Releases: wso2/api-platform
Release list
WSO2 API Platform Developer Portal v1.0.0-alpha Released
Overview
The WSO2 API Platform Developer Portal is a multi-organization API developer portal that lets API consumers discover, subscribe to, and consume APIs and MCP servers across organizations. It also contains a webhook-based, eventing mechanism to stay control-plane and gateway agnostic — emitting signed events for API key, application, and subscription plan changes that any compliant backend can subscribe to and act on.
Quick Start
Refer to the quick start guide to spin up the Developer Portal locally and explore the API catalog with sample APIs.
Documentation
For complete documentation on all features and capabilities, see the Developer Portal Documentation.
What’s New in This Release
Features
- Platform API-backed local authentication for demo mode: the built-in login form now authenticates against the Platform API sidecar and receives a signed JWT.
- OIDC authentication support: adds OIDC login alongside local authentication, with per-scope role and group mapping.
- MCP server management APIs: new endpoints for registering and managing MCP servers.
- Webhook subscriber management: organizations can register subscribers to receive signed delivery events for API key, application, and subscription plan changes, along with a new UI for managing those subscribers.
- Lightweight webhook delivery: improved to push events to subscribers in real time with at-most-once, fire-and-forget semantics.
- API key–application association: link API keys to specific applications to support usage-based analytics in the future.
- Improved subscription plan management: introduces a new plan limit configuration model.
- Subscription token regeneration and plan changes: subscribers can regenerate subscription tokens and switch between subscription plans.
- Admin UI: a dedicated administrative interface for managing organizations, workflows, webhook subscribers and other portal configuration.
- Sample API/MCP seeding UI: one-click seeding of sample APIs and MCP servers for evaluation environments.
- Audit trail: audit tracking added across API metadata, applications, and subscriptions.
Improvements
- Overall UI/UX revamp: refreshed design across the Developer Portal.
- Database schema overhaul: tables and columns standardized on snake_case, pluralized names, and consistent primary-key/UUID conventions across the platform.
- REST API overhaul: endpoints refactored to use handles consistently, with standardized DTO property names and error response shapes.
Known Issues
All the open issues pertaining to WSO2 API Platform are reported here.
How To Contribute
Your feedback is most welcome!
Community
You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/
Reporting Issues
We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform Gateway through WSO2 API Platform GIT Issues.
And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.
WSO2 API Platform Gateway 1.2.0-M1 Released!
Overview
The WSO2 API Platform Gateway is a modern, Envoy-based gateway designed to provide high-performance API traffic management with a unified, policy-driven model. The gateway consists of the following core components:
-
Gateway Runtime
Handles all inbound and outbound API traffic, routing requests to the appropriate backend services. This includes a centralized execution engine that applies gateway policies such as authentication, authorization, rate limiting, and other runtime behaviors. -
Gateway Controller
A control-plane component responsible for configuring Envoy routes, managing policy attachments, and reconciling API-related resources.
What's New
New Policies
- Opaque Token Authentication — New policy for validating opaque (reference) tokens via token introspection
- Backend JWT — New policy for generating and injecting backend JWTs into upstream requests (#2131)
Rate Limiting Improvements
- Redis-backed distributed rate limiting — New
redis-local-asyncbackend mode for high-throughput distributed rate limiting (#2142) - Shared Redis client — Rate-limit policy instances now share a single Redis client, reducing connection overhead (#2143)
Gateway Features & Improvements
- Multiple virtual host support — The
endpointsarray replaces the singlevhostfield, allowing a gateway to expose multiple virtual hosts simultaneously (#2128) - upstreamDefinitions URL improvements — Upstream definition URLs now correctly support query strings and path fragments (#2068)
- Analytics payload control —
analytics.allow_payloadsis now split into separaterequest-bodyandresponse-bodyflags for finer-grained control (#2095)
Quick Start
Get started with the Quick Start Guide to deploy and configure your first API proxy.
Documentation
For complete documentation on all features and capabilities, see the Gateway Documentation.
See details of all the changes including features, improvements, and bug fixes
Known Issues
All the open issues pertaining to WSO2 API Platform are reported here.
How To Contribute
Your feedback is most welcome!
Community
You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/
Reporting Issues
We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform Gateway through WSO2 API Platform GIT Issues.
And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.
WSO2 API Platform AI Workspace v1.0.0-alpha Released
Overview
The WSO2 API Platform AI Workspace is the control plane for AI Gateway runtimes. This release introduces a centralized management interface for platform teams to register AI gateways, configure LLM providers, publish application-facing proxies, govern MCP servers, and enforce AI-specific policies, all without working directly with the Gateway-Controller API.
Quick Start
Refer to the Getting Started guide to register your first AI Gateway, connect an LLM provider, and invoke it via an AI SDK.
Documentation
For complete documentation on all features and capabilities, see the AI Workspace Documentation.
What's New in This Release
Features
-
AI Gateways — Register and manage AI Gateway runtimes, generate registration tokens, and track connectivity and deployment status across environments.
-
LLM Providers — Centralize credential management and governance for OpenAI, Anthropic, Azure OpenAI, Azure AI Foundry, Gemini, and Mistral AI (AWS Bedrock coming soon).
-
Custom LLM Provider Templates - Create reusable custom LLM provider templates directly from the AI Workspace UI to onboard any compatible LLM provider beyond the built-in catalog (such as DeepSeek, Groq, or Novita).
-
App LLM Proxies — Publish isolated, application-facing endpoints on top of providers with independent API keys, guardrails, rate limits, and exposed resources per Gen AI app or agent.
-
MCP Proxies — Expose and govern Model Context Protocol servers through connected gateways with authentication, authorization, and access-control policies.
-
Gateway-Synchronized Read-Only View - View LLM Providers, Provider Templates, LLM Proxies, and MCP Proxies in AI Workspace as read-only resources synchronized from connected AI Gateways.
-
GenAI Applications — Group API keys under a named application to track token consumption, request volume, latency, and cost per workload in Insights.
-
Guardrails — Enforce content safety and compliance with Semantic Prompt Guard, PII Masking, Azure Content Safety, and Word/Sentence Count guardrails.
-
Rate Limiting — Cap token consumption and enforce monetary spending budgets (e.g., $10/hour) at the provider or proxy level.
-
Other Policies — Control traffic behavior with Model Round Robin, Prompt Decorator, Prompt Template, Semantic Cache, and Basic Rate Limit policies.
-
Insights — Monitor request volume, latency, token usage, cost, error rates, and guardrail interventions via Moesif analytics dashboard by following the guide for integration with Moesif.
Known Issues
All the open issues pertaining to WSO2 API Platform are reported here.
How To Contribute
Your feedback is most welcome!
Community
You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/
Reporting Issues
We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform Gateway through WSO2 API Platform GIT Issues.
And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.
WSO2 API Platform AI Gateway 1.2.0-M1 Released!
Overview
The WSO2 API Platform AI Gateway is an AI-native gateway designed to securely manage and optimize AI traffic. It provides two core capabilities:
- LLM Gateway - Proxy and secure traffic to Large Language Model (LLM) providers with built-in guardrails, prompt management, and cost optimization capabilities
- MCP Gateway - Proxy and secure Model Context Protocol (MCP) servers with authentication support per the MCP specification
What's New
New Policies
- Opaque Token Authentication — New policy for validating opaque (reference) tokens via token introspection
- Backend JWT — New policy for generating and injecting backend JWTs into upstream requests (#2131)
Rate Limiting Improvements
- Redis-backed distributed rate limiting — New
redis-local-asyncbackend mode for high-throughput distributed rate limiting (#2142) - Shared Redis client — Rate-limit policy instances now share a single Redis client, reducing connection overhead (#2143)
Gateway Features & Improvements
- Multiple virtual host support — The
endpointsarray replaces the singlevhostfield, allowing a gateway to expose multiple virtual hosts simultaneously (#2128) - upstreamDefinitions URL improvements — Upstream definition URLs now correctly support query strings and path fragments (#2068)
- Analytics payload control —
analytics.allow_payloadsis now split into separaterequest-bodyandresponse-bodyflags for finer-grained control (#2095)
Quick Start
Choose the quick start guide based on your use case:
- LLM Gateway - Proxy and route traffic to LLM providers like OpenAI
- MCP Gateway - Proxy and expose your MCP servers
Documentation
For complete documentation on all features and capabilities, see the AI Gateway Documentation.
See details of all the changes including features, improvements, and bug fixes
Known Issues
All the open issues pertaining to WSO2 API Platform are reported here.
How To Contribute
Your feedback is most welcome!
Community
You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/
Reporting Issues
We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform Gateway through WSO2 API Platform GIT Issues.
And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.
Gateway Helm Chart 1.1.4
Gateway Helm Chart Release 1.1.4
App Version: 1.1.0
Installation
helm install my-gateway oci://ghcr.io/wso2/api-platform/helm-charts/gateway --version 1.1.4OCI Registry
oci://ghcr.io/wso2/api-platform/helm-charts/gateway:1.1.4
WSO2 API Platform Developer Portal 0.2.0 Released
Overview
The WSO2 API Platform Developer Portal is a multi-organisation API developer portal. This release introduces SQLite as the default database, enhancing ease of setup and deployment, while continuing to support PostgreSQL. It also includes enhanced gateway webhook capabilities, Design Mode support for real-time portal customization and preview, improvements to the DevPortal Management REST APIs, and a range of UI and UX enhancements that improve usability and overall user experience.
Quick Start
Refer to the quick start guide on creating a WebSub API and performing WebHook deliveries to subscribers.
Documentation
For complete documentation on all features and capabilities, see the Developer Portal Documentation.
What’s New in This Release
Features
- SQLite Support: Added SQLite as the default database option, alongside existing PostgreSQL support, simplifying local development and lightweight deployments.
- Gateway Webhook Enhancements: Expanded webhook capabilities to support gateway subscription lifecycle events and API key management events, enabling improved integrations and automation.
- Design Mode Support: Introduced Design Mode, allowing administrators to develop, customize, and preview API portal pages and organization-wide themes in real time before publishing.
- DevPortal Management API Improvements: Enhanced the OpenAPI specification for the DevPortal Management REST API, providing more complete and accurate API documentation and client-generation support.
- UI/UX Enhancements: Delivered a range of user interface and user experience improvements across the platform to improve usability, consistency, and overall user productivity.
Known Issues
All the open issues pertaining to WSO2 API Platform are reported here.
How To Contribute
Your feedback is most welcome!
Community
You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/
Reporting Issues
We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform Gateway through WSO2 API Platform GIT Issues.
And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.
Event Gateway Helm Chart 0.9.0
Event Gateway Helm Chart Release 0.9.0
App Version: 0.9.0
Installation
helm install my-event-gateway oci://ghcr.io/wso2/api-platform/helm-charts/event-gateway --version 0.9.0OCI Registry
oci://ghcr.io/wso2/api-platform/helm-charts/event-gateway:0.9.0
WSO2 API Platform Event Gateway 0.9.0 Released
Overview
The WSO2 API Platform Event Gateway is a native gateway designed to support Protocol Mediation use cases for Event-Driven Architectures.
Quick Start
Refer to the quick start guide, and follow one of the following walkthroughs based on your use case.
- WebSub API Walkthrough: Create a WebSub API and perform WebHook deliveries to subscribers.
- WebBroker API Walkthrough: Create a WebBroker API and send messages bidirectionally between a WebSocket client and a Kafka broker.
Documentation
For complete documentation on all features and capabilities, see the Event Gateway Documentation.
See details of all the changes including features, improvements, and bug fixes
What’s New in This Release
- Content Delivery Payload Validation for WebSub APIs
- Bug fixes and improvements for WebBroker APIs
Known Issues
All the open issues pertaining to WSO2 API Platform are reported here.
How To Contribute
Your feedback is most welcome!
Community
You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/
Reporting Issues
We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform Gateway through WSO2 API Platform GIT Issues.
And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.
WSO2 API Platform AI Workspace 0.1.0 Released
Overview
The WSO2 API Platform AI Workspace is the control plane for AI Gateway runtimes. This release introduces a centralized management interface for platform teams to register AI gateways, configure LLM providers, publish application-facing proxies, govern MCP servers, and enforce AI-specific policies, all without working directly with the Gateway-Controller API.
Quick Start
Refer to the Getting Started guide to register your first AI Gateway, connect an LLM provider, and invoke it via an AI SDK.
What's New in This Release
Features
- AI Gateways — Register and manage AI Gateway runtimes, generate registration tokens, and track connectivity and deployment status across environments.
- LLM Providers — Centralize credential management and governance for OpenAI, Anthropic, Azure OpenAI, Azure AI Foundry, Gemini, and Mistral AI (AWS Bedrock coming soon).
- App LLM Proxies — Publish isolated, application-facing endpoints on top of providers with independent API keys, guardrails, rate limits, and exposed resources per Gen AI app or agent.
- GenAI Applications — Group API keys under a named application to track token consumption, request volume, latency, and cost per workload in Insights.
- MCP Proxies — Expose and govern Model Context Protocol servers through connected gateways with authentication, authorization, and access-control policies.
- Guardrails — Enforce content safety and compliance with Semantic Prompt Guard, PII Masking, Azure Content Safety, and Word/Sentence Count guardrails.
- Rate Limiting — Cap token consumption and enforce monetary spending budgets (e.g., $10/hour) at the provider or proxy level.
- Other Policies — Control traffic behavior with Model Round Robin, Prompt Decorator, Prompt Template, Semantic Cache, and Basic Rate Limit policies.
- Insights — Monitor request volume, latency, token usage, cost, error rates, and guardrail interventions via Moesif analytics dashboard by following the guide for integration with Moesif.
- SDK Support — Invoke providers and proxies using OpenAI, Anthropic, Gemini, Mistral, and Azure SDKs with full streaming support across all integrations.
- Custom AI Policies — Write and deploy custom AI policies for the self-hosted gateway using the Policy Hub.
- Authentication — Ship with file-based login for quick evaluation, or integrate with any IDP (Asgardeo,, Thunder, and more) for production use.
- Multi-Tenancy — Leverage your IDP's native B2B capabilities (Asgardeo sub-organizations) to isolate and manage multiple tenants.
Known Issues
All the open issues pertaining to WSO2 API Platform are reported here.
How To Contribute
Your feedback is most welcome!
Community
You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/
Reporting Issues
We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform Gateway through WSO2 API Platform GIT Issues.
And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.
Gateway Helm Chart 1.1.3
Gateway Helm Chart Release 1.1.3
App Version: 1.1.0
Installation
helm install my-gateway oci://ghcr.io/wso2/api-platform/helm-charts/gateway --version 1.1.3OCI Registry
oci://ghcr.io/wso2/api-platform/helm-charts/gateway:1.1.3