WSO2
CONTACT
API MANAGER SERVER

All-in-One API Management

Full lifecycle API management in as a self-hosted, open-source server. Design, secure, publish, and monitor APIs from one place. Built for government, finance, and regulated industries that need complete control over their infrastructure.

Sign Up for Free Download Now

Why it matters

Most teams cobble together separate tools for design, security, publishing, and monitoring. The result: gaps between tools, inconsistent policies, and wasted engineering time on integration plumbing. WSO2 API Manager Server ships the entire lifecycle as a single, self-hosted solution.

Choice of gateway technology

Starting with WSO2 API Manager Server 4.7, you can select the best gateway to fit your specific needs and stack. Choose either the Java-based Universal Gateway or new Go-based Platform Gateway.

Go from spec to production in minutes

Import an OpenAPI spec, attach policies, and publish to your developer portal. No handoffs between teams. No deployment scripts to maintain.

Give developers a portal they'll actually use

Interactive try-it console, auto-generated SDKs in multiple languages, and self-service key management. Developers onboard themselves instead of filing tickets.

100% open source, 100% yours

Apache 2.0 licensed. Full source code. Deploy on your own infrastructure with no per-gateway fees, no usage caps, and no vendor lock-in.

Built for regulated environments

Air-gapped deployments, on-premises Kubernetes, and disconnected networks. WSO2 API Manager Server runs where your compliance requirements demand.

WSO2 API Manager Server is trusted by enterprises across 90+ countries in government, financial services, healthcare, and beyond.

Key capabilities

Design and publish any API type

Import or build REST, GraphQL, WebSocket, and Webhook APIs. Manage versions, lifecycle states, and subscriptions from a single publisher console. AI-assisted API testing with API Chat helps teams evaluate APIs faster.

HIGHLIGHTS
  1. OpenAPI spec import with built-in designer
  2. Lifecycle states from creation through deprecation and retirement
  3. Revision-based deployment with rollback support
  4. Multi-tenant publisher console for team-based API ownership

API governance

Define and enforce API standards across your organization from a single control point. Approval workflows control who can publish APIs and which developers get access. Audit logging captures every change so you have a clear compliance trail.

HIGHLIGHTS
  1. Lifecycle approval workflows for API publishing and access
  2. Centralized policy enforcement across all gateways
  3. Audit logging for all API and policy operations
  4. Scope-based authorization with XACML and OPA support

Developer portal that drives adoption

A self-service marketplace where developers discover, evaluate, and subscribe to APIs without waiting for your team. White-label ready for partner and customer-facing deployments.

HIGHLIGHTS
  1. Interactive try-it console for REST, GraphQL, and SOAP
  2. Auto-generated SDKs in multiple languages
  3. Self-service application registration and key management

Deploy gateways where your infrastructure lives

Run Universal, Kubernetes, Immutable, or Event gateways in any environment. Supports air-gapped networks, disconnected data centers, and on-premises Kubernetes clusters where external connectivity is restricted or prohibited.

INCLUDES
  1. Multiple gateway types for different deployment needs
  2. Air-gapped and disconnected environment support
  3. Distributed rate limiting, caching, and edge deployment
  4. On-premises Kubernetes, Docker, and bare metal runtimes

AI gateway and MCP built in (4.6+)

Route LLM traffic across OpenAI, Anthropic, Azure OpenAI, Bedrock, Gemini, and Mistral. Apply guardrails for content safety, PII masking, and prompt filtering. Expose your APIs as MCP tools for AI agents.

SUPPORTS
  1. Multi-model LLM routing
  2. Built-in and third-party AI guardrails (AWS Bedrock Guardrail, Azure Content Safety)
  3. Semantic caching to reduce LLM latency and cost
  4. MCP Hub for governed AI agent tool discovery

API analytics powered by Moesif

Track traffic, latency, errors, and business metrics across all APIs and environments. Moesif integration provides user-centric observability so you can see how developers actually use your APIs, not just infrastructure health.

HIGHLIGHTS
  1. Real-time API traffic and error monitoring
  2. Per-developer and per-application usage tracking
  3. Anomaly detection and alerting via Slack or PagerDuty
  4. OpenTelemetry tracing support for end-to-end visibility

Security that doesn't slow you down

Multi-layered security with flexible authentication, fine-grained authorization, and real-time threat protection. Apply policies once and enforce across every gateway type and environment.

INCLUDES
  1. OAuth 2.0, API keys, mutual SSL, JWT, and basic auth
  2. XACML, OPA, and scope-based authorization
  3. Bot detection, payload validation, and injection prevention
  4. Distributed rate limiting and throttling

Benefits at a glance

All-in-one API management publisher, developer portal, gateway, key manager,
and analytics in a single deployment.

01

100% open source

Apache 2.0 licensed. Full source code. No vendor lock-in.

02

Built for regulated
industries

Air-gapped deployments, on-premises hosting, and full audit logging for compliance.

03

Self-hosted, self-controlled

Runs on your infrastructure. Your data never leaves your network.

04

AI-ready

LLM routing, guardrails, semantic caching, and MCP support built in.

05

Developer portal that drives adoption

Try-it console, SDKs, and self-service onboarding reduce time-to-first-call.

WSO2 API Manager Server is how enterprises ship, secure, and scale APIs.
One platform. Open source. AI-ready.

Ready for open-source
API Management?


 
 
Sign Up for Free Download Now