API Manager Documentation
Service Catalog API v1
4.6.0
Show all
Initializing search
Get Help
Report Issues
WSO2 API Manager Documentation
wso2/docs-apim
Home
Get Started
Get Started
Introduction
Key Concepts
Quick Start Guide
Architecture
Deployment Options
Deployment Options
Deployment Platforms
Deployment Patterns
About this Release
Install & Setup
Install & Setup
Overview
Install
Install
Installation Prerequisites
Install the API Manager Runtime
Install the API Manager Runtime
Install API-M
Run API-M
Run API-M as a Linux Service
Run API-M as a Windows Service
Installation Options
Setup
Setup
Set up API Manager
Set up API Manager
Update WSO2 API Manager
Set up Kubernetes Gateway with APIM
Set up a Key Manager
Set up a Key Manager
Set up a Third-party Key Manager
Set up WSO2 Identity Server as a Resident Key Manager
Set up Databases
Set up Databases
Overview
Change Default Databases
Change Default Databases
Change to MySQL
Change to MSSQL
Change to PostgreSQL
Change to Oracle
Change to IBM DB2
Change to Oracle RAC
Manage Data Growth and Improving Performance
Set up Proxy Server and the Load Balancer
Set up Proxy Server and the Load Balancer
Configure the Proxy Server and the Load Balancer
Add a custom Proxy Path
Security
Security
Logins and Passwords
Logins and Passwords
Maintain Logins and Passwords
Secure Passwords
Secure Passwords
Customize Secure Vault
Set Passwords Using Environment Variables/System Properties
Work with Encrypted Passwords
Set Up ReCaptcha
Configure reCaptcha for Single Sign On
Integrate with HashiCorp Vault
Configure Keystores
Configure Keystores
Configure Keystores in API Manager
Keystore Basics
Keystore Basics
Create a New Keystore
Renew a CA Signed Certificate
About Asymetric Cryptography
Enable HostName Verification
Enable Java Security Manager
General Data Protection Regulation (GDPR) for WSO2 API Manager
Configure Transport Level Security
User Account Management
Secure Web Portals
Configure Userstores
Configure Userstores
Introduction to User Stores
Configure Primary User Stores
Configure Primary User Stores
Configure Primary User Stores
Configure a JDBC User Store
Configure a Read-Write LDAP User Store
Configure a Read-Only LDAP User Store
Configure a Read-Write Active Directory User Store
SSO
SSO
Configure Identity Server As External IDP with OIDC
Configure Identity Server As External IDP with SAML
OKTA As An External IDP With OIDC
OKTA As An External IDP With SAML
Advanced Configurations
Advanced Configurations
Change the Default Transport
Configure Caching
Customize the Management Console
Configure the Crypto Provider
Deploy
Deploy
Deploy on VMs
Deploy on VMs
All-In-One Deployment
All-In-One Deployment
Single Node Deployment
Active-Active Deployment
Distributed Deployment
Distributed Deployment
Simple Scalable Deployment
Distributed Deployment (Recommended)
Distributed Deployment with Key Manager Separation
Multi-DC Deployment
Multi-DC Deployment
Patterns Overview
Multi-DC Deployment - Pattern 1
Multi-DC Deployment - Pattern 2
Deploy on Kubernetes
Deploy on Kubernetes
API-M on K8s
API-M on K8s
Overview
All-In-One Deployment
All-In-One Deployment
Single Node Deployment
Active-Active Deployment
Distributed Deployment
Distributed Deployment
Simple Scalable Deployment
Distributed Deployment (Recommended)
Distributed Deployment with Key Manager Separation
Simple Scalable Deployment with Key Manager Separation
Configure IS as Key Manager
API-M on Openshift
API-M on EKS
API-M on EKS
Overview
Deployment Guide
Deployment Best Practices
Deployment Best Practices
Deployment Checklist
Security Guidelines for a Production Deployment
Basic Health Checks
Change the Hostname
Change the Default Ports
Backup and Recovery
Performance Tuning
Performance Tuning
API-M Performance Tuning
Upgrade
Tutorials
Tutorials
Tutorials Overview
Scenario Tutorials
Scenario Tutorials
Scenario Overview
Scenario 1 - Create a REST API from an OpenAPI Definition
Scenario 2 - Engage Access Control to the API
Scenario 3 - Implement an API
Scenario 4 - Sign Up a New User
Scenario 5 - Get the Developer Community Involved
Scenario 6 - Integrate with Data Sources
Scenario 7 - Analytics
Scenario 8 - Rate Limiting
Scenario 9 - Realtime Data with WebSocket API
Scenario 10 - Notifications Using WebHooks
Scenario 11 - GraphQL Support
Scenario 12 - Guaranteed Message Delivery
Scenario 13 - Integrate with Services via Connectors
Scenario 14 - External Key Manager Support
API Management Tutorials
API Management Tutorials
Setting Up a Distributed Setup Using the APIM Enterprise Package
Integrating API Manager with an External Broker and Gateway
Develop an Integration From a Managed API
The Single Control Plane for Multiple Gateways
Federated API Gateway Deployment
Create and Publish a GraphQL API
Create and Publish a Streaming API
Create and Publish a Streaming API
Create and Publish a WebSocket API
Create and Publish a WebSub/WebHook API
Create and Publish a SSE API
Create and Publish an AWS Lambda API
Create and Publish an API with Sequence as a Backend
Expose a SOAP Service as a REST API
Edit an API by Modifying the API Definition
Enforce Rate Limiting and Resource Access Policies
API Design & Manage
API Design & Manage
Design APIs
Design APIs
Design APIs Overview
Create APIs
Create APIs
REST APIs
REST APIs
Create a REST API
Create a REST API from an OpenAPI Definition
Expose a SOAP Service as a REST API
Generate REST API from SOAP Backend
Test a REST API
GraphQL APIs
GraphQL APIs
Create a GraphQL API
Streaming APIs
Streaming APIs
Streaming API Overview
Create a WebSocket API
Create a WebSub/WebHook API
Create a SSE API
Create a Streaming API from an AsyncAPI Definition
Test a WebSub/WebHook API
Create an API Using a Service
AI APIs
Create APIs with AI
Create API Revisions
Add Custom Properties to APIs
Change the Thumbnail of an API
Create Prototype APIs
Create Prototype APIs
Overview
Mock Implementation
Mock Implementation
With API Gateway
Existing Backend Implementation as a Prototype API
Create API Products
Create API Products
API Product Overview
Create an API Product
Endpoints
Endpoints
Endpoint Types
Endpoint Security
Endpoint Security
Basic Auth
Digest Auth
OAuth 2.0
Resiliency
Resiliency
Endpoint Timeouts
Endpoint Suspension
Prevent API Suspension
High Availability for Endpoints
Manage Certificates
Lifecycle Management
Lifecycle Management
API Lifecycle
Customize API Life Cycle
API Versioning
API Versioning
Create a New API Version
Deprecate the Old Version
Backward Compatibility
Enable Notifications
API Documentation
API Documentation
Add API Documentation
View Generated Documentation
API Collaboration
API Collaboration
Comment on an API via the Publisher
Enable Social Media Interaction
API Policies
API Policies
Overview
Attach Policy
Create Policy
Rate Limiting
Rate Limiting
Set API Operation Limits
Protect Backend Services
Assign Business Plans
Set GraphQL Query Limits
Set GraphQL Query Limits
Limit Query Complexity
Limit Query Depth
Set Streaming API Limits
Advanced Topics
Advanced Topics
Enable Publisher Access Control
Control API Visibility and Subscription Availability
Block Subscription to an API
Disable Subscriptions for an API
Enabling CORS for APIs
Adding an API State Change Workflow
Validate API Definitions with Linters
API Creator/Publisher Governance Capabilities
Deploy and Publish APIs
Deploy and Publish APIs
Deploy on Gateway
Deploy on Gateway
Deploy API
Deploy API
Deploy an API
Expose APIs via Custom Hostnames
Deploy Through Multiple API Gateways
Revision Deployment Workflow
Publish on Developer Portal
Publish on Developer Portal
Publish an API
Add a Third-party API
Publish to Multiple External API Developer Portals
Import APIs From AWS API-Gateway to WSO2 API-M
API Developer Portal
API Developer Portal
Publish an API to Developer Portal
Consume APIs Overview
Discover APIs
Discover APIs
Search
Marketplace Assistant
Manage Applications
Manage Applications
Create Application
Generate Keys
Generate Keys
Application Keys
Obtain Access Token
Obtain Access Token
Overview of Access Tokens
Access Tokens Per Device
Change the Default Token Expiration Time
Revoke OAuth2 Application
Share Applications
Advanced Topics
Advanced Topics
Add Custom Attributes to Applications
Change the Owner of an Application
Change the Provider of an Api
Add an Application Creation Workflow
Add an Application Update Workflow
Add an Application Key Generation Workflow
Manage Subscriptions
Manage Subscriptions
Subscribe to an API
Advanced Topics
Advanced Topics
Add an API Subscription Workflow
Add an API Subscription Tier Update Workflow
Add an API Subscription Deletion Workflow
Test APIs
Test APIs
Integrated API Console
Integrated API Console
Test a REST API
Test a GraphQL API
Add Additional Headers to Test a REST API
SOAP Client
Postman
Test APIs with API Chat
Collaborations
Collaborations
Interact with the Community
Generating SDKs
Generating SDKs
Generate SDKs in Developer Portal
Write a Client Application Using the SDK
User Account Management
User Account Management
Recover Password
Change Password
Rate Limiting
Rate Limiting
Rate Limiting for App Developers
Manage Application Rate Limits
Handle Rate Limiting Errors
Reset Application Throttling Policies
B2B API Consumption
B2B API Consumption
B2B API Consumption
Setup WSO2 Identity Server as a Federated Authenticator
API Security
API Security
Design-Time Security
Design-Time Security
Configuring API Security Audit
Runtime Security
Runtime Security
Authentication
Authentication
Overview
Disable Security
Secure APIs Using API Keys
Secure APIs Using Basic Authentication
Secure APIs Using Mutual SSL
Secure APIs Using OAuth2 Tokens
Securing APIs Using Certificate Bound Access Tokens
Authorization
Authorization
Overview
Role-based Access Control Using XACML
Fine Grained Access Control with OAuth Scopes
Application Scopes
Scope Whitelisting
API Request Response Schema Validation
API Request Response Schema Validation
JSON Schema Validator
OPA Validation
OPA Validation
Overview
Custom OPA Policy for Regular Gateway
Key Management
Key Management
Overview
Grant Types
Grant Types
Overview
Password Grant
Client Credentials Grant
Authorization Code Grant
Refresh Token Grant
JWT Grant
SAML Extension Grant
Kerberos OAuth2 Grant
NTLM Grant
Tokens
Tokens
JWT Tokens
Token Expiration
Token Persistence
Token Revocation
Encrypting OAuth2 Tokens
Hashing OAuth Keys
Multiple Active Access Tokens
Securing OAuth Token with HMAC Validation
Applications
Applications
Provisioning Out-of-Band OAuth Clients
Federating OAuth Applications
Identity
Identity
Obtain User Profile Information with OpenID Connect
Third-Party Key Managers
Third-Party Key Managers
Overview
Configure WSO2 IS as a Key Manager
Configure WSO2 IS 7.x as a Key Manager
Configure Keycloak as a Key Manager
Configure Okta as a Key Manager
Configure Auth0 as a Key Manager
Configure PingFederate as A Key Manager
Configure ForgeRock as a Key Manager
Configure the Azure AD as a Key Manager
Configure a Custom Key Manager for Out-of-Band Provisioning
Configure a Custom Key Manager
Configure the Global Key Manager
API Gateway
API Gateway
Universal Gateway
Universal Gateway
Overview of the WSO2 Universal Gateway
Deploy an API to Gateway
Response Caching
Pass End User Attributes to the Backend
Gateway Environments
Scale the Gateway
Advanced Topics
Advanced Topics
Universal Gateway with Dedicated Tenants
Universal Gateways with Dedicated Backends
Mutual SSL Between Universal Gateway and Backend
Storing Custom Synapse Artifacts in the Gateway
Gateway Policies
Gateway Policies
Adding Dynamic Endpoints
Adding a Class Mediator
Adding a Non-Blocking Send Operation
Configuring Message Builders Formatters
Disabling Message Chunking
JWT Claim Based Access Validator
Mapping Backend URLs with Publisher URLs
Passing Custom Authorization Token to Backend
Removing Specific Request Headers from Response
Revoke One Time Tokens Policy
Transforming API Message Payload
Global Gateway Policies
Threat Protectors
Threat Protectors
Gateway Threat Protectors
Regular Expression Threat Protection
JSON Threat Protection
XML Threat Protection
Bot Detection
Rate Limiting
Rate Limiting
Understand Rate Limit Enforcement
Enforce GraphQL Query Limits
Enforce Streaming API Limits
Enforce Custom Throttling
Configure Distributed Burst Control & Backend Rate Limiting
Configure Distributed Throttling
Federated Gateways
Federated Gateways
Overview
AWS
AWS
Deploy on AWS API Gateway
Discover APIs on AWS API Gateway
Azure
Azure
Deploy on Azure API Gateway
Discover APIs on Azure API Gateway
EnvoyGateway
EnvoyGateway
Discover APIs on Envoy Gateway
Kong
Kong
Kong Kubernetes
Kong Kubernetes
Discover APIs on Kong Gateway in Kubernetes
Kong Standalone
Kong Standalone
Discover APIs on Kong Gateway
Configure a Custom Gateway Agent
AI Gateway
AI Gateway
Overview
LLM Gateway
LLM Gateway
Getting Started
AI Backend Security
Rate Limiting
Multi-Model Routing
Multi-Model Routing
Overview
Load Balancing
Failover
AI Service Provider Management
AI Service Provider Management
Overview
Anthropic
AWS Bedrock
Azure AI Foundry
Azure OpenAI
Gemini
Mistral AI
OpenAI
Custom AI Service Providers
Custom AI Service Providers
Overview
Custom Connector
Onboarding a Custom AI Service Provider
Prompt Management
Prompt Management
Overview
Prompt Decorator
Prompt Template
AI Guardrails
AI Guardrails
Overview
Content Length Guardrail
Regex Guardrail
JSON Schema Guardrail
Sentence Count Guardrail
URL Guardrail
Word Count Guardrail
Semantic Prompt Guardrail
PII Masking with Regex
Azure Content Safety
AWS Bedrock Guardrail
Guardrail Error Response
Semantic Caching
AI APIs via SDKs
MCP Gateway
MCP Gateway
Getting Started
Create from an OpenAPI Definition
Create from an Existing API
Proxy an Existing MCP Server
Update and Deploy a MCP Server
Subscribe to a MCP Server
Consume MCP Servers from MCP Hub
API Analytics & Monetization
API Analytics & Monetization
API Analytics
API Analytics
Overview
Moesif Analytics
Other Analytics Solutions
Other Analytics Solutions
ELK Based Analytics Installation Guide
Datadog Analytics Installation Guide
OpenSearch Analytics Installation Guide
Choreo Based Analytics
Choreo Based Analytics
Architecture
Getting Started Guide
Role-based Access Control
Alerts
Choreo Based Analytics via Proxy
Publish Analytics Events to External Systems
Publish Custom Analytics Events Data
API Monetization
API Monetization
Monetize an API
Observability
Observability
Overview
Logs
Logs
Configure Logs
Correlation Logs
HTTP Access Logs
Audit Logs
API Logs
Websocket Logs
External Observability Solutions
External Observability Solutions
OpenSearch
Traces
Traces
OpenTracing
OpenTelemetry
Metrics
Metrics
JMX-Based Monitoring
Administration
Administration
Overview
Manage Users and Roles
Manage Users and Roles
Introduction to User Management
Manage Users for API Manager
Manage Users for API Manager
Manage User Roles
Manage Users
Manage Role Permissions
Manage Users for Admin Portal
Manage User Stores
Manage User Stores
Introduction to User Stores
Configure Secondary User Stores
Write a Custom User Store Manager
Configure the Authorization Manager
API Manager Multitenancy
API Manager Multitenancy
Introduction to Multitenancy
Manage Tenants
Configure the Tenant Loading Policy
Tenant Sharing with WSO2 Identity Server 7.x
Monitoring API Manager
Monitoring API Manager
Server Health
Multiple Gateways
Multiple Gateways
Configure a Gateway
Configure Gateway Visibility
Advanced Configurations
Manage Role based access control for the Admin portal
Rate Limiting
Rate Limiting
Manage Subscription Policies
Manage AI Subscription Policies
Manage Application Policies
Manage Advanced Policies
Manage Deny Policies
Implement Custom Policies
Change Default Tiers
Governance
Governance
Overview
Concepts
Administrative Capabilities
CI/CD-Driven Governance
Publisher Portal in Read Only Mode
APIOps
APIOps
CI/CD
CI/CD
CI/CD for APIs - Overview
Build a CI/CD Pipeline for APIs Using the CLI
Build a CI/CD Pipeline for APIs using Jenkins
CLI
CLI
Getting Started with WSO2 API Controller (apictl)
API Governance CLI Tool
Manage APIs and API Products
Manage APIs and API Products
Manage APIs and API Products
Import APIs Via Dev First Approach
Migrate APIs to Different Environments
Migrate API Products (with or without Dependent APIs) to Different Environments
Manage MCP Servers
Manage MCP Servers
Manage MCP Servers
Import MCP Servers Via Dev First Approach
Migrate MCP Servers to Different Environments
Manage Applications
Manage Applications
Manage Applications
Migrate Apps to Different Environments
Manage Rate Limiting Policies
Manage Rate Limiting Policies
Manage Rate Limiting Policies
Migrate Rate Limiting Policies to Different Environments
Manage Common API Policies
Manage Common API Policies
Manage Common API Policies
Migrate Common API Policies to Different Environments
Encrypt Secrets with apictl
Enable Correlation Logs with apictl
AI Related Operations with apictl
Advanced Topics
Advanced Topics
Create Custom Users to Perform apictl Operations
Configure Environment Specific Parameters
Use Dynamic Data in apictl Projects
Configure Different Endpoint Types
Configuring Different Endpoint Security Types
Format the Outputs of Get Commands
Configure Git Integration
Reference
Reference
Product REST APIs
Product REST APIs
Overview
Publisher APIs
Publisher APIs
Publisher API v4
Developer Portal APIs
Developer Portal APIs
Developer Portal API v3
Admin APIs
Admin APIs
Admin API v4
Gateway APIs
Gateway APIs
Gateway API v2
Service Catalog APIs
Service Catalog APIs
Service Catalog API v1
DevOps APIs
DevOps APIs
DevOps API v0
Governance APIs
Governance APIs
Governance API v1
Advanced Configurations
Product Configurations
Product Configurations
Understand the New Configuration Model
API-M Config Catalog
API Controller (APICTL)
Governance
Governance
Rule Validator
Ruleset Catalog
Ruleset Catalog
WSO2 API Management Guidelines
WSO2 REST API Design Guidelines
OWASP Top 10
API YAML Representation
API Documentation YAML Representation
Customizations
Customizations
Vendor Specific Extensions
Extend WSO2 API Manager
Extend WSO2 API Manager
Extend Key Management
Extend Key Management
Extend Key Validation
Extend Scope Validation
Extend Key Manager
Write Custom Grant Types
Extend API Gateway
Extend API Gateway
Customize API Template
Write Custom Handlers
Extend Workflows
Extend Workflows
Invoke the API Manager from the BPEL Engine
Customize a Workflow Extension
Configure HTTP Redirection for Workflows
Configure Workflows for Tenants
Configure Workflows in a Cluster
Change the Default User Role in Workflows
Clean Up Workflow Tasks
SAML2 SSO
SAML2 SSO
Configure Single Sign On with SAML2
Configure External IDP Through Identity Server for SSO
Configure Identity Server as IDP for SSO
Multi Factor Authentication for Publisher and Developer Portals
Customizations
Customizations
Customize the Developer Portal
Customize the Developer Portal
Override the Developer Portal Theme
Customize API Listing
Customize API Listing
API Category based Grouping
Change Default View
Enable or Disable API Detail Tabs
Override API Overview Page per API
Enable or Disable Rating
Enable or Disable Home Page
Enable or Disable Tag Cloud
Enable or Disable Footer
Enable or Disable Banner
Styling API Details Left Menu
Styling the Logo and Header
Enable or Disabling Self Signup
Configure reCaptcha for Self-SignUp
Override the Publisher Portal Theme
Log in to the Developer Portal Using Social Media
Directing the Root Context to the Developer Portal
Customize User Signup in Developer Portal
Customize Login Pages for Developer Portal and Publisher
Customize the Developer Portal and Gateway URLs for Tenants
Add a User Signup Workflow
Add internationalization
Define Custom Linter Rules
Advanced UI Customization
Modify Workflow Approval Task Limit
Implementing a Custom Validation Engine
Admin Services
Work with the Source Code
Java Documentation
Best Practices
Best Practices
WSO2 API-M Best Practices
Best Practices for Working with Endpoints
Accessibility Compliance
Guides
Guides
Message Flow in the API Manager Gateway
Accessing API Manager by Multiple Devices Simultaneously
admin_Directory Structure of WSO2 Products
Common Runtime and Configuration Artifacts
Default Product Ports
Product Compatibility
Performance Test Results
Performance Test Results
API Manager
Token Persistence
Supported Cipher Suites
Troubleshooting
Troubleshooting
Error Handling
Capturing System Data in Error Situations
Troubleshooting in Production Environments
Utilizing Runtime Diagnostic Tool
Cleaning Up Partially Created Keys
Configure XSLT Mediation with Xalan
Troubleshooting 'Registered callback does not match with the provided url' error
Troubleshooting JMS
Troubleshooting WebSocket APIs
FAQ
Back to top