WSO2 API Manager (referred hereafter as “API-M ”) is an open source enterprise-class solution that supports API publishing, lifecycle management, application development, access control, rate limiting and analytics in one cleanly integrated system.
What is a cookie ?
A browser cookie is a small piece of data that is stored on your device to help websites and mobile apps remember things about you. Other technologies, including Web storage and identifiers associated with your device, may be used for similar purposes. In this policy, we use the term “cookies” to discuss all of these technologies.
How does API-M process cookies ?
Some cookies used in API-M are used to identify you personally. However, the cookie lifetime will end when you log-out ending your session or when your session expires.
Some cookies are simply used to give you a more personalised web experience, and these cannot be used to identify you or your activities personally.
Cookies are used for two purposes in API-M
Providing a better user experience.
These cannot be used to identify you personally.
API-M uses selected cookies to identify and prevent security risks.
API-M uses session cookie to maintain your active session.
API-M may use a temporary cookie when performing multi-factor authentication and federated authentication.
API-M may use permanent cookies to detect the devices you have logged in previously. This is to to calculate the risk level associated with your current login attempt. Using these cookies protects you and your account from possible attacks.
Third party cookies
Using API-M may cause some third-party cookie being set to your browser. API-M has no control over the operation of these cookies. The third-party cookies which maybe set include,
Any of the social login sites, when API-M is configured to use “Social” or “Federated” login, and you opt to do login with your “Social Account”
Any third party federated login
We strongly advise you to refer the respective cookie policies of such sites carefully as API-M has no knowledge or use on these cookies.
What type of cookies does API-M use ?
API-M uses persistent cookies and session cookies. A persistent cookie helps API-M to recognize you as an existing user, so you can easily return to WSO2 or interact with API-M without signing in again. After you sign in, a persistent cookie stays in your browser and will be read by API-M when you return.
A session cookie is erased when the user closes the Web browser. It is stored in temporarily and is not retained after the browser is closed. Session cookies do not collect information from the user’s computer.
How do I control my cookies ?
Most browsers allow you to control cookies through settings. However, if you limit the ability of websites to set cookies, you may worsen your overall user experience, since it will no longer be personalized to you. It may also stop you from saving customized
settings like login information. Disabling cookies might make you unable to use Authentication and Authorization functionalities offered by API-M.
What are the cookies used ?
Keeps track of the user session data when you are logged in for providing a better user experience.
Keeps track of the page that you should be directed to after login.
Used for authentication purposes when invoking an admin service in the Business Process Server.
Used for mitigating Cross Site Request Forgery Attacks to provide you with a secure service.
Used to track the language API-M is served to you.