This documentation is for WSO2 API Manager 1.9.0. View documentation for the latest release.

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


If your setup has a cluster of multiple Key Manager nodes that are fronted by a load balancer that does not support Thrift, change the key management protocol from Thrift to WSClient using the <KeyValidatorClientType> element in <APIM_HOME>/repository/conf/api-manager.xml file. Thrift uses TCP load balancing.


In a typical production environment, you can configure one of the following setups:


  • Configure a WSO2 API Manager instance as the Key Manager in a separate server. See product profiles.
  • Configure an instance of WSO2 Identity Server as the Key Manager. See
  • Configure a third-party authorization server for key validations and an API Manager instance for the rest of the key management operations. See 


When an API is created, a file with its synapse configuration is added to the API Gateway. You can find it in the<APIM_HOME>/repository/deployment/server/synapse-configs/default/api folder. It has a set of handlers, each of which is executed on the APIs in the same order they appear in the configuration. You find the default handlers in any API's Synapse definition