It is primarily used for API Security. It has performed very well on the basic security front, but then this product is a suite of products, so it has multiples of products. We are not using all of the subproducts. Now, we are looking for a new use case where we want to use it for mobile apps. That is what we are currently exploring.
Design Engineer at Automatic Data Processing, Inc.
We are able to go to market and deploy our functionalities very quickly
Pros and Cons
- "Compared to other vendors, this product is much faster in coming up with new features, which is good."
- "We definitely get good responses from the technical team and they are quite responsive."
- "We are able to go to market very quickly and deploy our functionalities very quickly."
- "There is still room for improvement for the CA API Developer Portal. It is still not on par with what the competencies are."
What is our primary use case?
How has it helped my organization?
The time to go to market has been improved in developing new things while we use this product. We are able to go to market and deploy our functionalities very quickly. We are able to embrace newer security standards. We are able to do that easier because of this product, because of CA API management.
What is most valuable?
Security is definitely the top one, and other than that, it is a quite customizable product. I have seen that they are coming up with newer features and they are quick, coming into the market very quickly. Compared to other vendors, this product is much faster in coming up with new features, which is good.
What needs improvement?
There is still room for improvement for the CA API Developer Portal. It is still not on par with where the competitors are. Other than that, the Core API seems to be very resilient and strong on the security front, but then the CA API Developer Portal is the only piece which I think can be improved.
Buyer's Guide
Layer7 API Management
December 2024
Learn what your peers think about Layer7 API Management. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
It is quite stable.
We have more than 100 nodes and things are going well so far. However, there are a few cases where we are learning about some outages and that is when getting good visibility of what is actually happening would be the key. In a few of the sessions of in CA World, I was able to get to know more about what additional add-ons we can do, how we can get good visibility, and what is lacking currently.
How are customer service and support?
We did use technical CA support and it was really nice.
There were very few scenarios where I was not able to get the answers, or maybe my use cases were maybe unusual use cases that they were not able to come up with the answers. Therefore, we definitely get good responses from the technical team and they are quite responsive.
There was one scenario where they said there is no solution for the kind of requirement that I had. For all of the scenarios that I have come across, they have been able to give me some solution. There was only one scenario where maybe my use case was quite unique.
Which solution did I use previously and why did I switch?
The solution was already in my company before I came.
How was the initial setup?
I was not involved in the initial setup, but I have been setting up new instances, and it is quite straightforward.
What other advice do I have?
Getting new security standards so quickly into the product is definitely a new surprise. In the CA World, I am seeing a lot of new subproducts that they are introducing, which I was not even aware of. I think that definitely surprised me that CA is investing in the CA API management product and building new offerings and new solutions, which is really nice. That is where the industry is going and they are putting their time and efforts in the right solution and the right product.
The gateway and the new offerings that they are coming in are very capable. The two points that I am missing are primarily from the development standpoint.
I would suggest CA API Gateway to my friends in some other companies who are trying to deliver it: more from the security standpoint, the ease of setting it up, using it, and customizing it. Those were the key factors that I would be promoting about this product to my colleagues or friends.
Most important criteria when selecting a vendor: Support and the new features that they bring into the product. Those are the key things based on which we are selecting the CA API Gateway.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Lead Consultant at a tech services company with 10,001+ employees
Provides a single platform for managing security, real transformation, connectivity, and development, eliminating the need for additional add-ons
Pros and Cons
- "It's a comprehensive tool that allows us to perform all the necessary tasks in one place."
- "I understand that clients are often concerned about costs. They might be exploring other options due to the high cost associated with our current package."
What is our primary use case?
It serves our development purposes, enabling the connection of both external and internal clients, for example.
What is most valuable?
It's a comprehensive tool that allows us to perform all the necessary tasks in one place. With other middleware API management tools, we might need multiple tools and layers to achieve the same results. This tool provides a single platform for managing security, real transformation, connectivity, and development, eliminating the need for additional add-ons.
What needs improvement?
It's quite satisfactory. However, I don't focus much on the cost perspective, but I understand that clients are often concerned about costs. They might be exploring other options due to the high cost associated with our current package.
Currently, we don't have any major issues, and any past issues we encountered were promptly resolved. Perhaps in terms of improvement, we could explore more robust connectivity options, but for our current needs, it's been solid. As for my company, we might consider migration, and there are tools like GMU migration, provided by the same vendor, which could potentially help us in that regard.
For how long have I used the solution?
I have been using Layer7 API Management for the past eight years.
What do I think about the stability of the solution?
It is stable, as per our observations.
What do I think about the scalability of the solution?
I've been primarily utilizing the on-premises version, and it has proven to be scalable as we've added more clients. However, I haven't yet ventured into the cloud aspect, so there's potential for further exploration in that regard.
How was the initial setup?
It's not overly challenging. The documentation is quite comprehensive, and the support from the dot command is also reliable. Overall, it's a comfortable experience, and I haven't encountered any significant issues or concerns.
What other advice do I have?
I would rate it an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Layer7 API Management
December 2024
Learn what your peers think about Layer7 API Management. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Solution Architecture / Digital Architect at a financial services firm with 10,001+ employees
The tool can handle complex security requirements. On-boarding APIs is agile.
What is most valuable?
I was doing all B2B integrations. The security features provided by the gateway are really cool. The tool can handle all complex security requirements. On-boarding APIs is very agile and fast.
How has it helped my organization?
In my last position, the core services were exposed to the consumers via the ESB layer. They had plenty of issues with protecting those services and keeping the back-end services hidden from their consumers.
Using this tool helped them to provide a unique endpoint, with no change to the consumers. It allowed them to change their services without affecting the customer interfaces.
What needs improvement?
I would like to see this amazing product have the following enhancements:
- Continue integration and delivery (10 points)
Currently the tool provides REST APIs, but they are not easy to use. They need to be reviewed and enhanced. The documentation is good, but there are not enough examples. - Monitoring and reporting (20 points)
The Admin dashboard provided by the tool is amazing. However, this doesn't allow the service owners to view their services. The gateway admins are always struggling to provide reporting and monitoring status. We need to provide monitoring and reporting out-of-the-box for the management and service owners. We can do custom development, but not every company has time to do so. The Admin dashboard is not business friendly and it doesn't provide rich reporting features. - RAD - Rapid Application Development - Development environment (5 points)
The policy editor, at first glance, seems complicated and it scares developers. I would like to see it easier to understand. Maybe it could have a visual drag and drop, like with Borland C++ Builder.
For how long have I used the solution?
We have been using this solution for eight years.
What do I think about the stability of the solution?
I did not encounter any issues with stability.
What do I think about the scalability of the solution?
There were scalability issues in Amazon AWS, but not in the private data center.
How are customer service and technical support?
Technical support is agile and responsive.
Which solution did I use previously and why did I switch?
We weren’t using a solution previously, but alongside of this tool, we were using Apigee Edge and 3scale API Gateways. Each one of them is designed for a different purpose. We were looking at them as complementary products and not as replacements.
How was the initial setup?
I was involved in the installation, and it was easy for me.
Which other solutions did I evaluate?
We evaluated MuleSoft, Apigee, and 3scale.
What other advice do I have?
CA API Gateway provides rich policy sets in regards to XML and REST services. This baby is great for all B2B integrations and it’s a very agile component to set up and use. You can set it up with complex security requirements on your service side in less than an hour. (I am very biased about this. No product can do that at this speed.)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sr Software XML Gateway Developer at a manufacturing company with 10,001+ employees
We rely exclusively on it for web services and RESTful APIs.
What is most valuable?
The following features are most valuable to me:
- Extracting credentials for authentication
- Security
- This product handles security in their own and unique way. e.g internal identity providers, connect to any LDAP in organization and validate, Certificate checks etc.
- It can do certificate authentications ( one way, two way).
- It can read credentials and connect to any LDAP including its own internal identity provider using the credentials
- It can generate SAML tokens for security
- It can extract/parse XML/JSON element.
- Password once stored in cannot be viewed, but can be extracted, this is major advantage when we use basic credential to any system to connect
- Regular Expressions is one area where it has a big advantage for validation of strings
How has it helped my organization?
Our organization relies entirely on it for web services and RESTful APIs. Internal applications never get requests if they are not valid or authenticated, which saves the backend server's processing. Big organizations can track demand of services and drives to ROI.
What needs improvement?
An as-is string API is not available for manipulating, like we do have in Java all operations of String are not present. The hard way is by using regular expressions, which is little difficult to intermediate and beginners.
Some kinds of errors have to be reworked.
Very recently, I saw a connection reset error message for a handshake (for cipher). Many organizations have recently performed the SHA2 upgrade, so handshake errors are not properly recorded in logs.
When backend system sends error message with different MIME layer7 cannot propogate the same message, most of the times it gives blank message, backend error message is never passed to final consumer.
(observed in 8.3 for MIME application/problem+json and with error code 403)
For how long have I used the solution?
I have used this solution for four years.
What was my experience with deployment of the solution?
ESM gives a hard time. For example, 7.3 to 8.3 migration is hardest. Also, if we have multiple clusters, we don't have a good migration utility. Most of the time, it fails.
Login (Policy Manager) time for clients is usually not fast.
The Information Guide is very brief.
What do I think about the stability of the solution?
In big industry stability is always challenge, some times internal users report that 3 out of 4 connections are successful and one is never reached to API Gateway, while diagnose report always says system is healthy, restart will make it work again
How are customer service and technical support?
Customer Service:
4/5 they are always on par with requests, some times limitations of API gateway are there to answer by Customer Service
Technical Support:I rate customer service and technical support 8/10.
Which solution did I use previously and why did I switch?
Our organization moved to this product because Cisco stopped supporting its gateway.
How was the initial setup?
Initial setup was in between straightforward and complex.
What about the implementation team?
We implemented the solution in-house with help from CA.
What other advice do I have?
This is a good tool compared to open source solutions. There still is a lot to be done to improve user experience.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Lead API Engineer at Boubyan Bank
Integrates well, beneficial security functionality, and easy setup
Pros and Cons
- "The most important features of Layer7 API Management are the basic security functionality and validation checks."
- "Layer7 API Management could improve by assing more portal-based capabilities."
What is our primary use case?
Layer7 API Management can be deployed on the cloud and on-premise.
We are using Layer7 API Management to expose APIs and to do security checks, which is similar to a reverse proxy.
What is most valuable?
The most important features of Layer7 API Management are the basic security functionality and validation checks. Additionally, it integrates well.
What needs improvement?
Layer7 API Management could improve by assing more portal-based capabilities.
For how long have I used the solution?
I have been using Layer7 API Management for approximately two years.
What do I think about the stability of the solution?
Layer7 API Management is stable.
What do I think about the scalability of the solution?
We have four people using this solution in my company.
The solution is scalable.
How are customer service and support?
The support from Layer7 API Management is proactive.
Which solution did I use previously and why did I switch?
I prefer Layer7 API Management over Apigee. Apigee has a portal-based capability which is better than Layer7 API Management.
How was the initial setup?
The initial setup of Layer7 API Management is not complex. The process took approximately 10 to 15 minutes.
What's my experience with pricing, setup cost, and licensing?
The price of Layer7 API Management is reasonable compared to Apigee.
What other advice do I have?
This is a good solution. However, it would be ideal if they had a technical team because there is a need for some basic coding knowledge. It requires comprehensive Java knowledge.
I rate Layer7 API Management an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
GM - Head of Digital Transformation at a financial services firm with 10,001+ employees
Monetization module is unique, but security protocols for financial service were not up to par
Pros and Cons
- "Containerization and the monetization module are quite unique for an API tool... In addition, the development time and rollout time are pretty quick."
- "The security protocols in CA's product, for financial services, weren't as good as those in API Connect."
What is our primary use case?
Our primary use case for this solution is opening up our APIs to the development community so they can help us innovate some of our banking products. We've demoed CA API Management and we've done one proof of concept with it, but we are not using it on an ongoing basis.
How has it helped my organization?
We are a bank, and any API management tool helps us find the right partners to build new products in new markets. Given that we are going down the path of open banking, this type of tool is, perhaps, going to be one of the integral components of our tech deployment.
What is most valuable?
- Containerization
- The monetization module
They're quite unique for an API tool.
Although we didn't test the monetization, the flexibility of the tool could be quite useful. Right now, we're not looking to monetize any of our open APIs for the next few months, but it will be a focus for banks in a year or so. The nimbleness of the monetization tool is very good, where you can just drag and drop elements that would make up the monetization.
In addition, the development time and rollout time are pretty quick.
What needs improvement?
This is not specific to CA's tool, but API tools in general. There are two schools of thought: There is the "Apigee" school of thought that says that we don't need hardware to implement security, and there's the "API Connect" school of thought which says some sort of an enterprise service bus would be critical to the success of the API management tool.
I find this hardware reliance is a bit archaic. The biggest reason I would want to get an API management tool is to get rid of the hardware. If I have to have the hardware and put the tool on top of it, that makes it a bit cumbersome for us because the maintenance of the hardware, for any enterprise service bus, is in hundreds of thousands of dollars per year.
It needs to go into virtualization.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
One of the reasons that we chose to go with another tool was because we found that CA API Management was crashing quite often. We called technical support about this, but since the deployment time was so short, we only called them a couple of times before we made a decision.
What do I think about the scalability of the solution?
We didn't take it to scale, but from what I've read and from the literature that was provided to me, it seems that it's built for large transactional orders.
How are customer service and technical support?
Our interactions with technical support were okay; nothing to write home about.
Which solution did I use previously and why did I switch?
In terms of using this solution to modernize legacy systems via microservices/APIs or developing a new platform for mobile/IoT, we haven't used CA's API tool, but the API tool we are using right now is helping us replace some of the old, monolithic systems. It's helping bring a more agile approach to our API development, our exposure of microservices to the world.
How was the initial setup?
The setup was a bit complex in the beginning, but I think that's for true for any technology that you want to implement for the first time.
The deployment took six to eight weeks. We had a roadmap that we were following, as an implementation strategy. I can't go into what that process was. For the deployment, we had five FTEs on our side and the implementation team had another two or three, and there was also a manager.
Once it was deployed it took four people to maintain it and for API development. And then we had a team of 40 Intel developers who were using it off and on.
What about the implementation team?
We used a local implementation partner to help set it up.
What was our ROI?
For the business case that we have, we would have made no money on this within the first 36 months. We would probably have started seeing return on investment when there was traction in the developer community for our APIs. Once we would have a couple of good implementations with the e-commerce companies, then we'd see a return on investment.
I also feel that from a resource-reduction and right-sizing perspective, eventually we would be able to bring that down a little bit because we would need internal product teams to be that active in the long-term.
What's my experience with pricing, setup cost, and licensing?
We weren't comfortable with the pricing of licensing. It was slightly more expensive than its competitors.
Which other solutions did I evaluate?
We found that API Connect had superior features. The security protocols in CA's product, for financial services, weren't as good as those in API Connect.
What other advice do I have?
With respect to supporting a large number of APIs and/or a large number of transactions, we didn't use it for a large number of transactions. It was a PoC so we only used it for limited connectivity. But from what I've read and from what I've heard from other users, the volume management and traffic flow management is actually pretty good for CA's tool.
I would rate the solution at six out of ten, overall. It didn't meet all of our needs.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Director IAM Security Engineering at a financial services firm with 10,001+ employees
Substantially decreases the amount of time it takes to secure new APIs
Pros and Cons
- "One of the features that the tool provides is the ability to simply onboard new APIs to an existing security platform. We build all the policies for security upfront, and then we can add those policies pretty simply and straightforwardly to any new API that gets developed in the enterprise."
- "One of the features that the tool provides is the ability to simply onboard new APIs to an existing security platform. We build all the policies for security upfront, and then we can add those policies pretty simply and straightforwardly to any new API that gets developed in the enterprise."
What is our primary use case?
API management, for security.
How has it helped my organization?
One of the features that the tool provides is the ability to simply onboard new APIs to an existing security platform. We build all the policies for security upfront, and then we can add those policies pretty simply and straightforwardly to any new API that gets developed in the enterprise. That has been the quickest and easiest thing.
We're rolling it out across the enterprise as we speak, after that six months or so of heavy usage, and we're finding that the amount of time it takes to secure new APIs has gone down substantially.
What is most valuable?
The security features are the most important because that's what we're using the application for, specifically.
What needs improvement?
There is a thick client for configuration that is not as easy to use as you might like. So I would say the design and user experience, from an administrative standpoint, is a little clunky.
There are some really very granular kinds of issues that I've found and they're more related to very specific technical components of the application itself. Aside from these individual complaints that are very bound up with our use cases, I don't have any specific recommendations.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
No issues with stability.
What do I think about the scalability of the solution?
In terms of scalability, we haven't encountered any issues. Scalability has been something that we're starting to explore a little bit more now - automated scalability - responding to increases in capacity in the environment. But we haven't had any issues, and I don't necessarily anticipate any issues. CA provides certain containerized versions of their components that are very easy to deploy and scale.
How is customer service and technical support?
CA has been extremely responsive to any request that we've had for assistance, for support, and for new features. I haven't been able to evaluate the newer version that has recently been released, so we haven't evaluated it yet in terms of feature completeness.
How was the initial setup?
The initial setup was pretty straightforward. They provided us with a container and we got it up and running, and then we just started working on it. You can follow the instructions pretty easily.
Which other solutions did I evaluate?
We did not have a previous solution, but we did evaluate Mulesoft as an alternative and, possibly, Informatica. We ultimately decided that our relationship with CA, and the type integration with some of the other applications that we had deployed in the enterprise, made the API Gateway a much better option for us.
What other advice do I have?
I would suggest you take a look at all of the components. The API Management Suite that CA offers is broader than simply the API Management Gateway. The Suite has some features, extra components, that really make for a much easier and more accessible way a way of doing API management within the enterprise. There are components like the Mobile API Gateway and Live API Creator. These additional components really expand what the products can do, in a way that makes your value proposition easier to present to the business.
I would say this solution is a solid eight. It does everything that it says that it does. It would get a higher rating if it had a little cleaner interface and was easier to administer, but I think that's a pretty solid rating for a product like this.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Senior Director at a tech services company with 10,001+ employees
We can create multiple orgs and set up policies and management for them
Pros and Cons
- "We can create multiple orgs and set up policies and management. We can also integrate with an APM solution"
- "The only issue we have is that we have to buy an APM license separately for end-to-end monitoring."
What is our primary use case?
API gateway.
How has it helped my organization?
We can create multiple orgs and set up policies and management. We can also integrate with an APM solution. We have 1000-plus APIs to be built, policies set up, security handling, and API status in one portal. These are the high-level details. The developers in my team would be able to provide further detail.
What is most valuable?
CA API Developer Portal and API Security policy.
What needs improvement?
We did an assessment and are continuing with implementation. I would not say it's 100 percent perfect but, currently, all the features we anticipated using are working. The only issue we have is that we have to buy an APM license separately for end-to-end monitoring. That is something we are looking into.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
We have not experienced any issues with stability.
What do I think about the scalability of the solution?
We have not experienced any issues with scalability.
How are customer service and technical support?
Technical support is very good and responsive. We have a dedicated support person. Initially, we leveraged CA Professional Services.
Which solution did I use previously and why did I switch?
TIBCO Mashery which was good any for API gateway, but needs more monitoring and easier methods for setting up policies.
How was the initial setup?
Initial setup was straightforward. We were able to set up in five weeks, including policies.
What's my experience with pricing, setup cost, and licensing?
We need to know the ROI three years down the line. In terms of minimizing cost and licensing issues, I would suggest that you not buy piecemeal.
Which other solutions did I evaluate?
TIBCO Mashery, Mulesoft.
What other advice do I have?
I would suggest you do a PoC with CA, for feasibility.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Buyer's Guide
Download our free Layer7 API Management Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
API ManagementPopular Comparisons
Microsoft Azure API Management
Amazon API Gateway
webMethods.io
MuleSoft API Manager
Kong Gateway Enterprise
IBM API Connect
IBM DataPower Gateway
WSO2 API Manager
3scale API Management
Axway AMPLIFY API Management
TIBCO Cloud API Management
Akana API Management
OpenLegacy
Buyer's Guide
Download our free Layer7 API Management Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- When evaluating API Management, what aspect do you think is the most important to look for?
- What is the difference between an API Gateway and ESB?
- In a Digital Banking Environment how do we see the role of ESB/ API Managers?
- What is an API Gateway?
- How do you protect your API from security threats?
- What should one take into consideration when choosing an API management solution to manage Microservices?
- Which API Management tools have the best developer portal?
- Which API management tool is the best?
- What is your favorite API Management tool?
- What are the key parts of an API strategy at an enterprise?