Skip to content

Add list and revoke gateway token endpoints#1081

Merged
malinthaprasan merged 3 commits intowso2:mainfrom
malinthaprasan:gw-token-improve
Feb 11, 2026
Merged

Add list and revoke gateway token endpoints#1081
malinthaprasan merged 3 commits intowso2:mainfrom
malinthaprasan:gw-token-improve

Conversation

@malinthaprasan
Copy link
Contributor

@malinthaprasan malinthaprasan commented Feb 11, 2026
edited by coderabbitai bot
Loading

Purpose

Gateway token lifecycle management is incomplete — there is no way to list active tokens or revoke a specific token. Tokens are also auto-generated on gateway registration, giving no control over when tokens are created.

Resolves #1080

Goals

  • Add endpoint to list all active tokens for a gateway
  • Add endpoint to revoke a specific gateway token
  • Remove auto token creation on gateway registration so tokens are only created explicitly via rotate

Approach

  • Added GET /gateways/{gatewayId}/tokens handler and service method to list active tokens
  • Added DELETE /gateways/{gatewayId}/tokens/{tokenId} handler and service method to revoke a token
  • Removed automatic token generation from the gateway registration flow

Automation tests

  • Manual verification via test script covering: generate token, list, revoke, verify removal, generate again, list, revoke again

Summary by CodeRabbit

  • New Features

    • Added endpoints to list a gateway's active tokens and to revoke individual tokens
    • Organization registration payload now includes id and region
    • Gateway creation payload now accepts vhost and functionalityType
    • Gateway registration no longer auto-creates tokens (token management is handled separately)

  • Documentation

    • Enhanced API docs with examples for gateway token listing and revocation

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 11, 2026
edited
Loading

Walkthrough

Adds gateway token management: new ListTokens and RevokeToken endpoints and service methods; removes automatic token creation from gateway registration; updates README and OpenAPI to document listing tokens and expanded payload fields.

Changes

Cohort / File(s) Summary
API docs & README
platform-api/README.md		 Added List Gateway Tokens examples and sample response; updated organization registration payload (id, region) and gateway creation payload (vhost, functionalityType).
HTTP Handler
platform-api/src/internal/handler/gateway.go		 Added ListTokens and RevokeToken handlers, parameter and org validation, error mapping (401/400/404/500), and routes: GET /api/v1/gateways/:gatewayId/tokens, DELETE /api/v1/gateways/:gatewayId/tokens/:tokenId.
Service layer
platform-api/src/internal/service/gateway.go		 Added ListTokens(gatewayId, orgId) and RevokeToken(gatewayId, tokenId, orgId) methods; removed auto token creation from RegisterGateway, decoupling token lifecycle from registration; adjusted token-related control flow.
API spec
platform-api/src/resources/openapi.yaml		 Added GET /gateways/{gatewayId}/tokens operation (operationId: listGatewayTokens) with 200 response referencing TokenInfoResponse and error mappings for 401/404/500; uses GatewayID path parameter.
Tests
platform-api/src/internal/service/gateway_properties_test.go		 Removed assertion requiring token creation during gateway registration; test no longer enforces CreateToken invocation.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant API as API Handler
    participant Svc as Gateway Service
    participant Repo as Gateway Repository/DB

    Client->>API: GET /api/v1/gateways/:gatewayId/tokens (with JWT/org)
    API->>Svc: ListTokens(gatewayId, orgId)
    Svc->>Repo: Query active tokens for gatewayId
    Repo-->>Svc: Token list
    Svc-->>API: TokenInfoResponse[]
    API-->>Client: 200 OK + tokens

    Client->>API: DELETE /api/v1/gateways/:gatewayId/tokens/:tokenId
    API->>Svc: RevokeToken(gatewayId, tokenId, orgId)
    Svc->>Repo: Validate ownership & revoke token
    Repo-->>Svc: success / not found
    Svc-->>API: success / error
    API-->>Client: 200 OK / 404 / 500
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰
I hopped through docs and opened gates,
Listed tokens, cleared old fates,
No more surprise keys at birth,
Now tokens live with rightful worth,
Hooray — a tidy, joyful patch! 🥕

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the main change: adding list and revoke endpoints for gateway tokens.
Description check ✅ Passed Description covers Purpose, Goals, and Approach sections. Automation tests section is present but incomplete (lacks unit/integration test details and coverage). Security checks and other template sections are missing.
Linked Issues check ✅ Passed All three coding requirements from issue #1080 are fully addressed: list tokens endpoint added, revoke token endpoint added, and auto-generation removed from gateway registration.
Out of Scope Changes check ✅ Passed All changes are directly aligned with issue #1080 requirements. README updates document the new endpoints, test assertions updated to reflect removed auto-generation, and no extraneous modifications detected.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

No actionable comments were generated in the recent review. 🎉

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@malinthaprasan malinthaprasan changed the title Gw token improve Add list and revoke gateway token endpoints Feb 11, 2026
VirajSalaka
VirajSalaka previously approved these changes Feb 11, 2026
View reviewed changes
@malinthaprasan malinthaprasan merged commit 800617f into wso2:main Feb 11, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shanakama shanakama shanakama approved these changes

@VirajSalaka VirajSalaka VirajSalaka left review comments

@CrowleyRajapakse CrowleyRajapakse CrowleyRajapakse left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Gateway token generation improvements required

4 participants

@malinthaprasan @VirajSalaka @CrowleyRajapakse @shanakama