Saranki Magenthirarajah

Sign in


The emerging application growth in the technology world has created an enormous demand for application security and user privacy. Authentication and authorization have captured a remarkable stand in the field of security. To keep the applications and user privacy protected, the security standards need to be up to date. Various security standards are being followed all around the world by different organizations and individuals.

This blog will walk you through one of the important authorization standards which have been widely used in today’s technology world along with how it has impacted the WSO2 APIM-3.2.0 product’s security model compared to its…


Make the wrong

A person who never made a mistake never tried anything new!

The famous lines from one of the greatest minds of all time, Sir Alber Einstein. As human beings making mistakes and correcting those mistakes are part of the learning process, especially when you are working with machines. This blog will walk you through such a learning experience from the mistakes made in terms of Application Programming Interface (API).

Partially deleted APIs in WSO2 APIM

Never try this in WSO2 APIM 3.2.0


Users and Systems: The never-ending bond

Nowadays, the majority of the systems are created upon the interactions between end-users and the system. Some of them might require user logins and some might not. In most cases, especially when it comes to systems with sensitive user details and internal systems, the user details will be stored to handle the authorization and authentication activities. Thus maintaining and handling the user store is a crucial task.

WSO2 APIM Primary User Store: On focus

An OpenAPI catalog for WSO2 APIM and Micro-gateway 320

This is the sequel of my previous blog on WSO2 vendor extensions. In the previous blog, we have analyzed the default OpenAPI structure, what are extensions, the need to have extensions, and a glance at how WSO2 utilizes the vendor extensions in OpenAPI definitions. In this blog, we’ll be looking into some in-depth aspects of how WSO2 has used the vendor extensions to get tuned in with the APIM and Microgateway(MGW) features. Let’s begin with analyzing the default OpenAPI fields and the WSO2 vendor extensions.

Supported default fields and WSO2 vendor extensions in OpenAPI Definition

An OpenAPI catalog for WSO2 APIM and Micro-gateway 320


If you don’t fit into the box, then fix the box to fit yourself in!

In WSO2 API Manager (APIM) and in Microgateway (MGW) the core element that gives business to these products is the API. The APIs are treated as contracts and as a single source of truth (SSOT) in the real business world. The APIs contain all the technical specifications on how data exchange has to be done in day-to-day business. The OpenAPI specification is used to design and generate the REST APIs that contain the API’s metadata, the communication endpoints, how the request and response should be handled, etc.

In order to contain all the details about an API, the OpenAPI is…

WSO2 APIM-3.2.0 Vs Microgateway 3.2.0


This or That? Left or Right? Yes or No? Black or White?

Always a huge dilemma right? The same conundrum exists when it comes to choosing the best option for API security. Today’s digital era has wrapped almost all its solutions in the format of API. So protecting your APIs has a huge impact on the business and thus inevitable. An API can be protected in different ways concerning various factors. Some of the commonly used API security methods are as follows.

  1. Authentication with tokens, API keys, etc.
  2. Usage of encryption and signatures
  3. Quotas and throttling

Apart from the above-mentioned methods, there are plenty of methods available to protect your APIs. In…


Many of the applications or e-platforms we use today allow us to create user accounts by ourselves without the interference of an administrator or any other authorized personality. What if someone else creates an account on behalf of you in any of the applications without your concern? That will lead an unauthorized personality to mimic yourself on that platform which will create security hazards for you.

There are various mechanisms to protect this self-registration process. One such method is to send a registration confirmation email to the user and when the user confirms the account, it becomes a verified account…


WSO2 Governance Registry (GReg) is a highly customizable product via different extension points. This is a well-known feature in Greg. But assume if you are to replicate a customized pack locally for some testing purpose or to implement some features on top of the existing pack how can you set it up in your machine? What are the elements you need to consider during this setup process? Well, that’s the story of today’s blog…! This blog will provide a set of general guidelines to set up a customized GReg pack locally in your machine.

Let’s Start!


In today’s tech world an organization’s assets are no longer restricted to be just the tangible properties, knowledge, or manpower. Anything and everything that brings turnover to a business, play a key role in the day-to-day routine activities or strategy level planning are considered to be assets of an organization. Intangible assets such as APIs, swaggers, contact details, files are some examples for an organization’s assets these days.

WSO2: The solution provider


What am I doing?

COVID-19, an unavoidable headline these days. The world has seen drastic tragedies in its history over time, but none of them sustained and suffocated the people as COVID-19 did. Everyone is talking, writing, vlogging, and worrying about COVID-19.

So what am I going to do in this blog? Document the COVID victim report? Symptoms of Corona? Share prevention and precaution measures? Tips on productive activities in this quarantine situation?A BIG NOOOOO to all of them. If you are searching any of those in this blog, then guys ☹

This blog is to recap and reform our lives!

Saranki Magenthirarajah


Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store