In the race to deliver innovative new digital experiences ahead of the competition, enterprises need to embrace the growing adoption of artificial intelligence (AI), continued mainstreaming of Kubernetes for application delivery, and greater protection against cyber-attacks. WSO2 addresses these demands while increasing developer productivity with the latest releases of WSO2 API Manager and WSO2 API Platform for Kubernetes (WSO2 APK).
WSO2’s new open-source software API management offerings add the ability to manage AI services as APIs, expand Kubernetes-native API management support, improve productivity for developers producing or consuming APIs, and enhance security and access control. The new capabilities build on the strengths of WSO2’s two open-source API management software offerings: WSO2 API Manager is WSO2’s comprehensive, industry-leading platform for full lifecycle API management, executing 60 trillion-plus transactions each year. WSO2 APK, which launched in 2023, is engineered specifically to leverage the inherent strengths of Kubernetes for API management.
“As organisations seek a competitive edge through innovative digital experiences, they need to invest equally in state-of-the-art technologies and in fostering the productivity of their software development teams,” said Christopher Davey, WSO2 vice president and general manager – API management. “With new functionality for managing AI services as APIs and extended support for Kubernetes as the preferred platform for digital innovation, WSO2 API Manager and WSO2 APK are continuing to enhance developers’ experiences while delivering a future-proof environment for their evolving needs.”
New Functionality for Managing AI Services as APIs
As more organisations use third-party APIs to add AI and large language models (LLMs) to their offerings, they need visibility and control over how their AI/LLM APIs are used. Now through WSO2’s new Egress API Management capability, AI APIs can benefit from full lifecycle API management and governance with built-in support for a range of popular service providers, including OpenAI, Mistral AI and Microsoft Azure OpenAI.
Available with both WSO2 API Gateway and WSO2 APK Gateway, Egress API Management enables developers to manage internal and external AI services as APIs. It offers an enhanced egress (outbound) gateway experience for managing and routing API requests specifically for AI services, including enforcement of policies, to ensure secure and efficient access to AI models. Additionally, the egress APIs will help reduce costs and improve performance by enabling organisations to automate responses and control outbound traffic with backend rate limiting and subscription-level rate limiting of AI API consumption.
Expanded Kubernetes-Native Support
WSO2 extends its commitment to supporting the exponential growth of microservices and APIs running on Kubernetes with three new developments.
WSO2 API Microgateway is a cloud native, developer-centric decentralised gateway for microservices. In response to customer and market demand, the newest version has been updated to align with the latest WSO2 API Manager release for enhanced scalability while maintaining extreme governance, reliability and security.
gRPC API Support for WSO2 APK Gateway provides enhanced capabilities for developers and engineers building microservices architectures with gRPC. By aligning with the Kubernetes Gateway API specification (gRPC Route support), it improves integration with Kubernetes environments and provides greater control over gRPC services.
New Traffic Filters for HTTP Routes available with the newest WSO2 APK Gateway release are aligned with Kubernetes Gateway API standards. They provide more flexibility and precision in routing and transforming HTTP traffic, resulting in efficient traffic management and a better experience for developers.
Improved Developer Productivity
WSO2 offers new features for improving developers’ productivity whether they are producing or consuming APIs. The newest WSO2 APK release now includes support for subscription rate limit policies, which is already available in WSO2 API Manager. It allows API providers to define and enforce usage quotas and limits for API consumers, so they can subscribe to specific tiers with allocated API request limits.
Additionally, the unified control plane in WSO2 API Manager, which also manages WSO2 APK, introduces the ability to search for APIs using content from API definition files—such as Swagger, AsyncAPI, GraphQL, and WSDL—directly in the Developer Portal and Publisher Portal to improve API discoverability and usability.
IEnhanced Security and Access Control
Many organisations struggle to maintain consistent security configurations across different environments, potentially exposing vulnerabilities. The WSO2 API Manager control plane (also managing WSO2 APK) now addresses this challenge with support for configuring separate mutual TLS (mTLS) authentication settings for production and sandbox environments. This ensures API consumers can connect with the appropriate level of security for a given environment, providing flexibility and adherence to varying compliance demands.
The newest WSO2 API Manager release also adds personal access token (PAT) support, enabling secure, time-limited authentication to access WSO2 API Manager system APIs without exposing a username and password. Often used in continuous integration/continuous delivery (CI/CD) pipelines, automated scripts, or local development environments, PATs offer a secure substitute for passwords, particularly when applications, scripts or integrations need to automatically authenticate to services or API endpoints.