WSO2 Integration
WSO2 API Manager 4.6
Design, Publish, Secure & Monitor Enterprise APIs — including AI for API Management
Course Overview
WSO2 API Manager 4.6 is the leading open-source enterprise API management platform. This programme covers the full API lifecycle — from design and publishing through to security, analytics, monetisation, and AI-driven API management — structured around the official WSO2 training curriculum (APIM46DF + APIM46DA).
The first half (Fundamentals, 6 sessions) focuses on using all API Manager features without product extension. The second half (Advanced, 6 sessions) covers extending the product, Kubernetes and Docker deployments, CI/CD pipelines, and deep security configurations. Includes preparation for the official WSO2 API Manager Developer certification.
Learning Outcomes
- Create and publish REST, SOAP, GraphQL, WebSocket, and AI/LLM APIs
- Configure rate limiting, caching, threat protection, and schema validation
- Implement OAuth 2.0, API Key, Mutual SSL, and JWT authentication
- Use AI tools: API Design Assistant, Marketplace Assistant, AI Gateway & Multi-Model Routing
- Deploy API Manager on Kubernetes and Docker with production patterns
- Build CI/CD pipelines for APIs using API Controller and Jenkins
- Extend API Manager with custom handlers, grant types, and workflow extensions
- Configure API monetisation, analytics dashboards, and real-time alerts
Curriculum
Based on the official WSO2 API Manager 4.6 Developer Fundamentals (APIM46DF) and Developer Advanced (APIM46DA) course outlines.
- Architecture & terminology — components and their roles
- API creation: REST, SOAP, GraphQL, WebSocket, AI/LLM APIs
- API Publisher: managing APIs, versioning, API Products
- Developer Portal: visibility, subscriptions, grant types, client SDKs
- API Controller (DevFirst approach) — creating and migrating APIs across environments
- Labs: Create and publish an API; Create a WebSocket API; Migrate APIs with API Controller
- Product administration: user management, user stores, multitenancy
- API security: OAuth 2.0, API Key, Mutual SSL, Basic Auth, JWT, XACML scopes
- Bot detection, schema validation, encrypted secure endpoints, GDPR
- Keystores, transport-level security, Mutual SSL configuration
- Rate limiting policies — traffic manager, throttling, rate-limit tiers
- API Governance framework
- Labs: Rate limiting; Secure endpoints; Tenant configuration; LDAP user store
- API Gateway architecture — request flow, gateway environments, federation
- Caching and artifact synchronisation across multi-gateway deployments
- AI for API Management: API Design Assistant, Marketplace Assistant, API Chat
- AI Gateway & Multi-Model Routing using AI policies
- Analytics: dashboards, alerts, reporting, real-time statistics
- API monetisation: billing model and monetisation workflow
- Labs: Runtime analytics; Real-time alerts; Using published REST APIs
- Key Management: token generation, revocation, third-party key managers
- OAuth 2.0 advanced: self-contained JWTs, OIDC, JSON schema validation, threat protection
- Mediation extensions, custom handlers, custom grant types
- Customising JWT generation, scope validation, and API lifecycles
- Workflow extensions and reverse proxy configuration
- Developer Portal branding, theme overrides, UI customisation
- Labs: XACML fine-grained access; Custom handler; Workflow extensions; Portal customisation
- Rate limiting architecture: active-active deployment patterns
- Deploying API Manager in distributed and single-node configurations
- Deploying API Manager on Docker — images, containers vs VMs
- Deploying API Manager on Kubernetes — ingress, production deployment
- Debugging: wire logs, logging configuration, observability
- Performance tuning: OS, JVM, registry indexing, scalability
- Labs: Deploy Pattern #1; Kubernetes cluster deployment
- Building a CI/CD strategy for APIs using API Controller CLI
- Jenkins CI/CD pipeline integration with API Controller
- APK gateway onboarding; publishing Integrations to API Manager
- Developer exam preparation: API lifecycle, documentation, throttling, subscription management
- Mock exam scenarios: SOAP/JSON conversion, Swagger-to-API publishing, API products
- Labs: GIT-based CI/CD pipeline; Validate API Manager environment
Assessments & Grading
| Assessment | Type | Weight |
|---|---|---|
| Session Labs | Practical exercises per session | 25% |
| Mid-programme Project | Full API deployment scenario | 25% |
| CI/CD Pipeline Assignment | Jenkins + API Controller setup | 20% |
| Certification Mock Exam | Developer exam preparation | 30% |
Pinuno Academy Certificate + WSO2 Vendor Certification Prep
Graduates receive a Pinuno Academy completion certificate. This course follows the APIM46DF and APIM46DA certification tracks, preparing you to sit the official WSO2 API Manager exams — taken directly with WSO2. Pinuno Academy is staffed by certified WSO2 engineers.
Prerequisites
- OAuth 2.0 fundamentals
- Understanding of REST APIs and HTTP
- Familiarity with XML and JSON
- Java programming skills (for Advanced sessions)
Software Used
- WSO2 API Manager 4.6.0
- WSO2 Identity Server 7.2.0
- API Controller (apictl)
- Rancher Desktop (Kubernetes)
- MySQL, Maven, cURL, NGINX
WSO2 products require at least 4 GB RAM — 8 GB recommended. Three free options that meet this requirement.
Related Courses
Who Should Attend
- Software engineers building API-driven systems
- Integration developers working with enterprise platforms
- DevOps engineers managing API gateway and Kubernetes deployments
- IT architects seeking WSO2 API Manager certification