API Manager >

Product Roadmap

Updated 2H 2019


API Manager
  • Unified search on the developer portal
  • Revamped UX based on React-based SPAs and a simplified configuration model
  • Productization of API groups
  • JWT authentication
  • Basic authentication
  • API Key authentication
  • Bot detection
  • API request/response validation
  • GraphQL
  • Tighter integrations to the Kubernetes ecosystem
  • Revocation of self-contained access tokens (JWTs)
  • gRPC support
  • Web Sockets
  • Automatic enablement of API controls for microservices in Kubernetes
  • Heterogeneous control plane support to generate microgateways from public hosted open API definitions
  • Pluggable authentication schemes
  • Globally shareable policies through Policy-Hub
  • Support for virtual hosts
  • Integration with Consul for service discovery


API Manager
  • Enhanced support for API documentation
  • Enhanced support for GraphQL by introducing GraphQL-specific documentation
  • Enhanced analytics covering more scenarios and robust drill-down capabilities
  • First-class integration with observability tools such as Prometheus
  • Microgateway toolkit (compiler) as a service
  • Mutable microgateway runtimes
  • Private jet microgateways that are directly deployable from the control plane (API Manager)
  • Serverless enablement of microgateways with KNative
  • Composable microgateways for app developers to deploy “application gateways”
  • Self-tuning capability to cater to APIs of different scale


  • Enhance API Manager with a new architecture for simplified user experience and management, high degrees of scalability and dynamicity, and easy customizability and extensions.
  • Extending support for dynamic (third-party) gateways by specifying gateway URLs per API
  • Dynamic registration of microgateways on API Manager
  • Support for serverless API gateways
  • Personalization of APIs for API consumers, which can be deployed on personal API gateways (private-jet)
  • Native/embedded API Management on large-scale cloud infrastructures such as Kubernetes
  • API gateways for event-driven microservices communications
  • In-process sidecar API gateway for Ballerina
  • Additional defenses for attack vectors, such as via machine learning and honeypots
  • Control plane support with xDS APIs
  • Microgateway as the edge gateway (ingress gateway) in Kubernetes
  • Heterogeneous request/response transformation support
  • Built-in billing


APIs are touching every facet of our society and the underlying trends that are going to generate nearly 1 billion APIs in the coming years. All digital transformation is now API-driven and integration technologies underpin their evolution.

API Management provides full lifecycle management of APIs for a variety of scenarios, whether B2B access, internal development, shared libraries, or monetization. WSO2 has been shipping our offering for 6 years and it has expanded to include a macro and micro gateway, embedded analytics and API identity, and API development tooling.

WSO2 provides a complete set of capabilities that allow our customers to pursue any kind of API strategy. We front-end our offering with our ESB, identity server, and embedded analytics offerings to provide means to digitally transform legacy infrastructure into APIs. And our entire integration stack is open source - as well as available in on-premises, hybrid or cloud offerings.


Our vision for API Management is to help organizations expose their services to internal consumers, external consumers, and partners in a secure, controlled and monitored environment. In doing so we want to enable.

  1. API developers - to develop, test, deploy APIs and repeat as easy, flexible and fast as possible on cloud, multi-cloud, hybrid-cloud and on-premises infrastructures.
  2. API product managers - to productize, monetize and manage the lifecycle of APIs and to get deep business insights about API consumer patterns and trends.
  3. Application developers - to search, discover, learn and test APIs and develop applications with ease.
  4. API users - to be able to get access to their data and services in a secure environment, which guarantees privacy and confidentiality and enables fair usage to all.
  5. Operation specialists - to be able to easily scale API infrastructures on demand, apply upgrades with ease and easily integrate with CI/CD tools for better operational efficiency.

As the world embraces microservices as the upcoming norm of enterprise architecture, our vision is to enable the surrounding API ecosystem which empowers architects and developers alike to build secure scalable solutions adhering to the principles of microservices.

In doing so the WSO2 API Manager will evolve to seamlessly integrate with service mesh solutions such as Istio, Linkerd, service registries such as etcd, consul and naturally integrate with containers and container orchestration solutions such as Docker, Kubernetes.

Another key objective is to stay focused on the agility of the developer/integrator workflow in this process. With the rise of microservices driving an exponential growth in programmable endpoints, our vision is that API Management needs to better blend into standard service development and management lifecycles.

Finally, we are driving a strategic priority to support cell-based architecture patterns and serverless API gateways to enable short-lived, dynamic APIs and composable customized API gateways.


The content herein is shared in order to outline some of our current product plans but it is important to understand that it is being shared for INFORMATIONAL PURPOSES ONLY, and not as a binding commitment, promise or legal obligation to deliver any material, code or functionality. Any references to the development, release and timing of any products, features or functionality remains at the sole discretion of WSO2. Product capabilities, timeframes and features are subject to change.