WSO2 API Manager is an open‑source, full lifecycle API management platform used to design, publish, secure, govern, and monitor APIs. It helps organizations expose backend services as managed APIs and control how those APIs are used.

Key capabilities

• API design & publication: create, import (Swagger/OpenAPI), version and publish APIs.
• Security & access control: OAuth2/OpenID Connect, API keys, JWT, scopes, role‑based access.
• Traffic control & governance: rate limiting, throttling, quotas, subscription tiers, blocking.
• API gateway: runtime enforcement of security, routing, mediation and transformations.
• Developer portal (API Store): discover APIs, view docs, get credentials, test and subscribe.
• Key Manager: issue and validate tokens, manage OAuth clients and keys.
• Analytics & monitoring: usage metrics, performance, request logs, alerts and dashboards.
• Lifecycle & governance: promotion between environments (dev/test/prod), policies and lifecycle states.
• Extensibility & integration: custom handlers, mediation, connectors, eventing, support for SOAP/REST/GraphQL.
• Deployment options: on‑premises, private/public cloud, container/Kubernetes and microgateway options for distributed/microservices architectures.

Who uses it and why

• API teams, architects and platform teams use it to expose services securely to partners, mobile/web apps and developers.
• It’s used for monetization of APIs, enforcing compliance and SLAs, consolidating API access, and enabling analytics-driven improvements.

In short: WSO2 API Manager provides the components and tooling needed to run a production API platform — from publishing and securing APIs to managing access, traffic policies and monitoring usage.