WSO2 API Manager is a complete solution for designing and publishing APIs, creating and managing a developer community, and for securing and routing API traffic in a scalable way. It leverages proven components from the WSO2 platform to secure, integrate and manage APIs. In addition, it integrates with the WSO2 analytics platform, and provides out of the box reports and alerts, giving you instant insight into APIs behavior.
As with all WSO2 products, WSO2 API Manager is 100% open source. Designed for easy customization, it is extensively pluggable to integrate with existing infrastructure in your enterprise.
WSO2 API Manager supports API design and publishing as well as API lifecycle management, includes a developer portal, provides APIs access control, and offers a comprehensive set of analytics for IT operations and API product managers.
WSO2 API Manager is part of a comprehensive, composite platform that can enable you to provide more functionality to your customers. You can adopt the rest of the platform at your pace, as your API management deployment matures and grows. Potential scenarios include:
- Federated identity based on SAML or OpenID Connect
- Policy-based authorization with XACML
- Integrated service and API governance
- Advanced data and protocol transformation
Design and Prototype APIs
- Design APIs, gather developers' feedback before implementing (API First Design). Design can be done from the publishing interface or via importing an existing Swagger 2.0 definition
- Deploy a prototyped API, provide early access to APIs, and get early feedback
- Supports publishing SOAP, REST, JSON, and XML style services as APIs
- Pre-loaded sample APIs for a hassle-free first experience
Publish APIs and Govern API Use
- Publish APIs to external consumers and partners, as well as to internal users
- Ability to publish APIs to a selected set of gateways in a multi-gateway environment
- Support enforcement of corporate policies for actions like API subscriptions, application creation, etc. via customizable workflows
- Manage API visibility and restrict access to specific partners or customers
- Manage API lifecycle from cradle to grave: create, publish, block, deprecate, and retire
- Publish both production and sandbox keys for APIs to enable easy developer testing
- Manage API versions and deployment status by version
- One-click deployment to API gateway for immediate publishing
- Customize the API lifecycle, including executing custom behavior on lifecycle transitions
Control Access and Enforce Security
- Restrict API access tokens to domains/IPs
- Validate APIs payload contents against a schema
- Apply security policies to APIs (authentication, authorization)
- Rely on OAuth2 standard for API access (implicit, authorization code, client, SAML, IWA Grant Type)
- Plug third-party key servers in lieu of the default one, for application registration, Oauth2 token generation & validation
- Block a subscription and restrict a complete application
- Associate API to system-defined service tiers
- Generate JSON web tokens for consumption by back-end servers
- Leverage XACML for entitlements management and fine-grain authorization
- Configure Single Sign-On (SSO) using SAML 2.0 for easy integration with existing web apps
- Graphical experience similar to popular applications stores
- Browse and search APIs by provider, tags, or name
- Provision API keys
- Subscribe to APIs and manage subscriptions on per-application basis
- Subscriptions can be at different service tiers based on expected usage levels
- Interactive API Test console
- Internationalization support
- Common view of the store for users registered under same organization
Manage Developer Community
- Self-registration for developer community to subscribe to APIs
- Developer interaction with APIs via forums, comments, and ratings
- View API consumer analytics
Manage and scale API Traffic
- API gateway can act as SSL termination point
- Separate production and sandbox traffic on different API gateways
- Supports protocol transformation, data transformation, and API composition
- Maps between HTTP(s) and other protocols, such as JMS or writing to file systems
- Enforces rate limiting and throttling policies for APIs by consumer
- Protect API backends with a throttling hard limit
- Horizontally scalable with easy deployment into cluster using proven routing infrastructure
- Extremely high performance pass-through message routing with minimal latency
- Supports up to 1300 TPS on a single node
Monitor and Monetize
- API usage published to pluggable analytics framework (requests, responses, faults, throttling, subscriptions, self-sign ups to name a few)
- Out-of-the-box support for WSO2 Data Analytics Server and Google Analytics.
- Track consumer analytics per API, per API version, per tiers, and per consumer
- Configurable payment schemes to monetize API usage
- Monitor SLA compliance
- Alerting, real-time dashboards
- Publish your own events and create your own dashboards
Pluggable, Extensible, and Themeable
- All components are highly customizable through styling, theming, and code extensions
- Responsive design for Developer portal
- All publishing/portal functionality is exposed via a REST API, which allows to create your own portal or automate API deployment through DevOps
- Pluggable to third-party analytics systems and billing systems
- Pluggable to existing user repositories including Microsoft Active Directory, LDAP, databases, or Apache Cassandra
- Components usable separately: developer portal can be used to catalog APIs deployed in third-party gateways
Easily Deployable in Your Enterprise
- Role-based access control for managing users and their authorization levels
- Developer portal can be deployed in DMZ for external access with publisher inside the firewall for private control
- Different user stores for developer-focused portal and internal operations in publisher
- Integrates with enterprise identity systems including LDAP and Microsoft Active Directory
- Gateway can be deployed in DMZ with controlled access to WSO2 Identity Server (for authentication/authorization) and governance database behind firewall
WSO2 Platform Multi-tenancy Support
- Run a single instance and provide API management to multiple customers, each in their own domain
- Share APIs between different departments in a large enterprise
Although the following tutorials have been recorded using the SaaS version of API Manager (API Cloud), they do apply to an on-premise deployment of API Manager as well.
- Tutorial 1: Create a simple API and publish to your web portal
- Tutorial 2: Subscribe to API and invoke it
- Tutorial 3: Social features
- Tutorial 4: Adding API Documentation
- Tutorial 5: Enforce Throttling and Resource Access Policies
- Tutorial 6: API Analytics, Statistics, Reports
- Tutorial 7: Develop and Apply Custom API Store Theme
WSO2 Cited as a Strong Performer with the report noting, “In our reference checks, WSO2’s customers were extremely satisfied with the vendor.”
WSO2 - Forrester Guest Webinar: API Management is not Enough: You Need an API PlatformRegister Now >>
- Only production-ready, 100% open source API management solution available today, on-premise and in the cloud
- A single API gateway node handles more than 100 million requests/day. eBay, which uses WSO2 solutions, handles billions/day!
- Developer’s portal can use social logins such as Facebook, Google Apps, and many others
- Supports federated identity across products such as SalesForce™ or Google Apps
- Extensible via server-side public REST APIs
- Recognized as a Strong Performer for API Management Solutions by Forrester in 2014
Please fill this form and we will respond to your query within 1 hour.
Download WSO2 API Manager
Tutorial 1: Create a simple API and publish to your web portal
This tutorial shows the process of creating and publishing an API, defining REST resources and HTTP verbs, setting throttling limits and other parameters.
Tutorial 2: Subscribe to API and invoke it
This tutorial talks you through how an API consumer comes to the API Store portal, reviews the published API, subscribes to it, generates OAuth authorization token, and invokes GET and POST methods from curl command-line utility.
Tutorial 3: Social features
This tutorial shows how API subscribers can discuss APIs in forums, rate APIs, promote them via Twitter, Facebook, and Google+, embed into websites and blogs, and share them via email.
Tutorial 4: Adding API Documentation
This tutorial takes you through adding online documentation to API store: uploading existing documents as PDF, DOC, HTML, and other formats; linking to other online resources; and using embedded rich text editor and basic CMS to create new manuals.
Tutorial 5: Enforce Throttling and Resource Access Policies
This tutorial takes you through how WSO2 API Manager lets publishers define the throttling limits and specify allowed REST resources and HTTP methods. All these get enforced by WSO2 API gateway so the calls that do not comply with the policies get handled by the gateway and never reach your backend service.
Tutorial 6: API Analytics, Statistics, Reports
This tutorial shows how WSO2 API Manager provides multiple analytics reports both to API publishers and subscribers, giving them details on how APIs are being used. The API statistics include breakdown by individual subscriptions and users, response times, usage trends, invocation failures, breakdown by API resources and paths, and much more.
Tutorial 7: Develop and Apply Custom API Store Theme
Subscriber portals are important part of API ecosystem communities. WSO2 API Manager support whitelabeling and allows you to fully rebrand your developer portal to look and feel exactly like your corporate web property. In this demo we show how you can change the logo and CSS styles of your API community site.