API Manager Documentation
Gateway API v2
4.5.0
Show all
Initializing search
wso2/docs-apim
Home
Get Started
Manage APIs
Consume APIs
AI Gateway
Governance
Monitoring
Reference
Administer
Install and Setup
Tutorials
Report Issues
WSO2 API Manager Documentation
wso2/docs-apim
Documentation
Get Started
Get Started
Overview
Key Concepts
Architecture
Quick Start Guide
About this Release
Manage APIs
Manage APIs
Design APIs
Design APIs
Design APIs Overview
Create APIs
Create APIs
REST APIs
REST APIs
Create a REST API
Create a REST API from an OpenAPI Definition
Expose a SOAP Service as a REST API
Generate REST API from SOAP Backend
Test a REST API
GraphQL APIs
GraphQL APIs
Create a GraphQL API
Create a GraphQL API using Introspection
Streaming APIs
Streaming APIs
Streaming API Overview
Create a WebSocket API
Create a WebSub/WebHook API
Create a SSE API
Create a Streaming API from an AsyncAPI Definition
Test a WebSub/WebHook API
Create an API Using a Service
AI APIs
Create APIs with AI
Create API Revisions
Add Custom Properties to APIs
Change the Thumbnail of an API
Create Prototype APIs
Create Prototype APIs
Overview
Mock Implementation
Mock Implementation
With API Gateway
Existing Backend Implementation as a Prototype API
Create API Products
Create API Products
API Product Overview
Create an API Product
Endpoints
Endpoints
Endpoint Types
Security
Security
Secure Endpoint with Basic Auth
Secure Endpoint with Digest Auth
Secure Endpoint with OAuth 2.0
High Availability for Endpoints
Resiliency
Resiliency
Endpoint Timeouts
Endpoint Suspension
Prevent API Suspension
Manage Certificates
Lifecycle Managament
Lifecycle Managament
API Lifecycle
Customize API Life Cycle
API Versioning
API Versioning
Create a New API Version
Deprecate the Old Version
Backward Compatibility
Enable Notifications
API Documentation
API Documentation
Add API Documentation
View Generated Documentation
API Collaboration
API Collaboration
Comment on an API via the Publisher
Enable Social Media Interaction
API Policies
API Policies
Overview
Attach Policies
Create a Policy
Regular Gateway Policies
Regular Gateway Policies
Add Dynamic Endpoints
Remove Specific Request Headers From Response
Pass a Custom Authorization Token to the Backend
URL Mapping
Disable Message Chunking
Transform API Message Payload
Add a Non-Blocking Send Operation
Add a Class Mediator
Configure Message Builders and Formatters
JWT claim based access validator
Revoke One Time Tokens Policy
API Security
API Security
Authentication
Authentication
Overview
Secure APIs using OAuth2 Access Tokens
Secure APIs using API Keys
Secure APIs using Mutual SSL
Secure APIs using Basic Authentication
Secure APIs using Certificate Bound Access Token
Federating OAuth Applications
Disable Security
Authorization
Authorization
Overview
Role-Based Access Control using Scopes
Role-Based Access Control using XACML
Publisher Portal in Read Only Mode
Secure APIs by Auditing API Definitions
Request-Response Schema Validation
Request-Response Schema Validation
JSON Schema Validator
OAuth2
OAuth2
Token types
Token types
JWT Access Tokens
OAuth2 Scopes
OAuth2 Scopes
Role-Based Access Control with OAuth Scopes
Scope Whitelisting
Grant Types
Grant Types
Overview
Password Grant
Client Credentials Grant
Authorization Code Grant
Refresh Token Grant
JWT Grant
SAML Extension Grant
Kerberos OAuth2 Grant
NTLM Grant
Token Revocation
Token Expiration
Token Persistence
Encrypting OAuth2 Tokens
Hashing OAuth Keys
Multiple Active Access Tokens
Provisioning Out-of-Band OAuth Clients
Securing OAuth Token with HMAC Validation
Threat Protection
Threat Protection
Bot Detection
Gateway Threat Protectors
Regular Expression Threat Protection
JSON Threat Protection
XML Threat Protection
OpenID Connect
OpenID Connect
Obtain User Profile Information with OpenID Connect
Open Policy Agent (OPA) Validation
Open Policy Agent (OPA) Validation
Overview
Custom OPA Policy for Regualr Gateway
Rate Limiting
Rate Limiting
Throttling Use-Cases
Add New Throttling Policies
Set Throttling Limits
Reset Application Throttling Policies
Access Control
Enforce Throttling and Resource Access Policies
Set Maximum Backend Throughput Limits
Rate Limiting for Streaming APIs
Rate Limiting for AI APIs
Query Limits for GraphQL
Query Limits for GraphQL
Overview
Query Depth Limit
Query Complexity Limit
Advanced Topics
Advanced Topics
Custom Rate Limiting
Distributed Burst Control, Backend Rate Limiting for API Gateway Cluster
API Monetization
API Monetization
Monetize an API
B2B API Management
B2B API Management
B2B API Consumption
Setup WSO2 Identity Server as a Federated Authenticator
Advanced Topics
Advanced Topics
Enable Publisher Access Control
Control API Visibility and Subscription Availability in the Developer Portal
Enable CORS for APIs
Add an API State Change Workflow
Block Subscription to an API
Disable Subscription Requirement for an API
Validate API Definitions with Linters
API Governance CLI Tool
Deploy and Publish APIs
Deploy and Publish APIs
Deploy on Gateway
Deploy on Gateway
Deploy API
Deploy API
Deploy an API
Expose APIs via Custom Hostnames
Deploy Through Multiple API Gateways
Revision Deployment Workflow
Universal Gateway
Universal Gateway
Overview of the WSO2 Universal Gateway
Gateway Policies
Response Caching
Threat Protectors
Threat Protectors
Regular Expression Threat Protection
JSON Threat Protection
XML Threat Protection
Pass End User Attributes to the Backend
Gateway Environments
Scale the Gateway
Advanced Topics
Advanced Topics
Universal Gateways with Dedicated Backends
Mutual SSL Between Universal Gateway and Backend
Storing Custom Synapse Artifacts in the Gateway
Federated Gateways
Federated Gateways
Deploy on AWS API Gateway
Configure a Custom Gateway Agent
Publish on Developer Portal
Publish on Developer Portal
Publish an API
Add a Third-party API
Publish to Multiple External API Developer Portals
Import APIs From AWS API-Gateway to WSO2 API-M
Consume APIs
Consume APIs
Consume APIs - Overview
Discover APIs
Discover APIs
Search
Marketplace Assistant
Manage Applications
Manage Applications
Create Application
Generate Keys
Generate Keys
Application Keys
Grant Types
Grant Types
Password Grant
Client Credentials Grant
JWT Grant
Kerberos OAuth2 Grant
Refresh Token Grant
Authorization Code Grant
SAML Extension Grant
NTLM Grant
Obtain Access Token
Obtain Access Token
Overview of Access Tokens
Access Tokens Per Device
Change the Default Token Expiration Time
Revoke OAuth2 Application
Share Applications
Advanced Topics
Advanced Topics
Add Custom Attributes to Applications
Change the Owner of an Application
Change the Provider of an Api
Add an Application Creation Workflow
Add an Application Key Generation Workflow
Manage Subscriptions
Manage Subscriptions
Subscribe to an API
Advanced Topics
Advanced Topics
Add an API Subscription Workflow
Add an API Subscription Tier Update Workflow
Add an API Subscription Deletion Workflow
Test APIs
Test APIs
Integrated API Console
Integrated API Console
Test a REST API
Test a GraphQL API
Add Additional Headers to Test a REST API
SOAP Client
Postman
Test APIs with API Chat
Collaborations
Collaborations
Interact with the Community
Generating SDKs
Generating SDKs
Generate SDKs in Developer Portal
Write a Client Application Using the SDK
User Account Management
User Account Management
Recover Password
Change Password
AI Gateway
AI Gateway
Overview
Getting started with AI Gateway
AI Backend Security
Rate Limiting
Multi-Model Routing
Multi-Model Routing
Overview
Load Balancing
Failover
AI Vendor Management
AI Vendor Management
Default AI Vendors
Custom AI Vendors
Custom AI Vendors
Overview
Custom Connector
Onboarding Anthropic's Claude
Governance
Governance
Overview
Concepts
How to Use
How to Use
Administrative Capabilities
API Creator/Publisher Capabilities
CI/CD-Driven Governance
References
References
Rule Validator
Ruleset Catalog
Ruleset Catalog
WSO2 API Management Guidelines
WSO2 REST API Design Guidelines
OWASP Top 10
WSO2 API Security Guidelines
API YAML Representation
API Documentation YAML Representation
Monitoring
Monitoring
API Analytics
API Analytics
Overview
Choreo Based Analytics
Choreo Based Analytics
Architecture
Getting Started Guide
Role-based Access Control
Alerts
Choreo Based Analytics via Proxy
Other Analytics Solutions
Other Analytics Solutions
ELK Based Analytics Installation Guide
Datadog Analytics Installation Guide
Publish Analytics Events to External Systems
Publish Custom Analytics Events Data
Observability
Observability
Overview
Logs
Logs
Correlation Logs
HTTP Access Logs
Audit Logs
API Logs
Websocket Logs
Traces
Traces
OpenTracing
OpenTelemetry
Metrics
Metrics
JMX-Based Monitoring
Reference
Reference
Product REST APIs
Product REST APIs
Overview
Publisher APIs
Publisher APIs
Publisher API v4
Developer Portal APIs
Developer Portal APIs
Developer Portal API v3
Admin APIs
Admin APIs
Admin API v4
Gateway APIs
Gateway APIs
Gateway API v2
Service Catalog APIs
Service Catalog APIs
Service Catalog API v1
DevOps APIs
DevOps APIs
DevOps API v0
Governance APIs
Governance APIs
Governance API v1
Advanced Configurations
Product Configurations
Product Configurations
Understand the New Configuration Model
API-M Config Catalog
API Controller (APICTL)
Governance
Governance
Rule Validator
Ruleset Catalog
Ruleset Catalog
WSO2 API Management Guidelines
WSO2 REST API Design Guidelines
OWASP Top 10
WSO2 API Security Guidelines
API YAML Representation
API Documentation YAML Representation
Customizations
Customizations
Vendor Specific Extensions
Extend WSO2 API Manager
Extend WSO2 API Manager
Extend Key Management
Extend Key Management
Extend Key Validation
Extend Scope Validation
Extend Key Manager
Write Custom Grant Types
Extend API Gateway
Extend API Gateway
Customize API Template
Write Custom Handlers
Extend Workflows
Extend Workflows
Invoke the API Manager from the BPEL Engine
Customize a Workflow Extension
Configure HTTP Redirection for Workflows
Configure Workflows for Tenants
Configure Workflows in a Cluster
Change the Default User Role in Workflows
Clean Up Workflow Tasks
SAML2 SSO
SAML2 SSO
Configure Single Sign On with SAML2
Configure External IDP Through Identity Server for SSO
Configure Identity Server as IDP for SSO
Multi Factor Authentication for Publisher and Developer Portals
Customizations
Customizations
Customize the Developer Portal
Customize the Developer Portal
Override the Developer Portal Theme
Customize API Listing
Customize API Listing
API Category based Grouping
Change Default View
Enable or Disabl API Detail Tabs
Override API Overview Page per API
Enable or Disable Rating
Enable or Disable Home Page
Enable or Disable Tag Cloud
Enable or Disable Footer
Enable or Disable Banner
Styling API Details Left Menu
Styling API Details Info Section
Styling the Logo and Header
Enable or Disabling Self Signup
Configure reCaptcha for Self-SignUp
Override the Publisher Portal Theme
Log in to the Developer Portal Using Social Media
Directing the Root Context to the Developer Portal
Customize User Signup in Developer Portal
Customize Login Pages for Developer Portal and Publisher
Customize the Developer Portal and Gateway URLs for Tenants
Add a User Signup Workflow
Add internationalization
Define Custom Linter Rules
Advanced UI Customization
Modify Workflow Approval Task Limit
Implementing a Custom Validation Engine
Admin Services
Work with the Source Code
Java Documentation
Best Practices
Best Practices
WSO2 API-M Best Practices
Best Practices for Working with Endpoints
Accessibility Compliance
Guides
Guides
Message Flow in the API Manager Gateway
Accessing API Manager by Multiple Devices Simultaneously
admin_Directory Structure of WSO2 Products
Troubleshooting
Troubleshooting
Error Handling
Capturing System Data in Error Situations
Troubleshooting in Production Environments
Utilizing Runtime Diagnostic Tool
Cleaning Up Partially Created Keys
Configure XSLT Mediation with Xalan
Troubleshooting 'Registered callback does not match with the provided url' error
Troubleshooting JMS
Troubleshooting WebSocket APIs
FAQ
Administer
Administer
Administer Overview
Manage Users and Roles
Manage Users and Roles
Introduction to User Management
Manage Users for API Manager
Manage Users for API Manager
Manage User Roles
Manage Users
Manage Role Permissions
Manage Users for Admin Portal
Manage User Stores
Manage User Stores
Introduction to User Stores
Configure Secondary User Stores
Write a Custom User Store Manager
Configure the Authorization Manager
API Manager Multitenancy
API Manager Multitenancy
Introduction to Multitenancy
Manage Tenants
Configure the Tenant Loading Policy
Monitoring API Manager
Monitoring API Manager
Configure Logs
Server Health
Multiple Gateways
Multiple Gateways
Configure a Gateway
Configure Gateway Visibility
Key Managers
Key Managers
Overview
Configure WSO2 IS as a Key Manager
Configure WSO2 IS 7.x as a Key Manager
Configure Keycloak as a Key Manager
Configure Okta as a Key Manager
Configure Auth0 as a Key Manager
Configure PingFederate as A Key Manager
Configure ForgeRock as a Key Manager
Configure a Custom Key Manager
Configure the Global Key Manager
Configure the Azure AD as a Key Manager
Advanced Configurations
Manage Role based access control for the Admin portal
Install and Setup
Install and Setup
Install and Setup Overview
Install
Install
Installation Prerequisites
Install the API Manager Runtime
Install the API Manager Runtime
Install API-M
Run API-M
Run API-M as a Linux Service
Run API-M as a Windows Service
Installation Options
Setup
Setup
Set up API Manager
Set up API Manager
Update WSO2 API Manager
Set up Kubernetes Gateway with APIM
Set up a Key Manager
Set up a Key Manager
Set up a Third-party Key Manager
Set up WSO2 Identity Server as a Resident Key Manager
Set up Databases
Set up Databases
Overview
Change Default Databases
Change Default Databases
Change to MySQL
Change to MSSQL
Change to PostgreSQL
Change to Oracle
Change to IBM DB2
Change to Oracle RAC
Manage Data Growth and Improving Performance
Set up Proxy Server and the Load Balancer
Set up Proxy Server and the Load Balancer
Configure the Proxy Server and the Load Balancer
Add a custom Proxy Path
Security
Security
Logins and Passwords
Logins and Passwords
Maintain Logins and Passwords
Secure Passwords
Secure Passwords
Customize Secure Vault
Set Passwords Using Environment Variables/System Properties
Work with Encrypted Passwords
Set Up ReCaptcha
Configure reCaptcha for Single Sign On
Intergrate with HashiCorp Vault
Configure Keystores
Configure Keystores
Configure Keystores in API Manager
Keystore Basics
Keystore Basics
Create a New Keystore
Renew a CA Signed Certificate
About Asymetric Cryptography
Enable HostName Verification
Enable Java Security Manager
General Data Protection Regulation (GDPR) for WSO2 API Manager
Configure Transport Level Security
User Account Management
Secure Web Portals
Configure Userstores
Configure Userstores
Introduction to User Stores
Configure Primary User Stores
Configure Primary User Stores
Configure Primary User Stores
Configure a JDBC User Store
Configure a Read-Write LDAP User Store
Configure a Read-Only LDAP User Store
Configure a Read-Write Active Directory User Store
SSO
SSO
Configure Identity Server As External IDP with OIDC
Configure Identity Server As External IDP with SAML
OKTA As An External IDP With OIDC
OKTA As An External IDP With SAML
Advanced Configurations
Advanced Configurations
Change the Default Transport
Configure Caching
Customize the Management Console
Configure the Crypto Provider
Deploy
Deploy
Deployment Patterns Overview
Deploy on VM
Deploy on VM
Overview
All-In-One Deployment
All-In-One Deployment
Single Node Deployment
Active-Active Deployment
Distributed Deployment
Distributed Deployment
Overview
Simple Scalable Deployment
Distributed Deployment (Recommended)
Distributed Deployment with Key Manager Separation
Multi-DC Deployment
Multi-DC Deployment
Patterns Overview
Multi-DC Deployment - Pattern 1
Multi-DC Deployment - Pattern 2
Deploy on Kubernetes
Deploy on Kubernetes
API-M on K8s
API-M on K8s
Overview
All-In-One Deployment
All-In-One Deployment
Single Node Deployment
Active-Active Deployment
Distributed Deployment
Distributed Deployment
Simple Scalable Deployment
Distributed Deployment (Recommended)
Distributed Deployment with Key Manager Separation
Simple Scalable Deployment with Key Manager Separation
API-M on Openshift
Deployment Best Practices
Deployment Best Practices
Deployment Checklist
Security Guidelines for a Production Deployment
Basic Health Checks
Change the Hostname
Change the Default Ports
Backup and Recovery
Performance Tuning
Performance Tuning
API-M Performance Tuning
CI/CD
CI/CD
CI/CD - APIs
CI/CD - APIs
CI/CD for APIs - Overview
Build a CI/CD Pipeline for APIs Using the CLI
Build a CI/CD Pipeline for APIs using Jenkins
Manage Environments Using the CLI
Manage Environments Using the CLI
Getting Started with WSO2 API Controller (apictl)
Manage APIs and API Products
Manage APIs and API Products
Manage APIs and API Products
Import APIs Via Dev First Approach
Migrate APIs to Different Environments
Migrate API Products (with or without Dependent APIs) to Different Environments
Manage Applications
Manage Applications
Manage Applications
Migrate Apps to Different Environments
Manage Rate Limiting Policies
Manage Rate Limiting Policies
Manage Rate Limiting Policies
Migrate Rate Limiting Policies to Different Environments
Manage Common API Policies
Manage Common API Policies
Manage Common API Policies
Migrate Common API Policies to Different Environments
Manage Integrations
Encrypt Secrets with apictl
Enable Correlation Logs with apictl
AI Related Operations with apictl
Advanced Topics
Advanced Topics
Create Custom Users to Perform apictl Operations
Configure Environment Specific Parameters
Use Dynamic Data in apictl Projects
Configure Different Endpoint Types
Configuring Different Endpoint Security Types
Format the Outputs of Get Commands
Configure Git Integration
Upgrade
Reference
Reference
Common Runtime and Configuration Artifacts
Default Product Ports
Product Compatibility
Performance Test Results
Performance Test Results
API Manager
Token Persistence
Supported Cipher Suites
Tutorials
Tutorials
Tutorials Overview
Develop an Integration From a Managed API
Scenario Tutorials
Scenario Tutorials
Scenario Overview
Scenario 1 - Create a REST API from an OpenAPI Definition
Scenario 2 - Engage Access Control to the API
Scenario 3 - Implement an API
Scenario 4 - Sign Up a New User
Scenario 5 - Get the Developer Community Involved
Scenario 6 - Integrate with Data Sources
Scenario 7 - Analytics
Scenario 8 - Rate Limiting
Scenario 9 - Realtime Data with WebSocket API
Scenario 10 - Notifications Using WebHooks
Scenario 11 - GraphQL Support
Scenario 12 - Guaranteed Message Delivery
Scenario 13 - Integrate with Services via Connectors
Scenario 14 - External Key Manager Support
API Management Tutorials
API Management Tutorials
Setting Up a Distributed Setup Using the APIM Enterprise Package
Create and Publish a GraphQL API
Create and Publish a Streaming API
Create and Publish a Streaming API
Create and Publish a WebSocket API
Create and Publish a WebSub/WebHook API
Create and Publish a SSE API
Create and Publish an AWS Lambda API
Expose a SOAP Service as a REST API
Edit an API by Modifying the API Definition
Integrating API Manager with an External Broker and Gateway
Back to top