Using REST APIs to Manage Lambda APIs in WSO2 API Manager
In this article, I discuss how to use WSO2 API Manager’s Publisher APIs to create and update Lambda APIs
WSO2 API Manager has built-in REST API support for managing all the tasks in the product and you can refer its docs for more information. As you already know, Publisher Portal is used to manage the life cycle of APIs such as create, update, deploy, and delete. Similarly, we can use Publisher API to perform those tasks. However, it will be trickier to identify the parameters and the payload of the request using only the documentation. Hence, I will guide you through an example for managing a Lambda API using Publisher APIs.
Lambda API — An API of type ‘REST API’ which has the endpoint as AWS Lambda.
Step 1: Get consumer key/secret pair
Sample request:
curl --location --request POST 'https://<host>:<port>/client-registration/v0.17/register' \
--header 'Authorization: Basic Base64(admin_username:admin_password)' \
--header 'Content-Type: application/json' \
--data-raw '{
"callbackUrl": "www.google.lk",
"clientName": "rest_api_admin",
"owner": "admin",
"grantType": "password refresh_token",
"saasApp": true
}'
Sample response:
{
"clientId":"<clientId>",
"clientName":"rest_api_admin",
"callBackURL":"www.google.lk",
"clientSecret":"<clientSecret>",
"isSaasApplication":true,
"appOwner":null,
"jsonString":"{\"grant_types\":\"password refresh_token\"}",
"jsonAppAttribute":"{}",
"applicationUUID":null,
"tokenType":null
}
Step 2: Get access token
Sample request:
curl --location --request POST 'https://<host>:<port>/oauth2/token' \
--header 'Authorization: Basic base64(cliet_id:client_secret)' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=<admin_username>' \
--data-urlencode 'password=<admin_passowrd>' \
--data-urlencode 'scope=apim:api_view apim:api_create apim:api_publish'
Sample response:
{
"access_token":"<access_token>",
"refresh_token":"<refresh_token>",
"scope":"apim:api_create apim:api_publish apim:api_view",
"token_type":"Bearer",
"expires_in":3600
}
Step 3: Create Lambda API
Note that I will be adding only sufficient properties for creating a Lambda API. If needed, you can add other properties too. Here, I do not attach the sample responses to keep this article simple.
Option 1: Using IAM role-supplied temporary AWS credentials
curl --location --request POST 'https://<host>:<port>/api/am/publisher/v3/apis' \
--header 'Authorization: Bearer <access_token>' \
--header 'Content-Type: application/json' \
--data-raw '{
"name": "LambaAPI",
"version": "1.0.0",
"context": "lambda",
"policies": [
"Unlimited"
],
"endpointConfig":{
"endpoint_type":"awslambda",
"access_method":"role-supplied",
"assume_role":false,
"amznAccessKey":"",
"amznSecretKey":"",
"amznRegion":"",
"amznRoleArn":"",
"amznRoleSessionName":"",
"amznRoleRegion":""
}
}'
Option 2: Using stored AWS credentials
curl --location --request POST 'https://<host>:<port>/api/am/publisher/v3/apis' \
--header 'Authorization: Bearer <access_token>' \
--header 'Content-Type: application/json' \
--data-raw '{
"name": "LambaAPI",
"version": "1.0.0",
"context": "lambda",
"policies": [
"Unlimited"
],
"endpointConfig":{
"endpoint_type":"awslambda",
"access_method":"stored",
"assume_role":false,
"amznAccessKey":"<amznAccessKey>",
"amznSecretKey":"<amznSecretKey>",
"amznRegion":"<amznRegion>",
"amznRoleArn":"",
"amznRoleSessionName":"",
"amznRoleRegion":""
}
}'
Additionally, you can enable STS AssumeRole support by setting following properties in the endpointConfig.
"assume_role":true
"amznRoleArn":"<amznRoleArn>"
"amznRoleSessionName":"<amznRoleSessionName>"
"amznRoleRegion":"<amznRoleRegion>"
Step 4: Update Lambda API with resources
curl --location --request PUT 'https://<host>:<port>/api/am/publisher/v3/apis/<apiId>/swagger' \
--header 'Authorization: Bearer <access_token>' \
--form 'apiDefinition="{
\"openapi\":\"3.0.1\",
\"info\":{
\"title\":\"LambaAPI\",
\"version\":\"1.0.0\"
},
\"servers\":[
{
\"url\":\"/\"
}
],
\"security\":[
{
\"default\":[
]
}
],
\"paths\":{
\"/hello\":{
\"get\":{
\"x-auth-type\":\"Application & Application User\",
\"responses\":{
\"200\":{
\"description\":\"ok\"
}
},
\"parameters\":[
],
\"x-amzn-resource-name\":\"<ARN>\",
\"x-amzn-resource-timeout\":60000
}
}
},
\"components\":{
\"securitySchemes\":{
\"default\":{
\"type\":\"oauth2\",
\"flows\":{
\"implicit\":{
\"authorizationUrl\":\"https://test.com\",
\"scopes\":{
}
}
}
}
}
},
\"x-wso2-auth-header\":\"Authorization\",
\"x-wso2-cors\":{
\"corsConfigurationEnabled\":false,
\"accessControlAllowOrigins\":[
\"*\"
],
\"accessControlAllowCredentials\":false,
\"accessControlAllowHeaders\":[
\"authorization\",
\"Access-Control-Allow-Origin\",
\"Content-Type\",
\"SOAPAction\",
\"apikey\",
\"Internal-Key\"
],
\"accessControlAllowMethods\":[
\"GET\",
\"PUT\",
\"POST\",
\"DELETE\",
\"PATCH\",
\"OPTIONS\"
]
},
\"x-wso2-basePath\":\"/lambda/1.0.0\",
\"x-wso2-transports\":[
\"http\",
\"https\"
],
\"x-wso2-response-cache\":{
\"enabled\":false,
\"cacheTimeoutInSeconds\":300
}
}"'
Step 5: Create a revision
curl --location --request POST 'https://<host>:<port>/api/am/publisher/v3/apis/<apiId>/revisions' \
--header 'Authorization: Bearer <access_token>' \
--header 'Content-Type: application/json' \
--data-raw '{
"description": ""
}'
Step 6: Deploy revision to gateway
curl --location --request POST 'https://<host>:<port>/api/am/publisher/v3/apis/<apiId>/deploy-revision?revisionId=<revisionId>' \
--header 'Authorization: Bearer <access_token>' \
--header 'Content-Type: application/json' \
--data-raw '[
{
"name": "Default",
"vhost": "localhost",
"displayOnDevportal": true
}
]'
Step 7: Publish Lambda API to Devportal
curl --location --request POST 'https://<host>:<port>/api/am/publisher/v3/apis/change-lifecycle?action=Publish&apiId=<apiId>' \
--header 'Authorization: Bearer <access_token>'
That’s it! You have successfully published a Lambda API only using Publisher REST APIs. Now you can try creating an application and invoking the Lambda API in Devportal.
Cheers! Thanks for reading my article.