What's New in WSO2 API Manager 3.2.0?

What's New in WSO2 API Manager 3.2.0?

WSO2 API Manager 3.2.0 the third release of the API Manager 3.x series, simplifies integrating with other ecosystems while reducing complexity of large scale deployments.

WSO2 API Manager 3.2.0 the third release of the API Manager 3.x series, simplifies integrating with other ecosystems while reducing complexity of large scale deployments.

By simplifying integration with other IAM solutions, version 3.2.0 allows itself fit into existing deployments without major changes. And with the help of reduced dependencies on KeyManager, File-less artifact deployment and support for Publisher initiated Microgateway deployments, rough edges with large scales deployments have been ironed out and usability and manageability has been improved to a great extent.

Due to the simplicity and extensibility offered, I thought of discussing those among all other features.

Seamless integration with WSO2 IAM, Okta, KeyCloak and other IAM solutions

3.2.0 makes integrating with different IAM solutions seamless. This is useful when the organisation’s Identity and Access Management is centrally handled through a single IAM solution. In such a scenario Consumers and Consumer Applications are centrally managed and the organisation prefers issuing and managing tokens centrally.

In these situations, the ability to extend Key Manager support becomes quite handy, which allows using an Organisation's IAM solution to work with the API Manager. In a standard deployment it’s through the Key Manager profile OAuth Consumer Applications are created and tokens are obtained from. While the token passes through Gateway, Key Manager is called to validate the key. Now with the ability to extend Key Manager support, different IAM solutions like Okta, KeyCloak, Auth0, PingIdentity,etc.. can be used in place of the default Key Manager.

Multiple Key Managers shown in Admin UI

This support is not entirely new since some of these changes were first introduced as early as in APIM 1.9.0. But in those versions integrating a different Key Manager was only possible through a custom implementation. Moreover, only a single Key Manager was allowed for the entire APIM distribution. The latest release addresses these limitations by allowing to

  • Configure a Key Manager through a UI
  • Keep multiple Key Managers within a single tenant
  • Maintain a different Key Manager per each tenant
  • Select Key Manager per API

One challenge present in the previous releases was Application Creation UI in Developer Portal remaining static regardless of the Key Manager used. This would hide different options provided by the connected IAM solution and would force to mold certain options into existing UI elements. The new release solves this by rendering the Application Creation UI with the attributes provided by the IAM connected.

Portal gets rendered differently for different Key-Managers

Now using the New Key Manager Configuration UI, you can simply connect with Okta (or with other supported IAMs) by populating different fields (or by using the well known configuration url).

Key-Manager can be selected at the API level

For more information you can refer this document.

api security programming developer

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Top 10 API Security Threats Every API Team Should Know

Learn what are the most important API security threats engineering leaders should be aware of and steps you can take to prevent them

A Simple Guide to API Development Tools

APIs can be as simple as 1 endpoint for use by 100s of users or as complex as the AWS APIs with 1000s of endpoints and 100s of thousands of users. Building them can mean spending a couple of hours using a low-code platform or months of work using a multitude of tools. Hosting them can be as simple as using one platform that does everything we need or as complex as setting up and managing ingress control, security, caching, failover, metrics, scaling.

Tracking a Developer’s Journey From Documentation Visit

Measuring website activity provides only half the story. See how to best track the developer's journey and what funnel stages makes sense for API-first products

How to Market to Developers with Paid Marketing

Selling to developers is hard. How to market to developers efficiently using paid advertising leveraging inbound marketing techniques.

API Security Weekly: Issue #101

After the special 100th edition last week, which was all about API security advice from the industry’s thought leaders, this week we are back to our regular API security news, and we have twice the number of them, from the past two weeks.