API Manager >

Features

The open source WSO2 API Manager is a complete enterprise-class API management solution that combines easy, managed API access with full API governance and analysis.

Design and Prototype APIs

  • Design APIs and gather developer feedback before implementing (API First Design). Design can be done from the publishing interface or via importing an OpenAPI/Swagger definition.
  • Deploy a prototyped API, provide early access to APIs, and get early feedback.
  • Mock API implementation using JavaScript.
  • Supports publishing REST, SOAP, JSON, and XML style services as APIs.
  • Supports exposing GraphQL services as managed APIs.
  • Pre-loaded sample APIs for a hassle-free first experience.
  • Use preferred IDEs and CI/CD tooling for a developer first user experience.

Publish API Products and Govern the Use of APIs

  • Publish APIs and API Products to external consumers and partners and internal users.
  • Deploy APIs in Kubernetes easily using the API operator for Kubernetes.
  • Deploy and manage APIs in the Istio service mesh.
  • Publish APIs to a selected set of gateways in a multi-gateway environment.
  • Support enforcement of corporate policies for actions like API subscriptions, application creation, etc. via customizable workflows.
  • Manage API visibility and restrict access to specific partners or customers.
  • Manage API lifecycle from cradle to grave: create, publish, block, deprecate, and retire APIs.
  • Publish both production and sandbox keys for APIs to enable easy developer testing.
  • Manage API versions and deployment status by version.
  • One-click deployment to API gateway for immediate publishing.
  • Customize the API lifecycle, including executing custom behavior on lifecycle transitions.

Control Access and Enforce Security

  • Supports OAuth2.0, OIDC, Basic Auth, API Key, Mutual TLS, and more.
  • Restrict API access tokens to domains/IPs.
  • Validate APIs payload contents against schemas.
  • Apply additional security policies to APIs (authentication and authorization).
  • Supports all standard OAuth2.0 grant types and allows extensions and additions to grants.
  • Works seamlessly with third party OAuth2.0 providers, standard, or proprietary.
  • Allows blocking subscriptions due to non-payment, API abuse, etc.
  • Associate API to system-defined service tiers for quotas and rate-limits.
  • Generate JSON web tokens for consumption by back-end servers.
  • Leverage XACML for entitlements management and fine-grain authorization.
  • Configure Single Sign-On (SSO) using SAML 2.0 for easy integration with existing web apps.
  • Threat protection, bot detection, and token-fraud detection.
  • Supports detection of abnormal system use through artificial intelligence and machine learning.

Developer Portal

  • Graphical experience similar to popular applications stores.
  • Browse and search APIs by provider, tags, or name.
  • Provision API keys.
  • Subscribe to APIs and manage subscriptions on per-application basis.
  • Subscriptions can be at different service tiers based on expected usage levels.
  • Interactive API Test console.
  • Internationalization support.
  • Notifications enabled for new versions of subscribed APIs.
  • Common view of the store for users registered under the same organization.

Manage Developer Community

  • Self-registration for developer community to subscribe to APIs.
  • Developer interaction with APIs using comments and ratings.
  • View API consumer analytics.
  • Tools for API product managers to proactively manage API subscriptions.
  • Tooling to develop services, features, and artifacts and manage their links and dependencies through a simplified graphical editor.

Manage and Scale API Traffic

  • The API gateway routes application traffic to services. It supports SSL termination, URL rewriting, and other standard features of a router while adding on the quality of service attributes for APIs.
  • Highly scalable Microgateway purpose designed for microservice architectures.
  • Separate production and sandbox traffic on different API gateways.
  • Supports protocol transformation, data transformation, and API composition.
  • Maps between HTTP(s) and other protocols, such as JMS or writing to file systems.
  • Traffic Manager enforces rate limiting and dynamic throttling based on usage quotas and bandwidth quotas.
  • Protect API backends from DDOS.
  • Horizontally scalable with easy deployment into cluster using proven routing infrastructure.
  • Extremely high performance pass-through message routing with minimal latency.

Monitor and Monetize

  • API usage published to pluggable analytics framework (requests, responses, faults, throttling, subscriptions, self-sign ups to name a few).
  • Out-of-the-box integration with Stripe for monetizing API and plugs in to other platforms.
  • Out-of-the-box support for Google Analytics.
  • Provides many usage graphs such as API latency and API usage comparison that help to monitor API and application performance and much more.
  • Trace and observe API requests.
  • Track consumer analytics per API, API version, tier, and consumer.
  • Configurable payment schemes to monetize API usage.
  • Monitor SLA compliance.
  • Publish your own events and create dashboards

Pluggable, Extensible, and Themeable

  • All components are highly customizable through styling, theming, and code extensions.
  • Portals developed using ReactJS using the material-ui styles. Highly themeable and customizable.
  • Responsive design for the Developer portal.
  • All functionality exposed via a REST APIs which allows to create your own portal or automate API deployment through DevOps.
  • Pluggable to third-party analytics systems and billing systems.
  • Pluggable to existing user repositories including Microsoft Active Directory, LDAP, databases, or Apache Cassandra.
  • Components usable separately: developer portal can be used to catalog APIs deployed in third-party gateways.

Easily Deployable in Your Enterprise

  • Role-based access control for managing users and their authorization levels.
  • Developer portal can be deployed in DMZ for external access with publisher inside the firewall for private control.
  • Different user stores for developer-focused portal and internal operations in publisher.
  • Integrates with enterprise identity systems including LDAP and Microsoft Active Directory.
  • Gateway can be deployed in DMZ with controlled access to WSO2 Identity Server (for authentication/authorization) and governance database behind firewall.

WSO2 Platform Multi-Tenancy Support

  • Run a single instance and provide API management to multiple customers, each in their own domain.
  • Share APIs between different departments in a large enterprise.
Products
Projects
Cloud
Solutions
Company
Support
Learn
SIGN UP FOR OUR NEWSLETTER

Follow us

LEARN ABOUT SECURITY AT WSO2 >

This website uses cookies so that we can provide you with the best user experience. Read our Cookie Policy to find out more.

If you wish to disable cookies you can do so from your browser.

I Understand