One of the projects I'm working on is to use it to connect a web form where end-users will enter in data. This data will go from API Gateway to a mainframe, and then the mainframe will take that data, combine it with other data sets, massage it, and send the answer back in the form of a PDF.
We're looking to do a couple of things with API Gateway. The first one is that we're moving from a 24-hour batch process using Managed File Transfer to API Gateway where our transactions are in minutes or less, rather than every 24 hours.
The other thing is that by using API Gateway, we are now enabled to institute some very strong security modes, not only for authentication but also for authorization. We're going to use a single sign-on product for authentication, and once that's done, API Gateway is a policy manual that will securely regulate what data sets people are actually able to see or query, or send data to. For example, in today's situation, someone can query the mainframe for information, even though they have no business asking for that info. It is a 15-year-old setup, and security wasn't in everybody's mind at the time, and the tools were very hard.
Because API Gateway is a policy engine, I can apply policies that can say, "All right, you have to be from a certain company or a certain zip code, or certainly from the state of California before we will even accept your query." After that, we're going to inspect that query to say, "Okay, you are somebody who is working with this type of data, so we are going to allow you to send in your information and query the system for the information that we know you're authorized to see." We can also say, "Are you coming from an appropriate IP address at an appropriate day and time of day?" In other words, if your IP address is coming from a foreign country and it is Saturday morning at 1:00 AM, we know that's not normal. So, we would block that.
I'm working with the most recent version. It is a cloud solution.
The most valuable feature is that API Gateway is extremely flexible for any feature, such as connecting to Active Directory to pull the users and their authentication information. There are three ways to connect to Active Directory, and the reason for this is that the computing environments of our customers are very different. Every feature in API Gateway has got multiple methodologies for accomplishing those tasks, which is important because customers are constantly changing their security models, IT models, networks, etc. API Gateway is very flexible. It is not a one size fits all sort of situation where it is very rigid, and you can only use these pull-down menus, and that's all it ever does. It is much more open than that.
It can give you fabulous reports on your users, usage, security issues, and the data sets that are going through there. You'll suddenly have visibility on the movement of data within or between your organization and other organizations. The other thing is that you're connecting API to API, which is machine to machine. The things that were done manually in an Excel spreadsheet before exchanging data through email are now done machine to machine and server to server. It speeds up the velocity of your business.