Cloud Blog

All posts by Dmitry Sotnikov

Dmitry Sotnikov is Vice President of Cloud solutions at WSO2. Prior to WSO2, Dmitry worked at Quest Software (now part of Dell) as Director of Cloud Solutions, and later co-founded Jelastic PaaS and led Jelastic's sales, marketing, customer and partner relationships. Dmitry has been a featured speaker at multiple industry events including Microsoft TechEd, VMware VMWorld, Parallels Summit, Quest Innovate, and Technology Experts Conference (TEC).

99.99% – WSO2 Managed Cloud SLA Goes to Four Nines

99.99 - Guaranteed Uptime for WSO2 Managed CloudWSO2 Managed Cloud – our dedicated hosting offering – just got an upgrade. From now on, all Managed Cloud customers get financially backed 99.99% guaranteed uptime.

This is, of course, in addition to formal SLA on support ticket responses and all other niceties of the service:

  • Available for any combination of WSO2 products,
  • Run in the region of your choice on dedicated virtual machines not shared with any other customers,
  • WSO2 engineers set up the environment including the virtual machines, WSO2 products, and networking,
  • Can be set up to have network connectivity with your on-premise datacenter,
  • Deployment can be customized for your specific needs,
  • Can be combined with professional services including consultancy, development, and QuickStart,
  • Includes full devops service including 24*7 monitoring, regular backups, and product updates,
  • Priced as a fixed monthly fee.

You can find full updated SLA for WSO2 Managed Cloud at:

Fill out the form at the right side of the SLA page to get more information and sign up!

[NEW] API Cloud Custom URL for API Store and Gateway

API programs are key to building the ecosystem around your technology. Your developer portal and APIs represent who you are to your partners and customers. This is why branding is very important part of API efforts.

Branding for API programs consist of:

  1. Your own custom URLs for developer portal and APIs,
  2. Your logos, style, look and feel of the developer portal.

With the addition of custom URL functionality, WSO2 API Cloud now supports both kinds of customization.

1. Custom URL

By default, API Store for your subscribers gets a URL that looks like[your organization id], and the APIs themselves start with[your organization id]/.

My guess, is that instead, you would like a fully branded experience with API Store being available at something like and APIs at

Now all you need to do get there is:

  1. Come up with the nice URLs for both the API Store and the API gateway (and purchase the domain if you have not done so),
  2. Purchase SSL certificates for both domains (this is required because both portal and APIs themselves need to be accessed via HTTPS),
  3. In your domain registrar’s DNS panel, create CNAME records pointing to for APIs themselves, and for the developer portal,
  4. In WSO2 API Cloud, click the Custom URL menu and follow the configuration wizard.

Application overview page in WSO2 App Cloud

You can find detailed instructions in this tutorial: Customize the API Store and Gateway URLs.

2. Custom styles

Obviously, URL is just your first step. You also want the API store itself to be branded with your own corporate logos and styles.

This is as easy as taking our sample store theme, substituting the logos and any other graphics you want changed, and making proper changes to the CSS files.

Here’s a quick demo of the process:

And a link for step-by-step tutorial: Customize the API Store Theme.

Sign-up for a free trial of WSO2 API Cloud today!

[Video] Analyzing API Statistics and Blocking Rogue Subscribers

WSO2 API Cloud has all you need for successful API program. This means that besides just publishing your APIs and opening subscriber portal, you need to have detailed analytics reports to see the actual subscriber behavior and be able to block the subscriptions that do not comply with your policies.

We have published a couple of quick demos to show how this works.

Some of our out-of-box API analytics reports:

And here’s a quick video of how individual subscription can be easily located and suspended:

Start your free API Cloud trial today!

[VIDEO] New Publisher and Subscriber Experience in WSO2 API Cloud

With the latest updates to WSO2 API Cloud, we have made publishing and subscribing to APIs even easier!

Published APIs now just work out of box including interactive API Console (you no longer have to enable OPTIONS method for your APIs or edit Swagger file) – so the number of clicks to get your API published went down dramatically and the process became extremely straight-forward:

In subscriber portal (API Store) things got simpler as well. Interactive API Console no longer requires you to provide OAuth key manually and just grabs it from your configuration automatically. It also shows you various invocation and response details including the sample Curl command for your API call:

With these (and many smaller) changes and improvements, your API programs are now even more attractive and easier to implement.

Sign up for your free trial at

Meet the New WSO2 App Cloud

UPDATE: Since that time, App Cloud has been rebranded to WSO2 Integration Cloud and added even more exciting functionality.

We have completely revamped user experience for our PaaS to improve usability and bring it more modern look and feel.

Application overview page now has a dashboard from all the most important pieces of information about the application. You can even start editing the code right from it!

Application overview page in WSO2 App Cloud

By default, left-hand menu is closed to save screen space – but you can easily open it by clicking the “hamburger” button (that we all grew to like in various mobile apps these days):

Application menu slides out and lets you pick the page you need

The application wall, reporting who did what and when is still there on the right hand side:

Application wall slides in on the right side and gives a complete picture of what is going on in the project

And finally, there is a much improved Issue Tracker with sorting, filtering, commenting, and other long-requested functionality:

Issue and task tracking in WSO2 App Cloud

Sign up (or sign in – if you have an account) for WSO2 App Cloud and give it a try. It is still in free beta so there is no credit card required!

Disabling OAuth in API Cloud

OAuth2 has become the industry standard for secure API access, and is the default security mechanism that you get for your API subscribers in WSO2 API Cloud. API Cloud fully automates OAuth key generation and management.

However, there are circumstances when you might want to temporarily have your APIs available with no security required. For example, this might be the way you decide to launch them initially while you are still on the prototype phase.

WSO2 API Cloud gives you two ways of achieving this:

  • By publishing your API as Prototype, or
  • By setting required resource authentication level to None.

Publishing as Prototype

Prototypes are different from common published APIs because they are meant to run your ideas across your community to quickly collect feedback.

They can be implemented with a proper backend webservice (just like other managed APIs) or JavaScript.

Either way, they require no subscription. Your users will be able to give them a try without having to subscribe to them.

To publish an API as prototype:

  1. Pick Prototype on the second step of API creation (Implement),
  2. Provide JavaScript or backend URL,
  3. Click Deploy as Prototype.

Deploying an API as prototype (JavaScript or backend) on Step 2 of API implementation

The API will appear on the Prototypes tab of API Store and will not require authentication for access.

API prototype in WSO2 API Store

Authentication Type: None

You can also remove authentication requirements for regular managed APIs. This is useful when you want to still have the API listed on the API Store home screen and/or when you want to disable authentication requirement for individual resources of an API.

For that, go all the way till the last (Manage) step of API creation, and then change Authentication Type to None in the drop down next to each API resource at the bottom of the screen:

Setting REST resource Authentication Type from OAuth2 to None

Happy API management!

Spring and Hibernate in WSO2 App Cloud

Great news for Java developers: WSO2 App Cloud PaaS has added native support for both Spring and Hibernate frameworks:

Selecting Spring application type in WSO2 App Cloud PaaS

We have published detailed step-by-step instructions for both frameworks here:

WSO2 App Cloud is the most comprehensive platform-as-a-service (PaaS) in the market covering the whole application lifecycle from issue and task tracking, to Git source code repository, to cloud IDE, databases, lifecycle management, and more.

Happy coding and hosting!

API Cloud upgraded to API Manager 1.9

Good news! We have just finished upgrading WSO2 API Cloud to the latest codebase of WSO2 API Manager (1.9) – which brings us the latest features and fixes.

The biggest improvement is full Swagger 2.0 support. Swagger is the industry standard for API definitions and this is what API Cloud is using natively as well.

You can not just import or export the Swagger definitions, but also edit your API in full-featured Swagger editor with intellisense tooltips, syntax checks, and so on. Simply click Edit Source on the first step of API editing:

Edit Source button on the first step of editing API

And you get the full power of Swagger at your disposal:

Swagger wysiwyg editor and tooling in WSO2 API Manager

There are many other improvements and fixes, and we will be now re-releasing our tutorial videos and publishing new blog posts covering the exciting new functionality. Stay tuned!

Sign up for free trial of WSO2 API Cloud at

API Cloud: Connecting to Backend Service with OAuth, Simple Auth, IP Whitelisting

WSO2 API Cloud provides a simple way to turn your web services into managed APIs with enforced policies, security, subscriber portal, and analytics.

To make this all work, all API calls from subscribers need to go through API Gateway rather than directly to your backend. See arrow 3 in the API Cloud schematics here:

cloud-api-diagram - how WSO2 API Cloud works

What this means is that you promote to your subscribers the API as it is published in the gateway and API Store, while securing the link between API Gateway and backend service.

There are a few ways that you can secure the connection between the gateway and the backend:

  • Unsecured access,
  • Simple username/password authentication,
  • IP whitelisting,
  • OAuth.

Unsecured Access is obviously the easiest. While not a good idea in the long run (if users are bypassing the gateway, you don’t really have an API management solution in place), but when you are only starting and experimenting, and have not launched the program yet – this is the easiest way to get started.

Because of that, this is the default mode and the one we are using in API Cloud tutorials.

Simple Username/Password Authentication is also very easy to implement. All you have to do is click Show More Options on the second (Implement) step of API implementation, select Secured from the drop-down list below it, and provide credentials:

Specifying credentials for backend API connection

IP Whitelisting is a good further security step. Simply contact our team via Support / Contact Us menu item, and we will give you the IP address range that we use for API gateway. That way you can set up your backend to only accept invocations proxied by the gateway.

Finally, if rather than username & password, your backend service only accepts OAuth2 authentication, we now have a fully documented way of using that approach. See this tutorial that we just published.

Happy API implementations, and let us know if you have any questions.

WSO2 Clouds: Private, Managed, Public

Hello, World! This is the inaugural post in our new WSO2 Cloud blog. We will be covering the news and updates from the Cloud team at WSO2.

When we talk about Cloud at WSO2 we talk about the WSO2 platform used in one of 3 scenarios.

WSO2 Cloud modalities

Private Cloud has been historically the first one for WSO2.

WSO2 was the original creator (and is now one of the main contributors) to Apache Stratos PaaS (and is still supporting it commercially under the name of WSO2 Private PaaS) and has WSO2 App Factory PaaS that can run on top of it giving comprehensive developer experience with full lifecycle management, cloud IDE, teamwork, and so on.

In addition to that, the whole WSO2 integration platform stack plugs into the PaaS, giving complete cloud platform with:

  • Identity federation and management,
  • API management,
  • Integration,
  • Device management,
  • Application management
  • Data analytics (real-time and batch).

This makes it possible for some of the biggest companies in the world to deliver complex functionality for their employees, partners, and customers.

For example, watch this talk by Boeing on how they used WSO2 stack to implement their Boeing Edge platform that collects data from airplanes, analyses it, and then exposes to customers (airlines) in combination with supply chain systems for proper airplane servicing, ordering replacement parts, and so on.

Boeing Edge talk on WSO2 technology used by the company

Managed Cloud is not a software product really but a dedicated hosting option that we offer to our enterprise customers.

If you want to use any combination of WSO2 products, but do not want to maintain that deployment – our operations team is happy to do this for you:

  • Available for any combination of WSO2 products,
  • Run in the region of your choice on dedicated virtual machines not shared with any other customers,
  • WSO2 engineers set up the environment including the virtual machines, WSO2 products, and networking,
  • Can be set up to have network connectivity with your on-premise datacenter,
  • Deployment can be customized for your specific needs,
  • Can be combined with professional services including consultancy, development, and QuickStart,
  • Includes full devops service including 24*7 monitoring, regular backups, and product updates,
  • Priced as a fixed monthly fee,
  • Guaranteed service level and uptime.

Finally, WSO2 Public Cloud is a combination of WSO2 products deployed in shared multitenant mode.

These are shared deployment so the customization options are more limited. However, the pricing is extremely attractive: API Cloud starts at mere $100/month (after a free trial), and App Cloud is in free beta, and all you need to do to start using it is just go to and sign up with your email address.

Two services are currently available:

And we keep working on adding more cloud services based on other WSO2 products – so stay tuned!


Recent Posts

Most Popular Posts