Layer7 API Management Reviews

The Gateway is most important because it is our strategic front door into the company for all APIs.

The API Gateway for us is now, or is about to be, our central one way in. We have many, many partners who resell our communications services. They provision those services through our systems.

Previously, we would just host it on a number of different application servers, uncontrolled if you like, not as secure as they should have been.

You probably don't know, 18 months ago we had a large security breach, which turned into a large issue with the national press. We now use the Gateway for that single point of entry for all of our API traffic.

As well as the SOA Gateway - that is, the API Gateway; we call it the SOA Gateway - we also are now deploying the developer portal component of the SOA Gateway. That has limitations.

There are two main ways to offer web services to the outside world at the moment. One is RESTful services and one is SOAP-based services. We are predominantly a SOAP service company and the support for SOAP-based services are very limited, almost poor, in the developer portal. All CA's investment is around RESTful services, which is a problem for us.

I would also simplify threat protection, I would improve SOAP support, and I would reduce Professional Services rates. Apart from that, everything's pretty good.

We've been using the solution for two and a half years.

It is very good in terms of stability and functionality, it just lacks a little bit in terms of SOAP services.

We're only receiving 200,000 calls a day at the moment, and we're increasing that to about 1,000,000 calls a day, which is a lot of traffic compared to some customers but I'm sure it's not much compared to others. The performance is fine.

We raised a couple of tickets which just went through the standard process and we got a really poor response. But then I contacted the account manager and we got an excellent response and service.

In terms of the ultimate outcome and the service we receive now, I'd rate it really high, you know, 8 or 9 out of 10. But there's been one incident in particular which I would rate down at 2 or 3 out of 10. The way I feel now, I would rate it at an eight or a nine, mostly a nine. There was one incident which did not go through the account management team, which was not optimal.

The one incident which I would rate very low was just a really unprofessional, incorrect response. As soon as the account manager saw it, he was very apologetic. He got it all sorted out, no problem. They know about it and our account guys know about it. I think the support team know about it. I don't really think it's worth bringing it up again.

We introduced the API Gateway. I wasn't here at the time, by the way, but we didn't use anything in terms of that. We bought it really for our protection and security capabilities. So the main thing is the API, the whole API management piece. We did go out to tender; we invited about six, or evaluated about six, different solutions and selected CA.

I wasn't here for the setup.

I would say CA are a good company to work for. I would say that the Professional Services people are fairly expensive but pretty good. I would say that the Gateway is a good tool but you need to be careful of the limitations for SOAP services. Also try and get over to CA World because that's good fun.

Its simplicity; and it's user friendly. Advanced Authentication and Security features. Ability of Gateway to create API on the go with compatibility to integrate with all Blackened Systems (MQ native, JMS, SFTP, HTTPS, SCP, Windows/Oracle, LDAP, etc.).

Improvement in developer portal customization.

Eight years.

Not yet.

No.

8 out of ten.

The only solution I use is CA APIM and it’s the best. I haven't even thought
of switching into another one.

Very easy.

Depends on the client's requirements.

Yes, IBM and Apigee.

CA APIM is the best product in the market. With API Gateway, you can expose
APIs with an advanced authentication mechanism and security, within days.

The built-in routing platform is the most valuable feature. It is easy to use.

There is a need to automate the process of retrieving the SSL certificate when it has expired. Currently, the product doesn't have this feature automated. It is only manual.

I have used this solution for two years.

There were no stability issues.

There were no scalability issues.

I am very satisfied with the level of technical support.

The setup was straightforward. I started using the product after it was already built-in.

We needed a way to secure our externally-facing services. Layer 7 was a lot more lightweight and its security chops were more apparent. For deployment, it needed the ability to go with a VM image because it was not going to be on-premise. It was going to be in a cloud offering in front of our commerce spot.

Because of our experience with our cloud-hosting provider's image requirements versus what CA provided them, I think an area of improvement would be additional form factors for virtualization.

There were some issues during the initial setup. Our cloud-hosting partner required certain things, such as ESXi hosts and images. They were very particular about what kind of image they wanted versus what kind of image CA provided. So what I think would be an improvement would be support for additional virtualized form factors.

CA helped with the architecture, the design, the implementation and it's in place but it's not actively being used because the backing system isn't there yet. I can't tell you qualitatively like, "Oh, yes, it's working very well." I don't know how it's working because nobody's using it. It's waiting for the system to be ready and operational. The implementation, though, was done very well.

Layer 7 was top-of-class in the Gartner Magic Quadrant, Forrester, and all that stuff, so I did the selection process there and looked at a couple of different competitors.

API security and API onboarding. We have on-premise deployment with legacy backends.

It improved the integration channel between partner companies. It also improved the time it took to onboard a new partner.

API security. Implementing security is hard in general but for this product, almost all security features are available out-of-the-box and can be deployed rapidly.

The product needs to keep up with newer trends even though customers might not be requesting it yet. For example, the usage of newer versions of Swagger and YAML format.

We have a full, classic, API gateway currently. We want to leverage it to use the microservices, with the help of micro API gateway, to support our business or e-commerce platform, the API traffic. That's our main our goal, to move further toward a microservice with a Docker container.

We implemented it in a non-prod and it is good. But we want to move into production going forward. Performance-wise it’s good, and we are not seeing any issues.

The benefit is maintaining the security of the APIs and securing the transfer volume of the enterprise for any business transactions.

The main feature is the security, and then the performance of the APIs is good. The monitoring part is also helpful.

We are looking for improvements related to integration. We want to see them add integration tools to the CA bundle. That would be helpful.

Stability-wise it's good. We are not really seeing any issues. We have had CA products for almost four years, and until now we haven't see any outage or any impact of the gateway.

Scalability is good. With the new/future version of the gateway, we can easily scale up or scale down the gateway instance in the Docker container.

Technical support, the CS support, is good. They respond promptly. They give guidance and they give recommendations to improve the platform performance.

We were previously using a different API gateway. We had some issues with those servers. We did some evaluation in the market. I evaluated server software and IBM DataPower and Intel products. Finally, based on all the features, like security, we decided that the CA product is the best suited to the needs of Motorola's business.

I was involved in the initial setup. We brought in CA Professional Services to help start the infrastructure in our installation.

It was not complex, documentation-wise it is good. CA maintains the documentation very nicely, so based in the documentation we were able to set up the environment. It is all straightforward.

The main thing we look at when selecting a vendor is what partners are using them and how successful they are in that business with the product. Then we'll look at industry ratings. Based on that we will consider if we need to go with that product or not.

I rate it a nine out of 10 because the product is not only one product, API Gateway. If I want to monitor the gateways, I need to go with other CA products. It's not like a package, it is multiple products. So if it was a complete bundle, then I would rate it better.

I would recommend going with it.

API Enhanced Portal 4.1 looks very promising. API Gateway policy manager for writing policies is excellent. It is the best in the industry for policy writing.

CA is the first in the market from the time they acquired Layer 7. They deliver the best API Management solutions.

From 2012, our clients evolved a lot from API Management perspective after using CA.

We are able to expose mission critical APIs to the external world, monetize them, and generate revenue from them in the most secure manner.

CA also drastically improved the capabilities from Gateway, Portal, and OAuth perspective in the last couple of years. This adds more value to our API Management wing.

CA API Portal 3.5 does not support Swagger documentation. If they were to support that, it would be great. However, their focus is on a newer, enhanced version of their API Portal 4.1 Release. However, it is not very mature and there is no direct migration available in the near future. It is not possible for clients to migrate to a newer version.

CA might lose clients mainly for this reason (Swagger Support on API Portal 3.5), unless they develop seamless migration utilities from API portal 3.5 to 4.1.

I have used CA API Management from 2011, when Layer 7 had not yet been acquired by CA.

From an API Portal 4.1 perspective, I did encounter multiple issues.

From an API Portal 4.1 perspective, I encountered scalability issues. They confirmed that they are working on it and in the very near future, it will be available.

CA has very good API Management support. They are very helpful.

We didn’t use a solution before this one. CA is the best in the market in terms of stability, scalability, and policy development. They are the best at achieving custom scenarios related to clients (customization) in all perspectives, besides the current API Portal 4.1, as it is not yet matured enough. There is nothing to worry about in the 4.1 portal.

The initial setup was straightforward. CA documentation is pretty clear for anything to do with CA products. They are masters in this industry.

If the CA pricing for API management would be a little lower, they would be able to cover a broader market.

I don’t remember the story from 2011, but very recently I did an analysis of MuleSoft, Google, AWS, Apigee, and WSO2. WSO2 came in first, and CA standards came in second.

Follow CA documentation thoroughly.

It provides a simple way to create REST APIs. It provides easy integration with REST and SOAP services. It has its own language, which make it possible to design and implement the complete flow using existing services and databases, and to create and aggregate fine-and coarse-grained APIs.

We have used it as the top layer in physical infrastructure architecture and made that available to mobile, iPad and desktop applications. Basically, it worked as a single point of contact for all applications via HTTP protocol as a communication channel. Underneath, it is aggregating a plethora of REST and SOAP services and connections to LDAP, AuthMinder, RiskMinder and SiteMinder for authorisation and authentication.

With it, we provided an enterprise solution for authentication and authorisation for all internal and external application in a quick and efficient manner using existing SOAP and REST services.

I feel there is a lot to improve in terms of providing plug-and-play functionalities, as at the moment it requires a lot of coding in their specific language for implementing a medium-complexity use case. It needs to improve the user interface for logging and monitoring. There is no test framework for the APIs, which is a setback. And with respect to providing an end-to-end API management solution, where the API will be charged per usage from the client, configuration is not that easy and straightforward.

I have used it for more than a year.

We had a lot of deployment issues, as it does not provide seamless, continuous integration and deployment to different environments.

Not really, Performance wise it is quite competitive .

Satisfactory

I would rate technical support as satisfactory.

Previously, we chose to use CA-provided solutions (AuthMinder and RiskMinder), which includes (JSP-based) user interfaces. Also, because we have to make our own designs (RIA-JavaScript-based), that’s how it came into the picture.

Initial setup wasn’t straightforward.

We implemented it along with a vendor team. I would advise preparing an in-house team by providing it with a week or two of training, and then get an expert from CA for several months to provide the consultancy and solutions to the team and to resolve their issues.

One of the reasons for choosing it was that we were already using CA products, such as SiteMinder. It provides easy integration with SiteMinder, and because both are CA products, we therefore expected better support.

Not really , as we were already using CA products like Siteminder , since layer 7 is also a CA product and provide seamless integration with the product thus we chose Layer 7 in first place .

I would advise also evaluating Apigee API management if you are looking for an end-to-end API management solution. Otherwise, CA API Management is not a bad choice.