API Manager 3 from WSO2 released
|Richard Harris in API Monday, November 18, 2019|
WSO2 has announced how it's addressing API management demands with significant new features in WSO2 API Manager 3.0.
APIs are the essential building blocks of digital businesses—assembling data, events and services from within the organization, throughout ecosystems, and across devices. This is driving new demands for organizations to create and monetize APIs and API products; maximize adoption and reuse across internal and external portals and API marketplaces; and ensure API security. WSO2 has added significant new functionality to support these enterprises with the availability of WSO2 API Manager 3.0, the only complete open-source platform for creating, managing, consuming, and monitoring APIs and API products.
WSO2 has been recognized by Forrester Research, Inc. as a Leader in The Forrester WaveTM: API Management Solutions, Q4 2018 report1. In its evaluation of WSO2 API Manager, the report1 states, “As the only fully open source solution in our Forrester Wave analysis, WSO2 provides good breadth across all evaluation criteria. Particular strengths include formal life-cycle management and non-REST APIs, both of which facilitate mature and disciplined enterprise API strategies.”
Version 3.0 builds on WSO2 API Manager’s capabilities for delivering a seamless, end-to-end API management experience while addressing all the requirements of API creators, product managers, and consumers. New functionality includes:
API product creation with functionality for API product managers to combine related APIs into a single, monetizable product Redesigned API designer and developer portals that offer responsive user interfaces (UIs) and are easier to customize using the single-page application model and React.js library
The first full lifecycle API management solution to offer a native Kubernetes operator to simplify API management and configuration in a cloud-native environment
- Support for GraphQL APIs for building high-performance, data-rich APIs
- Out-of-the-box API monetization via the Stripe billing engine, plus support for plugging in other billing implementations
- Ready-built pipelines for continuous integration and continuous deployment (CI/CD) based on Kubernetes and Jenkins to shorten delivery times
- Integration with the Istio service mesh to bring API management capabilities to microservices
- Expanded security through JSON Web Token (JWT) authentication support, bot detection, and API schema validation
“APIs are the digital products of the 21st Century. As a result, organizations need greater flexibility to create, bundle, re-bundle, sell, and resell APIs—while ensuring their security and integrity,” said Paul Fremantle, WSO2 CTO and co-founder. “WSO2 API Manager is the most successful open-source, full lifecycle API management solution. Version 3.0 builds on the proven technology that already powers billions of API calls daily. Not only have we significantly improved the ability to create and monetize API products; we’ve added many technical enhancements to ensure WSO2 API Manager works effectively in a DevOps-driven cloud environment.”
Monetizing and Productizing APIs
The Forrester WaveTM: API Management Solutions, Q4 2018 report1 observes that, “Whatever the API use case, API providers can borrow from product management ideas and disciplines and manage their APIs as products—whether or not they intend to directly bring in revenue by charging for API use. API management products provide one or more tools to define available APIs, set policies and limits for their use, analyze how developers use APIs, configure pricing and billing models and other usage parameters, and communicate and collaborate with API user and API creator communities.”
WSO2 API Manager 3.0 adds capabilities that empower enterprises to embrace product management disciplines by making it easier to monetize APIs and create API products.
- API Product Creation. WSO2 API Manager 3.0 enables API product managers to create new digital products by integrating multiple APIs into a single API product with well-defined subscription levels and monetization plans. This enables true API product management, enabling enterprises to create and manage new business models while simplifying the subscription process for application developers.
- API Monetization. With Version 3.0, API monetization is now available out-of-the-box using Stripe as the default billing engine. Additionally, organizations can easily plug in other third-party billing engines based on their requirements and preferences. As a result, publishers can implement billing plans that align with their business models, maximize revenues, and attract API subscribers by offering a range of options.
Enhanced Developer Experience
As APIs have become central to modern application development, WSO2 has invested in introducing innovations to WSO2 API Manager that optimize the productivity of software developers. In Q3 2019, WSO2 launched WSO2 API Microgateway 3.0—part of the WSO2 API Manager platform—to simplify the process of creating, deploying, and securing APIs within distributed microservices architectures. Using an architecture based on the open source Ballerina language, it provides a cloud-native, lightweight, developer-centric, decentralized API gateway for microservices.
Version 3.0 of WSO2 API Manager offers new and enhanced capabilities to further support the efforts of developers, as well as API publishers and API consumers.
Kubernetes Operator. Kubernetes is rapidly becoming the de facto cloud orchestration platform standard. WSO2 API Manager 3.0 is the first full lifecycle API management platform to natively support Kubernetes through a Kubernetes Operator. This means that managing and configuring APIs becomes a core part of the Kubernetes platform, closely integrating with existing management tools. The result is higher productivity for developers, DevOps, and cloud administrators when building, deploying, and managing APIs.
CI/CD Pipeline. The ability to deploy APIs and API products into an API portal and API gateway is becoming a key requirement for agile development. WSO2 API Manager 3.0 addresses this demand with a pre-defined CI/CD pipeline. This enables teams to significantly reduce the time it takes to deliver an API to customers and partners, while ensuring increased testing and quality assurance. WSO2 API Manager also works seamlessly with teams’ existing CI/CD pipelines to create a complete end-to-end CI/CD approach.
Integration with Istio. A microservices architecture (MSA) enables developers to be more agile and innovate faster. Istio is the industry’s most popular service mesh, providing a uniform way to secure, connect, and monitor the microservices in this disaggregated architecture. Now WSO2 API Manager integration with Istio brings full lifecycle API management capabilities to microservices while Istio serves as the control point—without the need for a separate microgateway.
Redesigned User Interfaces. React.js is one of the most used UI libraries for developing eye-catching, responsive user interfaces. WSO2 API Manager 3.0 features completely redesigned UIs for the API designer and developer portals based on React.js, making it simpler and more effective to customize the portals and create an effective API catalogue.
GraphQL Services as APIs. The GraphQL query language simplifies and optimizes the creation of data-rich APIs. Using the Schema Definition Language (SDL), it becomes a simple process to define and manage GraphQL-based APIs. This offers a simple, standard alternative to traditional REST APIs and is particularly effective for mobile applications as it can dramatically reduce the number of API calls required to implement a business operation.
Expanded API Security. The proliferation of APIs driven by digital initiatives is viewed as a virtual goldmine by hackers. WSO2 has put a priority on addressing the rapidly evolving security attacks on APIs by expanding on the robust policy-based controls for authentication and authorization in WSO2 API Manager. In Q2 2019, WSO2 delivered an open source extension to WSO2 API Manager that enables enterprises to take advantage of the artificial intelligence (AI) powered API cybersecurity of PingIntelligence for APIs. Version 3.0 further advances security in WSO2 API Manager through three new capabilities.
JWT Authentication Support. JSON Web Tokens are widely used to share user details between services. JWT authentication support in WSO2 API Manager 3.0 means that when APIs are secured using the OAuth 2.0 authorization protocol, JWTs issued for users from the API Manager security token service (STS) can be used to invoke APIs. This greatly simplifies the ability to perform true hybrid and distributed deployments of API gateways, significantly increases the scalability factor of API gateways, and reduces operational costs.
Bot Detection. WSO2 API Manager 3.0 provides out-of-the-box functionality to easily trace back problematic API calls, detect suspicious behaviors—such as context scanning and internal scanning—and then notify administrators. This makes it possible to identify potential threats from bots and other attackers and take preventative measures as required.
API Schema Validator. Validating requests and responses against predefined schemas is one of the most common requirements faced by developers. The API Schema Validator in WSO2 API Manager 3.0 lets developers use their own Open API definitions and enforce their request/response validations without additional work.