CA API Management Review
Manages and secures APIs

Valuable Features

It's a purveyor of tools for managing and securing APIs. It is flexible in how it creates custom policies and uses builds with impressive methods.

Improvements to My Organization

We implemented few Layer7 project to various organizations. Most of them just use it as a 'proxy' for policy checking. For example, limit the number of access attempts on specific page from the same IP for a specific duration.

Other clients use it for logic flow, to create a workflow integrated with the Australian government's MyGov framework, which is beyond just security checks.

Room for Improvement

Some of the common useful functions/assertions (e.g., JWT encoding/decoding) are only available in other CA products. The client needs to purchase and install those products in order to make it available for Layer 7. I don't think it is justified to maintain another product that is not really needed, in order to have just one function. If those common, useful functions could be part of the core Layer7 product, that would be great.

Provide complete documentation with examples of usage on its build in assertion/function.

Easier to find documents (e.g., cluster setup).

Use of Solution

We have been using this solution for two years.

Deployment Issues

  • When more than one developer is working on separate policies, it is hard to export, import, and merge the policies to other parties
  • When migrating to different environments
  • When integrating with SVN/Git: This is not well documented

Stability Issues

There were no stability issues. It is a very stable and mature product. So far, there have not been many complaints from clients regarding the stability.

Scalability Issues

Scalability performance has always been an issue. It behaves slowly when communicating with Windows-based servers (e.g., F5 load balancer or DB server, as compared to when communicating with a UNIX server.)

Customer Service and Technical Support

Customer Service:

Customer service provides good and fast responses. They help a lot when problems occur. They always respond in a timely fashion.

Technical Support:

Technical support provides good and fast responses. They help a lot when problems occur. By the way, the forum is also helpful for self-service.

Previous Solutions

We didn't use other solutions before this one.

Initial Setup

The setup was simple, as it comes with the OVA file. It reduced a lot of time and problems in the deployment. The main focus is on integration with client's exiting infrastructure, instead of setting up Layer 7.

Implementation Team

We are the vendor. I have worked on this product for more than two years and implemented it in at least three organizations.


We are the vendor and we implemented it for clients. We do not use it for ourselves. We are not aware of the ROI.

Pricing, Setup Cost and Licensing

The pricing and licensing issues are done by other staff members. I have no idea on how much it costs or what the pricing structures look like.

Other Solutions Considered

I believe the company already did a lot evaluations with other similar products.

Disclosure: I work for the vendor.

Add a Comment

Why do you like it?

Sign Up with Email