We just raised a $30M Series A: Read our story

Layer7 API Management OverviewUNIXBusinessApplication

Layer7 API Management is the #7 ranked solution in our list of top API Management tools. It is most often compared to Apigee: Layer7 API Management vs Apigee

What is Layer7 API Management?

To compete successfully and thrive today, enterprises across every industry need to transform. This process is not just about incremental improvement, but about evolving core businesses to meet the demands of today’s connected world.

CA API Management accelerates this digital transformation by providing the capabilities you need to bring systems together, secure these integrations, deliver better customer experiences faster and capitalize on new opportunities.

Read more at http://www.ca.com/api

Layer7 API Management is also known as CA API Management, CA Live API Creator, Espresso Logic, CA API Gateway.

Layer7 API Management Buyer's Guide

Download the Layer7 API Management Buyer's Guide including reviews and more. Updated: October 2021

Layer7 API Management Customers

Alaska Airlines, The Advisory Board Company, Amerigroup, IceMobile, R+V Versicherung, U.S. Army - plus hundreds of other customers in the banking, energy, finance, healthcare, government, manufacturing, transportation and retail sectors.

Layer7 API Management Video

Pricing Advice

What users are saying about Layer7 API Management pricing:
  • "Keep in mind the non-product licensing, e.g., if you opt not to use the embedded SQL."
  • "If you do a TCO of more than five years, then you will see a big jump in costs for some vendors."
  • "At the time we bought the product it was a perpetual users license and there has been no need for additional licensing fees."
  • "There are some costs for maintenance that we are charged, but that seems fair because we get the support."
  • "This solution is a bit more expensive than competitors."
  • "It was very high at that time. We are a Broadcom CA partner, and we got it only for testing purposes. We didn't pay anything for it."
  • "It is a pricey product, although not extremely overpriced compared to competitors in the market."

Layer7 API Management Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Ewan Sadie
API Technical Lead at Sanlam
Real User
Top 5
Serves to standardise routing messaging services into a single API view with multiple channels

Pros and Cons

  • "A big win for CA was the expertise of the local country support plus having support staff on site in a matter of hours, if required."
  • "The Portal lacks maturity. Since the move from Portal 3.x to 4.x, a lot of features were removed. It is slowly coming back. I can see a lot of changes are done in the "background" to decouple components and make it more flexible. Those changes are just not getting to the UI side quick enough."

What is our primary use case?

We started off exposing REST APIs to other business units and our external partners by doing legacy integration.

The Gateway is a security control point and a way to drive standardisation.

Live API Creator is used very successfully by one of our businesses to run all their APIs. Other BUs use the Live API Creator to create the easy, "quick win" APIs, which do not make sense to host on the ESB or where resources are not available to do it quickly.

We handle some SOAP services where we are only interested in adding additional security and metrics on top of the SOAP services. We even transform JSON REST to SOAP where legacy internal ESB systems are not able to use REST.

We have seen a huge uptake in routing messaging services, like SMS and WhatsApp. The Gateway currently serves to standardise these into a single API view with multiple channels.

How has it helped my organization?

It is assisting in the uptake of JSON REST services. For quick wins, we are doing the basic transformation on the Gateway and handling all the security ingress and egress of the Gateway. The Gateway technology is an IdP for our APIs as well as in multiple different back-end auth providers.

By handling the security in the Gateway, we can standardise JWT on all internal systems, but do so in a phased approach. E.g migrating from LTPA to JWT.

We adopted SCIM v2 as a user payload standard inside JWT.

It is also assisting in standardising our APIs across the group.

We are leveraging the platform to enforce error code standardisation to RFC 7807.

Developers are now empowered to deploy their own APIs instead of our legacy way of routing everything via a central IT team. This drives the DevOps way of working as the portal exposes all functionalities via APIs once our businesses are integrated into the portal in Jira for external workflow.

What is most valuable?

The Gateway is extremely flexible, which was one of the big plus sides.

We had to do a lot of custom integrations which the Gateway made quite easy. E.g. we have shortcomings in our existing legacy product stack so we leveraged the CA Gateway to handle these. (This is not necessarily just a technology limitation but a licensing limitation as well.) The Gateway is capable of integrating into the legacy IBM space. This was one of the reasons the product was chosen.

The capability to extend the Gateway functionality into reusable components is a big plus for us.
As we start integrating more platforms we face small behavioural differences between different technologies. The gateway lets you change very low level features to to change or add to the base functionality. As an example in one of our legacy systems we proxy the other system token endpoint. That way we could control the behaviour of the token endpoints and let different systems that interpret the RFC slightly differently, behave the same.

A big win for CA was the expertise of the local country support plus having support staff on site in a matter of hours, if required. This is not a product feature, but having local support was one of our deciding criteria for choosing the product.

What needs improvement?

The Portal lacks maturity. Since the move from Portal 3.x to 4.x, a lot of features were removed. It is slowly coming back. I can see a lot of changes are done in the "background" to decouple components and make it more flexible. Those changes are just not getting to the UI side quick enough.

The CA Portal concept of multi tenancy does not align with their other products (or how most people see it) and that caught us off guard. CA/Broadcom is addressing this though. I have seen an uptake in feature development since the Broadcom acquisition of CA. It seems that a lot of our concerns were taken up and are being addressed. My rating would have been better if it was not for the Portal. The Gateway I would give a 10 out of 10.

For feature improvements, the way the Portal handles the security of APIs needs a total rework. Luckily, we could customise this layer to work for us but it would have been nice if the options were out-of-the-box. As the product set is very customisable, I would like to see an environment where customers could share and upload customised components or "assertions".

For how long have I used the solution?

Approximately two years.

What do I think about the stability of the solution?

The product is stable. The Gateway is the most mature out of the product set.

We had some issues initially with Live API Creator, but they were resolved by understanding the product behaviour and how it functions. Once the back-end databases were aligned, the stability was okay.

CA was quite quick in fixing any issues with the product. The issue was rather with our side not deploying the fixes that we requested at the same speed as it was resolved.

The release intervals are very short, and you should plan for that. If your company still has a long interval view, then you will have to adapt.

What do I think about the scalability of the solution?

Up until now, we have not hit scaling issues with what we have.

It was difficult to determine the initial requirements purely because of the complexity of our business. As a federated business, each business has could opt to go their own route. Luckily for us, the adoption was very good and we had a good uptake by all the different business units.

We implement a shared infrastructure to lower costs. We are therefore very weary of what gets deployed on a gateway to avoid impacting the bigger business. I assume purely from a control point some business units might want to adopt their own gateways and not based on performance.

How are customer service and technical support?

It is very good. I found the in-country skill and speed of response good.

For our scenario, I think this was/is a game changer.

Which solution did I use previously and why did I switch?

No. Not a solution that support the full API management methodology.

How was the initial setup?

The complexities came into areas where our company wanted to change the default behaviour in the deployment model of the product. Try and stick to the vendor recommendations as close as possible. If it is different to your architectural norms, then challenge your own standards as well.

Our initial understanding of the product's multitenancy made us deploy in a specific way. It could have been done better if we had understood it more clearly.

What about the implementation team?

We implemented in a phased approach. One environment was done by the vendor team. Then, we used that as training where the in-house team could deploy the last environment without the vendor team being onsite.

What's my experience with pricing, setup cost, and licensing?

Keep in mind the product licensing outside of the vendor stack, e.g., if you opt not to use the embedded SQL.

If you do a TCO of more than five years, then you will see a big jump in costs for some vendors.

Make sure you cater for all environments. We went in with three environments but some businesses that came onboard later on required up to five. This probably depends on the complexity of your business. 

Which other solutions did I evaluate?

Yes, we short listed CA Layer7 (Broadcom), IBM, and Apigee as our final three. We also looked at other products, including the big open source products in the market e.g. Kong.

What other advice do I have?

We are very happy with the solution. The product set currently falls within our development area and that is a good fit.

Some companies would tend to bundle this with security or networking as the product set also functions as a security device. By placing it in security, you are limiting yourself a lot and will never reach the full potential of all the product's capabilities. You need technical in-house people with development background to run the product set.

Constantly look at all the features. I found that when revisiting components, which were not important a few months prior, you realise in some meeting a question about a "new" capability would come up.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
BC
IT / Enterprise Architect, IT Consultant at a consultancy with 11-50 employees
Consultant
Top 10
Controlled access using IP filtering, and IP whitelisting for security management and governance

Pros and Cons

  • "It impresses me as a product because it never goes down. It always does what it is supposed to do."
  • "Some users say that the API lacks some features and is lagging behind the competition although that has not been my personal experience."
  • "The interface is Java which is difficult to make look very nice."

What is our primary use case?

We are using it for controlling all web services, traffic, or API traffic. All connections are going through the Layer7 API gateway. That is done for the purpose of security, management, and governance.  

What is most valuable?

The ability to control the web services. Actually what it is being mostly used for is to control the access. Most of the access is being controlled through IP filtering, IP whitelist. In addition to that, we are moving slowly towards using more client certificates.  

What needs improvement?

The user interface — what they call the Policy Manager — is somewhat poor but I think that is because of the technology they have chosen. It is a Java desktop. The user interface for a Java desktop is difficult to make and it is not easy to make it look flashy. If they move to a web interface, that is another problem.  

It cannot match the native Windows interface, but it is okay. It needs to be improved, I guess. That is the only thing I believe needs to be improved in Layer 7. It needs to be easier to navigate and use.  

For how long have I used the solution?

I have been using Layer7 for almost seven years.  

What do I think about the stability of the solution?

Layer7 is absolutely stable. It impresses me as a product because it never goes down. It always does what it is supposed to do.  

What do I think about the scalability of the solution?

The organization is connected through Layer7. It is just there in between the applications, so there are no end users. It is maintained by a very limited staff and I think that is a really nice thing about it. There are just three people using it in the sense that they are acting as operators. You can say that one person is doing it full time, the other two are doing it incidentally and being back up to the main role. This limited team is made up of one dedicated admin and the other two are architects. The integration architects do internal integration consultancy. But they also act as a backup for the admin.  

Layer7 is fully rolled out so there are no plans to further expand usage. We cannot go any further.  

How are customer service and technical support?

There is a technical support representative that we use in the Netherlands and they are okay. They do their work and it has all been fine. There was only one time in the beginning that we did have contact support in the United States, but this was a very specific issue and it was the only time we had to do it.  

The thing is that the product is doing what it is supposed to do so there is no need to really call support. The only service calls we make to support are for moving to new releases. We need to do some preparation and get educated so that nothing goes wrong. But instead of going through all the upgrade documentation, we hire someone to do it for us. They do it in a day when it would take five days if we did it by ourselves.  

How was the initial setup?

There are some complexities to the installation, of course, but I do not think it is very complex overall. On the other hand, I would not say that it is straightforward. What we did was have the Layer7 people come to help us get educated. There was a company representative from the Netherlands who came to help us with courses and learning about the product and he explained things well. That was sufficient in order to get started.  

There were no initial shocks or difficult things with the installation. It ran fairly smoothly.  

But I say that it is not simple because it is not a minor effort. You have to prepare and do things as you roll it out. It is not enough to just connect it, put on the networks, and plug-and-play. You need a somewhat educated staff of people who are technically savvy enough to work with the product. But if you do everything right, then you will not have any trouble.  

The part that is the most complex is where you have to define policies. In that case, you have to know what you are doing. If you want to accomplish some things that are more innovative then you need to understand everything.  

What about the implementation team?

The deployment developed gradually. We deployed five different instances and we worked on them one-by-one. It went pretty smoothly and according to our plans. We just started with one connection, then we added another connection, and then we could see what it was doing and how it behaved. You have to understand what it is doing before slowly moving into the next step.  

When you introduce a gateway, you need to reroute all the connections. You need to inform the users that they have to change the addresses in their programs. It is really a major operation. The exercise is a healthy one because you end up having to put everything in order. So the deployment itself has a value.  

What's my experience with pricing, setup cost, and licensing?

We bought the product long ago. At that time it was a reasonably low price and it was a perpetual user's license. There was no need for additional licenses.  

It was a great deal if you look at it in that perspective. I think that there are some costs for maintenance that we are being charged, but that is not really something to worry about and it seems fair.  

What other advice do I have?

On a scale from one to ten where one is the worst and ten is the best, I would rate this solution as a nine-out-of-ten. In order to rate it 10, it would need to be perfect. What I find other people saying is that the product portal for API development lacks some features. People who need that functionality are not impressed. They say it is lagging behind the competition. That is not my experience so I do not know anything about it. I have to guess they are right from their first-hand experience.  

What I do not know — but it could be a potential problem — is when you have to deploy the products in the cloud. That might be an issue. Because it is best-of-breed, you are not going through Microsoft or Amazon or Google. That means that you are not working with a solution native to those platforms. You may need to implement an infrastructure product somewhere in the hosting platform — for example, in Microsoft cloud — and I think it is kind of a challenge.  

Layer7 has published on their site that this can be done. But the cloud companies will probably do things in order to help promote the use of their own products and by that measure discourage customers from using products like Layer7. That might be a problem for the people who want to use the Layer7 API Management.  

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Learn what your peers think about Layer7 API Management. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,823 professionals have used our research since 2012.
ITCS user
Enterprise API Architect at a retailer with 10,001+ employees
Real User
Top 5Leaderboard
We created Enterprise API Management Layer for our legacy systems using this solution.

Pros and Cons

  • "The solution fills our two most important concerns in seeking an API solution by providing a reliable gateway and security options."
  • "The setup was not as straightforward as it should have been. Support should be improved."
  • "The architecture of the solution does not allow for flexibility in using different components for the gateway architecture."

What is our primary use case?

I am an Enterprise API architect and we are one of the biggest conglomerate organizations in Dubai. We have a lot of retail businesses,  automotive businesses, and other interests. What we are doing is using the API Management to build out a proper, consistent API layer for our legacy systems and microservices as well. That will enable us to expand our reach in digital channels.  

We are already using Dell Boomi in our organization for ESB purposes and are more focused on that development right now and hope to do more with Layer7 in the future.  

How has it helped my organization?

Layer7 is the most important step in our Application Modernization strategy. We envision to create an Open Architecture which allows us to adapt to ever-changing market needs. It is a key enabler in decoupling the core applications from the digital channels thereby giving us the flexibility to build the plug n play architectural landscape. 

What is most valuable?

Because we have only used the gateway part of the Layer7 solution, we have not explored a lot of the potential and capabilities in detail. It would be premature to go into details about what we may use or discover will be useful in the future. We still have to go into production. Feedback in terms of usability or the broader scope of features is not possible. The product has more capabilities that we were looking for in an API gateway in terms of security as well. We plan to incorporate all its advantages.  

The gateway and security features were the two most important requirements for us and the product has definitely met our expectations. That is currently most valuable to us.  

Upcoming features that we will soon incorporate will be Developer Portal, Live API Creator and Blazemeter.

What needs improvement?

In terms of what could be improved, I think they do not have a good enough knowledge base on setting up the API Management Layer, especially on Azure using containers. In the corporate world, this solution is becoming very popular as we move forward.   

So something that I would like them to improve on is their information resources because we need more assistance / support from them to get our API Management Layer set up correctly on Azure. They still have a lot to do in this area in terms of support and building a community. But we have confidence, it would improve moving forward.  

When you talk about full API life cycle management, they lack inbuilt support of community forums as part of their offering which can be published to external developers. The forum can become an important hub for communication between our organization’s API Team and app developers who wish to use our APIs. Using the forums, developers will be able to post questions using the forum.

For how long have I used the solution?

I think we are dealing with only a smaller part of the capabilities of Layer7 as we have just started using the gateway. So we are using it almost only as a gateway right now. We plan to broaden the scope and we are in the process of onboarding full API life cycle management as well. We only deployed it a few months back on the gateway level.  

What do I think about the stability of the solution?

We have not had many problems, but again, we are not testing under full, live production loads.  

What do I think about the scalability of the solution?

We have not gotten far enough along to test the scalability of the product, but it was made for enterprise solutions so it should be readily scalable.  

How are customer service and technical support?

From the support side, the Broadcom / CA Team has supported us well.

Which solution did I use previously and why did I switch?

For APIs, we were using Broadcom API Gateway. We were using Dell Boomi iPaaS, we were using F5 load balancing, and a web application firewall. All of these components we have in our organization. We may be able to reduce the number of solutions.  

Broadcom is actually the same product as the CA Technologies API gateway. CA (Computer Associates) was bought out by Broadcom. So now the CA API is the Broadcom Layer7 management solution which they are updating and improving. We stayed with the product when the product changed names.  

How was the initial setup?

The guys we used to do the installation were from a local UAE team. Their experience on Azure is limited. But at this point it is fine. I think we are more-or-less satisfied that what we have now is done correctly. 

What about the implementation team?

We used combination of internal and external team because we thought it would save time and effort.  

What's my experience with pricing, setup cost, and licensing?

When it comes to pricing, I think we cracked a good deal with Broadcom on Layer7. It may be because of the COVID-19 situation. Whatever the reason, from a pricing perspective we have found the solution to be a good deal for us.  

What other advice do I have?

On a scale from one to ten where one is the worst and ten is the best, I would rate Layer7 as a nine. Right now it is a bit premature to rate the product overall but in terms of the disappointment in the community support opportunities, I would rate it as a seven as of now.  

I think with the situation that we are in and with the current economic atmosphere, there is definitely a reason for those looking for an API solution to also consider open-source products. Instead of going with the proprietary products, sometimes considerations depend on the size of the organization and the budget. Every organization should first analyze what they need. If they need an enterprise-class product definitely Broadcom Layer7 is a good solution. But if an organization can manage their needs with an open-source product, or the team has a good knowledge of the APIs and the ability to customize, then I think that open-source can be a viable option. As long as the product is sufficient to fit the needs, moving forward with some sort of an open-source product is just as well.  

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Alfredo Silva
Experience Design Lead and Strategist at a consumer goods company with 51-200 employees
Real User
Top 5Leaderboard
Many API protections against attacks, reliable, and good technical support

Pros and Cons

  • "When I have used technical support they helped me a lot. Sometimes they took a long time to respond because we had very complex issues that we asked them for help with, but I think it is a very good service."
  • "The Policy Manager tool that is used to manage the solution is very heavy to use because it is based in Java. Sometimes it takes a long time to load. There could be some improvements to it. If they could make Policy Manager on a web page that would be a good alternative."

What is our primary use case?

Our clients use the solution for a secured layer to protect their API. Most of them have two kinds of API, the frontend, and backend.

What is most valuable?

There are many beneficial features in this solution that protect against attacks, such as SQL, injection, and the internet.

What needs improvement?

The Policy Manager tool that is used to manage the solution is very heavy to use because it is based in Java. Sometimes it takes a long time to load. There could be some improvements to it. If they could make Policy Manager on a web page that would be a good alternative.

For how long have I used the solution?

I have been using the solution for approximately three years.

What do I think about the stability of the solution?

I have found the stability very good.

How are customer service and technical support?

When I have used technical support they helped me a lot. Sometimes they took a long time to respond because we had very complex issues that we asked them for help with, but I think it is a very good service.

How was the initial setup?

The initial setup was very easy and straightforward. However, the first and second time we did it was a bit complex because we were not used to the installation.

What about the implementation team?

We have done the implementation and the time it takes depends on the client's use case. You can do the installation and have some APIs working to generate some values for the clients in approximately 30 days.

What's my experience with pricing, setup cost, and licensing?

This solution is a bit more expensive than competitors.

Which other solutions did I evaluate?

My clients evaluate others solutions before they chose this one, such as AWS, and Apigee from Google. The most common option that they evaluated was Apigee because of the price.

The main difference was AWS and Apigee to this solution is they have a lower price but they do not have all the features that this solution has. It depends on the client, they have to decide between what features they want to implement. If there are not many features to implement they can go with Apigee or AWS, but if there are more complex implementations they try to go with Layer7.

What other advice do I have?

I would recommend this solution to others. I really like the solution.

I rate Layer7 API Management a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
JV
Senior System Engineer at a tech services company with 51-200 employees
Real User
The best part about it is that it doesn't stop if something is missing during the installation, it looks for it on its own

What is our primary use case?

We primarily use Layer7 API Management to monitor stuff. I'm the one who installs it. They sent me a TAR file, I unloaded it to TAR, brought it up, and made everything work. I gave it the three different network configurations to talk to the three different domains, and then I turn it over to the guys, and they do what they got to do with it.

What is most valuable?

The best part about it is that it doesn't stop if something is missing during the installation. It looks for it on its own. I don't have to be there to do it physically.

For how long have I used the solution?

I've been using Layer7 API Management for about three months.

What do I think about the stability of the solution?

Layer7 API Management appears to be stable. No one has called…

What is our primary use case?

We primarily use Layer7 API Management to monitor stuff. I'm the one who installs it. They sent me a TAR file, I unloaded it to TAR, brought it up, and made everything work. I gave it the three different network configurations to talk to the three different domains, and then I turn it over to the guys, and they do what they got to do with it.

What is most valuable?

The best part about it is that it doesn't stop if something is missing during the installation. It looks for it on its own. I don't have to be there to do it physically.

For how long have I used the solution?

I've been using Layer7 API Management for about three months.

What do I think about the stability of the solution?

Layer7 API Management appears to be stable. No one has called me to say that it's not working.

What do I think about the scalability of the solution?

Layer7 API Management is a scalable solution.

How was the initial setup?

The initial setup wasn't that hard. You got all the Postgres and all those other little add-ons. It makes sure you've got this installed and that installed. There are prerequisites for what it needs before it gets up and running, but that's a piece of cake.

It all depends on how good your developers are. I know Nutanix and VMware. If you want to do a quick setup with VMware, they have everything preloaded, everything comes in one package, and everything needed for your application to work is already loaded into the bundle.

With SolarWinds, everything is configured for their SolarWinds app, and it's like having a Windows disc with the little features you can add. It's like, if you install the software for Windows or some of these other applications, you can break it down to where you can add in features as needed.

What other advice do I have?

I'd rate it an eight out of 10, no solution is perfect.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
SM
CEO and Co-Founder at a tech services company with 11-50 employees
Real User
Top 10
A good solution for microservices and APIs, but its price is high

Pros and Cons

  • "We loved the portal part the most, which had monetization and showed how people were using the stuff. It is a good product as a whole and has a lot of microservices and granular features."
  • "The delivery is bulky in terms of implementation. Its price could also be better. It is a very good product as compared to CA API, Google API, and WSO2 API, but its price is high. From the cloud-native perspective, some new features need to be added. It could also be made simpler to implement."

What is our primary use case?

We had a test version, which was more of an on-prem version, and we also had some on the Docker for a live API creator. 

We are a security service company, and we provide a lot of solutions in that space. We were just trying to have a frictionless authentication product, so we were working on that. We were looking for a Gateway that can serve in an API, and we've already got an open-source solution.

What is most valuable?

We loved the portal part the most, which had monetization and showed how people were using the stuff. It is a good product as a whole and has a lot of microservices and granular features.

What needs improvement?

The delivery is bulky in terms of implementation. Its price could also be better. It is a very good product as compared to CA API, Google API, and WSO2 API, but its price is high.

From the cloud-native perspective, some new features need to be added. It could also be made simpler to implement.

For how long have I used the solution?

We have been using this solution for four to five years.

How are customer service and technical support?

Technical support was okay. We were getting good support. We had access to the portal, and the support was good enough.

How was the initial setup?

It was a little complex initially. We struggled a bit initially to understand this solution, but later on, it was okay. I do not exactly remember the issues, but initially, our team was facing a lot of problems in terms of virtualization.

What's my experience with pricing, setup cost, and licensing?

It was very high at that time. We are a Broadcom CA partner, and we got it only for testing purposes. We didn't pay anything for it.

What other advice do I have?

I would recommend this solution to others. This is one of the good solutions for microservices and APIs and for people who need to go the digital way. There are a lot of other solutions that are coming into the market, and the infrastructure landscape is changing.

I would rate Layer7 API Management a six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
ANDRE MONTEIRO
Account Director – SEC4YOU Cybersecurity (previously Presales Engineer) at Sec4you
Real User
Top 10
A visual user interface to instantly create APIs

Pros and Cons

  • "The mobile access gateway (MAG) is tremendous."
  • "They need a multifactor authentication solution for the API layer and the other layers, as well."

What is our primary use case?

We use Layer7 API Management for digital banking: for signing, validation, transactions, etc.

We are a partner, so there are roughly 40 people inside my company working with Layer7.

What is most valuable?

The mobile access gateway (MAG) is tremendous.

What needs improvement?

Its ID authentication is a little outdated. I think they should start using face ID.

They need a multifactor authentication solution for the API layer and the other layers, as well. Today, we don't have face recognition for the gateway. We don't have palm recognition either. This would add a needed additional security layer.  

For how long have I used the solution?

I have been using this solution for roughly two to three years.

What do I think about the stability of the solution?

This solution is very stable. Once you have the other patches applied it's really stable.

What do I think about the scalability of the solution?

Layer7 API Management is very scalable.

How are customer service and technical support?

Overall, I would give their technical support a rating of six. It was better before Broadcom acquired it from CA. If they improved their response time, I would give the technical support a higher rating.

How was the initial setup?

The initial setup is very easy.

What about the implementation team?

We have implemented this solution for three banks. One bank took three months and another took six months to fully implement due to an additional security layer.

It really depends on the size of the bank and the number of transactions that you have to validate, the board members, and the customer flows within the bank.

What other advice do I have?

If you wish to implement Layer7 API Management, it is paramount that you understand, first, what you need.

Most of the time, the customer doesn't understand the power of APIs and how they should be managed inside an organization. If your customer doesn't have a plan, it doesn't matter what solution they use — nothing will work.

Overall, on a scale from one to ten, I would give this solution a rating of nine.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
SW
Automation Engineer at a computer software company with 10,001+ employees
Real User
Top 5
Stable, straightforward to set up, and has centralized management

Pros and Cons

  • "It is helpful to have a central API that is hosted and managed."
  • "If they had different levels of support available then it would be easier to justify the costs."

What is our primary use case?

This product is used to expose some internal APIs to help us automate different activities.

How has it helped my organization?

What is most valuable?

It is helpful to have a central API that is hosted and managed.  It reduces costs and customers, suppliers, and vendors receive a uniform interface.

What needs improvement?

The license model and the cost of licensing can be improved. Especially given that we are in a stable operational mode.

For how long have I used the solution?

We have been using Layer7 API Management for five or six years, and we have been actively using it this year.

What do I think about the stability of the solution?

It has been working quite well for a long time.

What do I think about the scalability of the solution?

It's been working for us, from a scalability perspective. It's implemented within a central group, so there are just a couple of roles that run it. The APIs we host are stable.

How are customer service and technical support?

We are in a stable maintenance mode, so we haven't had to engage customer service/technical support for some time.

Which solution did I use previously and why did I switch?

We did not use another similar solution prior to this one.

How was the initial setup?

It's a complex product, but I would say that the initial setup is straightforward.

What about the implementation team?

Our in-house team handled the deployment.

We have a handful of IT admins and app admins who specialize in maintaining Layer 7 

What was our ROI?

What's my experience with pricing, setup cost, and licensing?

It is a pricey product, although priced to the market. 

Which other solutions did I evaluate?


What other advice do I have?

Overall, this is a good product. It's been stable and working for us, and our main difficultly is people calling out the price point on it.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Product Categories
API Management
Buyer's Guide
Download our free Layer7 API Management Report and get advice and tips from experienced pros sharing their opinions.