Skip to content

Releases: wso2/api-platform

WSO2 API Platform Developer Portal v1.0.0-alpha Released

Choose a tag to compare

Overview

The WSO2 API Platform Developer Portal is a multi-organization API developer portal that lets API consumers discover, subscribe to, and consume APIs and MCP servers across organizations. It also contains a webhook-based, eventing mechanism to stay control-plane and gateway agnostic — emitting signed events for API key, application, and subscription plan changes that any compliant backend can subscribe to and act on.

Quick Start

Refer to the quick start guide to spin up the Developer Portal locally and explore the API catalog with sample APIs.

Documentation

For complete documentation on all features and capabilities, see the Developer Portal Documentation.

What’s New in This Release

Features

  • Platform API-backed local authentication for demo mode: the built-in login form now authenticates against the Platform API sidecar and receives a signed JWT.
  • OIDC authentication support: adds OIDC login alongside local authentication, with per-scope role and group mapping.
  • MCP server management APIs: new endpoints for registering and managing MCP servers.
  • Webhook subscriber management: organizations can register subscribers to receive signed delivery events for API key, application, and subscription plan changes, along with a new UI for managing those subscribers.
  • Lightweight webhook delivery: improved to push events to subscribers in real time with at-most-once, fire-and-forget semantics.
  • API key–application association: link API keys to specific applications to support usage-based analytics in the future.
  • Improved subscription plan management: introduces a new plan limit configuration model.
  • Subscription token regeneration and plan changes: subscribers can regenerate subscription tokens and switch between subscription plans.
  • Admin UI: a dedicated administrative interface for managing organizations, workflows, webhook subscribers and other portal configuration.
  • Sample API/MCP seeding UI: one-click seeding of sample APIs and MCP servers for evaluation environments.
  • Audit trail: audit tracking added across API metadata, applications, and subscriptions.

Improvements

  • Overall UI/UX revamp: refreshed design across the Developer Portal.
  • Database schema overhaul: tables and columns standardized on snake_case, pluralized names, and consistent primary-key/UUID conventions across the platform.
  • REST API overhaul: endpoints refactored to use handles consistently, with standardized DTO property names and error response shapes.

Known Issues

All the open issues pertaining to WSO2 API Platform are reported here.

How To Contribute

Your feedback is most welcome!

Community

You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/

Reporting Issues

We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform Gateway through WSO2 API Platform GIT Issues.

And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.

WSO2 API Platform Gateway 1.2.0-M1 Released!

Choose a tag to compare

@renuka-fernando renuka-fernando released this 02 Jul 13:44

Overview

The WSO2 API Platform Gateway is a modern, Envoy-based gateway designed to provide high-performance API traffic management with a unified, policy-driven model. The gateway consists of the following core components:

  • Gateway Runtime
    Handles all inbound and outbound API traffic, routing requests to the appropriate backend services. This includes a centralized execution engine that applies gateway policies such as authentication, authorization, rate limiting, and other runtime behaviors.

  • Gateway Controller
    A control-plane component responsible for configuring Envoy routes, managing policy attachments, and reconciling API-related resources.

What's New

New Policies

  • Opaque Token Authentication — New policy for validating opaque (reference) tokens via token introspection
  • Backend JWT — New policy for generating and injecting backend JWTs into upstream requests (#2131)

Rate Limiting Improvements

  • Redis-backed distributed rate limiting — New redis-local-async backend mode for high-throughput distributed rate limiting (#2142)
  • Shared Redis client — Rate-limit policy instances now share a single Redis client, reducing connection overhead (#2143)

Gateway Features & Improvements

  • Multiple virtual host support — The endpoints array replaces the single vhost field, allowing a gateway to expose multiple virtual hosts simultaneously (#2128)
  • upstreamDefinitions URL improvements — Upstream definition URLs now correctly support query strings and path fragments (#2068)
  • Analytics payload controlanalytics.allow_payloads is now split into separate request-body and response-body flags for finer-grained control (#2095)

Quick Start

Get started with the Quick Start Guide to deploy and configure your first API proxy.

Documentation

For complete documentation on all features and capabilities, see the Gateway Documentation.

See details of all the changes including features, improvements, and bug fixes

Known Issues

All the open issues pertaining to WSO2 API Platform are reported here.

How To Contribute

Your feedback is most welcome!

Community

You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/

Reporting Issues

We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform Gateway through WSO2 API Platform GIT Issues.

And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.

WSO2 API Platform AI Workspace v1.0.0-alpha Released

Choose a tag to compare

Overview

The WSO2 API Platform AI Workspace is the control plane for AI Gateway runtimes. This release introduces a centralized management interface for platform teams to register AI gateways, configure LLM providers, publish application-facing proxies, govern MCP servers, and enforce AI-specific policies, all without working directly with the Gateway-Controller API.

Quick Start

Refer to the Getting Started guide to register your first AI Gateway, connect an LLM provider, and invoke it via an AI SDK.

Documentation

For complete documentation on all features and capabilities, see the AI Workspace Documentation.

What's New in This Release

Features

  • AI Gateways — Register and manage AI Gateway runtimes, generate registration tokens, and track connectivity and deployment status across environments.

  • LLM Providers — Centralize credential management and governance for OpenAI, Anthropic, Azure OpenAI, Azure AI Foundry, Gemini, and Mistral AI (AWS Bedrock coming soon).

  • Custom LLM Provider Templates - Create reusable custom LLM provider templates directly from the AI Workspace UI to onboard any compatible LLM provider beyond the built-in catalog (such as DeepSeek, Groq, or Novita).

  • App LLM Proxies — Publish isolated, application-facing endpoints on top of providers with independent API keys, guardrails, rate limits, and exposed resources per Gen AI app or agent.

  • MCP Proxies — Expose and govern Model Context Protocol servers through connected gateways with authentication, authorization, and access-control policies.

  • Gateway-Synchronized Read-Only View - View LLM Providers, Provider Templates, LLM Proxies, and MCP Proxies in AI Workspace as read-only resources synchronized from connected AI Gateways.

  • GenAI Applications — Group API keys under a named application to track token consumption, request volume, latency, and cost per workload in Insights.

  • Guardrails — Enforce content safety and compliance with Semantic Prompt Guard, PII Masking, Azure Content Safety, and Word/Sentence Count guardrails.

  • Rate Limiting — Cap token consumption and enforce monetary spending budgets (e.g., $10/hour) at the provider or proxy level.

  • Other Policies — Control traffic behavior with Model Round Robin, Prompt Decorator, Prompt Template, Semantic Cache, and Basic Rate Limit policies.

  • Insights — Monitor request volume, latency, token usage, cost, error rates, and guardrail interventions via Moesif analytics dashboard by following the guide for integration with Moesif.

Known Issues

All the open issues pertaining to WSO2 API Platform are reported here.

How To Contribute

Your feedback is most welcome!

Community

You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/

Reporting Issues

We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform Gateway through WSO2 API Platform GIT Issues.

And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.

WSO2 API Platform AI Gateway 1.2.0-M1 Released!

Choose a tag to compare

Overview

The WSO2 API Platform AI Gateway is an AI-native gateway designed to securely manage and optimize AI traffic. It provides two core capabilities:

  • LLM Gateway - Proxy and secure traffic to Large Language Model (LLM) providers with built-in guardrails, prompt management, and cost optimization capabilities
  • MCP Gateway - Proxy and secure Model Context Protocol (MCP) servers with authentication support per the MCP specification

What's New

New Policies

  • Opaque Token Authentication — New policy for validating opaque (reference) tokens via token introspection
  • Backend JWT — New policy for generating and injecting backend JWTs into upstream requests (#2131)

Rate Limiting Improvements

  • Redis-backed distributed rate limiting — New redis-local-async backend mode for high-throughput distributed rate limiting (#2142)
  • Shared Redis client — Rate-limit policy instances now share a single Redis client, reducing connection overhead (#2143)

Gateway Features & Improvements

  • Multiple virtual host support — The endpoints array replaces the single vhost field, allowing a gateway to expose multiple virtual hosts simultaneously (#2128)
  • upstreamDefinitions URL improvements — Upstream definition URLs now correctly support query strings and path fragments (#2068)
  • Analytics payload controlanalytics.allow_payloads is now split into separate request-body and response-body flags for finer-grained control (#2095)

Quick Start

Choose the quick start guide based on your use case:

  • LLM Gateway - Proxy and route traffic to LLM providers like OpenAI
  • MCP Gateway - Proxy and expose your MCP servers

Documentation

For complete documentation on all features and capabilities, see the AI Gateway Documentation.

See details of all the changes including features, improvements, and bug fixes

Known Issues

All the open issues pertaining to WSO2 API Platform are reported here.

How To Contribute

Your feedback is most welcome!

Community

You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/

Reporting Issues

We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform Gateway through WSO2 API Platform GIT Issues.

And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.

Gateway Helm Chart 1.1.4

Choose a tag to compare

@api-platform-bot api-platform-bot released this 01 Jul 09:53
0266185

Gateway Helm Chart Release 1.1.4

App Version: 1.1.0

Installation

helm install my-gateway oci://ghcr.io/wso2/api-platform/helm-charts/gateway --version 1.1.4

OCI Registry

oci://ghcr.io/wso2/api-platform/helm-charts/gateway:1.1.4

WSO2 API Platform Developer Portal 0.2.0 Released

Choose a tag to compare

@lasanthaS lasanthaS released this 16 Jun 07:09

Overview

The WSO2 API Platform Developer Portal is a multi-organisation API developer portal. This release introduces SQLite as the default database, enhancing ease of setup and deployment, while continuing to support PostgreSQL. It also includes enhanced gateway webhook capabilities, Design Mode support for real-time portal customization and preview, improvements to the DevPortal Management REST APIs, and a range of UI and UX enhancements that improve usability and overall user experience.

Quick Start

Refer to the quick start guide on creating a WebSub API and performing WebHook deliveries to subscribers.

Documentation

For complete documentation on all features and capabilities, see the Developer Portal Documentation.

What’s New in This Release

Features

  • SQLite Support: Added SQLite as the default database option, alongside existing PostgreSQL support, simplifying local development and lightweight deployments.
  • Gateway Webhook Enhancements: Expanded webhook capabilities to support gateway subscription lifecycle events and API key management events, enabling improved integrations and automation.
  • Design Mode Support: Introduced Design Mode, allowing administrators to develop, customize, and preview API portal pages and organization-wide themes in real time before publishing.
  • DevPortal Management API Improvements: Enhanced the OpenAPI specification for the DevPortal Management REST API, providing more complete and accurate API documentation and client-generation support.
  • UI/UX Enhancements: Delivered a range of user interface and user experience improvements across the platform to improve usability, consistency, and overall user productivity.

Known Issues

All the open issues pertaining to WSO2 API Platform are reported here.

How To Contribute

Your feedback is most welcome!

Community

You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/

Reporting Issues

We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform Gateway through WSO2 API Platform GIT Issues.

And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.

Event Gateway Helm Chart 0.9.0

Pre-release

Choose a tag to compare

@api-platform-bot api-platform-bot released this 15 Jun 20:43
aff353d

Event Gateway Helm Chart Release 0.9.0

App Version: 0.9.0

Installation

helm install my-event-gateway oci://ghcr.io/wso2/api-platform/helm-charts/event-gateway --version 0.9.0

OCI Registry

oci://ghcr.io/wso2/api-platform/helm-charts/event-gateway:0.9.0

WSO2 API Platform Event Gateway 0.9.0 Released

Choose a tag to compare

@senthuran16 senthuran16 released this 15 Jun 20:42

Overview

The WSO2 API Platform Event Gateway is a native gateway designed to support Protocol Mediation use cases for Event-Driven Architectures.

Quick Start

Refer to the quick start guide, and follow one of the following walkthroughs based on your use case.

Documentation

For complete documentation on all features and capabilities, see the Event Gateway Documentation.

See details of all the changes including features, improvements, and bug fixes

What’s New in This Release

  • Content Delivery Payload Validation for WebSub APIs
  • Bug fixes and improvements for WebBroker APIs

Known Issues

All the open issues pertaining to WSO2 API Platform are reported here.

How To Contribute

Your feedback is most welcome!

Community

You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/

Reporting Issues

We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform Gateway through WSO2 API Platform GIT Issues.

And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.

WSO2 API Platform AI Workspace 0.1.0 Released

Choose a tag to compare

Overview

The WSO2 API Platform AI Workspace is the control plane for AI Gateway runtimes. This release introduces a centralized management interface for platform teams to register AI gateways, configure LLM providers, publish application-facing proxies, govern MCP servers, and enforce AI-specific policies, all without working directly with the Gateway-Controller API.

Quick Start

Refer to the Getting Started guide to register your first AI Gateway, connect an LLM provider, and invoke it via an AI SDK.

What's New in This Release

Features

  • AI Gateways — Register and manage AI Gateway runtimes, generate registration tokens, and track connectivity and deployment status across environments.
  • LLM Providers — Centralize credential management and governance for OpenAI, Anthropic, Azure OpenAI, Azure AI Foundry, Gemini, and Mistral AI (AWS Bedrock coming soon).
  • App LLM Proxies — Publish isolated, application-facing endpoints on top of providers with independent API keys, guardrails, rate limits, and exposed resources per Gen AI app or agent.
  • GenAI Applications — Group API keys under a named application to track token consumption, request volume, latency, and cost per workload in Insights.
  • MCP Proxies — Expose and govern Model Context Protocol servers through connected gateways with authentication, authorization, and access-control policies.
  • Guardrails — Enforce content safety and compliance with Semantic Prompt Guard, PII Masking, Azure Content Safety, and Word/Sentence Count guardrails.
  • Rate Limiting — Cap token consumption and enforce monetary spending budgets (e.g., $10/hour) at the provider or proxy level.
  • Other Policies — Control traffic behavior with Model Round Robin, Prompt Decorator, Prompt Template, Semantic Cache, and Basic Rate Limit policies.
  • Insights — Monitor request volume, latency, token usage, cost, error rates, and guardrail interventions via Moesif analytics dashboard by following the guide for integration with Moesif.
  • SDK Support — Invoke providers and proxies using OpenAI, Anthropic, Gemini, Mistral, and Azure SDKs with full streaming support across all integrations.
  • Custom AI Policies — Write and deploy custom AI policies for the self-hosted gateway using the Policy Hub.
  • Authentication — Ship with file-based login for quick evaluation, or integrate with any IDP (Asgardeo,, Thunder, and more) for production use.
  • Multi-Tenancy — Leverage your IDP's native B2B capabilities (Asgardeo sub-organizations) to isolate and manage multiple tenants.

Known Issues

All the open issues pertaining to WSO2 API Platform are reported here.

How To Contribute

Your feedback is most welcome!

Community

You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/

Reporting Issues

We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform Gateway through WSO2 API Platform GIT Issues.

And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.

Gateway Helm Chart 1.1.3

Choose a tag to compare

Gateway Helm Chart Release 1.1.3

App Version: 1.1.0

Installation

helm install my-gateway oci://ghcr.io/wso2/api-platform/helm-charts/gateway --version 1.1.3

OCI Registry

oci://ghcr.io/wso2/api-platform/helm-charts/gateway:1.1.3