Image credits: Pedro Sandrini from Pexels
WSO2 API Cloud has been in the API management SaaS market for nearly 6 years now. It is powered by the analyst recognized WSO2 API Manager, which is a 100% open source product. During the last 6 years, we have been adding many useful features to the solution, expanding it across multiple regions around the world, and helping customers in domains such as education, energy, finance, retail, entertainment, as well as telecommunications to succeed in their API management projects. With the experiences we’ve gained in doing business in the API management SaaS market, we have put together an evaluation guide for API management SaaS solutions. This guide is published as a whitepaper titled “A Buyer’s Guide to API Management SaaS” on our website and can be downloaded for free.
The objective of this guide is to help evaluators make the right decision by considering their current requirements and also the requirements that can arise in the future with the success of their project. The whitepaper discusses the following13 criteria in detail.
- Does it support full lifecycle API management?
- What are the security features available?
- Does it satisfy your performance requirements?
- What are the analytics capabilities?
- Pricing of the APIM SaaS
- SLAs and support
- Is the SaaS offering available in your region?
- How much white labeling is allowed?
- User/Identity management capabilities
- Can you monetize your APIs?
- Mediation capabilities
- Is a hybrid approach supported?
- CI/CD capabilities
The criteria we consider as compulsory are listed in bold and the other criteria are considered optional. However, this can change based on your requirements and there may be other aspects that will make it to the list too. With this whitepaper, we have provided a fact sheet that can be downloaded and used in your evaluation of different API management SaaS offerings. It is already filled with WSO2 API Cloud’s capabilities as a starting point for your convenience.
| Capability | WSO2 |
| Support for full lifecycle API management | |
| Create and publish APIs | Yes |
| Developer portal | Yes |
| Access control and rate limiting | Yes |
| Lifecycle management | Yes |
| API analytics | Yes |
| Security features | |
| Oauth2 token-based authentication for API requests | Yes |
| Other authentication mechanisms for API requests | No |
| Mutual TLS support | Yes |
| Block API requests based on payload | Yes |
| Secure connections from the cloud to the data center | Yes. VPN and VPC peering supported |
| Performance | |
| Does the average response time fall within your expected range? | |
| Can it handle your spikes? | |
| Does it provide shared runtimes or private runtimes? | Shared and private both are available |
| Analytics | |
| API requests statistics | Yes |
| Alerting | Yes |
| View and download logs | Yes |
| Push logs and stats to your own analytics system | No. Stats are available via a REST API. Pushing logs is in the roadmap |
| Pricing | |
| Starting price (per month) | $500 |
| Is your monthly bill predictable? | Yes |
| Are there any hidden charges? | No |
| Is support included in the pricing? | Yes |
| Are there feature limitations in different tiers? | No |
| SLA and Support | |
| What is the minimum availability guaranteed? | 99.90% |
| Are there different SLAs for different tiers? | No |
| What is the response time for an incident ticket? | Immediately responded. |
| What is the response time for a query ticket? | Within one business day. But generally responded within hours |
| Availability in your region | |
| Are you able to consume the service in a way your data do not leave your geographical region? | Yes. There are API gateways in 7 geographical regions. Can be extended further |
| White labeling capabilities | |
| Ability to configure custom URLs | Yes |
| Ability to theme the SaaS UI to reflect your brand | Yes |
| Any other white labeling features | Theming for email templates |
| User / Identity management capabilities | |
| Does it allow you to store your external users such as external API subscribers? | Yes |
| Does it allow you to plug your IDP to authenticate SaaS logins? | Yes |
| Can you plug your end-users to the SaaS offering? | Yes |
| Does it allow you to store your API end-users in the SaaS offering? | Yes |
| API monetization | |
| Is there an ability to charge the consumers for your API usage | Yes |
| Can you implement your monetization model with the SaaS offering? | No |
| Mediation capabilities | |
| Is the SaaS offering capable of message mediation? | Yes |
| Is it capable of dynamic routing? | Yes |
| Hybrid API management | |
| Is there a hybrid API management capability? | Yes |
| What components can be run in your infrastructure? | API gateway |
| Which infrastructure is supported by the on-prem components? | VMs, Docker, Kubernetes |
| Support for CI/CD of APIs | |
| Are there APIs to implement a CI/CD pipeline? | Yes |
| Does it support multiple environments? | Yes |
| Are there other options to support CI/CD of APIs? | Yes. Export/Import APIs between environments, CLI tool |
| Certifications | |
| What certifications does the SaaS offering possess? | GDPR compliant |
We encourage you to read the whitepaper and use the fact sheet available with it during your current and future evaluations. You can sign up for WSO2 API Cloud and verify the specified capabilities. If you have any questions, do reach out to us via cloud@wso2.com