Skip to content

Releases: wso2/api-platform

WSO2 API Platform AI Workspace v1.0.0-alpha2 Released

Choose a tag to compare

Overview

The WSO2 API Platform AI Workspace is the control plane for AI Gateway runtimes. This release introduces a centralized management interface for platform teams to register AI gateways, configure LLM providers, publish application-facing proxies, govern MCP servers, and enforce AI-specific policies, all without working directly with the Gateway-Controller API.

Quick Start

Refer to the Getting Started guide to register your first AI Gateway, connect an LLM provider, and invoke it via an AI SDK.

Documentation

For complete documentation on all features and capabilities, see the AI Workspace Documentation.

What's New in This Release

Features

  • AI Gateways - Register and manage AI Gateway runtimes, generate registration tokens, and track connectivity and deployment status across environments.

  • LLM Providers - Centralize credential management and governance for OpenAI, Anthropic, Azure OpenAI, Azure AI Foundry, Gemini, and Mistral AI (AWS Bedrock coming soon).

  • Custom LLM Provider Templates - Create reusable custom LLM provider templates directly from the AI Workspace UI to onboard any compatible LLM provider beyond the built-in catalog (such as DeepSeek, Groq, or Novita).

  • App LLM Proxies - Publish isolated, application-facing endpoints on top of providers with independent API keys, guardrails, rate limits, and exposed resources per Gen AI app or agent.

  • MCP Proxies - Expose and govern Model Context Protocol servers through connected gateways with authentication, authorization, and access-control policies.

  • Gateway-Synchronized Read-Only View - View LLM Providers, Provider Templates, LLM Proxies, and MCP Proxies in AI Workspace as read-only resources synchronized from connected AI Gateways.

  • GenAI Applications - Group API keys under a named application to track token consumption, request volume, latency, and cost per workload in Insights.

  • Guardrails - Enforce content safety and compliance with Semantic Prompt Guard, PII Masking, Azure Content Safety, and Word/Sentence Count guardrails.

  • Rate Limiting - Cap token consumption and enforce monetary spending budgets (e.g., $10/hour) at the provider or proxy level.

  • Other Policies - Control traffic behavior with Model Round Robin, Prompt Decorator, Prompt Template, Semantic Cache, and Basic Rate Limit policies.

  • Insights - Monitor request volume, latency, token usage, cost, error rates, and guardrail interventions via Moesif analytics dashboard by following the guide for integration with Moesif.

  • Configuration Interpolation - Added support for template-based configuration values using {{ env }} and {{ file }} tokens, allowing dynamic resolution of environment variables and file-based secrets at runtime. Users can define their own environment variable names for flexible deployments, with fail-closed validation to prevent startup when required values cannot be resolved.

Known Issues

All the open issues pertaining to WSO2 API Platform are reported here.

How To Contribute

Your feedback is most welcome!

Community

You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/

Reporting Issues

We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform Gateway through WSO2 API Platform GIT Issues.

And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.

WSO2 API Platform Controller (ap) v0.9.0 is Released!

Choose a tag to compare

@github-actions github-actions released this 16 Jul 12:34

Overview

The WSO2 API Platform CLI (ap) is a command-line tool for managing and interacting with the WSO2 API Platform. It provides capabilities to deploy API configurations, customize gateway policies, and manage platform resources.

Quick Start

Get started with the Quick Start Guide to install and configure the CLI.

Documentation

For complete documentation on all features and capabilities, see the CLI Documentation.

Known Issues

All the open issues pertaining to WSO2 API Platform CLI are reported here.

How To Contribute

Your feedback is most welcome!

Community

You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/

Reporting Issues

We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform CLI through WSO2 API Platform GIT Issues.

And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.

WSO2 API Platform AI Gateway 1.2.0-Alpha2 Released!

Choose a tag to compare

Overview

The WSO2 API Platform AI Gateway is an AI-native gateway designed to securely manage and optimize AI traffic. It provides two core capabilities:

  • LLM Gateway - Proxy and secure traffic to Large Language Model (LLM) providers with built-in guardrails, prompt management, and cost optimization capabilities
  • MCP Gateway - Proxy and secure Model Context Protocol (MCP) servers with authentication support per the MCP specification

What's New

Gateway Features & Improvements

  • Multi Provider routing
  • Traffic Logging Support
  • Adding Timeout Functionality Support
  • MSSQL Support for Gateway
  • Multiple virtual host support — The endpoints array replaces the single vhost field, allowing a gateway to expose multiple virtual hosts simultaneously (#2128)
  • upstreamDefinitions URL improvements — Upstream definition URLs now correctly support query strings and path fragments (#2068)
  • Analytics payload controlanalytics.allow_payloads is now split into separate request-body and response-body flags for finer-grained control (#2095)
  • Kubernetes Gateway API Conformance Support #2103

New Policies

  • Opaque Token Authentication — New policy for validating opaque (reference) tokens via token introspection
  • Backend JWT — New policy for generating and injecting backend JWTs into upstream requests (#2131)
  • AWS Authentication - Policy signs outbound requests to AWS-hosted backends

Rate Limiting Improvements

  • Redis-backed distributed rate limiting — New redis-local-async backend mode for high-throughput distributed rate limiting (#2142)
  • Shared Redis client — Rate-limit policy instances now share a single Redis client, reducing connection overhead (#2143)

Quick Start

Choose the quick start guide based on your use case:

  • LLM Gateway - Proxy and route traffic to LLM providers like OpenAI
  • MCP Gateway - Proxy and expose your MCP servers

Documentation

For complete documentation on all features and capabilities, see the AI Gateway Documentation.

See details of all the changes including features, improvements, and bug fixes

Known Issues

All the open issues pertaining to WSO2 API Platform are reported here.

How To Contribute

Your feedback is most welcome!

Community

You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/

Reporting Issues

We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform Gateway through WSO2 API Platform GIT Issues.

And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.

WSO2 API Platform Gateway 1.2.0-Alpha Released!

Choose a tag to compare

@Krishanx92 Krishanx92 released this 13 Jul 15:35

Overview

The WSO2 API Platform Gateway is a modern, Envoy-based gateway designed to provide high-performance API traffic management with a unified, policy-driven model. The gateway consists of the following core components:

  • Gateway Runtime
    Handles all inbound and outbound API traffic, routing requests to the appropriate backend services. This includes a centralized execution engine that applies gateway policies such as authentication, authorization, rate limiting, and other runtime behaviors.

  • Gateway Controller
    A control-plane component responsible for configuring Envoy routes, managing policy attachments, and reconciling API-related resources.

What's New

Gateway Features & Improvements

  • Traffic Logging Support
  • Adding Timeout Functionality Support
  • MSSQL Support for Gateway
  • Multiple virtual host support — The endpoints array replaces the single vhost field, allowing a gateway to expose multiple virtual hosts simultaneously (#2128)
  • upstreamDefinitions URL improvements — Upstream definition URLs now correctly support query strings and path fragments (#2068)
  • Analytics payload controlanalytics.allow_payloads is now split into separate request-body and response-body flags for finer-grained control (#2095)
  • Kubernetes Gateway API Conformance Support #2103

New Policies

  • Opaque Token Authentication — New policy for validating opaque (reference) tokens via token introspection
  • Backend JWT — New policy for generating and injecting backend JWTs into upstream requests (#2131)
  • AWS Authentication - Policy signs outbound requests to AWS-hosted backends

Rate Limiting Improvements

  • Redis-backed distributed rate limiting — New redis-local-async backend mode for high-throughput distributed rate limiting (#2142)
  • Shared Redis client — Rate-limit policy instances now share a single Redis client, reducing connection overhead (#2143)

Quick Start

Get started with the Quick Start Guide to deploy and configure your first API proxy.

Documentation

For complete documentation on all features and capabilities, see the Gateway Documentation.

See details of all the changes including features, improvements, and bug fixes

Known Issues

All the open issues pertaining to WSO2 API Platform are reported here.

How To Contribute

Your feedback is most welcome!

Community

You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/

Reporting Issues

We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform Gateway through WSO2 API Platform GIT Issues.

And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.

WSO2 API Platform AI Gateway 1.2.0-Alpha Released!

Choose a tag to compare

Overview

The WSO2 API Platform AI Gateway is an AI-native gateway designed to securely manage and optimize AI traffic. It provides two core capabilities:

  • LLM Gateway - Proxy and secure traffic to Large Language Model (LLM) providers with built-in guardrails, prompt management, and cost optimization capabilities
  • MCP Gateway - Proxy and secure Model Context Protocol (MCP) servers with authentication support per the MCP specification

What's New

Gateway Features & Improvements

  • Multi Provider routing
  • Traffic Logging Support
  • Adding Timeout Functionality Support
  • MSSQL Support for Gateway
  • Multiple virtual host support — The endpoints array replaces the single vhost field, allowing a gateway to expose multiple virtual hosts simultaneously (#2128)
  • upstreamDefinitions URL improvements — Upstream definition URLs now correctly support query strings and path fragments (#2068)
  • Analytics payload controlanalytics.allow_payloads is now split into separate request-body and response-body flags for finer-grained control (#2095)
  • Kubernetes Gateway API Conformance Support #2103

New Policies

  • Opaque Token Authentication — New policy for validating opaque (reference) tokens via token introspection
  • Backend JWT — New policy for generating and injecting backend JWTs into upstream requests (#2131)
  • AWS Authentication - Policy signs outbound requests to AWS-hosted backends

Rate Limiting Improvements

  • Redis-backed distributed rate limiting — New redis-local-async backend mode for high-throughput distributed rate limiting (#2142)
  • Shared Redis client — Rate-limit policy instances now share a single Redis client, reducing connection overhead (#2143)

Quick Start

Choose the quick start guide based on your use case:

  • LLM Gateway - Proxy and route traffic to LLM providers like OpenAI
  • MCP Gateway - Proxy and expose your MCP servers

Documentation

For complete documentation on all features and capabilities, see the AI Gateway Documentation.

See details of all the changes including features, improvements, and bug fixes

Known Issues

All the open issues pertaining to WSO2 API Platform are reported here.

How To Contribute

Your feedback is most welcome!

Community

You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/

Reporting Issues

We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform Gateway through WSO2 API Platform GIT Issues.

And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.

Gateway Helm Chart 1.1.5

Choose a tag to compare

@api-platform-bot api-platform-bot released this 13 Jul 16:14
b4922e7

Gateway Helm Chart Release 1.1.5

App Version: 1.1.0

Installation

helm install my-gateway oci://ghcr.io/wso2/api-platform/helm-charts/gateway --version 1.1.5

OCI Registry

oci://ghcr.io/wso2/api-platform/helm-charts/gateway:1.1.5

WSO2 API Platform Developer Portal v1.0.0-alpha Released

Choose a tag to compare

Overview

The WSO2 API Platform Developer Portal is a multi-organization API developer portal that lets API consumers discover, subscribe to, and consume APIs and MCP servers across organizations. It also contains a webhook-based, eventing mechanism to stay control-plane and gateway agnostic — emitting signed events for API key, application, and subscription plan changes that any compliant backend can subscribe to and act on.

Quick Start

Refer to the quick start guide to spin up the Developer Portal locally and explore the API catalog with sample APIs.

Documentation

For complete documentation on all features and capabilities, see the Developer Portal Documentation.

What’s New in This Release

Features

  • Platform API-backed local authentication for demo mode: the built-in login form now authenticates against the Platform API sidecar and receives a signed JWT.
  • OIDC authentication support: adds OIDC login alongside local authentication, with per-scope role and group mapping.
  • MCP server management APIs: new endpoints for registering and managing MCP servers.
  • Webhook subscriber management: organizations can register subscribers to receive signed delivery events for API key, application, and subscription plan changes, along with a new UI for managing those subscribers.
  • Lightweight webhook delivery: improved to push events to subscribers in real time with at-most-once, fire-and-forget semantics.
  • API key–application association: link API keys to specific applications to support usage-based analytics in the future.
  • Improved subscription plan management: introduces a new plan limit configuration model.
  • Subscription token regeneration and plan changes: subscribers can regenerate subscription tokens and switch between subscription plans.
  • Admin UI: a dedicated administrative interface for managing organizations, workflows, webhook subscribers and other portal configuration.
  • Sample API/MCP seeding UI: one-click seeding of sample APIs and MCP servers for evaluation environments.
  • Audit trail: audit tracking added across API metadata, applications, and subscriptions.

Improvements

  • Overall UI/UX revamp: refreshed design across the Developer Portal.
  • Database schema overhaul: tables and columns standardized on snake_case, pluralized names, and consistent primary-key/UUID conventions across the platform.
  • REST API overhaul: endpoints refactored to use handles consistently, with standardized DTO property names and error response shapes.

Known Issues

All the open issues pertaining to WSO2 API Platform are reported here.

How To Contribute

Your feedback is most welcome!

Community

You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/

Reporting Issues

We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform Gateway through WSO2 API Platform GIT Issues.

And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.

WSO2 API Platform Gateway 1.2.0-M1 Released!

Choose a tag to compare

@renuka-fernando renuka-fernando released this 02 Jul 13:44

Overview

The WSO2 API Platform Gateway is a modern, Envoy-based gateway designed to provide high-performance API traffic management with a unified, policy-driven model. The gateway consists of the following core components:

  • Gateway Runtime
    Handles all inbound and outbound API traffic, routing requests to the appropriate backend services. This includes a centralized execution engine that applies gateway policies such as authentication, authorization, rate limiting, and other runtime behaviors.

  • Gateway Controller
    A control-plane component responsible for configuring Envoy routes, managing policy attachments, and reconciling API-related resources.

What's New

New Policies

  • Opaque Token Authentication — New policy for validating opaque (reference) tokens via token introspection
  • Backend JWT — New policy for generating and injecting backend JWTs into upstream requests (#2131)

Rate Limiting Improvements

  • Redis-backed distributed rate limiting — New redis-local-async backend mode for high-throughput distributed rate limiting (#2142)
  • Shared Redis client — Rate-limit policy instances now share a single Redis client, reducing connection overhead (#2143)

Gateway Features & Improvements

  • Multiple virtual host support — The endpoints array replaces the single vhost field, allowing a gateway to expose multiple virtual hosts simultaneously (#2128)
  • upstreamDefinitions URL improvements — Upstream definition URLs now correctly support query strings and path fragments (#2068)
  • Analytics payload controlanalytics.allow_payloads is now split into separate request-body and response-body flags for finer-grained control (#2095)

Quick Start

Get started with the Quick Start Guide to deploy and configure your first API proxy.

Documentation

For complete documentation on all features and capabilities, see the Gateway Documentation.

See details of all the changes including features, improvements, and bug fixes

Known Issues

All the open issues pertaining to WSO2 API Platform are reported here.

How To Contribute

Your feedback is most welcome!

Community

You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/

Reporting Issues

We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform Gateway through WSO2 API Platform GIT Issues.

And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.

WSO2 API Platform AI Workspace v1.0.0-alpha Released

Choose a tag to compare

Overview

The WSO2 API Platform AI Workspace is the control plane for AI Gateway runtimes. This release introduces a centralized management interface for platform teams to register AI gateways, configure LLM providers, publish application-facing proxies, govern MCP servers, and enforce AI-specific policies, all without working directly with the Gateway-Controller API.

Quick Start

Refer to the Getting Started guide to register your first AI Gateway, connect an LLM provider, and invoke it via an AI SDK.

Documentation

For complete documentation on all features and capabilities, see the AI Workspace Documentation.

What's New in This Release

Features

  • AI Gateways — Register and manage AI Gateway runtimes, generate registration tokens, and track connectivity and deployment status across environments.

  • LLM Providers — Centralize credential management and governance for OpenAI, Anthropic, Azure OpenAI, Azure AI Foundry, Gemini, and Mistral AI (AWS Bedrock coming soon).

  • Custom LLM Provider Templates - Create reusable custom LLM provider templates directly from the AI Workspace UI to onboard any compatible LLM provider beyond the built-in catalog (such as DeepSeek, Groq, or Novita).

  • App LLM Proxies — Publish isolated, application-facing endpoints on top of providers with independent API keys, guardrails, rate limits, and exposed resources per Gen AI app or agent.

  • MCP Proxies — Expose and govern Model Context Protocol servers through connected gateways with authentication, authorization, and access-control policies.

  • Gateway-Synchronized Read-Only View - View LLM Providers, Provider Templates, LLM Proxies, and MCP Proxies in AI Workspace as read-only resources synchronized from connected AI Gateways.

  • GenAI Applications — Group API keys under a named application to track token consumption, request volume, latency, and cost per workload in Insights.

  • Guardrails — Enforce content safety and compliance with Semantic Prompt Guard, PII Masking, Azure Content Safety, and Word/Sentence Count guardrails.

  • Rate Limiting — Cap token consumption and enforce monetary spending budgets (e.g., $10/hour) at the provider or proxy level.

  • Other Policies — Control traffic behavior with Model Round Robin, Prompt Decorator, Prompt Template, Semantic Cache, and Basic Rate Limit policies.

  • Insights — Monitor request volume, latency, token usage, cost, error rates, and guardrail interventions via Moesif analytics dashboard by following the guide for integration with Moesif.

Known Issues

All the open issues pertaining to WSO2 API Platform are reported here.

How To Contribute

Your feedback is most welcome!

Community

You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/

Reporting Issues

We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform Gateway through WSO2 API Platform GIT Issues.

And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.

WSO2 API Platform AI Gateway 1.2.0-M1 Released!

Choose a tag to compare

Overview

The WSO2 API Platform AI Gateway is an AI-native gateway designed to securely manage and optimize AI traffic. It provides two core capabilities:

  • LLM Gateway - Proxy and secure traffic to Large Language Model (LLM) providers with built-in guardrails, prompt management, and cost optimization capabilities
  • MCP Gateway - Proxy and secure Model Context Protocol (MCP) servers with authentication support per the MCP specification

What's New

New Policies

  • Opaque Token Authentication — New policy for validating opaque (reference) tokens via token introspection
  • Backend JWT — New policy for generating and injecting backend JWTs into upstream requests (#2131)

Rate Limiting Improvements

  • Redis-backed distributed rate limiting — New redis-local-async backend mode for high-throughput distributed rate limiting (#2142)
  • Shared Redis client — Rate-limit policy instances now share a single Redis client, reducing connection overhead (#2143)

Gateway Features & Improvements

  • Multiple virtual host support — The endpoints array replaces the single vhost field, allowing a gateway to expose multiple virtual hosts simultaneously (#2128)
  • upstreamDefinitions URL improvements — Upstream definition URLs now correctly support query strings and path fragments (#2068)
  • Analytics payload controlanalytics.allow_payloads is now split into separate request-body and response-body flags for finer-grained control (#2095)

Quick Start

Choose the quick start guide based on your use case:

  • LLM Gateway - Proxy and route traffic to LLM providers like OpenAI
  • MCP Gateway - Proxy and expose your MCP servers

Documentation

For complete documentation on all features and capabilities, see the AI Gateway Documentation.

See details of all the changes including features, improvements, and bug fixes

Known Issues

All the open issues pertaining to WSO2 API Platform are reported here.

How To Contribute

Your feedback is most welcome!

Community

You can use our Discord Channel and Stackoverflow Collective to engage with a wider audience https://wso2.com/community/

Reporting Issues

We encourage you to report issues, improvements, and feature requests regarding WSO2 API Platform Gateway through WSO2 API Platform GIT Issues.

And please be advised that security issues must be reported to security@wso2.com, not as a GitHub issue, in order to reach the proper audience. We strongly advise following the WSO2 Security Vulnerability Reporting Guidelines when reporting security issues.