Is it possible to disable the access-token mechanism in WSO2 API Manager? So we do not have to set the authentication bearer header .I know I can set the access-token time-out to -1 seconds, to make it endless.
Yes You can. WSO2 API Manager provides resource level authentication where you can specify the authentication mechanism for each HTTP verb. If you set it to 'None', then you do not need to set Authorization headers when you call the API.
As given in the document[1],when creating the API set 'AuthType' value as 'None' for all the HTTP verbs.
Also, you can edit the swagger for the resources (In latest api manager versions). In the "Design" tab of api select edit source under the "API Definition" section. Then in the swagger under the specific resource you want to skip authentication edit the attribute x-auth-type as follows
x-auth-type:None
来源:https://stackoverflow.com/questions/21113093/wso2-api-manager-is-it-possible-to-disable-the-access-token-mechanism