问题
Is there a way to put the authorization bearer in the URL request? The curl command to access my API is this:
curl -X GET --header 'Accept: application/xml' --header 'Authorization: Bearer ebcd41ac-3466-3262-8c8e-3c73c987dbde' 'https://gateway.api.cloud.wso2.com:443/t/jab7180/prod/1.0.0/inquire/promos/IBM'
But if I use the request URL in my browser using https://gateway.api.cloud.wso2.com:443/t/jab7180/prod/1.0.0/inquire/promos/IBM, I am getting this error message:
Code = 900902
Message: Missing credentials
Description: Required OAuth credentials not provided. Make sure your API invocation call has a header: "Authorization: Bearer ACCESS_TOKEN"
I hope you can help me with this because I want to access my API just by the browser and not by curl command. Thanks.
回答1:
API Manager uses org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler to authenticate requests to the gateway using OAuth authentication tokens. To change this behavior, you have three options:
- Delete the authentication handler from your API definition on the gateway (or from the velocity template, to apply to all API publishing).
- Create your own authentication handler and replace the default authentication handler in the API definitions and/or velocity template. See: https://docs.wso2.com/display/AM200/Writing+Custom+Handlers
- Create a new handler that takes an authorization query string parameter and adds the value to the headers of the incoming request. Add this handler before the authentication handler in the handler workflow for your API.
That being said, why do you want to do this? There are a number of GUIs available that make sending HTTP requests just as straight-forward as using a browser (https://www.getpostman.com/) so unless you have a very good reason to change this behavior, you probably should not.
回答2:
If you don't need to protect your apis with access token and make it access without authorization you can specify the "None" as the authorization for the Get api resource in the "Manage" tab of api publisher when creating or updating an API.
来源:https://stackoverflow.com/questions/40523902/authorization-bearer-in-url-request-using-wso2-api-manager