This documentation is for WSO2 API Manager 2.6.0. View documentation for the latest release.

All docs This doc
Skip to end of metadata
Go to start of metadata

This documentation is for the API Microgateway component that is coupled with WSO2 API Manager 2.6.0.
View the documentation for the latest release - WSO2 API Microgateway 3.0.2.

The following table explains the runtime configurations that are available in the API Mircogateway.

HeadingDescriptionSub HeadingDescriptionDefault value
listenerConfigThe transport listener of the Microgateway (MGW) that receives the incoming requests.

hostHost or IP of the Microgateway that is exposed to the outside.
httpPortThe port used for HTTP connections9090
httpsPortThe port used for HTTPS connections9095
keyStore.pathInternal Key Store path of the Microgateway
keyStore.passwordInternal Key Store passwordballerina
tokenListenerPortThe port where the endpoints (e.g., /token , /authorize etc.) are exposed.9096
authConfigThe authorization details that the Microgateway uses when enforcing security to the APIs that are exposed by it.authorizationHeaderThe header Microgateway will look into this header to retrieve security related details (e.g., If the API is protected by OAuth or JWT it looks for OAuth or JWT token in the specified header.Authorization
removeAuthHeaderFromOutMessageThis specifies whether to send the above mentioned authorization header to the actual back end or not.TRUE

The Key Manager related information. This information is required when the Microgateway connects with the Key Manager in order to validate the tokens.

serverUrlConnection URL of the Key Manager server. By default this is WSO2 Identity Server (WSO2 IS).https://localhost:9443
usernameThe admin user name required to connect with the WSO2 IS key validation service.admin
passwordPassword required to connect with the key validation admin service.admin
tokenContextThe token endpoint context of the Key Manager server.oauth2
timestampSkewThe timestamp skew that is added when checking the token validity period for the tokens that are retrieved from the gateway cache. Value is in seconds.5000
verifyHostnameTo enable or disable hostname verification when connecting the Key Manager over HTTPS.TRUE

These details are used by the Microgateway when it validates the JWT present in the request. The Microgateway does the JWT validation itself. It does the signature verification and the validation of the issuer, audience and validity period as well.

issuerThe Secure Token Service (STS) that has issued the JWT. If the issuer claim has JWT present in it and the request matches the given value here, then the issuer validation will be successfull.https://localhost:9443/oauth2/token
audienceThe audience claim present in the JWT is matched against the value provided in the configuration.http://org.wso2.apimgt/gateway
certificateAliasThe public certificate alias of the STS.wso2apim

When validating the JWT token, the path of the client trust store where the Microgateway looks for the public certificate of the STS.

trustStore.passwordThe password of the client trust store.ballerina
jwtConfigDetails related to the JWT that the Microgateway sends to the backend.headerThe header that the Microgateway uses to include the JWT when forwarding the request to the backend.X-JWT-Assertion
The caching config used for OAuth2 token validation. Note that this cache is only for OAuth2 tokens.
enabledThis defines whether OAuth2 token cache is enabled or not in the Microgateway.TRUE
tokenCache.expiryTimeExpiry time of the cache in seconds.900000
tokenCache.capacityThe size of the cache in MB.100
tokenCache.evictionFactorThe factor of the cache that will be cleared when the cache is full. By default 0.25 @5MB of cache will be cleared when the cache is full (i.e. 100 MB).0.25

Analytics related configurations

enableThis defines whether publishing from the Microgateway to analytics is enabled or not.FALSE
uploadingTimeSpanInMillisThe time interval in which the uploading task is run.600000
uploadingEndpointThe endpoint URL of the web application, to which the file has to be uploaded. This web app is deployed in the Analytics server to retrieve files containing analytics data.https://localhost:9444/analytics/v1.0/usage/upload-file
rotatingPeriodThe time interval, after which the file is rotated and compressed. This depends on the Transactions Per Second (TPS) capacity of the environment.600000
task.uploadFilesThis determines whether to enable or disable the file upload task. If this property is disabled, the analytics files are not uploaded to the analytics server, although the files are persisted in the Microgateway system.TRUE
usernameThe username that the analytics server uses.admin
passwordThe password related to the username that the analytics server uses.admin

Sample file

  • No labels