The WSO2 API Manager team is pleased to announce the release of version 1.9.0 of the Open Source API Manager.
WSO2 API Manager is a platform for creating, managing, consuming and monitoring APIs. It employs proven SOA best practices to solve a wide range of API management challenges such as API provisioning, API governance, API security and API monitoring. It combines some of the most powerful and mature components of the WSO2's state-of-the-art Carbon platform to deliver a smooth and end-to-end API management experience while catering to both API publisher and API consumer requirements. WSO2 API Manager is comprised of several modules. - *API Provider:* Define new APIs and manage them - *API Store:* Browse published APIs and subscribe to them - *API Gateway:* The underlying API runtime based on WSO2 ESB - *API Key Manager:* Performs Key Generation and Key Validation functionalities WSO2 API Manager is developed on top of the revolutionary WSO2 Carbon platform <http://wso2.com/products/carbon/>, an OSGi based framework that provides seamless modularity to your SOA via componentization. This release also contains many new features and a range of optional components (add-ons) that can be installed to customize the behavior of the API Manager. Further, any existing features of the product which are not required in your environment can be easily removed using the underlying provisioning framework of Carbon. In brief, WSO2 API Manager can be fully customized and tailored to meet your exact API management needs. For more information on WSO2 API Manager and to download the product please visit http://wso2.com/products/api-manager. Also take a look at the online product documentation <http://docs.wso2.org/wiki/display/AM150/WSO2+API+Manager+Documentation>. *How to Run* 1. Extract the downloaded zip 2. Go to the bin directory in the extracted folder 3. Run the wso2server.sh or wso2server.bat as appropriate 4. Launch a web browser and navigate to https://localhost:9443/publisher to access the API provider webapp 5. Navigate to https://localhost:9443/store to access the API store 6. Navigate to https://localhost:9443/admin-dashboard to access Admin dashboard 7. Use "admin", "admin" as the username and password to login as an admin API Manager 1.9.0 includes following new features, improvements and bug fixes. New Features - [APIMANAGER-3286 <https://wso2.org/jira/browse/APIMANAGER-3286>] - Enable using an external Authorization Server for Key Validation/ Creation - [APIMANAGER-3498 <https://wso2.org/jira/browse/APIMANAGER-3498>] - Create a corresponding SP when creating OAuth Application from Store UI - [APIMANAGER-3397 <https://wso2.org/jira/browse/APIMANAGER-3397>] - Pluggable Versioning Strategy - [APIMANAGER-3398 <https://wso2.org/jira/browse/APIMANAGER-3398>] - Sharing capabilities for Applications (subscriptions) - [APIMANAGER-3339 <https://wso2.org/jira/browse/APIMANAGER-3339>] - Add missing event attributes in publishing data to BAM/CEP - [APIMANAGER-3415 <https://wso2.org/jira/browse/APIMANAGER-3415>] - Providing a way to add event receiver and analyser configurations through UI in APIM - [APIMANAGER-3344 <https://wso2.org/jira/browse/APIMANAGER-3344>] - Scope specific access token generation from API Store - [APIMANAGER-3388 <https://wso2.org/jira/browse/APIMANAGER-3388>] - Update API Manager to the latest Swagger version (2.0) - [APIMANAGER-3334 <https://wso2.org/jira/browse/APIMANAGER-3334>] - Custom URLs support for APIPublisher/APIStore - [APIMANAGER-3456 <https://wso2.org/jira/browse/APIMANAGER-3456>] - User password change feature for API Store - [APIMANAGER-3487 <https://wso2.org/jira/browse/APIMANAGER-3487>] - API Migration Client to migrate APIM 1.8.0 to 1.9.0 - [APIMANAGER-2238 <https://wso2.org/jira/browse/APIMANAGER-2238>] - [UI improvement] Ability to specify the token scope in Store when generating Application Token *Improvements * - [APIMANAGER-772 <https://wso2.org/jira/browse/APIMANAGER-772>] - Add integration tests for the new feature Make JWT generation configurable - [APIMANAGER-1335 <https://wso2.org/jira/browse/APIMANAGER-1335>] - Create Script to Test Visibility in Public, Private Restricted APIs - [APIMANAGER-1603 <https://wso2.org/jira/browse/APIMANAGER-1603>] - Same configuration and description for Thrift Key Validation server host name is mentioned twice in api-manager.xml - [APIMANAGER-1704 <https://wso2.org/jira/browse/APIMANAGER-1704>] - Do we need to expose OPTIONS request in the UI? - [APIMANAGER-1740 <https://wso2.org/jira/browse/APIMANAGER-1740>] - Documentatoin links added should be visible as links in store. - [APIMANAGER-1765 <https://wso2.org/jira/browse/APIMANAGER-1765>] - [Store-APIs] Tier availability for an API is not returned in the set of apis returned when called the store/site/blocks/api/listing/ajax/list.jag - [APIMANAGER-1948 <https://wso2.org/jira/browse/APIMANAGER-1948>] - These junit test cases testUpdateRefreshedApplicationAccessToken and testIsAccessTokenExists need to added back to apimgt.impl module - [APIMANAGER-2010 <https://wso2.org/jira/browse/APIMANAGER-2010>] - For non-subscribed APIs, need to have “Default” application pre-selected in subscribe UI - [APIMANAGER-2270 <https://wso2.org/jira/browse/APIMANAGER-2270>] - Upgrade wso2's jQuery version to 1.9.0 or greater - [APIMANAGER-2543 <https://wso2.org/jira/browse/APIMANAGER-2543>] - velosity log file should move to repository logs directory - [APIMANAGER-2787 <https://wso2.org/jira/browse/APIMANAGER-2787>] - Mis-spellings in the code for 'tenant' as 'tennat' - [APIMANAGER-2854 <https://wso2.org/jira/browse/APIMANAGER-2854>] - Remove message logging from APIManagerExtensionHandler - [APIMANAGER-2880 <https://wso2.org/jira/browse/APIMANAGER-2880>] - API Store: Need indication on the API page that I am already subscribed to the API - [APIMANAGER-2910 <https://wso2.org/jira/browse/APIMANAGER-2910>] - helpful troubleshooting message? - [APIMANAGER-2954 <https://wso2.org/jira/browse/APIMANAGER-2954>] - Publishing an api to an external store - [APIMANAGER-3069 <https://wso2.org/jira/browse/APIMANAGER-3069>] - There is no option displayed to delete added Swagger API definition parameters - [APIMANAGER-3092 <https://wso2.org/jira/browse/APIMANAGER-3092>] - Issue in the API doc visibility - 'Private' - [APIMANAGER-3143 <https://wso2.org/jira/browse/APIMANAGER-3143>] - Need to remove author info from API Cloud - [APIMANAGER-3198 <https://wso2.org/jira/browse/APIMANAGER-3198>] - Change gateway response messages on failures to more descriptive descriptions - [APIMANAGER-3199 <https://wso2.org/jira/browse/APIMANAGER-3199>] - Change log level on gateway call rejection from ERROR to INFO when there is no actual failure - [APIMANAGER-3203 <https://wso2.org/jira/browse/APIMANAGER-3203>] - Moving API Usage Publisher stream names and versions to read from config file. - [APIMANAGER-3231 <https://wso2.org/jira/browse/APIMANAGER-3231>] - Debugs logs not wrapped by isDebugEnabled check - [APIMANAGER-3235 <https://wso2.org/jira/browse/APIMANAGER-3235>] - OPTIONS method is shown in the API Console - [APIMANAGER-3255 <https://wso2.org/jira/browse/APIMANAGER-3255>] - Introduce a Publisher API to import swagger definition using a file or a URL - [APIMANAGER-3292 <https://wso2.org/jira/browse/APIMANAGER-3292>] - Publisher "Edit Swagger Definition" : Add grammar check - [APIMANAGER-3293 <https://wso2.org/jira/browse/APIMANAGER-3293>] - Publisher "Edit Swagger Definition" : Resizable popup - [APIMANAGER-3311 <https://wso2.org/jira/browse/APIMANAGER-3311>] - There is no API to retrieve an API Document by File - [APIMANAGER-3319 <https://wso2.org/jira/browse/APIMANAGER-3319>] - There is no API to retrieve the endpoints of an API Store Item - [APIMANAGER-3324 <https://wso2.org/jira/browse/APIMANAGER-3324>] - Presentation of Sandbox/Production URL not clear - [APIMANAGER-3328 <https://wso2.org/jira/browse/APIMANAGER-3328>] - Remove 'Visible to my domain' visibility when in single tenant mode - [APIMANAGER-3329 <https://wso2.org/jira/browse/APIMANAGER-3329>] - Modify hostname/port to be taken from variables in Token API and Revoke API xmls - [APIMANAGER-3330 <https://wso2.org/jira/browse/APIMANAGER-3330>] - Modify hostname/port to be taken from variables in Token API,Revoke API and Authorize xmls - [APIMANAGER-3333 <https://wso2.org/jira/browse/APIMANAGER-3333>] - Fixing hardcoded username and password issue in api-manager.xml and make them resolved by user-mgt.xml - [APIMANAGER-3336 <https://wso2.org/jira/browse/APIMANAGER-3336>] - Improve the SAML2BearerGrantHandler with role based scope validation by extracting roles from SAML2 Assertion - [APIMANAGER-3351 <https://wso2.org/jira/browse/APIMANAGER-3351>] - Improving Statistics graphs - [APIMANAGER-3366 <https://wso2.org/jira/browse/APIMANAGER-3366>] - Improve publishing to multiple Gateways feature - [APIMANAGER-3392 <https://wso2.org/jira/browse/APIMANAGER-3392>] - New API - Get list of tags for a API - [APIMANAGER-3393 <https://wso2.org/jira/browse/APIMANAGER-3393>] - New API - Get list of tiers available for API - [APIMANAGER-3394 <https://wso2.org/jira/browse/APIMANAGER-3394>] - New API - List of all available tiers in API-M deployment - [APIMANAGER-3395 <https://wso2.org/jira/browse/APIMANAGER-3395>] - Need to provide proper instructions when adding tags to apis - [APIMANAGER-3396 <https://wso2.org/jira/browse/APIMANAGER-3396>] - HTTP Head method Support with APIM - [APIMANAGER-3399 <https://wso2.org/jira/browse/APIMANAGER-3399>] - Pre-populate API Manager with one API which can be used OOTB - [APIMANAGER-3400 <https://wso2.org/jira/browse/APIMANAGER-3400>] - Add pagination to 'My Subscriptions' page - [APIMANAGER-3401 <https://wso2.org/jira/browse/APIMANAGER-3401>] - UI imrpovements to APIPublisher Stats page - [APIMANAGER-3402 <https://wso2.org/jira/browse/APIMANAGER-3402>] - Improve the message prompted when deleting applications to state whether that app has active subscriptions or not - [APIMANAGER-3420 <https://wso2.org/jira/browse/APIMANAGER-3420>] - Swagger v2.0 support for APIM - [APIMANAGER-3421 <https://wso2.org/jira/browse/APIMANAGER-3421>] - Swagger v1.2 to v2.0 migration - [APIMANAGER-3424 <https://wso2.org/jira/browse/APIMANAGER-3424>] - No Tier Availability warning if change to Available to specific tenants Subscriptions - [APIMANAGER-3431 <https://wso2.org/jira/browse/APIMANAGER-3431>] - Override IP address with end user IP address for GA - [APIMANAGER-3465 <https://wso2.org/jira/browse/APIMANAGER-3465>] - Allow changing user password in API store. - [APIMANAGER-3466 <https://wso2.org/jira/browse/APIMANAGER-3466>] - Adding loading Indicators to buttons in API Design wizard - [APIMANAGER-3467 <https://wso2.org/jira/browse/APIMANAGER-3467>] - CORS Improvements - [APIMANAGER-3488 <https://wso2.org/jira/browse/APIMANAGER-3488>] - Access-control-allow-headers wildcard - [APIMANAGER-3514 <https://wso2.org/jira/browse/APIMANAGER-3514>] - Provide adequate information in exceptions throwing in key manager - [APIMANAGER-3522 <https://wso2.org/jira/browse/APIMANAGER-3522>] - Add link to store after publishing an API - [APIMANAGER-3524 <https://wso2.org/jira/browse/APIMANAGER-3524>] - Expose API for deleting a subscription by the applicationName - [APIMANAGER-3539 <https://wso2.org/jira/browse/APIMANAGER-3539>] - Need to add Tiers/Tags details to getAllPaginatedPublishedAPIs() payload - [APIMANAGER-3582 <https://wso2.org/jira/browse/APIMANAGER-3582>] - Need an option to delete Parameters that we add for 'Resource Methods' - [APIMANAGER-3600 <https://wso2.org/jira/browse/APIMANAGER-3600>] - It is better to disable the checkbox of the scope which are not entitled to the particular role - [APIMANAGER-3603 <https://wso2.org/jira/browse/APIMANAGER-3603>] - API store applications key generation curl requests should be displayed separately - [APIMANAGER-3604 <https://wso2.org/jira/browse/APIMANAGER-3604>] - When scopes are not defined, pls include a proper message - [APIMANAGER-3626 <https://wso2.org/jira/browse/APIMANAGER-3626>] - Grammar issue in the UI - [APIMANAGER-3682 <https://wso2.org/jira/browse/APIMANAGER-3682>] - Add breadcrumbs or back button in “edit content view” In API Documentation - [APIMANAGER-3710 <https://wso2.org/jira/browse/APIMANAGER-3710>] - Improve API Store load time when dealing with large number of APIs over low bandwidth connection - [APIMANAGER-3782 <https://wso2.org/jira/browse/APIMANAGER-3782>] - In API Store it shows status as “ inactive” for both approval pending and rejected ones in Application Creation Workflow - [APIMANAGER-3784 <https://wso2.org/jira/browse/APIMANAGER-3784>] - Update the API with swagger resource definition through Publisher REST API. - [APIMANAGER-3793 <https://wso2.org/jira/browse/APIMANAGER-3793>] - Publisher API should support to add parameters for HTTP verbs when adding apis - [APIMANAGER-3813 <https://wso2.org/jira/browse/APIMANAGER-3813>] - Add API flow - UI/UX Improvements - [APIMANAGER-3819 <https://wso2.org/jira/browse/APIMANAGER-3819>] - Provide ability to skip certain scopes being validated - [APIMANAGER-3885 <https://wso2.org/jira/browse/APIMANAGER-3885>] - Pls give a proper error message or something when the external store is not functioning *Bug Fixes * - Bug Fixes <https://wso2.org/jira/issues/?filter=12246> *Key Features of WSO2 API Manager* Following is a categorization of the core features supported by WSO2 API Manager based on the target user group. Design and Prototype APIs: - Design APIs, gather developer's feedback before implementing (API First Design). - Design can be done from the publishing interface or via importing an existing swagger definition - Deploy a prototyped API, provide early access to APIs, and get early feedback. - Mock API implementation using Javascript. - Support publishing SOAP, REST, JSON and XML style services as XML. Create a Store of all Available APIs: - Graphical experience similar to Android Marketplace or Apple App Store. - Browse APIs by provider, tags or name. - Self-registration to developer community to subscribe to APIs. - Subscribe to APIs and manage subscriptions on per-application basis. - Subscriptions can be at different service tiers based on expected usage levels. - Role based access to API Store; manage public and private APIs. - Manage subscriptions at a per-developer level. - Browse API documentation, download helpers for easy consumption. - Comment on and rate APIs. - Forum for discussing API usage issues (Available soon in future version). - Try APIs directly on the store front. - Internationalization (i18n) support. Publishing and Governing API Use: - Publish APIs to external consumers and partners, as well as internal users. - Supports publishing multiple protocols including SOAP, REST, JSON and XML style services as APIs. - Manage API versions and deployment status by version. - Govern the API lifecycle (publish, deprecate, retire). - Attach documentation (files, external URLs) to APIs. - Provision and Manage API keys. - Track consumers per API. - One-click deployment to API Gateway for immediate publishing. Control Access and Enforce Security: - Apply Security policies to APIs (authentication, authorization). - Rely on OAuth2 standard for API access (implicit, authorization code, client, SAML, IWA Grant type). - Restrict API access tokens to domains/IPs - Block a subscription and restrict a complete application. - Associate API available to system defined service tiers. - Leverage XACML for entitlements management and fine grained authorization. - Configire Single Sign-On (SSO) using SAML 2.0 for easy integartion with existing web apps. - Powered by WSO2 Enterprise Service Bus. Route API Traffic: - Supports API authentication with OAuth2. - Extremely high performance pass-through message routing with sub-millisecond latency. - Enforce rate limiting and throttling policies for APIs by consumer. - Horizontally scalable with easy deployment into cluster using proven routing infrastructure. - Scales to millions of developers/users. - Capture all statistics and push to pluggable analytics system. - Configure API routing policies with capabilities of WSO2 Enterprise Service Bus. - Powered by WSO2 Enterprise Service Bus. Manage Developer Community: - Self-sign up for API consumption. - Manage user account including password reset. - Developer interaction with APIs via comments and ratings. - Support for developer communication via forums (Available soon in future version). - Powered by WSO2 Identity Server. Govern Complete API Lifecycle: - Manage API lifecycle from cradle to grave: create, publish, block, deprecate and retire. - Publish both production and sandbox keys for APIs to enable easy developer testing. - Publish APIs to partner networks such as ProgrammableWeb (Available soon in future version). - Powered by WSO2 Governance Registry. Monitor API Usage and Performance: - All API usage published to pluggable analytics framework. - Out of the box support for WSO2 Business Activity Monitor and Google Analytics. - View metrics by user, API and more. - Customized reporting via plugging reporting engines. - Monitor SLA compliance. - Powered by WSO2 Business Activity Monitor. Pluggable, Extensible and Themeable: - All components are highly customizable thru styling, theming and open source code. - Storefront implemented with Jaggery (jaggeryjs.org) for easy customization. - Pluggable to third party analytics systems and billing systems (Available soon in future version). - Pluggable to existing user stores including via JDBC and LDAP. - Components usable separately - storefront can be used to front APIs gatewayed via third party gateways such as Intel Expressway Service Gateway. - Support for Single Sign On (SSO) using SAML 2.0 for easy integration with existing web apps Easily Deployable in Enterprise Setting: - Role based access control for managing users and their authorization levels. - Store front can be deployed in DMZ for external access with Publisher inside the firewall for private control. - Different user stores for developer focused store-front and internal operations in publisher. - Integrates with enterprise identity systems including LDAP and Microsoft Active Directory. - Gateway can be deployed in DMZ with controlled access to WSO2 Identity Server (for authentication/authorization) and governance database behind firewall. Support for creating multi-tenanted APIs: - Run a single instance and provide API Management to multiple customers - Share APIs between different departments in a large enterprise Publishing and Governing API Use: - Document an API using Swagger - Restrict API Access tokens to domains/IPs - Ability to block a subscription and restricting a complete application - Ability to revoke access tokens - Separate validity period configuration for Application Access Token - OAuth2 Authorization Code Grant Type Support - Configuring execution point of mediation extensions Monitor API Usage and Performance - Improved dashboard for monitoring usage statistics (Filtering data for a date range, More visually appealing widgets) *Known Issues* All the open issues pertaining to WSO2 API Manager are reported at the following location: - Known Issues <https://wso2.org/jira/issues/?filter=12245> How You Can ContributeMailing Lists Join our mailing list and correspond with the developers directly. - Developer List : dev@wso2.org | Subscribe <dev-requ...@wso2.org?subject=subscribe> | Mail Archive <http://wso2.org/mailarchive/dev/> - User List : u...@wso2.org | Subscribe <user-requ...@wso2.org?subject=subscribe> | Mail Archive <http://wso2.org/mailarchive/user/> Reporting Issues We encourage you to report issues, documentation faults and feature requests regarding WSO2 API Manager through the public API Manager JIRA <https://wso2.org/jira/browse/APIMANAGER>. You can use the Carbon JIRA <http://www.wso2.org/jira/browse/CARBON> to report any issues related to the Carbon base framework or associated Carbon components. Support We are committed to ensuring that your enterprise middleware deployment is completely supported from evaluation to production. Our unique approach ensures that all support leverages our open development methodology and is provided by the very same engineers who build the technology. For more details and to take advantage of this unique opportunity please visit http://wso2.com/support. To learn more about WSO2 API Manager and WSO2 support offerings please visit http://wso2.com/products/api-manager. *-- The WSO2 API Manager Team --* -- Lakmali Baminiwatta Senior Software Engineer WSO2, Inc.: http://wso2.com lean.enterprise.middleware mobile: +94 71 2335936 blog : lakmali.com
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
