WSO2 API Manager 1.6.0 - API Authentication Failure

Question

-Updated with pics of request header and params.

Can anyone tell me why WSo2 API Manager does not authenticate? I have set up two WSo2 API Manager 1.6.0 instances. One that is distributed and a stand alone instance. I also have created a version of the CDYNE sample API that requires authorization and another version that does not. It does not appear that the API is published correctly because it does not matter what level I set the api security to when creating the api. Here is the api on the gateway:

<?xml version="1.0" encoding="UTF-8"?><api xmlns="http://ws.apache.org/ns/synapse" name="Creator1--APIPhoneVerify" context="/APIPhoneVerify" version="2.0.0" version-type="url">
    <resource methods="POST GET OPTIONS DELETE PUT" url-mapping="/CheckPhoneNumber">
        <inSequence>
            <property name="POST_TO_URI" value="true" scope="axis2"/>
            <filter source="$ctx:AM_KEY_TYPE" regex="PRODUCTION">
                <then>
                    <send>
                        <endpoint name="Creator1--APIPhoneVerify_APIproductionEndpoint_0">
                            <http uri-template="http://ws.cdyne.com/phoneverify/phoneverify.asmx">
                                <timeout>
                                    <duration>30000</duration>
                                    <responseAction>fault</responseAction>
                                </timeout>
                                <suspendOnFailure>
                                    <errorCodes>-1</errorCodes>
                                    <initialDuration>0</initialDuration>
                                    <progressionFactor>1.0</progressionFactor>
                                    <maximumDuration>0</maximumDuration>
                                </suspendOnFailure>
                                <markForSuspension>
                                    <errorCodes>-1</errorCodes>
                                </markForSuspension>
                            </http>
                        </endpoint>
                    </send>
                </then>
                <else>
                    <send>
                        <endpoint name="Creator1--APIPhoneVerify_APIsandboxEndpoint_0">
                            <http uri-template="http://ws.cdyne.com/phoneverify/phoneverify.asmx">
                                <timeout>
                                    <duration>30000</duration>
                                    <responseAction>fault</responseAction>
                                </timeout>
                                <suspendOnFailure>
                                    <errorCodes>-1</errorCodes>
                                    <initialDuration>0</initialDuration>
                                    <progressionFactor>1.0</progressionFactor>
                                    <maximumDuration>0</maximumDuration>
                                </suspendOnFailure>
                                <markForSuspension>
                                    <errorCodes>-1</errorCodes>
                                </markForSuspension>
                            </http>
                        </endpoint>
                    </send>
                </else>
            </filter>
        </inSequence>
        <outSequence>
            <send/>
        </outSequence>
    </resource>
    <handlers>
        <handler class="org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler"/>
        <handler class="org.wso2.carbon.apimgt.gateway.handlers.throttling.APIThrottleHandler">
            <property name="id" value="A"/>
            <property name="policyKey" value="gov:/apimgt/applicationdata/tiers.xml"/>
        </handler>
        <handler class="org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageHandler"/>
        <handler class="org.wso2.carbon.apimgt.usage.publisher.APIMgtGoogleAnalyticsTrackingHandler"/>
        <handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerExtensionHandler"/>
    </handlers>
</api>

When I use the 'try it' feature it appears that the key is not passed and I get an error. Here is the key:

Here is the response:

Here is the wso2carbon.log:

TID: [0] [AM] [2014-02-05 14:25:02,513] ERROR {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler} -  API authentication failure {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler}
org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException: Access failure for API: /APIPhoneVerify, version: 2.0.0 with key: null
        at org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator.authenticate(OAuthAuthenticator.java:139)
        at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest(APIAuthenticationHandler.java:92)
        at org.apache.synapse.rest.API.process(API.java:285)
        at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:76)
        at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:63)
        at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:220)
        at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:83)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
        at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:336)
        at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:168)
        at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:744)
TID: [0] [AM] [2014-02-05 14:25:02,516]  INFO {org.wso2.carbon.bam.message.tracer.handler.util.HandlerUtils} -  Massage Info: Transaction id=115815524651347724395990  Message direction=OUT  Server name=7.40.2.26:9765  Timestamp=1391631902516  Service name=__SynapseService  Operation Name=mediate {org.wso2.carbon.bam.message.tracer.handler.util.HandlerUtils}

I then tried from an external source in case it was a 'tryit' problem. In this case the key was at least passed. Here is the request and reply:

Here is the wso2carbon.log:

TID: [0] [AM] [2014-02-05 14:26:24,053] ERROR {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler} -  API authentication failure {org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler}
org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException: Access failure for API: /APIPhoneVerify, version: 2.0.0 with key: CgtcOiDinAKo4hKbtDV_fr6JIVAa
        at org.wso2.carbon.apimgt.gateway.handlers.security.oauth.OAuthAuthenticator.authenticate(OAuthAuthenticator.java:139)
        at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest(APIAuthenticationHandler.java:92)
        at org.apache.synapse.rest.API.process(API.java:285)
        at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:76)
        at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:63)
        at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:220)
        at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:83)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
        at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:336)
        at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:168)
        at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:744)
TID: [0] [AM] [2014-02-05 14:26:24,056]  INFO {org.wso2.carbon.bam.message.tracer.handler.util.HandlerUtils} -  Massage Info: Transaction id=115823714657361932967093  Message direction=OUT  Server name=7.40.2.26:9765  Timestamp=1391631984056  Service name=__SynapseService  Operation Name=mediate {org.wso2.carbon.bam.message.tracer.handler.util.HandlerUtils}

Answer 1

I have added 2 versions of the same api. 1.6.0 (which doesn't work) and 1.6.1 (which does work). The error message regarding API authenication failure led me to believe it was a auth problem. However, since your worked with the /* url pattern I tried that, instead of a pattern of /CheckPhoneNumber and it worked. I guess having a url pattern of /CheckPhoneNumber and updating the swagger doc to have the definition include /CheckPhoneNumber are NOT the same thing.

Answer 2

Can you please try this API

http://api.openweathermap.org/data/2.5/weather 

with parameter q=London

The final request should look like the following

http://localhost:8280/yourAPI/1.0?q=London