11 Apr, 2022 | 3 min read

Introducing WSO2 API Manager 4.1

  • Chamin Dias
  • Associate Lead - Marketing - WSO2

We’re excited to announce that WSO2 API Manager 4.1—a complete platform for building, integrating, and exposing digital services as managed APIs in any environment—is now available. This release improves productivity in development and operations, expands support for different protocols and third-party technologies, and completes the product’s analytics story.

What’s New

  • Increased productivity with easier API-first design, SOAP-to-REST transform and passthrough, as well as multi-tenant configuration and policy management
  • Expanded API support with GraphQL subscription
  • Improved policy management and security with new, more flexible policy management and Open Policy Agent (OPA) support
  • Third-party integration with Solace Event Broker for event-driven (async) APIs, token exchange support, and easier third-party API support
  • Complete analytics with ELK-based on premises analytics and Choreo cloud analytics

Why the Right API Management Solution Matters

Recent events have pushed enterprises to accelerate their digital initiatives—often by years. 

Today, businesses must continuously design, integrate, and deliver enhanced digital solutions. Within this context, APIs have become a key enabler to become part of the digital economy.

They offer a standard way in which organizations' internal systems, assets, and processes can be easily integrated with different digital channels and external parties. However, having a set of APIs isn’t enough. There must be a way to properly govern and manage them. Also, it is essential to ensure security to protect an enterprise’s assets against malicious access and abuse.

WSO2 API Manager is a full life cycle API management solution for enterprises looking to balance agility and speed with the need for robust and scalable operations. It comes with comprehensive, high-quality tooling for rapid integration and API management. Integrated services can be exposed as managed APIs in the cloud, on-premises, or in container-native and hybrid architectures. Enhanced security mechanisms ensure that APIs are protected from both intentional and unintentional fraud in the entire API ecosystem.

Key Features

Figure 1: Architecture and Key Components

WSO2 API Manager includes the Choreo Connect micro gateway, which is powered by Envoy Proxy. Choreo Connect is an API gateway that is cloud native, open source, and developer focused. It offers first-class Kubernetes support, while facilitating a variety of API management quality of services (QoS), such as message security, rate limiting, observability, and message mediation. The gateway can process billions of transactions each day because of its high throughput, low latency, and small footprint. WSO2 API Manager can be used as the control plane for the Choreo Connect micro gateway. Choreo Connect can be run in the cloud, on-premises, or a hybrid environment. 

The latest version of WSO2 API Manager helps businesses to accelerate their digital strategies by strategically deploying API-first services to take advantage of new opportunities without leaving legacy code behind. 

Let’s dive in.

Extending GraphQL APIs for Push-Based Solutions

We’re extending GraphQL APIs support for push-based solutions (i.e., event-based scenarios). GraphQL is useful for three aspects: query (for fetching data), mutation (creating and modifying entries in the server), and subscriptions (sending data only when a particular event occurs).

Today, many organizations use GraphQL APIs as there is increasing demand for real-time systems and interactive and immediate user experiences. Enterprises need solutions that support GraphQL APIs for push-based solutions (using WebSockets). WSO2 API Manager 4.1 can support all three GraphQL aspects (query, mutation, and subscription).

Policy Management Capabilities 

With the latest release, WSO2 API Manager unifies architecture to handle policies in the setup. This includes mediation and security policies. New user interfaces are provided to manage the policies at the operational level (i.e., resource levels).

Prior to this release, WSO2 API Manager supported advanced mediation use cases via custom sequences. Now, API publishers can apply multiple policies per operation, define policy orders (i.e., the sequence of how those policies will be executed), set frequently used operations as default policies, and manage all these actions using user-friendly user interfaces.

Solace Integration 

Solace is an advanced event broker capable of efficiently streaming events and information across cloud, on-premises, and IoT environments. It supports a wide range of message exchange patterns beyond publishing and subscribing, including request/reply, streaming, and replay, as well as different qualities of service, such as best effort and guaranteed delivery. It’s available as an application, software, and a service. All options offer the same functionality and management experience.

Simply put, the Solace broker has endpoints that can be presented as APIs once they’re integrated with WSO2 API Manager. With this integration, the Async endpoints on the Solace broker can be exposed to consumers with API design, governance, lifecycle management, and security. Moreover, WSO2 API Manager’s in-built developer portal can be used to discover the services easily. 

A Top-Down Approach to Create Managed APIs

Micro Integrator and Streaming Integrator are important parts of WSO2 API Manager. An integration created in Micro Integrator or Streaming Integrator (an endpoint) can be exposed as a managed API. With this approach, the full API lifecycle can be enabled with the managed API.

This can be considered a bottom-up mechanism, where the integration happens first, and after that, it is exposed as an API. The disadvantage of this approach is an API developer cannot start creating a managed API until the full integration is completed in Micro Integrator or Streaming Integrator (depending on the tasks).

In WSO2 API Manager 4.1, an API developer can start creating a managed API so that the integration developer can expose an integration later on. This speeds up the API development process.

Enhanced Support for Third-Party APIs

An API gateway is one of the most important components of any API management system. It acts as a proxy, where all API requests are handled with the necessary QoS aspects. However, this adds a considerable effort to the gateway for every API added. The resource consumption will increase eventually with APIs and requests.

Figure 2: WSO2 API Manager’s developer portal

However, in some cases, we need to create and manage APIs without really deploying them into the gateway and runtime components. In such cases, resources can be saved by using those APIs as advertise-only APIs. Offering this capability (i.e., the ability to use advertise-only APIs) will facilitate a wide range of use cases, where APIs are deployed in an external gateway. Additionally, some Kafka and JMS event sources (exposed as APIs) can also be supported as well.

There’s More!

In addition, these are the other features that are available with the latest release of WSO2 API Manager.

  • Audit Logging Capability for Micro Integrator - Audit logs help to identify changes that happen to the product while it is running. This is also important for issue tracing and maintaining a software system.
  • Logging Support per API - Now, API developers can trace the entire request execution path (for a given API call) easily in a collection of requests and responses. This indicates different parameters of requests handled by the API management system.
  • SOAP/Proxy Service Support in Service Catalog as a Passthrough SOAP Endpoint - This feature is an extension to the service catalog of the previous release. In the initial implementation, the service catalog was supported by exposing integration services as managed APIs. Here, it is extended for the proxy services (to expose as managed APIs).
  • Supporting SOAP To REST Transformation  - This feature allows users to expose their legacy SOAP backends as REST APIs through WSO2 Enterprise Integrator. The generated REST service can be directly deployed into WSO2 Micro Integrator. It is also possible to edit the generated REST API using the IDE (Integration Studio).
  • Editable Tenant Configuration Menu in Admin Portal - This feature enables editing the tenant configuration through the admin portal (previously it was supported only in the management console of the setup). The admin portal is the central location for such administrative tasks.
  • Auto-Generating Data Service Definitions - Developers can now save a significant amount of time as the product can generate data services by connecting to already defined data sources.
  • Data Source Viewing Support in the Micro Integrator Dashboard - New, updated dashboards are included in the micro integrator to fetch and view data sources easily.
  • Websocket APIs with Choreo Connect - As a subtype of AsyncAPIs, WebSocket APIs created in API Manager can now be exposed via Choreo Connect 1.1.0 with security and respective rate-limiting facilities. Moreover, Choreo Connect will populate analytics for events.
  • Mock Implementation with Choreo Connect - API Manager with Choreo connect 1.1.0 as the gateway supports mock endpoint implementation using response examples given in the open API specification. This helps API developers to speed up the API development process.
  • Supporting Read-Only Mode in API publisher - A user who has the view/read-only permissions can only view the API, API Product, and Service details in the Publisher Portal. They can also review analytics-related details. API Manager provides a predefined role known as an observer that is used to group all read-only users.
  • ELK Based On-premises Analytics - WSO2 API Manager brings back the on-premises analytics solution collaborating with Elasticsearch. This solution provides insight into API usage and how the system behaves. This solution consists of WSO2 API Manager and four other ELK components (FileBeats, Logstash, Elasticsearch, and Kibana). Comprehensive analytics will help system administrators and API owners to make decisions based on the usage data and patterns.
  • Figure 3: ELK Analytics

    More information can be found here

    Try WSO2 API Manager Today!

    Hundreds of the world’s largest corporations, leading universities, and governments trust WSO2 API Manager to drive their digital initiatives.

    Are you ready to get started? Just head over to https://wso2.com/api-manager/ and try it now. Want to learn more? Please see our product documentation, including our Quick Start Guide. And if you want to request a demo, we’d be happy to show you one. Just get in touch.