api-manager icon indicating copy to clipboard operation
api-manager copied to clipboard
verified publisher icon wso2

Can not directly access anonymous API with API URL

Open tmkasun opened this issue 3 years ago • 1 comments

Description:

If a user tries to access an anonymous API using a direct URL, The user gets redirected to the Developer portal home page

devissues

Steps to reproduce:

  • Create an API and publish it
  • Open the API overview page in the developer portal (DO NOT LOGIN TO THE DEVPORTAL)
  • and refresh the page
  • User will get redirected to the developer portal homepage

Affected product version:

  • 4.1.0

Affected component:

  • Developer portal

tmkasun avatar Apr 25 '22 05:04 tmkasun

Fixed in WSO2 API Manager 4.6.0

This issue has been fixed in WSO2 API Manager 4.6.0. Anonymous users can now access and refresh API overview pages without being redirected to the homepage.

Issue Summary

In APIM 4.1.0, when accessing an API overview page in the Developer Portal without logging in (anonymous access), refreshing the page would redirect users to the DevPortal homepage instead of staying on the API page.

Test Results (APIM 4.6.0)

Test Scenario:

  1. Access API overview page without authentication: https://localhost:9443/devportal/apis/{apiUuid}/overview
  2. Refresh the page (F5)

Result:FIXED

  • Initial Access: Successfully loads API overview page

    • URL: https://localhost:9443/devportal/apis/{apiUuid}/overview
    • Status: ✓ Page loads correctly

  • After Refresh: Stays on the same API overview page

    • URL: https://localhost:9443/devportal/apis/{apiUuid}/overview (unchanged)
    • Status: ✓ No redirect to homepage

Technical Analysis

Routing Configuration:

  • File: apim-apps/portals/devportal/.../AppRouts.jsx
  • Lines 78-84: /apis routes do NOT require authentication
  • Anonymous access is intentionally supported by design

Key Points:

  1. API routes in DevPortal are configured to allow anonymous access
  2. No authentication guards are placed on /apis/:apiUuid/* routes
  3. The redirect issue was likely caused by state management or component lifecycle bugs in APIM 4.1.0
  4. These issues have been resolved in subsequent releases

Behavior Comparison

Before (APIM 4.1.0):

1. Access: /devportal/apis/{apiUuid}/overview (works)
2. Refresh page
3. Redirect: /devportal/ (homepage) ❌

After (APIM 4.6.0):

1. Access: /devportal/apis/{apiUuid}/overview (works)
2. Refresh page
3. Stay on: /devportal/apis/{apiUuid}/overview ✅

Conclusion

Anonymous users can now reliably access and navigate API pages in the Developer Portal without unexpected redirects. The refresh functionality works correctly, maintaining the user's current location on the API overview page.

Tested on: WSO2 API Manager 4.6.0 Status: ✅ Fixed Test Method: Playwright browser automation with anonymous session

🤖 Generated with Claude Code

ranuka-laksika avatar Nov 24 '25 08:11 ranuka-laksika