logo
API Manager Documentation
Gateway API v2
4.5.0
  • Show all
Initializing search
    wso2/docs-apim
    • Home
    • Get Started
    • Manage APIs
    • Consume APIs
    • AI Gateway
    • Governance
    • Monitoring
    • Reference
    • Administer
    • Install and Setup
    • Tutorials
    Report Issues
    wso2/docs-apim
    • Documentation
      • Overview
      • Key Concepts
      • Architecture
      • Quick Start Guide
      • About this Release
        • Design APIs Overview
            • Create a REST API
            • Create a REST API from an OpenAPI Definition
            • Expose a SOAP Service as a REST API
            • Generate REST API from SOAP Backend
            • Test a REST API
            • Create a GraphQL API
            • Create a GraphQL API using Introspection
            • Streaming API Overview
            • Create a WebSocket API
            • Create a WebSub/WebHook API
            • Create a SSE API
            • Create a Streaming API from an AsyncAPI Definition
            • Test a WebSub/WebHook API
          • Create an API Using a Service
          • AI APIs
        • Create APIs with AI
        • Create API Revisions
        • Add Custom Properties to APIs
        • Change the Thumbnail of an API
          • Overview
            • With API Gateway
          • Existing Backend Implementation as a Prototype API
          • API Product Overview
          • Create an API Product
          • Endpoint Types
            • Secure Endpoint with Basic Auth
            • Secure Endpoint with Digest Auth
            • Secure Endpoint with OAuth 2.0
          • High Availability for Endpoints
            • Endpoint Timeouts
            • Endpoint Suspension
            • Prevent API Suspension
          • Manage Certificates
          • API Lifecycle
          • Customize API Life Cycle
          • Create a New API Version
          • Deprecate the Old Version
          • Backward Compatibility
          • Enable Notifications
          • Add API Documentation
          • View Generated Documentation
          • Comment on an API via the Publisher
          • Enable Social Media Interaction
          • Overview
          • Attach Policies
          • Create a Policy
            • Add Dynamic Endpoints
            • Remove Specific Request Headers From Response
            • Pass a Custom Authorization Token to the Backend
            • URL Mapping
            • Disable Message Chunking
            • Transform API Message Payload
            • Add a Non-Blocking Send Operation
            • Add a Class Mediator
            • Configure Message Builders and Formatters
            • JWT claim based access validator
            • Revoke One Time Tokens Policy
            • Overview
            • Secure APIs using OAuth2 Access Tokens
            • Secure APIs using API Keys
            • Secure APIs using Mutual SSL
            • Secure APIs using Basic Authentication
            • Secure APIs using Certificate Bound Access Token
            • Federating OAuth Applications
            • Disable Security
            • Overview
            • Role-Based Access Control using Scopes
            • Role-Based Access Control using XACML
            • Publisher Portal in Read Only Mode
          • Secure APIs by Auditing API Definitions
            • JSON Schema Validator
              • JWT Access Tokens
              • Role-Based Access Control with OAuth Scopes
              • Scope Whitelisting
              • Overview
              • Password Grant
              • Client Credentials Grant
              • Authorization Code Grant
              • Refresh Token Grant
              • JWT Grant
              • SAML Extension Grant
              • Kerberos OAuth2 Grant
              • NTLM Grant
            • Token Revocation
            • Token Expiration
            • Token Persistence
            • Encrypting OAuth2 Tokens
            • Hashing OAuth Keys
            • Multiple Active Access Tokens
            • Provisioning Out-of-Band OAuth Clients
            • Securing OAuth Token with HMAC Validation
            • Bot Detection
            • Gateway Threat Protectors
            • Regular Expression Threat Protection
            • JSON Threat Protection
            • XML Threat Protection
            • Obtain User Profile Information with OpenID Connect
            • Overview
            • Custom OPA Policy for Regualr Gateway
          • Throttling Use-Cases
          • Add New Throttling Policies
          • Set Throttling Limits
          • Reset Application Throttling Policies
          • Access Control
          • Enforce Throttling and Resource Access Policies
          • Set Maximum Backend Throughput Limits
          • Rate Limiting for Streaming APIs
          • Rate Limiting for AI APIs
            • Overview
            • Query Depth Limit
            • Query Complexity Limit
            • Custom Rate Limiting
            • Distributed Burst Control, Backend Rate Limiting for API Gateway Cluster
          • Monetize an API
          • B2B API Consumption
          • Setup WSO2 Identity Server as a Federated Authenticator
          • Enable Publisher Access Control
          • Control API Visibility and Subscription Availability in the Developer Portal
          • Enable CORS for APIs
          • Add an API State Change Workflow
          • Block Subscription to an API
          • Disable Subscription Requirement for an API
          • Validate API Definitions with Linters
          • API Governance CLI Tool
            • Deploy an API
            • Expose APIs via Custom Hostnames
            • Deploy Through Multiple API Gateways
            • Revision Deployment Workflow
            • Overview of the WSO2 Universal Gateway
            • Gateway Policies
            • Response Caching
              • Regular Expression Threat Protection
              • JSON Threat Protection
              • XML Threat Protection
            • Pass End User Attributes to the Backend
            • Gateway Environments
            • Scale the Gateway
              • Universal Gateways with Dedicated Backends
              • Mutual SSL Between Universal Gateway and Backend
              • Storing Custom Synapse Artifacts in the Gateway
            • Deploy on AWS API Gateway
            • Configure a Custom Gateway Agent
          • Publish an API
          • Add a Third-party API
          • Publish to Multiple External API Developer Portals
          • Import APIs From AWS API-Gateway to WSO2 API-M
      • Consume APIs - Overview
        • Search
        • Marketplace Assistant
        • Create Application
          • Application Keys
            • Password Grant
            • Client Credentials Grant
            • JWT Grant
            • Kerberos OAuth2 Grant
            • Refresh Token Grant
            • Authorization Code Grant
            • SAML Extension Grant
            • NTLM Grant
          • Overview of Access Tokens
          • Access Tokens Per Device
          • Change the Default Token Expiration Time
          • Revoke OAuth2 Application
        • Share Applications
          • Add Custom Attributes to Applications
          • Change the Owner of an Application
          • Change the Provider of an Api
          • Add an Application Creation Workflow
          • Add an Application Key Generation Workflow
        • Subscribe to an API
          • Add an API Subscription Workflow
          • Add an API Subscription Tier Update Workflow
          • Add an API Subscription Deletion Workflow
          • Test a REST API
          • Test a GraphQL API
          • Add Additional Headers to Test a REST API
        • SOAP Client
        • Postman
        • Test APIs with API Chat
        • Interact with the Community
        • Generate SDKs in Developer Portal
        • Write a Client Application Using the SDK
        • Recover Password
        • Change Password
      • Overview
      • Getting started with AI Gateway
      • AI Backend Security
      • Rate Limiting
        • Overview
        • Load Balancing
        • Failover
        • Default AI Vendors
          • Overview
          • Custom Connector
          • Onboarding Anthropic's Claude
      • Overview
      • Concepts
        • Administrative Capabilities
        • API Creator/Publisher Capabilities
      • CI/CD-Driven Governance
        • Rule Validator
          • WSO2 API Management Guidelines
          • WSO2 REST API Design Guidelines
          • OWASP Top 10
          • WSO2 API Security Guidelines
        • API YAML Representation
        • API Documentation YAML Representation
        • Overview
          • Architecture
          • Getting Started Guide
          • Role-based Access Control
          • Alerts
          • Choreo Based Analytics via Proxy
          • ELK Based Analytics Installation Guide
          • Datadog Analytics Installation Guide
        • Publish Analytics Events to External Systems
        • Publish Custom Analytics Events Data
        • Overview
          • Correlation Logs
          • HTTP Access Logs
          • Audit Logs
          • API Logs
          • Websocket Logs
          • OpenTracing
          • OpenTelemetry
          • JMX-Based Monitoring
        • Overview
          • Publisher API v4
          • Developer Portal API v3
          • Admin API v4
          • Gateway API v2
          • Service Catalog API v1
          • DevOps API v0
          • Governance API v1
        • Advanced Configurations
        • Understand the New Configuration Model
        • API-M Config Catalog
      • API Controller (APICTL)
        • Rule Validator
          • WSO2 API Management Guidelines
          • WSO2 REST API Design Guidelines
          • OWASP Top 10
          • WSO2 API Security Guidelines
        • API YAML Representation
        • API Documentation YAML Representation
        • Vendor Specific Extensions
            • Extend Key Validation
            • Extend Scope Validation
            • Extend Key Manager
            • Write Custom Grant Types
            • Customize API Template
            • Write Custom Handlers
            • Invoke the API Manager from the BPEL Engine
            • Customize a Workflow Extension
            • Configure HTTP Redirection for Workflows
            • Configure Workflows for Tenants
            • Configure Workflows in a Cluster
            • Change the Default User Role in Workflows
            • Clean Up Workflow Tasks
            • Configure Single Sign On with SAML2
            • Configure External IDP Through Identity Server for SSO
            • Configure Identity Server as IDP for SSO
            • Multi Factor Authentication for Publisher and Developer Portals
            • Override the Developer Portal Theme
              • API Category based Grouping
              • Change Default View
            • Enable or Disabl API Detail Tabs
            • Override API Overview Page per API
            • Enable or Disable Rating
            • Enable or Disable Home Page
            • Enable or Disable Tag Cloud
            • Enable or Disable Footer
            • Enable or Disable Banner
            • Styling API Details Left Menu
            • Styling API Details Info Section
            • Styling the Logo and Header
            • Enable or Disabling Self Signup
            • Configure reCaptcha for Self-SignUp
          • Override the Publisher Portal Theme
          • Log in to the Developer Portal Using Social Media
          • Directing the Root Context to the Developer Portal
          • Customize User Signup in Developer Portal
          • Customize Login Pages for Developer Portal and Publisher
          • Customize the Developer Portal and Gateway URLs for Tenants
          • Add a User Signup Workflow
          • Add internationalization
          • Define Custom Linter Rules
          • Advanced UI Customization
          • Modify Workflow Approval Task Limit
          • Implementing a Custom Validation Engine
        • Admin Services
        • Work with the Source Code
        • Java Documentation
        • WSO2 API-M Best Practices
        • Best Practices for Working with Endpoints
      • Accessibility Compliance
        • Message Flow in the API Manager Gateway
        • Accessing API Manager by Multiple Devices Simultaneously
        • admin_Directory Structure of WSO2 Products
        • Error Handling
        • Capturing System Data in Error Situations
        • Troubleshooting in Production Environments
        • Utilizing Runtime Diagnostic Tool
        • Cleaning Up Partially Created Keys
        • Configure XSLT Mediation with Xalan
        • Troubleshooting 'Registered callback does not match with the provided url' error
        • Troubleshooting JMS
        • Troubleshooting WebSocket APIs
      • FAQ
      • Administer Overview
        • Introduction to User Management
          • Manage User Roles
          • Manage Users
          • Manage Role Permissions
          • Manage Users for Admin Portal
        • Introduction to User Stores
        • Configure Secondary User Stores
        • Write a Custom User Store Manager
        • Configure the Authorization Manager
        • Introduction to Multitenancy
        • Manage Tenants
        • Configure the Tenant Loading Policy
        • Configure Logs
        • Server Health
        • Configure a Gateway
        • Configure Gateway Visibility
        • Overview
        • Configure WSO2 IS as a Key Manager
        • Configure WSO2 IS 7.x as a Key Manager
        • Configure Keycloak as a Key Manager
        • Configure Okta as a Key Manager
        • Configure Auth0 as a Key Manager
        • Configure PingFederate as A Key Manager
        • Configure ForgeRock as a Key Manager
        • Configure a Custom Key Manager
        • Configure the Global Key Manager
        • Configure the Azure AD as a Key Manager
      • Advanced Configurations
      • Manage Role based access control for the Admin portal
      • Install and Setup Overview
        • Installation Prerequisites
          • Install API-M
          • Run API-M
          • Run API-M as a Linux Service
          • Run API-M as a Windows Service
        • Installation Options
          • Update WSO2 API Manager
          • Set up Kubernetes Gateway with APIM
            • Set up a Third-party Key Manager
            • Set up WSO2 Identity Server as a Resident Key Manager
            • Overview
              • Change to MySQL
              • Change to MSSQL
              • Change to PostgreSQL
              • Change to Oracle
              • Change to IBM DB2
              • Change to Oracle RAC
            • Manage Data Growth and Improving Performance
            • Configure the Proxy Server and the Load Balancer
            • Add a custom Proxy Path
              • Maintain Logins and Passwords
                • Customize Secure Vault
                • Set Passwords Using Environment Variables/System Properties
                • Work with Encrypted Passwords
                • Set Up ReCaptcha
                • Configure reCaptcha for Single Sign On
                • Intergrate with HashiCorp Vault
              • Configure Keystores in API Manager
                • Create a New Keystore
                • Renew a CA Signed Certificate
                • About Asymetric Cryptography
            • Enable HostName Verification
            • Enable Java Security Manager
            • General Data Protection Regulation (GDPR) for WSO2 API Manager
            • Configure Transport Level Security
            • User Account Management
            • Secure Web Portals
            • Introduction to User Stores
              • Configure Primary User Stores
              • Configure a JDBC User Store
              • Configure a Read-Write LDAP User Store
              • Configure a Read-Only LDAP User Store
              • Configure a Read-Write Active Directory User Store
            • Configure Identity Server As External IDP with OIDC
            • Configure Identity Server As External IDP with SAML
            • OKTA As An External IDP With OIDC
            • OKTA As An External IDP With SAML
            • Change the Default Transport
            • Configure Caching
            • Customize the Management Console
            • Configure the Crypto Provider
        • Deployment Patterns Overview
          • Overview
            • Single Node Deployment
            • Active-Active Deployment
            • Overview
            • Simple Scalable Deployment
            • Distributed Deployment (Recommended)
            • Distributed Deployment with Key Manager Separation
            • Patterns Overview
            • Multi-DC Deployment - Pattern 1
            • Multi-DC Deployment - Pattern 2
            • Overview
              • Single Node Deployment
              • Active-Active Deployment
              • Simple Scalable Deployment
              • Distributed Deployment (Recommended)
              • Distributed Deployment with Key Manager Separation
              • Simple Scalable Deployment with Key Manager Separation
          • API-M on Openshift
          • Deployment Checklist
          • Security Guidelines for a Production Deployment
          • Basic Health Checks
          • Change the Hostname
          • Change the Default Ports
          • Backup and Recovery
            • API-M Performance Tuning
          • CI/CD for APIs - Overview
          • Build a CI/CD Pipeline for APIs Using the CLI
          • Build a CI/CD Pipeline for APIs using Jenkins
          • Getting Started with WSO2 API Controller (apictl)
            • Manage APIs and API Products
            • Import APIs Via Dev First Approach
            • Migrate APIs to Different Environments
            • Migrate API Products (with or without Dependent APIs) to Different Environments
            • Manage Applications
            • Migrate Apps to Different Environments
            • Manage Rate Limiting Policies
            • Migrate Rate Limiting Policies to Different Environments
            • Manage Common API Policies
            • Migrate Common API Policies to Different Environments
          • Manage Integrations
          • Encrypt Secrets with apictl
          • Enable Correlation Logs with apictl
          • AI Related Operations with apictl
            • Create Custom Users to Perform apictl Operations
            • Configure Environment Specific Parameters
            • Use Dynamic Data in apictl Projects
            • Configure Different Endpoint Types
            • Configuring Different Endpoint Security Types
            • Format the Outputs of Get Commands
            • Configure Git Integration
      • Upgrade
        • Common Runtime and Configuration Artifacts
        • Default Product Ports
        • Product Compatibility
          • API Manager
          • Token Persistence
        • Supported Cipher Suites
      • Tutorials Overview
      • Develop an Integration From a Managed API
        • Scenario Overview
        • Scenario 1 - Create a REST API from an OpenAPI Definition
        • Scenario 2 - Engage Access Control to the API
        • Scenario 3 - Implement an API
        • Scenario 4 - Sign Up a New User
        • Scenario 5 - Get the Developer Community Involved
        • Scenario 6 - Integrate with Data Sources
        • Scenario 7 - Analytics
        • Scenario 8 - Rate Limiting
        • Scenario 9 - Realtime Data with WebSocket API
        • Scenario 10 - Notifications Using WebHooks
        • Scenario 11 - GraphQL Support
        • Scenario 12 - Guaranteed Message Delivery
        • Scenario 13 - Integrate with Services via Connectors
        • Scenario 14 - External Key Manager Support
        • Setting Up a Distributed Setup Using the APIM Enterprise Package
        • Create and Publish a GraphQL API
          • Create and Publish a WebSocket API
          • Create and Publish a WebSub/WebHook API
          • Create and Publish a SSE API
        • Create and Publish an AWS Lambda API
        • Expose a SOAP Service as a REST API
        • Edit an API by Modifying the API Definition
        • Integrating API Manager with an External Broker and Gateway

    Back to top
    Previous Admin API v4
    Next Service Catalog API v1
    WSO2 API Manager - Documentation
    Made with Material for MkDocs
    Copyright © WSO2 LLC 2024
    Content licensed under CC By 4.0. | Sample code licensed under Apache 2.0.