Layer7 API Management Reviews

We use the product for HTTP traffic. It supports DNS and FDP protocols. 

The product supports more than just HTTP protocols; it also caters to JMS and FTP protocols.

The solution should prioritize ease of use and align with the growing trend of cloud-native environments. Customers are increasingly leaning towards cloud-native solutions, and while you can configure your topology in the cloud as a private solution, having a more inherently cloud-native approach is crucial.

Layer7 API Management also should feature built-in policies to minimize the need for extensive code writing. It needs to include more plug-ins. 

I have been using the product since 2018. 

I haven't seen many issues with the product's stability. 

I rate the product's scalability a seven out of ten. 

Layer7 API Management's deployment was straightforward. 

Layer7 API Management is cheaper than Apigee. 

I would choose Layer7 API Management's alternatives since it is not current. I rate it a five out of ten. 

Mainly for our API gateway. We use it for onboarding APIs and then getting those internally. We have them through the B-to-B channel, we have them through a member channel, and then internally as well, to service our APIs.

It has performed pretty well. We've had an issued with scaling, internally, when we slammed it one time with a very, very high rate of transactions; we're talking like 65 million an hour. Whenever we did that we weren't ready for it yet, so we had to back out, but it's been good.

It's pretty easy to use, and once we have templating set up we can add new APIs, at least through the gateway, and apply the security to them; it takes a minute. 

We actually have it automated in our Dev environment, where developers can come in and fill out a form with an internal tool. They specify their API, the endpoint they want, this is what they want, and boom, it creates it in Dev and then they can move it up to test and then put in a request to get it to product.

We've used it for so long that I really can't say that it's improved the way our company works, but it works very well for us.

I'm mostly involved in using the OTK for OAuth security. We use the OAuth for all of our reactive APIs, for B-to-B to come in, and we're starting to onboard those now. 

It's been pretty easy to use so we enjoy that, other than a couple of challenges we're having with it currently.

It would be nice if we could create APIs directly from Swagger files. We're doing that ourselves with a middle layer. But if you could integrate with open API Swagger specs, and then just create a Swagger and upload it to the gateway and it would create all my API template policy, and would apply the OAuth restrictions, the types of security restrictions I have on there, that would be pretty cool.

Stability has been fine for us in tests. We have a challenge around some log rolling and it bringing it down in tests, but in production it's been great.

The scalability has been good. We haven't had to scale up a whole lot, even with all the extra transactions we're running through it. We're in the area of about 2 and 1/2 million OAuth tokens issued per hour, and it's performing fine with that.

It seems to work pretty well. Sometimes it takes a little longer to get answers than we would like, especially to some low-level ticket where we just had some questions about why this thing is working that way or that way, not high priority stuff. It would be great if we could get those answered in a day or three, instead of two weeks.

I was not involved in the initial setup but I am involved in the OTK upgrades.

Well when we went from 9.1 to 9.2 it was pretty straightforward. The OTK, however, is a complex upgrade. They tend to change the schemas on the database behind it, between the versions, which can be a pain to have to migrate all of our existing clients from one database schema to the other. It also means working with the DBAs to set up side by side schemas so we can get them moved and switched over in a fully available.

I don't really select the vendors, but my most important criteria would be

• available support
• industry use of the tool
• that it can solve all the problems I need it to solve, as many out-of-the-box without customizing it as possible.

CA is great. It depends on your use case of course, how much you want to go with that, because it can get pricey and depends on the size of your company. I've got a bunch of friends with little start-ups, so it's nothing they would be able to onboard, but I would definitely tell them to check it out.

We've been using it to program intermittently. There's a problem with one version, which saves pretty slowly. Now it's good. Then we found that this is cheaper. The advantages include the coding, as well as getting emails and alerts from them.

I mostly used it when working in the banking sector. There are many bank connections going on every day, especially during the holiday season, which can be kind of tough. We need to straighten the books, which can include how much money came in, how much money was lost, etc. If the information is not there, there will be a problem. We needed a program to keep track of the data.

This solution gives us an insight to the original view. It tells us how much data is there and it provides manuals to use it. So the technician office is there and it gives us some data. For the moment, we can change anything in the software, like enlarging it for example. 

It improved our organization because it gives the management data to discuss for the next course of action and it suggests what to work on, as the next thing.

I published APIs in the CA environment also. That's very good. I haven't done it in my workspace on a personal level, but it's a good thing. I have already published APIs with other solutions, but there is a bit of a difference and that is good for CA. CA is better than Apigee because CA allows you to make changes and is a little generous in terms of where to go with the project. It's good.

It's very good at supporting a large number of APIs or transactions. The transport of APIs is needed. Everything in CA is very easy for developers, because when a developer logs he can view it right away. With other systems, it isn't as easy. I like this. It's going up in the market.

I think it's very valuable because of the support desk in one application. It protects us well. That is very important.

In terms of security, it's mostly been enough until now. I had used them in my local work. I was playing with them and saw that they support everything. It's almost all covered so far.

From the last version, they have added more dashboard support, but there is still a lot they need to improve. The thing is, on the chart you can set it to forty seconds or one minute. That's fine, but if you hold any request it should be clear on the graph. For instance, on the dashboard of the graph it should be written around it. It should say, this is the response time here, etc. In terms of monitoring, it's almost all covered. The interface can be improved, though.

It's really stable. That I can assure you. That is the one thing which I have to fight for with my managers because they ask why we should not move to a different solution. They said another solution is more stable. I told them that they are looking at the market analysis. We should test it ourselves. It's a really major banking project that we're working on.

Scalability is really good because it's very easy to create new users. It's really good.

There are 43 people using CA. We will use CA to its maximum capacity. It has become very popular in my office.

I never needed to use their technical support. If you need it, you could chat with the online support team. That's it.

We used Apigee and API Connect. I found that CA is more stable than the others. When you are deploying code, you also need the previous versions. With CA I can track all the changes. It's more stable and reliable.

The initial setup is simple. If you are a novice it could be complex, but if you are good at working with computers it should be very simple. It takes about seven or eight minutes, including configuration.

All we have to do is consider our code and environment for the applications. For instance, what things are going to happen.

We used three people for deployment. One is project development guy that we might move because development is getting smooth nowadays.

We currently have 18 people, of which seven are developers and three are in management. So there are eight people in back-end maintenance.

You can imagine that we are in a gem mine. It costs money to supply the equipment and then we can get 45 gems. It's difficult to know the ROI until you get the gems out.

I would say implement it. If you are new to APIs and things, you won't understand it, but if you have some experience it will be okay.

I would rate this as eight of ten.

I use CA Live API Creator to integrate data from a variety of sources, and then to provide an API response to calls from my client applications.

There are a couple aspects of performance. One is just speed and uptime, and it's stellar in that regard. The other is, how much effort is it to put it in place in the first place, and then how much effort is it to keep it operational. That's where its real strength is. I'm able to do things quickly and easily that I couldn't do before.

The benefits are rapid development and deployment of APIs, which means that your information, your ability to handle information, to receive it and to send it, to visualize it, to report on it, to get intelligence out of it, happens fast and happens with accuracy. Faster is better.

It really allows us to do things that we just weren't doing before, things that we always talked about doing. Some things that we talked about doing for decades.

One of the things that we talked about doing for decades was the ability to bring data together from different sources, sources that maybe wouldn't otherwise be available. Maybe they were not ours to own. Maybe they were in a place where we just couldn't connect securely to them and enforce our security policies. What we can do is, as those things have developed APIs, we can consume APIs so we're building an API to consume an API to deliver an API. People can keep their roles and responsibilities, they can be responsible for their data integrity, and yet we can use that information to do what we need to do.

The most valuable feature is that it enables me to present data in the format that the client wants to consume it. That client might be a visualization tool, that client might be a report, that client might be a customer's API requirements.

The challenge is, how do you get the data structured in the way they want it, as opposed to how do you get them to change. My job isn't to make them change, my job is to give them what they want. Honestly, when you give people what they want, it's easy. When you try to get people to change what they're doing, it's hard.

The latest version that just came out at the first of October really was a powerful move in the right direction. I was very, very pleased with that because it allows now beginning to use information of things. We've got this IOT infrastructure that we can plug into, and for my use cases there are a lot of outdoor sensors that provide valuable information to my customers.

As we've brought on MQQT, and other ways of talking to those sensors, that just makes my life easier. I'd to continue to see them expand the scope of the product. But I can say that I've been extremely pleased with the work they're doing. They're not sitting around, every six months we get a release with major improvements.

Larger organizations have a real challenge. They have to control all the people that touch their data, and when it goes wrong - you've seen it on the news recently - it ends up being major headline news story. "Equifax exposes data to 150 million customers." That's intolerable to these customers.

What happens is that the companies that are working with that type of data have extremely rigid policies for who can get access to what. As we continue to develop the product in that regard, we would like to see continued integration with other CA products that accomplish that goal. I'm not saying that it doesn't do it now, I'm just saying that scenario where there can be continuous improvement.

I've used it for four years and I have not had any issues with downtime or with performance. That's partly because it's leveraging networks; modern networks are stable. Ultimately, people want their Netflix and their movies over the networks. There is a lot of money going into uptime, and performance, and speed of mobile networks, of physical networks, that we just leverage.

We benefit because of the performance of those networks. All we're doing is leveraging public networks to move data securely.

In my use case, I've not dealt with the type of data that usually responds to the scalability issue. Generally, when people ask that question, they're talking about scalability of hits, scalability of users. Where, all of a sudden now, you have tens of thousands of records happening within a very short period of time - will this scale? I don't have tens of thousands of records happening in split seconds. However, I do know that the product's been tested to that and has demonstrated outstanding scalability results in that regard.

There are other aspects of scalability. You might consider how well can I bring on new customers, how well can I scale my development team, how well can I handle additional API integration. Because of the efficiency of the product actually doing that, pulling data from disparate sources, and integrating it into the response format that I want, that my customer demands, that's so easy. It's 10 times, 40 times, 100 times faster than the way we used to do it, and that makes it very scalable.

I use the technical support extensively. I actually read the documentation. I know that's not something that people normally do, but I actually read the documents. One of the guys said, "If so and so, whoever writes it, knew that, she'd kiss you." And I said, "Well, maybe we shouldn't go there, but... "

I actually call them, and they've been wonderful because I have their cell phones, I can text, I can call. They probably don't want everybody to do that, but they want their products to succeed, they want me to succeed, and I want to work with a vendor that wants me to succeed.

You look where your pain is. If you can perceive pain, you know what you need to do. Where does it hurt? That's what you need to work on.

A different solution didn't exist. You developed things in code. You used C++, you used Java, because that was the only way to do it, to build it yourself. Now, much of the lifting is done, but the extensibility is still in the product. What you're forced into, or what you have the opportunity to take advantage of, is a system that has done a lot of the hard and mind-numbing, repetitive tasks; simplified so many of the things that you would have to do. Incidentally, that creates an opportunity for a mistake. Those things are automated, but the extensibility is still there on the product, so you can still do the things that are specific to your business's needs.

I'm going to assume that this question is asking, "Was I involved when we got on board with this product?" Yes, because I bought it. They were there for support but the question is not relevant because it's so easy. It's deploying a WAR file. If you can deploy a WAR file, you're done.

Where I got involved with CA on this product, there were not really competitive products. Since that time, there probably are some companies that have come out, but honestly, I am busy enough, I don't really look because there's no reason to divorce myself from CA on this product.

When selecting a vendor, there are a couple of things that you have to look at. One is: Are they going to be around? That's always a concern because if you've committed to something and the rug gets pulled out from under you, then you're scrambling. Depending on the time that happens, you might not have the time or the money to scramble. What if you're in the middle of a big implementation? CA has been around since the beginning. They're a four billion dollar a year company, something like 13,000 employees, I'm not worried about that. Yet they're easy to work with.

There are a couple of products that I work with that have not let me down, and there are a lot of products that have. I always use Microsoft Excel of an example of this. Excel is a wonderful product, you can do so much with Excel, it's an incredibly powerful product. But there are many times where Excel just leaves me short. I just can't do what I need to do with it. It has limitations, fundamentally.

There are a couple of products that I've worked with in my life that I haven't run into that. Maybe I still will someday, I don't want to be delusional, but this product, when I've had a need, I've been able to get it to work and that's nice, I like that.

It's hard for me to give tens, but I would give it a 10 out of 10.

My advice would be: Focus on its extensibility because of that exact issue we just discussed. There are so many times when you look at a product that is a tool to make something easier. Maybe you're building a web-based application. There are a number of tools on the market that make that a drag-and-drop opportunity or a drag-and-drop process. Those tools are great for the weekend warrior, you can get something done quickly. Maybe you're a high school kid and you want to build an app for something. (Access database would be like that too. You can get a database and it's not that hard, and you can make a form, but they're not enterprise class). 

This product, at first blush, looks something like it's one of those weekend warrior tools, but it's not. It's an enterprise-class tool with the kind of usability that you wouldn't expect. And with that usability - how do you have your cake and eat it too? Well, it's because of the product's extensibility. It's very well-integrated with your existing Java library of processes and procedures, as well as your ability to write new extensions to it. You get so much of the base functionality but you don't give up the ability customize.

It is primarily used for API Security. It has performed very well on the basic security front, but then this product is a suite of products, so it has multiples of products. We are not using all of the subproducts. Now, we are looking for a new use case where we want to use it for mobile apps. That is what we are currently exploring.

The time to go to market has been improved in developing new things while we use this product. We are able to go to market and deploy our functionalities very quickly. We are able to embrace newer security standards. We are able to do that easier because of this product, because of CA API management.

Security is definitely the top one, and other than that, it is a quite customizable product. I have seen that they are coming up with newer features and they are quick, coming into the market very quickly. Compared to other vendors, this product is much faster in coming up with new features, which is good. 

There is still room for improvement for the CA API Developer Portal. It is still not on par with where the competitors are. Other than that, the Core API seems to be very resilient and strong on the security front, but then the CA API Developer Portal is the only piece which I think can be improved. 

It is quite stable. 

We have more than 100 nodes and things are going well so far. However, there are a few cases where we are learning about some outages and that is when getting good visibility of what is actually happening would be the key. In a few of the sessions of in CA World, I was able to get to know more about what additional add-ons we can do, how we can get good visibility, and what is lacking currently. 

We did use technical CA support and it was really nice. 

There were very few scenarios where I was not able to get the answers, or maybe my use cases were maybe unusual use cases that they were not able to come up with the answers. Therefore, we definitely get good responses from the technical team and they are quite responsive.

There was one scenario where they said there is no solution for the kind of requirement that I had. For all of the scenarios that I have come across, they have been able to give me some solution. There was only one scenario where maybe my use case was quite unique.

The solution was already in my company before I came.

I was not involved in the initial setup, but I have been setting up new instances, and it is quite straightforward. 

Getting new security standards so quickly into the product is definitely a new surprise. In the CA World, I am seeing a lot of new subproducts that they are introducing, which I was not even aware of. I think that definitely surprised me that CA is investing in the CA API management product and building new offerings and new solutions, which is really nice. That is where the industry is going and they are putting their time and efforts in the right solution and the right product.

The gateway and the new offerings that they are coming in are very capable. The two points that I am missing are primarily from the development standpoint. 

I would suggest CA API Gateway to my friends in some other companies who are trying to deliver it: more from the security standpoint, the ease of setting it up, using it, and customizing it. Those were the key factors that I would be promoting about this product to my colleagues or friends.

Most important criteria when selecting a vendor: Support and the new features that they bring into the product. Those are the key things based on which we are selecting the CA API Gateway. 

API Enhanced Portal 4.1 looks very promising. API Gateway policy manager for writing policies is excellent. It is the best in the industry for policy writing.

CA is the first in the market from the time they acquired Layer 7. They deliver the best API Management solutions.

From 2012, our clients evolved a lot from API Management perspective after using CA.

We are able to expose mission critical APIs to the external world, monetize them, and generate revenue from them in the most secure manner.

CA also drastically improved the capabilities from Gateway, Portal, and OAuth perspective in the last couple of years. This adds more value to our API Management wing.

CA API Portal 3.5 does not support Swagger documentation. If they were to support that, it would be great. However, their focus is on a newer, enhanced version of their API Portal 4.1 Release. However, it is not very mature and there is no direct migration available in the near future. It is not possible for clients to migrate to a newer version.

CA might lose clients mainly for this reason (Swagger Support on API Portal 3.5), unless they develop seamless migration utilities from API portal 3.5 to 4.1.

I have used CA API Management from 2011, when Layer 7 had not yet been acquired by CA.

From an API Portal 4.1 perspective, I did encounter multiple issues.

From an API Portal 4.1 perspective, I encountered scalability issues. They confirmed that they are working on it and in the very near future, it will be available.

CA has very good API Management support. They are very helpful.

We didn’t use a solution before this one. CA is the best in the market in terms of stability, scalability, and policy development. They are the best at achieving custom scenarios related to clients (customization) in all perspectives, besides the current API Portal 4.1, as it is not yet matured enough. There is nothing to worry about in the 4.1 portal.

The initial setup was straightforward. CA documentation is pretty clear for anything to do with CA products. They are masters in this industry.

If the CA pricing for API management would be a little lower, they would be able to cover a broader market.

I don’t remember the story from 2011, but very recently I did an analysis of MuleSoft, Google, AWS, Apigee, and WSO2. WSO2 came in first, and CA standards came in second.

Follow CA documentation thoroughly.

I was doing all B2B integrations. The security features provided by the gateway are really cool. The tool can handle all complex security requirements. On-boarding APIs is very agile and fast.

In my last position, the core services were exposed to the consumers via the ESB layer. They had plenty of issues with protecting those services and keeping the back-end services hidden from their consumers.

Using this tool helped them to provide a unique endpoint, with no change to the consumers. It allowed them to change their services without affecting the customer interfaces.

I would like to see this amazing product have the following enhancements:

• Continue integration and delivery (10 points)
  Currently the tool provides REST APIs, but they are not easy to use. They need to be reviewed and enhanced. The documentation is good, but there are not enough examples.
• Monitoring and reporting (20 points)
  The Admin dashboard provided by the tool is amazing. However, this doesn't allow the service owners to view their services. The gateway admins are always struggling to provide reporting and monitoring status. We need to provide monitoring and reporting out-of-the-box for the management and service owners. We can do custom development, but not every company has time to do so. The Admin dashboard is not business friendly and it doesn't provide rich reporting features.
• RAD - Rapid Application Development - Development environment (5 points)
  The policy editor, at first glance, seems complicated and it scares developers. I would like to see it easier to understand. Maybe it could have a visual drag and drop, like with Borland C++ Builder.

We have been using this solution for eight years.

I did not encounter any issues with stability.

There were scalability issues in Amazon AWS, but not in the private data center.

Technical support is agile and responsive.

We weren’t using a solution previously, but alongside of this tool, we were using Apigee Edge and 3scale API Gateways. Each one of them is designed for a different purpose. We were looking at them as complementary products and not as replacements.

I was involved in the installation, and it was easy for me.

We evaluated MuleSoft, Apigee, and 3scale.

CA API Gateway provides rich policy sets in regards to XML and REST services. This baby is great for all B2B integrations and it’s a very agile component to set up and use. You can set it up with complex security requirements on your service side in less than an hour. (I am very biased about this. No product can do that at this speed.)

The most valuable feature is security, which is the most important to our company. Then comes performance, scalability, and I see tremendous performance value without compromising the security. It gives us peace of mind, for example there are so many penetration attacks happening, DDoS kind of attacks happen in our API infrastructure if you don't have the security. With the out of the box security features from CA API Management, I can focus on the business logic to deliver the real value to the consumers, without worrying about the security. It's very stable, we've been in production for the last year and we didn't have a single production incident because of the API Management solution. I'm really happy with that actually. It's very stable and very reliable.

I see a lot in the developer portal. It's not that flexible the way we want it to be, so it's kind of out of the box and we can only do the standard features that they have. If you want to customize, it's a little bit hard for us, so I really want to see some flexibility in the developer portal. For the monitoring module, I also want to see some stability in the ESM module.

Scalability is really good and they could do an average transaction size of probably 50-100KB with around 20,000 transactions per second, which is really impressive. Initially we thought we needed many licenses, but we ended up using only one part of the licenses.

Technical support is really good. Their level 1 and level 2 support is really good. Sometimes when we try to add new features, when the team really gets stuck and we open the ticket, we usually get a response within a few hours.

We were using the ESB solution, we were using SOAP services and then we wanted to move to REST based services so that we could open up our internal assets to our customers directly.

Initial setup is good. It's straightforward. It's not that tough and it's an appliance, so that kind of took away wireless installation and base installation time, so our IT infrastructure team really loved it.

We looked at Apigee, Axway, Intel Mashery and a few more vendors.

The main thing is whether the product is really good. Look at the Forester and Gartner reports and how the support is, because a lot of good products are out there but we have seen in the past that we don't get good support. These are the major criteria I look at.

Rating: for CA API Management I would give it a 9 out of 10, but for the developer portal I would give it a 6 out of 7. ESM I would give a 5 out of 6.

It's definitely a great product, I would ask to have an open mind and check out the features. I haven't seen any problems, and I have seen so many problems in my previous product, with ESB, so it's definitely a top notch product.