The Gateway is most important because it is our strategic front door into the company for all APIs.
Integration Platform Manager at a comms service provider with 1,001-5,000 employees
The Gateway is our strategic front door into the company for all APIs.
Pros and Cons
- "The Gateway is most important because it is our strategic front door into the company for all APIs."
- "As well as the SOA Gateway - that is, the API Gateway; we call it the SOA Gateway - we also are now deploying the developer portal component of the SOA Gateway. That has limitations."
What is most valuable?
How has it helped my organization?
The API Gateway for us is now, or is about to be, our central one way in. We have many, many partners who resell our communications services. They provision those services through our systems.
Previously, we would just host it on a number of different application servers, uncontrolled if you like, not as secure as they should have been.
You probably don't know, 18 months ago we had a large security breach, which turned into a large issue with the national press. We now use the Gateway for that single point of entry for all of our API traffic.
What needs improvement?
As well as the SOA Gateway - that is, the API Gateway; we call it the SOA Gateway - we also are now deploying the developer portal component of the SOA Gateway. That has limitations.
There are two main ways to offer web services to the outside world at the moment. One is RESTful services and one is SOAP-based services. We are predominantly a SOAP service company and the support for SOAP-based services are very limited, almost poor, in the developer portal. All CA's investment is around RESTful services, which is a problem for us.
I would also simplify threat protection, I would improve SOAP support, and I would reduce Professional Services rates. Apart from that, everything's pretty good.
For how long have I used the solution?
We've been using the solution for two and a half years.
Buyer's Guide
Layer7 API Management
October 2024
Learn what your peers think about Layer7 API Management. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
What do I think about the stability of the solution?
It is very good in terms of stability and functionality, it just lacks a little bit in terms of SOAP services.
What do I think about the scalability of the solution?
We're only receiving 200,000 calls a day at the moment, and we're increasing that to about 1,000,000 calls a day, which is a lot of traffic compared to some customers but I'm sure it's not much compared to others. The performance is fine.
How are customer service and support?
We raised a couple of tickets which just went through the standard process and we got a really poor response. But then I contacted the account manager and we got an excellent response and service.
In terms of the ultimate outcome and the service we receive now, I'd rate it really high, you know, 8 or 9 out of 10. But there's been one incident in particular which I would rate down at 2 or 3 out of 10. The way I feel now, I would rate it at an eight or a nine, mostly a nine. There was one incident which did not go through the account management team, which was not optimal.
The one incident which I would rate very low was just a really unprofessional, incorrect response. As soon as the account manager saw it, he was very apologetic. He got it all sorted out, no problem. They know about it and our account guys know about it. I think the support team know about it. I don't really think it's worth bringing it up again.
Which solution did I use previously and why did I switch?
We introduced the API Gateway. I wasn't here at the time, by the way, but we didn't use anything in terms of that. We bought it really for our protection and security capabilities. So the main thing is the API, the whole API management piece. We did go out to tender; we invited about six, or evaluated about six, different solutions and selected CA.
How was the initial setup?
I wasn't here for the setup.
What other advice do I have?
I would say CA are a good company to work for. I would say that the Professional Services people are fairly expensive but pretty good. I would say that the Gateway is a good tool but you need to be careful of the limitations for SOAP services. Also try and get over to CA World because that's good fun.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Technical Consultant at a computer software company with 501-1,000 employees
Provides different form factors, API virtualization and lifecycle management, data security, and scalability. Improvements needed in analytics, reporting, logging, tracking, SSO and user experience.
Pros and Cons
- "Initial setup is straightforward. It is simple and easy to do."
- "The level of technical support is good."
- "Scalability: API Gateway is easily scalable horizontally and managed easily."
- "The API Development tool can be made more user-friendly by providing folder properties."
What is our primary use case?
- Digitalization
- API Life Cycle Management
CA API Management powers the next generation of mobile and Internet of Things (IoT) applications by providing reliable connectivity between data, people, apps and devices. You can aggregate and orchestrate data from multiple data sources into modern REST APIs almost instantly. Whether your data is in legacy systems, disparate databases, or the cloud, you will be able to bring it all together to power new digital initiatives at scale in modern apps or SaaS applications.
How has it helped my organization?
It improved how we function in the following areas:
- Protecting all enterprise application data from direct access by virtualization.
- Transforming SOAP services to REST services easily on the gateway without impacting existing systems.
- Providing security for all API's exposed through API Gateway at one common location.
- Migration of APIs from one environment to other.
- Providing high availability with horizontal scaling and multi cluster.
- Managing the API lifecycle.
- Exposing enterprise data to the external world.
- Securing Mobile App communication using MAG.
- Integrating easily with other systems.
What is most valuable?
The most valuable features to me are:
- Different Form Factors: Available as Software, Virtual Appliance, Amazon Machine Image and Hardware.
- API Virtualization: Creating virtual APIs by shielding the actual enterprise resources on API Gateway.
- Security: Enterprise data security and central management in API Gateway.
- API Lifecycle Management: Enable, Disable, Assigning, Deprecating and Deleting APIs on API Portal
- Scalability: API Gateway is easily scalable horizontally and managed easily.
- Mobile SSO is another feature/capability which available.
What needs improvement?
- The API Development tool can be made more user-friendly by providing folder properties.
- Assertions for common functionalities (like mathematical operations, string manipulations, connecting to non-SQL).
- Masking the user credentials entered in Identity Provider, JDBC based on user role
- Analytics and reporting need to be made better and more user-friendly; add some custom reports both on the Developer Portal and API Gateway; exporting of analytics and an email facility.
- Logging and tracking of changes done by users in the Developer Portal.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
CA API Management solution is very stable also scalable.
What do I think about the scalability of the solution?
I did not have any issues with scalability.
How are customer service and technical support?
Customer Service:
Customer service is good
Technical Support:
The level of technical support is good.
Which solution did I use previously and why did I switch?
I did not try any other solutions previously.
How was the initial setup?
Initial setup is straightforward. It is simple,easy to do and quick to go to market
What was our ROI?
Overall cost saving, growth in business
What's my experience with pricing, setup cost, and licensing?
I feel that it is costly for small/medium-sized companies.
Which other solutions did I evaluate?
I did not evaluate other products, but have read about them and the features they provide.
What other advice do I have?
Check what is required and whether it can be achieved easily without any compromise, see how flexible its to use and maintain.
Disclosure: My company has a business relationship with this vendor other than being a customer: We're CA partner's and implement to the customer who have purchased the CA API Management . We do also contribute in development of the product.
Buyer's Guide
Layer7 API Management
October 2024
Learn what your peers think about Layer7 API Management. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
Senior Consultant
You Can Expose APIs With An Advanced Authentication Mechanism
What is most valuable?
Its simplicity; and it's user friendly. Advanced Authentication and Security features. Ability of Gateway to create API on the go with compatibility to integrate with all Blackened Systems (MQ native, JMS, SFTP, HTTPS, SCP, Windows/Oracle, LDAP, etc.).
What needs improvement?
Improvement in developer portal customization.
For how long have I used the solution?
Eight years.
What do I think about the stability of the solution?
Not yet.
What do I think about the scalability of the solution?
No.
How are customer service and technical support?
8 out of ten.
Which solution did I use previously and why did I switch?
The only solution I use is CA APIM and it’s the best. I haven't even thought
of switching into another one.
How was the initial setup?
Very easy.
What's my experience with pricing, setup cost, and licensing?
Depends on the client's requirements.
Which other solutions did I evaluate?
Yes, IBM and Apigee.
What other advice do I have?
CA APIM is the best product in the market. With API Gateway, you can expose
APIs with an advanced authentication mechanism and security, within days.
Disclosure: My company has a business relationship with this vendor other than being a customer:
Application Integration Developer I at a financial services firm with 1,001-5,000 employees
The built-in routing platform is the most valuable feature.
What is most valuable?
The built-in routing platform is the most valuable feature. It is easy to use.
What needs improvement?
There is a need to automate the process of retrieving the SSL certificate when it has expired. Currently, the product doesn't have this feature automated. It is only manual.
For how long have I used the solution?
I have used this solution for two years.
What do I think about the stability of the solution?
There were no stability issues.
What do I think about the scalability of the solution?
There were no scalability issues.
How is customer service and technical support?
I am very satisfied with the level of technical support.
How was the initial setup?
The setup was straightforward. I started using the product after it was already built-in.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Team Lead at a pharma/biotech company with 1,001-5,000 employees
We needed a way to secure our externally-facing services. This solution was a lot more lightweight and its security chops were more apparent.
Improvements to My Organization:
We needed a way to secure our externally-facing services. Layer 7 was a lot more lightweight and its security chops were more apparent. For deployment, it needed the ability to go with a VM image because it was not going to be on-premise. It was going to be in a cloud offering in front of our commerce spot.
Room for Improvement:
Because of our experience with our cloud-hosting provider's image requirements versus what CA provided them, I think an area of improvement would be additional form factors for virtualization.
Initial Setup:
There were some issues during the initial setup. Our cloud-hosting partner required certain things, such as ESXi hosts and images. They were very particular about what kind of image they wanted versus what kind of image CA provided. So what I think would be an improvement would be support for additional virtualized form factors.
Implementation Team:
CA helped with the architecture, the design, the implementation and it's in place but it's not actively being used because the backing system isn't there yet. I can't tell you qualitatively like, "Oh, yes, it's working very well." I don't know how it's working because nobody's using it. It's waiting for the system to be ready and operational. The implementation, though, was done very well.
Other Solutions Considered:
Layer 7 was top-of-class in the Gartner Magic Quadrant, Forrester, and all that stuff, so I did the selection process there and looked at a couple of different competitors.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
ALSO some of the practitioners are talking about Digital TX using just API led monitization. IS BPM Analytics Led solution DEAD?. Can true Digital Tx end-end happen without BPM in between. How does a CEO or CTO get end-end process view? Can automation be it digital can be implemented without a BPM layer as a Service.?
IT Consultant at ENTIIS PTE. LTD.
Almost all security features are available out-of-the-box and can be deployed rapidly
Pros and Cons
- "Almost all security features are available out-of-the-box and can be deployed rapidly."
- "The product needs to keep up with newer trends even though customers might not be requesting it yet."
What is our primary use case?
API security and API onboarding. We have on-premise deployment with legacy backends.
How has it helped my organization?
It improved the integration channel between partner companies. It also improved the time it took to onboard a new partner.
What is most valuable?
API security. Implementing security is hard in general but for this product, almost all security features are available out-of-the-box and can be deployed rapidly.
What needs improvement?
The product needs to keep up with newer trends even though customers might not be requesting it yet. For example, the usage of newer versions of Swagger and YAML format.
For how long have I used the solution?
Three to five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Prof IT System at a comms service provider with 10,001+ employees
Maintains the security of our APIs and our business transactions
Pros and Cons
- "We are looking for improvements related to integration. We want to see them add integration tools to the CA bundle. That would be helpful."
What is our primary use case?
We have a full, classic, API gateway currently. We want to leverage it to use the microservices, with the help of micro API gateway, to support our business or e-commerce platform, the API traffic. That's our main our goal, to move further toward a microservice with a Docker container.
We implemented it in a non-prod and it is good. But we want to move into production going forward. Performance-wise it’s good, and we are not seeing any issues.
How has it helped my organization?
The benefit is maintaining the security of the APIs and securing the transfer volume of the enterprise for any business transactions.
What is most valuable?
The main feature is the security, and then the performance of the APIs is good. The monitoring part is also helpful.
What needs improvement?
We are looking for improvements related to integration. We want to see them add integration tools to the CA bundle. That would be helpful.
What do I think about the stability of the solution?
Stability-wise it's good. We are not really seeing any issues. We have had CA products for almost four years, and until now we haven't see any outage or any impact of the gateway.
What do I think about the scalability of the solution?
Scalability is good. With the new/future version of the gateway, we can easily scale up or scale down the gateway instance in the Docker container.
How are customer service and technical support?
Technical support, the CS support, is good. They respond promptly. They give guidance and they give recommendations to improve the platform performance.
Which solution did I use previously and why did I switch?
We were previously using a different API gateway. We had some issues with those servers. We did some evaluation in the market. I evaluated server software and IBM DataPower and Intel products. Finally, based on all the features, like security, we decided that the CA product is the best suited to the needs of Motorola's business.
How was the initial setup?
I was involved in the initial setup. We brought in CA Professional Services to help start the infrastructure in our installation.
It was not complex, documentation-wise it is good. CA maintains the documentation very nicely, so based in the documentation we were able to set up the environment. It is all straightforward.
What other advice do I have?
The main thing we look at when selecting a vendor is what partners are using them and how successful they are in that business with the product. Then we'll look at industry ratings. Based on that we will consider if we need to go with that product or not.
I rate it a nine out of 10 because the product is not only one product, API Gateway. If I want to monitor the gateways, I need to go with other CA products. It's not like a package, it is multiple products. So if it was a complete bundle, then I would rate it better.
I would recommend going with it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Lead Infrastructure Architect with 11-50 employees
The most valuable features are API Enhanced Portal 4.1 and API Gateway policy manager for writing policies
Pros and Cons
- "API Enhanced Portal 4.1 looks very promising. API Gateway policy manager for writing policies is excellent. It is the best in the industry for policy writing."
- "It is not possible for clients to migrate to a newer version."
What is most valuable?
API Enhanced Portal 4.1 looks very promising. API Gateway policy manager for writing policies is excellent. It is the best in the industry for policy writing.
How has it helped my organization?
CA is the first in the market from the time they acquired Layer 7. They deliver the best API Management solutions.
From 2012, our clients evolved a lot from API Management perspective after using CA.
We are able to expose mission critical APIs to the external world, monetize them, and generate revenue from them in the most secure manner.
CA also drastically improved the capabilities from Gateway, Portal, and OAuth perspective in the last couple of years. This adds more value to our API Management wing.
What needs improvement?
CA API Portal 3.5 does not support Swagger documentation. If they were to support that, it would be great. However, their focus is on a newer, enhanced version of their API Portal 4.1 Release. However, it is not very mature and there is no direct migration available in the near future. It is not possible for clients to migrate to a newer version.
CA might lose clients mainly for this reason (Swagger Support on API Portal 3.5), unless they develop seamless migration utilities from API portal 3.5 to 4.1.
For how long have I used the solution?
I have used CA API Management from 2011, when Layer 7 had not yet been acquired by CA.
What do I think about the stability of the solution?
From an API Portal 4.1 perspective, I did encounter multiple issues.
What do I think about the scalability of the solution?
From an API Portal 4.1 perspective, I encountered scalability issues. They confirmed that they are working on it and in the very near future, it will be available.
How are customer service and technical support?
CA has very good API Management support. They are very helpful.
Which solution did I use previously and why did I switch?
We didn’t use a solution before this one. CA is the best in the market in terms of stability, scalability, and policy development. They are the best at achieving custom scenarios related to clients (customization) in all perspectives, besides the current API Portal 4.1, as it is not yet matured enough. There is nothing to worry about in the 4.1 portal.
How was the initial setup?
The initial setup was straightforward. CA documentation is pretty clear for anything to do with CA products. They are masters in this industry.
What's my experience with pricing, setup cost, and licensing?
If the CA pricing for API management would be a little lower, they would be able to cover a broader market.
Which other solutions did I evaluate?
I don’t remember the story from 2011, but very recently I did an analysis of MuleSoft, Google, AWS, Apigee, and WSO2. WSO2 came in first, and CA standards came in second.
What other advice do I have?
Follow CA documentation thoroughly.
Disclosure: My company has a business relationship with this vendor other than being a customer: We are CA Partners for Security Management products.
Buyer's Guide
Download our free Layer7 API Management Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
API ManagementPopular Comparisons
Microsoft Azure API Management
Amazon API Gateway
webMethods.io
MuleSoft API Manager
Kong Gateway Enterprise
IBM API Connect
IBM DataPower Gateway
WSO2 API Manager
3scale API Management
SwaggerHub
Axway AMPLIFY API Management
TIBCO Cloud API Management
Akana API Management
Buyer's Guide
Download our free Layer7 API Management Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- When evaluating API Management, what aspect do you think is the most important to look for?
- What is the difference between an API Gateway and ESB?
- In a Digital Banking Environment how do we see the role of ESB/ API Managers?
- What is an API Gateway?
- How do you protect your API from security threats?
- What should one take into consideration when choosing an API management solution to manage Microservices?
- Which API Management tools have the best developer portal?
- Which API management tool is the best?
- What is your favorite API Management tool?
- What are the key parts of an API strategy at an enterprise?
Good review Neil