Layer7 API Management Reviews

It provides a simple way to create REST APIs. It provides easy integration with REST and SOAP services. It has its own language, which make it possible to design and implement the complete flow using existing services and databases, and to create and aggregate fine-and coarse-grained APIs.

We have used it as the top layer in physical infrastructure architecture and made that available to mobile, iPad and desktop applications. Basically, it worked as a single point of contact for all applications via HTTP protocol as a communication channel. Underneath, it is aggregating a plethora of REST and SOAP services and connections to LDAP, AuthMinder, RiskMinder and SiteMinder for authorisation and authentication.

With it, we provided an enterprise solution for authentication and authorisation for all internal and external application in a quick and efficient manner using existing SOAP and REST services.

I feel there is a lot to improve in terms of providing plug-and-play functionalities, as at the moment it requires a lot of coding in their specific language for implementing a medium-complexity use case. It needs to improve the user interface for logging and monitoring. There is no test framework for the APIs, which is a setback. And with respect to providing an end-to-end API management solution, where the API will be charged per usage from the client, configuration is not that easy and straightforward.

I have used it for more than a year.

We had a lot of deployment issues, as it does not provide seamless, continuous integration and deployment to different environments.

Not really, Performance wise it is quite competitive .

Satisfactory

I would rate technical support as satisfactory.

Previously, we chose to use CA-provided solutions (AuthMinder and RiskMinder), which includes (JSP-based) user interfaces. Also, because we have to make our own designs (RIA-JavaScript-based), that’s how it came into the picture.

Initial setup wasn’t straightforward.

We implemented it along with a vendor team. I would advise preparing an in-house team by providing it with a week or two of training, and then get an expert from CA for several months to provide the consultancy and solutions to the team and to resolve their issues.

One of the reasons for choosing it was that we were already using CA products, such as SiteMinder. It provides easy integration with SiteMinder, and because both are CA products, we therefore expected better support.

Not really , as we were already using CA products like Siteminder , since layer 7 is also a CA product and provide seamless integration with the product thus we chose Layer 7 in first place .

I would advise also evaluating Apigee API management if you are looking for an end-to-end API management solution. Otherwise, CA API Management is not a bad choice.

This product is easy to use. We are able to troubleshoot with the logs that it creates and it's easy to get people up to speed on it.

We use it for managing policies and that process is simple and easy to perform.

We'd like to see an updated migration tool. Right now, the migration process works but it is a little clunky because there's not a good tool for migrating it. It's an older version tool so the services need to be restarted every once in a while.

It's pretty stable. Once in a while we'll have an issue or we have to restart it but the product itself is very stable for us.

I think it scales well. We've got a cluster going and we can increase the size if we have to so it works out well.

I have only used technical support to consult about upgrades. They are very good. They always have answers when we have questions so it has worked out really well.

We used Layer 7 before CA acquired it.

I recommend this product because of how successful we've been with it.

The most important criteria for me when selecting a vendor is the quality of their support and technical staff. If they are able to help us, it makes it a lot easier.

In my company, we use CA API Management for banks in the financial markets. Our primary use case is for the basic protection of the APIs. We also use the authentication feature.

One of the main ways that CA API Management has improved our company is that we do not require a lot of people to work in developing new security code when they are programming for the APIs. They leave all the responsibility to CA API Management. 

In this manner, our developers can focus on just writing the code and on important business.

I work for an information security company. CA API Management is capable of using tokens for authorization to manage access control for the APIs.

One improvement for CA API Management would be better integration with the web access console. Better integration of the web access console would be great.

One specific feature that we need is the ability to authenticate directly to the server with API data. It's not complex nowadays. This is a feature that we need and CA doesn't have it. 

CA API Management can't do the same authentication functionality with the APIs as the other competitive products in the marketplace.

The stability of CA API Management is very good. We have very little problems with the solution. Just once, there were a couple of days that became filled up with logs of reporting information. Overall, CA API Management is certainly stable.

We don't have any problems with scalability. We have only a few customers that have deployed it. We only use it for a total of 4 clients. We don't use it in all of our projects. We work with other technology. 

Our final customer maintains the CA API Management installation and only needs our contractors to make other new improvements.

Technical support is okay. We have opened some cases and all of them were quickly solved.

This was the first tool that we used for API Management.

The initial setup is good. For our requirements, it fits our appliances. 

The initial deployment of the software was two hours, i.e. to have the API data up and running.

We are a reseller company that makes the final setup for our customers. We always do the final installation for our clients.

Our CA API Management license is for five years with no additional cost other than the standard licensing fees.

Nowadays, we are looking at IBM solutions because other customers required it of us.

CA API Management is very helpful. I would rate the product an 8 out of 10. In my opinion, the features are all very good.

It's a secure product that allows us to expose API and lock down to only those devices and individuals which have the verified rights to access.

• Secure access to customer records – secured device, only access when in correct postal code area.
• Provide key, up to date information to engineers when engaging with customers.

• Ease of use
• Ability of development and ops teams to expose and manage their own API

30 months.

No issues with stability.

Cost and licencing model restrictive for auto scaling.

Seven out of 10. Not as focused on ensuring that the issues are fully resolved as I would like.

No. Selected after extensive "beauty contest."

Complex to set up and operate. Requires deep understanding of networks, security, as well as API management.

Consider if you need this advanced tool to undertake simple API management. Costly solution which is designed for heavy duty and complex work.

Apigee.

Consider if the product is needed – there are cheaper, less complex solutions out there.

Consultancy costs for CA should be considered – worth the money as it saves time (and therefore cost) with configuration.

The published API is easy. We don’t have any idea how to create or add value to the API to aggregate security, and we want to add the CA API gateway.

The API gateway is a great solution.

In two months, we want a new API publishing system to be opened. We need them to have fixed the issues of the API gateway by then.

We had no issues with deployment, but it's not a stable solution.

It's not stable. I want to publish new APIs with a socket, but it’s not stable enough for this. They need to fix this bug in order for it to be stable.

We introduced it on triad, but we haven’t tested the scalability of it yet. We'll know more in the coming weeks as we test the system.

We always consult with technical support.

I used to use a proxy to publish APIs, and now we want to use the CA API gateway, as it's more advantageous.

The initial setup was easy, but I had some issues with the software. I want them to simplify the upgrade method.

Managing all of our APIs and the security around them.

• Standardization of our API deployment
• Improve security

The Portal API helps us with deployments. It also helps to have a catalog of everything.

The replication is also a critical feature for us. It helps to have a more robust architecture and makes our systems are highly available.

The portal is not the most intuitive and the way things are displayed makes it difficult to find the information we need. We never completely read the info. The way it's written does not make me want to read it.

Lately, we have had a replication problem, but it's possible the problem is on our side. We are still unsure.

No issues with scalability.

The technical support is fast and efficient.

It was a complicated setup but we had help.

You need a team to manage it.