Layer7 API Management Reviews

Live API Creator.

The simple REST based APIs can now be delivered in hours which took days previously.

The product shouldn’t require to be connected to a server for doing development.

Six months.

No.

No.

Good.

No.

Very easy.

Not sure on that front.

Mashery and IBM.

Go ahead. A very good product and a market leader in its segment.

The best features of CA API Management are high quality and high reliability.

It provides a centralized security mechanism so that we can route all our policies and all our traffic through the gateway.

I would like more graphical interfaces for better usability.

API Management is highly reliable and highly available, so we haven't any problems with it.

We haven't had any scalability problems. I don't know how far it can be scaled. We are a mid-sized company.

I would say that the quality of technical support is moderate. It’s better than some, but not as good as others.

I don't know if we had a previous solution before going with API Managment. We have a number of CA products. Some of them, we started with the CA product and some of them we started with other products and then switched to CA because of their high availability and high reliability. We are not looking to switch it. It’s nice and stable.

I was not involved with the initial setup.

Focus on developing a relationship with CA. They have a variety of products and they do a lot of cross selling, so it's important to develop a relationship and figure out how to manage that relationship as you go forward.

When selecting a vendor, the most important element is relationship.

I'd say the API gateway that routes traffic in REST-to-SOAP conversions is a feature we find most valuable. SOAP is a type of web service, and REST is another.

It allows you to much more rapidly expose enterprise services to front-end applications, such as mobile and web.

The products developer portals can be better. It needs a better look and feel.

Also, the user experience for developers to discover and develop APIs needs work.

We've been using it for two years.

It's very good.

We've just started so there's not a lot of traffic yet.

They've been responsive, but they're pricey.

This is the first API gateway product we’ve used, and we looked for a vendor who has a reputation for establishing long-term partnerships.

Initial setup was pretty straightforward.

We also looked at Axway, IBM, and Mashery. We went through a long evaluation and CA's number one strength was the built-in security management features.

As part of your evaluation, make sure that the companies can set up a proof of concept to check real situations.

Our primary use case is to host a handful of different API services for the consumers of our customer. We build and maintain several of those APIs right on the Gateway using their policies. We use it to kind of proxy request through to Java services and other things that we have created.

The extensibility of it. It can do a lot of things. You can create little, custom Java assertions that you can insert to do your business logic, which might not be covered by the commercial product out-of-the-box. 

I like the extensibility of it. It can do a lot of things. You can create little, custom Java assertions which you can insert into your business logic. This might not be covered by the commercial product out-of-the-box. 

More developer focused tools. They have a nice debugger inside of the program, but when you are developing code with their policies, it is tough to visualize that sometimes as a developer. So, tools that are a little more focused on rapidly creating those policies would be beneficial.  

We actually started with this product a few years back. It is definitely improved significantly since then. I think the amount of releases and bug fixes that they have pushed out have really helped.

The scalability has been great for us. We have consumers that range from 10 to 20 users upwards to 1000s of users. Thus, it scales really well. It does a lot of load balancing and other nice, little technical tricks that help smooth out requests which come in.

They have come in sometimes to do onsite training when we requested it. For the most part, when we have technical problems, they are very responsive. They get it down to the developers quickly, who understand the problems and they work with us to get those fixes in their next release if it is something that is a bug or help us work around it. 

When we first started on the Gateway, it was a different company, then CA bought it. The difference from that other company, which might have been a smaller company, from there to CA has just been the responsiveness and that extra level of training and other support that we are getting from CA. 

I have been involved in deploying this product in several of our different environments from the ground up as well as in the upgrade process. From the CA part of it, everything has gone smooth. The problems are always on our side with our environments. I think the Gateway itself is a very simple product to get up and running and their upgrade process is good as well. There are a few little tricky things here and there like with everything, but for the most part, they continue to work to adjust it. 

It is better than similar Gateway products that I have used in the past. Again, that flexibility really lends itself to us, and our program, a lot. However, there are certainly some areas for continued improvement and it seems like they are going in the right direction, so hopefully that continues. 

• Any-to-any integration.
• The abilities to bridge messaging protocols and transform data enable us to input/output data from/to/through SOAP, JSON, MQ, JMS, databases, FTP between various backend systems, facilitating business process automation.

We use it to integrate various different customer and backend systems, in order to automate business processes.

• Patching/upgrading is a manual process and should be automated.
• Configuration synchronizing between nodes (installation instances of this software) is a manual process and should be automated and simplified.
• It could use a better dashboard for showing performance metrics (e.g message throughput).
• Ideally there should be cheaper development/testing (ie. non-production) licenses available to customers.

We have used the solution for more than five years.

We did not encounter any issues with stability.

We did not encounter any issues with scalability.

The technical support is quite excellent. Support staff usually respond quickly and are helpful.

We didn't use any previous solutions in production. We tried different products in the prototyping phase more than five years ago. This one fits our needs the best.

The setup was quite straightforward, for experienced software developers. Layer7 Technologies back then provided (for a fee) a week-long on-site training for our staff, including myself. Extended trial licenses (longer than the usual 30 days) were also provided for us to become familiar with the product before we committed to buying licenses.

There are now two licensing tiers - Essential and Enterprise - whereas before there used to be only one. Make sure you’re buying the correct one for your needs.

We evaluated some other options such as IBM WebSphere Message Broker, WSO2 ESB, Oracle ESB, Actional SOAPstation, Fuse ESB / Apache ServiceMix, Mule ESB.

Get the proper training for your staff and don’t hesitate to ask CA for help if needed. The product is extensible and CA offers custom solutions. We had some small customer development done for us (for a fee), which was productized in a later version of the product.

Security is the most valuable feature for us. We have a lot of threat protections turned on and I think the gateway has inherent security protections for DDoS and a whole list of other security risks. We also have the ability to customize the security of each product that we're doing, which has been really helpful. 

It also provides some load-balancing features. We can choose which traffic goes to which back-end server and the gateway will help us manage all that.

I think it's protecting and exposing our internal APIs externally. We have a lot of different types of back-end technologies that use the APIs -- REST, UIs, and GUIs. So using the API product creates a single set of APIs, even though in the back-end they're much different.

The UI is very dated. I've talked to some of the development and product managers about that, and I think it's a known issue. It's early 2000's technology. We would like to see something online and a better UI that's easier to use and more intuitive.

Reporting could use some enhancements as well. We just moved to the 8.4 version from 7.1, and they've got a new reporting tool called ESM. We're just now starting to use that, so maybe that's going to provide what we need; it's to be determined.

The deployment's taken a little longer than we expected.

We're exposing probably fifty different products externally. We've got thousands of requests, probably, per hour that come through. It's a lot of batched products -- people will run a job and it's sending a lot of things. We have a lot of traffic. The gateway itself has been stable. Downtime has usually been something like the network equipment around the gateway itself, but the gateway itself has been fairly stable.

We have development test-production environments, so to get it on our infrastructure under our own management tools, there's a lot of bureaucracy. So it's not just a push-button type deal; it requires a lot of coordination, tickets, firewall changes, provisioning hardware, things like that. All that to say that the initial setup was not straightforward but rather complex.

There were several other options evaluated, but I wasn't a part of that.

I saw some things this week at CA World which I think will make the product better, more intuitive to use with a better interface and easier deployment. There are things I saw on the road map that they'll address in the near future.

I would advice that someone go through the self-training before just jumping in. I learned from co-workers as well.

To protect the web services, security, authentication; protect against any kind of attacks from external sites.

We have been using API Gateway for four years and we have huge class actions, like 600 parts per second, and we have not seen any issues as of now. It's stable.

Security.

We get a lot of class actions, payloads, which have real security requirements, like personal identification information. So we need to protect all of this information, make sure it is secure. 

Also, we can handle the huge class actions we get from different clients.

It really benefits us a lot because, since we are maintaining financial information, personal identification information, we need to protect the customers' data as well as the clients' information. We can encrypt the payloads and decrypt the payloads and do SSL authentication. We can also store the files in the Amazon bucket with the encryption file.

We're integrating the cloud. I would like some more integration of cloud capabilities.

Regarding stability, we have not seen any issues as of now. It's a more stable product.

Scalability is very good.

We haven't had any issues. It's more stable. We didn't even have to touch anything.

It's a more stable product and we have very good support from technical point of view, but not from a professional point of view. We have some issues with Profession Services. But technical are always good, they support us as quickly as they. They give us solutions for customers, which is really helpful.

We were using an IBM product. We switched because we had some constraints, technical issues, support issues, and some other issues like use cases.

I developed the PoC and then moved it to production.

The setup is not complex, and we got very good support from CA technical support and Professional Services. I felt the technical support was really good compared to the Professional Services.

We did evaluate other vendors but we finally chose API Gateway.

In general when we are picking vendors, the most important criterion is support. When they can really help us we feel more confident.

I give it a 10 out of 10 compared to other products. I would definitely recommend CA API Gateway.

Administration and configuration of the platform API management version 9.2. SaaS, security configuration, design, and implementation of APIs, which are exposed to partners of the company for the execution of business flows. All this is done quickly and easily with minimal effort.

• The API Gateway has allowed us to manage and maintain systems quickly, with great versatility, while solving problems in real-time.
• It allows us to keep clear traceability of the changes made in each of our APIs.
• A large number of security measures have been implemented which make data manipulation more reliable.
• As a SaaS product, control over some configuration elements and environments is lost.

• The speed and versatility in the implementation of APIs without writing a line of code in any programming language.
  
• The solution has numerous configuration options to increase security in communication.
• The administration interface (Policy Manager) is very easy to understand and use.

• This is a punctual need for the characteristics of the business or at the request of some partners: It is the use and configuration of VPNs, which in the current version is not enabled.
• Expose system properties and other configurations via the GUI (Policy Manager).
• Increase tools for manipulation of JSON messages.