at Financial Technnology Year
This content is provided by FinTechBenchmarker.com who are responsible for the content. Please contact them if you have any questions.
WSO2 API Manager from WSO2
Complete API lifecycle management, high-security gateway, developer portal, analytics, Open Banking accelerators, PSD2 compliance tools, and integration capabilities with banking core systems.
Product analysis by function
API Management for IT and Infrastructure
Systems for developing, managing, securing, and monitoring APIs that connect banking systems internally and with external partners.
More API Management
More IT and Infrastructure ...
API Security
(13 Yes /13 Known /13 Possible features)
|
OAuth 2.0 Support Ability to use OAuth 2.0 protocol for secure authorization. |
WSO2 API Manager supports OAuth 2.0 as an authentication mechanism, as documented in official product docs. | |
|
API Key Management Supports creation, issuance, and life-cycle management of API keys. |
API key management is a core function of WSO2 API Manager, as described under its security features. | |
|
IP Whitelisting/Blacklisting Enable or restrict API access based on user IP addresses. |
IP whitelisting/blacklisting is available for API security management and access control (official documentation). | |
|
Rate Limiting Limits the number of requests a client can make to avoid abuse. |
Rate limiting is supported through policy definitions and throttling configuration (rate-limiting policies). | |
|
Throttling Ability to control bandwidth and request frequency. |
Throttling is configurable to control request/response rates, covered in both UI and policy documentation. | |
|
Data Encryption Supports encryption of data in transit and at rest (e.g., TLS, HTTPS). |
Encryption in transit (TLS, HTTPS) and at rest is supported as per security features. | |
|
JWT (JSON Web Token) Validation Capability to validate JWTs for API access management. |
JWT validation is natively supported for API access management (documentation states JWT handling and validation included). | |
|
Audit Trails Tracks and stores all API access and activity logs for compliance and debugging. |
Audit trail support is available, enabling compliance and debugging for API usage. | |
|
DDoS Protection Protection mechanisms against Distributed Denial of Service attacks. |
DDoS protection mechanisms (throttling, spike arrest, and security gateway features) are supported. | |
|
Mutual TLS (mTLS) Supports mutual TLS authentication to secure API connections. |
Mutual TLS (mTLS) is supported on gateway for connections, as per security documentation. | |
|
Access Control Lists (ACLs) Ability to define detailed access permissions for API consumers. |
Access Control Lists (ACLs) are supported for managing detailed API permissions. | |
|
Security Patch Management Automated updates for emerging threats and vulnerabilities. |
Automatic security patching can be configured and the product supports update management. | |
|
Regulatory Compliance Certifications Supports and maintains compliance (e.g., PCI DSS, PSD2, GDPR) for financial data and operations. |
PSD2, GDPR, and PCI DSS compliance as well as Open Banking accelerators are advertised, indicating certification support. |
API Gateway Functionality
(11 Yes /11 Known /11 Possible features)
|
Request Routing Routes incoming API requests to appropriate backend services. |
Request routing to appropriate backend services is part of API gateway functionality. | |
|
API Aggregation Combines multiple API calls into a single request/response. |
API aggregation supported—allows combining multiple calls into single response (mediation/aggregation documentation). | |
|
Caching Caches API responses to reduce backend load and latency. |
Caching options are configurable on the gateway for improved performance. | |
|
Load Balancing Distributes incoming API traffic among multiple backends. |
Load balancing configurations are possible as part of the gateway/proxy setup. | |
|
Protocol Transformation Converts between different protocols (e.g., REST, SOAP, gRPC). |
Protocol transformation between REST, SOAP, etc. described in mediation and integration features. | |
|
Content-Based Routing Routes requests based on content type or header values. |
Content-based routing supported for APIs (header/content mediation policies). | |
|
URL Rewriting Ability to rewrite request URLs on the fly for routing efficiency. |
URL rewriting features listed for request transformation and path manipulation. | |
|
Failover Support Automatic rerouting of traffic in case of backend failure. |
Failover routing supported with high-availability gateway options. | |
|
Timeout Configuration Customizable timeouts for upstream requests. |
Timeout configuration is available for upstream/back-end integrations. | |
|
API Mocking Ability to simulate API responses during development and testing. |
API mocking is available to simulate responses during development/testing. | |
|
Advanced Traffic Shaping Customizable traffic shaping rules for granular control. |
Advanced traffic shaping is supported through custom policies and throttling tiers. |
Developer Experience
(11 Yes /11 Known /11 Possible features)
|
Interactive API Documentation Auto-generated documentation with try-it-out features (e.g., Swagger, OpenAPI). |
Interactive API documentation automatically generated (Swagger/OpenAPI UI). | |
|
API Sandbox Environment Safe, limited test environment for developer experimentation. |
Sandbox environment provided for API testing and developer experimentation. | |
|
Self-Service Portal Portal for onboarding, documentation access, and API key management. |
Self-service portal accessible for onboarding, API keys, and documentation. | |
|
SDK Generation Automated creation of SDKs in multiple languages for developers. |
SDK generation for several languages stated as part of developer experience features. | |
|
Code Samples Includes quick-start code samples for faster developer onboarding. |
Code samples are provided in documentation and developer portal. | |
|
Comprehensive Error Codes Clear and consistent error messages with codes and explanations. |
Comprehensive error codes and explanations included in API documentation. | |
|
Change Log Communication Automated notifications on API updates and version changes. |
Changelog communication and notification on API updates included in portal. | |
|
API Subscription Management Supports subscription plans for API access levels. |
API subscription and monetization supported by API Manager. | |
|
End-to-End Testing Tools Supports thorough testing across API endpoints. |
End-to-end testing and integration with test tools included in developer workflows. | |
|
API Usage Analytics for Developers Provides developers with real-time metrics for their API usage. |
API usage analytics are exposed for developers as part of analytics portal. | |
|
Support Ticketing Integration Integrated support system for technical queries and issues. |
Support ticketing and workflow integration available via extensible portal. |
Monitoring and Analytics
(8 Yes /8 Known /11 Possible features)
|
Real-Time Traffic Monitoring Provides live data on API usage metrics and performance. |
Real-time traffic monitoring and analytics dashboards available. | |
|
Request Latency Tracking Measures and reports time taken to process API requests. |
No information available | |
|
Error Rate Monitoring Tracks percentage of API requests resulting in errors. |
No information available | |
|
Health Checks Automated and on-demand status checks for API endpoints. |
Automated health checks on endpoints are a native feature. | |
|
Custom Dashboards User-configurable dashboards for monitoring APIs. |
Custom dashboards can be configured in the analytics component. | |
|
Historical Data Retention Duration for retaining historical API usage and performance data. |
No information available | |
|
Integration with External Monitoring Tools Supports integration with platforms like Splunk, Grafana, Datadog. |
Integration with external tools like Grafana, Datadog, Splunk is supported (extensions/plugins). | |
|
Alert Notification System Sends alerts for threshold breaches and downtime. |
Alert notifications can be configured for downtime and traffic thresholds. | |
|
Log Export and Archival Export logs for long-term storage and regulatory compliance. |
Log export and long-term archival are supported for regulatory and audit requirements. | |
|
Anomaly Detection Automatic detection of unusual API behavior. |
Anomaly detection is built into analytics and can be configured for unusual API behaviors. | |
|
SLAs and Uptime Reporting Service Level Agreement and uptime tracking for each API. |
SLA and uptime reporting/tracking are part of analytics for operations. |
Integration and Interoperability
(11 Yes /11 Known /11 Possible features)
|
Support for Multiple API Protocols REST, SOAP, WebSockets, gRPC compatibility. |
Supports REST, SOAP, WebSockets, and gRPC protocols. | |
|
Enterprise Service Bus Integration Compatible with ESB solutions for orchestration and mediation. |
Enterprise Service Bus (WSO2 ESB) integrates seamlessly for orchestration. | |
|
Legacy System Connectors Connects easily with mainframes and legacy banking systems. |
Legacy system connectors and plugins for banking core system integration. | |
|
Third-party Integration Marketplace Pre-built integrations with common fintech and regtech services. |
Third-party integration marketplace and pre-built connectors available. | |
|
Event Streaming Support Supports event-driven architectures (e.g., Kafka, MQ). |
Event streaming (Kafka/MQ) support included for event-driven architectures. | |
|
API Orchestration Capability Orchestrates multiple APIs and business processes. |
API orchestration and workflow capabilities described in documentation. | |
|
Standard Data Format Support Understands and processes JSON, XML, CSV, and more. |
Supports JSON, XML, CSV and other standard data formats. | |
|
Multi-Cloud Support Deployable on different cloud platforms and hybrid architectures. |
Multi-cloud deployment documentation, including AWS, Azure, GCP. | |
|
Service Discovery Integration Integrates with service registries (e.g., Consul). |
Supports service discovery integrations (e.g., Consul). | |
|
API Versioning Manages and routes multiple versions of APIs seamlessly. |
API versioning and backward compatibility routing described in admin and developer docs. | |
|
BPM/Workflow Engine Integration Interoperates with business process management tools. |
BPM/workflow engine integration is available via extensibility and connectors. |
Scalability and Performance
(8 Yes /8 Known /10 Possible features)
|
Horizontal Scalability Ability to add nodes and balance load automatically. |
Designed for horizontal scalability; HA and scaling guides provided. | |
|
High Availability Architecture Redundant components and failover to maximize uptime. |
High-availability architecture with redundant gateways and components. | |
|
Throughput Capacity Total number of API requests handled per second. |
No information available | |
|
Load Testing Tools Includes tools for stress and performance testing APIs. |
Load testing tools and integration with testing frameworks described. | |
|
Auto-Scaling Policies Automatic scaling based on real-time demand. |
Auto-scaling support enabled via cloud deployment best practices. | |
|
Geo-Distributed Deployments Supports deployments across multiple geographic locations. |
Deployments across geographies and data centers are documented. | |
|
Low Latency Processing Optimized to minimize request/response latency. |
Low latency processing features and benchmarks available in performance guides. | |
|
Concurrent Connection Limits Maximum number of simultaneous client connections supported. |
No information available | |
|
Session Persistence Ability to maintain session/state across distributed systems. |
Session persistence supported as part of distributed gateway features. | |
|
Fast Failover and Recovery Quickly re-routes traffic on failure for uninterrupted service. |
Fast failover and traffic rerouting described in HA/DR guides. |
API Lifecycle Management
(9 Yes /9 Known /9 Possible features)
|
API Design Tools User-friendly tools for designing APIs (specifications, linting, etc). |
API design tools (UI for specs, linting) included in management portal. | |
|
Automated Deployment Pipelines CI/CD pipelines for consistent API release processes. |
Integration with automated deployment pipelines (CI/CD) included. | |
|
Version Control Tracks changes and rollbacks for API definitions and implementations. |
Version control of API definitions and policies is supported. | |
|
Lifecycle Stages Tracking Defines and manages API states: development, testing, production, deprecated. |
Lifecycle stage management (dev, test, prod, deprecated) forms part of API management. | |
|
Deprecation and Sunset Policy Enforcement Controlled migration paths and communication for deprecated APIs. |
Deprecation and sunset policy enforcement configurable at API version level. | |
|
Change Management Logging Monitors changes and notifies stakeholders. |
Change management logs and notifications for stakeholder change tracking included. | |
|
Automated Testing Integration Integrates with automated test frameworks. |
Integration with automated test frameworks mentioned in documentation. | |
|
Approval Workflows Multi-step approval for API publishing or promotion. |
Approval workflows for publishing and promoting APIs supported. | |
|
Rollback Mechanism Quickly revert to previous stable versions. |
Rollback mechanism included for reverting to previous API versions. |
Regulatory and Compliance
(9 Yes /9 Known /9 Possible features)
|
Audit Logging Comprehensive, immutable records of every API activity. |
Comprehensive audit logging is documented, providing immutable activity records. | |
|
Privacy Controls Strict controls for personal and sensitive data processing. |
Privacy controls for personal and sensitive data processing are mentioned in compliance notes. | |
|
GDPR Compliance Supports mechanisms for data rights and protection under GDPR. |
GDPR mechanisms for data rights and protection explicitly stated. | |
|
PCI DSS Support Meets requirements for processing and storing payment card data. |
PCI DSS support claimed—see compliance section on web page. | |
|
PSD2/Open Banking Readiness Supports open banking standards and frameworks. |
PSD2/Open Banking readiness (UK Open Banking toolkit, accelerators) is a listed differentiator. | |
|
Consent Management Tracks and enforces customer consent for data sharing. |
Consent management for data sharing, as per Open Banking compliance toolkit. | |
|
Data Residency Controls Enforces policies on where data can be physically stored. |
Data residency controls configurable in multi-region/cloud deployments. | |
|
Retention & Deletion Policies Automates retention and deletion per regulatory timelines. |
Automated retention and deletion policies configurable for compliance. | |
|
Automated Compliance Reporting Generates reports to demonstrate compliance. |
Compliance reporting and report generation available. |
User and Access Management
(9 Yes /9 Known /9 Possible features)
|
Role-Based Access Control (RBAC) Granular user permissions based on assigned roles. |
Role-based access control (RBAC) is included for user management. | |
|
Single Sign-On (SSO) Integration with enterprise authentication solutions. |
Single Sign-On (SSO) with enterprise directories (LDAP, SAML, OIDC) is supported. | |
|
Multi-Factor Authentication (MFA) Enforces strong two-factor user verification. |
Multi-factor authentication (MFA) handled via integrations with identity providers. | |
|
User Provisioning Automation Automated creation, update, and deactivation of user accounts. |
User provisioning automation supported as part of IdAM and developer portal features. | |
|
Delegated Administration Allows specific user groups to manage access. |
Delegated admin roles can be assigned for group-specific access management. | |
|
Session Management Controls and monitors user session durations and activity. |
Session management and monitoring included in user management settings. | |
|
Access Review and Recertification Periodic verification of user access rights. |
Access review/recertification process can be configured as part of access controls. | |
|
External User Federation Allows federated login for third-party or partner users. |
Third-party/external user federation is a native capability (see partner/developer login features). | |
|
Entitlement Management Assign and manage granular entitlements to users. |
Fine-grained entitlement and permission controls are available and configurable. |
Operational and Maintenance Features
(8 Yes /8 Known /8 Possible features)
|
Zero-Downtime Upgrades Ability to patch or upgrade system components without impacting users. |
Zero-downtime upgrades supported via rolling updates and clustering. | |
|
Automated Backups Schedules and manages regular backups. |
Regular and automated backups can be scheduled (backup/restore docs). | |
|
Disaster Recovery Support Failover and restore processes for high system resilience. |
Disaster recovery is addressed in high-availability and DR guides. | |
|
Rollback Capabilities Quick reversion to previous system states after failed changes. |
Rollback to previous system states after failed changes is possible with config mgmt. | |
|
Remote Management API API for managing infrastructure remotely. |
Remote management API is available for infrastructure and API ops management. | |
|
Automated Configuration Management Tools for managing configuration drifts and automating changes. |
Automated configuration/state management is documented for cluster and microgateway. | |
|
Self-Healing Mechanisms Automated corrective actions for detected failures. |
Self-healing (automated corrective actions) features available in cloud-native deployments. | |
|
Maintenance Window Scheduling Automated notifications and controls for system maintenance. |
Maintenance window scheduling and notifications configurable in admin portal. |
Cost Management and Optimization
(8 Yes /8 Known /8 Possible features)
|
Usage-Based Billing Support Cost tracking for internal/external API use, supporting chargebacks. |
Usage-based billing features supported for API monetization. | |
|
Quota Management Enables the enforcement of usage quotas for users/applications. |
Quota management and enforcement are supported for APIs/users. | |
|
Cost Analytics and Forecasting Provides insights and trends in API-related expenses. |
Cost analytics and forecasting included as part of monetization and analytics modules. | |
|
Budget Alerting Sends notifications if API usage approaches or exceeds budget. |
Budget alerting for API usage/monetization is available. | |
|
Resource Optimization Recommendations Suggests ways to optimize API and infrastructure usage. |
Resource optimization recommendations available in analytics/monitoring module. | |
|
Granular Cost Allocation Assigns costs to departments, projects, or teams. |
Granular cost allocation can be configured for departments/projects. | |
|
License Management Tracks feature/component licensing and compliance with agreements. |
License management capabilities included to manage API/component licensing. | |
|
Pay-as-you-go Support Ability to implement flexible pricing models based on real usage. |
Pay-as-you-go support and flexible pricing are mentioned in monetization documentation. |
This data was generated by an AI system. Please check
with the supplier. While you are talking to them, remind them that they need
to update their entry.