One Control Plane. Any Cloud. Any Gateway.
Built for the flexibility and scale that enterprises demand. Design, publish, govern, and monitor APIs across any cloud and any gateway from a single control plane.
Why it matters
APIs are no longer confined to a single cloud. When your infrastructure spans AWS, Azure, GCP, and instances on private infrastructure, managing APIs becomes difficult. Separate consoles lead to visibility gaps, policy drift, and operational silos. With WSO2, you get one control plane that spans everything. Full control through a single pane of glass.
Unified API lifecycle management
Design, publish, version, and retire APIs from a single console regardless of where they are deployed.
Policies that actually stay consistent
Define rate limiting, authentication, and security rules once and enforce everywhere without manual replication.
Full visibility across clouds
One dashboard shows traffic, compliance status, and API health across all environments simultaneously.
Zero lock-in by design
Manage AWS API Gateway, Azure API Management, Kong, and Envoy gateways alongside WSO2-deployed gateways from a single pane of glass.
Key capabilities
Complete API lifecycle management
Design and publish APIs using OpenAPI and AsyncAPI standards. Manage subscriptions, versions, and API products from a single console. Retire deprecated versions without coordinating across multiple clouds.
- OpenAPI and AsyncAPI support with built-in designer
- Versioning and lifecycle state management
- Subscription tiers and monetization-ready architecture
- Multi-tenant publisher and developer portals
Flexible, multi-cloud deployment
Deploy gateways on AWS, Azure, GCP, on-premises Kubernetes, or bare metal. Each new gateway automatically inherits all existing policies, access controls, and monitoring configurations from the control plane.
- AWS, Azure, GCP, and private cloud deployments
- On-premises and hybrid infrastructure
- Kubernetes, Docker, and bare metal runtimes
- Air-gapped and disconnected environments
Hybrid deployment for data sovereignty
For enterprises having to support data sovereignty, run a SaaS control plane while keeping gateways and API traffic on the infrastructure of your choice. Data and traffic never leave your network while configuration is handled centrally, on the cloud.
- SaaS control plane with data plane in your VPC or on-prem
- Central policy and analytics without centralized data
- Meets government, healthcare, and financial services residency requirements
Control plane and data plane separation
The control plane handles design, policies, and observability. Data planes (gateways) handle traffic wherever your infrastructure lives. Update security policies, rate limits, or access controls across your entire fleet instantly from one place.
- Independent scaling of control and data planes
- Real-time policy distribution across environments
- Offline-capable data planes in air-gapped environments
- Audit logging for all API and policy operations
Secure and govern APIs centrally
Define security policies, rate limits, and access controls once and enforce them across every gateway and environment. Manage OAuth2, JWT, mTLS, and API key lifecycles from a single console. Configurable approval workflows control who can publish APIs and which developers get access before changes go live.
- Centralized rate limiting, throttling, and threat protection policies
- OAuth2, JWT, mTLS, and API key lifecycle management
- Identity provider integrations (Asgardeo, Azure AD, custom IdPs)
- Policy approval workflows and audit logging for compliance
Federated gateway control
Discover and manage third-party gateways from AWS, Azure, Kong, and Envoy. Enforce WSO2 policies across all gateways without replacing infrastructure. Bring existing investments under centralized governance.
- Unified policy enforcement across mixed gateway deployments
- No need to replace existing API infrastructure
- Centralized analytics across all gateways
- Gradual migration path to unified architecture
Benefits at a glance
One control plane for all gateways and deployment types
Manage SaaS, on-premises, hybrid, and multi-cloud deployments from a single console.
Eliminate policy drift across clouds
Policies deploy consistently to AWS, Azure, on-prem, and everywhere else simultaneously.
Reduce API management overhead
A single source of truth and action for all management. Stop logging into separate consoles for each cloud or region.
Govern third-party gateways
Extend control to AWS API Gateway, Azure, Kong, and Envoy without replacement.
Meet data residency and compliance requirements
Hybrid deployments keep traffic in your network while centralizing governance. Ready for highly-regulated use cases, out of the box.
Avoid vendor lock-in
100% open source. Manage any gateway across every cloud.
WSO2 API Control Plane gives you a single, unified way to design, publish, and manage APIs across any cloud, any gateway, and any deployment model. One control plane, infinite infrastructure flexibility.