WSO2 API Manager (referred hereafter as “API-M ”) is an open source enterprise-class solution that supports API publishing, lifecycle management, application development, access control, rate limiting and analytics in one cleanly integrated system.
API-M uses cookies to provide you with the best user experience, and to securely identify you. You might not be able to access some of the services if you disable cookies.
A browser cookie is a small piece of data that is stored on your device to help websites and mobile apps remember things about you. Other technologies, including Web storage and identifiers associated with your device, may be used for similar purposes. In this policy, we use the term “cookies” to discuss all of these technologies.
API-M uses cookies to store and retrieve information on your browser. This information is used to provide a better user experience. Some cookies have the primary purpose of allowing logging in to the system, maintaining sessions, and keeping track of activities you do within the login session.
Some cookies used in API-M are used to identify you personally. However, the cookie lifetime will end when you log-out ending your session or when your session expires.
Some cookies are simply used to give you a more personalised web experience, and these cannot be used to identify you or your activities personally.
This Cookie Policy is part of the API-M Privacy Policy.
Cookies are used for two purposes in API-M
API-M uses cookies to remember your settings and preferences and to auto-fill the fields to make your interactions with the site easier.
API-M uses selected cookies to identify and prevent security risks.
For example, API-M may use cookies to store your session information to prevent others from changing your password without your username and password.
API-M uses session cookie to maintain your active session.
API-M may use a temporary cookie when performing multi-factor authentication and federated authentication.
API-M may use permanent cookies to detect the devices you have logged in previously. This is to to calculate the risk level associated with your current login attempt. Using these cookies protects you and your account from possible attacks.
API-M may use cookies to allow “Remember Me” functionalities.
API-M as a product does not use cookies for analytical purposes.
Using API-M may cause some third-party cookie being set to your browser. API-M has no control over the operation of these cookies. The third-party cookies which maybe set include,
We strongly advise you to refer the respective cookie policies of such sites carefully as API-M has no knowledge or use on these cookies.
API-M uses persistent cookies and session cookies. A persistent cookie helps API-M to recognize you as an existing user, so you can easily return to WSO2 or interact with API-M without signing in again. After you sign in, a persistent cookie stays in your browser and will be read by API-M when you return.
A session cookie is erased when the user closes the Web browser. It is stored in temporarily and is not retained after the browser is closed. Session cookies do not collect information from the user’s computer.
Most browsers allow you to control cookies through settings. However, if you limit the ability of websites to set cookies, you may worsen your overall user experience, since it will no longer be personalized to you. It may also stop you from saving customized settings like login information. Disabling cookies might make you unable to use Authentication and Authorization functionalities offered by API-M.
If you have any questions or concerns regarding the use of cookies, please contact the Data Protection Officer of the organization running this API-M instance.
Cookie Name |
Purpose |
Retention |
JSESSIONID |
Keeps track of the user session data when you are logged in for providing a better user experience. |
Session |
goto_url |
Keeps track of the page that you should be directed to after login. |
Session |
workflowCookie |
Used for authentication purposes when invoking an admin service in the Business Process Server. |
Session |
csrftoken |
Used for mitigating Cross Site Request Forgery Attacks to provide you with a secure service. |
Request |
i18next |
Used to track the language API-M is served to you. |
Session |
This cookie policy is only for illustrative purposes of the API-M product. The content in this policy is technically correct at the time of product shipment. The organization which runs this API-M instance has the full authority and responsibility of the effective Cookie Policy.