WSO2 API Manager provides OAuth2 bearer token as its default authentication mechanism. The source code of the implementation is here. Similarly, you can extend the API Manager to support any custom authentication mechanism mechanisms by writing your own authentication handler class. This custom handler must extend the org.apache.synapse.rest.AbstractHandler class and implement the its handleRequest() and handleResponse() methods.
...