api-manager icon indicating copy to clipboard operation
api-manager copied to clipboard
verified publisher icon wso2

Token support for 3rd party key managers without subscriptions

Open RakhithaRR opened this issue 1 year ago • 1 comments

Problem

Some users might have the requirement to consume the APIs directly using the tokens obtained from their Identity Providers without going through the subscription process in APIM

Solution

Introduce a new API level configuration to disable the subscription validation when consuming the API. This should be a version specific configuration. i.e. the configuration should be read-only when set once and should only be possible to change this when a new version of the API is created in order to avoid issues with the API consumers.

Affected Component

APIM

RakhithaRR avatar Jul 18 '24 05:07 RakhithaRR

The following scenarios should be handled when implementing this feature

  • [x] API level configuration to enable or disable subscription validation.
  • [x] Publisher UI changes to support the new configuration and scenarios where subscription validation is disabled.
  • [x] Devportal UI changes to support APIs which have subscription validation disabled.
  • [x] Application/Subscription level rate limiting changes
  • [x] Analytics for APIs without subscriptions
  • [x] End user token generation for APIs without subscriptions
  • [x] Backend validations for different scenarios
  • [x] UI and Integration tests
  • [x] Documentation

RakhithaRR avatar Jul 18 '24 05:07 RakhithaRR