4 May, 2021

Introducing WSO2 API Manager 4.0

  • Chamin Dias
  • Associate Lead - Marketing - WSO2

Executive Summary

  • API-driven businesses have gained traction in the recent past.
  • As APIs gain popularity, the need for API management has increased exponentially.
  • As a leader in the API management industry, WSO2 API Manager now comes with features to facilitate modern business growth.
  • This article provides an overview of the latest version of the WSO2 API Manager.


Competition for customer loyalty, a desire for new revenue streams, and demand for supply chain resiliency are just three of the drivers behind enterprises accelerating their digital initiatives. APIs now serve as the primary building blocks for these efforts—assembling data, events, and services from within the organization, throughout ecosystems, and across devices. But integrated legacy systems and support for new event-driven architectures also play critical roles in enabling timely, meaningful digital interactions in response to customer actions. To support these demands, WSO2 has added significant new capabilities to WSO2 API Manager 4.0, available today. 

While the pandemic has forced many organizations to embrace digital transformation, businesses work hard to maintain a competitive edge through continuous innovation. 

Businesses must embrace new approaches to sell their services as packaged, value-added goods now more than ever. A payment processing service, for example, can be paired with a video streaming service and an LMS (learning management system) to create a fully functional online education system. While some of these facilities may not be owned by the company, integrating these services becomes inevitable to provide a complete solution. 

Some critical considerations in this approach include combining different services, dealing with multiple protocols, and supporting a diverse set of infrastructures. Following the integration of these services, the final product must be offered to the consumer with appropriate measures in place to ensure improved customer support.

As a result, we can define two main aspects of this model. The first step is to create and integrate services. The second consideration is structured exposure.

As the first component of the system, the capability to integrate services becomes a lifesaver. In this instance, there should be an organized method to design, implement and combine services according to a business requirement.

Once these services are combined (or integrated), the final product can be offered as an API as APIs are the main building block of today’s service-based industry.

Both of these aspects (service integration and API management) must be carefully considered because when developing digital platforms (and products) to meet customer demands, a wide variety of services must be integrated into different ways. Since these services can run on a number of platforms and environments, the infrastructure is more complicated.

However, building these integration and API management scenarios from scratch and exposing them to end-users in a controlled manner is a time-consuming and cost-inefficient task.

This is where API-led integration solutions become a lifesaver for digital-driven business organizations. WSO2 API Manager 4.0.0 is offered as a solution that can facilitate service design, service creation, service integration, API development, and exposing APIs seamlessly.

In brief, WSO2 API Manager offers the following benefits to its users.

  • For API owners: Ability to create value-added digital products to fulfill the demands of the marketplace and identify the best performing products using business analytics
  • API developers (integration developers): Rapidly design, deploy, test, and implement APIs using the in-built tools / shorten the learning curve due to the use of open standards
  • For API consumers: Choose the best digital product that is perfect for their needs (and spending power)
  • For partners: Clear segregation of duties and proper access control for the services managed individually and collectively
  • For sysadmins: Deployment flexibility and variety of security mechanisms to protect the services (and the API ecosystem) from being compromised

An Overview of Key Features

The most recent update includes a number of major new features that greatly enhance and boost the user experience. Let's take a closer look at some of the latest features.

Service Catalogue API

API Owners can now conveniently expose Integration Services as Managed APIs in the API Marketplace, thanks to a new feature in WSO2 API Manager 4.0.0. This enables API-led integration, which allows for the seamless creation and integration of services and API proxies.

Figure 1: Service Catalog

An API Developer can easily discover all available services and build a Managed API with a single click of a button using the Service Catalog function in WSO2 API Manager. A single service can be used to build multiple APIs, and the API Developer can opt to keep their APIs up to date with improvements to their underlying services. This entire functionality is made possible in-house, where you can simply use WSO2 API Manager and Micro Integrator to build your service and deploy it on the Service Catalog. After that, you can discover resources and build managed APIs, which can then be published on the API Marketplace.

API and API Product Revision Support

WSO2 APIM 4.0.0 includes a new function called API Revisioning, which allows an API developer to make improvements to an API and evaluate them without impacting existing API deployments. API Revision feature provides the ability to create a revision from the current API in which API runtime-related artifacts will be stored separately and then deploy that revision to a test environment and validate the changes before making them available for the API consumers. It also gives you the option of reverting the Current API to a previous stable Revision if the most recent updates to the API aren't working.

Figure 2: Representation of Revision

If an API developer made improvements to a publisher API in previous WSO2 API Manager versions, the changes were immediately mirrored in the runtime gateways. As a result, in a production environment, if the changes applied aren't thoroughly checked, serious problems can arise; however, with the implementation of the Revision feature, such issues can be easily mitigated.

Swagger/GraphqL to Postman Collection

Postman is the most popular testing tool for REST/HTTP APIs. Postman allows developers to create API test projects, called Postman collections. WSO2 API Manager provides a feature to export the Postman collection for deployed APIs.

Figure 3: Swagger/GraphqL to Postman Collection

Postman collections can be exported from the developer portal through the API try-out console, and the exported postman collections can be executed with the Postman tool, allowing users to quickly test APIs. This function is available for both REST and GraphqL APIs.

Support for Server-Sent Event Messaging Protocol in API Gateway

WSO2 APIM will allow you to link an API to a Server-Sent Event (SSE) backend and receive events from the backend. SSE is an HTTP-based protocol with lower latency (delivery latency) than standard HTTP since events are sent over an existing link rather than a new one, and the server will keep transmitting events over the same connection.

API developers can manage their Server-Sent Event backend for various aspects such as monetization, security, and access control using APIM's SSE support. Asynchronous requirements are followed by SSE APIs and vice versa. As a result, the developer can import a definition and publish an SSE API with ease.

WebSocket Support with Async APIs

WebSocket endpoints can now be exposed as managed Streaming APIs with WSO2 APIM 4.0.0. WebSockets allow continuous full-duplex transmission of events (messages) over a single channel. That is, either the WebSocket server or the WebSocket client or vice-versa. This is useful in use cases based on Event-driven architecture, such as chat rooms or stock market applications, where events are sent to be consumed asynchronously. WebSocket Streaming APIs make use of WSO2 APIM's existing capabilities, such as API lifecycle management, throttling, and analytics.

WebSocket Streaming API topics can help you manage backends with WebSocket channel multiplexing. A WebSocket API is a collection of related Topics, just like a REST API is a collection of related Resources. By applying different Scopes to different Topics, fine-grained authorization can be extended to WebSocket APIs. WebSocket APIs that are created within WSO2 APIM can be exported as AsyncAPI definitions, and existing AsyncAPI definitions can be imported to create WebSocket APIs.

Webhook Support For API Gateway

WSO2 API Manager 4.0.0 brings in the capability of exposing Webhooks as managed APIs. Webhooks is a method of pushing events of a web application or a website to registered callback URLs. WebHooks only allows one-way communication, from a caller web app to the registered web application. The client who intends to receive the events from the server/web app/publisher has to register its URL against the interesting events in the publisher. If a client is registered when an event occurs, the publisher will make an HTTP POST request to the registered URL as a notification. 

The API developer can expose Webhooks providers using API management capabilities such as monetization, monitoring, security, and access control with the Webhooks API support in the WSO2 API Manager. API users, on the other hand, can register for their preferred topics. Consumers will be notified (event notifications) via the registered callback URL.

Support Streaming APIs

With the Streaming APIs feature, the WSO2 API manager lets you expose event streams and topics as managed APIs via web-friendly protocols (WebSockets, SSE, and WebSub). Relevant topics and event streams can be grouped and managed as a Streaming API. The users can subscribe to topics in Streaming APIs and asynchronously receive a stream of events. Streaming APIs will support all the API management features available for REST APIs in the WSO2 API Manager. 

This feature enables organizations to effectively manage large-scale event-driven systems consisting of many topics and event streams by leveraging API management. WSO2 API Manager enforces security policies on client applications when subscribing to a topic of an API and applies rate limiting on the number of events (e.g., 5K events/hour) that a client application can receive. Analytics show stats about topic subscriptions and the traffic flow through different topics in different APIs. Websockets, Server-Sent Events, or WebSub can be chosen as the transport protocol for streaming APIs. Moreover, API developers can start creating a streaming API by importing an AsyncAPI 2.0 document, and or an API can be exported as an AsyncAPI 2.0 document.

Generating AsyncAPI spec for existing services

WSO2 Streaming Integrator’s streams can be exposed as managed streaming APIs in WSO2 APIM 4.0.0. To do so, the AsynchAPI specs should be generated and published in the service catalog in APIM. The Streaming Integrator’s Async API generation will generate the Streaming APIs spec as per the async API v2.0.0.

Via WSO2 Streaming Integrator Tooling, the Async API spec can be generated for SSE, WebSub, and Websockets. And the generated Async API will get added to the Siddhi Application itself as an annotation. Whenever the particular siddhi app gets exported to the Streaming Integrator Server, its deployer will upload the Async API Spec to APIM’s service catalog.

The following is a generated Asynchronous API spec for a WebSocket.

Figure 4: Swagger Definition

Which will be appended to the Siddhi Application as follows.

Figure 5: Appended Siddhi Application

This will allow users to manage the streaming APIs exposed in the Streaming Integrator.

Forgerock, Ping, and Auth0 Key Manager support

WSO2 API Manager provides functionality to configure different authorization servers as Key Managers. This brings the capability of supporting multiple Key Managers for a given API in a given tenant domain. 

WSO2 API Manager is shipped with out-of-the-box support for many third-party key manager connectors. For WSO2 API Manager 4.0.0, we have provided new connectors to configure with PingFederate, Auth0, and Forgerock key manager servers.

VHost Feature

WSO2 APIM 4.0.0 introduces a new capability that lets APIs be exposed using unique hostnames that correspond to a Gateway environment. Admin users can use the Admin Portal to handle Gateway environments by building, upgrading, and deleting them. Each Gateway environment will contain the details of each of the VHosts.

This facilitates API publishers to use the VHosts to group their APIs by selecting a virtual host when deploying an API to Gateway environment(s). In addition, application developers can access APIs by using defined access URLs of the virtual host.

Try it out today!

WSO2 API Manager 4.0 is available today as an open-source product released under the Apache License 2.0. The product is backed by WSO2 Subscription, which features access to WSO2 Update for continuous delivery of bug fixes, security updates, and performance enhancements, along with WSO2 Support for 24x7 support. Unified pricing means customers can simply buy a WSO2 Subscription and choose the hosting model— cloud, on-premises, or hybrid— based on their preferences. Details on WSO2 Subscription are available at https://wso2.com/subscription; information on WSO2 Consulting Services can be found at https://wso2.com/consulting.

Download the latest version of WSO2 API Manager and follow the official product documentation to get started. Additionally, you can find more resources on YouTube and Medium

If you want community guidance, head over to our slack channel. We have a global community ready to help.


About Author

  • Chamin Dias
  • Associate Lead - Marketing
  • WSO2