Last week we launched the beta version of the WSO2 API Manager 2.0. We are excited about this release as it offers analytics for API usage and performance; a Decision Manager to enforce throttling policies in real-time; API lifecycle visualization, and automatic generation of client SDKs.
Our 100% open source API Manager enables enterprises to leverage APIs, where they can derive new revenue models as well as safeguard against potential risks.
Let’s explore some of the new key features of this release
The UIs of the Developer Portal (API Store), API Publisher and Admin Portal are transformed to bring out an intuitive user experience to users; new theme and easy navigation flows help users to perform tasks faster.
Throttling helps to regulate traffic towards APIs, secure against possible security threats as well as monetize APIs. Throttling in WSO2 API Manager is imposed through policies based on tiers; tier is composed of a duration and a maximum no of requests to be entertained within that duration.
WSO2 API API Manager 2.0 comes with a Decision Manager to support managing and scaling API traffic. The new throttling model facilitates processing throttling policies in real time:
- Standard usage quotas to be consumed over a longer time period (e.g. total subscriptions, total resources such as calls and bandwidth
- Rate limiting based on subscriptions, APIs, resources, IP, geo-location, bandwidth, request payload (e.g. headers), user/access token, JWT claims, request methods (e.g. GET, POST) and traffic spikes
- Rate limiting based complex, extensible and dynamic rules, scenarios and events
With this release Super Tenant Users will be facilitated to create custom throttling policies, which will take effect immediately on all APIs globally. On the other hand, Admins will be able to define complex throttling policies (with transport headers, IP addresses, etc.), on the fly. They can utilize throttling to simply blacklist users and applications abusing rate limits.
WSO2 API API Manager 2.0 supports a host of new reports, log analysis as wells a real-time alerting mechanism. With these features users will be able to gauge API performance/usage and detect irregular patterns, which can be potential security risks.
A host of new statistical graphs have been introduced for the benefit of users interested in assessing API and application performance.
We now support a range of alerts to assist users to act upon anomalies in API usage and backend system behaviour as well as real-time detection of potential fraudulent activities. Some of the scenarios where alerts are triggered are as follows:
- Abnormal API response time – This could indicate a potential Service Level Agreement (SLA) breach
- Application/User throttled-out – API product managers may use this data to proactively propose a tier-upgrade or re-visit existing SLAs
- Abnormal API request count – This will indicate when there is a sudden spike/drop in the number of request for an API resource in a given duration, which can be related to a possible system problem
- Abnormal API Usage – This will help to detect when APIs are not utilized as expected, which could be an indication either the APIs are not useful as they used to be or support material are not upto date and act upon them
- Abnormal renewal of access tokens – Possible indication of a lost token, which can be mapped to a potential fraud
WSO2 API Manager 2.0 supports real-time log analysis with the ability to view the live log as well as to perform log analysis based on reports on low-level system operations such as log events, login failures, API failures and Access token-related issues.
Enhancements to Developer Portal
By utilizing swagger-codegen, the WSO2 API Manager 2.0 distribution facilitates API subscribers to generate SDKs for subscribed APIs in relation to the corresponding application with just a click of a button. This will make an app developer’s life easy by taking away the hassle of manually creating SDKs.
A graphical representation of API lifecycle management will illustrating the API state transition from creating to publishing, deprecating and retiring APIs.
WSO2 API Manager facilitates maintaining multiple API versions. With 2.0 when a new API version is created in API Publisher, users who had subscribed to its other version(s) will be notified via email by default.