General API Manager questions
What is WSO2 API Manager?
WSO2 API Manager is a complete solution for creating, publishing and managing all aspects of an API and its life cycle. See About API Manager.
What is the open source license of the API Manager?
Apache Software License Version 2.0
How do I download and get started quickly?
Go to http://wso2.com/products/api-manager to download the binary or source distributions. See Getting Started.
Is their commercial support available for WSO2 API Manager?
It is completely supported from evaluation to production. See WSO2 Support.
What are the default ports opened in the API Manager?
See Default Ports of WSO2 Products.
What are the technologies used underneath WSO2 API Manager?
The API Manager is built on top of WSO2 Carbon, an OSGi based components framework for SOA. See Architecture.
Can I get involved in APIM development activities?
Not only are you allowed, but also encouraged. You can start by subscribing to dev@wso2.org and architecture@wso2.org mailing lists. Feel free to provide ideas, feedback and help make our code better. For more information on contacts, mailing lists and forums, see Getting Support.
Installation questions
What are the minimum requirements to run WSO2 API Manager?
Minimum requirement is Oracle Java SE Development Kit (JDK). See Installation Prerequisites.
What Java versions are supported by the API Manager?
See Installation Prerequisites.
How do I deploy a third-party library into the API Manager?
Copy any third-party JARs to <APIM_HOME>/repository/components/lib
directory and restart the server.
Do you provide automated installation scripts based on Puppet or similar solutions?
Yes. For information, contact us.
Is it possible to connect the API Manager directly to an LDAP or Active Directory where the corporate identities are stored?
Yes. You can configure the API Manager with multiple user stores. See Configuring User Stores.
Can I extend the management console UI to add custom UIs?
Yes, you can extend the management console (default URL is https://localhost:9443/carbon
) easily by writing a custom UI component and simply deploying the OSGi bundle.
I don't want some of the features that come with WSO2 API Manager. Can I remove them?
Yes, you can do this using the Features menu under the Configure menu of the management console (default URL is https://localhost:9443/carbon
).
How can I change the memory allocation for the API Manager?
The memory allocation settings are in <APIM_HOME>/bin/wso2server.sh
file.
Clustering and deployment questions
Where can I look up details of different deployment patterns and clustering configurations of the API Manager?
See WSO2 clustering and deployment guide.
What is the recommended way to manage multiple artifacts in a product cluster?
For artifact governance and lifecycle management, we recommend you to use a shared WSO2 Governance Registry instance.
Is it recommended to run multiple WSO2 products on a single server?
This is not recommend in a production environment involving multiple transactions. If you want to start several WSO2 products on a single server, you must change their default ports to avoid port conflicts. See Changing the Default Ports with Offset.
Can I install features of other WSO2 products to the API Manager?
Yes, you can do this using the management console. The API Manager already has features of WSO2 Identity Server, WSO2 Governance Registry, WSO2 ESB etc. embedded in it. However, if you require more features of a certain product, it is recommended to use a separate instance of it rather than instal its features to the API Manager.
Authentication and security questions
How can I manage authentication centrally in a clustered environment?
You can enable centralized authentication using a WSO2 Identity Server based security and identity gateway solution, which enables SSO (Single Sign On) across all the servers.
How can I manage the API permissions/visibility?
To set visibility of the API only to selected user roles in the server, see API Visibility.
How can I add security policies (UT, XACML etc.) for the services?
This should be done in the backend services in the Application Server or WSO2 ESB.
How can I disable self signup capability to the API Store? I want to engage my own approval mechanism.
To disable the self signup capability, set <SelfSignUp><Enabled>
element to false in the <APIM_HOME>/repository/conf/api-manager.xml
file.
Is there a way to lock a user's account after a certain number of failed login attempts to the API Store?
If your identity provider is WSO2 Identity Server, this facility comes out of the box. If not, install the identity-mgt feature to the API Manager and configure it. For information, see Account Lock/Unlock page in the Identity Server documentation.
Operational questions
How do I change the default admin password and what files should I edit after changing it?
To change the default admin password, log in to the management console with admin/admin credentials and use the "Change my password" option. After changing the password, change the following elements in <APIM_HOME>repository/conf/api-manager.xml
file:
<AuthManager> <Username>admin</Username> <Password>newpassword</Password> </AuthManager> <APIGateway> <Username>admin</Username> <Password>newpassword</Password> </APIGateway> <APIKeyManager> <Username>admin</Username> <Password>newpassword</Password> </APIKeyManager>
How can I recover the admin password used to log in to the management console?
Use <APIM_HOME>/bin/chpasswd.sh
script.
Troubleshooting related questions
Why do I get the following warning: org.wso2.carbon.server.admin.module.handler.AuthenticationHandler - Illegal access attempt while trying to authenticate APIKeyValidationService?
- Did you change the default admin password? If so, you need to change the credentials stored in the
<APIKeyManager>
element of the<APIM_HOME>/repository/conf/api-manager.xml
file of the API Gateway node/s. Have you set the priority of the
SAML2SSOAuthenticator
handler higher than that of theBasicAuthenticator
handler in the authenticators.xml file? If so, theSAML2SSOAuthenticator
handler tries to manage the basic authentication requests as well. Set a lower priority to theSAML2SSOAuthenticator
than theBasicAuthenticator
handler as follows:<Authenticator name="SAML2SSOAuthenticator" disabled="false"> <Priority>0</Priority> <Config> <Parameter name="LoginPage">/carbon/admin/login.jsp</Parameter> <Parameter name="ServiceProviderID">carbonServer</Parameter> <Parameter name="IdentityProviderSSOServiceURL">https://localhost:9444/samlsso</Parameter> <Parameter name="NameIDPolicyFormat">urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</Parameter> <Parameter name="ISAuthnReqSigned">false</Parameter> <!-<Parameter name="AssetionConsumerServiceURL">https://localhost:9443/acs</Parameter>-> </Config> </Authenticator>
I hit the DentityExpansionLimit
and it gives an error as {org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject} - Error while getting Recently Added APIs Information. What is the cause of this?
This error occurs in JDK 1.7.0_45 and is fixed in JDK 1.7.0_51 onwards. See here for details of the bug.
In JDK 1.7.0_45, all XML readers share the same XMLSecurityManager
and XMLLimitAnalyzer
. When the total count of all readers hits the entity expansion limit, which is 64000 by default, the XMLLimitanalyzer's total counter is accumulated and the XMLInputFactory
cannot create more readers. If you still want to use update 45 of the JDK, try restarting the server with a higher value assigned to the DentityExpansionLimit.
General technology questions
Does the API Manager use Thrift and where can I find information about it?
That the default communication protocol of Key Manager is Thrift. See http://thrift.apache.org/static/files/thrift-20070401.pdf for information on Thrift.