Layer7 API Management Reviews

Administration and configuration of the platform API management version 9.2. SaaS, security configuration, design, and implementation of APIs, which are exposed to partners of the company for the execution of business flows. All this is done quickly and easily with minimal effort.

• The API Gateway has allowed us to manage and maintain systems quickly, with great versatility, while solving problems in real-time.
• It allows us to keep clear traceability of the changes made in each of our APIs.
• A large number of security measures have been implemented which make data manipulation more reliable.
• As a SaaS product, control over some configuration elements and environments is lost.

• The speed and versatility in the implementation of APIs without writing a line of code in any programming language.
  
• The solution has numerous configuration options to increase security in communication.
• The administration interface (Policy Manager) is very easy to understand and use.

• This is a punctual need for the characteristics of the business or at the request of some partners: It is the use and configuration of VPNs, which in the current version is not enabled.
• Expose system properties and other configurations via the GUI (Policy Manager).
• Increase tools for manipulation of JSON messages.

Although a lot of features come handy, the most usable feature is that solution kits are customizable. We were able to cater to a large variety of implementation and customizations with ease.

We have developed frameworks around this product set. It provides the ability to customize and has tremendous depth.

The frameworks are configuration driven, which gives the ability to implement micro-services architecture with ease and provides DevOps agility in terms of continuous deployment, etc.

The feature set is quite diverse and community driven, which is a good avenue to promote future features into this product.

The policy manager UI shows signs of aging, but it is not a must.

Policy manager is probably built using Java SWING, it has all the features, but loses some points on the look and feel, compared to some new generation IDEs.

It would be nice to see the PM revamped and some additional features added, such as step debugging for encapsulated assertions etc.

I have been using CA API Management for five years.

We have not had any issues with stability.

We have not had any issues with scalability.

I would give technical support a rating of 10/10.

We did have a previous solution, but the lack of a feature set, only cloud-based implementations, and lack of customizations drove us towards CA.

The setup was very simple and straightforward.

It is definitely competitively priced. Working with your local AM can help you achieve a pricing level that’s suitable to your needs.

It comes with many options, so do discuss your future roadmap with a CA Solution Strategist to advise you on the proper model.

We looked at Apigee, Mashery, IBM, MuleSoft, WSO2, and others.

• The product is feature rich and can solve a myriad of use cases.
• We have noticed that building frameworks on the product set, with the help of a senior architect who drives the adoption early on, is a key. They can help create reference architecture for your organization that pays dividends in the end.
• Aim for CA certified resources or partners for a good quality solution.

• Digitalization
• API Life Cycle Management

CA API Management powers the next generation of mobile and Internet of Things (IoT) applications by providing reliable connectivity between data, people, apps and devices. You can aggregate and orchestrate data from multiple data sources into modern REST APIs almost instantly. Whether your data is in legacy systems, disparate databases, or the cloud, you will be able to bring it all together to power new digital initiatives at scale in modern apps or SaaS applications.

It improved how we function in the following areas:

• Protecting all enterprise application data from direct access by virtualization.
• Transforming SOAP services to REST services easily on the gateway without impacting existing systems.
• Providing security for all API's exposed through API Gateway at one common location.
• Migration of APIs from one environment to other.
• Providing high availability with horizontal scaling and multi cluster.
• Managing the API lifecycle.
• Exposing enterprise data to the external world.
• Securing Mobile App communication using MAG.
• Integrating easily with other systems.

The most valuable features to me are:

• Different Form Factors: Available as Software, Virtual Appliance, Amazon Machine Image and Hardware.
• API Virtualization: Creating virtual APIs by shielding the actual enterprise resources on API Gateway.
• Security: Enterprise data security and central management in API Gateway.
• API Lifecycle Management: Enable, Disable, Assigning, Deprecating and Deleting APIs on API Portal
• Scalability: API Gateway is easily scalable horizontally and managed easily.
• Mobile SSO is another feature/capability which available.

• The API Development tool can be made more user-friendly by providing folder properties.
• Assertions for common functionalities (like mathematical operations, string manipulations, connecting to non-SQL).
• Masking the user credentials entered in Identity Provider, JDBC based on user role
• Analytics and reporting need to be made better and more user-friendly; add some custom reports both on the Developer Portal and API Gateway; exporting of analytics and an email facility.
• Logging and tracking of changes done by users in the Developer Portal.

CA API Management solution is very stable also scalable.

I did not have any issues with scalability.

Customer Service:

Customer service is good

Technical Support:

The level of technical support is good.

I did not try any other solutions previously.

Initial setup is straightforward. It is simple,easy to do and quick to go to market

Overall cost saving, growth in business

I feel that it is costly for small/medium-sized companies.

I did not evaluate other products, but have read about them and the features they provide.

Check what is required and whether it can be achieved easily without any compromise, see how flexible its to use and maintain.

We use it primary for API management in my data center, for mobile applications and application-to-application integration.

It has improved API governance, gives analytics to API performance, and provided abstraction to the solution providers.

• Policy assertion
• Policy manager
• SSO
• Authentication
• HA features
• Analytics
• Very extension logs

• Better GUI for the policy manager.
• Needs better professional services in my country. 
• Better mobile features.
• Better HA configuration.

Considering the various features of the API Management suite, the most obvious useful feature that we value the most is that it gives us more security, control and visibility over how our APIs are being used throughout our company and how our users are using it. It gives us more data and information so that we can target where to concentrate our resources a lot better.

The other thing is also it's in the right place at the right time. APIs are a huge thing right now especially with the mobile economy growing as rapidly as it is. The API gateway could not have come at a better time for us.

The UI on it is actually better than SiteMinder. It has a much more IDE type of feel to it.

The API Management suite for us is still fairly new as it's not as expanded as SiteMinder is. However, the potential for it to expand is still there. As an organization we can see that this is another one of those products that will be ubiquitous in the near future, just as SiteMinder is.

Organizationally speaking, it will fill a lot of the gaps where we are developing in new spaces, especially in mobile spaces, and it's going to be adopted globally in the near future in my prediction.

I don't have enough experience to say what I would like to see improved because I'm still building it into my repertoire right now.

I wouldn't say, however, that the setup is simple. It's mildly complex, but given the documentation and the linearity of it, it was fairly straightforward.

It deployed just fine.

It's stable, lightweight, works as expected and we don't see any problems with it.

We can see that it will scale very easily as well. It handles traffic efficiently, no hiccups there, and we're happy with it.

No experience of technical support on API Management so far. However, if I may also add that the support team on it in terms of sales and product management from CA is excellent.

API Management setup was very straightforward. I was involved with that, and the documentation was helpful.

The problem with API Management is it's solving a problem that not many people understand. If you look at the options in the market, there's not much. I would a to a it only advise to get it because it's actually very friendly in what it's trying to do in terms of UI. The learning curve is very short and it's something that you can rely on to work properly.

In my company, we use CA API Management for banks in the financial markets. Our primary use case is for the basic protection of the APIs. We also use the authentication feature.

One of the main ways that CA API Management has improved our company is that we do not require a lot of people to work in developing new security code when they are programming for the APIs. They leave all the responsibility to CA API Management. 

In this manner, our developers can focus on just writing the code and on important business.

I work for an information security company. CA API Management is capable of using tokens for authorization to manage access control for the APIs.

One improvement for CA API Management would be better integration with the web access console. Better integration of the web access console would be great.

One specific feature that we need is the ability to authenticate directly to the server with API data. It's not complex nowadays. This is a feature that we need and CA doesn't have it. 

CA API Management can't do the same authentication functionality with the APIs as the other competitive products in the marketplace.

The stability of CA API Management is very good. We have very little problems with the solution. Just once, there were a couple of days that became filled up with logs of reporting information. Overall, CA API Management is certainly stable.

We don't have any problems with scalability. We have only a few customers that have deployed it. We only use it for a total of 4 clients. We don't use it in all of our projects. We work with other technology. 

Our final customer maintains the CA API Management installation and only needs our contractors to make other new improvements.

Technical support is okay. We have opened some cases and all of them were quickly solved.

This was the first tool that we used for API Management.

The initial setup is good. For our requirements, it fits our appliances. 

The initial deployment of the software was two hours, i.e. to have the API data up and running.

We are a reseller company that makes the final setup for our customers. We always do the final installation for our clients.

Our CA API Management license is for five years with no additional cost other than the standard licensing fees.

Nowadays, we are looking at IBM solutions because other customers required it of us.

CA API Management is very helpful. I would rate the product an 8 out of 10. In my opinion, the features are all very good.

It provides a simple way to create REST APIs. It provides easy integration with REST and SOAP services. It has its own language, which make it possible to design and implement the complete flow using existing services and databases, and to create and aggregate fine-and coarse-grained APIs.

We have used it as the top layer in physical infrastructure architecture and made that available to mobile, iPad and desktop applications. Basically, it worked as a single point of contact for all applications via HTTP protocol as a communication channel. Underneath, it is aggregating a plethora of REST and SOAP services and connections to LDAP, AuthMinder, RiskMinder and SiteMinder for authorisation and authentication.

With it, we provided an enterprise solution for authentication and authorisation for all internal and external application in a quick and efficient manner using existing SOAP and REST services.

I feel there is a lot to improve in terms of providing plug-and-play functionalities, as at the moment it requires a lot of coding in their specific language for implementing a medium-complexity use case. It needs to improve the user interface for logging and monitoring. There is no test framework for the APIs, which is a setback. And with respect to providing an end-to-end API management solution, where the API will be charged per usage from the client, configuration is not that easy and straightforward.

I have used it for more than a year.

We had a lot of deployment issues, as it does not provide seamless, continuous integration and deployment to different environments.

Not really, Performance wise it is quite competitive .

Satisfactory

I would rate technical support as satisfactory.

Previously, we chose to use CA-provided solutions (AuthMinder and RiskMinder), which includes (JSP-based) user interfaces. Also, because we have to make our own designs (RIA-JavaScript-based), that’s how it came into the picture.

Initial setup wasn’t straightforward.

We implemented it along with a vendor team. I would advise preparing an in-house team by providing it with a week or two of training, and then get an expert from CA for several months to provide the consultancy and solutions to the team and to resolve their issues.

One of the reasons for choosing it was that we were already using CA products, such as SiteMinder. It provides easy integration with SiteMinder, and because both are CA products, we therefore expected better support.

Not really , as we were already using CA products like Siteminder , since layer 7 is also a CA product and provide seamless integration with the product thus we chose Layer 7 in first place .

I would advise also evaluating Apigee API management if you are looking for an end-to-end API management solution. Otherwise, CA API Management is not a bad choice.

We needed a way to secure our externally-facing services. Layer 7 was a lot more lightweight and its security chops were more apparent. For deployment, it needed the ability to go with a VM image because it was not going to be on-premise. It was going to be in a cloud offering in front of our commerce spot.

Because of our experience with our cloud-hosting provider's image requirements versus what CA provided them, I think an area of improvement would be additional form factors for virtualization.

There were some issues during the initial setup. Our cloud-hosting partner required certain things, such as ESXi hosts and images. They were very particular about what kind of image they wanted versus what kind of image CA provided. So what I think would be an improvement would be support for additional virtualized form factors.

CA helped with the architecture, the design, the implementation and it's in place but it's not actively being used because the backing system isn't there yet. I can't tell you qualitatively like, "Oh, yes, it's working very well." I don't know how it's working because nobody's using it. It's waiting for the system to be ready and operational. The implementation, though, was done very well.

Layer 7 was top-of-class in the Gartner Magic Quadrant, Forrester, and all that stuff, so I did the selection process there and looked at a couple of different competitors.