CA API Management Review

Monetization module is unique, but security protocols for financial service were not up to par

What is our primary use case?

Our primary use case for this solution is opening up our APIs to the development community so they can help us innovate some of our banking products. We've demoed CA API Management and we've done one proof of concept with it, but we are not using it on an ongoing basis.

How has it helped my organization?

We are a bank, and any API management tool helps us find the right partners to build new products in new markets. Given that we are going down the path of open banking, this type of tool is, perhaps, going to be one of the integral components of our tech deployment.

What is most valuable?

  • Containerization
  • The monetization module 

They're quite unique for an API tool. 

Although we didn't test the monetization, the flexibility of the tool could be quite useful. Right now, we're not looking to monetize any of our open APIs for the next few months, but it will be a focus for banks in a year or so. The nimbleness of the monetization tool is very good, where you can just drag and drop elements that would make up the monetization.

In addition, the development time and rollout time are pretty quick.

What needs improvement?

This is not specific to CA's tool, but API tools in general. There are two schools of thought: There is the "Apigee" school of thought that says that we don't need hardware to implement security, and there's the "API Connect" school of thought which says some sort of an enterprise service bus would be critical to the success of the API management tool. 

I find this hardware reliance is a bit archaic. The biggest reason I would want to get an API management tool is to get rid of the hardware. If I have to have the hardware and put the tool on top of it, that makes it a bit cumbersome for us because the maintenance of the hardware, for any enterprise service bus, is in hundreds of thousands of dollars per year.

It needs to go into virtualization.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

One of the reasons that we chose to go with another tool was because we found that CA API Management was crashing quite often. We called technical support about this, but since the deployment time was so short, we only called them a couple of times before we made a decision.

What do I think about the scalability of the solution?

We didn't take it to scale, but from what I've read and from the literature that was provided to me, it seems that it's built for large transactional orders.

How is customer service and technical support?

Our interactions with technical support were okay; nothing to write home about.

Which solutions did we use previously?

In terms of using this solution to modernize legacy systems via microservices/APIs or developing a new platform for mobile/IoT, we haven't used CA's API tool, but the API tool we are using right now is helping us replace some of the old, monolithic systems. It's helping bring a more agile approach to our API development, our exposure of microservices to the world.

How was the initial setup?

The setup was a bit complex in the beginning, but I think that's for true for any technology that you want to implement for the first time.

The deployment took six to eight weeks. We had a roadmap that we were following, as an implementation strategy. I can't go into what that process was. For the deployment, we had five FTEs on our side and the implementation team had another two or three, and there was also a manager.

Once it was deployed it took four people to maintain it and for API development. And then we had a team of 40 Intel developers who were using it off and on.

What about the implementation team?

We used a local implementation partner to help set it up.

What was our ROI?

For the business case that we have, we would have made no money on this within the first 36 months. We would probably have started seeing return on investment when there was traction in the developer community for our APIs. Once we would have a couple of good implementations with the e-commerce companies, then we'd see a return on investment.

I also feel that from a resource-reduction and right-sizing perspective, eventually we would be able to bring that down a little bit because we would need internal product teams to be that active in the long-term.

What's my experience with pricing, setup cost, and licensing?

We weren't comfortable with the pricing of licensing. It was slightly more expensive than its competitors.

Which other solutions did I evaluate?

We found that API Connect had superior features. The security protocols in CA's product, for financial services, weren't as good as those in API Connect.

What other advice do I have?

With respect to supporting a large number of APIs and/or a large number of transactions, we didn't use it for a large number of transactions. It was a PoC so we only used it for limited connectivity. But from what I've read and from what I've heard from other users, the volume management and traffic flow management is actually pretty good for CA's tool.

I would rate the solution at six out of ten, overall. It didn't meet all of our needs.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email