WSO2 API Manager 2.0 Addresses Performance Demands of High-Traffic API-Driven Apps While Strengthening API Governance and Creation

New release offers analytics for API usage and performance; a Decision Manager to enforce throttling policies in real-time; API lifecycle visualization, and automatic generation of client SDKs

Mountain View, CA – June 8, 2016 – The API-driven economy is quickly evolving from a vision to reality as organizations begin to move beyond basic API management to innovating new business models and generating new revenue streams. Today, WSO2 is rolling out WSO2 API Manager 2.0, which adds significant new functionality for addressing the performance demands of enterprises’ high-traffic API-driven applications, as well as strengthening API governance and creation.

Version 2.0 is the latest release of WSO2 API Manager, the only 100% open source enterprise-class API management product to combine easy, managed API access with full API governance and analysis. Using WSO2 API Manager, IT organizations can set up their own consumer-like API Store where developers can easily subscribe to and consume APIs. Meanwhile API publishers have complete API lifecycle governance—from creating to publishing, deprecating and retiring APIs—as well as analytics and metrics to support decision-making and enforce service-level agreement (SLA) policies. With version 2.0, WSO2 API Manager:

  • Enhances analytics to provide greater insight into API usage, performance and anomalies.
  • Introduces a new Traffic Manager featuring a dynamic throttling engine to manage and scale API traffic.
  • Strengthens governance across APIs, services and applications with full API lifecycle visualization.

Significantly, the same multitenant, cloud-enabled WSO2 API Manager software can run on servers, in a private cloud, public cloud or hybrid cloud environment, providing the flexibility to support a range of API-driven applications, from web and mobile commerce to partner ecosystems and the Internet of Things, among others. Federated access to APIs across multiple entities empowers enterprises to create new models for collaborating and monetizing APIs. And because API management does not occur in a vacuum, WSO2 API Manager is pre-integrated with all other products in the comprehensive WSO2 platform, so developers can focus on building their solutions, not worrying about how to connect the underlying technologies.

“Enterprises are increasingly moving towards API-driven business models to expand their IT ecosystems and employ new approaches to collaboration and monetization across customers, partners and employees,” said Isabelle Mauny, WSO2 vice president of product strategy. “With the new analytics, throttling, governance and development capabilities of our 100% open source WSO2 API Manager, we are extending our commitment to democratizing access to the enterprise-class API management functionality required to capitalize on these opportunities.”

Enhanced Analytics for Greater Insight into API Usage and Performance

WSO2 API Manager 2.0 features enhanced analytics to help developers monitor and monetize API usage, track performance, and detect anomalies, helping users to stay informed when events outside usual patterns take place.

Statistical Graphs – WSO2 API Manager 2.0 introduces a host of new reports in API Publisher that feature statistical graphs to help AP providers monitor and manage API and application performance. Published reports on statistics include applications and subscriptions created over time, API and applications throttled requests, API usage comparison, API latency, and published APIs overtime. Using data from these reports, API providers gain the insights to monetize their APIs and manage subscriptions at different service tiers based on the expected usage levels of their APIs.

Log Analyzer – The new log analyzer in WSO2 API Manager 2.0 provides the ability to perform analysis on logs by facilitating the creation of reports on low-level system operations and enabling users to view live log events on a per-tenant basis. Reports on low-level system operations include:

  • Log events: overall statistics of the types of log events created in a given time period.
  • Application errors: a breakdown of error log events based on exception category and error message.
  • Artifact deployment stats: the number of artifacts deployed in a given duration.
  • Login failures: the number of failed login attempts in a given duration.
  • Number of API failures.
  • Access token-related issues.

Real-time API Behavior Analysis – Version 2.0 leverages the real-time streaming analytics engine of WSO2’s analytics platform to detect changes in API call trends and behaviors. The engine was identified by Forrester Research, Inc., as a strong performer in The Forrester Wave™: Big Data Streaming Analytics, Q1 2016 report1 published, March 30, 2016. In particular, the functionality is used to:

  • Detect fraudulent usage of tokens. Indications that a token may have been stolen include:
    • Alerts about abnormal renewal of access tokens, notably when there is a change in the pattern of frequency with which access tokens for an application are renewed by a user.
    • Alerts about unseen source IP access, which occur when the origin of the access token abruptly changes its geo-location.
  • Provide tools for the API product manager to provide better customer service. For instance, it can alert when an API’s response time is outside normal parameters, indicating a potential service-level agreement (SLA) breach.
  • Help the API product manager to measure an API’s value. Two key applications are:
    • Sending alerts when an application or user is throttled out for hitting the limit of the current subscription tier. This indicates a potential opportunity for the API product manager to proactively propose a tier upgrade to the customer. If this applies to many consumers, it may be an indication of the need to adjust SLA levels that are too low.
    • Detecting when an API is not used, which means the API either needs some special attention in terms of documentation, functionality, etc. to improve its value or should be retired.
  • Identify erratic behavior and supports capacity planning. Two common use cases are:
    • Alerting when there is a sudden spike or drop in the request count within a specified period for a particular API resource, which may indicate a system problem.
    • Determining a trend in increased response times, indicating potential issues with APIs or backend system capacity.

Customers can enrich the default functionality by creating their own real-time analysis scripts, leveraging existing events, or publishing their own events from their APIs.

New Decision Manager for Managing and Scaling API Traffic

WSO2 API Manager 2.0 introduces a new Decision Manager that helps users to regulate API traffic, make APIs and applications available to consumers at different service levels, and secure APIs against security attacks. Decision Manager features a dynamic throttling engine to process throttling policies in real-time, including:

  • Standard usage quotas of total subscriptions and resources, such as calls or bandwidth, which can be consumed within a longer time frame.
  • Rate limiting based on subscriptions, APIs, resources, Internet protocol (IP), geographical location, bandwidth, request payloads, user access tokens, JSON web token (JWT) claims, request methods, and traffic spikes to track denial-of-service (DoS) attacks.
  • Rate limiting based on complex, extensible and dynamic rules, scenarios and events.

Using Decision Manager, administrators can define complex throttling tiers while they’re in progress, including transport headers, IP addresses, and query parameters. Those administrators on the super-tenant tier also can set up custom throttling policies by creating queries via WSO2’s real-time analytics engine, which will automatically take effect on all APIs globally. Additionally, administrators have the ability to block calls to specific APIs and applications, specific users’ access to APIs, and requests based on predefined criteria, as well as to blacklist users or applications that are abusing rate limits.

Enhanced Governance and API Lifecycle Management

Version 2.0 of WSO2 API Manager strengthens governance across APIs, services and applications by providing visualization across the full API lifecycle, from creating to publishing, deprecating and retiring APIs. With the new release, API Publisher displays a more user-friendly graphical representation of API state transitions, making it easier to publish APIs and govern API use.

WSO2 API Manager 2.0 also introduces a notifications feature in API Publisher. Each time a new API version is created, users who have subscribed to earlier versions will be notified automatically via email. WSO2 API Manager also can be configured to support additional notification methods, such as Short Message Service (SMS) for text messaging.

Enriching the Developer Experience

The API Store developer portal in WSO2 API Manager 2.0 now enables API subscribers to create client SDKs with the single click of a button. Version 2.0 utilizes the code generator in Swagger tooling to let API subscribers generate client SDKs for their subscribed APIs in relation to the corresponding application. By removing the hassle of developers having to manually create SDKs, WSO2 API Manager simplifies the development of web and mobile apps.

Proven Scalability, Flexible Deployment

WSO2 API Manager is built on the same modular, fully componentized OSGi-compliant code base as the award-winning WSO2 Carbon enterprise middleware platform. Like all Carbon-based WSO2 products, it is inherently cloud-enabled and uses proven core framework components that provide a consistent set of enterprise-class management, security, clustering, logging, statistics, tracing, and other capabilities. WSO2 API Manager offers proven scalability, since it uses the same core technologies and runtime of WSO2 Carbon, which are handling anywhere from millions to billions of API calls per day for enterprises around the world.

Additionally, the componentized architecture maximizes the flexibility enterprises have when deploying WSO2 API Manager.

  • Because the software is cloud-enabled, WSO2 API Manager can migrate between servers, private clouds, public clouds, and hybrid cloud environments.
  • Any WSO2 API Manager components—including API Publisher, API Store, and API Gateway—can be decoupled and allocated to different compute resources, making it easy to scale to meet growing demand.

Availability and Support

WSO2 API Manager 2.0 will be generally available by July 15, 2016, and the beta is available today for users that want to begin evaluating the product’s functionality. WSO2 API Manager 2.0 is delivered as a software download that can run directly on servers, on top of a private platform as a service (PaaS), or on top of infrastructure as a service (IaaS), such as Amazon Elastic Computing Cloud (EC2), Linux Kernel Virtual Machine (KVM), and VMware ESX. It is also provided as a Docker image to run in containers. Additionally, customers can choose to have WSO2 host the software through WSO2 Managed Cloud hosted services. As a fully open source solution released under the Apache License 2.0, WSO2 API Manager does not carry any licensing fees.

WSO2 API Manager is backed by a world-class technical team with in-depth knowledge of the middleware. In addition to production support, WSO2 service and support options include development support and special QuickStartSM consulting programs.

About WSO2

WSO2 empowers enterprises to build connected businesses and accelerate their pace of innovation with the industry’s only lean, fully integrated, and 100% open source enterprise middleware platform. Using WSO2’s platform, enterprises have all the functionality to build, integrate, manage, secure and analyze their APIs, applications, Web services, and microservices—on-premises, in the cloud, on mobile devices, and across the Internet of Things. Leading enterprise customers worldwide rely on WSO2’s platform and its robust performance and governance for their mission-critical applications. Today, these businesses represent nearly every sector: health, financial, retail, logistics, manufacturing, travel, technology, telecom and more. Visit to learn more, or check out the WSO2 community on the WSO2 Blog, Twitter, LinkedIn and Facebook.

Trademarks and registered trademarks are the properties of their respective owners.