API Manager Documentation 3.2.0
Admin APIs v0.17
This is the 3.2.0 documentation of the WSO2 API Manager! Please refer the
latest released documentation
.
3.2.0
Show all
Initializing the Documentation Search ...
Get Started
Learn
Develop
Install and Setup
Administer
Reference
Troubleshooting
Report Issues
WSO2 API Manager Documentation 3.2.0
wso2/docs-apim
Welcome to WSO2 API Manager Documentation
Get Started
Get Started
Overview
Basic Architecture
Key Concepts
Quick Start Guide
About this Release
Learn
Learn
Design APIs
Design APIs
Create APIs
Create APIs
Create a New API
Create a New API
Create a REST API
Create a REST API from an OpenAPI Definition
Create a GraphQL API
Create a WebSocket API
Expose a SOAP Service as a REST API
Generate REST API from SOAP Backend
Test a REST API
Adding Custom Properties to APIs
Change the Thumbnail of an API
Publish APIs
Publish APIs
Publish an API
Publish through Multiple API Gateways
Publish an API to a Cloud Cluster in PrivateJet Mode
Publish to Multiple External API Developer Portals
Prototype APIs
Prototype APIs
Create a Prototype API with an Inline Script
Deploy and Test Prototype APIs
Create API Product
Create API Product
API Product Overview
Create an API Product
Endpoints
Endpoints
Endpoint Types
Security
Security
Secure Endpoint with Basic Auth
Secure Endpoint with Digest Auth
Secure Endpoint with OAuth 2.0
High Availability for Endpoints
Resiliency
Resiliency
Endpoint Timeouts
Endpoint Suspension
Prevent API Suspension
Manage Certificates
Lifecycle Managament
Lifecycle Managament
API Lifecycle
Customize API Life Cycle
Extending the API Life Cycle
API Versioning
API Versioning
Create a New API Version
Deprecate the Old Version
Backward Compatibility
Enabling Notifications
API Documentation
API Documentation
Add API Documentation
Search Documentation
Search Documentation
Add a New Search Keyword
Advanced Topics
Advanced Topics
Enable Publisher Access Control
Control API Visibility and Subscription Availability in the Developer Portal
Enabling CORS for APIs
Adding an API State Change Workflow
Block Subscription to an API
Consume APIs
Consume APIs
Discover APIs
Discover APIs
Search
AI-based Recommendations for the Developer Portal
Manage Applications
Manage Applications
Create Application
Generate Keys
Generate Keys
Application Keys
Grant Types
Grant Types
Password Grant
Client Credentials Grant
JWT Grant
Kerberos OAuth2 Grant
Refresh Token Grant
Authorization Code Grant
SAML Extension Grant
Implicit Grant
NTLM Grant
Obtain Access Token
Obtain Access Token
Overview of Access Tokens
Access Tokens Per Device
Changing the Default Token Expiration Time
Revoke OAuth2 Application
Sharing Applications
Advanced Topics
Advanced Topics
Add Custom Attributes to Applications
Changing the Owner of an Application
Adding an Application Creation Workflow
Adding an Application Key Generation Workflow
Manage Subscriptions
Manage Subscriptions
Subscribe to an API
Advanced Topics
Advanced Topics
Adding an API Subscription Workflow
Adding an API Subscription Tier Update Workflow
Invoke APIs
Invoke APIs
Invoke an API Using the Integrated API Console
Invoke an GraphQL API using the Integrated GraphQL Console
Include Additional Headers in the API Console
Invoke an API Using a SOAP Client
Collaborations
Collaborations
Use the Community Features
Generating SDKs
Generating SDKs
Generate SDKs in Developer Portal
Write a Client Application Using the SDK
API Gateway
API Gateway
Overview of the WSO2 API Gateway
Message Mediation
Message Mediation
Changing the Default Mediation Flow of API Requests
Creating and Uploading using Integration Studio
Adding Dynamic Endpoints
Removing Specific Request Headers From Response
Passing a Custom Authorization Token to the Backend
URL Mapping
Disabling Message Chunking
Transforming API Message Payload
Adding a Non-Blocking Send Operation
Adding a Class Mediator
Configuring message builders and formatters
Response Caching
Message Tracing
Threat Protectors
Threat Protectors
Regular Expression Threat Protection
JSON Threat Protection
XML Threat Protection
Passing Enduser Attributes to the Backend
Passing Enduser Attributes to the Backend
Passing Enduser Attributes to the Backend Using JWT
Gateway Environments
Scaling the Gateway
Advanced Topics
Advanced Topics
API Gateways with Dedicated Backends
Mutual SSL Between API Gateway and Backend
API Microgateway
API Microgateway
Grouping APIs with Labels
API Security
API Security
Authentication
Authentication
Overview
Secure APIs using OAuth2 Access Tokens
Secure APIs using API Keys
Secure APIs using Mutual SSL
Secure APIs using Basic Authentication
Securing APIs Deployed in Cloud Clusters
Federating OAuth Applications
Authorization
Authorization
Overview
Role-Based Access Control using Scopes
Role-Based Access Control using XACML
Securing APIs by Auditing API Definitions
Request-Response Schema Validation
Request-Response Schema Validation
JSON Schema Validator
OAuth2
OAuth2
Token types
Token types
JWT Access Tokens
OAuth2 Scopes
OAuth2 Scopes
Role-Based Access Control with OAuth Scopes
Scope Allowlisting
Grant Types
Grant Types
Overview
Password Grant
Client Credentials Grant
Authorization Code Grant
Implicit Grant
Refresh Token Grant
JWT Grant
SAML Extension Grant
Kerberos OAuth2 Grant
NTLM Grant
Token Revocation
Token Expiration
Token Persistence
Encrypting OAuth2 Tokens
Hashing OAuth Keys
Provisioning Out-of-Band OAuth Clients
Securing OAuth Token with HMAC Validation
Threat Protection
Threat Protection
Bot Detection
Gateway Threat Protectors
Regular Expression Threat Protection
JSON Threat Protection
XML Threat Protection
OpenID Connect
OpenID Connect
Obtaining User Profile Information with OpenID Connect
OpenID Discovery Endpoint
User Account Management
User Account Management
Recover Password
Change Password
Rate Limiting
Rate Limiting
Throttling Use-Cases
Adding New Throttling Policies
Setting Throttling Limits
Access Control
Enforce Throttling and Resource Access Policies
Setting Maximum Backend Throughput Limits
Engaging a New Throttling Policy at Runtime
Query Limits for GraphQL
Query Limits for GraphQL
Overview
Query Depth Limit
Query Complexity Limit
Advanced Topics
Advanced Topics
Custom Throttling
API Monetization
API Monetization
Monetizing an API
Analytics
Analytics
Overview of API Analytics
Viewing API Statistics
Viewing API Statistics
Monitoring dashboard
Business analytics
API analytics
Application analytics
Monthly API Usage Report
Using Geolocation Based Statistics
Using Geolocation Based Statistics
Creating the Geo Location Data Set
Configuring Geo Location Based Statistics
Writing a Custom Geo Location Provider
Alert Types
Setup & Configuration
Setup & Configuration
Configuring APIM Analytics
Encrypting Sensitive Data in the API-M Analytics Server
Configuring Keystores in APIM Analytics
Managing Analytics Dashboard Permissions
Configuring Alerts
Subscribing for Alerts
Integrating with Google Analytics
Purging Analytics Data
Default Ports of WSO2 API-M Analytics
Development
Development
Creating Custom Widgets
Customizing Analytics Dashboards
White Labeling for Tenants
Adding Third Party Non OSGi Libraries
Publishing Custom Attributes
General Data Protection Regulation (GDPR) for WSO2 API Manager Analytics
Analytics Event Streams and Aggregations
API Controller
API Controller
Getting Started with WSO2 API Controller
Importing APIs Via Dev First Approach
Migrating APIs to Different Environments
Migrating API Products (with or without dependent APIs) to Different Environments
Migrating Apps to Different Environments
CI/CD with WSO2 API Manager
Building a Jenkins CI/CD Pipeline for Dev First Approach
Advanced Topics
Advanced Topics
Creating Custom Users to Perform API Controller Operations
Configuring Environment Specific Parameters
Using Dynamic Data in API Controller Projects
Configuring Different Endpoint Types
Configuring Different Endpoint Security Types
Configuring Git Integration
Kubernetes Operators
Kubernetes Operators
K8s API Operator
K8s API Operator
K8s API Operator Overview
Enabling PrivateJet Mode to Deploy APIs
K8s WSO2 API Manager Operator
Tutorials
Tutorials
Create and Publish a GraphQL API
Create and Publish an AWS Lambda API
Expose a SOAP Service as a REST API
Create and Publish WebSocket API
Edit an API by Modifying the API Definition
Develop
Develop
Product REST APIs
Product REST APIs
RESTful APIs
Publisher APIs
Publisher APIs
Publisher v1
Developer Portal APIs
Developer Portal APIs
Developer Portal API v1
Admin APIs
Admin APIs
Admin APIs v1
Admin APIs v0.17
Gateway APIs
Gateway APIs
Gateway v1
Advanced Configurations
Extending WSO2 API Manager
Extending WSO2 API Manager
Extending Key Management
Extending Key Management
Extending Key Validation
Extending Scope Validation
Extending Key Manager
Writing Custom Grant Types
Extending API Gateway
Extending API Gateway
Customizing API Template
Writing Custom Handlers
Extending Workflows
Extending Workflows
Invoking the API Manager from the BPEL Engine
Customizing a Workflow Extension
Configuring HTTP Redirection for Workflows
Configuring Workflows for Tenants
Configuring Workflows in a Cluster
Changing the Default User Role in Workflows
Cleaning Up Workflow Tasks
SAML2 SSO
SAML2 SSO
Configuring Single Sign On with SAML2
Configuring External IDP Through Identity Server for SSO
Configuring Identity Server as IDP for SSO
Multi Factor Authentication for Publisher and Developer Portals
Customizations
Customizations
Customizing the Developer Portal
Customizing the Developer Portal
Overriding Developer Portal Theme
Customize API Listing
Customize API Listing
API Category based Grouping
Change Default View
Enabling or Disabling API Detail Tabs
Override API Overview Page per API
Enable or Disable Rating
Enable or Disable Home Page
Enable or Disable Tag Cloud
Enable or Disable Footer
Enable or Disable Banner
Styling API Details Left Menu
Styling API Details Info Section
Styling the Logo and Header
Enabling or Disabling Self Signup
Overriding the Publisher Portal Theme
Log in to the Developer Portal using Social Media
Directing the Root Context to the Developer Portal
Customizing User Signup in Developer Portal
Customizing the Developer Portal and Gateway URLs for Tenants
Customizing Login Pages for Developer Portal and Publisher
Adding a User Signup Workflow
Adding internationalization
Advanced UI Customization
Admin Services
Working with the Source Code
Java Documentation
Install and Setup
Install and Setup
Install
Install
Installation Prerequisites
Installing the Product
Installing the Product
Overview
Installing via the Installer
Installing the Binary
Installing the Binary
Installing on Linux or OS X
Installing on Solaris
Installing on Windows
Installing as a Linux Service
Installing as a Windows Service
Deploying on Kubernetes
Running the Product
Setup
Setup
Deployment Patterns Overview
All-In-One Deployment
All-In-One Deployment
All-in-One Deployment Overview
Configuring a Single Node
Configuring an Active-Active Deployment
Distributed Deployment
Distributed Deployment
Distributed Deployment Overview
Deploying WSO2 API-M in a Distributed Setup
Product Profiles
Synchronizing Artifacts in a Gateway Cluster
Configure a Key Manager
Configure a Key Manager
Configure a Third-party Key Manager
Configure WSO2 Identity Server as a Key Manager
Configure Analytics for High Availability
Configure Analytics for High Availability
Active-Active Deployment
Active-Passive Deployment
Configuring Database and File System State Persistence
Setting up Databases
Setting up Databases
Overview
Changing Default Databases
Changing Default Databases
Changing to MySQL
Changing to MSSQL
Changing to PostgreSQL
Changing to Oracle
Changing to MariaDB
Changing to IBM DB2
Changing to Oracle RAC
Managing Data Growth and Improving Performance
Setting up Proxy Server and the Load Balancer
Setting up Proxy Server and the Load Balancer
Configuring the Proxy Server and the Load Balancer
Adding a custom Proxy Path
Security
Security
Logins and Passwords
Logins and Passwords
Maintaining Logins and Passwords
Securing Passwords
Securing Passwords
Customizing Secure Vault
Set Passwords using Environment Variables or System Properties
Working with Encrypted Passwords
Configuring Keystores
Configuring Keystores
Configuring Keystores in API Manager
Keystore Basics
Keystore Basics
Creating a New Keystore
Renewing a CA Signed Certificate
About Asymetric Cryptography
Enabling HostName Verification
Enabling Java Security Manager
General Data Protection Regulation (GDPR) for WSO2 API Manager
Configuring Transport Level Security
User Account Management
Deployment Best Practices
Deployment Best Practices
Basic Health Checks
Changing the Hostname
Changing the Default Ports with Offset
Production Deployment Guidelines
Security Guidelines for Production Deployment
Tuning Performance
Performance Test Results
SSO
SSO
Configuring Identity Server As External IDP with OIDC
Configuring Identity Server As External IDP with SAML
Using OKTA As An External IDP With OIDC
Using OKTA As An External IDP With SAML
Advanced Configuration
Advanced Configuration
Changing the Default Transport
Configuring Caching
Customizing the Management Console
Reference
Reference
Common Runtime and Configuration Artifacts
Default Product Ports
Product Compatibility
Supported Cipher Suites
Upgrade
Administer
Administer
Updating WSO2 API Manager
Managing Users and Roles
Managing Users and Roles
Introduction to User Management
Managing User Roles
Managing Users
Managing Role Permissions
Managing Users for Admin Portal
Managing User Stores
Managing User Stores
Introduction to User Stores
Configuring Primary User Stores
Configuring Primary User Stores
Configuring Primary User Stores
Configuring a JDBC User Store
Configuring a Read-Write LDAP User Store
Configuring a Read-Only LDAP User Store
Configuring a Read-Write Active Directory User Store
Configuring Secondary User Store
Writing a custom User Store Manager
Configuring the Authorization Manager
Multitenancy
Multitenancy
Introduction to Multitenancy
Managing Tenants
Configuring the Tenant Loading Policy
Monitoring
Monitoring
Monitoring Logs
Monitoring Logs
Setting up logging
Setting up logging per API
Monitoring HTTP access logs
Monitoring audit Logs
Managing log growth
Masking sensitive information in logs
Working with Observability
Enabling Tracing with OpenTracing
JMX-Based Monitoring
Monitoring TCP-Based Messages
Monitoring Server Health
Key Managers
Key Managers
Overview
Configure WSO2 IS as a Key Manager
Configure Keycloak as a Key Manager
Configure Okta as a Key Manager
Configure Auth0 as a Key Manager
Configure PingFederate as A Key Manager
Configure ForgeRock as a Key Manager
Configure a Custom Key Manager
Reference
Reference
Configuration Catalog
Understanding the New Configuration Model
Vendor Specific Extensions
WSO2 API Manager Best Practices
Accessibility Compliance
FAQ
Guides
Guides
Message Flow in the API Manager Gateway
Accessing API Manager by Multiple Devices Simultaneously
admin_Directory Structure of WSO2 Products
Samples
Samples
API Development Sample
API Development Sample
Managing APIs Sample
Collaborative API Development Sample
Development of Developer Optimized APIs Sample
API Governance Sample
API Lifecycle Management Sample
API Rate Limiting Sample
API Rate Monetization Sample
API Security Sample
API Versioning Sample
Troubleshooting
Troubleshooting
Error Handling
Capturing System Data in Error Situations
Troubleshooting in Production Environments
Configuring XSLT Mediation with Xalan
Cleaning Up Partially Created Keys
Troubleshooting 'Registered callback does not match with the provided url' error