Re: [Apiman-user] Plugins
Have you marked the Service as Public by any chance? You can find that
setting on the service UI's "Plans" tab.
To make sure you really are using the plan you should *not* make your
service public - that way you can't accidentally bypass your plan(s).
Note: once you start using plans, and if you do *not* have the service
set to public, then you will not be able to invoke the service without
an API Key.
-Eric
On 8/20/2015 2:22 PM, Fadi Abdin wrote:
I think i'm good now .. I was able to make a test service and
passes
but i think i found bug .. If i created a plan and set it up with same
policies i setup directly into the service with cors and keycloak , the
service that with the plan by passes keycloak and let me in even with
the browser directly . but the service setup with policies directly
inside it displays "OAuth2 'Authorization' header or 'access_token'
query parameter must be provided." .. which is correct .