostile entries (127.0.0.1 & ::1) to my hostname. Before 127.0.0.1 localhost ::1              localhost Now let's check the hostname in Mac kumargaurav@Kumars-MacBook-Air bin % hostname Kumars-MacBook-Air.local Let's update the hostname with current one in addition to the localhost as shown below- After   127.0.0.1 localhost Kumars-MacBook-Air.local ::1             localhost Kumars-MacBook-Air.local Now, start the API Manager and it would start in normal time ~<2 mins.   Kindly note that the changes here are for localhost hostname & IP 127.0.0.1, in case of environment specific deployment we need to change as per the environment IP & hostname.

Hello guys, I'll be sharing my another experience in WSO2 API Manager for one of the use cases I faced issue. Environment : WSO2 APIM 3.2.0, RHEL8.x Problem: The developer portal is unable to load the list of APIs as default. Although, it can load the APIs if I filter out the APIs via tag. Below is the screenshot of the same- Further I tried to investigate wso2carbon logs to see the error/exception and I found below relevant logs for the same- ================================================================================ ERROR - ApisApiServiceImpl Error while retrieving API : 07b6c6a7-eaa6-42be-a687-e04dd40a1ee6 org.wso2.carbon.apimgt.api.APIManagementException: Unable to find the API: admin-test001-1.0.0 in the database at org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO.getAPIID_aroundBody310(ApiMgtDAO.java:7148) ~[org.wso2.carbon.apimgt.impl_6.7.206.168.jar:?] at org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO.getAPIID(ApiMgtDAO.java:7117) ~[org.wso2.carbon.apimgt.impl_6.7.206.168.jar:?] a...