WSO2 API Manager - 100% Open Source API Management Platform

WSO2 API Manager

WSO2 API Manager is a complete solution for designing and publishing APIs, creating and managing a developer community, and for scalably routing API traffic. It leverages proven, production-ready integration, security, and governance components from the WSO2 Enterprise Service Bus, WSO2 Identity Server, and WSO2 Governance Registry. In addition, it leverages the WSO2 Business Activity Monitor for Big Data analytics, giving you instant insight into APIs behavior.

As with all WSO2 products, the WSO2 API Manager is 100% open source. Designed for easy customization, it is extensively pluggable to integrate with existing infrastructure in your enterprise.


API Design and Prototyping

  • Wizard-driven approach for designing, implementing, and managing APIs
  • Ability to design and document API interface
  • Start designing with an existing Swagger-based API definition
  • Swagger-based API documentation support
  • Prototype API store to provide early access of APIs
  • Mock API implementation using Javascript
  • Test APIs with embedded API client

Create a Store of all Available APIs

  • Graphical experience similar to Android Marketplace or Apple App Store
  • Browse and search APIs by provider, tags, or name
  • Self-registration to developer community to subscribe to APIs
  • Subscribe to APIs and manage subscriptions on per-application basis
  • Subscriptions can be at different service tiers based on expected usage levels
  • Role based access to API Store; manage public and private APIs
  • Manage subscriptions at a per-developer level
  • Browse API documentation, download helpers for easy consumption
  • Comment on and rate APIs
  • Try APIs directly on the store front
  • Provision API keys
  • View consumers' API analytics
  • Internationalization (i18n) support

Publishing and Governing API Use

  • Design APIs, gather developers' feedback before implementing (API First Design). Design can be done from the publishing interface or via importing an existing Swagger definition
  • Publish APIs to external consumers and partners, as well as to internal users
  • Supports publishing multiple protocols including SOAP, REST, JSON, and XML style services as APIs
  • Manage API versions and deployment status by version
  • Govern the API lifecycle (publish, deprecate, retire)
  • Attach documentation (files, external URLs) to APIs.
  • Apply security policies to APIs (authentication, authorization)
  • Associate API available to system-defined service tiers
  • Manage API keys
  • Track consumer analytics per API, per API version, per tiers, and per consumer
  • One-click deployment to API Gateway for immediate publishing

Route API Traffic

  • Supports API authentication with OAuth2
  • Extremely high performance pass-through message routing with sub-millisecond latency
  • Enforce rate limiting and throttling policies for APIs by consumer
  • Horizontally scalable with easy deployment into cluster using proven routing infrastructure
  • Scales to millions of developers/users
  • Capture all statistics and push to pluggable analytics system
  • Configure API routing policies with capabilities of WSO2 Enterprise Service Bus
  • Powered by WSO2 Enterprise Service Bus

Manage Developer Community

  • Self sign-up for API consumption
  • Manage user account including password reset
  • Developer interaction with APIs via comments and ratings
  • Support for developer communication via forums
  • Powered by WSO2 Identity Server

Govern Complete API Lifecycle

  • Manage API lifecycle from cradle to grave: create, publish, block, deprecate, and retire
  • Publish both production and sandbox keys for APIs to enable easy developer testing
  • Publish APIs to partner networks such as ProgrammableWeb
  • Powered by WSO2 Governance Registry

Monitor API Usage and Performance

  • All API usage published to pluggable analytics framework
  • Out-of-the-box support for WSO2 Business Activity Monitor and Google Analytics
  • View metrics by user, API, and more
  • Customized reporting via plugging reporting engines
  • Monitor SLA compliance
  • Alerting, real-time dashboards

Pluggable, Extensible, and Themeable

  • All components are highly customizable through styling, theming, and code extensions
  • Storefront implemented with Jaggery ( for easy customization
  • Pluggable to third-party analytics systems and billing systems
  • Pluggable to existing user stores including Active Directory, LDAP, JDBC, and Apache Cassandra
  • Components usable separately–storefront can be used to front APIs deployed in third-party gateways
  • Support for Single Sign-On (SSO) using SAML 2.0 for easy integration with existing web apps

Easily Deployable in Enterprise Setting

  • Role based access control for managing users and their authorization levels
  • Storefront can be deployed in DMZ for external access with Publisher inside the firewall for private control
  • Different user stores for developer-focused storefront and internal operations in publisher
  • Integrates with enterprise identity systems including LDAP and Microsoft Active Directory
  • Gateway can be deployed in DMZ with controlled access to WSO2 Identity Server (for authentication/authorization) and governance database behind firewall

Support for Creating multitenanted APIs

  • Run a single instance and provide API management to multiple customers
  • Share APIs between different departments in a large enterprise

Publishing and Governing API Use

  • Document an API using Swagger
  • Restrict API Access tokens to domains/IPs
  • Ability to block a subscription and restrict a complete application
  • Ability to revoke access tokens
  • Separate validity period configuration for Application Access Token
  • OAuth2 Authorization Code Grant Type Support
  • Configuring execution point of mediation extensions

Monitor API Usage and Performance

  • Improved dashboard for monitoring usage statistics (filtering data for a date range, more visually appealing widgets)

Analyst Reports

White Papers


User Experience


API Store

API Publisher

Upcoming Events

12th March
Enterprise Identity and API Management