Layer7 API Management Review

It's a purveyor of tools for managing and securing APIs. It is flexible in how it creates custom policies and uses builds with impressive methods.

We implemented few Layer7 project to various organizations. Most of them just use it as a 'proxy' for policy checking. For example, limit the number of access attempts on specific page from the same IP for a specific duration.

Other clients use it for logic flow, to create a workflow integrated with the Australian government's MyGov framework, which is beyond just security checks.

Some of the common useful functions/assertions (e.g., JWT encoding/decoding) are only available in other CA products. The client needs to purchase and install those products in order to make it available for Layer 7. I don't think it is justified to maintain another product that is not really needed, in order to have just one function. If those common, useful functions could be part of the core Layer7 product, that would be great.

Provide complete documentation with examples of usage on its build in assertion/function.

Easier to find documents (e.g., cluster setup).

We have been using this solution for two years.

• When more than one developer is working on separate policies, it is hard to export, import, and merge the policies to other parties
• When migrating to different environments
• When integrating with SVN/Git: This is not well documented

There were no stability issues. It is a very stable and mature product. So far, there have not been many complaints from clients regarding the stability.

Scalability performance has always been an issue. It behaves slowly when communicating with Windows-based servers (e.g., F5 load balancer or DB server, as compared to when communicating with a UNIX server.)

Customer service provides good and fast responses. They help a lot when problems occur. They always respond in a timely fashion.

Technical support provides good and fast responses. They help a lot when problems occur. By the way, the forum is also helpful for self-service.

We didn't use other solutions before this one.

The setup was simple, as it comes with the OVA file. It reduced a lot of time and problems in the deployment. The main focus is on integration with client's exiting infrastructure, instead of setting up Layer 7.

We are the vendor. I have worked on this product for more than two years and implemented it in at least three organizations.

We are the vendor and we implemented it for clients. We do not use it for ourselves. We are not aware of the ROI.

The pricing and licensing issues are done by other staff members. I have no idea on how much it costs or what the pricing structures look like.

I believe the company already did a lot evaluations with other similar products.