New features from WSO2 API Manager
|Brittany Hainzinger in API Friday, April 10, 2020|
Open source company, WSO2, announced the latest version of the WSO2 API Manager. This release builds WSO2 API Manager’s capabilities for delivering a seamless, end-to-end API management experience while addressing all the requirements of API creators, product managers, and consumers.
APIs are the core building blocks of digital businesses—assembling data, events and services from within the organization, throughout ecosystems, and across devices. This is driving demands to maximize adoption and reuse across internal and external portals and API marketplaces; ensure API security; and support modern architectures, including containers, microservices, and serverless computing. WSO2 has added significant new functionality to support these enterprises with the newest release of WSO2 API Manager, the only complete open source platform for creating, managing, consuming, and monitoring APIs and API products.
The latest release builds WSO2 API Manager’s capabilities for delivering a seamless, end-to-end API management experience while addressing all the requirements of API creators, product managers, and consumers. Available today, it includes:
- The newest release of WSO2 API Microgateway, the cloud-native, lightweight, developer-centric, decentralized API gateway for microservices
- Enhanced native Kubernetes API Operator with support for microgateways and microservices via Swagger
- Amazon Web Services (AWS) Lambda support to facilitate API use for serverless apps
- New API Security Audit Integration feature developed in partnership with 42Crunch to help eliminate security loopholes in APIs
- Enhanced support for API authentication using JSON Web Tokens
- New API Store recommendation feature powered by artificial intelligence (AI) to help developers select the APIs best suited for their needs
- New API Categories feature in the API Store that makes it easier to discover APIs and subscribe to them
- New API mocking feature that lets API developers offer a real experience to API testers
“APIs are at the heart of the modern, cloud-native applications and services that are powering today’s digital businesses,” said Paul Fremantle, WSO2 CTO and co-founder. “The latest release of our open source WSO2 API Manager for full lifecycle API management builds on the proven technology that already powers billions of API calls daily to support these demands. Not only have we extended support for microservices and DevOps-driven cloud environments; we’ve also enriched API security and made it easier than ever for developers to find, try out, and use APIs.”
New WSO2 API Microgateway Release
WSO2 API Microgateway is the cloud-native, lightweight, developer-centric, decentralized API gateway for microservices that complements and is integrated with WSO2 API Manager. Using WSO2 API Microgateway, developers can compose microservices and expose them as APIs that operate in a range of deployments—booting them up in less than a second. Typical deployments include Kubernetes clusters, containerized deployments, container management systems, service meshes, legacy deployments, and hybrid environments, among others.
The newest release of WSO2 API Microgateway adds support for gRPC, the open source remote procedure call system widely used for microservices and mobile apps. Through support for gRPC APIs, WSO2 API Microgateway helps users to expose managed gRPC endpoints. Other new capabilities include:
● The option to choose between Java and Ballerina, the open source language and platform that brings networking into the language
● Observability to improve the microgateway’s message tracing capabilities
● Increased security through API key-based authentication, combined authentication schemas, and multiple Java Web Token (JWT) issuer support
Extended Support for Microservices and Serverless Architectures
The newest release of WSO2 API Manager extends support for widely adopted architectures for modern applications, including serverless computing, containers, and microservices.
AWS Lambda Integration. Increasingly enterprises are building applications designed to run on the AWS Lambda event-driven serverless computing platform in order to cut the time and cost of deploying apps and increase the scalability of backend services. The new AWS Lambda integration in WSO2 API Manager enables developers to use AWS Lambda functions through a variety of services using APIs. WSO2 API Manager facilitates the invocation of AWS Lambda functions using either stored AWS credentials or identity and access management (IAM) role-supplied temporary AWS credentials.
Kubernetes API Operator. Kubernetes is effectively the de facto cloud orchestration platform for DevOps-driven environments. In 2019, WSO2 API Manager became the first full lifecycle API management platform to natively support Kubernetes through a Kubernetes API Operator. By making the management and configuration of APIs a core part of the Kubernetes platform, the Kubernetes API Operator enables higher productivity for developers, DevOps, and cloud administrators when building, deploying, and managing APIs.
The newest Kubernetes API Operator release supports multiple Docker registries, such as Docker Hub, Amazon Elastic Container Registry (ECR), Google Container Registry, Quay.io, and HTTP(S) Docker registries. It also provides the ability to expose multiple Swagger definitions as an API, and it gives a Swagger definition to Kubernetes that makes it easy to deploy a microgateway for microservices within minutes. Additionally, the new Kubernetes API Operator version enables developers to:
- Deploy and manage serverless (KNative) applications.
- Apply API management to microservices deployed in an Istio service mesh.
- Use Java interceptors for mediations when exposing APIs.
- Expose APIs via the Ingress controller to have a single point for API invocations.
Expanded API Security
WSO2 has put a priority on addressing the rapidly evolving security attacks on APIs by expanding on the robust policy-based controls for authentication and authorization in WSO2 API Manager. In 2019, enhancements included an open source extension that enables enterprises to take advantage of the artificial intelligence (AI) powered API cybersecurity of PingIntelligence for APIs, JWT authentication support, bot detection, and an API Schema Validator. The newest release of WSO2 API Manager adds a new API Security Audit Integration feature and enhances JWT authentication support.
API Security Audit Integration. In partnership with 42Crunch, WSO2 has developed an open source extension that integrates 42Crunch API Security Audit with WSO2 API Manager. Through the extension, enterprises can use API Security Audit to assign a score to an API based on the Swagger definition of the API. The resulting audit report takes into account OpenAPI format requirements, security, and data validation when scoring an API and presents the impact for each of these three areas.
Using the report, API developers can identify and eliminate any existing security loopholes in a given API—tracking exactly where an issue is and taking corrective actions. API Security Audit also points to an encyclopedia that contains additional details on what the vulnerability is, how it can be exploited, and how it can be fixed. Once developers identify the fix, they can use the built-in Swagger Editor in WSO2 API Manager to edit the API definition and then re-check the score using API Security Audit.
JWT Authentication Support. Support for JSON Web Tokens in WSO2 API Manager means that when APIs are secured using the OAuth 2.0 authorization protocol, JWTs issued for users from the API Manager security token service (STS) can be used to invoke APIs. This greatly simplifies the ability to perform true hybrid and distributed deployments of API gateways, significantly increases API gateway scalability, and reduces operational costs. Enhancements in the newest release of WSO2 API Manager:
- Separate the backend JWT from the client JWT to ensure that user information is not sent without consent.
- Let developers incorporate user claims into a JWT generated at the backend and handle user-related decisions in the API.
- Support multiple token issuers, so users can bring their own JWTs and verify them in the API gateway.
Enhanced Developer Experience
As APIs have become central to modern application development, WSO2 has invested in introducing innovations to WSO2 API Manager that optimize the productivity of software developers. In the latest release, this includes an API Store recommendation system, API categories, and API mocking.
API Store Recommendation System. Traditionally, developers have conducted standard API searches in the API Store in WSO2 API Manager to see a list of applicable APIs. Now, powered by AI, the API Store can recommend APIs to subscribers by analyzing the behavior of a developer and the application being developed. This helps subscribers to discover more useful APIs with less effort.
API Categories. API providers can now categorize their APIs easily with this feature. The API Store (i.e. developer portal) will display the APIs under their respective categories, making it easier to discover these APIs and subscribe to them. API providers no longer are required to remember any tag-wise group naming conventions; instead they can simply select the applicable category for an API and save it. If there is no suitable category, API providers can request that the administrator add one.
API Mocking. The new API mocking feature builds on the existing API prototyping functionality in WSO2 API Manager, which lets developers try out APIs easily without a subscription. Using the new API mocking feature, developers can easily include different mock payloads in order to offer a real experience to API testers. The inline script for payload generation will be generated automatically for each response code and payload type based on the example values or response schemas defined in the API definition.