WSO2 is an open source integration platform provider that offers products for API management, integration, and identity and access management. The document discusses WSO2's API Manager product which addresses the full API lifecycle from creation to monitoring. It provides a flexible, hybrid approach to API management through on-premises or cloud deployment options and supports REST, SOAP, GraphQL and serverless APIs.

1. Open Source, Developer friendly, API-Led
Integration Platform
August 22, 2020

2. Hello!
Vidura Gamini Abhaya
Senior Director - Solutions Architecture
vidura@wso2.com

3. About WSO2
3

4. WSO2 Inc. Copyright © 2020 All rights reserved. This document or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of WSO2.
Helping digitally driven organizations
become integration agile.
#1
#1 Open Source Integration Vendor
Largest Apache Committer6th
Largest Open Source Vendor6th
4

5. 5
600+ Employees
50% Engineering
550+ Customers
Around the world
(129 New in 2019)
Open Source
Flexible Deployment, Faster
Time To Market
Founded in 2005
Backed by Cisco and Toba
Capital
Global Presence
Colombo, New York, London,
Mountain View, São Paulo,
Sydney, Berlin, Mexico, Italy
20% YoY Growth

6. 6
WSO2 API MANAGER
Addresses full API lifecycle
management operations. Open,
extensible, customizable.
200K APIs for 20K Orgs
WSO2 ENTERPRISE
INTEGRATOR
Hybrid integration platform for
quick, iterative integration of any
application, data, or system.
6 Trillion Transactions/yr
WSO2 IDENTITY SERVER
Federates and manages identities
across both cloud service and
enterprise environments.
100M identities managed
WSO2 OPEN BANKING
A purpose-built technology platform for global open banking
WSO2 HEALTHCARE INTEGRATION
Towards greater interoperability with a proven integration platform and FHIR®
Common Architecture, Common Code Base, Open Source
WSO2 Integration Platform

7. Putting It Together: WSO2 Integration Agile Platform
Open source, hybrid, API-led integration
Solutions: Telco | Open Banking | Healthcare | GDPR |
WSO2
Architecture
for Agility
WSO2
Methodology
for Agility
Cloud-Native Integration
Kubernetes | Docker | Ballerina | Cellery
IDENTITY
& ACCESS
MANAGEMENT
ENTERPRISE
INTEGRATION
API
MANAGEMENT
Hybrid Deployment
WSO2 Managed Cloud | WSO2 Hosted Cloud | On-premises
7

8. 8
“The solution particularly well
suits buyers with strategies
that combine integration,
APIs, and microservices with a
desire for the benefits of open
source.”
Leader in the Forrester Wave:
API Management Solutions, Q3 2020

9. #1 Open Source / Open Core Application Integration Suite Vendor
9
VENDOR SHARE
WSO2 37.7%
Red Hat 30.8%
Fiorano 17.5%
Talend 14.0%
“Application infrastructure and
middleware projects are becoming the
cornerstone of the digital business.”

10. 10
“...WSO2 Identity Server APIs shows
strength in interoperability with a large
number of other IAM, CIAM, and IDaaS
platforms in these markets as well
integrations with CRM and other SaaS
systems. Overall, WS02 has consistently
made improvements in its Identity Server
and has moved it in a positive direction.”
Leader in KuppingerCole Leadership Compass,
2019 Access Management
And Federation

11. Customers Worldwide
11

12. 12
Flagship Customer Examples
Applied uses across every industry and geography
Healthcare Government Education Retail TechnologyFinancial TelecomTransport

13. ● Open Source not Open Core
● Use of Open standards
● Public mailing lists that discuss architecture and product features
● Free self-paced training and Certification options
● Public webinars and Youtube channel
● Community
⦿ Community Calls for each product
⦿ Slack channels
⦿ Stack Overflow
⦿ Events
Technology that is Easy to Adopt
13

14. Poll Time

15. WSO2 API Manager
Open source approach to addressing any spectrum of
API lifecycle, monetization and policy enforcement.

16. 16
WSO2 API Manager

17. Gateway
Broad portfolio of API management functionality ( * = New since 2018)
Internal and External API Management
○ Policy Enablement
○ Protocol Handling
○ Transformation
○ Microgateway*
○ Mobile &
Multi-experience
○ Data & Data as a
Service
Security
○ OAuth2
○ OIDC
○ Federated ID
○ SSO
○ JWT
○ API Key
○ AI driven API
Security*
Analytics Cloud Native
○ Business value
reporting
○ Streaming &
event-driven
analytics
○ Real-time alerting
○ Traffic management
○ Monetization
○ Istio integration*
○ Installations -
Kubernetes, Docker,
PCF.
○ Monitoring with
Prometheus /
Grafana*
○ Improved CI/CD*
Portal/Store
○ API Marketplaces
○ Monetization hooks /
partners
○ Flexible theme-based
architecture
○ Registry and
versioning model
Multiple plug-points and extensibility | Open source projects | Flexible deployment options
API Manager: Core Competencies
17

18. Multiple Gateway options
● Micro-GW : Immutable, container native, ideal for greenfield projects
● Regular : Robust, API driven, ideal for brownfield projects
● Both use the same management plane
● Both can be used together in the same deployment
Hybrid option: Gateways close to services, Mgt. plane on cloud
● Both can scale without management plane
● Gateways are identity provider agnostic -> Can work with any key manager as long as
trust is established and a signed token is used
Gateways - API Runtime options
18

19. Gateway
Key Manager
Traffic
Manager
<REST>
<SOAP>
<WebSocket>
HTTP
HTTP
HTTP
HTTP
JMS
HTTP
Can scale with or without Key Manager
Supports SOAP and WebSocket based
APIs in addition to REST
Automatic SOAP to REST conversion
Config driven mediation support
Standard Gateway
19

20. ● Designed to scale
⦿ Self-validating tokens
⦿ Localized rate limiting
⦿ Offline analytics
⦿ Immutable
⦿ Stateless
● Ideal to be deployed in a locked-down env such as DMZ
● Native support for Docker/K8S
● Private Jet Gateway for microservices
● First-class support for lifecycle management across environments
WSO2 API Microgateway
20

21. Designers Product Managers
API Publisher
The Portal for API Designers and Product Managers.
Design, mock and document REST and SOAP
APIs.
Create new versions of APIs.
Gain API usage insights for operational
purposes.
Import API definitions.
Apply policies for security, rate limits and
message transformations.
Validate and publish APIs for public discovery
and consumption.
The central point for managing the API’s
Lifecycle.
Monetize APIs through business plans.
Gain API usage insights for business purposes.
21

22. Start with an existing endpoint/contract or design and prototype a new API
Exposing SOAP services (convert to REST or as a passthrough)
Expose an API with GraphQL support
Exposing streaming APIs (WebSocket endpoints)
API Publisher
22

23. ● Select operations from different APIs and bundle together as a product
● Use different operations of the same API in different products
● Create sellable products and monetize them targeting different groups
Productization of APIs and Monetization
API Products
23

24. ● Expose GraphQL services as managed APIs
● Allowing authentication, operational level authorization, rate
limits and analytics for queries, mutations and subscriptions.
● Test GraphQL APIs with the embedded GraphQL tryout
console.
New API and Endpoint Types
GraphQL Support
24

25. ● Expose AWS Lambda functions as managed APIs
● Provide AWS credentials or get them from the environment.
● Select resource level ARNs.
New API and Endpoint Types
AWS Lambda Support
25

26. API Creation
API Design - Over the wizard & with Swagger
26

27. Managed or Prototyped
Point to a production backend, point at mock backend or prototype at gateway
27

28. Manage stages of an API
Manage associated states
Create a new version from an existing
Audit changes to lifecycle states
Support for custom lifecycles
API Lifecycle Management
28

29. The Application Developer Portal known as the API Store.
ReactJS based, production ready Dev Portal available out-of-the-box.
Discover, test and subscribe to APIs
Search through APIs and their documentation
Rate, comment and participate on discussion forums of the Portal
Try out the API SDKs for faster go-to-market of applications
Brand the developer portal to suit your needs
Manage the lifecycle of applications across environments
Integrate with third party authorization servers
Developer Portal
29

30. Enhanced User Experience
Broad portfolio of API management functionality ( * = New since 2018)
Easy theming and customization
30

31. Productization of APIs and
Monetization
Integration with Billing Engines
● Out of the box integration with Stripe
● Ability to integrate with any other billing engines
● Supports multiple pricing models
○ Fixed
○ Pay as you go
31

32. Enhanced DevOps and Developer Flows
Enhanced CI/CD with API Controller
API Controller
● Command Line tool
● Create API projects
● Import APIs
● Export APIs
● Move APIs from lower
environment to a higher
● Can be used for scripting in
CI/CD pipelines
32

33. Enhanced DevOps and Developer Flows
Enhanced CI/CD with API Controller
33

34. Enhanced DevOps and Developer Flows
Enhanced CI/CD with API Controller
$apictl init SampleStore -f SampleStore.yaml
$apictl import-api -f SampleStore -e Dev
$apictl import-api -f SampleStore -e Prod
34

35. Making APIs first class citizens in Kubernetes
Automatic deployment into Microgateway
Policies can automatically be applied to the API created
Security and Throttling policies can be applied, tracing, logging and analytics can
automatically enabled through the swagger
API created can be pushed to the management plane
Enhanced DevOps and Developer Flows
Kubernetes operator
kubectl add api -n Stocks --from-file="/path/to/stocks/swagger.yaml"
apictl import-api -f Stocks -e k8s

36. 36

37. 37

38. API Analytics
Provides statistics on various runtime operations
within API gateway runs on an asynchronous
model which does not impact the performance
of the API consumer
Can be used for generating real-time
alerts/notifications for abnormal usage patterns
Can be integrated with external monitoring tools
via the API exposed by the analytics runtime
Near real-time calculations makes reports
updated instantly with latest data

39. Poll Time

40. WSO2 Enterprise Integrator
Streamlining Integration for Digital Transformation

41. What is WSO2 EI?
An open-source, cloud-native, distributed, hybrid integration platform for
integrating APIs, data, and event streams using microservices, cloud-native
or centralized ESB style architectures.
41

42. Application Integration Landscape
42
Conventional ESB-based centralized integration

43. Application Integration Landscape
43
Cloud native integration with Microservices

44. Enterprise
Integration
An open source, hybrid integration platform to allow
developers quick, iterative integration of any application,
data, or system.
Components
● Enterprise Services Bus
● Data Integration Services
● Business Processes (workflows)
● Message Broker
● Integration Analytics
● Tooling
44

45. ● HTTP(S)
● JMS-1.1/ 2.0, AMQP, MQ, MSMQ
● WebSockets
● VFS
● TCP, UDP
● FIX, HL7
● BPMN 2.0, WS-BPEL 2.0
● XML, JSON, SOAP-1.1 / 2.0
● XSLT, XPath, Smooks
● RDBMS, NoSQL, CSV, OData-v4
● OAuth, SAML, XACML, WS-Sec
● and more ….
45
Integration Standards Supported
Open Interoperability

46. A Hybrid Integration Platform
Connectivity / Integration : anything-to-anything
WSO2 EI
Connectors
Web services
APIs
Filesystems
Messaging
systems
Business
Applications
Partners’
systems
Data
public cloud | private cloud | on-premise
Typical Use Cases
● A system of systems: connect
multiple systems together.
● Better consumer experience
with connected data and
business processes.
● Digitize legacy systems:
mediate legacy with modern
architecture paradigms.
● Hybrid integration by taking
on-premise data and
processes into the cloud and
back.
46

47. A lightweight, high performance service bus
● Comprehensive support for well known standards e.g., REST, SOAP, WS-*
● Domain specific connectors e.g., FIX, HL7
● Support for integration with proprietary systems. e.g., SAP
● Configuration driven
● Extensible and scalable
● 100% coverage of all EIPs
A micro-Integrator - an integration profile specialized for containerized
deployments
47
Service Integration & Messaging

48. ● To connect and integrate with common systems & platforms
● More than 170+ enterprise connectors
● No additional cost. Download and Install.
(https://store.wso2.com/store/assets/esbconnector/list)
● Can build your own connector easily
⦿ Using SDKs
⦿ Using web APIs
The Connector Store
48
Connectors to connect The Enterprise

49. ● EIPs cover a wide spectrum of common integration scenarios
● 100% coverage for all published EIPs with source configs
https://docs.wso2.com/display/IntegrationPatterns
Best Practices in Mediation & Integration
● EIPs are enabled using individual
building blocks called Mediators
● There are many types of
out-of-the-box mediators that
provide common capabilities such
as filtering, aggregating, switching
etc.
● Mediators are available via the
tooling component to build the
various EIPs
49
Enterprise Integration Patterns (EIP)

50. Application 𝜸
Application ẟ
Application N
Application α
Application β
Internal / external data in many
forms.
(i.e. databases, spreadsheets)
CRUD as a Service
WSO2 EI
All Create, Read, Update, Delete operations as Services
50
Data Integration with WSO2 EI

51. Streaming Integrator
Transform
Enrich
Cleanse
Correlate
Aggregate
Insights
Streaming Messaging
Systems
Software and
Sensors
Cloud
Databases
Files
Software
Cloud
Databases
Files
Input
Stream
Event
Tables Aggregation
Input
Stream
Result
Stream
Fetch Data On Demand
Via REST API
Micro Integrator
Trigger
Integrations
Streaming Integrator
51

52. Streaming Integrator
52

53. Overall Runtime stats
▪ Overall Throughput (in TPS)
▪ Overall Message Count
APIs, Proxies, Endpoints specific stats
▪ Request Count
▪ Message Count
▪ Message Latency
▪ Explore Messages
▪ Explore Message Flows
Dashboards for transaction analytics and monitoring support
53
Integration Analytics

54. ● Graphical drag-and-drop integration flow designer with a
configuration-based runtime to simplify building integrations.
● Micro Integrator runtime
⦿ The same battle-tested runtime of which is used in WSO2 EI
6.x/WSO2 ESB but optimized for both cloud native and
centralized ESB style architectures.
⦿ Natively support Kubernetes
● Battle tested with billions of transactions and thousands of
customers.
Graphical Low-code Integration
54

55. Graphical Editing Experience
55

56. Configuration Editing Experience
● Intellisense with
context-aware auto
completion
56

57. ● Visual Data Mapping
experience
● Capability to
try-out mapping in the
development time
Data Mapping
57

58. ● Debugging
integration flows
with a graphical
debugger for
troubleshooting
issues
Debugging
58

59. Testing Integration Artifacts
● Unit Test Suites.
● Mock services.
59

60. First class support for Docker and Kubernetes
● First class support for Docker and Kubernetes in the Integration
studio
● Export docker images and push to docker registry from the
Integration Studio
● Native integration to Kubernetes ecosystem with the ‘EI
kubernetes operator’
● EI has similar command line tools to API manager for integration
with CI/CD pipelines
60

61. Poll Time

62. WSO2 Identity Server
Open source Identity and Access Management for
Agile businesses

63. Overview
The WSO2 Identity Server is a uniquely extensible, open source IAM product optimized for identity
federation and single sign-on (SSO) with comprehensive support for adaptive & multi-factor
authentication and API security. It helps identity administrators to setup a federated identity
management ecosystem and secure access to web/mobile applications & endpoints across
on-premises & cloud environments.
Unlike open core vendors, WSO2 Identity Server includes the core and all of its extensions under the
commercial friendly Apache 2.0 license.

64. Functional Capabilities of WSO2 Identity Server
64

65. Capabilities of WSO2 Identity Server
● Identity Federation and Single Sign-On
● Adaptive and Multi-factor Authentication
● Identity Provisioning and Administration
● Fine-grained Authorization
● API & Microservices Security
● Privacy
● Identity Analytics
65

66. 66
● Business users need access to multiple heterogeneous applications.
○ Cloud / on-premise
○ Internal / external
○ Different identity federation requirements
○ Single Sign-On and Single Logout across identity federation protocols
○ Claim and Role transformation
● Support for standard identity federations protocols such as SAML 2.0, OpenID Connect, OAuth2,
WS- Federation
Identity Federation and Single Sign-On (SSO)

67. 67
● Transform identity tokens to and from multiple heterogeneous identity federation and
provisioning protocols (SAML, OIDC, WS-Federation, OpenID and SCIM)
● Widely used with Identity Federation:
○ Providing access to users/customers from trusted internal identity providers
Eg: Authenticate users in ADFS to Salesforce
○ Providing social login/sign-up for your consumer websites
Identity Bridging

68. ● Connects multiple heterogeneous user stores
○ Eg: database, LDAP, Active Directory
● Self registration, password recover/reset, update user profile and account mapping
● Approval workflows multi-layered by role or name of approver with trigger conditions
68
Account and Credential Management

69. 69
● Inbound: Users and groups can be provisioned into the WSO2 Identity Server
● Outbound: Users and groups can be provisioned from WSO2 Identity Server to external systems
● Supports SCIM 1.1 / SCIM 2.0 and SOAP (proprietary) APIs for inbound provisioning
● Supports SCIM 1.1 / 2.0, SPML, Salesforce, Google, etc. for outbound provisioning
● JIT provisioning: Provision accounts for users from a federated IdP at the time of first login
Identity Provisioning and Just-In-Time Account Provisioning

70. 70
● Multi-Step : Add any number of authentication steps
● Multi-Option : Add any number of authenticators for a step
● Adaptive Authentication - Validate multiple factors to determine the authenticity of a login attempt,
before accessing a resource
● Script-based control over the authentication flow
● Local and federated authentication
○ Local: Basic / IWA (zero password login) / FIDO (First Identity Online)
Local authenticators can be of 3 types:
Knowledge based: password, pin, challenge question answers
Possession based (2FA): SMS-OTP, FIDO U2F, smart card
Inherence based (3FA): MePIN, Veridium ID, Aware Knomi
○ Federated: SAML2/ OIDC / MePIN / Email OTP / SMS OTP / Duo security
Strong and Adaptive Authentication

71. 71
● https://store.wso2.com/store/assets/isconnector/list
● No additional cost. Download and Install.
● Almost 50 connectors in WSO2 store
WSO2 Connector Store

72. 72
● Connectors for:
○ Social Login
○ Software-as-a-Service (SaaS)
○ IDentity-as-a-Service (IDaaS)
○ Security-as-a-Service (SECaaS)
○ Outbound provisioning
○ Hardware and software 2FA
○ Mobile biometric authentication
○ Identity Stores
○ Cloud Directories
○ Identity Server Rest API Security
WSO2 Identity Server Connectors

73. 73
Script Based Control Over The Authentication Flow

74. 74
Get Risk
Score
● Login patterns (time of the day, day of the week, etc.)
● Last successful login time
● Typing speed
● Consecutive incorrect password attempts
Risk-Based Authentication Flow

75. 75
User self-care portal

76. 76
Login pages with Custom Themes

77. Access Control
● Role-Based Access Control (RBAC)
○ Access control through roles and permissions
○ Assign permissions to roles and/or groups
○ Assign users to roles and/or groups
○ SOAP APIs to manage authorization
○ XACML 3 Rest/JSON API to authorize
○ SCIM 1.1 / 2.0 API to list roles
● Attribute-Based Access Control (ABAC/PBAC)
○ Fine-grained access control with XACML
○ Policy-based access control (PBAC)
○ Acts as the XACML PAP (Policy Administration Point), PDP (Policy Decision Point) and connects
with multiple pluggable PIPs ( Policy Information Points)
○ Try-it tool for testing policies
○ XACML 3.0 Rest/JSON API
○ Enforces policies in login and provisioning flows
77

78. Securing APIs and Microservices
● Comprehensive support for OAuth 2.0
○ Authorization Code / Implicit / Password / Client credentials grant types.
○ SAML grant type for OAuth 2.0
○ JWT grant type for OAuth 2.0
○ Token Introspection
○ Dynamic Client Registration
○ Proof Key for Code Exchange (PKCE)
● Acts as a token issuer, verifier and an STS.
● Custom grant types for Kerberos and NTLM
● Extended grant flows for SAML2 Bearer Assertion and JWT Bearer Assertion
● Support for UMA 2.0 a federated authorization protocol built on top of OAuth 2.0
78

79. Privacy
79
● User consent management for SSO, Self sign up and consent in OIDC
● A Privacy toolkit supporting
○ removing references to a deleted user's identity as and when required
○ anonymizing PII data scattered in databases connected to WSO2 IS and scattered in
log files
○ support custom components deployed in WSO2 IS
● Personal information export capability
● Comprehensive RESTful API enabling consent management for any application with being
vendor locked

80. Identity Analytics
● Analytics
○ Local login requests
○ Federated login requests
○ Logins by services provider
● Alerts
○ Suspicious login attempts
○ Long session
80

81. Poll Time

82. ● Open Source API-Led Integration Platform
● Free Self-paced Training material, Certification programs
● Developer friendly features
⦿ ReactJS based UIs
⦿ Graphical Low-code Integration options (Synapse and Siddhi)
⦿ IDE with Context Sensitive Help, Debugging, Unit Testing and Mocking support
⦿ Siddhi editor with Context Sensitive Help and Event Simulator
⦿ First class support for Docker and K8s
⦿ Command Line tools to create APIs, deploy and integrate into CI/CD pipelines
⦿ Try-out features for APIs, GraphQL, REST and SOAP services
⦿ Hundreds of connectors and authenticators
⦿ All WSO2 products are developed API-first
Summary
82

83. WSO2 Meetup

84. ©Larsen & Toubro Infotech Ltd. Privileged and Confidential 2
LTI & WSO2
3 6 0Relationship

85. ©Larsen & Toubro Infotech Ltd. Privileged and Confidential 3
LTI & WSO2 – 3600 Relationship
New WSO2 leads and
Prospects from different
geographies in pipeline
Million $ Deals - Large
Engagements where
WSO2 is the integration
platform
Joint development with WSO2
M2O2 - (M)Any to WSO2
MBIF - Microservices Based
Integration Framework
Connectors - Documentum;
publishing soon on WSO2
Marketplace
More than 70% of our
developers and architects
certified in API Management
Solutions
CXO level connect with
WSO2
Certified Premier
Integration and Reseller
Partner
API Zone - API marketplace setup,
Open Banking architecture and APIM
managed services opportunities
01
Partnership
02
Certifications
03
Million $
Deals
07
Executive
Connects
06
Accelerators
05
New
Prospects04
Expanding
Footprints

86. ©Larsen & Toubro Infotech Ltd. Privileged and Confidential 4
Real time message
tracking
Smart Integration Assistant (SIA) Platform
Accelerate your Digital Transformation journey
SMART
ASSESSMENT
ASSISTANT
SMART
DESIGN
ASSISTANT
SMART
TRACKING
ASSISTANT
SMART
DEVELOPMENT
ASSISTANT
Integrated technical
landscape design
module
Smart plug and
play assessment
frameworks
Customizable frameworks for
accelerated migration from
traditional ESB to desired
technology

87. ©Larsen & Toubro Infotech Ltd. Privileged and Confidential 5
API led integration solution using
WSO2 API Manager
Leading Swedish Automobile
Manufacturer
©Larsen & Toubro Infotech Ltd. Privileged and Confidential
Key Takeaways
Data Centric Organization with
Integration Modernization
100+ APIs in production
350+ employees trained in API
management and streaming
Hybrid Integration Platform

88. ©Larsen & Toubro Infotech Ltd. Privileged and Confidential 6
API led integration of payment
gateways using WSO2 API Manager
Digital Payment Service
Provider
©Larsen & Toubro Infotech Ltd. Privileged and Confidential
Digitizing Card Lifecycle Management
System
100% PCI-DSS compliant solution
99.98% uptime for all credit card
transactions
30+ APIs developed and 2500 TPS achieved

89. ©Larsen & Toubro Infotech Ltd. Privileged and Confidential 7
Q&A?

90. ©Larsen & Toubro Infotech Ltd. Privileged and Confidential 8

91. THANK YOU
wso2.com