wso2 · DilshadNaleem · Nov 4, 2025
@@ -1,24 +1,23 @@
 # Key Concepts
 
-| **Concept**                            | **Description**                                                  |
-| ---------------------------------- | ------------------------------------------------------------ |
-| <a name="api"></a>API                     | An API (Application Programming Interface) is the fundamental building block of WSO2 API Manager. It is an intermediate layer that acts as a communication protocol between a consumer and a service, simplifying the consumption of the service. In addition to hiding the underlying implementation details of a service, an API provides a secure, controlled, and a well-documented approach for accessing the exposed service. |
-|  <a name="api-format"></a> API Format                         | Open API Specification (OAS, a.k.a Swagger) format is the underneath representation of an API in WSO2 API Manager. A Swagger definition can be used to import an API to the Publisher Portal. In addition, a user can view, edit, import, or download an API definition in OAS format via the API Publisher Portal.   |
-|  <a name="api-resource-path-and-http-methods"></a> API Resource path and HTTP Methods | An API is made up of one or more resources, each of which has a unique resource path (URI). An API Resource has a set of HTTP methods that operates on it.  The supported HTTP methods are: GET, POST, PUT, DELETE, PATCH, HEAD, and OPTIONS |
-|  <a name="api-lifecycle"></a> API Lifecycle                      | The stages that an API goes through from creation to retirement. APIs have lifecycle stages that are independent of the backend services they rely on. The  lifecycle's states are CREATED, PRE-RELEASED, PUBLISHED, BLOCKED, DEPRECATED, and RETIRED. The life cycles of the APIs are customized based on the needs of an organization. |
-|  <a name="application"></a> Application                        | The logical representation of a physical application such as a mobile app, web app, device, etc. For an application to use an API, the application should subscribe to the relevant APIs it intends to use. A subscription to an API happens over a selected business plan, which determines the usage quota the application gets. An application has a consumer-key and a consumer-secret, which acts as the credentials of the application. |
-|  <a name="api-product"></a> API Product                        | A combination of resources from one or more available APIs. An API product allows API product managers to mix and match resources from the available APIs. Similar to using an API, an application that intends to use an API product needs to subscribe to the APIs under a selected business plan. An application that subscribes to an API product gets access to all of its resources, which belongs to one or more of the APIs that are used to create the API product. |
-|  <a name="access-token"></a> Access Token                       | Using OAuth2.0 bearer token-based authentication to allow a consumer to access an API. It is a string that is passed as an HTTP header of an API request. WSO2 API Manager supports JWT formatted self-contained access tokens. The opaque token support is available for the applications that are migrated from older versions. |
-|  <a name="api-visibility"></a>  API Visibility                     | API visibility determines who can view the API on the Developer Portal. The available visibility levels are as follows: <ul><li> Public - Visible to all users. </li><li> Restricted by role. - Visible only to the users under the creator's tenant domain who have the relevant roles attached.</li>  <li> Visible to my domain - Visible to all users who are registered to the API creator's tenant domain. This applies only when there is more than 1 tenant in the system.</li></ul> |
-|  <a name="rate-limits"></a> Rate Limits                        | Rate limiting allows you to limit the number of permitted requests to an API within a given time window. Rate limiting can be useful to - <ul><li> Protect your APIs from common types of security attacks such as certain types of  Denial of Service (DoS) attacks. </li><li>Regulate traffic according to infrastructure availability. </li><li>To apply request quotas for monetization purposes of APIs.</li></ul> |
-|  <a name="workflows"></a> Workflows                          | Allows controlling selected user actions on the API Publisher and the Developer Portal. For example, enabling a human approval process to approve users signing up to the Developer Portal. Workflow plugins can be used creatively for other purposes as well, such as performing custom validations, compliance checks, etc. Its asynchronous nature developed on webhooks allows user actions to be put on hold in order to be completed later. |
-|  <a name="message-mediation-policies"></a> Message Mediation Policies         | Message mediation policies are used to enrich, transform, or modify a request or response message that is being routed via the Universal Gateway. For example, when exposing an XML endpoint as JSON, message mediation policies may be used to convert the message format from XML to JSON and vice versa. These policies can also be used for composing services into APIs and for various other needs such as validations, conformance, etc. |
-|  <a name="handler"></a> Handler                            | A handler allows a message to be processed before passing it to the routing logic of the Universal Gateway. Handlers can be used for security validation, policy enforcement, pushing out events to third party systems, custom logging requirements, etc. A handler allows the processing of both request and response messages. |
-| <a name="tags"></a> Tags                              | Tags allow API providers to categorize APIs that have similar attributes. When a tagged API gets published to the API Developer Portal, its tags appear as clickable links. API consumers can use the link to navigate to a category of interest. API consumers can also search APIs that match a particular tag on the Developer Portal. |
-| <a name="tenant"></a> Tenant                             | A tenant in WSO2 API Manager is a logically isolated entity. A tenant can be mapped as an organizational unit, department, etc. Multi-tenancy enables such organizational units/departments to share the same API Manager deployment and the respective resources. However, it functions individually with a personalized view/scope of the installation. Multi-tenancy is popularly used in SaaS offerings. |
-| <a name="catalog"></a> Service Catalog                             | Service Catalog is one of the main attributes which enables the API-first Integration in WSO2 API Manager. Through the Service Catalog, integration services are made discoverable to the API Management layer so that API proxies can directly be created using them. |
-|  <a name="api-publisher-role"></a> API Publisher Role                 | An API publisher (API provider) is an API product manager who manages a set of APIs and API products across the enterprise or business unit and controls the API lifecycle, subscriptions, and monetization aspects of an API or API product. The API publisher can also analyze the usage patterns for the APIs and access all the statistics related to the APIs. |
-|  <a name="api-creator-role"></a> API Creator Role                   | An API Creator is a person in a technical role who understands the technical aspects of the API (interfaces, documentation, versions, etc.) and uses the API Publisher Portal for the design and development of the APIs. APIs created by an API creator are managed (lifecycle managed and productized) by an API product manager. |
-|  <a name="api-subscriber-role"></a> API Subscriber Role                | A subscriber is a consumer of an API who intends to develop one or more applications that consume APIs on the Developer Portal. A subscriber uses the API Developer Portal to discover APIs, read the documentation and forums, rate/comment on the APIs, subscribe, obtain keys, and finally use APIs from their applications. |
-|  <a name="admin-role"></a> Admin Role                         | The admin user is responsible for managing the Admin Portal, which includes tasks such as  approving workflows, managing rate limiting policies, viewing the state and health of APIs, etc. In addition, the admin user is also capable of carrying out general administrative tasks such as managing users, roles, databases, security, etc. |
-
+| Concept | Description |
+| :--- | :--- |
+| **API** | An API (Application Programming Interface) is the fundamental building block of WSO2 API Manager. It acts as a secure, controlled, and well-documented communication protocol between a consumer and a service, hiding the underlying implementation details. |
+| **API Format** | The **Open API Specification (OAS, formerly known as Swagger)** is the industry-standard format used for defining and describing the structure of RESTful APIs. It is the underlying representation of an API in WSO2 API Manager and is used for importing, viewing, and editing API definitions. |
+| **API Resource path and HTTP Methods** | An API is composed of one or more resources, each with a unique URI (resource path). Each resource supports a set of **HTTP methods** (GET, POST, PUT, DELETE, PATCH, HEAD, and OPTIONS) that define the operation to be performed. |
+| **API Lifecycle** | The stages that an API progresses through from creation to retirement. The states are **CREATED, PRE-RELEASED, PUBLISHED, BLOCKED, DEPRECATED, and RETIRED**. This lifecycle is independent of the backend services. |
+| **Application** | The logical representation of a physical consuming application (e.g., mobile app, web app). To use an API, the application must **subscribe** to it over a selected business plan, receiving a consumer-key and consumer-secret as credentials. |
+| **API Product** | A **marketable offering** that bundles carefully selected resources from one or more underlying technical APIs. It allows API Product Managers to create simplified, business-focused consumption packages that applications can subscribe to. |
+| **Access Token** | A credential, typically an **OAuth 2.0 bearer token**, that is passed in an HTTP header of an API request. It is a secure string that grants the consumer **authorization** (permission) to access a specific API for a limited duration. WSO2 API Manager supports **JWT** formatted tokens. |
+| **API Visibility** | Determines who can view the API on the Developer Portal. Levels include **Public**, **Restricted by role**, and **Visible to my domain**. |
+| **Rate Limits** | Policies that limit the number of permitted requests to an API within a given time window. They are crucial for protecting against **Denial of Service (DoS)** attacks, regulating traffic, and enforcing monetization quotas. |
+| **Workflows** | Mechanisms that enable human approval processes and custom logic for user actions (e.g., subscription approval) on the Publisher and Developer Portals. They are asynchronous, using webhooks to put actions on hold. |
+| **Message Mediation Policies** | Used within the Universal Gateway to **enrich, transform, or modify** a request or response message. Examples include converting message formats (e.g., XML to JSON) or performing custom validations. |
+| **Handler** | A component that processes a message before it is passed to the routing logic of the Universal Gateway. Handlers are used for security validation, policy enforcement, event pushing, and custom logging. |
+| **Tags** | Labels used by API providers to categorize and group APIs with similar attributes. Tags appear as clickable links on the Developer Portal, helping consumers with search and discovery. |
+| **Tenant** | A logically isolated entity (e.g., an organizational unit) in a WSO2 API Manager deployment. **Multi-tenancy** allows multiple tenants to share the same deployment while maintaining a personalized, individual scope. |
+| **Service Catalog** | An attribute enabling **API-first Integration** by making integration services discoverable to the API Management layer, allowing API proxies to be created directly from these services. |
+| **API Publisher Role** | The API product manager who manages a set of APIs/API Products, controlling the **API lifecycle, subscriptions, and monetization** aspects. They also analyze API usage statistics. |
+| **API Creator Role** | A technical role responsible for the **design and development** of APIs (interfaces, documentation, versions) using the API Publisher Portal. |
+| **API Subscriber Role** | The API consumer who uses the Developer Portal to discover, read documentation, rate, **subscribe**, obtain keys, and finally use APIs within their own applications. |
+| **Admin Role** | The user responsible for managing the Admin Portal, handling tasks such as workflow approvals, rate limiting policy management, and general administrative tasks (users, roles, security). |
@@ -1,6 +1,6 @@
-# Overview
+# Overview 
 
-WSO2 API Manager is a fully open-source API management platform. It supports API designing, API publishing, lifecycle management, application development, API security, rate limiting, viewing statistics of APIs, as well as connecting APIs, API Products, and endpoints.
+WSO2 API Manager is a fully open-source API management platform. It supports API designing, API publishing, lifecycle management, application development, API security, rate limiting, viewing statistics of APIs, as well as connecting APIs, API Products and endpoints.
 
 The following are some of the main capabilities of the product.
 
@@ -10,7 +10,7 @@ The following are some of the main capabilities of the product.
 
 <div class="leftContentOverview" style="width:75% !important;">A well-designed API can make your APIs easy to use. WSO2 API Manager’s API Publisher guides you through API creation to API Publishing, while adhering to the respective API’s specification. 
     <ul>
-        <li><a href="{{base_path}}/manage-apis/design/design-api-overview/">Design API Overview</li>
+        <li><a href="{{base_path}}/manage-apis/design/design-api-overview/">Design API Overview </a></li>
     </ul>
   </div>