Exploring the WSO2 Products and Service Stack
Thilan Dissanayaka WSO2 Mar 28, 2020

Exploring the WSO2 Products and Service Stack

WSO2 offers a comprehensive, open-source-first platform designed to simplify API management, integration, identity management, and cloud-native application development. Whether you're building modern applications, securing APIs, or connecting distributed systems, WSO2 provides the tools to get you there efficiently. In this guide, we’ll explore the key components of the WSO2 ecosystem—including flagship products like API Manager, Micro Integrator, Identity Server, the developer-focused Ballerina language, and SaaS-based solutions like Choreo and Asgardeo. We'll also touch on internal tools like Devant and Bijira, which support WSO2’s own engineering workflows.

WSO2 API Manager

A full lifecycle API management solution.

Purpose: To design, publish, secure, manage, and monitor APIs.

Key Features:

  • API Gateway for routing and throttling
  • Developer Portal for API discovery
  • API Publisher for managing API lifecycle
  • Built-in analytics (via Choreo or external)
  • Supports REST, GraphQL, WebSockets

Use Cases: Internal/external API exposure, monetization, federated API gateway models.

WSO2 Micro Integrator

A lightweight integration runtime based on the WSO2 Enterprise Integrator.

Purpose: Microservices-based integration for cloud-native applications.

Key Features:

Built on Apache Synapse

Supports mediation, transformation, and routing

Integrates with databases, SaaS, legacy systems

Container-friendly (Kubernetes/ Docker)

Use Cases: Building integration microservices, edge integrations, legacy modernization.

WSO2 Identity Server

An identity and access management (IAM) product.

Purpose: Provide SSO, federated login, access delegation, and user management.

Key Features:

Supports OAuth2, OIDC, SAML2, SCIM, FIDO2

MFA, adaptive authentication, consent management

User self-service portal

Integrates with LDAP, AD, JDBC

Use Cases: Customer IAM (CIAM), Workforce IAM, federated identity, secure access to apps/APIs.

Ballerina

An open-source cloud-native programming language.

Purpose: Simplify integration with a developer-friendly syntax.

Key Features:

Built-in support for network protocols (HTTP, gRPC, WebSockets)

Visual programming view

Concurrency with worker and isolated concepts

Data transformations and JSON/XML handling

Use Cases: Writing microservices, API backends, and integration logic.

Choreo

A cloud-native developer platform for APIs and integrations.

Purpose: Empower developers to build, deploy, and manage cloud-native applications faster.

Key Features:

No-code/low-code + pro-code development

Integrates APIs, Ballerina services, and connectors

Built-in CI/CD, observability, GitOps

Hosted or private cloud deployment

Use Cases: Rapid API/service development, serverless integration, digital transformation.

Asgardeo

A SaaS-based CIAM (Customer Identity and Access Management) platform.

Purpose: Secure customer access with modern identity standards and UX.

Key Features:

OAuth2, OIDC, SAML2 support

Social logins, passwordless auth, MFA

SDKs for SPA, mobile apps

User analytics, branding, adaptive authentication

Use Cases: Secure customer-facing apps with low integration effort.

Devant

An internal tool developed by WSO2 for managing engineering operations.

Purpose: Assist in developer productivity, workflow automation.

Status: Mostly used internally and not a commercial product.

Features: Integration with Jira, GitHub, CI/CD pipelines.

Bijira

A Jira clone built in-house by WSO2 for internal project and task management.

Purpose: Task tracking and issue management for WSO2 teams.

Status: Not publicly available, for internal use only.

Note: Useful for testing internal tooling capabilities and integration scenarios.

ALSO READ
Error based SQL Injection
Feb 15 Application Security
Error based SQL Injection

In the previous example, we saw how a classic SQL Injection Login Bypass works. SQL Injection is not all about that. The real fun is we can extract the data from the database. In this tutorial, we...

Singleton Pattern explained simply
Jan 27 Software Architecture
Singleton Pattern explained simply

Ever needed just one instance of a class in your application? Maybe a logger, a database connection, or a configuration manager? This is where the Singleton Pattern comes in — one of the simplest but...

Exploiting a Stack Buffer Overflow on Windows
Apr 12 Exploit development
Exploiting a Stack Buffer Overflow on Windows

In a previous tutorial we discusses how we can exploit a buffer overflow vulnerability on a Linux machine. I wen through all theories in depth and explained each step. Now today we are going to jump...

Out of Band SQL Injection
Feb 14 Application Security
Out of Band SQL Injection

Out of Band SQL Injection (OOB SQLi) is an advanced SQL injection technique where the attacker cannot retrieve data directly through the same communication channel used to send the injection payload....

Boolean Based Blind SQL Injection
Feb 12 Application Security
Boolean Based Blind SQL Injection

In regular SQL injection, you can see the database output right there on the page. Blind SQL injection is different — the application gives you nothing. No errors, no data, no feedback. But with boolean-based blind SQLi, you can still extract the entire database — one true/false question at a time.

Access Control Models
Apr 08 Identity & Access Management
Access Control Models

Access control is one of the most fundamental concepts in security. Every time you set file permissions, assign user roles, or restrict access to a resource, you're implementing some form of access control. But not all access control is created equal...

AUTHOR
Thilan Dissanayaka

Thilan Dissanayaka

Security Engineer at WSO2. Passionate about clean code and cybersecurity. Building secure, scalable applications with modern technologies.

CATEGORIES