Sending the API request
Fill in fields to set up the request for an API that you want to debug on the Test tab.
You can complete this task either by using the API Designer UI application, or by using the browser-based API Manager UI.
Open the Test tab
- Log in to API Manager or API Designer.
- In the navigation list, click Develop, then select the APIs tab.
- Click the title of the API that you want to test.
- On the API Design page, click the Test tab in the page header.
Fill in the Request section
Use the Request section of the page to set up the request URL, the authentication mechanism, and the request parameters. Complete the following steps to fill in the fields that are needed for configuring the request.
- To fill the Security scheme, complete the following steps:
- Click Authorizations and select the security definition that you want.
The available security definitions depend on the security schemes that are already configured in the
API. To know how to configure security schemes, see Defining security schemes. The available security definitions are:
- API key
- Basic
- OAuth
- If your API definition uses API key authorization for the security setting, enter the necessary
authorization details in the following fields on the Authorize page:
- Name
- The variable name that is auto-populated from security scheme.
- Located In
- Location is auto-populated from the security scheme.
- Value
- The user can enter the value based on the auto-populated name. For example, if the name is X-IBM-Client-Id, the user can enter the same name in the value field.
- If your API definition uses Basic authorization for the security setting, enter the necessary
authorization details in the following fields on the Authorize page:
- Username and Password
- Enter the username and Password that is needed for authenticating with the user registry.
- If your API definition uses OAuth authorization for the security setting, enter the necessary
authorization details in the following fields on the Authorize page:Note:
- The OAuth authorization supports only the native OAuth provider. For more information on native OAuth provider, see Configuring a native OAuth provider
- The available flow options for OAuth authorization are:
- Implicit
- Access Code
- Resource Owner - Password
- Application
- Authorization URL
- This URL is used to redirect users for authentication and authorization. The URL is auto-populated from the OAuth Provider that you created in the Resources page.
- Name
- The name of the OAuth provider is auto-populated.
- Client ID
- This ID is used to authenticate and authorize the client's access to the resources. It is auto-populated based on the application that you selected under Target configuration. For more information, see Specifying the testing preferences for an API.
- Client secret
- Enter the secret key corresponding to the Client ID. The client secret is displayed only once when you create the application. Note down the secret key for OAuth authorization.
- Flow
- Flow in API authorization refers to the OAuth flow types that determine the process of obtaining authorization. It depends on the flow type that you select when you create the security scheme for the authorization. This field is auto-populated by default.
- Scopes
- Select the check boxes of scopes that you want to add. The scopes are included in the access tokens that are generated from the OAuth provider. When an OAuth protected API is invoked, the gateway checks the scopes that are carried in the access tokens. Then it compares them against the list of allowed scopes in the security definition to determine whether to grant access.
- Token URL
- This URL is used for obtaining OAuth tokens during the authentication process. The Token URL is auto-populated based on the URL that you add when creating the corresponding OAuth provider on the Resources page.
- Redirect URIs
- Select the redirect URIs from the list.
- Username and Password
- Enter the username and password of the user registry that is selected under the corresponding OAuth providers on the Resources page.
Click Get Token to create the access token.
The system automatically updates the access token in the Parameter tab when you apply authorization.
For more information on OAuth security schemes, see Defining OAuth2 security schemes.
- Click Apply.
When you invoke the API, API Connect populates a header using the provided information.
- Click Authorizations and select the security definition that you want.
The available security definitions depend on the security schemes that are already configured in the
API. To know how to configure security schemes, see Defining security schemes. The available security definitions are:
- Select an operation and request a URL from the list provided.
- On the Parameters tab, define header, query, and path parameters.
An empty row is provided for you to define parameters, enter the parameter name in the Key field, select query, header, or path in the Located in field as appropriate, and supply a string value in the Value field. As you begin to define a new parameter, a further empty row is added automatically.
Default header parameters and values are provided. For example, if the API has client ID or client secret definitions applied, the corresponding keys are added as header parameters, with the values preset; for details on configuring client ID and client security definitions, see Creating an API key security definition.
The following table lists some common header definitions that are used in a request:
Table 1. Common request headers Key Value Comments Accepts media_type/subtype Specify the type of content that the response headers should use. The default is application/json
.X-IBM-Client-Id client_ID_val If you are using the built-in test application in the Sandbox catalog, the value is pre-populated automatically. If you are using your own client application, replace the value with the client ID of your application. X-IBM-Client-Secret client_secret_value If you are using the built-in test application in the Sandbox catalog, the value is pre-populated automatically. If you are using your own client application, replace the value with the client secret of your application.. Authorization Bearer access_token Encode the token in base64. API Connect cannot encode the token for you. Content-Type media_type/subtype Specify the type of content that the response body should use; for example, application/json
orimage/png
.If the API has path or query parameters defined, these are added to the parameters list, ready for you to supply values; for details on configuring path and query parameters, see Defining Paths for a REST API and Configuring an operation.
- If the operation is POST or PUT, set up the request body.
- Click the Body tab.
- Type the information for the body of the request.
Send the request
When your API request is configured, click Send to execute the call.
If a message displays indicating "No Response", the API call cannot be completed. Possible causes of this problem are as follows:
- CORS is not enabled in the API’s definition
Edit the API’s definition and enable CORS. Then, save the change and publish the API. If you are using your own client app, remember to subscribe it to the API again after publishing.
- The gateway service URL has an invalid certificate
Follow the instructions to accept the certificate and continue testing.
- The browser cannot connect to the gateway service