Design and Prototype APIs
- Design APIs and gather developer feedback before implementing (API First Design). Design can be done from the publishing interface or via importing an OpenAPI/Swagger definition.
- Deploy a prototyped API, provide early access to APIs, and get early feedback.
- Mock API implementation using JavaScript.
- Supports publishing REST, SOAP, JSON, and XML style services as APIs.
- Supports exposing GraphQL services as managed APIs.
- Pre-loaded sample APIs for a hassle-free first experience.
- Use preferred IDEs and CI/CD tooling for a developer first user experience.
Publish API Products and Govern the Use of APIs
- Publish APIs and API Products to external consumers and partners and internal users.
- Deploy APIs in Kubernetes easily using the API operator for Kubernetes.
- Deploy and manage APIs in the Istio service mesh.
- Publish APIs to a selected set of gateways in a multi-gateway environment.
- Support enforcement of corporate policies for actions like API subscriptions, application creation, etc. via customizable workflows.
- Manage API visibility and restrict access to specific partners or customers.
- Manage API lifecycle from cradle to grave: create, publish, block, deprecate, and retire APIs.
- Publish both production and sandbox keys for APIs to enable easy developer testing.
- Manage API versions and deployment status by version.
- One-click deployment to API gateway for immediate publishing.
- Customize the API lifecycle, including executing custom behavior on lifecycle transitions.
Control Access and Enforce Security
- Supports OAuth2.0, OIDC, Basic Auth, API Key, Mutual TLS, and more.
- Restrict API access tokens to domains/IPs.
- Validate APIs payload contents against schemas.
- Apply additional security policies to APIs (authentication and authorization).
- Supports all standard OAuth2.0 grant types and allows extensions and additions to grants.
- Works seamlessly with third party OAuth2.0 providers, standard, or proprietary.
- Allows blocking subscriptions due to non-payment, API abuse, etc.
- Associate API to system-defined service tiers for quotas and rate-limits.
- Generate JSON web tokens for consumption by back-end servers.
- Leverage XACML for entitlements management and fine-grain authorization.
- Configure Single Sign-On (SSO) using SAML 2.0 for easy integration with existing web apps.
- Threat protection, bot detection, and token-fraud detection.
- Supports detection of abnormal system use through artificial intelligence and machine learning.
Developer Portal
- Graphical experience similar to popular applications stores.
- Browse and search APIs by provider, tags, or name.
- Provision API keys.
- Subscribe to APIs and manage subscriptions on per-application basis.
- Subscriptions can be at different service tiers based on expected usage levels.
- Interactive API Test console.
- Internationalization support.
- Notifications enabled for new versions of subscribed APIs.
- Common view of the store for users registered under the same organization.
Manage Developer Community
- Self-registration for developer community to subscribe to APIs.
- Developer interaction with APIs using comments and ratings.
- View API consumer analytics.
- Tools for API product managers to proactively manage API subscriptions.
- Tooling to develop services, features, and artifacts and manage their links and dependencies through a simplified graphical editor.
Manage and Scale API Traffic
- The API gateway routes application traffic to services. It supports SSL termination, URL rewriting, and other standard features of a router while adding on the quality of service attributes for APIs.
- Highly scalable Microgateway purpose designed for microservice architectures.
- Separate production and sandbox traffic on different API gateways.
- Supports protocol transformation, data transformation, and API composition.
- Maps between HTTP(s) and other protocols, such as JMS or writing to file systems.
- Traffic Manager enforces rate limiting and dynamic throttling based on usage quotas and bandwidth quotas.
- Protect API backends from DDOS.
- Horizontally scalable with easy deployment into cluster using proven routing infrastructure.
- Extremely high performance pass-through message routing with minimal latency.
Monitor and Monetize
- API usage published to pluggable analytics framework (requests, responses, faults, throttling, subscriptions, self-sign ups to name a few).
- Out-of-the-box integration with Stripe for monetizing API and plugs in to other platforms.
- Out-of-the-box support for Google Analytics.
- Provides many usage graphs such as API latency and API usage comparison that help to monitor API and application performance and much more.
- Trace and observe API requests.
- Track consumer analytics per API, API version, tier, and consumer.
- Configurable payment schemes to monetize API usage.
- Monitor SLA compliance.
- Publish your own events and create dashboards
Pluggable, Extensible, and Themeable
- All components are highly customizable through styling, theming, and code extensions.
- Portals developed using ReactJS using the material-ui styles. Highly themeable and customizable.
- Responsive design for the Developer portal.
- All functionality exposed via a REST APIs which allows to create your own portal or automate API deployment through DevOps.
- Pluggable to third-party analytics systems and billing systems.
- Pluggable to existing user repositories including Microsoft Active Directory, LDAP, databases, or Apache Cassandra.
- Components usable separately: developer portal can be used to catalog APIs deployed in third-party gateways.
Easily Deployable in Your Enterprise
- Role-based access control for managing users and their authorization levels.
- Developer portal can be deployed in DMZ for external access with publisher inside the firewall for private control.
- Different user stores for developer-focused portal and internal operations in publisher.
- Integrates with enterprise identity systems including LDAP and Microsoft Active Directory.
- Gateway can be deployed in DMZ with controlled access to WSO2 Identity Server (for authentication/authorization) and governance database behind firewall.
WSO2 Platform Multi-Tenancy Support
- Run a single instance and provide API management to multiple customers, each in their own domain.
- Share APIs between different departments in a large enterprise.