The WSO2 API Manager 2.0.0-RC4 Released!

The WSO2 API Manager 2.0.0-RC4 Released!

The WSO2 API Manager team is pleased to announce the release of version 2.0.0 of the Open Source API Manager.

WSO2 API Manager is a platform for creating, managing, consuming and monitoring APIs. It employs proven SOA best practices to solve a wide range of API management challenges such as API provisioning, API governance, API security and API monitoring. It combines some of the most powerful and mature components of the WSO2's state-of-the-art Carbon platform to deliver a smooth and end-to-end API management experience while catering to both API publisher and API consumer requirements.

WSO2 API Manager is comprised of several modules.

• API Provider: Define new APIs and manage them
• API Store: Browse published APIs and subscribe to them
• API Gateway: The underlying API runtime based on WSO2 ESB
• API Key Manager: Performs Key Generation and Key Validation functionalities
• API Traffic Manager: Performs Rate Limiting of API Requests

WSO2 API Manager is developed on top of the revolutionary WSO2 Carbon platform (Middleware a' la carte), an OSGi based framework that provides seamless modularity to your SOA via componentization. This release also contains many new features and a range of optional components (add-ons) that can be installed to customize the behavior of the API Manager. Further, any existing features of the product which are not required in your environment can be easily removed using the underlying provisioning framework of Carbon. In brief, WSO2 API Manager can be fully customized and tailored to meet your exact API management needs.

For more information on WSO2 API Manager please visit http://wso2.com/products/api-manager. Also take a look at the online product documentation.

How to Run

1. Extract the downloaded zip
2. Go to the bin directory in the extracted folder
3. Run the wso2server.sh or wso2server.bat as appropriate
4. Launch a web browser and navigate to https://localhost:9443/publisher to access the API provider webapp
5. Navigate to https://localhost:9443/store to access the API store
6. Navigate to https://localhost:9443/admin to access Admin Portal
7. Use "admin", "admin" as the username and password to login as an admin

New Features in 2.0.0

• [APIMANAGER-3314] - Alert configurations in AM using CEP
• [APIMANAGER-4605] - Notify subscribers of new API Versions
• [APIMANAGER-4606] - API Manager latency Breakdown Graph On API
• [APIMANAGER-4629] - Use the WSO2 Bootstrap theme for the Publisher and Store
• [APIMANAGER-4660] - Advanced Throttling Implementation based on CEP
• [APIMANAGER-5112] - New REST API for Admin-Dashboard Related functionality including new Throttling Implementation
• [APIMANAGER-5113] - New operations for Publisher CXF REST API related to thumbnails and sequences
• [APIMANAGER-5260] - Real Time Analytics (Alerts) on API Manager
• [APIMANAGER-5261] - Geo Location Indicator of API caller
• [APIMANAGER-5262] - User Agent based Analytics on API Manager

Improvements in 2.0.0

• [APIMANAGER-643] - Versions tab of the publisher API view need to provide means of creating a new version then and there.
• [APIMANAGER-859] - Implement Rate Limiting Policies
• [APIMANAGER-931] - Improve fileUpload UI for API Documentations
• [APIMANAGER-948] - For IP based throttling we should first look at x- forward for header and use it as client IP
• [APIMANAGER-3846] - Improvement in endpoint listing
• [APIMANAGER-3965] - Per API CORS Configuration
• [APIMANAGER-4383] - Change the error message into a meaningful one that get after exceeding the hard throttling limit in APIM logs.
• [APIMANAGER-4413] - Include different error codes when throttling out in different throttling levels
• [APIMANAGER-4475] - API authentication error response should bear the message type provided the Accept header of the request
• [APIMANAGER-4476] - Need an automation test for testing the Default Endpoint feature
• [APIMANAGER-4488] - Performance issue when updating an application
• [APIMANAGER-4492] - More log information about APISecurityException
• [APIMANAGER-4527] - Upgrade Swagger Editor and UI
• [APIMANAGER-4531] - Prevent the Signature Verification Error log for tenants
• [APIMANAGER-4555] - WSO2 Product APIM builds unstable
• [APIMANAGER-4592] - Make KeyValidation Client pool configurable
• [APIMANAGER-4595] - Message type of "invalid token" error message should change based on the Content-Type Header
• [APIMANAGER-4600] - Provide a configuration to allow for disabling the Forum in the API Store UI
• [APIMANAGER-4612] - Make APIPublisher and Store apps section 508 Compliance
• [APIMANAGER-4619] - Administrators should have the ability to moderate inappropriate comments in APIS in Store
• [APIMANAGER-4644] - Performance optimization - Close database resources before generating JWT
• [APIMANAGER-4659] - Adding new Statistics graphs for the APIM publisher
• [APIMANAGER-4680] - [admin-dashboard]Edit and Delete options are not visible as links in admin-dashboard
• [APIMANAGER-4689] - No error message when import an invalid API Definition
• [APIMANAGER-4708] - Update the info message for a successful subscription
• [APIMANAGER-4719] - Error message doesn't convey it's purpose in API Versioning
• [APIMANAGER-4736] - Include Add API Resource Level Policy and Edit API Resource Level Policy as heading when adding and editing an API resource level tier
• [APIMANAGER-4740] - Remove Exception thrown when subscribing to blocked subscription
• [APIMANAGER-4755] - Add lifecycle state transition visaulization view
• [APIMANAGER-4760] - Improve a tooltip or a help when blocking an API entity in dashboard, to mention the context.
• [APIMANAGER-4762] - Inverter option (switching off the policy) in "Blocking entities" in admin dashboard does not have any label to identify
• [APIMANAGER-4775] - Adding Custom CK/CS providing feature of Key Generation to the APIM documentation
• [APIMANAGER-4793] - users when rejecting a task should be able to add comments
• [APIMANAGER-4797] - the status of an application is shown as ACTIVE with 1 subscription even after a subscription was rejected
• [APIMANAGER-4798] - No horizontal scrolling for Design API page
• [APIMANAGER-4802] - Support for WSDLs with WSDL/XSD imports with relative paths when creating an API using the WSDL
• [APIMANAGER-4808] - Give a proper message when you try to save a API resource level tier without a tier name
• [APIMANAGER-4822] - Subscription policy selection not clear
• [APIMANAGER-4823] - No indication of API saving
• [APIMANAGER-4848] - system should support sending specific alerts to specific emails
• [APIMANAGER-4852] - system should allow to delete alerts that are shown on admin dashboard
• [APIMANAGER-4854] - Add wsdl support for WSO2 API Manager rest APIs.
• [APIMANAGER-4867] - need more detailed information for health of an API
• [APIMANAGER-4870] - Tier limit hitting alert behavior is not clear
• [APIMANAGER-4890] - Supporting concatenate search in API Store and Publisher
• [APIMANAGER-4907] - User should be logged out when the password has been changed in Store
• [APIMANAGER-4914] - Include a tip when adding blocking entity for tenant API context.
• [APIMANAGER-4948] - Hide Advance Level Throttling Header Configurations when the parameters are disabled.
• [APIMANAGER-5019] - Add audit logs for the important activities
• [APIMANAGER-5025] - better to support the blocking of a IP address range
• [APIMANAGER-5057] - Unable to configure endpoint secure scheme while adding API through the REST API
• [APIMANAGER-5084] - APIM 1.10 Publisher: forward slash in API version will break the platform
• [APIMANAGER-5101] - Nice to have a frame which supports zoom in zoom out for graphs
• [APIMANAGER-5103] - X axis range should be consistent according to the selected time picker
• [APIMANAGER-5218] - Add test case to validate JWT signature
• [APIMANAGER-5236] - Ability to create an API on behalf of other user using REST API Publisher

Resolved Issues

• WSO2 API Manager 2.0.0 resolved issues

Key Features of WSO2 API Manager

Following is a categorization of the core features supported by WSO2 API Manager based on the target user group.

• Create a Store of all Available APIs:
  • Graphical experience similar to Android Marketplace or Apple App Store.
  • Browse APIs by provider, tags or name.
  • Self-registration to developer community to subscribe to APIs.
  • Subscribe to APIs and manage subscriptions on per-application basis.
  • Subscriptions can be at different service tiers based on expected usage levels.
  • Role based access to API Store; manage public and private APIs.
  • Manage subscriptions at a per-developer level.
  • Browse API documentation, download helpers for easy consumption.
  • Comment on and rate APIs.
  • Forum for discussing API usage issues (Available soon in future version).
  • Try APIs directly on the store front.
  • Internationalization (i18n) support.
• Publishing and Governing API Use:
  • Publish APIs to external consumers and partners, as well as internal users.
  • Supports publishing multiple protocols including SOAP, REST, JSON and XML style services as APIs.
  • Manage API versions and deployment status by version.
  • Govern the API lifecycle (publish, deprecate, retire).
  • Attach documentation (files, external URLs) to APIs.
  • Apply Security policies to APIs (authentication, authorization).
  • Associate API available to system defined service tiers.
  • Provision and Manage API keys.
  • Track consumers per API.
  • One-click deployment to API Gateway for immediate publishing.
• Route API Traffic:
  • Supports API authentication with OAuth2.
  • Extremely high performance pass-through message routing with sub-millisecond latency.
  • Enforce rate limiting and throttling policies for APIs by consumer.
  • Horizontally scalable with easy deployment into cluster using proven routing infrastructure.
  • Scales to millions of developers/users.
  • Capture all statistics and push to pluggable analytics system.
  • Configure API routing policies with capabilities of WSO2 Enterprise Service Bus.
  • Powered by WSO2 Enterprise Service Bus.
• Manage Developer Community:
  • Self-sign up for API consumption.
  • Manage user account including password reset.
  • Developer interaction with APIs via comments and ratings.
  • Support for developer communication via forums (Available soon in future version).
  • Powered by WSO2 Identity Server.
• Govern Complete API Lifecycle:
  • Manage API lifecycle from cradle to grave: create, publish, block, deprecate and retire.
  • Publish both production and sandbox keys for APIs to enable easy developer testing.
  • Publish APIs to partner networks such as ProgrammableWeb (Available soon in future version).
  • Powered by WSO2 Governance Registry.
• Monitor API Usage and Performance:
  • All API usage published to pluggable analytics framework.
  • Out of the box support for WSO2 Business Activity Monitor and Google Analytics.
  • View metrics by user, API and more.
  • Customized reporting via plugging reporting engines.
  • Monitor SLA compliance.
  • Powered by WSO2 Business Activity Monitor.
• Pluggable, Extensible and Themeable:
  • All components are highly customizable thru styling, theming and open source code.
  • Storefront implemented with Jaggery (jaggeryjs.org) for easy customization.
  • Pluggable to third party analytics systems and billing systems (Available soon in future version).
  • Pluggable to existing user stores including via JDBC and LDAP.
  • Components usable separately - storefront can be used to front APIs gatewayed via third party gateways such as Intel Expressway Service Gateway.
  • Support for Single Sign On (SSO) using SAML 2.0 for easy integration with existing web apps
• Easily Deployable in Enterprise Setting:
  • Role based access control for managing users and their authorization levels.
  • Store front can be deployed in DMZ for external access with Publisher inside the firewall for private control.
  • Different user stores for developer focused store-front and internal operations in publisher.
  • Integrates with enterprise identity systems including LDAP and Microsoft Active Directory.
  • Gateway can be deployed in DMZ with controlled access to WSO2 Identity Server (for authentication/authorization) and governance database behind firewall.
• Support for creating multi-tenanted APIs
  • Run a single instance and provide API Management to multiple customers
  • Share APIs between different departments in a large enterprise
• Publishing and Governing API Use
  • Document an API using Swagger
  • Restrict API Access tokens to domains/IPs
  • Ability to block a subscription and restricting a complete application
  • Ability to revoke access tokens
  • Separate validity period configuration for Application Access Token
  • OAuth2 Authorization Code Grant Type Support
  • Configuring execution point of mediation extensions
• Monitor API Usage and Performance
  • Improved dashboard for monitoring usage statistics (Filtering data for a date range, More visually appealing widgets)

Known Issues

All the open issues pertaining to WSO2 API Manager are reported at the following location:

• Known Issues

How You Can Contribute

Mailing Lists

Join our mailing list and correspond with the developers directly.

• Developer List : dev@wso2.org | Subscribe | Mail Archive
• User List : user@wso2.org | Subscribe | Mail Archive

Reporting Issues

We encourage you to report issues, documentation faults and feature requests regarding WSO2 API Manager through the public API Manager JIRA. You can use the Carbon JIRA to report any issues related to the Carbon base framework or associated Carbon components.

Support

We are committed to ensuring that your enterprise middleware deployment is completely supported from evaluation to production. Our unique approach ensures that all support leverages our open development methodology and is provided by the very same engineers who build the technology.

For more details and to take advantage of this unique opportunity please visit http://wso2.com/support.

To learn more about WSO2 API Manager and WSO2 support offerings please visit http://wso2.com/products/api-manager.

-- The WSO2 API Manager Team --