Digital Transformation . API . Integration . IAM

Hi Everyone, in this blog I am going to share about in-memory deployment process of APIs in WSO2 API Manager 4. Deployment Process for APIs- Whenever an API is deployed via publisher portal, it generates the API Synapse artefacts and stores the same. In previous versions of WSO2 API Manager (till apim v3.2.x), the API artefacts were stored in database as well as in the file system at following location- AM_HOME/repository/deployment/server/synapse-configs/default/api/ <PROVIDER-API-Version.xml> Changes in API Manager 4-  Starting with WSO2 APIM v4, WSO2 has changed the deployment and loading process of the APIs as- API-Related Synapse artefacts were moved from the file system to the In-Memory During the server startup and revision deployment, artefacts will be loaded from DB to memory So, after this important change in WSO2 API Manager 4, the API artefacts are loaded from following database tables to In-Memory- AM_GW_PUBLISHED_API_DETAILS  ; AM_GW_API_ARTIFACTS; AM_GW_API_DEPLOY

Recently we have come across a requirement where the endpoint URL security has been upgraded from TLSv1.2 to TLSv1.3 and our API integration got broken with WSO2 APIM v3.2. Below is the summary of the incident and how I overcome this situation with support. Environment - WSO2 API Manager v3.2.0.221, RHEL 8.3, OpenJDK1.8.291 Problem Statement - API based integration got broken due to endpoint URL TLS upgrade to TLSv1.3. while WSO2 API Manager has a support with TLS1.2 only. We got the error as mentioned below- ERROR {org.apache.synapse.transport.passthru.TargetHandler} - I/O error: Received fatal alert: protocol_version javax.net.ssl.SSLHandshakeException: Received fatal alert: protocol_version at sun.security.ssl.Alert.createSSLException(Alert.java:131) at sun.security.ssl.Alert.createSSLException(Alert.java:117) at sun.security.ssl.TransportContext.fatal(TransportContext.java:311) at sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)

So, what happens when an API is called to WSO2 API Gateway? And how does that different levels of throttling polices are applied? These are the most common questions with respect to API Gateway & API Security. Let's see the details step by step- When An Api is called with Token Image Credits: WSO2 Gateway Checks if --> API Proxy exists API Proxy Checks for  -->  Resource exists or not Token validation by KM and acknowledge to --> Gateway (Gateway itself validates in case of JWT) Gateway Calls  -->  TM(traffic manager) to publish invocation data asynchronously. Traffic Manager  -->  Enforces throttling policies Gateway  to execute-->  any custom mediation extensions Gateway  publishes-->  events to analytics server Gateway calls  -->  to backend The API Rate Limiting Sequence There are different level of rate limiting policies as supported by WSO2 API Manager. Below are the list of policies we can configure for respective APIs-  Application level Subscrip

Recently I trie building the wso2 apim product pack using the source code provided by WSO2 on Github Repository and I faced Java Compilation related errors. I'll share my experience about the same. So let's start- Environment OS: macOS Ventura Java: JDK 1.8 WSO2 APIM Source Code: APIM v4.1 Maven:  Apache Maven 3.9.4 Problem Statement: 1. Downloaded the wso2 apim pack 4.1 from  https://codeload.github.com/wso2/product-apim/zip/refs/tags/v4.1.0 product-apim-4.1.0.zip 2. Go to the root directory  product-apim-4.1.0 3. Maven build command failure during mvn clean install Below is the error snapshot identified during the build process [ INFO ] Changes detected - recompiling the module! [ INFO ] Compiling 1 source file to /Users/kumargaurav/Downloads/product-apim-4.1.0/modules/styles/product/target/classes [ INFO ] ------------------------------------------------------------- [ ERROR ] COMPILATION ERROR :  [ INFO ] ------------------------------------------------------------- [