Layer7 API Management Reviews

The Gateway is most important because it is our strategic front door into the company for all APIs.

The API Gateway for us is now, or is about to be, our central one way in. We have many, many partners who resell our communications services. They provision those services through our systems.

Previously, we would just host it on a number of different application servers, uncontrolled if you like, not as secure as they should have been.

You probably don't know, 18 months ago we had a large security breach, which turned into a large issue with the national press. We now use the Gateway for that single point of entry for all of our API traffic.

As well as the SOA Gateway - that is, the API Gateway; we call it the SOA Gateway - we also are now deploying the developer portal component of the SOA Gateway. That has limitations.

There are two main ways to offer web services to the outside world at the moment. One is RESTful services and one is SOAP-based services. We are predominantly a SOAP service company and the support for SOAP-based services are very limited, almost poor, in the developer portal. All CA's investment is around RESTful services, which is a problem for us.

I would also simplify threat protection, I would improve SOAP support, and I would reduce Professional Services rates. Apart from that, everything's pretty good.

We've been using the solution for two and a half years.

It is very good in terms of stability and functionality, it just lacks a little bit in terms of SOAP services.

We're only receiving 200,000 calls a day at the moment, and we're increasing that to about 1,000,000 calls a day, which is a lot of traffic compared to some customers but I'm sure it's not much compared to others. The performance is fine.

We raised a couple of tickets which just went through the standard process and we got a really poor response. But then I contacted the account manager and we got an excellent response and service.

In terms of the ultimate outcome and the service we receive now, I'd rate it really high, you know, 8 or 9 out of 10. But there's been one incident in particular which I would rate down at 2 or 3 out of 10. The way I feel now, I would rate it at an eight or a nine, mostly a nine. There was one incident which did not go through the account management team, which was not optimal.

The one incident which I would rate very low was just a really unprofessional, incorrect response. As soon as the account manager saw it, he was very apologetic. He got it all sorted out, no problem. They know about it and our account guys know about it. I think the support team know about it. I don't really think it's worth bringing it up again.

We introduced the API Gateway. I wasn't here at the time, by the way, but we didn't use anything in terms of that. We bought it really for our protection and security capabilities. So the main thing is the API, the whole API management piece. We did go out to tender; we invited about six, or evaluated about six, different solutions and selected CA.

I wasn't here for the setup.

I would say CA are a good company to work for. I would say that the Professional Services people are fairly expensive but pretty good. I would say that the Gateway is a good tool but you need to be careful of the limitations for SOAP services. Also try and get over to CA World because that's good fun.

• Digitalization
• API Life Cycle Management

CA API Management powers the next generation of mobile and Internet of Things (IoT) applications by providing reliable connectivity between data, people, apps and devices. You can aggregate and orchestrate data from multiple data sources into modern REST APIs almost instantly. Whether your data is in legacy systems, disparate databases, or the cloud, you will be able to bring it all together to power new digital initiatives at scale in modern apps or SaaS applications.

It improved how we function in the following areas:

• Protecting all enterprise application data from direct access by virtualization.
• Transforming SOAP services to REST services easily on the gateway without impacting existing systems.
• Providing security for all API's exposed through API Gateway at one common location.
• Migration of APIs from one environment to other.
• Providing high availability with horizontal scaling and multi cluster.
• Managing the API lifecycle.
• Exposing enterprise data to the external world.
• Securing Mobile App communication using MAG.
• Integrating easily with other systems.

The most valuable features to me are:

• Different Form Factors: Available as Software, Virtual Appliance, Amazon Machine Image and Hardware.
• API Virtualization: Creating virtual APIs by shielding the actual enterprise resources on API Gateway.
• Security: Enterprise data security and central management in API Gateway.
• API Lifecycle Management: Enable, Disable, Assigning, Deprecating and Deleting APIs on API Portal
• Scalability: API Gateway is easily scalable horizontally and managed easily.
• Mobile SSO is another feature/capability which available.

• The API Development tool can be made more user-friendly by providing folder properties.
• Assertions for common functionalities (like mathematical operations, string manipulations, connecting to non-SQL).
• Masking the user credentials entered in Identity Provider, JDBC based on user role
• Analytics and reporting need to be made better and more user-friendly; add some custom reports both on the Developer Portal and API Gateway; exporting of analytics and an email facility.
• Logging and tracking of changes done by users in the Developer Portal.

CA API Management solution is very stable also scalable.

I did not have any issues with scalability.

Customer Service:

Customer service is good

Technical Support:

The level of technical support is good.

I did not try any other solutions previously.

Initial setup is straightforward. It is simple,easy to do and quick to go to market

Overall cost saving, growth in business

I feel that it is costly for small/medium-sized companies.

I did not evaluate other products, but have read about them and the features they provide.

Check what is required and whether it can be achieved easily without any compromise, see how flexible its to use and maintain.

Its simplicity; and it's user friendly. Advanced Authentication and Security features. Ability of Gateway to create API on the go with compatibility to integrate with all Blackened Systems (MQ native, JMS, SFTP, HTTPS, SCP, Windows/Oracle, LDAP, etc.).

Improvement in developer portal customization.

Eight years.

Not yet.

No.

8 out of ten.

The only solution I use is CA APIM and it’s the best. I haven't even thought
of switching into another one.

Very easy.

Depends on the client's requirements.

Yes, IBM and Apigee.

CA APIM is the best product in the market. With API Gateway, you can expose
APIs with an advanced authentication mechanism and security, within days.

The built-in routing platform is the most valuable feature. It is easy to use.

There is a need to automate the process of retrieving the SSL certificate when it has expired. Currently, the product doesn't have this feature automated. It is only manual.

I have used this solution for two years.

There were no stability issues.

There were no scalability issues.

I am very satisfied with the level of technical support.

The setup was straightforward. I started using the product after it was already built-in.

We needed a way to secure our externally-facing services. Layer 7 was a lot more lightweight and its security chops were more apparent. For deployment, it needed the ability to go with a VM image because it was not going to be on-premise. It was going to be in a cloud offering in front of our commerce spot.

Because of our experience with our cloud-hosting provider's image requirements versus what CA provided them, I think an area of improvement would be additional form factors for virtualization.

There were some issues during the initial setup. Our cloud-hosting partner required certain things, such as ESXi hosts and images. They were very particular about what kind of image they wanted versus what kind of image CA provided. So what I think would be an improvement would be support for additional virtualized form factors.

CA helped with the architecture, the design, the implementation and it's in place but it's not actively being used because the backing system isn't there yet. I can't tell you qualitatively like, "Oh, yes, it's working very well." I don't know how it's working because nobody's using it. It's waiting for the system to be ready and operational. The implementation, though, was done very well.

Layer 7 was top-of-class in the Gartner Magic Quadrant, Forrester, and all that stuff, so I did the selection process there and looked at a couple of different competitors.

API security and API onboarding. We have on-premise deployment with legacy backends.

It improved the integration channel between partner companies. It also improved the time it took to onboard a new partner.

API security. Implementing security is hard in general but for this product, almost all security features are available out-of-the-box and can be deployed rapidly.

The product needs to keep up with newer trends even though customers might not be requesting it yet. For example, the usage of newer versions of Swagger and YAML format.

We have a full, classic, API gateway currently. We want to leverage it to use the microservices, with the help of micro API gateway, to support our business or e-commerce platform, the API traffic. That's our main our goal, to move further toward a microservice with a Docker container.

We implemented it in a non-prod and it is good. But we want to move into production going forward. Performance-wise it’s good, and we are not seeing any issues.

The benefit is maintaining the security of the APIs and securing the transfer volume of the enterprise for any business transactions.

The main feature is the security, and then the performance of the APIs is good. The monitoring part is also helpful.

We are looking for improvements related to integration. We want to see them add integration tools to the CA bundle. That would be helpful.

Stability-wise it's good. We are not really seeing any issues. We have had CA products for almost four years, and until now we haven't see any outage or any impact of the gateway.

Scalability is good. With the new/future version of the gateway, we can easily scale up or scale down the gateway instance in the Docker container.

Technical support, the CS support, is good. They respond promptly. They give guidance and they give recommendations to improve the platform performance.

We were previously using a different API gateway. We had some issues with those servers. We did some evaluation in the market. I evaluated server software and IBM DataPower and Intel products. Finally, based on all the features, like security, we decided that the CA product is the best suited to the needs of Motorola's business.

I was involved in the initial setup. We brought in CA Professional Services to help start the infrastructure in our installation.

It was not complex, documentation-wise it is good. CA maintains the documentation very nicely, so based in the documentation we were able to set up the environment. It is all straightforward.

The main thing we look at when selecting a vendor is what partners are using them and how successful they are in that business with the product. Then we'll look at industry ratings. Based on that we will consider if we need to go with that product or not.

I rate it a nine out of 10 because the product is not only one product, API Gateway. If I want to monitor the gateways, I need to go with other CA products. It's not like a package, it is multiple products. So if it was a complete bundle, then I would rate it better.

I would recommend going with it.

API Enhanced Portal 4.1 looks very promising. API Gateway policy manager for writing policies is excellent. It is the best in the industry for policy writing.

CA is the first in the market from the time they acquired Layer 7. They deliver the best API Management solutions.

From 2012, our clients evolved a lot from API Management perspective after using CA.

We are able to expose mission critical APIs to the external world, monetize them, and generate revenue from them in the most secure manner.

CA also drastically improved the capabilities from Gateway, Portal, and OAuth perspective in the last couple of years. This adds more value to our API Management wing.

CA API Portal 3.5 does not support Swagger documentation. If they were to support that, it would be great. However, their focus is on a newer, enhanced version of their API Portal 4.1 Release. However, it is not very mature and there is no direct migration available in the near future. It is not possible for clients to migrate to a newer version.

CA might lose clients mainly for this reason (Swagger Support on API Portal 3.5), unless they develop seamless migration utilities from API portal 3.5 to 4.1.

I have used CA API Management from 2011, when Layer 7 had not yet been acquired by CA.

From an API Portal 4.1 perspective, I did encounter multiple issues.

From an API Portal 4.1 perspective, I encountered scalability issues. They confirmed that they are working on it and in the very near future, it will be available.

CA has very good API Management support. They are very helpful.

We didn’t use a solution before this one. CA is the best in the market in terms of stability, scalability, and policy development. They are the best at achieving custom scenarios related to clients (customization) in all perspectives, besides the current API Portal 4.1, as it is not yet matured enough. There is nothing to worry about in the 4.1 portal.

The initial setup was straightforward. CA documentation is pretty clear for anything to do with CA products. They are masters in this industry.

If the CA pricing for API management would be a little lower, they would be able to cover a broader market.

I don’t remember the story from 2011, but very recently I did an analysis of MuleSoft, Google, AWS, Apigee, and WSO2. WSO2 came in first, and CA standards came in second.

Follow CA documentation thoroughly.