WSO2 API Manager - Cookie Policy
About WSO2 API Manager
WSO2 API Manager (referred hereafter as “API-M ”) is an open source enterprise-class solution that supports API publishing, lifecycle management, application development, access control, rate limiting and analytics in one cleanly integrated system.
Cookie Policy
API-M uses cookies to provide you with the best user experience, and to securely identify you. You might not be able to access some of the services if you disable cookies.
What is a cookie ?
A browser cookie is a small piece of data that is stored on your device to help websites and mobile apps remember things about you. Other technologies, including Web storage and identifiers associated with your device, may be used for similar purposes. In this policy, we use the term “cookies” to discuss all of these technologies.
How does API-M process cookies ?
API-M uses cookies to store and retrieve information on your browser. This information is used to provide a better user experience. Some cookies have the primary purpose of allowing logging in to the system, maintaining sessions, and keeping track of activities you do within the login session.
Some cookies used in API-M are used to identify you personally. However, the cookie lifetime will end when you log-out ending your session or when your session expires.
Some cookies are simply used to give you a more personalised web experience, and these cannot be used to identify you or your activities personally.
This Cookie Policy is part of the API-M Privacy Policy.
What does API-M use cookies for ?
Cookies are used for two purposes in API-M
- Security.
- Providing a better user experience.
API-M uses cookies for the following purposes
Preferences
API-M uses cookies to remember your settings and preferences and to auto-fill the fields to make your interactions with the site easier.
- These cannot be used to identify you personally.
Security
API-M uses selected cookies to identify and prevent security risks.
For example, API-M may use cookies to store your session information to prevent others from changing your password without your username and password.
API-M uses session cookie to maintain your active session.
API-M may use a temporary cookie when performing multi-factor authentication and federated authentication.
API-M may use permanent cookies to detect the devices you have logged in previously. This is to to calculate the risk level associated with your current login attempt. Using these cookies protects you and your account from possible attacks.
Performance
API-M may use cookies to allow “Remember Me” functionalities.
Analytics
API-M as a product does not use cookies for analytical purposes.
Third party cookies
Using API-M may cause some third-party cookie being set to your browser. API-M has no control over the operation of these cookies. The third-party cookies which maybe set include,
- Any of the social login sites, when API-M is configured to use “Social” or “Federated” login, and you opt to do login with your “Social Account”
- Any third party federated login
We strongly advise you to refer the respective cookie policies of such sites carefully as API-M has no knowledge or use on these cookies.
What type of cookies does API-M use ?
API-M uses persistent cookies and session cookies. A persistent cookie helps API-M to recognize you as an existing user, so you can easily return to WSO2 or interact with API-M without signing in again. After you sign in, a persistent cookie stays in your browser and will be read by API-M when you return.
A session cookie is erased when the user closes the Web browser. It is stored in temporarily and is not retained after the browser is closed. Session cookies do not collect information from the user's computer.
How do I control my cookies ?
Most browsers allow you to control cookies through settings. However, if you limit the ability of websites to set cookies, you may worsen your overall user experience, since it will no longer be personalized to you. It may also stop you from saving customized settings like login information. Disabling cookies might make you unable to use Authentication and Authorization functionalities offered by API-M.
If you have any questions or concerns regarding the use of cookies, please contact the Data Protection Officer of the organization running this API-M instance.
What are the cookies used ?
|
Cookie Name |
Purpose |
Retention |
|
JSESSIONID |
Keeps track of the user session data when you are logged in for providing a better user experience. |
Session |
|
goto_url |
Keeps track of the page that you should be directed to after login. |
Session |
|
workflowCookie |
Used for authentication purposes when invoking an admin service in the Business Process Server. |
Session |
|
csrftoken |
Used for mitigating Cross Site Request Forgery Attacks to provide you with a secure service. |
Request |
|
i18next |
Used to track the language API-M is served to you. |
Session |
Disclaimer
This cookie policy is only for illustrative purposes of the API-M product. The content in this policy is technically correct at the time of product shipment. The organization which runs this API-M instance has the full authority and responsibility of the effective Cookie Policy.
WSO2, its employees, partners, and affiliates do not have access to and do not require, store, process or control any of the data, including personal data contained in WSO2 API-M. All data, including personal data is controlled and processed by the entity or individual running WSO2 API-M. WSO2, its employees partners and affiliates are not a data processor or a data controller within the meaning of any data privacy regulations. WSO2 does not provide any warranties or undertake any responsibility or liability in connection with the lawfulness or the manner and purposes for which WSO2 API-M is used by such entities or persons.