Open up your business to the world
Like any other WSO2 product, the WSO2 API Manager is an open source solution, giving you all the freedom you need to change direction and scope. At the same time, the product fully supports you in API publishing, lifecycle management, application development, access control, rate limiting, monetization, and analytics. The WSO2 API Manager is the home of security and governance components, protecting your people, data and systems. And there you have it: ultimate freedom combined with endless possibilities.
Get things done with the WSO2 API Manager
Get yourself a dynamic and digital infrastructure
Build new applications at high speed and increase agility
Donāt throw out your legacy systems but increase their value
Create a user experience thatās out of this world
Base your decisions on data instead of assumptions
Protect your company against security breaches
Design and Prototype APIs
- Design APIs and gather developers’ feedback before implementing (API First Design). Design can be done from the publishing interface or via importing an existing Swagger 2.0 / 3.0 definition
- Deploy a prototyped API, provide early access to APIs, and get early feedback
- Fast Track Design with optional configuration capabilities
- Mock API implementation using JavaScript
- Supports publishing SOAP, REST, JSON, Websockets, GraphQL, and XML style services as APIs
- Pre-loaded sample APIs for a hassle-free first experience
Publish APIs and Govern API usage
- Ability to publish APIs to a selected set of gateways in a multi-gateway environment
- Support enforcement of corporate policies for actions like API subscriptions, application creation, etc. via customizable workflows
- Manage API visibility and restrict access to specific partners or customers
- Manage API lifecycle from cradle to grave: create, publish, block, deprecate, and retire
- Support for API Products
- Publish both production and sandbox keys for APIs to enable easy developer testing
- Manage API versions and deployment status by version
- One-click deployment to API gateway for immediate publishing
- Customize the API lifecycle, including executing custom behavior on lifecycle transitions
Control Access and Enforce Security
- Restrict API access tokens to domains/IPs
- Validate APIs payload contents against a schema
- Apply security policies to APIs (authentication, authorization)
- Rely on OAuth2 standard for API access (implicit, authorization code, client, SAML, IWA Grant Type)
- Support for JWT authorization token for API access
- Plug third-party key servers in lieu of the default one, for application registration, Oauth2 token generation & validation
- Block a subscription and restrict a complete application
- Associate API to system-defined service tiers
- Generate JSON web tokens for consumption by back-end servers
- Leverage XACML for entitlements management and fine-grain authorization
- Configure Single Sign-On (SSO) using SAML 2.0 for easy integration with existing web apps
- Threat protection, bot detection and token-fraud detection
Developer Portal
- Graphical experience similar to popular applications stores
- Browse and search APIs by provider, tags, or name
- Provision API keys
- Subscribe to APIs and manage subscriptions on per-application basis
- Subscriptions can be at different service tiers based on expected usage levels
- Interactive API Test console
- Internationalization support
- Notifications enabled for new versions of subscribed APIs
- Common view of the store for users registered under the same organization
- Set of APIs to manage the Devportal programmatically
Manage Developer Community
- Self-registration for developer community to subscribe to APIs
- Developer interaction with APIs via forums, comments, and ratings
- View API consumer analytics
- Tools for API product managers to proactively manage API subscriptions
- Tooling to develop services, features and artifacts and manage their links and dependencies through a simplified graphical editor
Manage and Scale API Traffic
- API gateway can act as SSL termination point
- Separate production and sandbox traffic on different API gateways
- Supports protocol transformation, data transformation, and API composition
- Maps between HTTP(s) and other protocols, such as JMS or writing to file systems
- Traffic Manager enforces rate limiting and dynamic throttling based on usage quotas and bandwidth quotas
- Protect API backends with hard limit throttling
- Horizontally scalable with easy deployment into cluster using proven routing infrastructure
- Extremely high performance pass-through message routing with minimal latency
- Supports up to 1300 TPS on a single node
Monitor and Monetize
- API usage published to pluggable analytics framework (requests, responses, faults, throttling, subscriptions, self-sign ups to name a few)
- Out-of-the-box support for WSO2 Analytics for API Manager and Google Analytics
- Provides statistical graphs such as API latency and API usage comparison that help monitor API and application performance
- Ability to analyze logs pertaining to application errors, API deployment stats, login errors, number of API failures, access token errors
- Live log viewer
- Track consumer analytics per API, per API version, per tiers, and per consumer
- Configurable payment schemes to monetize API usage
- Monitor SLA compliance
- Publish your own events and create your own dashboards
Pluggable, extensible and themeable
- All components are highly customizable through styling, theming, and code extensions
- Developer portal is implemented with JavaScript/CSS/HTML5 for easy customization and theming
- Responsive design for Developer portal
- All publishing/portal functionality is exposed via a REST API, which allows to create your own portal or automate API deployment through DevOps
- Pluggable to third-party analytics systems and billing systems
- Pluggable to existing user repositories including Microsoft Active Directory, LDAP, databases, or Apache Cassandra
- Components usable separately: developer portal can be used to catalog APIs deployed in third-party gateways
Easily deployable in your enterprise
- Role-based access control for managing users and their authorization levels
- Developer portal can be deployed in DMZ for external access with publisher inside the firewall for private control
- Different user stores for developer-focused portal and internal operations in publisher
- Integrates with enterprise identity systems including LDAP and Microsoft Active Directory
- Gateway can be deployed in DMZ with controlled access to WSO2 Identity Server (for authentication/authorization) and governance database behind firewall
Summary
The WSO2 API Manager is an all-in-one solution that helps you:
- Design, compose and publish your APIs through the API publisher
- Share your APIs with customers and partners in the API store
- Create a proxy for your backend services and controls functions such as security and analytics
- Speed up the response time to service API calls
- Monitor the way your APIs are used at operation and business levels and monitor system behavior
- Allow your APIs to be used by different applications in the safest way possible
- Motivate API developers by proving tools, documentation and incentives such as monetization
Get started with WSO2 API Manager
Open up your business to the world with the open source API Management solution by WSO2. Reach out today to learn how WSO2 API Manager expands your possibilities.