Layer7 API Management Reviews

The most valuable aspects for us are the security features, such as OAuth and access control. Furthermore, it's a flexible tool that performs well.

It's a great tool, but I wouldn’t say it streamlined anything. It does just exactly what we acquired for, which is to connect and manage data from our legacy system to the cloud and to mobile. We had some digital channel projects that required back-end integration and needed security on the gateway to handle the throughput that would be coming, so we chose API Management.

I'd like to be able to import a Swagger file through the gateway.

We have been using it for three years.

We've had no issues with deployment.

It has been stable from day one. We haven’t seen anything to suggest it won’t continue to be.

It's scaled just fine.

The online material is fantastic and the CA API Academy videos are excellent.

The initial setup was complex and difficult mainly because we didn’t have heavy Linux support guys.

It takes longer than you would think; timing it is essential.

We use Layer7 API Management for digital banking: for signing, validation, transactions, etc.

We are a partner, so there are roughly 40 people inside my company working with Layer7.

The mobile access gateway (MAG) is tremendous.

Its ID authentication is a little outdated. I think they should start using face ID.

They need a multifactor authentication solution for the API layer and the other layers, as well. Today, we don't have face recognition for the gateway. We don't have palm recognition either. This would add a needed additional security layer.  

I have been using this solution for roughly two to three years.

This solution is very stable. Once you have the other patches applied it's really stable.

Layer7 API Management is very scalable.

Overall, I would give their technical support a rating of six. It was better before Broadcom acquired it from CA. If they improved their response time, I would give the technical support a higher rating.

The initial setup is very easy.

We have implemented this solution for three banks. One bank took three months and another took six months to fully implement due to an additional security layer.

It really depends on the size of the bank and the number of transactions that you have to validate, the board members, and the customer flows within the bank.

If you wish to implement Layer7 API Management, it is paramount that you understand, first, what you need.

Most of the time, the customer doesn't understand the power of APIs and how they should be managed inside an organization. If your customer doesn't have a plan, it doesn't matter what solution they use — nothing will work.

Overall, on a scale from one to ten, I would give this solution a rating of nine.

We use it for public API security.

The governance of the new business models generated by the APIs has been simplified and is improving the daily control over them.

• Current security models which are the focus of the industry. 
• The product documentation helps the client and/or user to evolve quickly while using the tool.
• Support has efficiently combined with the forum.

The portal is an important point in the lifecycle of the APIs. Right now, the portal lacks many features. We hope that the new version will have them and that there will be a quality jump, which is needed.

None.

There is no real problem. However, as the number of instances increases, its complexity of installation increases if you do not use the OVA.

Support through the forum is very good and efficient for partners.

I work in a consultancy, so we do projects with other products. However, our partner product is with CA Technologies.

They have different installation models. Therefore, there are always small drawbacks. Fortunately, if you use the OVA, your installation is direct.

We are a partner with our own prices.

We evaluated the following solutions: IBM, WSO2, and Oracle.

Begin by using the installation offered on an OVA, then in production environments make use of your own installation, e.g., in CentOS.

We use it for security.

So far so good. We have our own challenges - some monitoring and some performance related things - but at the same time, I think it's pretty good.

The security that it provides, actually. Being in the financial services industry, obviously security is very important for us.

I'm part of an engineering team so this product coming with out-of-the-box security, that is valuable to our organization.

We are evaluating the next release, actually. We would like to see more stability.

It needs to be a bit more stable. I think they see that, as Support is working on that. We have our own challenges related to the stability. For example, the log space filling up the entire disk because of gateway went down. CA is aware of this issue.

But otherwise, as I said, we have had a pretty good experience with the product.

We do not use it on a massive scale at this point, so it's pretty good.

It's pretty good. It's been a fruitful experience so far.

We were transitioning from another product, DataPower. We switched because of the native support for APIs in API Management.

We didn't consider any other vendors.

What's important to us when selecting a vendor, support is the most important factor.

I would tell anyone who is researching this type of solution to go for API Management.

• Availability of Security Assertions: Addresses all the industry security standards
• High Flexibility: Allows policy-driven orchestration and security mediation, in a drag-and-drop manner

Thanks to this product, we have successfully secured SOAP and REST APIs and exposed them to international/domestic partners using the standard industry protocols.

The Policy Manager UI is very busy. It lacks a graphical representation for the flow of the assertions that can significantly improve the clarity of the policy. Thus the Policy Manager UI can be improved in terms of usability. For example, instead of policy assertions in the policy being in a line by line form, it could be represented as graphical flow, similar to how Vordel Gateway does it.

I have used this solution for six years.

We have not experienced any stability issues. The product has been very stable.

The CA API Gateway solution is highly scalable. It is very easy to add more nodes to the cluster, which increases the processing power.

The technical support is excellent and very timely. The engineers are extremely knowledgeable, not only in regards to the product, but also in terms of the protocols and standards that are used by the product.

We were using Vordel Gateway, but it lacked the flexibility and integration capabilities that CA API Gateway provided at the time.

The initial setup was very straightforward. CA has clear and concise documentation to walk you through the initial setup process for both simple and complex deployments.

Vordel Gateway and IBM DataPower. Both these solutions were evaluated from our end, before CA API Gateway was selected.

You should read the documentation.

The best features for us are documentation, the development portal, ease-of-use, and click-to-market. Our API landscape is increasing exponentially and one if the differentiators that allow us to reach our goals is how fast we can get to the market. And our speed-to-market is based on ease-of-deployment and how fast we can iterate and change.

It sets itself apart mainly because it's a bigger product and a bigger company, so it integrates well with other solutions that we already have on-premises. That makes it a lot easier for us to move people around, since they already have a basic skill set. That really helps. The support that we get from CA in general, including the talks, the books and the documentation that explains how to sell from a technical and a non-technical side, really benefits us.

I would like to see a lot more information about design, such as design thinking and design UX, UI, information about the technology, and the problems it's solving for everyday customers.

The cloud-based solution that we use right now is stable. We have an on-premise solution as well, which we still have some issues with, but we're still moving forward.

Scalability is unmatched. Since it is cloud and AWS backed, if we need more power, we just call it up and it's pretty quick.

Technical support, including the communities, Twitter, and being able to reach somebody on the phone is phenomenal; it's a good working relationship.

We have multiple solutions in house. This is the one we choose for now for certain products. There weren't really better products and there's only certain product groups in the market, and we only pick the best-in-breeds. CA was one of them.

For me, the most important quality in a vendor is technical support. I want support from end-to-end, including documentation, technology, and written materials that I can download and review myself and then reapply.

Initial setup was a little bit of both straightforward and complex. We are a large company and have certain scenarios that make things a little bit more complex. CA's always been really good about being right there with us to understand some of our challenges.

Dig in really deep, not only from a technical standpoint but also from a design and product standpoint. That's probably the biggest piece of advice that I can give you. If you miss this, you will forget to see the forest through the trees.

We had a test version, which was more of an on-prem version, and we also had some on the Docker for a live API creator. 

We are a security service company, and we provide a lot of solutions in that space. We were just trying to have a frictionless authentication product, so we were working on that. We were looking for a Gateway that can serve in an API, and we've already got an open-source solution.

We loved the portal part the most, which had monetization and showed how people were using the stuff. It is a good product as a whole and has a lot of microservices and granular features.

The delivery is bulky in terms of implementation. Its price could also be better. It is a very good product as compared to CA API, Google API, and WSO2 API, but its price is high.

From the cloud-native perspective, some new features need to be added. It could also be made simpler to implement.

We have been using this solution for four to five years.

Technical support was okay. We were getting good support. We had access to the portal, and the support was good enough.

It was a little complex initially. We struggled a bit initially to understand this solution, but later on, it was okay. I do not exactly remember the issues, but initially, our team was facing a lot of problems in terms of virtualization.

It was very high at that time. We are a Broadcom CA partner, and we got it only for testing purposes. We didn't pay anything for it.

I would recommend this solution to others. This is one of the good solutions for microservices and APIs and for people who need to go the digital way. There are a lot of other solutions that are coming into the market, and the infrastructure landscape is changing.

I would rate Layer7 API Management a six out of ten.

The most valuable feature is the basic authentication.

Some areas for improvement would be the security the product provides and the response time when a client is making a call with their payload. 

I've been working with this solution for three years.

There are some issues from the front and backend, but none relating to the API portal.

The scalability depends on configuration, but if that is correct, then the scalability is good.

The tech support is fast and responsive.

The deployment was pretty straightforward.

I would rate this solution as nine out of ten.