Try our new research platform with insights from 80,000+ expert users
it_user898710 - PeerSpot reviewer
Software Engineer at a tech vendor with 501-1,000 employees
Real User
APIs can be developed to provide security and we can show everything in a single pane of glass
Pros and Cons
  • "As an organization grow, you can use CA API Management for authentication purposes through the CA API Gateway. It allows for multiple identity providers with different Active Directories."
  • "They need a workflow for the API Developer Portal, where the process only allows requests to go to the correct person."

What is our primary use case?

Previously, we don't have a security for our web or mobile applications. In a scenario where I have an application that gives APIs to everyone in the world, they can directly access that particular application. However, this allows for different types of attacks on that particular application too. This becomes a problem if a number of users access it, whether they are valid or invalid users, they will see performance issues. If a number of attacks are happening on a particular application, it goes down. So, from a security perspective, CA API Management acts like a reserve proxy.

It makes the end user feel like it is a real system. It does not show the back-end and what the API tool does. CA API management will not let people know that there is an original server running behind the tool. That is the security point of it. 

For use cases, there are databases that some people have to query on. With the help of CA API Management tool, we can give APIs to the end user, and with the help of those APIs, they can access the data instead of the database.

How has it helped my organization?

APIs can be developed to provide security. We can show them in one single pane of glass, such as the CA API Management API Developer Portal. It is there that we can provide the monetization for their APIs and what is happening on third-party applications, like Paytm or BookMyShow. 

Customers go to the portal and register there. It is there that they chose their APIs from a list. Based on the registration of the APIs, the customer will be charged.

Our customers will purchase these APIs and give to their application users. The functionality provided by the CA API Management tool is about the work framework, and the API Gateway also provides work functionalities. In the API Gateway, there are features called Solution Kits. These provides work protocol functionalities and the framework. 

In order to develop an API, we'll face so many problems: 

  • What method we should use?
  • What is the data it should return?
  • If I give this API data to the browser, how will it be processed? 

There are so many problems from the perspective of designing an API. However, the CA API Management tool, along with the CA API Gateway, eliminate all our issues.

As an organization grow, you can use CA API Management for authentication purposes through the CA API Gateway. It allows for multiple identity providers with different Active Directories.

What is most valuable?

It takes an existing service, like JSON or SOAP, and converts it for use on the application (e.g., REST services).

From a security point of view, there are different types of attacks: cross-origin resource sharing, SQL injection, shell scripting, and code injection. These type of attacks can be eliminated with the help of this tool because they are built-in with rules. If I drag and drop one rule called cross-origin resource sharing to the website I want to allow it on, only that website can contact CA API Management regarding this assertion. 

For an OAuth perspective, the application needs to be registered at my API Gateway. Once the application is registered, every time a user requests access to my API Gateway, I have to capture whether it is a valid application or not. Once it is getting validated, only then will it show them the access page for the login page to the application.

What needs improvement?

Based on the method an API, we need to be able to access that particular API.

They need a workflow for the API Developer Portal, where the process only allows requests to go to the correct person.

The CA Mobile API Gateway (MAG) for mobiles has too much latency.

Buyer's Guide
Layer7 API Management
October 2024
Learn what your peers think about Layer7 API Management. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

If an entire cluster fails, we have disaster recovery with this solution. It provides an exact replica.

Because it contains Java, the heap memory needs to be cleaned constantly or problems will occur.

For day-to-day maintenance, two people are enough staff, e.g., checking the logs.

What do I think about the scalability of the solution?

CA API Management is okay when it comes to supporting a large number of APIs or large number of transactions. It has high availability. With the help of a load balancer, we distribute the load among all the API Gateways. In this way, we provide high-availability for all the API Gateways.

We have scaled the product out to different countries, like China and Australia.

Which solution did I use previously and why did I switch?

Previously, there was only SOAP services. When you are making an API call with SOAP services, It has a lot of impact on the application by taking too much of the bandwidth. 

Now, all the users are filling our their forms in the back-end with form data into JSON, and sending the information to the REST services.

People want the REST services. There are already existing applications which are running on the SOAP services. Rather than losing their businesses, with the help of CA API management,  they can have both their REST and SOAP services in the back-end.

How was the initial setup?

The initial setup is straightforward, like creating and deploying an API. Everything happens in one single loop.

If you install the CA API gateway, it takes about 15 minutes, as it is available in OVA format. If you go with the OVA format, you don't need to do much configuration. Then, it comes up in an internal MySQL database.

The API Developer Portal takes easily an hour to set up.

What about the implementation team?

When we introduce the solution to a new organization, it's not a complicated process. If we describe to them how an API can reduce work in their regular life, then they can easily understand that. When we give this to the customers, they become happy.

We use two people for deployments.

What's my experience with pricing, setup cost, and licensing?

CA API Management has a licensing path. If you want more features, it requires more licenses and more installation time.

Which other solutions did I evaluate?

Compared to other tools, like Apigee, this is the best tool that I have used.

What other advice do I have?

This product is available on-premise, in the cloud, and Docker.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
General Manager at Global SEIS
Real User
Beneficial integration, easy to use portal, and simple building APIs
Pros and Cons
  • "The most valuable features of Layer7 API Management are integration, ease of use, building APIs easily, and portal straightforward."
  • "The overall cost of Layer7 API Management is high, they can improve it by making it less expensive."

What is most valuable?

The most valuable features of Layer7 API Management are integration, ease of use, building APIs easily, and portal straightforward.

What needs improvement?

The overall cost of Layer7 API Management is high, they can improve it by making it less expensive. It is a stable platform, but Layer7 API vision and future are not clear

For how long have I used the solution?

We have been using and implementing Layer7 API Management for approximately 10 years.

What do I think about the stability of the solution?

Layer7 API Management is a highly stable solution.

How are customer service and support?

The support from Layer7 API Management could improve. We do not have a strong Latin American support. The support over the last two years has been poor. The vendor of Layer7 API Management, Broadcom, used to have approximately 500 employees here in Latin America but now they only have approximately 20.

You as customer has to find someone with a lot of experience in API Management so the users can take advantage of all the value the solution has.

What's my experience with pricing, setup cost, and licensing?

The price of Layer7 API Management is too high and should be reduced. However, it is a good solution in the market.

What other advice do I have?

I rate Layer7 API Management an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Layer7 API Management
October 2024
Learn what your peers think about Layer7 API Management. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
Practice Lead at a tech services company with 11-50 employees
Real User
The solution kits are customizable. We can implement micro-services architecture.

What is most valuable?

Although a lot of features come handy, the most usable feature is that solution kits are customizable. We were able to cater to a large variety of implementation and customizations with ease.

How has it helped my organization?

We have developed frameworks around this product set. It provides the ability to customize and has tremendous depth.

The frameworks are configuration driven, which gives the ability to implement micro-services architecture with ease and provides DevOps agility in terms of continuous deployment, etc.

What needs improvement?

The feature set is quite diverse and community driven, which is a good avenue to promote future features into this product.

The policy manager UI shows signs of aging, but it is not a must.

Policy manager is probably built using Java SWING, it has all the features, but loses some points on the look and feel, compared to some new generation IDEs.

It would be nice to see the PM revamped and some additional features added, such as step debugging for encapsulated assertions etc.

For how long have I used the solution?

I have been using CA API Management for five years.

What do I think about the stability of the solution?

We have not had any issues with stability.

What do I think about the scalability of the solution?

We have not had any issues with scalability.

How are customer service and technical support?

I would give technical support a rating of 10/10.

Which solution did I use previously and why did I switch?

We did have a previous solution, but the lack of a feature set, only cloud-based implementations, and lack of customizations drove us towards CA.

How was the initial setup?

The setup was very simple and straightforward.

What's my experience with pricing, setup cost, and licensing?

It is definitely competitively priced. Working with your local AM can help you achieve a pricing level that’s suitable to your needs.

It comes with many options, so do discuss your future roadmap with a CA Solution Strategist to advise you on the proper model.

Which other solutions did I evaluate?

We looked at Apigee, Mashery, IBM, MuleSoft, WSO2, and others.

What other advice do I have?

  • The product is feature rich and can solve a myriad of use cases.
  • We have noticed that building frameworks on the product set, with the help of a senior architect who drives the adoption early on, is a key. They can help create reference architecture for your organization that pays dividends in the end.
  • Aim for CA certified resources or partners for a good quality solution.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user352995 - PeerSpot reviewer
Expert Architect at a tech services company with 1,001-5,000 employees
Consultant
Using it creates a single set of APIs, even though the back-end REST, UI, and GUI technologies are different. Its UI is very outdated and we'd like something easier and more intuitive.

Valuable Features:

Security is the most valuable feature for us. We have a lot of threat protections turned on and I think the gateway has inherent security protections for DDoS and a whole list of other security risks. We also have the ability to customize the security of each product that we're doing, which has been really helpful. 

It also provides some load-balancing features. We can choose which traffic goes to which back-end server and the gateway will help us manage all that.

Improvements to My Organization:

I think it's protecting and exposing our internal APIs externally. We have a lot of different types of back-end technologies that use the APIs -- REST, UIs, and GUIs. So using the API product creates a single set of APIs, even though in the back-end they're much different.

Room for Improvement:

The UI is very dated. I've talked to some of the development and product managers about that, and I think it's a known issue. It's early 2000's technology. We would like to see something online and a better UI that's easier to use and more intuitive.

Reporting could use some enhancements as well. We just moved to the 8.4 version from 7.1, and they've got a new reporting tool called ESM. We're just now starting to use that, so maybe that's going to provide what we need; it's to be determined.

Deployment Issues:

The deployment's taken a little longer than we expected.

Scalability Issues:

We're exposing probably fifty different products externally. We've got thousands of requests, probably, per hour that come through. It's a lot of batched products -- people will run a job and it's sending a lot of things. We have a lot of traffic. The gateway itself has been stable. Downtime has usually been something like the network equipment around the gateway itself, but the gateway itself has been fairly stable.

Initial Setup:

We have development test-production environments, so to get it on our infrastructure under our own management tools, there's a lot of bureaucracy. So it's not just a push-button type deal; it requires a lot of coordination, tickets, firewall changes, provisioning hardware, things like that. All that to say that the initial setup was not straightforward but rather complex.

Other Solutions Considered:

There were several other options evaluated, but I wasn't a part of that.

Other Advice:

I saw some things this week at CA World which I think will make the product better, more intuitive to use with a better interface and easier deployment. There are things I saw on the road map that they'll address in the near future.

I would advice that someone go through the self-training before just jumping in. I learned from co-workers as well.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior System Analyst at National Institute of Education
User
It has improved API governance and gives analytics to API performance
Pros and Cons
  • "It has improved API governance and gives analytics to API performance."
  • "It needs better mobile features and HA configuration."

What is our primary use case?

We use it primary for API management in my data center, for mobile applications and application-to-application integration.

How has it helped my organization?

It has improved API governance, gives analytics to API performance, and provided abstraction to the solution providers.

What is most valuable?

  • Policy assertion
  • Policy manager
  • SSO
  • Authentication
  • HA features
  • Analytics
  • Very extension logs

What needs improvement?

  • Better GUI for the policy manager.
  • Needs better professional services in my country. 
  • Better mobile features.
  • Better HA configuration.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user778503 - PeerSpot reviewer
Software Engineer at a tech services company with 10,001+ employees
Consultant
It scales really well and does a lot of load balancing
Pros and Cons
  • "You can create little, custom Java assertions that you can insert to do your business logic, which might not be covered by the commercial product out-of-the-box."
  • "More developer focused tools. They have a nice debugger inside of the program, but when you are developing code with their policies, it is tough to visualize that sometimes as a developer."

What is our primary use case?

Our primary use case is to host a handful of different API services for the consumers of our customer. We build and maintain several of those APIs right on the Gateway using their policies. We use it to kind of proxy request through to Java services and other things that we have created.

What is most valuable?

The extensibility of it. It can do a lot of things. You can create little, custom Java assertions that you can insert to do your business logic, which might not be covered by the commercial product out-of-the-box. 

How has it helped my organization?

I like the extensibility of it. It can do a lot of things. You can create little, custom Java assertions which you can insert into your business logic. This might not be covered by the commercial product out-of-the-box. 

What needs improvement?

More developer focused tools. They have a nice debugger inside of the program, but when you are developing code with their policies, it is tough to visualize that sometimes as a developer. So, tools that are a little more focused on rapidly creating those policies would be beneficial.  

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

We actually started with this product a few years back. It is definitely improved significantly since then. I think the amount of releases and bug fixes that they have pushed out have really helped.

What do I think about the scalability of the solution?

The scalability has been great for us. We have consumers that range from 10 to 20 users upwards to 1000s of users. Thus, it scales really well. It does a lot of load balancing and other nice, little technical tricks that help smooth out requests which come in.

How are customer service and technical support?

They have come in sometimes to do onsite training when we requested it. For the most part, when we have technical problems, they are very responsive. They get it down to the developers quickly, who understand the problems and they work with us to get those fixes in their next release if it is something that is a bug or help us work around it. 

Which solution did I use previously and why did I switch?

When we first started on the Gateway, it was a different company, then CA bought it. The difference from that other company, which might have been a smaller company, from there to CA has just been the responsiveness and that extra level of training and other support that we are getting from CA. 

How was the initial setup?

I have been involved in deploying this product in several of our different environments from the ground up as well as in the upgrade process. From the CA part of it, everything has gone smooth. The problems are always on our side with our environments. I think the Gateway itself is a very simple product to get up and running and their upgrade process is good as well. There are a few little tricky things here and there like with everything, but for the most part, they continue to work to adjust it. 

What other advice do I have?

It is better than similar Gateway products that I have used in the past. Again, that flexibility really lends itself to us, and our program, a lot. However, there are certainly some areas for continued improvement and it seems like they are going in the right direction, so hopefully that continues. 

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
PeerSpot user
Arquitecto de Soluciones at Puntos Colombia S.A.S.
Real User
Keeps clear traceability of the changes made in each of our APIs
Pros and Cons
  • "It allows us to keep clear traceability of the changes made in each of our APIs."
  • "The speed and versatility in the implementation of APIs without writing a line of code in any programming language."
  • "The solution has numerous configuration options to increase security in communication."
  • "The administration interface (Policy Manager) is very easy to understand and use."
  • "As a SaaS product, control over some configuration elements and environments is lost."
  • "Increase tools for manipulation of JSON messages."

What is our primary use case?

Administration and configuration of the platform API management version 9.2. SaaS, security configuration, design, and implementation of APIs, which are exposed to partners of the company for the execution of business flows. All this is done quickly and easily with minimal effort.

How has it helped my organization?

  • The API Gateway has allowed us to manage and maintain systems quickly, with great versatility, while solving problems in real-time.
  • It allows us to keep clear traceability of the changes made in each of our APIs.
  • A large number of security measures have been implemented which make data manipulation more reliable.
  • As a SaaS product, control over some configuration elements and environments is lost.

What is most valuable?

  • The speed and versatility in the implementation of APIs without writing a line of code in any programming language.
  • The solution has numerous configuration options to increase security in communication.
  • The administration interface (Policy Manager) is very easy to understand and use.

What needs improvement?

  • This is a punctual need for the characteristics of the business or at the request of some partners: It is the use and configuration of VPNs, which in the current version is not enabled.
  • Expose system properties and other configurations via the GUI (Policy Manager).
  • Increase tools for manipulation of JSON messages.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user778995 - PeerSpot reviewer
Integration Architect at a comms service provider with 10,001+ employees
Real User
Provides API security as well as performance and flexibility, on-premise, on-cloud, hosted
Pros and Cons
  • "It can be scaled as we need. And it can be used in different regions. We have different data centers in the U.S. and Beijing. We use it on-premise, on-cloud, and it can be hosted and used at any place and scaled across the regions."
  • "Every API that we get from external or from internal goes through this layer first, and it should not be a bottleneck. That was the problem we had before. Now it's no longer a bottleneck. It's more like a throughput, this process is less than 10 milliseconds for any particular API."
  • "One day, where we can have a microservices gateway and we will not need the classic gateway at all, that is what we want to see."

What is our primary use case?

Security. We have a lot of APIs, a lot of web services inside Motorola, and we wanted to have a solution which can secure all our APIs.

So far it has been doing well. But we are looking towards microservices technology. And we heard here, at this CA World conference, that they are coming up with a microservices API gateway. That is something that we would be interested in looking into. 

But as far as far as the classic API gateway goes, I think it is definitely doing well. We were bought by Lenovo, and eventually Lenovo, which did not have this solution, has also been convinced to use it. So overall, as one company, both Lenovo and Mortola will be using this product.

How has it helped my organization?

It can be scaled, especially the current version. It can be scaled as we need. And it can be used in different regions. We have different data centers in the U.S. and Beijing. We use it on-premise, on-cloud, and it can be hosted and used at any place and scaled across the regions. That's the primary benefit we have seen; other than providing security and the performance.

What we had before, Forum, obviously was not reaching our performance requirements. This really helped us, because every API that we get from external or from internal goes through this layer first, and it should not be a bottleneck. That was the problem we had before. Now it's no longer a bottleneck. It's more like a throughput, this process is less than 10 milliseconds for any particular API. 

So the number of transactions that we are able to process per second and the number of instances that we can use are benefits. 

Even before microservices API gateway came into the picture, two years back, CA really worked with us and helped us to get hourly pricing, so that we could spin up, spin down instances as we need, like during Thanksgiving or Christmas. So the product, by itself, is great, and the flexibility that CA has given us out of this product is really great.

What is most valuable?

From the security point of view it provides lot of features, as well as performance. I think it's 4000 transactions per seconds, per node, is what the performance is. So those two are major features that we have been looking for. It does both in a great way.

What needs improvement?

Microservices gateway is one thing in which we thought would be really good. It has come up, we just have to see how it's going to play out. Obviously, it's not going to replace the classic gateway, although we want to see that something in the microservices gateway that can actually replace classic gateway. That would be really nice. Right now, I don't think it's completely replaceable. It's just a part of it, but eventually they're saying that it will replace. So one day, where we can have a microservices gateway and we will not need the classic gateway at all, that is what we want to see.

What do I think about the stability of the solution?

We have never had any issues, to be frank. From the time that we had it installed we have never had any issues, whether in the non-prod or in production. So I would give it top rating from the stability point of view.

What do I think about the scalability of the solution?

As mentioned, that's one of the great features, the scalability. We were able to scale up in incidences as needed, and scale down. So again, completely flexible. Top-rate, from the scalability point of view.

How are customer service and technical support?

We use technical support only when we do the upgrades. My team, we always try to be at the latest and greatest version. Whenever they release, the next week we are already there, both in test and production. So when there's a new release, obviously there are some important technical features of which we are not aware. To learn about them we use the technical team. 

But other than that, from our point of view, as I mentioned, it has been pretty straightforward and pretty stable. We don't have a need to reach out to them, except when there are new features and we are migrating.

They're good. They have been really helping us. As I mentioned, CA as a whole has been a great partner for us and has been helping as we need. Whenever we need their support, they are there. Whenever we need information, they are there.

Which solution did I use previously and why did I switch?

We were using Forum before, but we wanted a much more flexible solution that scales and has better performance. That's why we chose CA's API Gateway, to resolve our security, and provide the best performance for all the APIs that we have.

How was the initial setup?

It wasn't really all that complex. What we had before was really pretty complex. When compared to that, what we have with CA is not.

Which other solutions did I evaluate?

We evaluated Forum, obviously. Layer 7 is one we looked into. Axway. IBM, because we use it a lot for e-commerce, so that is an API gateway we have been looking into.

What other advice do I have?

Among most important criteria when selecting a vendor, the first thing is pricing. After that features, obviously, and then the performance and stability.

We would definitely recommend implementing Layer 7. The only reason you might not implement it is if you are looking at open source, but open source comes with its own issues and cons. But if the cost is not an issue, Layer 7 is the top and I would definitely recommend it to anybody.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Layer7 API Management Report and get advice and tips from experienced pros sharing their opinions.
Updated: October 2024
Product Categories
API Management
Buyer's Guide
Download our free Layer7 API Management Report and get advice and tips from experienced pros sharing their opinions.