Layer7 API Management Valuable Features

Ewan Sadie
API Technical Lead at Sanlam
The Gateway is extremely flexible, which was one of the big plus sides. We had to do a lot of custom integrations which the Gateway made quite easy. E.g. we have shortcomings in our existing legacy product stack so we leveraged the CA Gateway to handle these. (This is not necessarily just a technology limitation but a licensing limitation as well.) The Gateway is capable of integrating into the legacy IBM space. This was one of the reasons the product was chosen. The capability to extend the Gateway functionality into reusable components is a big plus for us. As we start integrating more platforms we face small behavioural differences between different technologies. The gateway lets you change very low level features to to change or add to the base functionality. As an example in one of our legacy systems we proxy the other system token endpoint. That way we could control the behaviour of the token endpoints and let different systems that interpret the RFC slightly differently, behave the same. A big win for CA was the expertise of the local country support plus having support staff on site in a matter of hours, if required. This is not a product feature, but having local support was one of our deciding criteria for choosing the product. View full review »
IT / Enterprise Architect, IT Consultant at a consultancy with 11-50 employees
The ability to control the web services. Actually what it is being mostly used for is to control the access. Most of the access is being controlled through IP filtering, IP whitelist. In addition to that, we are moving slowly towards using more client certificates. View full review »
Enterprise API Architect at a retailer with 10,001+ employees
Because we have only used the gateway part right of the solution, we have not explored a lot of the potential and capabilities in detail. It would be premature to go into details about what we may use or discover will be useful in the future. We still have to go into production. Feedback in terms of usability or the broader scope of features is not possible. The product has more capabilities that we were looking for in an API gateway in terms of security as well. We plan to incorporate all its advantages. The gateway and security features were the two most important requirements for us and the product has definitely met our expectations. That is currently most valuable to us. Upcoming features that we will soon incorporate will be Developer Portal, Live API Creator and Blazemeter. View full review »
Learn what your peers think about Layer7 API Management. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
447,228 professionals have used our research since 2012.
Venkatesh Vanigalla
Software Engineer at a tech vendor with 501-1,000 employees
It takes an existing service, like JSON or SOAP, and converts it for use on the application (e.g., REST services). From a security point of view, there are different types of attacks: cross-origin resource sharing, SQL injection, shell scripting, and code injection. These type of attacks can be eliminated with the help of this tool because they are built-in with rules. If I drag and drop one rule called cross-origin resource sharing to the website I want to allow it on, only that website can contact CA API Management regarding this assertion. For an OAuth perspective, the application needs to be registered at my API Gateway. Once the application is registered, every time a user requests access to my API Gateway, I have to capture whether it is a valid application or not. Once it is getting validated, only then will it show them the access page for the login page to the application. View full review »
Sekar Purushothaman
Sr. Systems Engineer at a hospitality company with 1,001-5,000 employees
The out-of-the-box security features are useful. Right now, you can just right-click and drag and drop the assertions with the rate limit. That, as well as the x-amount surge protection, is built in so we can bring that in. View full review »
Atyab Tahir
GM - Head of Digital Transformation at a financial services firm with 10,001+ employees
* Containerization * The monetization module They're quite unique for an API tool. Although we didn't test the monetization, the flexibility of the tool could be quite useful. Right now, we're not looking to monetize any of our open APIs for the next few months, but it will be a focus for banks in a year or so. The nimbleness of the monetization tool is very good, where you can just drag and drop elements that would make up the monetization. In addition, the development time and rollout time are pretty quick. View full review »
Tanmoy Bandyopadhyay
Technology Analyst at Infosys Technologies Ltd
I think it's very valuable because of the support desk in one application. It protects us well. That is very important. In terms of security, it's mostly been enough until now. I had used them in my local work. I was playing with them and saw that they support everything. It's almost all covered so far. View full review »
Moses Johnson
Lead Architect at a energy/utilities company with 1,001-5,000 employees
We use a pretty simplistic approach and it does what we need it to do for terminating connections and then reestablishing what we needed to do in a DMZ. All of those features are pretty good. We don't really use the full-blown API management solution which they offer, more just the gateway components. From a security standpoint, it works great. It is the right solution for us. It's lightweight, a software-appliance configuration which was easy to deploy and configure. It is what we need. It does well protecting APIs against vulnerabilities. It is okay for incorporating identity access control with OAuth. View full review »
Layer7 API Developer at Allied Globetech
I haven't found that there are any most-valuable features. I'm not using any feature most often in any of my use cases. The use cases depend upon the customers' requirements. In terms of protecting APIs against threats and vulnerabilities, there are a few assertions which are built-in for threat protection. I have used them for vulnerabilities, like for DDoS attacks, XML schema validation, IP restriction, and for cross-domain. View full review »
Rogerio Sachett
Consultor de seguran├ža at a tech services company with 1-10 employees
I work for an information security company. CA API Management is capable of using tokens for authorization to manage access control for the APIs. View full review »
Gary Sun
Technical Director at SoftPro
Controlling microservices for my customers. It provides a good user interface and is easy to use. View full review »
Sr. Tech lead at a manufacturing company with 10,001+ employees
The API gateway is good. View full review »
Learn what your peers think about Layer7 API Management. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
447,228 professionals have used our research since 2012.