Layer7 API Management Reviews

The most valuable features are reliability and scalability; it's just easy to deploy across our environment. We like those features.

It certainly filled the API management needs of our organization. For example, we were in the process of designing a patient portal for the hospital, and we were able to quickly leverage the UAR tool kit that’s available. The developers didn't really have to think about security, even though in the healthcare industry, security is a big concern. And that was all leveraged from the robust tool kit available in API Management. Taking that heavy lifting away from the developers so they could focus on functionality and we could focus on delivering the secure access they needed, was great.

It's a great product. Just expand on it. I think CA has done a good job bringing the UI component to macOS; that’s good. And I think they're also doing a web UI version where you can create policies. I believe in the past, they had some limitations of what you could or couldn't do, but they are solving some of those issues.

CA is the leader in this space. So we look toward them for coming up with best practices to adopt. I'm not really an expert in that area.

We've had it working for about 4 or 5 years

We've had it working for about 4 or 5 years now and apart from upgrades, we have never had a problem with outages or components breaking down.

We began with just one appliance. Then, as our needs grew, we put in a load balancer. It had multiple VMs talking together, which was fairly easy to do and we never had a problem with that either. From time to time, when we needed to take one server out of the load, it was an easy process; the other servers automatically absorbed the workload. That's a benefit for us.

We had API Management from when it was still Layer 7. Their people were certainly filling a lot of shoes because it was a smaller company at that point and you would see the eagerness for technical support to jump in, be hands on, and help you all the way through. Now, they try to push us towards the solutions and the consultants a little more. In a bigger organization, getting POs signed is not an easy process and when you want something that could take an hour or two hours to fix, now becomes a bigger hassle.

When we looked at this emerging API management need seven years ago, we looked at the Gartner recommendations and then looked at our organization’s needs at that time and kind of picked CA right from the beginning.

I jumped in to the second or third upgrade, not at the initial setup.

I would certainly recommend using this product. We've had a wonderful success story. And we've not had any issues with it. Even when the consultants do come out, they are very knowledgeable. They know the product inside and out and can implement it right on site. That is a plus.

When selecting a vendor, the interoperability between their different products that we have is important, as well as expandability. Additionally, we want to be able to configure the product to our liking. That helps us adopt it.

The best features for us are documentation, the development portal, ease-of-use, and click-to-market. Our API landscape is increasing exponentially and one if the differentiators that allow us to reach our goals is how fast we can get to the market. And our speed-to-market is based on ease-of-deployment and how fast we can iterate and change.

It sets itself apart mainly because it's a bigger product and a bigger company, so it integrates well with other solutions that we already have on-premises. That makes it a lot easier for us to move people around, since they already have a basic skill set. That really helps. The support that we get from CA in general, including the talks, the books and the documentation that explains how to sell from a technical and a non-technical side, really benefits us.

I would like to see a lot more information about design, such as design thinking and design UX, UI, information about the technology, and the problems it's solving for everyday customers.

The cloud-based solution that we use right now is stable. We have an on-premise solution as well, which we still have some issues with, but we're still moving forward.

Scalability is unmatched. Since it is cloud and AWS backed, if we need more power, we just call it up and it's pretty quick.

Technical support, including the communities, Twitter, and being able to reach somebody on the phone is phenomenal; it's a good working relationship.

We have multiple solutions in house. This is the one we choose for now for certain products. There weren't really better products and there's only certain product groups in the market, and we only pick the best-in-breeds. CA was one of them.

For me, the most important quality in a vendor is technical support. I want support from end-to-end, including documentation, technology, and written materials that I can download and review myself and then reapply.

Initial setup was a little bit of both straightforward and complex. We are a large company and have certain scenarios that make things a little bit more complex. CA's always been really good about being right there with us to understand some of our challenges.

Dig in really deep, not only from a technical standpoint but also from a design and product standpoint. That's probably the biggest piece of advice that I can give you. If you miss this, you will forget to see the forest through the trees.

The Mobile SSO and Developer functions are the most valuable features. The Mobile SSO functionality is not available with most similar products in the market, which makes this a unique product. The Developer function helped the developers to be self-sufficient meaning they did not need a lot of training and they could do things on their own.

API security was another important feature in terms of how you are able to control usage of digital assets and access your systems from the outside world. Thus, security was a good feature.

Lastly, the monetization part was also important. We have not started off yet but monetization was one more thing that we were very happy and keen about when we saw this product.

We have recently implemented it so it is too early for us to say how this product has improved the working of our organization. We wanted it as a feature and capability for the organization so we have invested in it. In the future, it shall proceed in the direction of how we would like to shape-up our organization.

We would want to see the monetization feature to be a standard function. At the moment, it is a third-party solution. This feature helps you to carry out API billings, so as the APIs are consumed from the outside world, you can charge your users for using them. Currently, it is not a standard feature and is more like an add-on where they have worked out ISV pricing with others. So, if it is made as a standard feature of the product it will be really good because it will take the promise of app economy to a true level; thus, it will be truly monetized.

Another improvement we would like to see is that the product should be more relevant with the public cloud infrastructure that is pervasive nowadays. So, the ability to host and run these solutions on Amazon, Azure or Google Cloud should be a standard feature for this product. From what we have been told it is going to be a part of the product’s roadmap.

This product is stable.

We did our own test to verify scalability and found it was quite scalable. We had no issues.

We had done a load test on the application on our own and it was able to scale to a significant number of transactions per second. Based on our architecture and solution that we have, we are comfortable with the level of volume that it can handle.

We have not used any technical support.

We were not using a different solution before. We were looking in the markets for solutions which would help us give this level of scalability, based on the nature of business that we have.

We never had a product like this because API management was always a discussion and we never knew how to implement it. When we saw this product and figured out that they had the features we wanted, then we took our time to perform due diligence and figured out this was the right product for us.

We were involved in the initial setup and found it to be a little difficult. The reason being, we implemented this product on Microsoft Azure and the product features on Microsoft Azure were not updated at that time. So, there were some initial hiccups. However, CA professional services and my team were involved extensively to get it rectified. CA services did play their part in making sure that whatever the shortcomings, if any, were addressed. It was a good involvement from their end.

We did shortlist other usual vendors namely Apigee, Axway, Mashery that are the other competing products in the market. The number one criteria for selecting this product was CA’s pricing policy as well as its presence in that part of the world from where we come from; it is significantly big compared to all the other companies. In Asia where we come from, not all the companies are present to that extent and you need a level of comfort when you're investing in such a magnitude. You would want the organization to be very strongly present there.

Just do your own homework and make sure your own metrics are ready, specific to your organization. Every organization is different and make sure that you maximize the value of the investment that you are putting in.

The roadmap of the product is the most important criteria while selecting a vendor. In addition, another important factor is the ability to invest in continuous releases/new releases that are coming up in the product. In short, how much the vendor is willing to invest in the product to keep it updated.

We had a little bit of mishaps for the installation. Overall, regarding the product features all what we wanted was in there. It's just that we had our share of a little difficulty in implementation, otherwise it is a good product.

• Security
• Flexibility
• Ease of use
• Message translation

We have been able to accelerate our clients’ transition to digital organizations by using the CA API Gateway to rapidly expose legacy business services as RESTful APIs, adding industry-leading security to the APIs, and providing a Developer Portal that provides governance, control, visibility, and organization of the entire API stack. These features result in faster time to market, cut months off project timelines, and enable businesses to prevent from becoming disrupted by high-tech startups.

The Developer Portal has had some limitations but a new version has already been released which addresses these limitations. It is already available in SaaS form and will also be available as an on-premise solution this October.

The previous version of the Portal was a bit more limited in terms of appearance customization (CMS) than the new version. Some other features lacking in the old portal but available in the new version include API-Enabled (functions that can be executed from within the web-based GUI can also be executed from API calls, allowing you to automate tasks), ad-hoc reporting, support for hybrid deployments (Portal in the cloud, API Gateway on-prem), and Swagger support to name a few of the most commonly requested features.

I have used it for three years.

The CA product has outstanding scalability built-in via their “cluster” concept. The Gateways are organized into clusters and adding a new Gateway into an existing cluster is very simple and does not require an admin to configure the newly added Gateway nor manually deploy policy to it; it is all automatic. Stability of the Gateway is rock-solid so long as you follow CA’s best-practices guidelines when provisioning and configuring servers. We have seen sporadic performance issues when clients’ IT Operations team did not follow the guidelines but these were easily remedied by updating VMware configurations to match CA’s recommendations. DRS configuration is an example of this. One must also pay attention to log and audit data as these can grow fast with the high transaction counts of today’s API utilizations. Implementing a strategy to archive this data is important. We very often forward this data into Splunk to provide our clients with a single source for API analytics.

For most use cases, CA support is very responsive and they even have a group dedicated to making fast-paced product updates and customizations for customers with special needs, which is very unique among API solution providers.

The CA product is very easy to set up. A development environment can be stood up in an hour or two.

As a service provider, we implement API management solutions for many customers. My advice for customers seeking to implement these solutions is to pay close attention to the CA recommendations on VM settings (if using the virtual appliance), and to ensure they seek assistance from someone familiar with implementing this specific solution. CA has their own professional services division, and there are several consulting firms such as ourselves who have experience implementing this solution.

We work with multiple API solution providers. Each has their strengths and weaknesses. We work with our clients to understand their needs, current IT infrastructure, future-state IT infrastructure, and roadmap, then provide them with our solution recommendations based on this input and our own personal experience implementing API management and identity and access management solutions.

API management solutions have many additional valuable features that some IT development purists might not feel “should” be handled by an API gateway. Two examples include the API gateway’s ability to process business rules on a service, and the API gateway’s ability to provide orchestration. One could certainly have a lively debate about whether the API gateway is the “right” place to do this, but the point I try to make is that in the real world, work comes at you fast; you have to be nimble and responsive to customer demands. I have been in situations where a business requirement and deadline could not be met because certain architecture was not ready or the team who would normally handle this work was already fully utilized on other requirements. Because the API gateway can handle these tasks, it provides increased flexibility. The new functionality can be added into the gateway and later moved out to a service bus or microservices architecture as time allows.

The most valuable aspects for us are the security features, such as OAuth and access control. Furthermore, it's a flexible tool that performs well.

It's a great tool, but I wouldn’t say it streamlined anything. It does just exactly what we acquired for, which is to connect and manage data from our legacy system to the cloud and to mobile. We had some digital channel projects that required back-end integration and needed security on the gateway to handle the throughput that would be coming, so we chose API Management.

I'd like to be able to import a Swagger file through the gateway.

We have been using it for three years.

We've had no issues with deployment.

It has been stable from day one. We haven’t seen anything to suggest it won’t continue to be.

It's scaled just fine.

The online material is fantastic and the CA API Academy videos are excellent.

The initial setup was complex and difficult mainly because we didn’t have heavy Linux support guys.

It takes longer than you would think; timing it is essential.

We've been using it to program intermittently. There's a problem with one version, which saves pretty slowly. Now it's good. Then we found that this is cheaper. The advantages include the coding, as well as getting emails and alerts from them.

I mostly used it when working in the banking sector. There are many bank connections going on every day, especially during the holiday season, which can be kind of tough. We need to straighten the books, which can include how much money came in, how much money was lost, etc. If the information is not there, there will be a problem. We needed a program to keep track of the data.

This solution gives us an insight to the original view. It tells us how much data is there and it provides manuals to use it. So the technician office is there and it gives us some data. For the moment, we can change anything in the software, like enlarging it for example. 

It improved our organization because it gives the management data to discuss for the next course of action and it suggests what to work on, as the next thing.

I published APIs in the CA environment also. That's very good. I haven't done it in my workspace on a personal level, but it's a good thing. I have already published APIs with other solutions, but there is a bit of a difference and that is good for CA. CA is better than Apigee because CA allows you to make changes and is a little generous in terms of where to go with the project. It's good.

It's very good at supporting a large number of APIs or transactions. The transport of APIs is needed. Everything in CA is very easy for developers, because when a developer logs he can view it right away. With other systems, it isn't as easy. I like this. It's going up in the market.

I think it's very valuable because of the support desk in one application. It protects us well. That is very important.

In terms of security, it's mostly been enough until now. I had used them in my local work. I was playing with them and saw that they support everything. It's almost all covered so far.

From the last version, they have added more dashboard support, but there is still a lot they need to improve. The thing is, on the chart you can set it to forty seconds or one minute. That's fine, but if you hold any request it should be clear on the graph. For instance, on the dashboard of the graph it should be written around it. It should say, this is the response time here, etc. In terms of monitoring, it's almost all covered. The interface can be improved, though.

It's really stable. That I can assure you. That is the one thing which I have to fight for with my managers because they ask why we should not move to a different solution. They said another solution is more stable. I told them that they are looking at the market analysis. We should test it ourselves. It's a really major banking project that we're working on.

Scalability is really good because it's very easy to create new users. It's really good.

There are 43 people using CA. We will use CA to its maximum capacity. It has become very popular in my office.

I never needed to use their technical support. If you need it, you could chat with the online support team. That's it.

We used Apigee and API Connect. I found that CA is more stable than the others. When you are deploying code, you also need the previous versions. With CA I can track all the changes. It's more stable and reliable.

The initial setup is simple. If you are a novice it could be complex, but if you are good at working with computers it should be very simple. It takes about seven or eight minutes, including configuration.

All we have to do is consider our code and environment for the applications. For instance, what things are going to happen.

We used three people for deployment. One is project development guy that we might move because development is getting smooth nowadays.

We currently have 18 people, of which seven are developers and three are in management. So there are eight people in back-end maintenance.

You can imagine that we are in a gem mine. It costs money to supply the equipment and then we can get 45 gems. It's difficult to know the ROI until you get the gems out.

I would say implement it. If you are new to APIs and things, you won't understand it, but if you have some experience it will be okay.

I would rate this as eight of ten.

CA has incredible reach in the market across industries. To have the opportunity to partner with CA has been great for us, a great exposure. They have got a very compelling platform that enables organizations to easily develop and roll out mobile applications. 

A lot of their customers have come and said, "We'd like to be able to enable these mobile applications with biometric authentication capabilities." It is really a nice blend. We are able to provide that capability to enable that platform to deliver that to their client base.

Our solution has been around for several years now. It is FIDO certified. It has got compliance certification from the government, so it is very stable. The underpinnings of Samsung Pay deployed in South Korea. There are five and a half million consumers using that platform. That is one of the largest biometric deployments probably out there today. Then, we are a global organization, so we have deployments throughout the world and across different industries. 

The solution is already supporting about five and a half million consumers in South Korea, so it is scalable. Today, there is a server element to that solution. From the client's side, it is SDK-based, but there is a server element. We can support about two million users on each server, then you can nest servers together. 

We have no concerns about scalability at this point.

We have not gone into production yet. We have not had direct experience with CA's tech support. I can tell you that our development and our technical folks have been working very closely with their development teams. They have teams in India that we work with and teams in Vancouver that we work with. It has been a really good experience for us. Because it is global, you have got to be around the clock to some degree. So far, there have not been any issues. We have a US-based tech support team that as this thing goes into production with clients, we will be leveraging that team as well as the CA team.

There is a server element and a client-side element. The server side installation is fairly straightforward. We don't provide hardware for the server installation, but we provide specifications, then we will help an organization work through it. In pretty much a day or two, you can get a server stood up and working. 

On the client side, it is integrating. You're taking this SDK, and you're integrating into native mobile apps. The complexity of that depends upon what you are trying to accomplish. Certainly, with simple use cases, we have had people spin this up in days. As you get more complex in the use cases, you might be looking at weeks. However, this is not a three to six month type of implementation timeframe. It is more of a three to six-week type of implementation timeframe.

I do not have a lot of competitive information on other mobile access or mobile API gateways. So, it is hard for me to say how it ranks against other competitors. I will say that it seems like it is deployed in dozens, if not, over a hundred different companies. That says for itself that it is a very strong product. 

I would put it up in the eight to nine category out of a 10, if I had pinpoint a number.

Most important criteria when selecting a vendor: CA is extremely appealing because of the reach that they have across industries, and they are pretty deep in many industries. They bring some brand recognition to the table, and obviously Samsung has a very strong brand as well. You combine those two brands, and that just creates a compelling offering which will get the attention of companies out there. 

Obviously, the support piece is important, the product stability, and how robust that product are very important to us. We look at that on a number of different dimensions.

We use Layer7 API Management for digital banking: for signing, validation, transactions, etc.

We are a partner, so there are roughly 40 people inside my company working with Layer7.

The mobile access gateway (MAG) is tremendous.

Its ID authentication is a little outdated. I think they should start using face ID.

They need a multifactor authentication solution for the API layer and the other layers, as well. Today, we don't have face recognition for the gateway. We don't have palm recognition either. This would add a needed additional security layer.  

I have been using this solution for roughly two to three years.

This solution is very stable. Once you have the other patches applied it's really stable.

Layer7 API Management is very scalable.

Overall, I would give their technical support a rating of six. It was better before Broadcom acquired it from CA. If they improved their response time, I would give the technical support a higher rating.

The initial setup is very easy.

We have implemented this solution for three banks. One bank took three months and another took six months to fully implement due to an additional security layer.

It really depends on the size of the bank and the number of transactions that you have to validate, the board members, and the customer flows within the bank.

If you wish to implement Layer7 API Management, it is paramount that you understand, first, what you need.

Most of the time, the customer doesn't understand the power of APIs and how they should be managed inside an organization. If your customer doesn't have a plan, it doesn't matter what solution they use — nothing will work.

Overall, on a scale from one to ten, I would give this solution a rating of nine.