WSO2 has launched new versions of its WSO2 API Manager and WSO2 API Platform for Kubernetes (WSO2 APK). They can be downloaded from WSO2 API Manager 4.4 Documentation, WSO2 APK 1.2 Documentation, and WSO2 API Gateway.
The open-source products are available either free to use or customers can purchase a WSO2 subscription. The latter provides continuous delivery of bug fixes, security updates, and performance enhancements. Subscriptions also come with 24×7 support. All users can choose where they want to host, in the cloud, on-premises or hybrid.
Christopher Davey, WSO2 vice president and general manager – API management, said, “As organisations seek a competitive edge through innovative digital experiences, they need to invest equally in state-of-the-art technologies and in fostering the productivity of their software development teams.
“With new functionality for managing AI services as APIs and extended support for Kubernetes as the preferred platform for digital innovation, WSO2 API Manager and WSO2 APK are continuing to enhance developers’ experiences while delivering a future-proof environment for their evolving needs.”
A major upgrade to API management
This announcement is a major upgrade to WSO2’s existing API management solutions. The company says the new tools “add the ability to manage AI services as APIs, expand Kubernetes-native API management support, improve productivity for developers producing or consuming APIs, and enhance security and access control.”
One of the major points of interest here is the ability to manage AI services as APIs. It allows IT security teams to add controls on how the AI APIs that they have, are managed. Key to that is WSO2’s new Egress API Management capability. It extends API lifecycle management to those AI APIs. It also provides a way for compliance teams to ensure that governance is applied to those AI environments.
Egress API Management is available to users of WSO2 API Gateway and WSO2 APK Gateway. Importantly, WSO2 says that it will work with internal and external AI services. That should remove any gaps between the way different tools are managed and consumed.
One of the challenges organisations face with AI is control of usage and data movement to AI engines. This is a particular problem for organisations that allow their employees to use public Gen AI.
To manage that, WSO2 says, “The Egress APIs will help reduce costs and improve performance by enabling organisations to automate responses and control outbound traffic with backend rate limiting and subscription-level rate limiting of AI API consumption.”
A boost for Kubernetes-Native Support
There are three new developments in this announcement to boost WSO2’s support of Kubernetes.
- WSO2 API Microgateway: A cloud-native, developer-centric decentralised gateway for microservices. This now aligns with the WSO2 API Manager. It delivers much-improved governance, reliability and security. It will also help customers boost the scalability of Kubernetes.
- gRPC API Support for WSO2 APK Gateway: This is aimed at developers and engineers building microservices architectures with gRPC. It is now aligned with the Kubernetes Gateway API specification (gRPC Route support). This ensures improved integration with Kubernetes environments and greater control over gRPC services.
- New Traffic Filters for HTTP Routes: This is now part of the WSO2 APK Gateway and is aligned with Kubernetes Gateway API standards. It gives greater flexibility and control in routing and transforming HTTP traffic.
Solving the developer productivity challenge
Developers are under constant pressure to deliver more code. The challenge with that is quality, security and prioritising applications. APIs have made it far easier to integrate products, but the proliferation of APIs and versions of APIs is impacting developers. To resolve this, WSO2 has announced several new features for developers in this release. They include:
- Support for subscription rate limit policies. Already available in WSO2 API Manager, API providers can define and enforce usage quotas and limits for API consumers. It allows them to define multiple subscription tiers, each with its own API request limits.
- The unified control plane in WSO2 API Manager, which also manages WSO2 APK, now supports new search capability. Developers can search for APIs using content from API definition files. This is available in the Developer Portal and Publisher Portal.
Improvements in security and access control
Security concerns around APIs are a constant problem for IT Security teams. The move to bespoke APIs has helped improve the quality and security of APIs. However, authentication and security controls are still weak across many APIs. To address that in this release, WSO2 has announced:
- The WSO2 API Manager control plane supports separate mutual TLS (mTLS) authentication settings for production and sandbox environments. API consumers can connect with the appropriate level of security for a given environment.
- WSO2 API Manager also adds personal access token (PAT) support. This adds secure, time-limited authentication to access WSO2 API Manager system APIs without exposing a username and password.
Enterprise Times: What does this mean?
This is a major upgrade by WSO2 and the first since they were acquired by EQT. It delivers support across the entire API lifecycle, improving management and security. More importantly, it brings AI APIs into scope for many organisations and delivers a single tool for managing all the internal and external APIs an organisation uses.
It will be interesting to see how many organisations go down the pure open-source route and how many opt for a subscription. Those not on subscription will, of course, not get any updates or patches and will have to rely on community support. In a world where APIs are constantly changing, and vulnerabilities are always being found, it’s hard to make a case for not going with a subscription.