1 00:00:00,000 --> 00:00:02,200 Let's start with a simple thought experiment. 2 00:00:02,200 --> 00:00:03,900 You use an app on your phone, 3 00:00:03,900 --> 00:00:05,160 maybe tracking a package, right? 4 00:00:05,160 --> 00:00:06,440 Or checking stock prices. 5 00:00:06,440 --> 00:00:09,740 That app isn't, you know, doing all the heavy lifting itself. 6 00:00:09,740 --> 00:00:12,240 It's talking to loads of other services behind the scenes. 7 00:00:12,240 --> 00:00:13,700 And that whole invisible conversation, 8 00:00:13,700 --> 00:00:15,000 the secure data transfer, 9 00:00:15,000 --> 00:00:17,000 the identity checks happening instantly, 10 00:00:17,000 --> 00:00:18,340 that's all APIs. 11 00:00:18,340 --> 00:00:21,800 Managing that huge, ever-growing flow of digital traffic. 12 00:00:21,800 --> 00:00:25,740 Well, that's what makes or breaks a modern business today. 13 00:00:25,740 --> 00:00:27,240 So today we're doing a deep dive 14 00:00:27,240 --> 00:00:29,780 into a platform built specifically for this challenge, 15 00:00:29,780 --> 00:00:32,940 WSO2 API Manager, or WSO2 API M, 16 00:00:32,940 --> 00:00:34,100 as you'll often hear it called. 17 00:00:34,100 --> 00:00:36,200 Our mission really is to give you, the learner, 18 00:00:36,200 --> 00:00:38,740 a clear, jargon-free starting point. 19 00:00:38,740 --> 00:00:40,040 What is this thing? 20 00:00:40,040 --> 00:00:41,500 What are its core parts? 21 00:00:41,500 --> 00:00:43,840 And crucially, why is it such a big deal 22 00:00:43,840 --> 00:00:45,580 for API governance worldwide? 23 00:00:45,580 --> 00:00:46,700 We wanna cut through the tech talk 24 00:00:46,700 --> 00:00:49,980 and understand how it gives organizations full control. 25 00:00:49,980 --> 00:00:52,100 But before we jump into our sources, just a quick word. 26 00:00:52,100 --> 00:00:54,000 This deep dive is brought to you by Safe Server. 27 00:00:54,000 --> 00:00:56,300 Safe Server supports your digital transformation journey 28 00:00:56,300 --> 00:00:58,100 and they're experts at handling the hosting 29 00:00:58,100 --> 00:00:59,580 for complex software like this. 30 00:00:59,580 --> 00:01:02,860 They make sure you've got the solid infrastructure you need. 31 00:01:02,860 --> 00:01:06,340 You can find out more at www.safeserver.de. 32 00:01:06,340 --> 00:01:08,300 Right, and we've got a good stack of materials here. 33 00:01:08,300 --> 00:01:12,420 Our goal, I think, is to take the pieces of WSO2 API 34 00:01:12,420 --> 00:01:15,060 and the gateway, the publisher, the developer portal, 35 00:01:15,060 --> 00:01:16,980 and show how they're not just technical terms, 36 00:01:16,980 --> 00:01:20,340 they're actually clear solutions to real business headaches, 37 00:01:20,340 --> 00:01:22,900 especially around security and scaling things up. 38 00:01:22,900 --> 00:01:24,380 Okay, let's unpack this then. 39 00:01:24,380 --> 00:01:26,900 Our sources describe WSO2 API Manager 40 00:01:26,900 --> 00:01:30,100 as a powerful platform for creating, managing, 41 00:01:30,100 --> 00:01:33,160 consuming, and monitoring web APIs. 42 00:01:33,160 --> 00:01:34,300 But let's get basic. 43 00:01:34,300 --> 00:01:36,060 For someone needing the fundamentals, 44 00:01:36,060 --> 00:01:39,540 what's the simple definition of API management itself? 45 00:01:39,540 --> 00:01:42,320 Fundamentally, API management is the whole process, 46 00:01:42,320 --> 00:01:44,980 the complete governance over an API's entire life. 47 00:01:44,980 --> 00:01:47,660 Think cradle to grave, from the initial idea for an API 48 00:01:47,660 --> 00:01:49,820 right through to when you finally retire it. 49 00:01:49,820 --> 00:01:52,100 WSO2 API I think works so well 50 00:01:52,100 --> 00:01:54,100 because it blends tried and tested principles 51 00:01:54,100 --> 00:01:57,060 like security and reliability with modern demands 52 00:01:57,060 --> 00:01:59,340 like agility and massive scale. 53 00:01:59,340 --> 00:02:02,780 It's really all about keeping control, maintaining security, 54 00:02:02,780 --> 00:02:06,060 and having visibility into all those digital interactions. 55 00:02:06,060 --> 00:02:09,980 And the architecture is central to that control, isn't it? 56 00:02:09,980 --> 00:02:11,340 We keep seeing this phrase, 57 00:02:11,340 --> 00:02:14,020 loosely coupled modules in the reading. 58 00:02:14,020 --> 00:02:16,400 What are the main bits we need to keep in mind? 59 00:02:16,400 --> 00:02:18,060 Yeah, that modular design is key 60 00:02:18,060 --> 00:02:20,180 because it gives everything a clear job. 61 00:02:20,180 --> 00:02:22,380 You really need to focus on three main areas. 62 00:02:22,380 --> 00:02:24,180 First, the API publisher. 63 00:02:24,180 --> 00:02:25,820 I think of this as the control room. 64 00:02:25,820 --> 00:02:29,300 It's where your tech teams define the API, set the rules, 65 00:02:29,300 --> 00:02:31,140 manage its quality, its life cycle. 66 00:02:31,140 --> 00:02:32,380 Got it, the rule maker. 67 00:02:32,380 --> 00:02:33,260 Exactly. 68 00:02:33,260 --> 00:02:35,880 Then second, you've got the API developer portal. 69 00:02:35,880 --> 00:02:38,220 This is more like the shop window, the marketplace. 70 00:02:38,220 --> 00:02:40,640 It's where developers, maybe external partners, 71 00:02:40,640 --> 00:02:42,300 maybe internal teams go to find 72 00:02:42,300 --> 00:02:43,860 and use the services you've built. 73 00:02:43,860 --> 00:02:44,760 The storefront. 74 00:02:44,760 --> 00:02:46,980 And third, the real engine room, 75 00:02:46,980 --> 00:02:49,740 the API gateway and the traffic manager. 76 00:02:49,740 --> 00:02:51,940 This pair acts like the security guard 77 00:02:51,940 --> 00:02:54,160 and the performance cop, basically. 78 00:02:54,160 --> 00:02:56,180 They sit between the person using the API 79 00:02:56,180 --> 00:02:57,500 and your back end service. 80 00:02:57,500 --> 00:03:00,020 They enforce every rule the publisher set up, 81 00:03:00,020 --> 00:03:02,300 and they control the actual flow of data. 82 00:03:02,300 --> 00:03:04,380 That separation makes a lot of sense. 83 00:03:04,380 --> 00:03:05,740 Very clean. 84 00:03:05,740 --> 00:03:08,420 Let's start with the discovery part, the developer portal. 85 00:03:08,420 --> 00:03:09,700 That's the public face. 86 00:03:09,700 --> 00:03:11,940 The sources compare it to an app store, 87 00:03:11,940 --> 00:03:13,540 which is a great mental picture. 88 00:03:13,540 --> 00:03:15,860 Yeah, we found that comparison really useful, too. 89 00:03:15,860 --> 00:03:17,980 Like the Google Play Store or Apple's App Store, 90 00:03:17,980 --> 00:03:22,500 the developer portal offers a graphical, user-friendly way 91 00:03:22,500 --> 00:03:23,000 in. 92 00:03:23,000 --> 00:03:25,940 If you're a developer wanting to use an API, you go there. 93 00:03:25,940 --> 00:03:28,900 You find published, ready-to-go APIs. 94 00:03:28,900 --> 00:03:31,260 You can browse by tags, who provides it, 95 00:03:31,260 --> 00:03:32,460 or just search by name. 96 00:03:32,460 --> 00:03:33,740 So it's not just a list. 97 00:03:33,740 --> 00:03:35,300 Oh, no, it's much more interactive. 98 00:03:35,300 --> 00:03:36,780 Developers can sign themselves up. 99 00:03:36,780 --> 00:03:39,220 They can read detailed documentation. 100 00:03:39,220 --> 00:03:41,620 They can leave comments, rate the APIs. 101 00:03:41,620 --> 00:03:42,340 And this is cool. 102 00:03:42,340 --> 00:03:45,140 They can even try APIs directly on the developer portal, 103 00:03:45,140 --> 00:03:47,100 right there, before writing any code. 104 00:03:47,100 --> 00:03:49,140 Wow, being able to try it right there 105 00:03:49,140 --> 00:03:52,220 must speed things up massively for developers. 106 00:03:52,220 --> 00:03:55,340 But crucial part, access control. 107 00:03:55,340 --> 00:03:59,140 How does the portal manage who gets to use what? 108 00:03:59,140 --> 00:04:00,260 Subscriptions. 109 00:04:00,260 --> 00:04:02,500 Yes, and it's very controlled. 110 00:04:02,500 --> 00:04:05,380 Developers subscribe to APIs per application. 111 00:04:05,380 --> 00:04:07,300 So access isn't just tied to the developer. 112 00:04:07,300 --> 00:04:09,540 It's tied to the specific app they're building. 113 00:04:09,540 --> 00:04:11,780 This is also where they pick service tiers. 114 00:04:11,780 --> 00:04:13,860 If you know you'll hit the API a lot, 115 00:04:13,860 --> 00:04:15,460 you pick a high-volume tier. 116 00:04:15,460 --> 00:04:17,900 If it's just occasional use, maybe a lower one. 117 00:04:17,900 --> 00:04:20,580 This lets the provider manage resources, control load, 118 00:04:20,580 --> 00:04:22,780 and, let's be honest, potentially monetize 119 00:04:22,780 --> 00:04:23,900 their APIs effectively. 120 00:04:23,900 --> 00:04:24,820 Right, makes sense. 121 00:04:24,820 --> 00:04:26,280 So that covers the consumer angle. 122 00:04:26,280 --> 00:04:29,380 Let's flip it back to the control room, the API publisher. 123 00:04:29,380 --> 00:04:32,100 If the portal is the storefront, the publisher 124 00:04:32,100 --> 00:04:34,100 is like the factory floor manager. 125 00:04:34,100 --> 00:04:37,060 What are the key governance jobs done here? 126 00:04:37,060 --> 00:04:39,860 The publisher is all about quality and consistency. 127 00:04:39,860 --> 00:04:42,460 This is where the API teams define new APIs. 128 00:04:42,460 --> 00:04:44,620 Often they'll import an existing definition, 129 00:04:44,620 --> 00:04:47,180 like an open API or swagger file. 130 00:04:47,180 --> 00:04:49,180 And crucially, they manage the lifecycle 131 00:04:49,180 --> 00:04:50,880 with a strong governance model. 132 00:04:50,880 --> 00:04:53,260 That means tight control over versioning, 133 00:04:53,260 --> 00:04:55,740 managing the steps from creation to publishing, 134 00:04:55,740 --> 00:04:58,820 and eventually deprecation and retirement. 135 00:04:58,820 --> 00:05:01,020 This stops that nightmare where developers are suddenly 136 00:05:01,020 --> 00:05:04,320 relying on a service that you secretly pulled offline. 137 00:05:04,320 --> 00:05:05,780 Prevents breaking changes. 138 00:05:05,780 --> 00:05:06,660 Exactly. 139 00:05:06,660 --> 00:05:10,240 And a key function here is supporting API-first design. 140 00:05:10,240 --> 00:05:12,620 This lets the company design the API contract, what 141 00:05:12,620 --> 00:05:15,060 it promises to do, and share that with developers 142 00:05:15,060 --> 00:05:18,100 for feedback before building the expensive backend stuff. 143 00:05:18,100 --> 00:05:19,660 It makes it more collaborative. 144 00:05:19,660 --> 00:05:21,900 And yes, this is also where you manage and hand out 145 00:05:21,900 --> 00:05:24,500 those vital API keys for every consumer, 146 00:05:24,500 --> 00:05:26,140 internal or external. 147 00:05:26,140 --> 00:05:29,060 OK, now let's get to where the rubber meets the road. 148 00:05:29,060 --> 00:05:30,940 Security and performance. 149 00:05:30,940 --> 00:05:33,580 That's the gateway and traffic manager's job. 150 00:05:33,580 --> 00:05:35,260 If the publisher sets the policy, 151 00:05:35,260 --> 00:05:38,300 these two enforce it on every single request. 152 00:05:38,300 --> 00:05:39,260 Precisely. 153 00:05:39,260 --> 00:05:43,540 For access security, WSO2-APIM leans on industry standards, 154 00:05:43,540 --> 00:05:46,220 especially OAuth2 for API access. 155 00:05:46,220 --> 00:05:49,180 It supports complex flows like the authorization code grant 156 00:05:49,180 --> 00:05:51,860 type, so you get robust token-based security. 157 00:05:51,860 --> 00:05:53,260 Standard stuff, but important. 158 00:05:53,260 --> 00:05:53,980 Very. 159 00:05:53,980 --> 00:05:55,820 But the policy enforcement goes deeper. 160 00:05:55,820 --> 00:05:58,340 You can set up really fine-grained security rules, 161 00:05:58,340 --> 00:06:00,580 like you can restrict API access tokens 162 00:06:00,580 --> 00:06:03,500 so they only work if the request comes from certain domains 163 00:06:03,500 --> 00:06:04,780 or IP addresses. 164 00:06:04,780 --> 00:06:06,700 So even if a token gets leaked somehow, 165 00:06:06,700 --> 00:06:09,220 a bad actor probably can't use it from just anywhere. 166 00:06:09,220 --> 00:06:12,060 That level of control is vital for enterprise trust. 167 00:06:12,060 --> 00:06:14,180 That makes sense. 168 00:06:14,180 --> 00:06:15,700 Now, performance. 169 00:06:15,700 --> 00:06:18,300 The sources mentioned sub-millisecond latency 170 00:06:18,300 --> 00:06:22,140 and extremely high-performance pass-through message routing. 171 00:06:22,140 --> 00:06:23,980 That sounds amazing. 172 00:06:23,980 --> 00:06:25,580 But is there a trade-off? 173 00:06:25,580 --> 00:06:28,540 Usually, speed costs you something, doesn't it? 174 00:06:28,540 --> 00:06:29,700 That's a fair question. 175 00:06:29,700 --> 00:06:31,180 In this setup, you're generally not 176 00:06:31,180 --> 00:06:33,580 sacrificing the core security checks for speed. 177 00:06:33,580 --> 00:06:35,340 The speed comes from the design itself. 178 00:06:35,340 --> 00:06:37,940 The gateway is built for high-speed pass-through. 179 00:06:37,940 --> 00:06:40,800 It validates the token, applies security policies, 180 00:06:40,800 --> 00:06:44,580 but it doesn't necessarily unpack and deeply inspect 181 00:06:44,580 --> 00:06:47,740 every single message unless you specifically tell it to. 182 00:06:47,740 --> 00:06:48,660 Ah, OK. 183 00:06:48,660 --> 00:06:49,820 And the traffic manager. 184 00:06:49,820 --> 00:06:52,100 That's the regulator keeping the system healthy. 185 00:06:52,100 --> 00:06:54,780 It enforces rate-limiting and throttling policies 186 00:06:54,780 --> 00:06:56,740 for APIs by consumer. 187 00:06:56,740 --> 00:06:59,220 So if one app suddenly starts hammering your service, 188 00:06:59,220 --> 00:07:01,700 the traffic manager steps in, restricts that app, 189 00:07:01,700 --> 00:07:03,260 but doesn't let the surge bring down 190 00:07:03,260 --> 00:07:04,500 the service for everyone else. 191 00:07:04,500 --> 00:07:06,860 And the whole thing is built to scale horizontally. 192 00:07:06,860 --> 00:07:08,900 That's how it can support millions of developer 193 00:07:08,900 --> 00:07:11,060 servers without grinding to a halt. 194 00:07:11,060 --> 00:07:13,140 That kind of traffic control is essential. 195 00:07:13,140 --> 00:07:16,580 But now it's facing a new challenge, generative AI. 196 00:07:16,580 --> 00:07:19,460 Our sources really highlight that WSO2 API manager 197 00:07:19,460 --> 00:07:21,380 is adapting quickly here. 198 00:07:21,380 --> 00:07:25,420 So how does it handle governing these complex AI workloads, 199 00:07:25,420 --> 00:07:26,900 like from large language models? 200 00:07:26,900 --> 00:07:30,100 Yeah, this is exactly why the AI Gateway component came about. 201 00:07:30,100 --> 00:07:33,500 Governing AI APIs is just different from traditional REST 202 00:07:33,500 --> 00:07:34,300 APIs. 203 00:07:34,300 --> 00:07:36,420 Old APIs move simple data. 204 00:07:36,420 --> 00:07:39,860 AI APIs deal with tokens, prompt engineering, context windows, 205 00:07:39,860 --> 00:07:42,940 and costs that can vary wildly depending on the request. 206 00:07:42,940 --> 00:07:44,740 Right, much more complex interaction. 207 00:07:44,740 --> 00:07:45,580 Totally. 208 00:07:45,580 --> 00:07:48,100 So the platform offers comprehensive governance 209 00:07:48,100 --> 00:07:49,980 for GenAI APIs. 210 00:07:49,980 --> 00:07:52,020 This means specific tools for token management, 211 00:07:52,020 --> 00:07:54,460 setting up guardrails, and managing privacy controls 212 00:07:54,460 --> 00:07:55,380 for LLMs. 213 00:07:55,380 --> 00:07:58,020 Those guardrails are super important for stopping things 214 00:07:58,020 --> 00:07:59,580 like prompt injection attacks, where 215 00:07:59,580 --> 00:08:02,820 someone tries to trick the AI into revealing sensitive info. 216 00:08:02,820 --> 00:08:04,740 And they also help manage costs by limiting, say, 217 00:08:04,740 --> 00:08:06,620 the length of inputs and outputs, which saves 218 00:08:06,620 --> 00:08:08,220 on that expensive compute power. 219 00:08:08,220 --> 00:08:10,300 So it's not just about letting the request through. 220 00:08:10,300 --> 00:08:13,820 It's about managing the risk that comes with this new type 221 00:08:13,820 --> 00:08:15,020 of AI interaction. 222 00:08:15,020 --> 00:08:16,740 And it's good to see the sources mentioned 223 00:08:16,740 --> 00:08:18,380 built-in support for the big players 224 00:08:18,380 --> 00:08:22,340 like OpenAI, Mistral AI, Azure OpenAI. 225 00:08:22,340 --> 00:08:23,380 Absolutely. 226 00:08:23,380 --> 00:08:26,060 And they've even added an AI assistant, Beta. 227 00:08:26,060 --> 00:08:28,500 It uses natural language, conversational AI, 228 00:08:28,500 --> 00:08:31,860 to help developers find and test APIs faster right 229 00:08:31,860 --> 00:08:34,140 inside the developer portal, makes the whole developer 230 00:08:34,140 --> 00:08:35,420 experience smoother. 231 00:08:35,420 --> 00:08:36,540 Nice touch. 232 00:08:36,540 --> 00:08:39,660 OK, now first, something often missed, but as you said, 233 00:08:39,660 --> 00:08:42,620 critical for security, egress API management. 234 00:08:42,620 --> 00:08:44,640 We all get ingress traffic coming in. 235 00:08:44,640 --> 00:08:46,800 But what exactly is egress management, 236 00:08:46,800 --> 00:08:50,780 and why is governing outbound traffic suddenly so important? 237 00:08:50,780 --> 00:08:52,820 Egress management is simply about controlling 238 00:08:52,820 --> 00:08:56,180 the traffic flowing out of your network to external APIs. 239 00:08:56,180 --> 00:08:57,120 Think about it. 240 00:08:57,120 --> 00:08:59,420 In today's world, especially with microservices, 241 00:08:59,420 --> 00:09:00,980 your internal systems are constantly 242 00:09:00,980 --> 00:09:03,660 calling out to third-party services, payment gateways, 243 00:09:03,660 --> 00:09:06,180 mapping tools, those external LLMs we just talked about. 244 00:09:06,180 --> 00:09:08,100 Right, countless external dependencies. 245 00:09:08,100 --> 00:09:09,020 Exactly. 246 00:09:09,020 --> 00:09:10,980 And if you don't manage that outbound traffic, 247 00:09:10,980 --> 00:09:12,300 you have a huge blind spot. 248 00:09:12,300 --> 00:09:16,380 You can't easily spot security issues if data is leaking out. 249 00:09:16,380 --> 00:09:18,280 You can't enforce compliance rules 250 00:09:18,280 --> 00:09:20,540 on data leaving your control. 251 00:09:20,540 --> 00:09:23,340 And importantly, you can't control the costs. 252 00:09:23,340 --> 00:09:25,540 You might have hundreds of internal services 253 00:09:25,540 --> 00:09:28,280 making external calls you don't even know about. 254 00:09:28,280 --> 00:09:31,180 WSO2 API Manager's ability to monitor and apply 255 00:09:31,180 --> 00:09:32,780 policies to those outbound requests 256 00:09:32,780 --> 00:09:35,660 basically closes that perimeter, giving you full control 257 00:09:35,660 --> 00:09:37,620 over security and costs. 258 00:09:37,620 --> 00:09:40,380 That makes the governance truly end-to-end. 259 00:09:40,380 --> 00:09:42,700 Not just the front door, but the back door, too. 260 00:09:42,700 --> 00:09:45,300 Let's connect this back to the bigger picture, the open source 261 00:09:45,300 --> 00:09:46,580 foundation. 262 00:09:46,580 --> 00:09:50,100 WSO2 API Manager is called the hashtag one open source 263 00:09:50,100 --> 00:09:52,380 API management product. 264 00:09:52,380 --> 00:09:56,300 Why is being open source such a strategic plus for big companies 265 00:09:56,300 --> 00:09:58,380 beyond just saving money on licenses? 266 00:09:58,380 --> 00:09:59,820 Well, the strategic benefit really 267 00:09:59,820 --> 00:10:01,620 comes down to control and agility, I think. 268 00:10:01,620 --> 00:10:03,500 First, there's transparency and trust. 269 00:10:03,500 --> 00:10:06,560 Because the code is open, anyone can examine the code logic 270 00:10:06,560 --> 00:10:08,860 and understand the implementation with confidence. 271 00:10:08,860 --> 00:10:10,400 For something as critical as security, 272 00:10:10,400 --> 00:10:12,140 that openness is invaluable. 273 00:10:12,140 --> 00:10:13,400 We could look under the hood. 274 00:10:13,400 --> 00:10:14,780 Precisely. 275 00:10:14,780 --> 00:10:17,240 Second, and maybe even more critical for enterprises, 276 00:10:17,240 --> 00:10:19,860 is customization and community. 277 00:10:19,860 --> 00:10:22,300 Open source means you get extension freedom. 278 00:10:22,300 --> 00:10:24,780 You're not locked into a vendor's roadmap. 279 00:10:24,780 --> 00:10:27,800 If a company has some really specific niche need, 280 00:10:27,800 --> 00:10:30,500 maybe integrating with some ancient legacy system, 281 00:10:30,500 --> 00:10:32,800 they can potentially modify the open source core 282 00:10:32,800 --> 00:10:34,300 themselves to handle it. 283 00:10:34,300 --> 00:10:37,300 That adaptability is often what big organizations need, 284 00:10:37,300 --> 00:10:39,560 rather than just an off-the-shelf box. 285 00:10:39,560 --> 00:10:42,420 Plus, you benefit from community-driven innovation, 286 00:10:42,420 --> 00:10:44,900 often leading to faster patches and new features 287 00:10:44,900 --> 00:10:46,300 than closed platforms. 288 00:10:46,300 --> 00:10:49,340 That ability to tailor it to unique, complex needs 289 00:10:49,340 --> 00:10:50,820 is definitely powerful. 290 00:10:50,820 --> 00:10:53,100 And that flexibility seems to extend to where you run it, 291 00:10:53,100 --> 00:10:55,020 too, right, the deploy-anywhere idea. 292 00:10:55,020 --> 00:10:55,740 Absolutely. 293 00:10:55,740 --> 00:10:57,820 The platform doesn't really care where it runs. 294 00:10:57,820 --> 00:10:59,740 On-premises data centers, hybrid cloud setups, 295 00:10:59,740 --> 00:11:01,860 or using its Kubernetes-native design 296 00:11:01,860 --> 00:11:03,420 for pure cloud deployments. 297 00:11:03,420 --> 00:11:05,100 Kubernetes-native, OK? 298 00:11:05,100 --> 00:11:06,780 And this is where the unified control plan 299 00:11:06,780 --> 00:11:07,900 becomes so important. 300 00:11:07,900 --> 00:11:09,900 The sources talk about different gateway types, 301 00:11:09,900 --> 00:11:12,940 universal gateway, Kubernetes gateway, immutable gateway. 302 00:11:12,940 --> 00:11:15,820 Sounds a bit like jargon, but the benefit is simple. 303 00:11:15,820 --> 00:11:17,700 The control plane lets you manage all of them 304 00:11:17,700 --> 00:11:20,020 from one single interface. 305 00:11:20,020 --> 00:11:23,020 So if you have old systems on-prem using one gateway type 306 00:11:23,020 --> 00:11:25,980 and new microservices in the cloud using another, 307 00:11:25,980 --> 00:11:27,500 you apply the same security rules, 308 00:11:27,500 --> 00:11:31,420 the same throttling policies, to both, all from one dashboard. 309 00:11:31,420 --> 00:11:32,500 Wow, OK. 310 00:11:32,500 --> 00:11:34,260 Applying unified rules across that kind 311 00:11:34,260 --> 00:11:35,940 of fragmented landscape, old and new, 312 00:11:35,940 --> 00:11:37,100 that's going to be essential. 313 00:11:37,100 --> 00:11:38,940 It really shows why this platform, 314 00:11:38,940 --> 00:11:42,740 with over 12 years behind it, is trusted by so many big names, 315 00:11:42,740 --> 00:11:46,460 over 50 Fortune 500s, 130-plus government agencies. 316 00:11:46,460 --> 00:11:48,220 That track record speaks volumes. 317 00:11:48,220 --> 00:11:48,860 It really does. 318 00:11:48,860 --> 00:11:50,540 It points to stability and the ability 319 00:11:50,540 --> 00:11:54,100 to handle really critical workloads in demanding situations. 320 00:11:54,100 --> 00:11:57,300 So to wrap up our dupe dive, WSO2 API Manager 321 00:11:57,300 --> 00:11:59,620 is basically this comprehensive system built 322 00:11:59,620 --> 00:12:01,620 to manage the entire API lifecycle. 323 00:12:01,620 --> 00:12:03,380 It's the central point for security, 324 00:12:03,380 --> 00:12:05,960 for high-performance traffic control, for full visibility, 325 00:12:05,960 --> 00:12:07,700 both traffic coming in and going out. 326 00:12:07,700 --> 00:12:09,860 And now it's also providing that vital governance 327 00:12:09,860 --> 00:12:12,580 layer for complex AI and LLM services. 328 00:12:12,580 --> 00:12:13,220 Right. 329 00:12:13,220 --> 00:12:15,820 And for you, the learner, the key thing to grasp 330 00:12:15,820 --> 00:12:18,900 is that real API management has to cover everything. 331 00:12:18,900 --> 00:12:21,220 Balancing that developer experience in the portal 332 00:12:21,220 --> 00:12:23,220 with strict policy setting in the publisher, 333 00:12:23,220 --> 00:12:25,380 making sure it performs under heavy load with the gateway 334 00:12:25,380 --> 00:12:28,460 and traffic manager, and crucially controlling 335 00:12:28,460 --> 00:12:32,220 both the front door and the back door, ingress and egress, 336 00:12:32,220 --> 00:12:36,340 especially as AI keeps pushing the boundaries. 337 00:12:36,340 --> 00:12:38,060 So here's a final thought to chew on. 338 00:12:38,060 --> 00:12:39,700 If you have a single control plane that 339 00:12:39,700 --> 00:12:42,300 can manage all your APIs, no matter where they live, 340 00:12:42,300 --> 00:12:46,380 on-prem, cloud, edge, could you use that unified governance 341 00:12:46,380 --> 00:12:49,080 model to bring, say, your security teams and your finance 342 00:12:49,080 --> 00:12:50,700 teams closer together? 343 00:12:50,700 --> 00:12:52,780 Maybe speed up how you onboard new partners 344 00:12:52,780 --> 00:12:55,340 while better managing the financial risks involved. 345 00:12:55,340 --> 00:12:56,940 Something to think about. 346 00:12:56,940 --> 00:13:00,740 Thanks for joining us for this deep dive into WSO2 API Manager. 347 00:13:00,740 --> 00:13:03,140 And remember, this discussion was supported by SafeServer. 348 00:13:03,140 --> 00:13:05,520 They're your partner for hosting and really accelerating 349 00:13:05,520 --> 00:13:06,700 your digital journey. 350 00:13:06,700 --> 00:13:10,140 You can find out more and visit them at www.safeserver.de.