WSO2: Secure API Management through WSO2 API Manager

The explosion of mobile phones and social media channels is forcing varied organizations across the world to rethink their Application Programming Interface (API) business models. The traditional API models have issues with control access and enforcement of security. Strong identity verification by extensive use of the Public Key Infrastructures (PKI) as well as biometrics, equip the API infrastructure for advancement. While augmenting the pace of innovation, WSO2 addresses these challenges with its API management platform. WSO2’s API Manager follows a completely open source model of dealing with key issues and validation, analytics, and monitoring by focusing on reducing the implementation expense and time. “API Manager is one of the latest additions to the WSO2 product stack, which is a proven Service Oriented Architecture (SOA) platform,” notes Sanjiva Weerawarana, Ph. D, Founder, CEO and Chief Architect of WSO2.

WSO2 API Manager is designed for simple customization

The WSO2 API management platform delivers tools for development, as well as a scalable run-time environment connecting mobile application developers to APIs. Organizations use the API management platform to increase developer engagement, protect back-end systems, manage service levels, and grow partnerships. The API Manager also enables developers to rapidly find, subscribe, and evaluate the APIs. The development tools are completely customized, feature self-service subscription providing secure, authenticated, authorized, and protected APIs. “Integration, security, application deployment, business activity monitoring, and load balancing are the main aspects of a WSO2 SOA solution,” says Weerawarana. API Manager Gateway routs the traffic to backend services enabling security, protection, management, and scaling. Authentication and authorization is brought about by the Key Manager which is responsible for generating and managing keys and tokens. The Publisher provides a user interface for API creators, and through the API Store, customers can increase service reuse and enhance IT business value.
Sanjiva Weerawarana, Ph. D Founder, CEO & Chief Architect
Continuing in the same thread, Clustering Key Components and Application Hosting are the chief differentiators of WSO2. Designed to implement and support industry best practices for integration, SOA, API management, enterprise governance, and cloud deployments, WSO2 API management platform enables rapid development, increases business value, and delivers a faster Return on Investment (ROI). “It is also recommended to run cluster instances in separate machines. This ensures that a failure in one machine will not result in complete unavailability of service across that particular node,” says Weerawarana.

Further, highlighting a case study, O2—a leading mobile telecommunications service provider—wanted to address technological demands in the areas of API functionality and security. To authenticate and secure customer data in O2’s backend systems, WSO2 and O2 partnered to introduce a self-care mobile application. “Today, RESTful APIs, customer identification and service verification of the mobile app are managed by the WSO2 API Manager,” says Weerawarana.

The future needs of API management is an ongoing commitment with WSO2, enabling it to effectively address the unique needs of the vibrant market. Down the road, WSO2 plans to support issue reporting and notifications, provide additional workflow extensions, integration with third party repositories, and support in-bound and outbound security tokens. “The WSO2 API Manager is designed for simple customization. We will be further enhancing its features, making it easy to integrate with the existing infrastructure,” concludes Weerawarana.


Mountain View, CA

Sanjiva Weerawarana, Ph. D Founder, CEO & Chief Architect

Provides lean, open-source API Platform to effectively reduce time and efforts with a faster ROI