Introducing WSO2 API Manager 4.2

We’re excited to announce the latest release in our product lineup — WSO2 API Manager 4.2. The product now comes with enhanced features to support a wider range of practical applications around API service design, creation, integration, development, and exposure.

If you'd prefer to watch a video to learn more about our release, click here.

What’s New 

• Improved tracing with OpenTelemetry support - It’s now easier to trace and identify possible bottlenecks for API calls in WSO2 API manager and mediation calls in WSO2 Micro Integrator.
• ELK-based analytics for WSO2 Micro Integrator - Comprehensive, on-premises analytics for WSO2 Micro Integrator give insights on deployment behavior. This results in proactive decisions.
• Enhanced API validation based on custom rules - Validate APIs against a set of custom rules to standardize and keep API definitions clean.
• Open API Specification (OAS) based documentation for APIs - Developers can easily read technical documentation for REST APIs in a standard format in the publisher and developer portals.
• Support for JDK 17 - Better performance and security, with other improvements.

As a leading, open-source API management solution, WSO2 API Manager provides a centralized platform to create, publish, and manage APIs and allows businesses to expose their services to internal and external stakeholders securely. With a robust set of features for traffic management, security, analytics, and API monetization, the product simplifies the entire API lifecycle, from design and implementation to deployment and consumption. It supports multiple deployment models, including on-premises, cloud, and hybrid, making it a flexible solution for an organization's needs.

Here are the latest additions to WSO2 API Manager.

Key Features

OpenTelemetry-Based Distributed Tracing

WSO2 API Manager and WSO2 Micro Integrator provide distributed tracing, a crucial aspect of observability, employing the OpenTelemetry standard. Distributed tracing can be used in WSO2 API Manager to observe API invocation paths and in WSO2 Micro Integrator to observe message flows. This facilitates identifying performance bottlenecks for further debugging purposes.

While WSO2 API Manager and WSO2 Micro Integrator previously used OpenTracing for distributed tracing, they have now adopted the OpenTelemetry standard, which incorporates OpenTracing and OpenCensus. Existing custom tracers written by users for WSO2 API Manager, based on the OpenTracing standard, will be forward compatible.

WSO2 API Manager and WSO2 Micro Integrator now support the OTLP tracer type, allowing tracing data to be sent to various application performance monitoring (APM) systems such as New Relic and Elastic without any vendor-specific implementation. Additionally, the Log Tracer, and the Custom Tracer have been introduced to WSO2 Micro Integrator. The Log Tracer can be used to store information related to spans in log files, and the Custom Tracer can be used to publish span information to any custom destination.

Figure 1 shows traces of WSO2 API Manager published to Elastic APM, with the OTLP tracer, whereas Figure 2 shows traces of WSO2 Micro Integrator published to New Relic APM, with the OTLP tracer.

Figure 1: Traces of WSO2 API Manager in Elastic APM

Figure 2: Traces of WSO2 Micro Integrator in New Relic APM

ELK-Based On-Prem Analytics with WSO2 Micro Integrator

Operational analytics are crucial in the production and deployment of WSO2 Micro Integrator as it gives insights into deployment behavior and enables data-driven decision making. The ELK stack is used to gather comprehensive analytics when deploying WSO2 Micro Integrator. ELK-based analytics can be utilized for many use cases involving WSO2 API Manager and WSO2 Micro Integrator.

Figure 3: Displaying Analytics in WSO2 Micro Integrator

Enable/Disable Self Sign Up via the Admin Portal

Self sign up to the developer portal is now easier for all tenants to maximize API exposure. This feature provides self sign up by default for all tenants and allows enabling/disabling it via the admin portal without accessing the registry.

Configure Lifecycle States from the Admin Portal

With this new feature, users can go directly to the admin portal to make changes to the API lifecycle configuration, eliminating the need to go through the Carbon Console. Additionally, a simplified JSON structure is used to represent the configuration.

Figure 4: Overview of the API Lifecycle Shown in the Admin Portal

Enable/Disable Correlation Logs Without a Server Restart

Previous versions of WSO2 API Manager and WSO2 Micro Integrator required a server restart to turn on/off correlation logs. With version 4.2, correlation logs can be activated or deactivated in real time (either by using a special DevOps API in WSO2 Micro Integrator or by using the APICTL - the command line tool for WSO2 API Manager), allowing a seamless backtracking of issues without any loss of crucial information.

Registry Artifacts View and Update Support for WSO2 Micro Integrator

The dashboard in WSO2 Micro Integrator now allows you to view registry artifacts and view/modify artifacts through the management API.

Figure 5: Registry Artifacts View

Gateway Support for One-Time Tokens 

Currently, application developers and end users can repeatedly request an API resource using a JWT token until it expires. However, there is no capability for an API developer to restrict the resource to a single access. This new feature will allow the restriction of multiple API invocations, providing only one opportunity to access the resource.

API Policies Export and Import Support for WSO2 API Manager 

The new policies framework allows multiple APIs to share a common set of policies by defining them as a shared set. This makes API policies first-class artifacts in the CI/CD process and provides import and export support across different environments. The import-export of these common API policies can be achieved through the APICTL (command line tool).

Throttle Policy Export Import Support for WSO2 API Manager

Previously, when exporting and importing, if an API or application was subscribed to a throttling policy that did not exist in the destination environment, the import to the new environment would fail, requiring the policy to be manually recreated. This feature resolves this issue by enabling the export and import of throttle policies through APICTL, eliminating the need for manual policy recreation in the new environment.

Avoid Accidentally Deleting Endpoint Certificates

When creating APIs that share the same endpoint using the current WSO2 API Manager implementation, it's important to bear in mind that backend certificates are shared. This means that deleting a certificate that has already been uploaded for an endpoint could inadvertently remove it from other APIs sharing that endpoint. Thankfully, a new feature has been put in place to tackle this problem. Users are cautioned against deleting backend certificates, and a warning is issued if an attempt is made to do so. By doing this, the feature ensures that certificates being used by other APIs that share the same endpoint are not accidentally deleted.

Figure 6: Warning is Shown When Accidentally Deleting a Policy

Validate APIs Based on Custom Rules

In previous versions, API definitions were validated against the default OpenAPI schema upon import and when being edited in the publisher portal. In certain scenarios, such as the validation of fields like email or name, a custom validation approach may be required. This implementation allows administrators to enforce custom rules for API validation, helping to standardize and keep API definitions clean by validating against a specified set of custom rules.

Figure 7: Custom Rules for API Validation

Generating REST API Documentation Automatically from Open API Specification (OAS)

API documentation plays a crucial role in the API management process, as developers rely on it to use APIs. In earlier versions, publishers were required to either upload existing documents or create them using markdown or inline. The new feature of generating documentation automatically from OAS specifications allows developers to view these documents in a readable format, making it easier to select and use the desired REST API. This feature enables the automatic generation of documentation for REST APIs.

Figure 8: Generated API Documentation (Based on OAS)

Try WSO2 API Manager Today!

For over a decade, WSO2 API Manager has been a leading provider of API management solutions, catering to diverse use cases across industries and businesses. Our product is trusted by hundreds of the world's top corporations, universities, and governments.

If you want to get started, just head over to https://wso2.com/api-manager/ and try it today. Want to learn more? Please see our product documentation, including our Quick Start Guide. And if you want to request a demo, we’d be happy to show you one. Just get in touch.