We just raised a $30M Series A: Read our story

Layer7 API Management OverviewUNIXBusinessApplication

Layer7 API Management is the #7 ranked solution in our list of top API Management tools. It is most often compared to Apigee: Layer7 API Management vs Apigee

What is Layer7 API Management?

To compete successfully and thrive today, enterprises across every industry need to transform. This process is not just about incremental improvement, but about evolving core businesses to meet the demands of today’s connected world.

CA API Management accelerates this digital transformation by providing the capabilities you need to bring systems together, secure these integrations, deliver better customer experiences faster and capitalize on new opportunities.

Read more at http://www.ca.com/api

Layer7 API Management is also known as CA API Management, CA Live API Creator, Espresso Logic, CA API Gateway.

Layer7 API Management Buyer's Guide

Download the Layer7 API Management Buyer's Guide including reviews and more. Updated: October 2021

Layer7 API Management Customers

Alaska Airlines, The Advisory Board Company, Amerigroup, IceMobile, R+V Versicherung, U.S. Army - plus hundreds of other customers in the banking, energy, finance, healthcare, government, manufacturing, transportation and retail sectors.

Layer7 API Management Video

Archived Layer7 API Management Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
it_user880812
Technology Analyst at Infosys Technologies Ltd
Real User
Gives us insight to the original view and tells us how much data there is

Pros and Cons

  • "This improved our organization, because it gives the management data to discuss for the next course of action and it suggests what to work on, as the next thing."
  • "From the last version, they have added more dashboard support, but there is still a lot they need to improve. In terms of monitoring, it's almost all covered. The interface can be improved, though."

What is our primary use case?

We've been using it to program intermittently. There's a problem with one version, which saves pretty slowly. Now it's good. Then we found that this is cheaper. The advantages include the coding, as well as getting emails and alerts from them.

How has it helped my organization?

I mostly used it when working in the banking sector. There are many bank connections going on every day, especially during the holiday season, which can be kind of tough. We need to straighten the books, which can include how much money came in, how much money was lost, etc. If the information is not there, there will be a problem. We needed a program to keep track of the data.

This solution gives us an insight to the original view. It tells us how much data is there and it provides manuals to use it. So the technician office is there and it gives us some data. For the moment, we can change anything in the software, like enlarging it for example. 

It improved our organization because it gives the management data to discuss for the next course of action and it suggests what to work on, as the next thing.

I published APIs in the CA environment also. That's very good. I haven't done it in my workspace on a personal level, but it's a good thing. I have already published APIs with other solutions, but there is a bit of a difference and that is good for CA. CA is better than Apigee because CA allows you to make changes and is a little generous in terms of where to go with the project. It's good.

It's very good at supporting a large number of APIs or transactions. The transport of APIs is needed. Everything in CA is very easy for developers, because when a developer logs he can view it right away. With other systems, it isn't as easy. I like this. It's going up in the market.

What is most valuable?

I think it's very valuable because of the support desk in one application. It protects us well. That is very important.

In terms of security, it's mostly been enough until now. I had used them in my local work. I was playing with them and saw that they support everything. It's almost all covered so far.

What needs improvement?

From the last version, they have added more dashboard support, but there is still a lot they need to improve. The thing is, on the chart you can set it to forty seconds or one minute. That's fine, but if you hold any request it should be clear on the graph. For instance, on the dashboard of the graph it should be written around it. It should say, this is the response time here, etc. In terms of monitoring, it's almost all covered. The interface can be improved, though.

For how long have I used the solution?

I've been using this solution for two years.

What do I think about the stability of the solution?

It's really stable. That I can assure you. That is the one thing which I have to fight for with my managers because they ask why we should not move to a different solution. They said another solution is more stable. I told them that they are looking at the market analysis. We should test it ourselves. It's a really major banking project that we're working on.

What do I think about the scalability of the solution?

Scalability is really good because it's very easy to create new users. It's really good.

There are 43 people using CA. We will use CA to its maximum capacity. It has become very popular in my office.

How are customer service and technical support?

I never needed to use their technical support. If you need it, you could chat with the online support team. That's it.

Which solution did I use previously and why did I switch?

We used Apigee and API Connect. I found that CA is more stable than the others. When you are deploying code, you also need the previous versions. With CA I can track all the changes. It's more stable and reliable.

How was the initial setup?

The initial setup is simple. If you are a novice it could be complex, but if you are good at working with computers it should be very simple. It takes about seven or eight minutes, including configuration.

All we have to do is consider our code and environment for the applications. For instance, what things are going to happen.

We used three people for deployment. One is project development guy that we might move because development is getting smooth nowadays.

We currently have 18 people, of which seven are developers and three are in management. So there are eight people in back-end maintenance.

What was our ROI?

You can imagine that we are in a gem mine. It costs money to supply the equipment and then we can get 45 gems. It's difficult to know the ROI until you get the gems out.

What other advice do I have?

I would say implement it. If you are new to APIs and things, you won't understand it, but if you have some experience it will be okay.

I would rate this as eight of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Rogerio Sachett
Consultor de segurança at a tech services company with 1-10 employees
Real User
Information Security Features Allow Our Developers to Focus on Just Writing the Support Code

Pros and Cons

  • "I work for an information security company. CA API Management is capable of using tokens for authorization to manage access control for the APIs."
  • "One specific feature that we need is the ability to authenticate directly to the server with API data. It's not complex nowadays. This is a feature that we need and CA doesn't have it."

What is our primary use case?

In my company, we use CA API Management for banks in the financial markets. Our primary use case is for the basic protection of the APIs. We also use the authentication feature.

How has it helped my organization?

One of the main ways that CA API Management has improved our company is that we do not require a lot of people to work in developing new security code when they are programming for the APIs. They leave all the responsibility to CA API Management. 

In this manner, our developers can focus on just writing the code and on important business.

What is most valuable?

I work for an information security company. CA API Management is capable of using tokens for authorization to manage access control for the APIs.

What needs improvement?

One improvement for CA API Management would be better integration with the web access console. Better integration of the web access console would be great.

One specific feature that we need is the ability to authenticate directly to the server with API data. It's not complex nowadays. This is a feature that we need and CA doesn't have it. 

CA API Management can't do the same authentication functionality with the APIs as the other competitive products in the marketplace.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The stability of CA API Management is very good. We have very little problems with the solution. Just once, there were a couple of days that became filled up with logs of reporting information. Overall, CA API Management is certainly stable.

What do I think about the scalability of the solution?

We don't have any problems with scalability. We have only a few customers that have deployed it. We only use it for a total of 4 clients. We don't use it in all of our projects. We work with other technology. 

Our final customer maintains the CA API Management installation and only needs our contractors to make other new improvements.

How are customer service and technical support?

Technical support is okay. We have opened some cases and all of them were quickly solved.

Which solution did I use previously and why did I switch?

This was the first tool that we used for API Management.

How was the initial setup?

The initial setup is good. For our requirements, it fits our appliances. 

The initial deployment of the software was two hours, i.e. to have the API data up and running.

What about the implementation team?

We are a reseller company that makes the final setup for our customers. We always do the final installation for our clients.

What's my experience with pricing, setup cost, and licensing?

Our CA API Management license is for five years with no additional cost other than the standard licensing fees.

Which other solutions did I evaluate?

Nowadays, we are looking at IBM solutions because other customers required it of us.

What other advice do I have?

CA API Management is very helpful. I would rate the product an 8 out of 10. In my opinion, the features are all very good.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Layer7 API Management. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
541,462 professionals have used our research since 2012.
it_user898710
Software Engineer at a tech vendor with 501-1,000 employees
Real User
APIs can be developed to provide security and we can show everything in a single pane of glass

Pros and Cons

  • "As an organization grow, you can use CA API Management for authentication purposes through the CA API Gateway. It allows for multiple identity providers with different Active Directories."
  • "They need a workflow for the API Developer Portal, where the process only allows requests to go to the correct person."

What is our primary use case?

Previously, we don't have a security for our web or mobile applications. In a scenario where I have an application that gives APIs to everyone in the world, they can directly access that particular application. However, this allows for different types of attacks on that particular application too. This becomes a problem if a number of users access it, whether they are valid or invalid users, they will see performance issues. If a number of attacks are happening on a particular application, it goes down. So, from a security perspective, CA API Management acts like a reserve proxy.

It makes the end user feel like it is a real system. It does not show the back-end and what the API tool does. CA API management will not let people know that there is an original server running behind the tool. That is the security point of it. 

For use cases, there are databases that some people have to query on. With the help of CA API Management tool, we can give APIs to the end user, and with the help of those APIs, they can access the data instead of the database.

How has it helped my organization?

APIs can be developed to provide security. We can show them in one single pane of glass, such as the CA API Management API Developer Portal. It is there that we can provide the monetization for their APIs and what is happening on third-party applications, like Paytm or BookMyShow. 

Customers go to the portal and register there. It is there that they chose their APIs from a list. Based on the registration of the APIs, the customer will be charged.

Our customers will purchase these APIs and give to their application users. The functionality provided by the CA API Management tool is about the work framework, and the API Gateway also provides work functionalities. In the API Gateway, there are features called Solution Kits. These provides work protocol functionalities and the framework. 

In order to develop an API, we'll face so many problems: 

  • What method we should use?
  • What is the data it should return?
  • If I give this API data to the browser, how will it be processed? 

There are so many problems from the perspective of designing an API. However, the CA API Management tool, along with the CA API Gateway, eliminate all our issues.

As an organization grow, you can use CA API Management for authentication purposes through the CA API Gateway. It allows for multiple identity providers with different Active Directories.

What is most valuable?

It takes an existing service, like JSON or SOAP, and converts it for use on the application (e.g., REST services).

From a security point of view, there are different types of attacks: cross-origin resource sharing, SQL injection, shell scripting, and code injection. These type of attacks can be eliminated with the help of this tool because they are built-in with rules. If I drag and drop one rule called cross-origin resource sharing to the website I want to allow it on, only that website can contact CA API Management regarding this assertion. 

For an OAuth perspective, the application needs to be registered at my API Gateway. Once the application is registered, every time a user requests access to my API Gateway, I have to capture whether it is a valid application or not. Once it is getting validated, only then will it show them the access page for the login page to the application.

What needs improvement?

Based on the method an API, we need to be able to access that particular API.

They need a workflow for the API Developer Portal, where the process only allows requests to go to the correct person.

The CA Mobile API Gateway (MAG) for mobiles has too much latency.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

If an entire cluster fails, we have disaster recovery with this solution. It provides an exact replica.

Because it contains Java, the heap memory needs to be cleaned constantly or problems will occur.

For day-to-day maintenance, two people are enough staff, e.g., checking the logs.

What do I think about the scalability of the solution?

CA API Management is okay when it comes to supporting a large number of APIs or large number of transactions. It has high availability. With the help of a load balancer, we distribute the load among all the API Gateways. In this way, we provide high-availability for all the API Gateways.

We have scaled the product out to different countries, like China and Australia.

Which solution did I use previously and why did I switch?

Previously, there was only SOAP services. When you are making an API call with SOAP services, It has a lot of impact on the application by taking too much of the bandwidth. 

Now, all the users are filling our their forms in the back-end with form data into JSON, and sending the information to the REST services.

People want the REST services. There are already existing applications which are running on the SOAP services. Rather than losing their businesses, with the help of CA API management,  they can have both their REST and SOAP services in the back-end.

How was the initial setup?

The initial setup is straightforward, like creating and deploying an API. Everything happens in one single loop.

If you install the CA API gateway, it takes about 15 minutes, as it is available in OVA format. If you go with the OVA format, you don't need to do much configuration. Then, it comes up in an internal MySQL database.

The API Developer Portal takes easily an hour to set up.

What about the implementation team?

When we introduce the solution to a new organization, it's not a complicated process. If we describe to them how an API can reduce work in their regular life, then they can easily understand that. When we give this to the customers, they become happy.

We use two people for deployments.

What's my experience with pricing, setup cost, and licensing?

CA API Management has a licensing path. If you want more features, it requires more licenses and more installation time.

Which other solutions did I evaluate?

Compared to other tools, like Apigee, this is the best tool that I have used.

What other advice do I have?

This product is available on-premise, in the cloud, and Docker.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Gary Sun
Technical Director at SoftPro
Reseller
The product implementation was complex, but the tool has a good user interface and is easy to use

Pros and Cons

  • "The solution helped us to quickly publish and monetize APIs. I have used versioning responses to publish or send APIs to different customers with different versions."
  • "The implementation of CA API Management was complex. It is a complicated solution. You have to know so much IT knowledge to do the implementation."

What is our primary use case?

I have used this tool for my customers, as I am a service provider, not an end user. I have dealt with implementations and configurations for CA API Management.

We implemented the API versioning for software services and REST services.

How has it helped my organization?

Mostly, it can identify client IT and user accounts to give them a lot of business logic. It can also provide API versioning. It can provide different versions to different customers, but the original API are the same.

What is most valuable?

Controlling microservices for my customers.

It provides a good user interface and is easy to use.

What needs improvement?

It is not user-friendly because you have to know so many programming languages.

What do I think about the stability of the solution?

It is a stable product. I have had no issue with it.

What do I think about the scalability of the solution?

The scalability is good.

When it comes to supporting a large number of APIs or transactions, the performance is not bad, because it is in staging. We have not moved it to production.

Our client's environment has four CA API Gateways.

How is customer service and technical support?

The technical support responds very quickly by email. The last time that I communicated with the technical support, I asked them, "If MariaDB, instead of SQL, is compatible with CA API Gateway?"

However, now CA's entire product service is poor in Taiwan, as there is no local support.

How was the initial setup?

The implementation of CA API Management was complex. It took us (my colleague and me) six months to implement with two people. My colleague was responsible for implementing the API Gateway. 

My colleague is a system engineer. Because I am a programmer, I am in charge of the design and customizability. It is a complicated solution. You have to know so much IT knowledge to do the implementation.

What was our ROI?

The solution helped us to quickly publish and monetize APIs. I have used versioning responses to publish or send APIs to different customers with different versions.

What's my experience with pricing, setup cost, and licensing?

It has a reasonable pricing model by instance.

What other advice do I have?

I would not recommend the product based on how it has performed to implement it. I did not like working with the product.

We have not used it to modernize legacy systems via microservices, APIs, or developing a new platform for mobile. We also did not use it for connecting data to apps via APIs.

I am not familiar with the security aspects of the solution.

We stopped offering the product as a service a month ago since the product no longer belongs to CA. In Taiwan, I believe no one will buy CA products anymore because it is no longer trustworthy as a company, since the products are no longer supported.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner reseller.
MJ
Lead Architect at a energy/utilities company with 1,001-5,000 employees
Real User
Does well protecting APIs against vulnerabilities, but the lifecycle management approach needs improvement

Pros and Cons

  • "From a security standpoint, it works great. It is the right solution for us. It's lightweight, a software-appliance configuration which was easy to deploy and configure."
  • "The entire lifecycle management approach needs improvement: from the API management, development, deployment, some of the settings around the quotas, and some security policy applications, etc. for the APIs. We found the Apigee platform a lot more robust in that area."

What is our primary use case?

We use it as a gateway for protecting some of our critical infrastructure out on the grid. We have six data centers and it is implemented in each one of them, protecting our grid.

We have several applications that talk to the grid, and they pass through that gateway to get out there, ensuring that we terminate connections from the lower security environment and reestablish credentials for the higher security environment.

How has it helped my organization?

Being able to protect our communications protocols, from the back office out to the substations that control the device, is helpful.

What is most valuable?

We use a pretty simplistic approach and it does what we need it to do for terminating connections and then reestablishing what we needed to do in a DMZ. All of those features are pretty good. We don't really use the full-blown API management solution which they offer, more just the gateway components.

From a security standpoint, it works great. It is the right solution for us. It's lightweight, a software-appliance configuration which was easy to deploy and configure. It is what we need. It does well protecting APIs against vulnerabilities.

It is okay for incorporating identity access control with OAuth.

What needs improvement?

The entire lifecycle management approach needs improvement: from the API management, development, deployment, some of the settings around the quotas, and some security policy applications, etc. for the APIs. We found the Apigee platform a lot more robust in that area.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

The solution is very stable. There have been no issues.

What do I think about the scalability of the solution?

Scalability is fine for what we are doing.

How is customer service and technical support?

Tech support is pretty good. They're pretty responsive. When we have an issue we give them a call. They jump on, help us find the root cause and provide a solution, or they talk us through configuration items.

We're big CA users, so we have all sorts of their products within our environment. It benefits them to be responsive.

How was the initial setup?

The deployment for CA's API Management, the way we're using it, took a couple of months and then we were operational. Our planning was typical Waterfall-type planning, at the time. We had a problem and targeted the problem with that solution. Our problem concerned security, protecting our grid-control area.

It took three FTEs for what we are doing. We also have a support structure around that. There's a whole team that manages the infrastructure and configurations of the policies. Since it has been up and running, it has required about one FTE to maintain it.

What about the implementation team?

We just worked with CA and our own resources. 

What was our ROI?

We haven't seen ROI from their gateway solution, other than protecting us from vulnerabilities. In that regard, it's kind of hard to monetize things. We have definitely benefited with cost savings from some of CA's other products.

What's my experience with pricing, setup cost, and licensing?

For what we are after, the pricing is okay. It is competitive.

Which other solutions did I evaluate?

For an API management solution, we chose the Google Apigee Edge platform. We went a different direction because CA was somewhat limited on some of the lifecycle management things that we were looking for. We use Apigee for modernizing legacy systems and for monetizing APIs, among other things.

We were one of the earlier adopters of the gateway technologies. I don't remember what we compared CA to back then. Lately, it has been between Apigee and MuleSoft and CA. We did that comparison.

We evaluate every five years. We see if we need to stay where we are or go in a different direction. Technology changes quite quickly.

What other advice do I have?

CA API Management is a pretty solid product for what we are using it for. It's been good. It has served our purpose and kept us out of trouble.

Evaluate what's out there in the industry. Make sure that you chose the right product for your use cases.

I would rate this solution at about six out of ten, overall. At the time when we were evaluating it, it was about the complete lifecycle management. We were looking to build APIs to legacy systems, using IDE deployment strategies - all of those things were lacking. Products like MuleSoft and Apigee had better, more robust software development approaches for both mobile as well as web-based or batch processing.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Aniket.karle
Layer7 API Developer at Allied Globetech
Real User
Built-in assertions for vulnerabilities, like DDoS attacks and IP restrictions, are useful

Pros and Cons

  • "There are a few assertions which are built-in for threat protection. I have used them for vulnerabilities, like for DDoS attacks, XML schema validation, IP restriction, and for cross-domain."
  • "There are old algorithms that the tool does not support - and it shouldn't, in my opinion. But sometimes customers need old algorithms, from old use cases and old applications, migrated to the platform. At those times, there are hiccups that happen."

What is our primary use case?

Our primary use case is basic encryption/decryption using symmetric assertions and then, gradually, SOAP signatures, SOAP encryption, non-SOAP XML encryption, and signing that. In the last six months or so, I have been working on JWT (JSON Web Tokens).

How has it helped my organization?

Using this solution, the deployment and development processes become easier when compared to before, when complete Java development was necessary. Now, the encryption part is very easy and our clients don't have to continuously depend on logic. On this platform, it's very easy for them to understand and to do testing. It saves them time.

What is most valuable?

I haven't found that there are any most-valuable features. I'm not using any feature most often in any of my use cases. The use cases depend upon the customers' requirements.

In terms of protecting APIs against threats and vulnerabilities, there are a few assertions which are built-in for threat protection. I have used them for vulnerabilities, like for DDoS attacks, XML schema validation, IP restriction, and for cross-domain.

What needs improvement?

There are old algorithms that the tool does not support - and it shouldn't, in my opinion. But sometimes customers need old algorithms, from old use cases and old applications, migrated to the platform. At those times, there are hiccups that happen. It's a bit of a challenge to make the customer understand that we should not be going with these old applications.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

We have not faced many issues with its stability.

What do I think about the scalability of the solution?

Scalability is a bit tough if it is a production environment. If you are planning to scale it and increase the number of servers within one to two years, that can be challenging. Up until now, if I have installed four servers, I haven't been given requirements to add more than that.

How is customer service and technical support?

We have contacted support. There were two cases where there wasn't support for old algorithms, the assertions weren't supporting them, and we reached out to the support team. They were very helpful. It depends on the problem you are asking them about. If it's easy, they give you solutions quickly. If there is a requirement for the engineering team to be involved, then it takes time. But they're very helpful.

How was the initial setup?

The setup is straightforward. If I'm doing it on a local machine, it takes 20 to 30 minutes for a single client. I don't have any implementation strategies. It's a straightforward process where you just need to select the options, click enter, enter, enter, and provide whatever input is required.

Before starting the implementation with a customer, we give them the prerequisites that are required. If those prerequisites are met, it doesn't take much time to do the deployment. They have to provide the IP, the hostnames, and the port openings.

In our last deployment, it took me two days to install all the port services. There was one replication and there were two persisting nodes. I did the complete installation and was initially involved in the API development. After that, my colleagues were involved in the development of APIs.

It requires a minimum of two people for maintenance, once it's up and running.

What other advice do I have?

The tool is very powerful so if you are looking to go with an API platform I would recommend CA.

The number of users among our clients is growing, although I don't have an actual number I can give you. Initially, it takes time to get people to understand the platform, but once they understand it, everyone wants to use the platform and have their application exposed to this platform only.

Overall, I would rate the solution at nine out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
AT
GM - Head of Digital Transformation at a financial services firm with 10,001+ employees
Real User
Monetization module is unique, but security protocols for financial service were not up to par

Pros and Cons

  • "Containerization and the monetization module are quite unique for an API tool... In addition, the development time and rollout time are pretty quick."
  • "The security protocols in CA's product, for financial services, weren't as good as those in API Connect."

What is our primary use case?

Our primary use case for this solution is opening up our APIs to the development community so they can help us innovate some of our banking products. We've demoed CA API Management and we've done one proof of concept with it, but we are not using it on an ongoing basis.

How has it helped my organization?

We are a bank, and any API management tool helps us find the right partners to build new products in new markets. Given that we are going down the path of open banking, this type of tool is, perhaps, going to be one of the integral components of our tech deployment.

What is most valuable?

  • Containerization
  • The monetization module 

They're quite unique for an API tool. 

Although we didn't test the monetization, the flexibility of the tool could be quite useful. Right now, we're not looking to monetize any of our open APIs for the next few months, but it will be a focus for banks in a year or so. The nimbleness of the monetization tool is very good, where you can just drag and drop elements that would make up the monetization.

In addition, the development time and rollout time are pretty quick.

What needs improvement?

This is not specific to CA's tool, but API tools in general. There are two schools of thought: There is the "Apigee" school of thought that says that we don't need hardware to implement security, and there's the "API Connect" school of thought which says some sort of an enterprise service bus would be critical to the success of the API management tool. 

I find this hardware reliance is a bit archaic. The biggest reason I would want to get an API management tool is to get rid of the hardware. If I have to have the hardware and put the tool on top of it, that makes it a bit cumbersome for us because the maintenance of the hardware, for any enterprise service bus, is in hundreds of thousands of dollars per year.

It needs to go into virtualization.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

One of the reasons that we chose to go with another tool was because we found that CA API Management was crashing quite often. We called technical support about this, but since the deployment time was so short, we only called them a couple of times before we made a decision.

What do I think about the scalability of the solution?

We didn't take it to scale, but from what I've read and from the literature that was provided to me, it seems that it's built for large transactional orders.

How are customer service and technical support?

Our interactions with technical support were okay; nothing to write home about.

Which solution did I use previously and why did I switch?

In terms of using this solution to modernize legacy systems via microservices/APIs or developing a new platform for mobile/IoT, we haven't used CA's API tool, but the API tool we are using right now is helping us replace some of the old, monolithic systems. It's helping bring a more agile approach to our API development, our exposure of microservices to the world.

How was the initial setup?

The setup was a bit complex in the beginning, but I think that's for true for any technology that you want to implement for the first time.

The deployment took six to eight weeks. We had a roadmap that we were following, as an implementation strategy. I can't go into what that process was. For the deployment, we had five FTEs on our side and the implementation team had another two or three, and there was also a manager.

Once it was deployed it took four people to maintain it and for API development. And then we had a team of 40 Intel developers who were using it off and on.

What about the implementation team?

We used a local implementation partner to help set it up.

What was our ROI?

For the business case that we have, we would have made no money on this within the first 36 months. We would probably have started seeing return on investment when there was traction in the developer community for our APIs. Once we would have a couple of good implementations with the e-commerce companies, then we'd see a return on investment.

I also feel that from a resource-reduction and right-sizing perspective, eventually we would be able to bring that down a little bit because we would need internal product teams to be that active in the long-term.

What's my experience with pricing, setup cost, and licensing?

We weren't comfortable with the pricing of licensing. It was slightly more expensive than its competitors.

Which other solutions did I evaluate?

We found that API Connect had superior features. The security protocols in CA's product, for financial services, weren't as good as those in API Connect.

What other advice do I have?

With respect to supporting a large number of APIs and/or a large number of transactions, we didn't use it for a large number of transactions. It was a PoC so we only used it for limited connectivity. But from what I've read and from what I've heard from other users, the volume management and traffic flow management is actually pretty good for CA's tool.

I would rate the solution at six out of ten, overall. It didn't meet all of our needs.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
SH
Sr. Tech lead at a manufacturing company with 10,001+ employees
Real User
A helpful tool for authentication purposes

What is our primary use case?

The security checking authentication is our primary use case for this solution.

What is most valuable?

The API gateway is good. 

What needs improvement?

We have experienced technical difficulties with the product in the past. 

For how long have I used the solution?

Three to five years.

How is customer service and technical support?

Tech support is helpful. I would give it an 8 out of 10 rating. 

What's my experience with pricing, setup cost, and licensing?

I do not have any experience with the pricing or licensing of the product.

What is our primary use case?

The security checking authentication is our primary use case for this solution.

What is most valuable?

The API gateway is good. 

What needs improvement?

We have experienced technical difficulties with the product in the past. 

For how long have I used the solution?

Three to five years.

How is customer service and technical support?

Tech support is helpful. I would give it an 8 out of 10 rating. 

What's my experience with pricing, setup cost, and licensing?

I do not have any experience with the pricing or licensing of the product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sekar Purushothaman
Sr. Systems Engineer at a hospitality company with 1,001-5,000 employees
Real User
The out-of-the-box security features are useful. We feel secure using the Gateway.

Pros and Cons

  • "The out-of-the-box security features are useful. Right now, you can just right-click and drag and drop the assertions with the rate limit. That, as well as the x-amount surge protection, is built in so we can bring that in."
  • "On the monitoring side, we need a better way to monitor it. CA has not given a clear understanding of what external tools we can use to do this."

What is our primary use case?

We use CA API Management for our brand mobile app and our outbound traffic. Our brand mobile apps are for Olive Garden, Capital Grill and LongHorn Steak House.

We also use API Management to modernize legacy systems via microservices.

We have our internet application, which is connected to PeopleSoft and other tools so we can export through API gateway. So we have a custom mobile app built for our internal application, where people can check their paychecks, benefits, and other perks, such as gift cards.

How has it helped my organization?

One of the main things is the call-ahead feature, where people can call ahead of time with our mobile app to reserve a table at these restaurants. We also have private click-to-call links that are very successful.

Pretty much the whole mobile app is going through our Gateway. People can only access the app through a mutual SSL authentication, plus we make sure that we do geo-location. We also have CA Advanced Authentication to help with this. We put these two tools together to make sure that we are not entertaining anybody outside of our countries that we serve. So security-wise, we feel secure using the gateway.

What is most valuable?

The out-of-the-box security features are useful. 

Right now, you can just right-click and drag and drop the assertions with the rate limit. That, as well as the x-amount surge protection, is built in so we can bring that in.

What needs improvement?

On the monitoring side, we need a better way to monitor it. CA has not given a clear understanding of what external tools we can use to do this.

We also need a total dashboard functionality to see how many transactions are going through, where the problems are, etc. There's no out-of-the-box monitoring other than the dashboard, which doesn't give you very much.

Their migration policies are also not the best out there. We just do an export and import of it, which is fairly simple, but they could have made it better.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

We do promotions and that's the only time you see some crashes. But overall it's pretty stable product and we haven't had issues with it.

What do I think about the scalability of the solution?

Because we have a physical appliance, we have the capacity with us, but scalability is going to be hard. Our next strategy is for us to figure out if we can use virtual gateways instead of an appliance gateway and then scale horizontally.

As for end users, we have a lot of them. About 200,000-300,000 users have downloaded the application and use it externally. As far as maintaining here locally, it's a team of 5 people.

We are growing. I'm the main implementation architect on the support of it. Now, we have a policy development team, an enterprise architecture team and a performance testing team. Each one of them from their team lend out to us whenever we need it.

I would say we're probably 20 to 30 percent of people have been using it within our organization. We still have a lot of room to go. 

How are customer service and technical support?

Their support is phenomenal. That's one thing that I like about CA is that they're very good at their support.

There's a big dent right now with the merger with Broadcom. So, it's not working out that well lately. I think they need to get that merger completed quickly to get this all figured out.

Which solution did I use previously and why did I switch?

This is the first one we've picked and then we were pretty happy with it so far.

How was the initial setup?

It is straightforward, but now we're trying to cache some of the responses and there is no real guidance on how this works.

What about the implementation team?

We had CA Services help us during initial setup and that's about it. 

What was our ROI?

We see clear ROI with this solution.

What's my experience with pricing, setup cost, and licensing?

I think it's competitive. It's not that expensive when you compare CA with the Oracle product. I also haven't seen the latest pricing for the virtual gateways, but what I have seen seems to be reasonably priced.

Which other solutions did I evaluate?

We were thinking about the Apache system at that time, as well as the Oracle server and architecture.

I used CA in my previous organization so I'm committed to it. To me, it met our requirements at that time, which helped us choose it for this organization.

At that time, Oracle didn't actually have a gateway. Although they have now acquired a gateway, I think CA API Gateway is more mature. It's been there for a long time, even before CA purchased it, so in this space they are the best. We also did the research and looked at resources like the Gartner Report, and CA API Gateway seems to rank top on the list.

What other advice do I have?

I rate CA API Management as an eight out of ten due to the overall stability of the product. So, we had this implemented and running fine unless we had increased traffic. We never went back and tuned it. In that way, I'm pretty happy with that.

It loses the last two points because of the monitoring, as well as the capacity analysis and planning our day-to-day transaction details.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
SK
Technical Consultant at a computer software company with 501-1,000 employees
Consultant
Provides different form factors, API virtualization and lifecycle management, data security, and scalability. Improvements needed in analytics, reporting, logging, tracking, SSO and user experience.

Pros and Cons

  • "Initial setup is straightforward. It is simple and easy to do."
  • "The level of technical support is good."
  • "Scalability: API Gateway is easily scalable horizontally and managed easily."
  • "The API Development tool can be made more user-friendly by providing folder properties."

What is our primary use case?

  • Digitalization
  • API Life Cycle Management

CA API Management powers the next generation of mobile and Internet of Things (IoT) applications by providing reliable connectivity between data, people, apps and devices. You can aggregate and orchestrate data from multiple data sources into modern REST APIs almost instantly. Whether your data is in legacy systems, disparate databases, or the cloud, you will be able to bring it all together to power new digital initiatives at scale in modern apps or SaaS applications.

How has it helped my organization?

It improved how we function in the following areas:

  • Protecting all enterprise application data from direct access by virtualization.
  • Transforming SOAP services to REST services easily on the gateway without impacting existing systems.
  • Providing security for all API's exposed through API Gateway at one common location.
  • Migration of APIs from one environment to other.
  • Providing high availability with horizontal scaling and multi cluster.
  • Managing the API lifecycle.
  • Exposing enterprise data to the external world.
  • Securing Mobile App communication using MAG.
  • Integrating easily with other systems.

What is most valuable?

The most valuable features to me are:

  • Different Form Factors: Available as Software, Virtual Appliance, Amazon Machine Image and Hardware.
  • API Virtualization: Creating virtual APIs by shielding the actual enterprise resources on API Gateway.
  • Security: Enterprise data security and central management in API Gateway.
  • API Lifecycle Management: Enable, Disable, Assigning, Deprecating and Deleting APIs on API Portal
  • Scalability: API Gateway is easily scalable horizontally and managed easily.
  • Mobile SSO is another feature/capability which available.

What needs improvement?

  • The API Development tool can be made more user-friendly by providing folder properties.
  • Assertions for common functionalities (like mathematical operations, string manipulations, connecting to non-SQL).
  • Masking the user credentials entered in Identity Provider, JDBC based on user role
  • Analytics and reporting need to be made better and more user-friendly; add some custom reports both on the Developer Portal and API Gateway; exporting of analytics and an email facility.
  • Logging and tracking of changes done by users in the Developer Portal.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

CA API Management solution is very stable also scalable.

What do I think about the scalability of the solution?

I did not have any issues with scalability.

How are customer service and technical support?

Customer Service:

Customer service is good

Technical Support:

The level of technical support is good.

Which solution did I use previously and why did I switch?

I did not try any other solutions previously.

How was the initial setup?

Initial setup is straightforward. It is simple,easy to do and quick to go to market

What was our ROI?

Overall cost saving, growth in business

What's my experience with pricing, setup cost, and licensing?

I feel that it is costly for small/medium-sized companies.

Which other solutions did I evaluate?

I did not evaluate other products, but have read about them and the features they provide.

What other advice do I have?

Check what is required and whether it can be achieved easily without any compromise, see how flexible its to use and maintain.

Disclosure: My company has a business relationship with this vendor other than being a customer: We're CA partner's and implement to the customer who have purchased the CA API Management . We do also contribute in development of the product.
VK
Senior Technology Architect at a tech services company with 10,001+ employees
Real User
API Portal capabilities are very nice, with several adapters to all leading identity suites

Pros and Cons

  • "API discovery using CA Live API Creator is helpful for integrating with multiple backends, for discovering and kickstarting the API creation process. It is a very good feature."
  • "Mobile app capabilities is good for building mobile apps to consume developed APIs. Also, the API Portal capabilities are very nice, up to and including the ability to do monetization. Security features are exhaustive, with several adapters to all leading identity suites."
  • "The development toolkit used for creating APIs should be more online and user-friendly. Deployment and tracking could also be improved. Tools like Apigee provide a complete online experience along with RESTful APIs, to manage all activities. It is a very nice and user-friendly solution compared to CA."

What is our primary use case?

RESTful API implementation and exposure.

How has it helped my organization?

Being a key partner of CA, the strong product has helped us make joint pitches to multiple enterprises and to implement an efficient API gateway for enterprises, enabling them to manage the end-to-end lifecycle of APIs.

What is most valuable?

API discovery using CA Live API Creator is helpful for integrating with multiple backends, for discovering and kickstarting the API creation process. It is a very good feature.

Mobile app capabilities are good for building mobile apps to consume developed APIs.

API Portal capabilities are very nice, up to and including the ability to do monetization. Security features are exhaustive, with several adapters to all leading identity suites.

What needs improvement?

The development toolkit used for creating APIs should be more online and user-friendly. 

Deployment and tracking could also be improved. Tools like Apigee provide a complete online experience along with RESTful APIs, to manage all activities. It is a very nice and user-friendly solution compared to CA.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

No issues with scalability.

How are customer service and technical support?

Technical support is very good. Response times are very good. As a partner, technical support is available via phone and email as well as in several countries.

Which solution did I use previously and why did I switch?

As a systems integrator, we use several API management products, with CA being one of our key tools.

How was the initial setup?

Setup was ok. CA was always available for any support issues.

What's my experience with pricing, setup cost, and licensing?

Pricing is competitive. CA is ready to offer attractive discounts.

Which other solutions did I evaluate?

Apigee, IBM API Connect, and MuleSoft are some of the other key products we have evaluated and used.

What other advice do I have?

CA API suite is a strong solution with very good security capabilities and end-to-end lifecycle management of APIs. It has been proven over the years and is a very good option for implementing the API gateway for an enterprise.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
it_user674037
Transformation and Change Management Leader at a logistics company with 1,001-5,000 employees
Real User
Resilient solution with robust policy configuration

Pros and Cons

  • "It is able to withstand the number of API calls and handle different API requirements to secure, transform, log, and track API usage patterns."
  • "They should incorporate deeper monitoring features into the solution to make the offering more complete. Doing so would help to showcase traffic patterns and usage to better engage customers and partners proactively. It would also help with API management and capacity planning."

What is our primary use case?

We use CA API Management to publish APIs for secure and fast integration with customers and partners.

How has it helped my organization?

It helps to improve customer satisfaction. When customers need to integrate with our platform, they are able to self-serve by using the online documentation and tool and then test their integration independently in a sandbox environment. Once the testing is complete they can request the switch to production.

What is most valuable?

It provides us with a resilient solution and robust policy configuration. It is able to withstand the number of API calls and handle different API requirements to secure, transform, log, and track API usage patterns.

What needs improvement?

They should incorporate deeper monitoring features into the solution to make the offering more complete. Doing so would help to showcase traffic patterns and usage to better engage customers and partners proactively. It would also help with API management and capacity planning.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It is a very resilient solution.

What do I think about the scalability of the solution?

No issues.

How is customer service and technical support?

Technical support is very knowledgeable and helpful.

How was the initial setup?

The initial setup was somewhere between straightforward and complex, requiring an intermediate level of effort on our part due to our particular requirements. Otherwise, the solution is relatively straightforward to set up.

What's my experience with pricing, setup cost, and licensing?

Subscription licensing and pricing are competitive with other solutions.

Which other solutions did I evaluate?

What other advice do I have?

Familiarise yourself with its policy management to match your requirements for API management and governance.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Rofans Manao
IT Consultant at Entiis Pte Ltd
User
Almost all security features are available out-of-the-box and can be deployed rapidly

What is our primary use case?

API security and API onboarding. We have on-premise deployment with legacy backends.

How has it helped my organization?

It improved the integration channel between partner companies. It also improved the time it took to onboard a new partner.

What is most valuable?

API security. Implementing security is hard in general but for this product, almost all security features are available out-of-the-box and can be deployed rapidly.

What needs improvement?

The product needs to keep up with newer trends even though customers might not be requesting it yet. For example, the usage of newer versions of Swagger and YAML format.

For how long have I used the solution?

Three to five years.

What is our primary use case?

API security and API onboarding. We have on-premise deployment with legacy backends.

How has it helped my organization?

It improved the integration channel between partner companies. It also improved the time it took to onboard a new partner.

What is most valuable?

API security. Implementing security is hard in general but for this product, almost all security features are available out-of-the-box and can be deployed rapidly.

What needs improvement?

The product needs to keep up with newer trends even though customers might not be requesting it yet. For example, the usage of newer versions of Swagger and YAML format.

For how long have I used the solution?

Three to five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
BL
Senior System Analyst at National Institute of Education
User
It has improved API governance and gives analytics to API performance

What is our primary use case?

We use it primary for API management in my data center, for mobile applications and application-to-application integration.

How has it helped my organization?

It has improved API governance, gives analytics to API performance, and provided abstraction to the solution providers.

What is most valuable?

Policy assertion Policy manager SSO Authentication HA features Analytics Very extension logs

What needs improvement?

Better GUI for the policy manager. Needs better professional services in my country.  Better mobile features. Better HA configuration.

For how long have I used the solution?

One to three years.

What is our primary use case?

We use it primary for API management in my data center, for mobile applications and application-to-application integration.

How has it helped my organization?

It has improved API governance, gives analytics to API performance, and provided abstraction to the solution providers.

What is most valuable?

  • Policy assertion
  • Policy manager
  • SSO
  • Authentication
  • HA features
  • Analytics
  • Very extension logs

What needs improvement?

  • Better GUI for the policy manager.
  • Needs better professional services in my country. 
  • Better mobile features.
  • Better HA configuration.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user882714
Experts in Integration Models at a consultancy with 5,001-10,000 employees
Real User
Support through the forum is very good and efficient for partners

Pros and Cons

  • "The product documentation helps the client and/or user to evolve quickly while using the tool."
  • "As the number of instances increases, its complexity of installation increases if you do not use the OVA."

What is our primary use case?

We use it for public API security.

How has it helped my organization?

The governance of the new business models generated by the APIs has been simplified and is improving the daily control over them.

What is most valuable?

  • Current security models which are the focus of the industry. 
  • The product documentation helps the client and/or user to evolve quickly while using the tool.
  • Support has efficiently combined with the forum.

What needs improvement?

The portal is an important point in the lifecycle of the APIs. Right now, the portal lacks many features. We hope that the new version will have them and that there will be a quality jump, which is needed.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

None.

What do I think about the scalability of the solution?

There is no real problem. However, as the number of instances increases, its complexity of installation increases if you do not use the OVA.

How are customer service and technical support?

Support through the forum is very good and efficient for partners.

Which solution did I use previously and why did I switch?

I work in a consultancy, so we do projects with other products. However, our partner product is with CA Technologies.

How was the initial setup?

They have different installation models. Therefore, there are always small drawbacks. Fortunately, if you use the OVA, your installation is direct.

What's my experience with pricing, setup cost, and licensing?

We are a partner with our own prices.

Which other solutions did I evaluate?

We evaluated the following solutions: IBM, WSO2, and Oracle.

What other advice do I have?

Begin by using the installation offered on an OVA, then in production environments make use of your own installation, e.g., in CentOS.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
it_user882711
Solution Architect at a construction company with 1,001-5,000 employees
Real User
Standardizes our API deployment, improves security

Pros and Cons

  • "The Portal API helps us with deployments. It also helps to have a catalog of everything. The replication is also a critical feature for us. It helps to have a more robust architecture and makes our systems are highly available."
  • "The portal is not the most intuitive and the way things are displayed makes it difficult to find the information we need."

What is our primary use case?

Managing all of our APIs and the security around them.

How has it helped my organization?

  • Standardization of our API deployment
  • Improve security

What is most valuable?

The Portal API helps us with deployments. It also helps to have a catalog of everything.

The replication is also a critical feature for us. It helps to have a more robust architecture and makes our systems are highly available.

What needs improvement?

The portal is not the most intuitive and the way things are displayed makes it difficult to find the information we need. We never completely read the info. The way it's written does not make me want to read it.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

Lately, we have had a replication problem, but it's possible the problem is on our side. We are still unsure.

What do I think about the scalability of the solution?

No issues with scalability.

How is customer service and technical support?

The technical support is fast and efficient.

How was the initial setup?

It was a complicated setup but we had help.

What other advice do I have?

You need a team to manage it.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user882708
Business Development - Alliances and Partnerships at a tech services company with 10,001+ employees
Reseller
Works best where there are multiple protocols, multiple APIs, and security is the key

Pros and Cons

  • "Security is the most important parameter of the solution, for me, because whenever you are exposing your APIs to third-parties, it is critical that the data remains anonymous and that data is retained within the system, that it is not leaked. CA API Management provides good security features."
  • "The CA API Management solution has good security features, but when it comes to being used in areas like enterprise integration, where it is being used as middleware for all the IT environments, that particular feature is quite limited. It doesn't support as many protocols as an industry standard, competing product should."
  • "What is really important is that they offer the solution as a service, on a subscription or monthly basis, which will make it more attractive. That is where the market is headed. There are competitors within the industry that are doing that currently. I would encourage CA to do that."

What is our primary use case?

My company is a CA partner. We do implementations for end-customers, using CA API Management. So my company doesn't use the product, but we install, configure, and implement the product for our end-customers.

Primary use for the solution is to have access to APIs that are generally difficult and not available. An example would be critical APIs that should be available 24/7 but they are not available most of the time, because of one or another constraint. That is where the API Management solution is used to the maximum by end-customers.

How has it helped my organization?

Let me give you an example from one of my customers, a tier-two telco in the UK. This customer was getting an API that was available to their developers for only two hours a day, and because of this restriction, they had to plan everything precisely for their developers to access the API in those two hours.

Now, with the CA API Management implementation, the third-party API is available to this customer 24/7. It's available any time the development team requires access to the data or the information. This result has quickened the development pace and the testing cycle, and it has saved a lot of our dollars for my end-customer.

What is most valuable?

Security is the most important parameter of the solution, for me, because whenever you are exposing your APIs to third-parties, it is critical that the data remains anonymous and that data is retained within the system, that it is not leaked. CA API Management provides good security features and that is very critical.

What needs improvement?

The CA API Management solution has good security features, but when it comes to being used in areas like enterprise integration, where it is being used as middleware for all the IT environments, that particular feature is quite limited. It doesn't support as many protocols as an industry standard, competing product should.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

I have never had any issues with scalability.

How are customer service and technical support?

I would rate tech support at nine out of 10.

Which solution did I use previously and why did I switch?

I still use multiple solutions. I use some open-source solutions, I use some of the competing enterprise solutions, and I use CA as well. It really depends on what my end-customer really wants. It depends on the use.

How was the initial setup?

The initial setup was quite straightforward.

What's my experience with pricing, setup cost, and licensing?

I feel the product's pricing is a good value.

In terms of licensing, currently, they are available for as perpetual from CA. What is really important is that they offer the solution as a service, on a subscription or monthly basis,  which will make it more attractive. That is where the market is headed. There are competitors within the industry that are doing that currently. I would encourage CA to do that.

Which other solutions did I evaluate?

The options that I had were Apigee and Mulesoft.

What other advice do I have?

My advice would be, if it is a really complex integration with multiple protocols, multiple APIs, where security is the key, I think you should look at the CA solution. That is where it fits best. If it is you're looking at it more as an enterprise integrator, that you need to integrate internally within an organization and its IT functions, then I would suggest that you talk to CA and see how best the product can be used; you will consultation.

It's a very stable, scalable product with good security features. It does the job well.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are a global systems integration partner with CA Technologies and a reseller of their solutions.
JeffreyKlein
Director Identity & Access Management at a financial services firm with 10,001+ employees
Real User
Substantially decreases the amount of time it takes to secure new APIs

Pros and Cons

  • "One of the features that the tool provides is the ability to simply onboard new APIs to an existing security platform. We build all the policies for security upfront, and then we can add those policies pretty simply and straightforwardly to any new API that gets developed in the enterprise."
  • "One of the features that the tool provides is the ability to simply onboard new APIs to an existing security platform. We build all the policies for security upfront, and then we can add those policies pretty simply and straightforwardly to any new API that gets developed in the enterprise."

What is our primary use case?

API management, for security.

How has it helped my organization?

One of the features that the tool provides is the ability to simply onboard new APIs to an existing security platform. We build all the policies for security upfront, and then we can add those policies pretty simply and straightforwardly to any new API that gets developed in the enterprise. That has been the quickest and easiest thing. 

We're rolling it out across the enterprise as we speak, after that six months or so of heavy usage, and we're finding that the amount of time it takes to secure new APIs has gone down substantially.

What is most valuable?

The security features are the most important because that's what we're using the application for, specifically.

What needs improvement?

There is a thick client for configuration that is not as easy to use as you might like. So I would say the design and user experience, from an administrative standpoint, is a little clunky.

There are some really very granular kinds of issues that I've found and they're more related to very specific technical components of the application itself. Aside from these individual complaints that are very bound up with our use cases, I don't have any specific recommendations.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

In terms of scalability, we haven't encountered any issues. Scalability has been something that we're starting to explore a little bit more now - automated scalability - responding to increases in capacity in the environment. But we haven't had any issues, and I don't necessarily anticipate any issues. CA provides certain containerized versions of their components that are very easy to deploy and scale.

How is customer service and technical support?

CA has been extremely responsive to any request that we've had for assistance, for support, and for new features. I haven't been able to evaluate the newer version that has recently been released, so we haven't evaluated it yet in terms of feature completeness.

How was the initial setup?

The initial setup was pretty straightforward. They provided us with a container and we got it up and running, and then we just started working on it. You can follow the instructions pretty easily.

Which other solutions did I evaluate?

We did not have a previous solution, but we did evaluate Mulesoft as an alternative and, possibly, Informatica. We ultimately decided that our relationship with CA, and the type integration with some of the other applications that we had deployed in the enterprise, made the API Gateway a much better option for us.

What other advice do I have?

I would suggest you take a look at all of the components. The API Management Suite that CA offers is broader than simply the API Management Gateway. The Suite has some features, extra components, that really make for a much easier and more accessible way a way of doing API management within the enterprise. There are components like the Mobile API Gateway and Live API Creator. These additional components really expand what the products can do, in a way that makes your value proposition easier to present to the business.

I would say this solution is a solid eight. It does everything that it says that it does. It would get a higher rating if it had a little cleaner interface and was easier to administer, but I think that's a pretty solid rating for a product like this.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
SG
student at a tech services company with 1,001-5,000 employees
Real User
Provides secure API exposure but the cloud-native architecture needs improvement

Pros and Cons

  • "The most valuable feature is the security with its out-of-the-box policies."
  • "The cloud-native architecture of the product needs improvement."

What is our primary use case?

API security, API management, OAuth security, microservices, mobile app security.

How has it helped my organization?

Secure API exposure and driving Innovation through microservices.

What is most valuable?

Security, out-of-the-box policies.

What needs improvement?

Cloud-native architecture of the product.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

We haven't encountered any issues with stability. The hardware and virtual appliance-based form factor are solid. It's a stable product.

What do I think about the scalability of the solution?

The product does not scale the way cloud-native architecture does.

How is customer service and technical support?

Technical support is good.

How was the initial setup?

The initial setup was moderately complex, due to various deployment models and integration with its own components.

What's my experience with pricing, setup cost, and licensing?

It is in the lowest price range for such products but the pricing model needs to be changed.

Which other solutions did I evaluate?

I have experimented with all of the APIM solutions. Each one is fit for different situations but, overall, CA API Management is the best product for the expected functionality.

I have evaluated Apigee, Mulesoft, SoftwareAG, Akana, Kong, and IBM API Connect.

What other advice do I have?

If you are truly looking for API management features, CA API Management is the best solution. It might be a bit old in terms of cloud-native architecture but they are moving towards that.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PB
Computer Scientist at a tech company with 10,001+ employees
Real User
Helps me manage my API lifecycle, end-to-end

Pros and Cons

  • "Key features include: lightweight mediation, transformation from JSON to XML and XML to JSON, API portal and API key management, the Developer Portal, and Circuit Breaker is a cool feature, too."
  • "One area where it certainly needs to improve is the way it allocates requests, in terms of rate limiting. Also, there is no native Kafka connectivity."
  • "we cannot add gateways on the fly because there are a lot of moving parts; endpoint connectivity is one of them. If we add more nodes then the rate-limiting feature is affected. This kind of gateway always has the scalability issue. But, I think CA is coming up with its Microgateway, which is in Beta. If they stabilize their Microgateway platform, we could do very well in terms of scalability."

What is our primary use case?

Our primary use case is as an API gateway for authentication and authorization, and then lightweight transformation or lightweight mediation. But it's mostly, authentication and authorization, mostly security-based.

How has it helped my organization?

We mostly use this product for our internal customers, so it's not a revenue generator for us. We use it for internal customers to contact the IT systems. In terms of benefits, it's not for external customer satisfaction. It's not that kind of a usage here. The benefit that IT sees is, it is a single developer portal for IT; it has helped us provide an API platform to our customers.

What is most valuable?

  • The lightweight mediation
  • Transformation from JSON to XML and XML to JSON
  • API portal and API key management
  • The Developer Portal
  • Some of the key SSL sessions, inside the gateway
  • Circuit Breaker is a cool feature, too

What needs improvement?

One area where it certainly needs to improve is the way it allocates requests, in terms of rate limiting. Let's say I have set the rate-limiting to 1000 requests per second and I have four nodes in a cluster. It divides the request into four, that is 250 per node. If I have a node-balancer in front which has the least connection mechanism it sends the first request to a node. It has to improve in terms of API rate-limiting.

Also, there is no native Kafka connectivity. If they provided native Kafka connectivity, that would be good.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

We found a lot of stability issues in the 8.3 version. But even after reaching out to the CA engineering team, they were not able to diagnose the issue, so we upgraded it to 9.2. Most of the stability issues have been resolved and we're not seeing that many issues now. So the stability issues have calmed down but we faced a lot of them in 8.3.

What do I think about the scalability of the solution?

The scalability is always an issue, as we cannot add gateways on the fly because there are a lot of moving parts; endpoint connectivity is one of them. If we add more nodes then the rate-limiting feature is affected. This kind of gateway always has the scalability issue. But, I think CA is coming up with its Microgateway, which is in Beta. If they stabilize their Microgateway platform, we could do very well in terms of scalability.

How is customer service and technical support?

Their tech support is pretty good and their documentation is also good. The community's support is also good, so I would rate them pretty well here.

How was the initial setup?

The setup itself is not that complicated since we used a VM form factor. The software setup, obviously, is a different story. But the network part that goes in, the firewall connection that goes in, and then, the load-balancers, the global traffic managers, all these things are not really that complicated. The gateway setup itself is not that complicated.

What's my experience with pricing, setup cost, and licensing?

It's my manager who takes care of the pricing. But I keep on hearing that it's a little pricey, it's on the higher side. That is what he says. We have around 20 licenses so for that, the pretty is pretty high. That's what he says.

Which other solutions did I evaluate?

This product existed here before I started with this team so it has been here for last six or seven years. I've only been here for two and a half years. I'm not sure what kind of evaluation took place, what the criteria were for the evaluation. But, I'm pretty sure that they would have evaluated two or three products before choosing CA API Gateway. Our company itself already has two gateways.

I think the main criteria here were in terms of software security, mostly securing the APIs in terms of SQL insertion attacks or XML structure attacks. They were looking more at securing the APIs and CA was probably the best at it.

What other advice do I have?

My advice would depend on the use case. If it's just a proxy solution that you are looking for, I would say don't go for CA API Gateway because API Gateway is much more than that. If you're looking for a complete API developer platform and securing your APIs, then CA API Gateway is a good product.

I give this solution an eight out of 10 because, as an end customer, in terms of managing my API lifecycle, end-to-end, it is pretty good.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user881124
Senior Director at a tech services company with 10,001+ employees
Consultant
We can create multiple orgs and set up policies and management for them

Pros and Cons

  • "We can create multiple orgs and set up policies and management. We can also integrate with an APM solution"
  • "The only issue we have is that we have to buy an APM license separately for end-to-end monitoring."

What is our primary use case?

API gateway.

How has it helped my organization?

We can create multiple orgs and set up policies and management. We can also integrate with an APM solution. We have 1000-plus APIs to be built, policies set up, security handling, and API status in one portal. These are the high-level details. The developers in my team would be able to provide further detail.

What is most valuable?

CA API Developer Portal and API Security policy.

What needs improvement?

We did an assessment and are continuing with implementation. I would not say it's 100 percent perfect but, currently, all the features we anticipated using are working. The only issue we have is that we have to buy an APM license separately for end-to-end monitoring. That is something we are looking into.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

We have not experienced any issues with stability.

What do I think about the scalability of the solution?

We have not experienced any issues with scalability.

How are customer service and technical support?

Technical support is very good and responsive. We have a dedicated support person. Initially, we leveraged CA Professional Services.

Which solution did I use previously and why did I switch?

TIBCO Mashery which was good any for API gateway, but needs more monitoring and easier methods for setting up policies.

How was the initial setup?

Initial setup was straightforward. We were able to set up in five weeks, including policies.

What's my experience with pricing, setup cost, and licensing?

We need to know the ROI three years down the line. In terms of minimizing cost and licensing issues, I would suggest that you not buy piecemeal.

Which other solutions did I evaluate?

TIBCO Mashery, Mulesoft.

What other advice do I have?

I would suggest you do a PoC with CA, for feasibility.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Wilmer Jesús González Pacheco
Arquitecto de Soluciones at Puntos Colombia S.A.S.
Real User
Keeps clear traceability of the changes made in each of our APIs

Pros and Cons

  • "It allows us to keep clear traceability of the changes made in each of our APIs."
  • "The speed and versatility in the implementation of APIs without writing a line of code in any programming language."
  • "The solution has numerous configuration options to increase security in communication."
  • "The administration interface (Policy Manager) is very easy to understand and use."
  • "As a SaaS product, control over some configuration elements and environments is lost."
  • "Increase tools for manipulation of JSON messages."

What is our primary use case?

Administration and configuration of the platform API management version 9.2. SaaS, security configuration, design, and implementation of APIs, which are exposed to partners of the company for the execution of business flows. All this is done quickly and easily with minimal effort.

How has it helped my organization?

  • The API Gateway has allowed us to manage and maintain systems quickly, with great versatility, while solving problems in real-time.
  • It allows us to keep clear traceability of the changes made in each of our APIs.
  • A large number of security measures have been implemented which make data manipulation more reliable.
  • As a SaaS product, control over some configuration elements and environments is lost.

What is most valuable?

  • The speed and versatility in the implementation of APIs without writing a line of code in any programming language.
  • The solution has numerous configuration options to increase security in communication.
  • The administration interface (Policy Manager) is very easy to understand and use.

What needs improvement?

  • This is a punctual need for the characteristics of the business or at the request of some partners: It is the use and configuration of VPNs, which in the current version is not enabled.
  • Expose system properties and other configurations via the GUI (Policy Manager).
  • Increase tools for manipulation of JSON messages.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user778824
Design Engineer at Automatic Data Processing, Inc.
Real User
We are able to go to market and deploy our functionalities very quickly

Pros and Cons

  • "Compared to other vendors, this product is much faster in coming up with new features, which is good."
  • "We definitely get good responses from the technical team and they are quite responsive.​"
  • "We are able to go to market very quickly and deploy our functionalities very quickly."
  • "​There is still room for improvement for the CA API Developer Portal. It is still not on par with what the competencies are."

What is our primary use case?

It is primarily used for API Security. It has performed very well on the basic security front, but then this product is a suite of products, so it has multiples of products. We are not using all of the subproducts. Now, we are looking for a new use case where we want to use it for mobile apps. That is what we are currently exploring.

How has it helped my organization?

The time to go to market has been improved in developing new things while we use this product. We are able to go to market and deploy our functionalities very quickly. We are able to embrace newer security standards. We are able to do that easier because of this product, because of CA API management.

What is most valuable?

Security is definitely the top one, and other than that, it is a quite customizable product. I have seen that they are coming up with newer features and they are quick, coming into the market very quickly. Compared to other vendors, this product is much faster in coming up with new features, which is good. 

What needs improvement?

There is still room for improvement for the CA API Developer Portal. It is still not on par with where the competitors are. Other than that, the Core API seems to be very resilient and strong on the security front, but then the CA API Developer Portal is the only piece which I think can be improved. 

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It is quite stable. 

We have more than 100 nodes and things are going well so far. However, there are a few cases where we are learning about some outages and that is when getting good visibility of what is actually happening would be the key. In a few of the sessions of in CA World, I was able to get to know more about what additional add-ons we can do, how we can get good visibility, and what is lacking currently. 

How are customer service and technical support?

We did use technical CA support and it was really nice. 

There were very few scenarios where I was not able to get the answers, or maybe my use cases were maybe unusual use cases that they were not able to come up with the answers. Therefore, we definitely get good responses from the technical team and they are quite responsive.

There was one scenario where they said there is no solution for the kind of requirement that I had. For all of the scenarios that I have come across, they have been able to give me some solution. There was only one scenario where maybe my use case was quite unique.

Which solution did I use previously and why did I switch?

The solution was already in my company before I came.

How was the initial setup?

I was not involved in the initial setup, but I have been setting up new instances, and it is quite straightforward. 

What other advice do I have?

Getting new security standards so quickly into the product is definitely a new surprise. In the CA World, I am seeing a lot of new subproducts that they are introducing, which I was not even aware of. I think that definitely surprised me that CA is investing in the CA API management product and building new offerings and new solutions, which is really nice. That is where the industry is going and they are putting their time and efforts in the right solution and the right product.

The gateway and the new offerings that they are coming in are very capable. The two points that I am missing are primarily from the development standpoint. 

I would suggest CA API Gateway to my friends in some other companies who are trying to deliver it: more from the security standpoint, the ease of setting it up, using it, and customizing it. Those were the key factors that I would be promoting about this product to my colleagues or friends.

Most important criteria when selecting a vendor: Support and the new features that they bring into the product. Those are the key things based on which we are selecting the CA API Gateway

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user797973
VP Enterprise Solutions - Financial Services at Samsung
Video Review
Real User
A compelling platform that enables organizations to easily develop and roll out mobile applications

Pros and Cons

  • "They have got a very compelling platform that enables organizations to easily develop and roll out mobile applications."

    What is most valuable?

    CA has incredible reach in the market across industries. To have the opportunity to partner with CA has been great for us, a great exposure. They have got a very compelling platform that enables organizations to easily develop and roll out mobile applications. 

    A lot of their customers have come and said, "We'd like to be able to enable these mobile applications with biometric authentication capabilities." It is really a nice blend. We are able to provide that capability to enable that platform to deliver that to their client base.

    For how long have I used the solution?

    Still implementing.

    What do I think about the stability of the solution?

    Our solution has been around for several years now. It is FIDO certified. It has got compliance certification from the government, so it is very stable. The underpinnings of Samsung Pay deployed in South Korea. There are five and a half million consumers using that platform. That is one of the largest biometric deployments probably out there today. Then, we are a global organization, so we have deployments throughout the world and across different industries. 

    What do I think about the scalability of the solution?

    The solution is already supporting about five and a half million consumers in South Korea, so it is scalable. Today, there is a server element to that solution. From the client's side, it is SDK-based, but there is a server element. We can support about two million users on each server, then you can nest servers together. 

    We have no concerns about scalability at this point.

    How is customer service and technical support?

    We have not gone into production yet. We have not had direct experience with CA's tech support. I can tell you that our development and our technical folks have been working very closely with their development teams. They have teams in India that we work with and teams in Vancouver that we work with. It has been a really good experience for us. Because it is global, you have got to be around the clock to some degree. So far, there have not been any issues. We have a US-based tech support team that as this thing goes into production with clients, we will be leveraging that team as well as the CA team.

    How was the initial setup?

    There is a server element and a client-side element. The server side installation is fairly straightforward. We don't provide hardware for the server installation, but we provide specifications, then we will help an organization work through it. In pretty much a day or two, you can get a server stood up and working. 

    On the client side, it is integrating. You're taking this SDK, and you're integrating into native mobile apps. The complexity of that depends upon what you are trying to accomplish. Certainly, with simple use cases, we have had people spin this up in days. As you get more complex in the use cases, you might be looking at weeks. However, this is not a three to six month type of implementation timeframe. It is more of a three to six-week type of implementation timeframe.

    Which other solutions did I evaluate?

    I do not have a lot of competitive information on other mobile access or mobile API gateways. So, it is hard for me to say how it ranks against other competitors. I will say that it seems like it is deployed in dozens, if not, over a hundred different companies. That says for itself that it is a very strong product. 

    What other advice do I have?

    I would put it up in the eight to nine category out of a 10, if I had pinpoint a number.

    Most important criteria when selecting a vendor: CA is extremely appealing because of the reach that they have across industries, and they are pretty deep in many industries. They bring some brand recognition to the table, and obviously Samsung has a very strong brand as well. You combine those two brands, and that just creates a compelling offering which will get the attention of companies out there. 

    Obviously, the support piece is important, the product stability, and how robust that product are very important to us. We look at that on a number of different dimensions.

    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    ITCS user
    OSS Enterprise Architect
    Real User
    Cyber security and having a centralised API management platform is very important.

    Pros and Cons

    • "The actual management of APIs is fundamental to us, as we're a heavy API user/provider. So, obviously, a centralised management platform is important."
    • "The developer portal needs to fully supported SOAP services (including WSDL publication with security), it would certainly push adoption for us."

    What is our primary use case?

    We use this as a Cyber security appliance and also as a centralised API management platform for partners.

    How has it helped my organization?

    We've got all sorts of threat protection in the API Gateway, from DDoS through to SQL injection and things like that. These are standard features that we use within policies that we drive out the Gateway.

    We've got a security policy fragment that we know is consistent across all the APIs we expose via the gateway. Also, as it's a fragment, we can add to it at any point, as new vulnerabilities are discovered, which will then secure all the services/apis that use it. This gives us greater agility and confidence that our APIs are secure.

    What is most valuable?

    Security is the fundamental use of the gateway so the security assertions are heavily used and are consistent. We also use it to broker asynchronous messaging across DCs transforming between messaging technologies to provide real time updates for customers in a really secure way.

    Also, the actual management of APIs is fundamental to us, as we're a heavy API user/provider. So, obviously, a centralised management platform is important.

    What needs improvement?

    We have cases open around the SQL injection capabilities that need improvement. Cross-origin resource sharing policies need to be made a common assertion in the Gateway, that's not there at the moment out of the box (although it is available as a policy fragment). 

    The developer portal needs to fully supported SOAP services (including WSDL publication with security), it would certainly push adoption for us.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    Verbose logging in production has caused us a couple of issues, never enable this in production! In addition pay attention to name servers for DNS.

    What do I think about the scalability of the solution?

    Scalabillity, like most things, is in the hands of your own business to implement. The gateway is flexible and can be scaled to the level you see fit. Be aware though, verbos logging will bring your platform down in seconds, so only use in non-production environments.

    How are customer service and technical support?

    We have a few cases open. I'd say I'd give an average rating of around 7/10 for technical support. Some people have been very helpful and others not quite so.

    Which solution did I use previously and why did I switch?

    We use Microsoft IIS in other areas to expose services against a load-balanced cluster. So we have these bulk security components within it. They've never been compromised but we thought we'd would add an off-the-shelf security appliance to add an additional layer that also comes with API management capabilities.

    How was the initial setup?

    The setup was complex, definitely complex. As above, don't underestimate the effort required to build a HA/FT instance of this for both the Gateway and the Developer Portal. Be aware of additional licenses for your warm standby. Ensure you get plenty of non-production licenses.

    What about the implementation team?

    Both. The vendor team seemed technical enough. Note: Ensure that your in-house teams and the vendor supplied staff are fully aligned to make deployment efficient. Deploying the gateway platform is a full project and would need managing as such.

    What's my experience with pricing, setup cost, and licensing?

    There has a been a lot of confusion with pricing and licenses, especially around the number of cores. In addition, don't underestimate the effort required to build a HA/FT/DR instance of this for both the Gateway and the Developer Portal. Be aware of additional licenses for your warm standby. Ensure you get plenty of non-production licenses.

    Which other solutions did I evaluate?

    I don't remember all the evaluated options. We reviewed, it must have been six or seven, maybe more, API management vendors.

    What other advice do I have?

    I would say that, although the Gateway is geared up for managing SOAP services, the developer portal isn't. It's a gap for us, which means the developer portal isn't quite as good as we thought it was going to be for managing SOAP services ( which we have quite a lot of). They're not discoverable in the portal, as are RESTful services.

    Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    it_user778806
    Owner at Clarity Iq Inc
    Real User
    Rapid development and deployment of APIs; I can present data in the format in which the client wants to consume it

    Pros and Cons

    • "There are a couple aspects of performance. One is just speed and uptime, and it's stellar in that regard. The other is, how much effort is it to put it in place in the first place, and then how much effort is it to keep it operational. That's where its real strength is. I'm able to do things quickly and easily that I couldn't do before​."
    • "The benefits are rapid development and deployment of APIs, which means that your information, your ability to handle information, to receive it and to send it, to visualize it, to report on it, to get intelligence out of it, happens fast and happens with accuracy."
    • "The most valuable feature is that it enables me to present data in the format that the client wants to consume it. That client might be a visualization tool, that client might be a report, that client might be a customer's API requirements."
    • "The latest version that just came out at the first of October really was a powerful move in the right direction. I was very, very pleased with that because it allows now beginning to use information of things. We've got this IOT infrastructure that we can plug into, and for my use cases there are a lot of outdoor sensors that provide valuable information to my customers."

      What is our primary use case?

      I use CA Live API Creator to integrate data from a variety of sources, and then to provide an API response to calls from my client applications.

      There are a couple aspects of performance. One is just speed and uptime, and it's stellar in that regard. The other is, how much effort is it to put it in place in the first place, and then how much effort is it to keep it operational. That's where its real strength is. I'm able to do things quickly and easily that I couldn't do before.

      How has it helped my organization?

      The benefits are rapid development and deployment of APIs, which means that your information, your ability to handle information, to receive it and to send it, to visualize it, to report on it, to get intelligence out of it, happens fast and happens with accuracy. Faster is better.

      It really allows us to do things that we just weren't doing before, things that we always talked about doing. Some things that we talked about doing for decades.

      One of the things that we talked about doing for decades was the ability to bring data together from different sources, sources that maybe wouldn't otherwise be available. Maybe they were not ours to own. Maybe they were in a place where we just couldn't connect securely to them and enforce our security policies. What we can do is, as those things have developed APIs, we can consume APIs so we're building an API to consume an API to deliver an API. People can keep their roles and responsibilities, they can be responsible for their data integrity, and yet we can use that information to do what we need to do.

      What is most valuable?

      The most valuable feature is that it enables me to present data in the format that the client wants to consume it. That client might be a visualization tool, that client might be a report, that client might be a customer's API requirements.

      The challenge is, how do you get the data structured in the way they want it, as opposed to how do you get them to change. My job isn't to make them change, my job is to give them what they want. Honestly, when you give people what they want, it's easy. When you try to get people to change what they're doing, it's hard.

      What needs improvement?

      The latest version that just came out at the first of October really was a powerful move in the right direction. I was very, very pleased with that because it allows now beginning to use information of things. We've got this IOT infrastructure that we can plug into, and for my use cases there are a lot of outdoor sensors that provide valuable information to my customers.

      As we've brought on MQQT, and other ways of talking to those sensors, that just makes my life easier. I'd to continue to see them expand the scope of the product. But I can say that I've been extremely pleased with the work they're doing. They're not sitting around, every six months we get a release with major improvements.

      Larger organizations have a real challenge. They have to control all the people that touch their data, and when it goes wrong - you've seen it on the news recently - it ends up being major headline news story. "Equifax exposes data to 150 million customers." That's intolerable to these customers.

      What happens is that the companies that are working with that type of data have extremely rigid policies for who can get access to what. As we continue to develop the product in that regard, we would like to see continued integration with other CA products that accomplish that goal. I'm not saying that it doesn't do it now, I'm just saying that scenario where there can be continuous improvement.

      For how long have I used the solution?

      Three to five years.

      What do I think about the stability of the solution?

      I've used it for four years and I have not had any issues with downtime or with performance. That's partly because it's leveraging networks; modern networks are stable. Ultimately, people want their Netflix and their movies over the networks. There is a lot of money going into uptime, and performance, and speed of mobile networks, of physical networks, that we just leverage.

      We benefit because of the performance of those networks. All we're doing is leveraging public networks to move data securely.

      What do I think about the scalability of the solution?

      In my use case, I've not dealt with the type of data that usually responds to the scalability issue. Generally, when people ask that question, they're talking about scalability of hits, scalability of users. Where, all of a sudden now, you have tens of thousands of records happening within a very short period of time - will this scale? I don't have tens of thousands of records happening in split seconds. However, I do know that the product's been tested to that and has demonstrated outstanding scalability results in that regard.

      There are other aspects of scalability. You might consider how well can I bring on new customers, how well can I scale my development team, how well can I handle additional API integration. Because of the efficiency of the product actually doing that, pulling data from disparate sources, and integrating it into the response format that I want, that my customer demands, that's so easy. It's 10 times, 40 times, 100 times faster than the way we used to do it, and that makes it very scalable.

      How are customer service and technical support?

      I use the technical support extensively. I actually read the documentation. I know that's not something that people normally do, but I actually read the documents. One of the guys said, "If so and so, whoever writes it, knew that, she'd kiss you." And I said, "Well, maybe we shouldn't go there, but... "

      I actually call them, and they've been wonderful because I have their cell phones, I can text, I can call. They probably don't want everybody to do that, but they want their products to succeed, they want me to succeed, and I want to work with a vendor that wants me to succeed.

      Which solution did I use previously and why did I switch?

      You look where your pain is. If you can perceive pain, you know what you need to do. Where does it hurt? That's what you need to work on.

      A different solution didn't exist. You developed things in code. You used C++, you used Java, because that was the only way to do it, to build it yourself. Now, much of the lifting is done, but the extensibility is still in the product. What you're forced into, or what you have the opportunity to take advantage of, is a system that has done a lot of the hard and mind-numbing, repetitive tasks; simplified so many of the things that you would have to do. Incidentally, that creates an opportunity for a mistake. Those things are automated, but the extensibility is still there on the product, so you can still do the things that are specific to your business's needs.

      How was the initial setup?

      I'm going to assume that this question is asking, "Was I involved when we got on board with this product?" Yes, because I bought it. They were there for support but the question is not relevant because it's so easy. It's deploying a WAR file. If you can deploy a WAR file, you're done.

      Which other solutions did I evaluate?

      Where I got involved with CA on this product, there were not really competitive products. Since that time, there probably are some companies that have come out, but honestly, I am busy enough, I don't really look because there's no reason to divorce myself from CA on this product.

      What other advice do I have?

      When selecting a vendor, there are a couple of things that you have to look at. One is: Are they going to be around? That's always a concern because if you've committed to something and the rug gets pulled out from under you, then you're scrambling. Depending on the time that happens, you might not have the time or the money to scramble. What if you're in the middle of a big implementation? CA has been around since the beginning. They're a four billion dollar a year company, something like 13,000 employees, I'm not worried about that. Yet they're easy to work with.

      There are a couple of products that I work with that have not let me down, and there are a lot of products that have. I always use Microsoft Excel of an example of this. Excel is a wonderful product, you can do so much with Excel, it's an incredibly powerful product. But there are many times where Excel just leaves me short. I just can't do what I need to do with it. It has limitations, fundamentally.

      There are a couple of products that I've worked with in my life that I haven't run into that. Maybe I still will someday, I don't want to be delusional, but this product, when I've had a need, I've been able to get it to work and that's nice, I like that.

      It's hard for me to give tens, but I would give it a 10 out of 10.

      My advice would be: Focus on its extensibility because of that exact issue we just discussed. There are so many times when you look at a product that is a tool to make something easier. Maybe you're building a web-based application. There are a number of tools on the market that make that a drag-and-drop opportunity or a drag-and-drop process. Those tools are great for the weekend warrior, you can get something done quickly. Maybe you're a high school kid and you want to build an app for something. (Access database would be like that too. You can get a database and it's not that hard, and you can make a form, but they're not enterprise class). 

      This product, at first blush, looks something like it's one of those weekend warrior tools, but it's not. It's an enterprise-class tool with the kind of usability that you wouldn't expect. And with that usability - how do you have your cake and eat it too? Well, it's because of the product's extensibility. It's very well-integrated with your existing Java library of processes and procedures, as well as your ability to write new extensions to it. You get so much of the base functionality but you don't give up the ability customize.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      it_user778875
      Lead Software Developer at United Services Automobile Association
      Real User
      Easy to use, and with templating we can easily add new APIs, apply security to them

      Pros and Cons

      • "It's pretty easy to use, and once we have templating set up we can add new APIs, at least through the gateway, and apply the security to them; it takes a minute."
      • "The scalability has been good. We haven't had to scale up a whole lot, even with all the extra transactions we're running through it. We're in the area of about 2 and 1/2 million OAuth tokens issued per hour, and it's performing fine with that."
      • "It would be nice if we could create APIs directly from Swagger files. We're doing that ourselves with a middle layer. But if you could integrate with open API Swagger specs, and then just create a Swagger and upload it to the gateway and it would create all my API template policy, and would apply the OAuth restrictions, the types of security restrictions I have on there, that would be pretty cool."
      • "The OTK, however, is a complex upgrade. They tend to change the schemas on the database behind it, between the versions, which can be a pain to have to migrate all of our existing clients from one database schema to the other."

      What is our primary use case?

      Mainly for our API gateway. We use it for onboarding APIs and then getting those internally. We have them through the B-to-B channel, we have them through a member channel, and then internally as well, to service our APIs.

      It has performed pretty well. We've had an issued with scaling, internally, when we slammed it one time with a very, very high rate of transactions; we're talking like 65 million an hour. Whenever we did that we weren't ready for it yet, so we had to back out, but it's been good.

      How has it helped my organization?

      It's pretty easy to use, and once we have templating set up we can add new APIs, at least through the gateway, and apply the security to them; it takes a minute. 

      We actually have it automated in our Dev environment, where developers can come in and fill out a form with an internal tool. They specify their API, the endpoint they want, this is what they want, and boom, it creates it in Dev and then they can move it up to test and then put in a request to get it to product.

      We've used it for so long that I really can't say that it's improved the way our company works, but it works very well for us.

      What is most valuable?

      I'm mostly involved in using the OTK for OAuth security. We use the OAuth for all of our reactive APIs, for B-to-B to come in, and we're starting to onboard those now. 

      It's been pretty easy to use so we enjoy that, other than a couple of challenges we're having with it currently.

      What needs improvement?

      It would be nice if we could create APIs directly from Swagger files. We're doing that ourselves with a middle layer. But if you could integrate with open API Swagger specs, and then just create a Swagger and upload it to the gateway and it would create all my API template policy, and would apply the OAuth restrictions, the types of security restrictions I have on there, that would be pretty cool.

      For how long have I used the solution?

      One to three years.

      What do I think about the stability of the solution?

      Stability has been fine for us in tests. We have a challenge around some log rolling and it bringing it down in tests, but in production it's been great.

      What do I think about the scalability of the solution?

      The scalability has been good. We haven't had to scale up a whole lot, even with all the extra transactions we're running through it. We're in the area of about 2 and 1/2 million OAuth tokens issued per hour, and it's performing fine with that.

      How is customer service and technical support?

      It seems to work pretty well. Sometimes it takes a little longer to get answers than we would like, especially to some low-level ticket where we just had some questions about why this thing is working that way or that way, not high priority stuff. It would be great if we could get those answered in a day or three, instead of two weeks.

      How was the initial setup?

      I was not involved in the initial setup but I am involved in the OTK upgrades.

      Well when we went from 9.1 to 9.2 it was pretty straightforward. The OTK, however, is a complex upgrade. They tend to change the schemas on the database behind it, between the versions, which can be a pain to have to migrate all of our existing clients from one database schema to the other. It also means working with the DBAs to set up side by side schemas so we can get them moved and switched over in a fully available.

      What other advice do I have?

      I don't really select the vendors, but my most important criteria would be

      • available support
      • industry use of the tool
      • that it can solve all the problems I need it to solve, as many out-of-the-box without customizing it as possible.

      CA is great. It depends on your use case of course, how much you want to go with that, because it can get pricey and depends on the size of your company. I've got a bunch of friends with little start-ups, so it's nothing they would be able to onboard, but I would definitely tell them to check it out.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      it_user778983
      Prof IT System at a comms service provider with 10,001+ employees
      Real User
      Maintains the security of our APIs and our business transactions

      Pros and Cons

        • "We are looking for improvements related to integration. We want to see them add integration tools to the CA bundle. That would be helpful."

        What is our primary use case?

        We have a full, classic, API gateway currently. We want to leverage it to use the microservices, with the help of micro API gateway, to support our business or e-commerce platform, the API traffic. That's our main our goal, to move further toward a microservice with a Docker container.

        We implemented it in a non-prod and it is good. But we want to move into production going forward. Performance-wise it’s good, and we are not seeing any issues.

        How has it helped my organization?

        The benefit is maintaining the security of the APIs and securing the transfer volume of the enterprise for any business transactions.

        What is most valuable?

        The main feature is the security, and then the performance of the APIs is good. The monitoring part is also helpful.

        What needs improvement?

        We are looking for improvements related to integration. We want to see them add integration tools to the CA bundle. That would be helpful.

        What do I think about the stability of the solution?

        Stability-wise it's good. We are not really seeing any issues. We have had CA products for almost four years, and until now we haven't see any outage or any impact of the gateway.

        What do I think about the scalability of the solution?

        Scalability is good. With the new/future version of the gateway, we can easily scale up or scale down the gateway instance in the Docker container.

        How are customer service and technical support?

        Technical support, the CS support, is good. They respond promptly. They give guidance and they give recommendations to improve the platform performance.

        Which solution did I use previously and why did I switch?

        We were previously using a different API gateway. We had some issues with those servers. We did some evaluation in the market. I evaluated server software and IBM DataPower and Intel products. Finally, based on all the features, like security, we decided that the CA product is the best suited to the needs of Motorola's business.

        How was the initial setup?

        I was involved in the initial setup. We brought in CA Professional Services to help start the infrastructure in our installation.

        It was not complex, documentation-wise it is good. CA maintains the documentation very nicely, so based in the documentation we were able to set up the environment. It is all straightforward.

        What other advice do I have?

        The main thing we look at when selecting a vendor is what partners are using them and how successful they are in that business with the product. Then we'll look at industry ratings. Based on that we will consider if we need to go with that product or not.

        I rate it a nine out of 10 because the product is not only one product, API Gateway. If I want to monitor the gateways, I need to go with other CA products. It's not like a package, it is multiple products. So if it was a complete bundle, then I would rate it better.

        I would recommend going with it.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user778995
        Integration Architect at a comms service provider with 10,001+ employees
        Real User
        Provides API security as well as performance and flexibility, on-premise, on-cloud, hosted

        Pros and Cons

        • "It can be scaled as we need. And it can be used in different regions. We have different data centers in the U.S. and Beijing. We use it on-premise, on-cloud, and it can be hosted and used at any place and scaled across the regions."
        • "Every API that we get from external or from internal goes through this layer first, and it should not be a bottleneck. That was the problem we had before. Now it's no longer a bottleneck. It's more like a throughput, this process is less than 10 milliseconds for any particular API."
        • "One day, where we can have a microservices gateway and we will not need the classic gateway at all, that is what we want to see."

        What is our primary use case?

        Security. We have a lot of APIs, a lot of web services inside Motorola, and we wanted to have a solution which can secure all our APIs.

        So far it has been doing well. But we are looking towards microservices technology. And we heard here, at this CA World conference, that they are coming up with a microservices API gateway. That is something that we would be interested in looking into. 

        But as far as far as the classic API gateway goes, I think it is definitely doing well. We were bought by Lenovo, and eventually Lenovo, which did not have this solution, has also been convinced to use it. So overall, as one company, both Lenovo and Mortola will be using this product.

        How has it helped my organization?

        It can be scaled, especially the current version. It can be scaled as we need. And it can be used in different regions. We have different data centers in the U.S. and Beijing. We use it on-premise, on-cloud, and it can be hosted and used at any place and scaled across the regions. That's the primary benefit we have seen; other than providing security and the performance.

        What we had before, Forum, obviously was not reaching our performance requirements. This really helped us, because every API that we get from external or from internal goes through this layer first, and it should not be a bottleneck. That was the problem we had before. Now it's no longer a bottleneck. It's more like a throughput, this process is less than 10 milliseconds for any particular API. 

        So the number of transactions that we are able to process per second and the number of instances that we can use are benefits. 

        Even before microservices API gateway came into the picture, two years back, CA really worked with us and helped us to get hourly pricing, so that we could spin up, spin down instances as we need, like during Thanksgiving or Christmas. So the product, by itself, is great, and the flexibility that CA has given us out of this product is really great.

        What is most valuable?

        From the security point of view it provides lot of features, as well as performance. I think it's 4000 transactions per seconds, per node, is what the performance is. So those two are major features that we have been looking for. It does both in a great way.

        What needs improvement?

        Microservices gateway is one thing in which we thought would be really good. It has come up, we just have to see how it's going to play out. Obviously, it's not going to replace the classic gateway, although we want to see that something in the microservices gateway that can actually replace classic gateway. That would be really nice. Right now, I don't think it's completely replaceable. It's just a part of it, but eventually they're saying that it will replace. So one day, where we can have a microservices gateway and we will not need the classic gateway at all, that is what we want to see.

        What do I think about the stability of the solution?

        We have never had any issues, to be frank. From the time that we had it installed we have never had any issues, whether in the non-prod or in production. So I would give it top rating from the stability point of view.

        What do I think about the scalability of the solution?

        As mentioned, that's one of the great features, the scalability. We were able to scale up in incidences as needed, and scale down. So again, completely flexible. Top-rate, from the scalability point of view.

        How are customer service and technical support?

        We use technical support only when we do the upgrades. My team, we always try to be at the latest and greatest version. Whenever they release, the next week we are already there, both in test and production. So when there's a new release, obviously there are some important technical features of which we are not aware. To learn about them we use the technical team. 

        But other than that, from our point of view, as I mentioned, it has been pretty straightforward and pretty stable. We don't have a need to reach out to them, except when there are new features and we are migrating.

        They're good. They have been really helping us. As I mentioned, CA as a whole has been a great partner for us and has been helping as we need. Whenever we need their support, they are there. Whenever we need information, they are there.

        Which solution did I use previously and why did I switch?

        We were using Forum before, but we wanted a much more flexible solution that scales and has better performance. That's why we chose CA's API Gateway, to resolve our security, and provide the best performance for all the APIs that we have.

        How was the initial setup?

        It wasn't really all that complex. What we had before was really pretty complex. When compared to that, what we have with CA is not.

        Which other solutions did I evaluate?

        We evaluated Forum, obviously. Layer 7 is one we looked into. Axway. IBM, because we use it a lot for e-commerce, so that is an API gateway we have been looking into.

        What other advice do I have?

        Among most important criteria when selecting a vendor, the first thing is pricing. After that features, obviously, and then the performance and stability.

        We would definitely recommend implementing Layer 7. The only reason you might not implement it is if you are looking at open source, but open source comes with its own issues and cons. But if the cost is not an issue, Layer 7 is the top and I would definitely recommend it to anybody.

        Disclosure: I am a real user, and this review is based on my own experience and opinions.
        it_user778812
        Technical Principal at FedEx Corporation
        Real User
        We can get more visibility into our data with their tool, however their upgrade solutions are complex

        Pros and Cons

        • "It is fairly stable for the Gateway side."
        • "We can get more visibility into our data."
        • "The Gateway can front our APIs very easily."
        • "​The initial setup was very complex."
        • "The Portal is not stable."

        What is our primary use case?

        The primary use case is we are using the API Management Suite. It has the Gateway and Portal, and we are using the Gateway to front all the APIs in FedEx.

        The Gateway is performing very well. The Portal is not.

        How has it helped my organization?

        We can get more visibility into our data.

        The benefit of the Gateway is that it provides security, authorization authentication, and analytics. These are the main benefits which we are using it for. 

        What is most valuable?

        The most valuable, for the Gateway, is it can front our APIs very easily, and it can integrate with FedEx easily, so those are good. 

        For the Portal, we are able to manage with APIs and documentation. However, there are a lot of improvements, which could be done on the Portal side.

        What needs improvement?

        For additional features, I would like to see how it can be deployed into the cloud platform out-of-the-box and not having to do a lot of the initial setup. If it can be done out-of-the-box, that will make customer's life very easy.

        Their upgrade solutions are not straightforward. Therefore, we are running the older version. We wanted to go to the latest and greatest. However, it is really complex going from where we are to the next one. 

        What do I think about the stability of the solution?

        It is fairly stable for the Gateway side. However, not for the Portal side.

        What do I think about the scalability of the solution?

        We have seen that it can scale both vertically and horizontally. 

        How is customer service and technical support?

        We have used technical support quite often, and they are really good. We have opened multiple tickets, and they are very responsive, especially for the Severity 1 tickets. 

        How was the initial setup?

        The initial setup was very complex.

        What about the implementation team?

        CA Service was helping me with the implementation. 

        Which other solutions did I evaluate?

        Initially we were looking into different options. We looked into Apigee, Axway, and CA. We did the whole evaluation, and CA come out to be the winner, because CA is the market industry leader.

        What other advice do I have?

        From CA's new technologies, it looks like CA is moving in the right direction.

        Look to your performance matrix and your benchmarks. What are you interested in? If you are looking for support, this is definitely the best solution. 

        Most important criteria when selecting a vendor: Performance is one of the major ones. Security is another. 

        Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
        it_user778623
        Enterprise Architect at DXC Technologie
        Real User
        I love the composability of the policies, and having visibility into who is using which APIs

        Pros and Cons

        • "I love the API Gateway, especially the architecture, in terms of the composability of the policies. We approach it from a very software-engineering approach.We build on the policies, like legal blocks, and we deploy them throughout different environments. It's been working out great for us."
        • "Some of the performance matrix that API Gateway gives off, we monitor them via SNMP traps, and then we tie them into our monitoring system. You can actually monitor some of the latencies and some of the performance aspects of both API Gateways, as well back end services. So having that line of sight surely helps in terms DevOps."

          What is our primary use case?

          We have the API Gateway deployed in production. The primary use case is for the API Gateway to provide API access, and authentication, and authorization for the APIs we expose through our product. 

          I am also looking forward to having the API developer portal deploy as well so we get a bit more insights into the analytics part, and also some of the API lifecycle management associated with it.

          I love the API Gateway, especially the architecture, in terms of the composability of the policies. We approach it from a very software-engineering approach.We build on the policies, like legal blocks, and we deploy them throughout different environments. It's been working out great for us.

          How has it helped my organization?

          It definitely helps a lot with the DevOps and the support. Reliability is one thing, and having visibility into who is using which APIs. 

          Some of the performance matrix that API Gateway gives off - we monitor them via SNMP traps - and then we tie them into our monitoring system. You can actually monitor some of the latencies and some of the performance aspects of both API Gateways, as well back end services. So having that line of sight surely helps in terms DevOps.

          What is most valuable?

          The most valuable feature, as I mentioned, is the composability, because we use a lot of functionalities. 

          Also, right now we're looking into the Dockerized version of API Gateway because that would allow us to flow nicely into our Microservice Architecture.

          What needs improvement?

          The more automation the better. I think CA is stepping in the right direction. I went through the micro API Gateway presentations here at the CA World conference, on how you can automate more of the policy deployment via the JSON format, so you don't even having to touch the Policy Manager. Because every time you touch something in the Policy Manager you think, "Well, that's a GUI, humans need to go in and do something with it." So if we can automate everything with the APIs, that helps a lot in the DevOps lifecycle, where we want to automate everything.

          For how long have I used the solution?

          One to three years.

          What do I think about the stability of the solution?

          I've always been a fan of API Gateway. In the past we've used various API Gateways, some of them are open source. It's definitely very reliable and robust. The three years that we have them in production, not a single instance of downtime due to the API Gateway. We have issues, but it's mostly because of API backend issues or low balance issues and such, but API Gateway has been pretty reliable for us.

          What do I think about the scalability of the solution?

          The scalability has been good. Now we have exposed the APIs, we have a four-node cluster of API Gateways in production. It's been scaling out well for us. I haven't had any issue yet.

          How is customer service and technical support?

          I have ended up using technical support several times. I think it's fantastic. I've been working with a particular technical person in CA and he's been really, really helpful. He's been very busy, but the support that he gives me is above and beyond the call of duty.

          Even going through the 24/7 support I usually get the answer back within 24 hours.

          How was the initial setup?

          It was three years back, and at that time there wasn't a lot of automation going on with the API Gateway. It was a lot manuals, so we're using the OVA version of the API Gateway. As time went on, with the API Gateway you can pretty much auto-provision things. But two years back at least, I wasn't aware of that, so there was some manual steps. But even manual it was still quite painless to get it done.

          Which other solutions did I evaluate?

          We did do some evaluations against other products. Just to name a few, we looked at Mulesoft, WS02. We went with CA because the solution is simple to implement, it fits our use case well, and in terms of price point it also chimes well with our VPs.

          What other advice do I have?

          I like that CA is continuing to improve the product, looking for new solutions using the API Gateway. That's something that we're familiar with. And that they're trying to make it work for different types of architectures. As I mentioned, we are moving toward Microservice Architecture and having the Docker form and the micro API Gateway to help with those kind of architectures is really helpful.

          I'm an engineer, so from my perspective things have to be simple. If things get way too complicated then maybe you don't have the right solution, or you're not using the right solution to solve the right problem. In that case you may want to look for a different solution.

          When selecting a vendor, as an engineer the solution that's offered by the vendor needs to be simple enough to solve my problem in an efficient way. Of course, I don't worry too much about cost because I'm not paying for it, but certainly cost does play a part in terms of licensing scheme.

          The solution you choose depends a lot on the use case, so without really understanding a colleague's use case it would be hard for me to recommend anything at all. Definitely, if they want functionality like API management, I would recommend looking at CA to see it fits their use case or not.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user779280
          Senior Manager Global Devops at Encore Capital Group
          Vendor
          Ease of use, a good search feature, and reliability are the decisive features for us

          Pros and Cons

          • "Easy to use, nice UI, and good search functionality."
          • "Needs to work better with DB2 UDB."

          What is our primary use case?

          Our primary use case is for API management. We use it as a security gateway in our DMZ and ESB and our trusted zone.

          It works great. We haven't had any problems, it just runs.

          How has it helped my organization?

          Day to day functionality. It just works and it's easy to use, that's the best part of it.

          What is most valuable?

          Most valuable features are 

          • the ease of use
          • a very nice UI
          • you can navigate through the screens
          • a very good search feature.

          What needs improvement?

          I would like to see it work better with one of our back-end databases, DB2 UDB. Other than that, I really don't have any complaints so far. It's doing everything we need it do.

          For how long have I used the solution?

          Still implementing.

          What do I think about the stability of the solution?

          Stability is great. We run a high resilient load balance configuration. We haven't had any problems with it.

          What do I think about the scalability of the solution?

          It scales.

          How are customer service and technical support?

          We have not used technical support yet. We have not run into any problems yet.

          Which solution did I use previously and why did I switch?

          We had API gateways before, we just divested from IBM and went with CA.

          How was the initial setup?

          We bought 16 gateways earlier this year and we're setting them up right now. It's good. Straightforward.

          What other advice do I have?

          When choosing a company to work with and buy from, they need to be industry-rated, they need to be one of the upper-right companies for strength, vision, and performance.

          If I were advising a colleague at another company who's searching for a similar product I would tell them to talk to CA.

          Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
          it_user778770
          Solution Architect
          Vendor
          Protects our web services from external attacks, with security and authentication

          What is our primary use case?

          To protect the web services, security, authentication; protect against any kind of attacks from external sites.

          We have been using API Gateway for four years and we have huge class actions, like 600 parts per second, and we have not seen any issues as of now. It's stable.

          What is most valuable?

          Security.

          We get a lot of class actions, payloads, which have real security requirements, like personal identification information. So we need to protect all of this information, make sure it is secure. 

          Also, we can handle the huge class actions we get from different clients.

          How has it helped my organization?

          It really benefits us a lot because, since we are maintaining financial information, personal identification information, we need to protect the customers' data as well as the clients' information. We can encrypt the payloads and decrypt the payloads and do SSL authentication. We can also store the files in the Amazon bucket with the encryption file.

          What needs improvement?

          We're integrating the cloud. I would like some more integration of cloud capabilities.

          For how long have I used the solution?

          Three to five years.

          What do I think about the stability of the solution?

          Regarding stability, we have not seen any issues as of now. It's a more stable product.

          What do I think about the scalability of the solution?

          Scalability is very good.

          How are customer service and technical support?

          We haven't had any issues. It's more stable. We didn't even have to touch anything.

          It's a more stable product and we have very good support from technical point of view, but not from a professional point of view. We have some issues with Profession Services. But technical are always good, they support us as quickly as they. They give us solutions for customers, which is really helpful.

          Which solution did I use previously and why did I switch?

          We were using an IBM product. We switched because we had some constraints, technical issues, support issues, and some other issues like use cases.

          How was the initial setup?

          I developed the PoC and then moved it to production.

          The setup is not complex, and we got very good support from CA technical support and Professional Services. I felt the technical support was really good compared to the Professional Services.

          Which other solutions did I evaluate?

          We did evaluate other vendors but we finally chose API Gateway.

          What other advice do I have?

          In general when we are picking vendors, the most important criterion is support. When they can really help us we feel more confident.

          I give it a 10 out of 10 compared to other products. I would definitely recommend CA API Gateway.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user778716
          Solution Architect at a pharma/biotech company with 1,001-5,000 employees
          Vendor
          Facilitates securely exposing APIs to the internet, but the Policy Manager UI needs work

          What is our primary use case?

          We use the API Gateway as a front door to access our APIs that we host internally, to enable us to get involved in the digitalization.

          It has performed very well, actually. It's given us new capabilities that we never had before and gives us more confidence in increasing the number of APIs that we actually have.

          What is most valuable?

          I think the flexibility. It's very configurable. Each policy is very customizable, where we can accommodate different capabilities that our trading partners actually have. Even though from a textbook standpoint, there's always a certain ideal pattern that you want to apply, that's rarely the case with our trading partners. That flexibility is very important.

          And the main point of the Gateway is the security aspect of it. It's very good from that standpoint. It has met all of our expectations. We're very happy with that.

          How has it helped my organization?

          It gave us new capabilities that we really didn't have before. We didn't have a good way of exposing APIs to the internet in a reliable, secure way. It gave us that ability. 

          It also gives us a focal point where it's allowing us to consolidate our portfolio. Where before - Cargill is a very large company - from one business unit to the next, they didn't necessarily know what we actually have. This product enables us to consolidate that, so there's one place to look.

          What needs improvement?

          The tool itself, I think, could be better. Along with the flexibility it does have, I wish it had a little more modern user interface. For troubleshooting, debugging, that kind of thing, it could definitely be better. I would like to see improvements in the user interface, for sure for Policy Manager. That's the developer's tool. 

          Debugging seems a little bit archaic by modern standards. I would like to see that improved. 

          I would like to see better documentation for the development language itself. I think they took a step backwards, actually, when they published all their documentation online. Accessibility is better because it's on the web. But the content seems to me to have taken a step backwards. Not enough details, more difficult to find specifics. And you would almost think that would be the opposite, but the feedback I've gotten from our developers, and my own experience, is that it's not the case.

          But in terms of the structure of how the language works, it's pretty good. It gives you a lot of flexibility and allows you to accomplish a lot quickly.

          So, in general, improvements in the UI, usability. Like I said, it seems dated in terms of how it works, by modern standards. I think they could go a long way to refurbishing the whole UI.

          What do I think about the stability of the solution?

          It's been very good. 

          We have had some issues. Technically it's like a database replication issue, where our operations people tell me that the audit logs have been quite large, and that has caused some replication issues between the two nodes in our cluster. 

          But outside of that, it's been very good.

          What do I think about the scalability of the solution?

          We're relatively new to this so I don't think we're taxing the capacity of our gateway at all. In the business that we're in, I don't think that we're going to get to huge volumes anyways. Our goal is to leverage it more. So far, that hasn't been an issue at all.

          The biggest thing for us would be that currently it is deployed in one region. We're a global company, so that technically is a little bit of a constraint for us. We haven't been able to deploy more gateways in other regions mainly due to cost of licensing.

          How are customer service and technical support?

          Overall it's been very good. 

          There are two perspectives. We've used our technical sales contacts. They have been very responsive and very good. We're lucky that we have a couple of them local in our city. They've actually come on-premise to help us. That's been very helpful, very good. Professional services has been really good too. I've spent a lot of time with them. Again, their expertise has been very valuable. 

          From a ticket support point of view, where we submit a ticket, I would say that's been a little bit less helpful, in terms of responsiveness, and conveying the actual issue to the person. Once you get them on the phone, and have a one on one working session - which they have been willing to do - that's been very good. But through the ticketing system and the support website, it could be better.

          Which solution did I use previously and why did I switch?

          It was a gap in our company. We knew we had APIs that we wanted to leverage and work with our trading partners, for them to access it. But working with our security team, we knew that we didn't have a good way of exposing them securely. That was a roadblock for our business. We couldn't make them accessible because of polices. API Gateway filled that gap and enabled us to use best practices to expose our APIs.

          How was the initial setup?

          I have been involved more from the development standpoint. We're set up in two groups, an operational side which sets up the infrastructure, does actual server software; I haven't been involved too much from that standpoint. It's more in the development side, to get initial templates together and patterns that we're going to apply. And just coming up with some standards for our developers to use.

          I would say it's complex. But I think part of it is just the nature of what this stuff is, when you're dealing with security and the variety of approaches that there can be. That makes it complex. For us, it was relatively new, so there were a lot of challenges there to just learn all the different aspects of it. 

          Which other solutions did I evaluate?

          We did consider other vendors. I wasn't part of the original selection, but it came down to two different vendors, CA being one of them - at the time it was Layer 7. Then we did a proof of concept, so I was involved in that. 

          In the end, it was really no contest. I tell our other people about this: That it was a week long proof of concept and the other vendor, it couldn't complete one use case. In one week, they had three people that they brought on-premise to work on our use cases for the proof of concept, and they couldn't complete any of them. Layer 7, they completed all of the use cases in one afternoon. It was pretty convincing.

          What other advice do I have?

          What's important to us when selecting a vendor, besides the product, the vendor needs to be of significant size to be able to continue to evolve the product. It needs to be able to provide enterprise-level support. We're a large company, so we expect the vendor to provide that backing of their product and SLAs. When we choose a product we don't want it to be a product that comes and goes. We want there to be a clear vision of where it's going, that's important to us. CA was able to demonstrate that to us.

          It's very good in terms of what we wanted out of the product, initially. But now that we've explored and had the product for a while, we expect more. I think it definitely has room for improvement. Some of those things we're seeing here today, or in this week, at the CA World conference, give me some hope that that improvement is going to happen.

          I would advise taking a look at what's available. Clearly, we've had good success with CA API Gateway, but this is a very quickly evolving space. I would encourage them to look at what's out there, what's available. They should prioritize what's important to them, what they're looking for out of the product. Then do a proof of concept to make sure that they feel comfortable, that the product is what they need. Also work with the technical support staff, to make sure that they're comfortable working with them too.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user778629
          Enterprise Architect
          Vendor
          The latest version is less functional than the previous version but security assertions bound to APIs are valuable

          What is our primary use case?

          The primary use case would be services for APIs that we are going to expose either internally, within the enterprise, or at the outside edge of the enterprise.

          What is most valuable?

          Most valuable might be the security assertions, the policy assertions that are able to be bound somehow to the APIs.

          How has it helped my organization?

          We are a company with a rather complex process when it comes to integration of applications. Our expectation - we are only about to get this product into  a productive state so we are not using it productively at the moment - so the expectation is that it will simplify the on-boarding of either internal or external developers when they are using our APIs.

          What needs improvement?

          The solution is divided into their Gateway and to their Developer Portal components. For the Gateway component, our expectation was that it is provided as a Docker image, but it turned out that it was not supported in production up to the version that we are currently using. But the next version is obviously provided as a complete containerized version for production, which is quite good.

          On the other hand, the Portal provides some questions so to speak, at the moment, because as we decided on the product last year, at the end of 2016, and it turned out that CA completely rewrote the Portal solution and the current version of it is not at the level of the functionality of the previous 3.5 version. That's quite a problem for us because we expected some functions in the Portal which are currently not available. Unfortunately, the new version is also not being introduced here at CA World, so I'm somewhat doubtful as to whether it will be provided this year. So it will probably be available only next year.

          What do I think about the stability of the solution?

          We are not in the production state at the moment so I cannot say anything about its stability.

          How are customer service and technical support?

          We have quite good support by the guys from sales support so far but, as I said, as we are not in production yet, we cannot evaluate the normal support services.

          Which solution did I use previously and why did I switch?

          It's a completely new solution for us as we were not dealing with REST-based APIs up to that point, and internally we are used to using SOAP Vitsa-based web services instead, as the major application technology. Now it's more and more moving to the REST-based approach with some kind of mircrosource architecture concepts that are being introduced, so we need to look for another solution or some kind of add-on to a existing integration infrastructure.

          How was the initial setup?

          I was not directly involved but I was on the side getting feedback from the guys who were doing the real set up. It was a mixture out of straightforward implementation or installation and rather complex stuff. We're dealing with a specific installation image that was due to the fact that we were using specific combination of hardware, software and operating system.

          Which other solutions did I evaluate?

          Without naming them, they are the top contenders in the well-known ratings, so the ones that you find there were used as a basis for evaluation and, from then on, we did some deep-dives into the functional capabilities of these products and then decided on a shortlist. Those vendors were then were evaluated by our procurement concerning the financial aspect of the old stuff.

          What other advice do I have?

          When considering the most important criteria when selecting a vendor, of course there are all kinds of functional criteria according to the product that we are evaluating. On the other hand, it's important, of course, that the vendor is stable. And because we are a large company, it is for us important that the vendor also provide some kind of stability due to its size and its footprint internationally.

          Brand name isn't a big consideration for us. On the other hand, you have different analysts' reports that are quite important for us, as we don't have time and budget, from an architecture point of view, to evaluate all existing solutions in detail. So we have to have a starting point, which of course is the analysts' ratings and then, with some products, we usually do some kind of PoC and workshops to find out if they match our requirements.

          I would actually divide my rating into two parts. The CA Gateway solution I would rate at nine out of 10, based on its mature capabilities in all the areas that are relevant for us. On the Portal, I would give only four out of 10 because I actually I don't quite understand the CA market strategy in that area, and the fact that the current version doesn't provide the same capabilities that they used to have with 3.5. There are some major capabilities that we miss there and which have not been introduced in the current 4.x version schemes; we're waiting for that to happen.

          I would advise you plan a thorough PoC with the top two or three contenders on the list to find out about not only the functional criteria on the paper, but also how the product works and looks and feels in real life.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user778611
          Senior Lead Engineer at a tech consulting company with 10,001+ employees
          Consultant
          It has improved the way our company functions by streamlining the effort and getting people out of the process

          Pros and Cons

          • "For developers to be able to come, sign up, or find APIs."
          • "I would like to be able to see the publisher role be able to be organized within organizations, so somebody within that role can only manipulate their particular policies."

          What is our primary use case?

          Primary user case is producing APIs as products, essentially, and creating the environment for developers to sign up to use APIs. 

          It has performed well so far. We just got a test instance installed, and did a PoC earlier in the year. We are more or less just getting started with it. 

          What is most valuable?

          • For developers to be able to come, sign up, or find APIs. 
          • Sign up for the API and start using it in their applications without a Gateway developer having to get involved. 

          How has it helped my organization?

          The benefit of it is being able to create a sense of the API marketplace. It has improved the way our company functions by streamlining the effort and getting people out of the process.

          What needs improvement?

          I would like to be able to see the publisher role be able to be organized within organizations, so somebody within that role can only manipulate their particular policies.

          For how long have I used the solution?

          Less than one year.

          What do I think about the stability of the solution?

          We had some problems getting it installed, but it has been running fine ever since.

          What do I think about the scalability of the solution?

          It is all docker containers. So, it seems to be pretty good.

          How are customer service and technical support?

          The technical support is good, knowledgeable, and responsive.

          They are all friendly to work with and really seem to care about us being successful.

          Which solution did I use previously and why did I switch?

          We were using the API Gateway before. 

          The industry is moving is to be more API-oriented and more self-service oriented, which is why we invested in a new solution.

          How was the initial setup?

          The initial setup was complex. It ran into a lot of problems. It was a new release. It was a 4.1 release. We spent the first day or so, probably almost two days, getting it to accept the proper IP from the DNS name. We ran into certificate problems. Mainly, just the installation script in our particular environment did not work very well. So, instead of what should have taken us a couple hours, or what we planned for a few hours, it ended up taking about three and a half days.

          What about the implementation team?

          I did a PoC in the earlier part of the year. We built out some APIs on that, then we just installed the test instance a couple weeks ago. 

          What's my experience with pricing, setup cost, and licensing?

          Purchase 4.0 now and wait until they flush out the 4.1 problems.

          Which other solutions did I evaluate?

          We evaluated CA and Google. We chose CA because we already had an embedded solution with them and a good relationship. Pricing was also a factor.

          What other advice do I have?

          Most important criteria when selecting a vendor:

          • Reliability
          • Support
          • Pricing.

          CA is a large company. It is not like they are going to go upside down tomorrow. You want to make sure that the company is going to be around for awhile if you are investing in them. 

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user778794
          Technical Principal at FedEx Corporation
          Vendor
          The company partners with us within the account and our organization. The vendor team for our install was lacking expertise.

          Pros and Cons

          • "The Mobile API Gateway is also great."
          • "CA double up portal is a pain. It is something that we are struggling with right now."

          What is our primary use case?

          We have many use cases. We are doing an enterprise install for all CA API management tool searches which are covered under the ELA, Enterprise License Agreement. We have close to a 100 plus use cases that we want to deploy, the next is over a six months to one year timeline.

          What is most valuable?

          There are many things, which are really good, like the Gateway. That's really great and pretty useful. The Mobile API Gateway is also great.

          How has it helped my organization?

          We have not tested it to the extent that we should. Maybe six months down the line we will have a better picture.

          What needs improvement?

          At a high level, I would say the portal is a pain. CA double up portal is a pain. It is something that we are struggling with right now. That is just one of the products which is probably not sufficiently satisfactory. We are struggling to get it installed to be used now.

          It is not a fully-baked product as a whole. So, individual solutions may be good, but they are evolving in their silos. There needs to be wholistic thinking about how each one of these products functions. Each one of these CA products under API management needs to work in synergy, and evolve in a more cohesive, coherent way so we as enterprise we can take it seamlessly without much pain. 

          For how long have I used the solution?

          Less than one year.

          How are customer service and technical support?

          We have not used technical support yet.

          Which solution did I use previously and why did I switch?

          We have ELA with other product vendors, like IBM and Oracle. However, we thought CA might be a good option based on their support within the account. The CA folks who are working, partnering with us within the account and our organization, they have been very reachable and very cooperative.

          So even though we have licenses with IBM and Oracle for the same kind of products, API management, we are going ahead with CA just because of the trust that they were able to build. 

          How was the initial setup?

          It was probably not that straightforward, because the vendor team (CA Services) struggled a bit. 

          What about the implementation team?

          We implemented using CA Services to come and install the software.

          I felt there was a lack of expertise on CA's part, because there are many things within the API management. Maybe the consultant from CA services who came to our organization did not have the experience on all the tools that CA was releasing, which was why the initial setup may not have been straightforward for him. He was good with Gateway, but with the other pieces, he was struggling a bit. It took sometime for him.

          Which other solutions did I evaluate?

          We already have ELA with multiple product vendors. It is a matter of using which one we want and moving forward. 

          What other advice do I have?

          CA is worth trying. It is definitely a key contender in the API management space.

          Most important criteria when selecting a vendor: size and brand value.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user778641
          Senior Engineer at a transportation company with 1,001-5,000 employees
          Vendor
          Streamlines initial set up for single sign-on for web services, save us time

          What is our primary use case?

          Web services authentication. 

          So far so good, in terms of performance.

          What is most valuable?

          Quick response to the setup authentication for web services. That's important to us because we generally don't have a lot of time.

          How has it helped my organization?

          It's separating web services versus web applications, single sign-on. I would say that is the main benefit.

          What needs improvement?

          • More throughput
          • More scalability
          • Better built-in monitoring

          What do I think about the stability of the solution?

          So far stability is pretty good. We haven't experienced lag time or crashes.

          What do I think about the scalability of the solution?

          Scalability is very good.

          How are customer service and technical support?

          I think we have used tech support but the response has been so-so. They need more knowledgeable people.

          Which solution did I use previously and why did I switch?

          We didn't have a previous solution.

          What other advice do I have?

          When selecting a vendor the most important factors for us are 

          • cost
          • validity of the product
          • stable product

          It's a very good product to use to initially set up single sign-on for web services authentication.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          SC
          Cyber Security Advisor
          Real User
          The Gateway Migration Utility is a pretty good tool to use. Overall, this solution is not easy to integrate with others​.

          What is our primary use case?

          Our primary use case is to enable our customers who are on the Internet. We want them to access our protective web series behind a corporate firewall. To do that, we like to use the OAuth ToolKit within the CA API. It can minimize the password exposure by generating a token using the ToolKit, then use the token to make the web services calls to our protected back-end services.

          What is most valuable?

          • The ToolKit with OAuth Manager
          • The Policy Manager
          • The Gateway Migration Utility (GMU) is a pretty good tool to use.

          How has it helped my organization?

          We are still evaluating it, so I cannot comment much on this. 

          What needs improvement?

          I would like to see more documentation. The current documentation is there, but we do not find it very useful. For example, we wanted to integrate with PingFederate TV provider and there was not enough information to customize the way we wanted. It took a lot of effort and we had to reach out to the Gateway folks to help us out on how to do that customization. Thus, it is not easy to integrate with other solutions.

          For how long have I used the solution?

          Still implementing.

          What do I think about the stability of the solution?

          It is pretty stable. We have not seen any issues, anywhere, where we need to restart.

          What do I think about the scalability of the solution?

          We are still doing a PSA, so we will have to see how it scales once we ramp up volume and we roll out to the production with real life traffic.

          How is customer service and technical support?

          We engaged an architect from CA. They were pretty good.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user778536
          Senior Associate at a financial services firm
          Vendor
          As a financial services company, the security it provides is key for us

          What is our primary use case?

          We use it for security.

          So far so good. We have our own challenges - some monitoring and some performance related things - but at the same time, I think it's pretty good.

          What is most valuable?

          The security that it provides, actually. Being in the financial services industry, obviously security is very important for us.

          How has it helped my organization?

          I'm part of an engineering team so this product coming with out-of-the-box security, that is valuable to our organization.

          What needs improvement?

          We are evaluating the next release, actually. We would like to see more stability.

          What do I think about the stability of the solution?

          It needs to be a bit more stable. I think they see that, as Support is working on that. We have our own challenges related to the stability. For example, the log space filling up the entire disk because of gateway went down. CA is aware of this issue.

          But otherwise, as I said, we have had a pretty good experience with the product.

          What do I think about the scalability of the solution?

          We do not use it on a massive scale at this point, so it's pretty good.

          How are customer service and technical support?

          It's pretty good. It's been a fruitful experience so far.

          Which solution did I use previously and why did I switch?

          We were transitioning from another product, DataPower. We switched because of the native support for APIs in API Management.

          Which other solutions did I evaluate?

          We didn't consider any other vendors.

          What other advice do I have?

          What's important to us when selecting a vendor, support is the most important factor.

          I would tell anyone who is researching this type of solution to go for API Management.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user778503
          Software Engineer at a tech services company with 10,001+ employees
          Consultant
          It scales really well and does a lot of load balancing

          Pros and Cons

          • "You can create little, custom Java assertions that you can insert to do your business logic, which might not be covered by the commercial product out-of-the-box."
          • "More developer focused tools. They have a nice debugger inside of the program, but when you are developing code with their policies, it is tough to visualize that sometimes as a developer."

          What is our primary use case?

          Our primary use case is to host a handful of different API services for the consumers of our customer. We build and maintain several of those APIs right on the Gateway using their policies. We use it to kind of proxy request through to Java services and other things that we have created.

          What is most valuable?

          The extensibility of it. It can do a lot of things. You can create little, custom Java assertions that you can insert to do your business logic, which might not be covered by the commercial product out-of-the-box. 

          How has it helped my organization?

          I like the extensibility of it. It can do a lot of things. You can create little, custom Java assertions which you can insert into your business logic. This might not be covered by the commercial product out-of-the-box. 

          What needs improvement?

          More developer focused tools. They have a nice debugger inside of the program, but when you are developing code with their policies, it is tough to visualize that sometimes as a developer. So, tools that are a little more focused on rapidly creating those policies would be beneficial.  

          For how long have I used the solution?

          One to three years.

          What do I think about the stability of the solution?

          We actually started with this product a few years back. It is definitely improved significantly since then. I think the amount of releases and bug fixes that they have pushed out have really helped.

          What do I think about the scalability of the solution?

          The scalability has been great for us. We have consumers that range from 10 to 20 users upwards to 1000s of users. Thus, it scales really well. It does a lot of load balancing and other nice, little technical tricks that help smooth out requests which come in.

          How are customer service and technical support?

          They have come in sometimes to do onsite training when we requested it. For the most part, when we have technical problems, they are very responsive. They get it down to the developers quickly, who understand the problems and they work with us to get those fixes in their next release if it is something that is a bug or help us work around it. 

          Which solution did I use previously and why did I switch?

          When we first started on the Gateway, it was a different company, then CA bought it. The difference from that other company, which might have been a smaller company, from there to CA has just been the responsiveness and that extra level of training and other support that we are getting from CA. 

          How was the initial setup?

          I have been involved in deploying this product in several of our different environments from the ground up as well as in the upgrade process. From the CA part of it, everything has gone smooth. The problems are always on our side with our environments. I think the Gateway itself is a very simple product to get up and running and their upgrade process is good as well. There are a few little tricky things here and there like with everything, but for the most part, they continue to work to adjust it. 

          What other advice do I have?

          It is better than similar Gateway products that I have used in the past. Again, that flexibility really lends itself to us, and our program, a lot. However, there are certainly some areas for continued improvement and it seems like they are going in the right direction, so hopefully that continues. 

          Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
          it_user760710
          Development Manager API Management - Digital Technology Services at a energy/utilities company with 10,001+ employees
          Vendor
          Provides key, up to date information to our customer-facing engineers but ease of use needs improvement

          What is most valuable?

          It's a secure product that allows us to expose API and lock down to only those devices and individuals which have the verified rights to access.

          How has it helped my organization?

          • Secure access to customer records – secured device, only access when in correct postal code area.
          • Provide key, up to date information to engineers when engaging with customers.

          What needs improvement?

          • Ease of use
          • Ability of development and ops teams to expose and manage their own API

          For how long have I used the solution?

          30 months.

          What do I think about the stability of the solution?

          No issues with stability.

          What do I think about the scalability of the solution?

          Cost and licencing model restrictive for auto scaling.

          How are customer service and technical support?

          Seven out of 10. Not as focused on ensuring that the issues are fully resolved as I would like.

          Which solution did I use previously and why did I switch?

          No. Selected after extensive "beauty contest."

          How was the initial setup?

          Complex to set up and operate. Requires deep understanding of networks, security, as well as API management.

          What's my experience with pricing, setup cost, and licensing?

          Consider if you need this advanced tool to undertake simple API management. Costly solution which is designed for heavy duty and complex work.

          Which other solutions did I evaluate?

          Apigee.

          What other advice do I have?

          Consider if the product is needed – there are cheaper, less complex solutions out there.

          Consultancy costs for CA should be considered – worth the money as it saves time (and therefore cost) with configuration.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user607752
          Senior Consultant
          Consultant
          You Can Expose APIs With An Advanced Authentication Mechanism

          What is most valuable?

          Its simplicity; and it's user friendly. Advanced Authentication and Security features. Ability of Gateway to create API on the go with compatibility to integrate with all Blackened Systems (MQ native, JMS, SFTP, HTTPS, SCP, Windows/Oracle, LDAP, etc.).

          What needs improvement?

          Improvement in developer portal customization.

          For how long have I used the solution?

          Eight years.

          What do I think about the stability of the solution?

          Not yet.

          What do I think about the scalability of the solution?

          No.

          How are customer service and technical support?

          8 out of ten.

          Which solution did I use previously and why did I switch?

          The only solution I use is CA APIM and it’s the best. I haven't even thought
          of switching into another one.

          How was the initial setup?

          Very easy.

          What's my experience with pricing, setup cost, and licensing?

          Depends on the client's requirements.

          Which other solutions did I evaluate?

          Yes, IBM and Apigee.

          What other advice do I have?

          CA APIM is the best product in the market. With API Gateway, you can expose
          APIs with an advanced authentication mechanism and security, within days.

          Disclosure: My company has a business relationship with this vendor other than being a customer:
          it_user667791
          Lead Infrastructure Architect with 11-50 employees
          Real User
          The most valuable features are API Enhanced Portal 4.1 and API Gateway policy manager for writing policies

          Pros and Cons

          • "API Enhanced Portal 4.1 looks very promising. API Gateway policy manager for writing policies is excellent. It is the best in the industry for policy writing."
          • "It is not possible for clients to migrate to a newer version."

          What is most valuable?

          API Enhanced Portal 4.1 looks very promising. API Gateway policy manager for writing policies is excellent. It is the best in the industry for policy writing.

          How has it helped my organization?

          CA is the first in the market from the time they acquired Layer 7. They deliver the best API Management solutions.

          From 2012, our clients evolved a lot from API Management perspective after using CA.

          We are able to expose mission critical APIs to the external world, monetize them, and generate revenue from them in the most secure manner.

          CA also drastically improved the capabilities from Gateway, Portal, and OAuth perspective in the last couple of years. This adds more value to our API Management wing.

          What needs improvement?

          CA API Portal 3.5 does not support Swagger documentation. If they were to support that, it would be great. However, their focus is on a newer, enhanced version of their API Portal 4.1 Release. However, it is not very mature and there is no direct migration available in the near future. It is not possible for clients to migrate to a newer version.

          CA might lose clients mainly for this reason (Swagger Support on API Portal 3.5), unless they develop seamless migration utilities from API portal 3.5 to 4.1.

          For how long have I used the solution?

          I have used CA API Management from 2011, when Layer 7 had not yet been acquired by CA.

          What do I think about the stability of the solution?

          From an API Portal 4.1 perspective, I did encounter multiple issues.

          What do I think about the scalability of the solution?

          From an API Portal 4.1 perspective, I encountered scalability issues. They confirmed that they are working on it and in the very near future, it will be available.

          How are customer service and technical support?

          CA has very good API Management support. They are very helpful.

          Which solution did I use previously and why did I switch?

          We didn’t use a solution before this one. CA is the best in the market in terms of stability, scalability, and policy development. They are the best at achieving custom scenarios related to clients (customization) in all perspectives, besides the current API Portal 4.1, as it is not yet matured enough. There is nothing to worry about in the 4.1 portal.

          How was the initial setup?

          The initial setup was straightforward. CA documentation is pretty clear for anything to do with CA products. They are masters in this industry.

          What's my experience with pricing, setup cost, and licensing?

          If the CA pricing for API management would be a little lower, they would be able to cover a broader market.

          Which other solutions did I evaluate?

          I don’t remember the story from 2011, but very recently I did an analysis of MuleSoft, Google, AWS, Apigee, and WSO2. WSO2 came in first, and CA standards came in second.

          What other advice do I have?

          Follow CA documentation thoroughly.

          Disclosure: My company has a business relationship with this vendor other than being a customer: We are CA Partners for Security Management products.
          ITCS user
          Associate Vice President at a financial services firm with 10,001+ employees
          Vendor
          ​Go ahead. A very good product and a market leader in its segment.​

          What is most valuable?

          Live API Creator.

          How has it helped my organization?

          The simple REST based APIs can now be delivered in hours which took days previously.

          What needs improvement?

          The product shouldn’t require to be connected to a server for doing development.

          For how long have I used the solution?

          Six months.

          What do I think about the stability of the solution?

          No.

          What do I think about the scalability of the solution?

          No.

          How are customer service and technical support?

          Good.

          Which solution did I use previously and why did I switch?

          No.

          How was the initial setup?

          Very easy.

          What's my experience with pricing, setup cost, and licensing?

          Not sure on that front.

          Which other solutions did I evaluate?

          Mashery and IBM.

          What other advice do I

          What is most valuable?

          Live API Creator.

          How has it helped my organization?

          The simple REST based APIs can now be delivered in hours which took days previously.

          What needs improvement?

          The product shouldn’t require to be connected to a server for doing development.

          For how long have I used the solution?

          Six months.

          What do I think about the stability of the solution?

          No.

          What do I think about the scalability of the solution?

          No.

          How are customer service and technical support?

          Good.

          Which solution did I use previously and why did I switch?

          No.

          How was the initial setup?

          Very easy.

          What's my experience with pricing, setup cost, and licensing?

          Not sure on that front.

          Which other solutions did I evaluate?

          Mashery and IBM.

          What other advice do I have?

          Go ahead. A very good product and a market leader in its segment.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          ITCS user
          Senior Consultant at a tech services company with 51-200 employees
          Consultant
          Manages and secures APIs

          Pros and Cons

          • "It is flexible in how it creates custom policies and uses builds with impressive methods."
          • "Provide complete documentation with examples of usage on its build in assertion/function."

          What is most valuable?

          It's a purveyor of tools for managing and securing APIs. It is flexible in how it creates custom policies and uses builds with impressive methods.

          How has it helped my organization?

          We implemented few Layer7 project to various organizations. Most of them just use it as a 'proxy' for policy checking. For example, limit the number of access attempts on specific page from the same IP for a specific duration.

          Other clients use it for logic flow, to create a workflow integrated with the Australian government's MyGov framework, which is beyond just security checks.

          What needs improvement?

          Some of the common useful functions/assertions (e.g., JWT encoding/decoding) are only available in other CA products. The client needs to purchase and install those products in order to make it available for Layer 7. I don't think it is justified to maintain another product that is not really needed, in order to have just one function. If those common, useful functions could be part of the core Layer7 product, that would be great.

          Provide complete documentation with examples of usage on its build in assertion/function.

          Easier to find documents (e.g., cluster setup).

          For how long have I used the solution?

          We have been using this solution for two years.

          What was my experience with deployment of the solution?

          • When more than one developer is working on separate policies, it is hard to export, import, and merge the policies to other parties
          • When migrating to different environments
          • When integrating with SVN/Git: This is not well documented

          What do I think about the stability of the solution?

          There were no stability issues. It is a very stable and mature product. So far, there have not been many complaints from clients regarding the stability.

          What do I think about the scalability of the solution?

          Scalability performance has always been an issue. It behaves slowly when communicating with Windows-based servers (e.g., F5 load balancer or DB server, as compared to when communicating with a UNIX server.)

          How are customer service and technical support?

          Customer Service:

          Customer service provides good and fast responses. They help a lot when problems occur. They always respond in a timely fashion.

          Technical Support:

          Technical support provides good and fast responses. They help a lot when problems occur. By the way, the forum is also helpful for self-service.

          Which solution did I use previously and why did I switch?

          We didn't use other solutions before this one.

          How was the initial setup?

          The setup was simple, as it comes with the OVA file. It reduced a lot of time and problems in the deployment. The main focus is on integration with client's exiting infrastructure, instead of setting up Layer 7.

          What about the implementation team?

          We are the vendor. I have worked on this product for more than two years and implemented it in at least three organizations.

          What was our ROI?

          We are the vendor and we implemented it for clients. We do not use it for ourselves. We are not aware of the ROI.

          What's my experience with pricing, setup cost, and licensing?

          The pricing and licensing issues are done by other staff members. I have no idea on how much it costs or what the pricing structures look like.

          Which other solutions did I evaluate?

          I believe the company already did a lot evaluations with other similar products.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user457872
          Head of Sportsbook Delivery at Gala Coral Interactive
          Vendor
          It's a great tool, it's a great product. It's good for us because it does specifically what I need it to do.

          What is most valuable?

          In our context, we have a number of REST APIs that we had to expose, a number of partners, internal users, as well as external partners who wanted to basically integrate cleanly and quickly, but didn't want to do five independent integrations into each API, so the CA tool allows us to effectively wrap those APIs into a common interface, so you can make one call and then the gateway will go away and make the other calls for you. That is the primary goal was that and the tool does that for us.

          What needs improvement?

          What it allows us to do is it's more time to market than the value, actually, so a lot of our affiliate marketing teams, they go and engage with the vendor's affiliates, effectively, and they want a very quick, clean solution to get a lot of customers in, place a bet, see their bet history and then log out and tap on and move on to do something else. What this allows us to do is that, whereas previously, I would have had to a specific project team, they would take two or three months to do an integration, now you can do that in a matter of weeks. You can realize the value of a commercial relationship very quickly.

          What do I think about the stability of the solution?

          Once it goes live, it's very stable, clearly, it's as stable as your infrastructure or authority or testing is, but once it goes live, as long as you sort of adhere to all the policy management, and make sure you're progressing code, you're testing it correctly, once it goes live it's pretty stable. We've not had any failures with it in the year and a half that it's been live, and it's very stable. From a performance perspective, it's great. You can throttle, you can do rate limiting, so it's very flexible for us.

          How are customer service and technical support?

          It's been very good as we need them, thankfully we haven't had much call to call them up, because it's been stable, but we call them up for platform upgrades, when we went from version 7 to 8 and 8 now through to 9. As we need assistance, we raise a ticket. They're very responsive, they're very thorough in what they come back to us with, so they've been a really good partner for us.

          Which solution did I use previously and why did I switch?

          The trigger, effectively, was that we had a partner, we'd done a commercial deal. The partner wanted to integrate, we wanted to integrate with the partner, but the partner had a legacy sort of application that they weren't able to do this integrating to five APIs. They wanted one interface, and they didn't want to on-board any of the logic, they wanted that to be done somewhere else, hence the CA API Management tool that does that for us. They make one call, it goes away, does all the connections, all the session affinity, with all the underlying APIs, and that partner can just make the calls as they want. They deployed it on desktop, on tablet, mobile's coming as well now, and we use it for other partners as well.

          What about the implementation team?

          We had a very short time for it to get it done, so I dealt with CA, we managed to do the deal for the software. They put us in touch with a partner called Smart, Smart421 in the UK. We had a very high-level discussion about what my requirement was, the platform that we have, what I needed to wrap, which calls, so we did a lot of preparation in advance, and then they came on-site, and within two weeks we had a working API. We'd wired together the underlying platforms to build this API that was then sent to the first vendor. Very clean, very slick. As with any IT project, as long as you are prepared, you've done your homework, you know exactly how to lead the implementation, what to take the vendor through, then it works very well.

          Which other solutions did I evaluate?

          Partly it's obviously the reputation of the vendor, it's the support structures, it's the partners that they deal with. If they put you in touch with a partner to install the software, what is the calibre of the partner that they're dealing, and that reflects on them as an organization. Their licensing structures, how flexible they are to deal with you, these sorts of things. We also looked at Mashery and Apigee.

          We chose CA API Management as it was better licensing model, it was better cost model for us. I wanted that product. I'd previously worked in an organization with they'd bought what was in the Layer 7 product, and so I had an understanding of the product, I had an understanding that it had been used in my industry. I knew that it would work, because I'd seen it done before, so those things were quite key for us.

          What other advice do I have?

          Break it into small chunks, so what we did was we had a very defined use case, and we could have gone to a much larger project, but the ideas was to focus on the component that we were after, what we had to go and deliver, break that down, get it working, and then that gives the business more confidence to then invest in it further, future phases, and we just broke it down to that. We were able to very quickly deliver something of value, and that then allows you to move on from there, as opposed to doing the full solution first up, and then we could have failed on the way through, the requirements could have changed, but it was better for us, and it's something I recommend that you just break it down.

          I give it a nine. It's a great tool, it's a great product. It's good for us because it does specifically what I need it to do. The only area I'd say there could be some improvement is some of the documentation perhaps, some of the release notes are not the best. I think they're trying to brush things up and make it better, so it's improving all the time, but initially when we first started seeing some of the interface and some of the documentation it was quite confusing, but then we have a partner that takes the pain, I suppose, for that. Buy the tool. It's fantastic.

          What are the key digital priorities and initiatives in your company?
          The key things for us is on-boarding affiliates, partners, as quickly as possible, for their customers, or our customers who bet through them, to leverage those relationships, leverage those customers to allow them to bet with us. API Management for us at the minute has been around in having a clean interface for these guys to be able to quickly integrate with us, and then we can very quickly get them up and running, and it's a commercially beneficial arrange for us.

          Are you considering upgrading in the future?
          We're investigating options as with most industries, omni channel is the big thing now, so we're investigating how we could use this in an omni channel perspective to wire up our other parts of the business, so that's something we may consider. Part of the show, there are developer portals to making it easier for developers, third parties, to actually interact with us. The current product, the gateway product, doesn't have a portal, so effectively I have to document how to integrate, and then every time I make a change, I have to then email the document out to all of my development partners, whereas if I had the developer portal, they can then just go log in themselves, register themselves, they get their own API keys, all that stuff's taken care of, so those things are quite interesting for me and for our partners.

          Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
          AS
          Practice Lead at a tech services company with 11-50 employees
          Real User
          The solution kits are customizable. We can implement micro-services architecture.

          What is most valuable?

          Although a lot of features come handy, the most usable feature is that solution kits are customizable. We were able to cater to a large variety of implementation and customizations with ease.

          How has it helped my organization?

          We have developed frameworks around this product set. It provides the ability to customize and has tremendous depth.

          The frameworks are configuration driven, which gives the ability to implement micro-services architecture with ease and provides DevOps agility in terms of continuous deployment, etc.

          What needs improvement?

          The feature set is quite diverse and community driven, which is a good avenue to promote future features into this product.

          The policy manager UI shows signs of aging, but it is not a must.

          Policy manager is probably built using Java SWING, it has all the features, but loses some points on the look and feel, compared to some new generation IDEs.

          It would be nice to see the PM revamped and some additional features added, such as step debugging for encapsulated assertions etc.

          For how long have I used the solution?

          I have been using CA API Management for five years.

          What do I think about the stability of the solution?

          We have not had any issues with stability.

          What do I think about the scalability of the solution?

          We have not had any issues with scalability.

          How are customer service and technical support?

          I would give technical support a rating of 10/10.

          Which solution did I use previously and why did I switch?

          We did have a previous solution, but the lack of a feature set, only cloud-based implementations, and lack of customizations drove us towards CA.

          How was the initial setup?

          The setup was very simple and straightforward.

          What's my experience with pricing, setup cost, and licensing?

          It is definitely competitively priced. Working with your local AM can help you achieve a pricing level that’s suitable to your needs.

          It comes with many options, so do discuss your future roadmap with a CA Solution Strategist to advise you on the proper model.

          Which other solutions did I evaluate?

          We looked at Apigee, Mashery, IBM, MuleSoft, WSO2, and others.

          What other advice do I have?

          • The product is feature rich and can solve a myriad of use cases.
          • We have noticed that building frameworks on the product set, with the help of a senior architect who drives the adoption early on, is a key. They can help create reference architecture for your organization that pays dividends in the end.
          • Aim for CA certified resources or partners for a good quality solution.
          Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
          it_user631233
          VP Of IT Development at a tech services company with 1-10 employees
          Consultant
          We have secured APIs, exposing them to the international and domestic partners.

          What is most valuable?

          • Availability of Security Assertions: Addresses all the industry security standards
          • High Flexibility: Allows policy-driven orchestration and security mediation, in a drag-and-drop manner

          How has it helped my organization?

          Thanks to this product, we have successfully secured SOAP and REST APIs and exposed them to international/domestic partners using the standard industry protocols.

          What needs improvement?

          The Policy Manager UI is very busy. It lacks a graphical representation for the flow of the assertions that can significantly improve the clarity of the policy. Thus the Policy Manager UI can be improved in terms of usability. For example, instead of policy assertions in the policy being in a line by line form, it could be represented as graphical flow, similar to how Vordel Gateway does it.

          For how long have I used the solution?

          I have used this solution for six years.

          What do I think about the stability of the solution?

          We have not experienced any stability issues. The product has been very stable.

          What do I think about the scalability of the solution?

          The CA API Gateway solution is highly scalable. It is very easy to add more nodes to the cluster, which increases the processing power.

          How are customer service and technical support?

          The technical support is excellent and very timely. The engineers are extremely knowledgeable, not only in regards to the product, but also in terms of the protocols and standards that are used by the product.

          Which solution did I use previously and why did I switch?

          We were using Vordel Gateway, but it lacked the flexibility and integration capabilities that CA API Gateway provided at the time.

          How was the initial setup?

          The initial setup was very straightforward. CA has clear and concise documentation to walk you through the initial setup process for both simple and complex deployments.

          Which other solutions did I evaluate?

          Vordel Gateway and IBM DataPower. Both these solutions were evaluated from our end, before CA API Gateway was selected.

          What other advice do I have?

          You should read the documentation.

          Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
          it_user558069
          Integration Platform Manager at a comms service provider with 1,001-5,000 employees
          Real User
          The Gateway is our strategic front door into the company for all APIs.

          Pros and Cons

          • "The Gateway is most important because it is our strategic front door into the company for all APIs."
          • "As well as the SOA Gateway - that is, the API Gateway; we call it the SOA Gateway - we also are now deploying the developer portal component of the SOA Gateway. That has limitations."

          What is most valuable?

          The Gateway is most important because it is our strategic front door into the company for all APIs.

          How has it helped my organization?

          The API Gateway for us is now, or is about to be, our central one way in. We have many, many partners who resell our communications services. They provision those services through our systems.

          Previously, we would just host it on a number of different application servers, uncontrolled if you like, not as secure as they should have been.

          You probably don't know, 18 months ago we had a large security breach, which turned into a large issue with the national press. We now use the Gateway for that single point of entry for all of our API traffic.

          What needs improvement?

          As well as the SOA Gateway - that is, the API Gateway; we call it the SOA Gateway - we also are now deploying the developer portal component of the SOA Gateway. That has limitations.

          There are two main ways to offer web services to the outside world at the moment. One is RESTful services and one is SOAP-based services. We are predominantly a SOAP service company and the support for SOAP-based services are very limited, almost poor, in the developer portal. All CA's investment is around RESTful services, which is a problem for us.

          I would also simplify threat protection, I would improve SOAP support, and I would reduce Professional Services rates. Apart from that, everything's pretty good.

          For how long have I used the solution?

          We've been using the solution for two and a half years.

          What do I think about the stability of the solution?

          It is very good in terms of stability and functionality, it just lacks a little bit in terms of SOAP services.

          What do I think about the scalability of the solution?

          We're only receiving 200,000 calls a day at the moment, and we're increasing that to about 1,000,000 calls a day, which is a lot of traffic compared to some customers but I'm sure it's not much compared to others. The performance is fine.

          How are customer service and technical support?

          We raised a couple of tickets which just went through the standard process and we got a really poor response. But then I contacted the account manager and we got an excellent response and service.

          In terms of the ultimate outcome and the service we receive now, I'd rate it really high, you know, 8 or 9 out of 10. But there's been one incident in particular which I would rate down at 2 or 3 out of 10. The way I feel now, I would rate it at an eight or a nine, mostly a nine. There was one incident which did not go through the account management team, which was not optimal.

          The one incident which I would rate very low was just a really unprofessional, incorrect response. As soon as the account manager saw it, he was very apologetic. He got it all sorted out, no problem. They know about it and our account guys know about it. I think the support team know about it. I don't really think it's worth bringing it up again.

          Which solution did I use previously and why did I switch?

          We introduced the API Gateway. I wasn't here at the time, by the way, but we didn't use anything in terms of that. We bought it really for our protection and security capabilities. So the main thing is the API, the whole API management piece. We did go out to tender; we invited about six, or evaluated about six, different solutions and selected CA.

          How was the initial setup?

          I wasn't here for the setup.

          What other advice do I have?

          I would say CA are a good company to work for. I would say that the Professional Services people are fairly expensive but pretty good. I would say that the Gateway is a good tool but you need to be careful of the limitations for SOAP services. Also try and get over to CA World because that's good fun.

          Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
          it_user502011
          Senior Java Developer/ Solution Architect at a financial services firm with 501-1,000 employees
          Vendor
          It provides a simple way to create REST APIs and easy integration with REST and SOAP service. It requires a lot of specific coding for medium-complexity use cases.

          Pros and Cons

          • "It has its own language, which make it possible to design and implement the complete flow using existing services and databases, and to create and aggregate fine-and coarse-grained APIs."
          • "I feel there is a lot to improve in terms of providing plug-and-play functionalities, as at the moment it requires a lot of coding in their specific language for implementing a medium-complexity use case."

          What is most valuable?

          It provides a simple way to create REST APIs. It provides easy integration with REST and SOAP services. It has its own language, which make it possible to design and implement the complete flow using existing services and databases, and to create and aggregate fine-and coarse-grained APIs.

          How has it helped my organization?

          We have used it as the top layer in physical infrastructure architecture and made that available to mobile, iPad and desktop applications. Basically, it worked as a single point of contact for all applications via HTTP protocol as a communication channel. Underneath, it is aggregating a plethora of REST and SOAP services and connections to LDAP, AuthMinder, RiskMinder and SiteMinder for authorisation and authentication.

          With it, we provided an enterprise solution for authentication and authorisation for all internal and external application in a quick and efficient manner using existing SOAP and REST services.

          What needs improvement?

          I feel there is a lot to improve in terms of providing plug-and-play functionalities, as at the moment it requires a lot of coding in their specific language for implementing a medium-complexity use case. It needs to improve the user interface for logging and monitoring. There is no test framework for the APIs, which is a setback. And with respect to providing an end-to-end API management solution, where the API will be charged per usage from the client, configuration is not that easy and straightforward.

          For how long have I used the solution?

          I have used it for more than a year.

          What was my experience with deployment of the solution?

          We had a lot of deployment issues, as it does not provide seamless, continuous integration and deployment to different environments.

          What do I think about the scalability of the solution?

          Not really, Performance wise it is quite competitive .

          How are customer service and technical support?

          Customer Service:

          Satisfactory

          Technical Support:

          I would rate technical support as satisfactory.

          Which solution did I use previously and why did I switch?

          Previously, we chose to use CA-provided solutions (AuthMinder and RiskMinder), which includes (JSP-based) user interfaces. Also, because we have to make our own designs (RIA-JavaScript-based), that’s how it came into the picture.

          How was the initial setup?

          Initial setup wasn’t straightforward.

          What about the implementation team?

          We implemented it along with a vendor team. I would advise preparing an in-house team by providing it with a week or two of training, and then get an expert from CA for several months to provide the consultancy and solutions to the team and to resolve their issues.

          What's my experience with pricing, setup cost, and licensing?

          One of the reasons for choosing it was that we were already using CA products, such as SiteMinder. It provides easy integration with SiteMinder, and because both are CA products, we therefore expected better support.

          Which other solutions did I evaluate?

          Not really , as we were already using CA products like Siteminder , since layer 7 is also a CA product and provide seamless integration with the product thus we chose Layer 7 in first place .

          What other advice do I have?

          I would advise also evaluating Apigee API management if you are looking for an end-to-end API management solution. Otherwise, CA API Management is not a bad choice.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          Sekar Purushothaman
          Sr. Systems Engineer at a hospitality company with 1,001-5,000 employees
          Real User
          We were able to market our mobile app products with their security features.

          What is most valuable?

          Time to market Ease of use Strong support

          How has it helped my organization?

          We were able to market our mobile app products with their strong security features.

          What needs improvement?

          There is a need for the migration of policies, better reporting, and monitoring integration.

          For how long have I used the solution?

          I have used this solution for two years.

          What do I think about the stability of the solution?

          There were no stability issues so far.

          What do I think about the scalability of the solution?

          I did encounter scalability issues. I wish they could extend the MySQL replication to multiple nodes.

          How are customer service and technical support?

          The technical support provided is the best.

          Which solution did I use previously and why did

          What is most valuable?

          • Time to market
          • Ease of use
          • Strong support

          How has it helped my organization?

          We were able to market our mobile app products with their strong security features.

          What needs improvement?

          There is a need for the migration of policies, better reporting, and monitoring integration.

          For how long have I used the solution?

          I have used this solution for two years.

          What do I think about the stability of the solution?

          There were no stability issues so far.

          What do I think about the scalability of the solution?

          I did encounter scalability issues. I wish they could extend the MySQL replication to multiple nodes.

          How are customer service and technical support?

          The technical support provided is the best.

          Which solution did I use previously and why did I switch?

          Initially we were using MuleSoft Enterprise Service Bus (ESB) before we switched to CA API Management.

          How was the initial setup?

          The setup was straightforward.

          What's my experience with pricing, setup cost, and licensing?

          CA has great pricing for gateways, so negotiate with your sales team.

          What other advice do I have?

          Make sure you involve networking, security, and other infrastructure teams for the implementation.

          Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
          it_user637836
          Application Integration Developer I at a financial services firm with 1,001-5,000 employees
          Vendor
          The built-in routing platform is the most valuable feature.

          What is most valuable?

          The built-in routing platform is the most valuable feature. It is easy to use.

          What needs improvement?

          There is a need to automate the process of retrieving the SSL certificate when it has expired. Currently, the product doesn't have this feature automated. It is only manual.

          For how long have I used the solution?

          I have used this solution for two years.

          What do I think about the stability of the solution?

          There were no stability issues.

          What do I think about the scalability of the solution?

          There were no scalability issues.

          How is customer service and technical support?

          I am very satisfied with the level of technical support.

          How was the initial setup?

          The setup was straightforward. I started using the product after it was already built-in.…

          What is most valuable?

          The built-in routing platform is the most valuable feature. It is easy to use.

          What needs improvement?

          There is a need to automate the process of retrieving the SSL certificate when it has expired. Currently, the product doesn't have this feature automated. It is only manual.

          For how long have I used the solution?

          I have used this solution for two years.

          What do I think about the stability of the solution?

          There were no stability issues.

          What do I think about the scalability of the solution?

          There were no scalability issues.

          How is customer service and technical support?

          I am very satisfied with the level of technical support.

          How was the initial setup?

          The setup was straightforward. I started using the product after it was already built-in.

          Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
          it_user635433
          Architect at a tech company with 201-500 employees
          Vendor
          The ability to bridge messaging protocols and transform data enables us to input/output data from/to/through various backend systems.

          What is most valuable?

          • Any-to-any integration.
          • The abilities to bridge messaging protocols and transform data enable us to input/output data from/to/through SOAP, JSON, MQ, JMS, databases, FTP between various backend systems, facilitating business process automation.

          How has it helped my organization?

          We use it to integrate various different customer and backend systems, in order to automate business processes.

          What needs improvement?

          • Patching/upgrading is a manual process and should be automated.
          • Configuration synchronizing between nodes (installation instances of this software) is a manual process and should be automated and simplified.
          • It could use a better dashboard for showing performance metrics (e.g message throughput).
          • Ideally there should be cheaper development/testing (ie. non-production) licenses available to customers.

          For how long have I used the solution?

          We have used the solution for more than five years.

          What do I think about the stability of the solution?

          We did not encounter any issues with stability.

          What do I think about the scalability of the solution?

          We did not encounter any issues with scalability.

          How are customer service and technical support?

          The technical support is quite excellent. Support staff usually respond quickly and are helpful.

          Which solution did I use previously and why did I switch?

          We didn't use any previous solutions in production. We tried different products in the prototyping phase more than five years ago. This one fits our needs the best.

          How was the initial setup?

          The setup was quite straightforward, for experienced software developers. Layer7 Technologies back then provided (for a fee) a week-long on-site training for our staff, including myself. Extended trial licenses (longer than the usual 30 days) were also provided for us to become familiar with the product before we committed to buying licenses.

          What's my experience with pricing, setup cost, and licensing?

          There are now two licensing tiers - Essential and Enterprise - whereas before there used to be only one. Make sure you’re buying the correct one for your needs.

          Which other solutions did I evaluate?

          We evaluated some other options such as IBM WebSphere Message Broker, WSO2 ESB, Oracle ESB, Actional SOAPstation, Fuse ESB / Apache ServiceMix, Mule ESB.

          What other advice do I have?

          Get the proper training for your staff and don’t hesitate to ask CA for help if needed. The product is extensible and CA offers custom solutions. We had some small customer development done for us (for a fee), which was productized in a later version of the product.

          Disclosure: My company has a business relationship with this vendor other than being a customer: In general we’d like to think we work with them as partners, especially when the product is developed in the same city we’re in (the legacy Layer7 Technologies team), but we don’t get any preferred status.
          it_user572838
          Manager, .Net And Mobile Applications Development at a energy/utilities company with 1,001-5,000 employees
          Video Review
          Real User
          We write a policy one time, and then we're just able to just drag it over and reuse it for other things.

          What is most valuable?

          The most valuable features are definitely the security it provides and the ability to code to the roles, so that way, when the people come in, they actually have their roles identified and then, we're able to actually distribute the data through the message, to them. Role usage has really been important for us.

          How has it helped my organization?

          I think the device itself has helped us quite a bit. We're able to do things a lot faster, because of the device. Because we identify the policies, we're able to layer the policies that are already written. People don't have to rewrite code multiple times. We write a policy one time, and then we're just able to just drag it over and reuse it for other things.

          What needs improvement?

          I've used the device since it was the Layer 7 device, and it's come a long way. I think from a mobility standpoint, there's a lot of things that we do, and we have to create our own policies.

          I think the product's getting better every iteration, and they're adding more and more functionality to it, that allows us more reuse.

          I would just like to see where it's going to go through the roadmap, and I think it's got great, great potential.

          For how long have I used the solution?

          We have been using it 8-10 months.

          What do I think about the stability of the solution?

          It's been very stable for us. We're using it as an appliance, so whenever we need to put new ones in, we just download it, implement it, and then just pull over the configuration files for it. It's been very, very stable for us, and the patching's been fantastic.

          What do I think about the scalability of the solution?

          It's definitely a scalable solution, so you can create clusters in production. What we've done is, we got a cluster on our main data center, and then we've got one in our backup data center. Then we can add on to that as we need to, and use the load balancing functionality to scale it indefinitely, as much as we need for our load.

          How are customer service and technical support?

          The support that we've received has been fantastic. We've been able to talk to people everywhere from pre-sales, actual technical people, whenever we need it. Literally, the support team has been 100% behind us. We get stuck on something for a very, very short period of time before they're there to help us.

          They've been easy to contact, not only via the normal contact through the phone number, but even through emails, they're very, very responsive to us.

          Which solution did I use previously and why did I switch?

          I'd used it before, so when we created our mobility team, with me as the manager, I knew that this is the device I was going to have to put in front of all my services in order to make them reusable.

          It was once we'd actually standardized and built everything out, then we made room for the device, so it was just no more than procuring the device, and putting it in place at that point.

          When I’m selecting a vendor, I want to look for somebody who cares about me as a customer. I want to find somebody who actually wants our solution to work. I think the team has been fantastic at that. I look at what other customers think about the support and, have they gotten anything good from their support teams? I look at that.

          I think the last thing that I would look at would be price, to be honest, because I care more about the solution. Is it going to work for us? It's a partnership. When I meet a vendor, and we're actually going to put in one of their tools, or we're going to use a tool, or an appliance or whatever, to help us, then that to me is a partnership, and we're in this solution together. That's what I really, really got from CA.

          How was the initial setup?

          The setup was very easy. We just downloaded the actual VM appliance; implemented that. There are six or seven steps that you do to configure it for the environment. Once we set up our load balancer and stuff, it was up and running and ready for us to use. It's very, very simple.

          The patch process is the same way. All you do is you download the newest version, put it out there, and then just do those six or seven steps, and we're up and running. We can replace it very quickly.

          Which other solutions did I evaluate?

          I did some due diligence. I think you always have to do some due diligence, and I looked at some other products. I don't think any of them met my needs, not as good as this product did.

          What other advice do I have?

          I think it can get better, and it has over the different versions. 9.1 came out, and it offered some more functionality. They've added more products around the solution to make it better, so I think there's always room for improvement. I think it's been very, very stable for us. It's worked every time we've needed it, and it's allowed us to do a lot better for as a company.

          Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
          it_user581829
          Solution Architecture / Digital Architect at a financial services firm with 10,001+ employees
          Real User
          The tool can handle complex security requirements. On-boarding APIs is agile.

          What is most valuable?

          I was doing all B2B integrations. The security features provided by the gateway are really cool. The tool can handle all complex security requirements. On-boarding APIs is very agile and fast.

          How has it helped my organization?

          In my last position, the core services were exposed to the consumers via the ESB layer. They had plenty of issues with protecting those services and keeping the back-end services hidden from their consumers.

          Using this tool helped them to provide a unique endpoint, with no change to the consumers. It allowed them to change their services without affecting the customer interfaces.

          What needs improvement?

          I would like to see this amazing product have the following enhancements:

          • Continue integration and delivery (10 points)
            Currently the tool provides REST APIs, but they are not easy to use. They need to be reviewed and enhanced. The documentation is good, but there are not enough examples.
          • Monitoring and reporting (20 points)
            The Admin dashboard provided by the tool is amazing. However, this doesn't allow the service owners to view their services. The gateway admins are always struggling to provide reporting and monitoring status. We need to provide monitoring and reporting out-of-the-box for the management and service owners. We can do custom development, but not every company has time to do so. The Admin dashboard is not business friendly and it doesn't provide rich reporting features.
          • RAD - Rapid Application Development - Development environment (5 points)
            The policy editor, at first glance, seems complicated and it scares developers. I would like to see it easier to understand. Maybe it could have a visual drag and drop, like with Borland C++ Builder.

          For how long have I used the solution?

          We have been using this solution for eight years.

          What do I think about the stability of the solution?

          I did not encounter any issues with stability.

          What do I think about the scalability of the solution?

          There were scalability issues in Amazon AWS, but not in the private data center.

          How are customer service and technical support?

          Technical support is agile and responsive.

          Which solution did I use previously and why did I switch?

          We weren’t using a solution previously, but alongside of this tool, we were using Apigee Edge and 3scale API Gateways. Each one of them is designed for a different purpose. We were looking at them as complementary products and not as replacements.

          How was the initial setup?

          I was involved in the installation, and it was easy for me.

          Which other solutions did I evaluate?

          We evaluated MuleSoft, Apigee, and 3scale.

          What other advice do I have?

          CA API Gateway provides rich policy sets in regards to XML and REST services. This baby is great for all B2B integrations and it’s a very agile component to set up and use. You can set it up with complex security requirements on your service side in less than an hour. (I am very biased about this. No product can do that at this speed.)

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user558363
          Manager, Information Technology - Integration Technology Engineering at a financial services firm with 5,001-10,000 employees
          Vendor
          We route all our policies and traffic through the gateway. It's reliable.

          What is most valuable?

          The best features of CA API Management are high quality and high reliability.

          How has it helped my organization?

          It provides a centralized security mechanism so that we can route all our policies and all our traffic through the gateway.

          What needs improvement?

          I would like more graphical interfaces for better usability.

          What do I think about the stability of the solution?

          API Management is highly reliable and highly available, so we haven't any problems with it.

          What do I think about the scalability of the solution?

          We haven't had any scalability problems. I don't know how far it can be scaled. We are a mid-sized company.

          How are customer service and technical support?

          I would say that the quality of technical support is moderate. It’s better than some, but not as good as others.

          Which solution did I use previously and why did I switch?

          I don't know if we had a previous solution before going with API Managment. We have a number of CA products. Some of them, we started with the CA product and some of them we started with other products and then switched to CA because of their high availability and high reliability. We are not looking to switch it. It’s nice and stable.

          How was the initial setup?

          I was not involved with the initial setup.

          What other advice do I have?

          Focus on developing a relationship with CA. They have a variety of products and they do a lot of cross selling, so it's important to develop a relationship and figure out how to manage that relationship as you go forward.

          When selecting a vendor, the most important element is relationship.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user558081
          Enterprise Solutions Architect at Logisticare
          Real User
          It provides a front door where we can separate and abstract services from APIs.

          What is most valuable?

          We modified our architecture to focus on microservices. This allows us to have a front door where we can separate and abstract services from APIs. We can use the API Gateway as the entry point to our enterprise. We can actually monetize our services, our APIs, and build a generic integration architecture using RESTful APIs.

          How has it helped my organization?

          It allows us to centralize the triple A functions: authentication, authorization, and audit. It gives us scalability. We can focus on delivery in a hybrid cloud model without exposing any of our back-end services to the market. It's very secure, very powerful, and has a great deal of complex functions that are native in the solution so that we don’t need to write code to do it.

          What needs improvement?

          They are getting there. Docker-based containers are there now, but it is not completed, I think. There are still some gaps between what we currently have and what the Docker model is. We are going for a pure cloud solution, so I want more emphasis on the hybrid model; deployment strategies that allow me to have on-prem and in-the-cloud interactions using the API Gateway, possibly even defining extended VIPs that we can load balance across the two platforms.

          They are moving forward, of course, as they go away from the virtual clients and get to Hazelcast. The roadmap could be a little clear for us because I'm making decisions now for the next generation of architecture. It's a little hard to discern where they're headed.

          What do I think about the stability of the solution?

          The stability is excellent. The product is very good.

          What do I think about the scalability of the solution?

          Their capacity is a lot bigger than we are. We haven't reached a limit or even challenged it yet.

          How are customer service and technical support?

          The support has been excellent for us. We had quite a bit of hand holding to get started as you’d expect with any new technology, especially in an organization like ours, which isn't on the leading edge. We have moved from behind center to the leading edge of technology, as we are using this tool set in the cloud. We are using it with open-source software. We are using virtual machines. There are lots of opportunity here to learn things, and they helped us every step of the way.

          Which solution did I use previously and why did I switch?

          We were using a Delphi application.

          How was the initial setup?

          I wasn't involved. I worked with the technician who adopted the technology. I conducted our schedule and attended all the sessions. I selected the technology for the enterprise. It is complex. It's a complex scenario but it's not cumbersome or overbearing. Anytime you adopt a new architectural model, you are going to have challenges. It's as good as things get when you start dealing with something this complex.

          Which other solutions did I evaluate?

          I was actually brought into my company to define an architecture that takes them forward because they had a very large ball of mud application that was a compiled executable, and they dumped it on file servers all around the country.

          We’re the largest company in our market and the application we have been using is old. I came in and defined a forward-looking architecture. An API Gateway is the centerpiece of any microservices solution.

          We looked at Axway, Forum Systems, and CA API Management. We also looked at IBM DataPower, which really wasn't for us. We had ruled out CA because it was too expensive. Then they came to the table and said, "Why not us?" Then we had that whole conversation. I asked if they could make it affordable, and they did.

          Our most important criteria when choosing a vendor is their ability to carry the feature set, to support its implementation. Clearly price made a difference. They reached out to us with a number we couldn't refuse; so they made it attractive. We were about to pull the trigger on another API solution, and CA met us more than halfway.

          We knew that this technology, which I've used before, was the best in the world. We just didn't think we could afford it. They made it affordable. How could we pass that up? It's absolutely the best technology in this space. There is no doubt about that. That's why we really wanted it, but we didn't think we could afford it. It has been the market dominator forever, and the API Gateway has the most features. It’s the most stable. CA has taken that to the next step. They know how to use the product. Every time we call, somebody's got an answer for us.

          What other advice do I have?

          Clearly this is the solution to have, but you need to have an internal appetite for the upcoming technology. It's not a keep-the-lights-on kind of tool set that would enable you to just turn it on and let it do its own thing. You need to have an administrator who understands it. There are so many opportunities to let it help you that don't come right out-of-the-box and grab you. You need to learn how it enables some of the tips, tricks and traps. Put a good engineer on it and give them the education they need. The device does so much.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user558405
          Programmer Analyst at a healthcare company with 10,001+ employees
          Vendor
          We leveraged the UAR tool kit to design a hospital patient portal. Developers can focus on functionality.

          What is most valuable?

          The most valuable features are reliability and scalability; it's just easy to deploy across our environment. We like those features.

          How has it helped my organization?

          It certainly filled the API management needs of our organization. For example, we were in the process of designing a patient portal for the hospital, and we were able to quickly leverage the UAR tool kit that’s available. The developers didn't really have to think about security, even though in the healthcare industry, security is a big concern. And that was all leveraged from the robust tool kit available in API Management. Taking that heavy lifting away from the developers so they could focus on functionality and we could focus on delivering the secure access they needed, was great.

          What needs improvement?

          It's a great product. Just expand on it. I think CA has done a good job bringing the UI component to macOS; that’s good. And I think they're also doing a web UI version where you can create policies. I believe in the past, they had some limitations of what you could or couldn't do, but they are solving some of those issues.

          CA is the leader in this space. So we look toward them for coming up with best practices to adopt. I'm not really an expert in that area.

          For how long have I used the solution?

          We've had it working for about 4 or 5 years

          What do I think about the stability of the solution?

          We've had it working for about 4 or 5 years now and apart from upgrades, we have never had a problem with outages or components breaking down.

          What do I think about the scalability of the solution?

          We began with just one appliance. Then, as our needs grew, we put in a load balancer. It had multiple VMs talking together, which was fairly easy to do and we never had a problem with that either. From time to time, when we needed to take one server out of the load, it was an easy process; the other servers automatically absorbed the workload. That's a benefit for us.

          How are customer service and technical support?

          We had API Management from when it was still Layer 7. Their people were certainly filling a lot of shoes because it was a smaller company at that point and you would see the eagerness for technical support to jump in, be hands on, and help you all the way through. Now, they try to push us towards the solutions and the consultants a little more. In a bigger organization, getting POs signed is not an easy process and when you want something that could take an hour or two hours to fix, now becomes a bigger hassle.

          Which solution did I use previously and why did I switch?

          When we looked at this emerging API management need seven years ago, we looked at the Gartner recommendations and then looked at our organization’s needs at that time and kind of picked CA right from the beginning.

          How was the initial setup?

          I jumped in to the second or third upgrade, not at the initial setup.

          What other advice do I have?

          I would certainly recommend using this product. We've had a wonderful success story. And we've not had any issues with it. Even when the consultants do come out, they are very knowledgeable. They know the product inside and out and can implement it right on site. That is a plus.

          When selecting a vendor, the interoperability between their different products that we have is important, as well as expandability. Additionally, we want to be able to configure the product to our liking. That helps us adopt it.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user558021
          API Champion at a tech services company with 501-1,000 employees
          Consultant
          It integrates with other solutions that we already have. We can move people around because they already have a basic skill set.

          What is most valuable?

          The best features for us are documentation, the development portal, ease-of-use, and click-to-market. Our API landscape is increasing exponentially and one if the differentiators that allow us to reach our goals is how fast we can get to the market. And our speed-to-market is based on ease-of-deployment and how fast we can iterate and change.

          How has it helped my organization?

          It sets itself apart mainly because it's a bigger product and a bigger company, so it integrates well with other solutions that we already have on-premises. That makes it a lot easier for us to move people around, since they already have a basic skill set. That really helps. The support that we get from CA in general, including the talks, the books and the documentation that explains how to sell from a technical and a non-technical side, really benefits us.

          What needs improvement?

          I would like to see a lot more information about design, such as design thinking and design UX, UI, information about the technology, and the problems it's solving for everyday customers.

          What do I think about the stability of the solution?

          The cloud-based solution that we use right now is stable. We have an on-premise solution as well, which we still have some issues with, but we're still moving forward.

          What do I think about the scalability of the solution?

          Scalability is unmatched. Since it is cloud and AWS backed, if we need more power, we just call it up and it's pretty quick.

          How are customer service and technical support?

          Technical support, including the communities, Twitter, and being able to reach somebody on the phone is phenomenal; it's a good working relationship.

          Which solution did I use previously and why did I switch?

          We have multiple solutions in house. This is the one we choose for now for certain products. There weren't really better products and there's only certain product groups in the market, and we only pick the best-in-breeds. CA was one of them.

          For me, the most important quality in a vendor is technical support. I want support from end-to-end, including documentation, technology, and written materials that I can download and review myself and then reapply.

          How was the initial setup?

          Initial setup was a little bit of both straightforward and complex. We are a large company and have certain scenarios that make things a little bit more complex. CA's always been really good about being right there with us to understand some of our challenges.

          What other advice do I have?

          Dig in really deep, not only from a technical standpoint but also from a design and product standpoint. That's probably the biggest piece of advice that I can give you. If you miss this, you will forget to see the forest through the trees.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user558072
          Infrastructure Middleware Manager at a wellness & fitness company with 10,001+ employees
          Vendor
          Easy development of policies to securely expose APIs to third-party vendors.

          What is most valuable?

          One valuable feature is the ease of development of the policies for the product. It's very easy to have a brand new developer come in and develop a policy to expose our APIs.

          How has it helped my organization?

          It's benefited us greatly in allowing us to expose our APIs to external third-party vendors in a secure fashion.

          What needs improvement?

          I would like to see the GMU, the automated deployment framework, available in some sort of graphical interface. This would allow options, outside of automation, so you could see things graphically.

          What do I think about the stability of the solution?

          The product is becoming more stable as the product has become more mature. At this point, it's a pretty stable product.

          What do I think about the scalability of the solution?

          On the scalability perspective, the product has no issues. It's able to scale out horizontally and vertically and has posed no problem for us. We have a pretty large implementation.

          How are customer service and technical support?

          I have absolutely used technical support. They have been pretty good, especially when more complex issues are escalated. They've got some resources that do a wonderful job in helping us come to a resolution.

          Which solution did I use previously and why did I switch?

          We didn't have a previous solution specific to this. We had some other products where there was some overlap with this product, but none of the products accomplished what this did. We had a specific need.

          There were multiple products that were specialized in different things, but they could do some of the stuff that this product could do. This solution is very narrowly focused on API management.

          How was the initial setup?

          I was involved in the installation and implementation. I think it was lacking some documentation around performance tuning and getting the product operationalized so that it could maintain itself. The documentation is still a little bit lacking in those areas. The documentation is available on demand, or on informal places like community chat groups where you can get information, but as far as in the product documentation itself, it's lacking in those areas.

          What other advice do I have?

          When selecting a vendor, look at the partnership with the company. See if they're able to listen to you about your needs. See if they are able to respond quickly. See that the product provides good value. Work closely with the vendor to make sure you get things set up correctly. If you don't, you'll be very disappointed.

          Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
          Hari Kandalam
          Director of Architecture at a healthcare company with 10,001+ employees
          Video Review
          Real User
          We leverage the solution to make our business services available on the Cloud.

          What is most valuable?

          I work for a major healthcare company, it's amongst the top ten Fortune 500 companies and we've been leveraging CA API Management to make our healthcare business services available on the Cloud. To make them available on the Cloud and to enable our healthcare capabilities to be consumed by different consumers in real time across a plethora of channels.

          We are leveraging CA API Management - we chose it by doing a huge comparison across different competitors. CA API Management helps us to securely consume various services and also the biggest thing has been to do monetization of services. We have certain rules that have been defined where you basically say that this specific healthcare capability is of greater value and we put a dollar amount to it as to which consumers can consume how much and based on its usage and all that.

          CA API Management has been the driver for our digital transformation. It's interesting these days, the entire business is heading towards a completely distributed platform where the consumers are everywhere. You have business to business consumers, you have API management consumers and you have mobile consumers. At the same time, you have data providers that are growing heavily. You have data analytics placed platforms and then companies are heading towards providing helping consumers to make analytics-driven decision. Let the data drive the decision so now you're the middleware industry around microservices is facing its own challenge on how to meet the scores upstream and downstream from these back-end services. That's where the microservices platform, CA API Management heavily helps to make sure that you provide your services on the part.

          What needs improvement?

          With scalability, it comes to resiliency. If you cannot scale you're not resilient. If you're not resilient your performance is worse. If your performance is worse your API and services are not available.

          Fine lines of availability is one of the key criteria's in the industry - 99.99% availability. That means 6 hours downtime in a year, so can you really ensure that everything is interlinked. If we talk about software architecture, quality attributes from these are all interlinked. I would say that eventually, it comes down to your customer satisfaction from there on. So that's our number one goal.

          Right now, scalability is our main goal. Maybe they're not the problems but from the standpoint of onboarding a new API on Layer 7, that's fairly simple. I see that it's an extremely user intuitive and user-friendly software. Our operational personnel who have barely have any experience could get on with it and help the enterprise register as many API's as possible from the get-go.

          For how long have I used the solution?

          We've been using it for the past 2.5 to 3 years. However, now we have come to a point where our scale is growing and organization is unable to keep up with the needs of the consumer so we are constantly working with CA API Management's operational personnel. They are helping us out but these are our challenges to be very honest.

          What do I think about the stability of the solution?

          It is very good software from the standpoint of making an API commercializable and making an API accessible. The security industry is extremely complex, to provide various security capabilities to an API that's fairly simpler. However, we are facing challenges in scaling the CA API Management software so we have seriously faced certain challenges when if your API usage goes beyond a certain limit, say 100,000 transactions per minute, I'm just throwing out a number, I can't provide you the real number but we are facing seriously challenges in scaling, in clustering the CA API Management software and then making sure that we can reliably meet our transactions as your usage grows on the Cloud.

          What do I think about the scalability of the solution?

          It's challenging at this point because the healthcare API marketplace is growing.

          CA API Management has been chosen as the platform for the entire firm so now as the APIs are growing the API management product capability also has to grow. Some of the challenges we are facing is sometimes you have mainframe systems and these mainframe systems are incredibly slow to respond. Now your product has to be capable of keeping your response times open for that duration, so that's one challenge. The ability to scale up, we face that beyond 90,000 or 100,000 transactions, the product has this limitation and it cannot scale. We are seriously facing challenges around response time per transaction and our business demands .1 milliseconds of response time. However, we are seriously reaching up to 3 seconds for some of it. I think internally we have to make this serious call around leveraging CA API Management for certain kind of transactions. Maybe segregate the platform so there are different architecture strategies for it, different approaches for it and we can really achieve it but we need to tune it a lot better.

          How are customer service and technical support?

          Technical support are definitely extremely knowledgeable. However, we have faced some challenges where in our initial discussion we don't get a level 1 support. You want the guy with the most knowledge to be there right up front so it gradually takes 3 or 4 levels but the good things is our internal staff is coming up to speed on this but otherwise CA API Management have great knowledge, they built the product so they are very helpful.

          Which other solutions did I evaluate?

          If I'm looking for an API management vendor then I would look at the API management vendor's capability, their products capability to make their services available on the Cloud, monetization, security, availability, performance, resiliency, being flexible enough to provide different security integration mechanisms to different APIs, how flexible that software is and user intuitiveness.

          My operational personnel should be able to be running from the get-go. I think these are some of the key attributes that we really look at. We did a comprehensive analysis on CA API Management followed by Apigee, followed by SOA software. We did a comprehensive analysis of balance score card by comparing the capabilities and the attributes across all these softwares on a scale of 1 to 10 and then the scorecard came in such a way that CA API Management stood out on every scale for us.

          I think cost was also one of the key factors. We figure that Apigee and other software were on a higher scale from the cost standpoint, so I think that played a major role.

          What other advice do I have?

          The product overall on a scale of 1 to 10 - from a scalability standpoint I would give it an 8. I would certainly give 8, because although I would have loved to go 9 or 10, no product in this world can scale any needs from the get-go but the customer service and the technical support has been outstanding. They have been very helpful so at least they are helping us out. Considering CA from an holistic perspective, not just the product, their ability to meet our needs, their ability to support us, their ability to answer our calls, and answer our specific technical questions, I think I would rate them an 8.

          People tend to support what they have done in the past. It's always the case. If you ask a mainframe programmer he would say mainframe is the most rock solid stable platform in this world. I would say because we have lived in CA API Management I would say absolutely you have to use CA API Management.

          Jokes apart, the customer has to know the capability of API management software. I see a lot of people asking me if I decoupled services in API management. API Management software's purpose is not to do decoupled services. It's to make your services available on the Cloud. It acts as a security gateway so that your consumers can access your services. One needs to know what he's looking for. These are the fundamental characteristics of an API management software. If you compare those characteristics CA API Management leads the industry.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user558057
          Lead Software Engineer at a wellness & fitness company with 501-1,000 employees
          Vendor
          We use it to transmit data from one format to another format, including content-based data routing.

          What is most valuable?

          We use the API Management tool mostly for the portal application and managing the APIs.

          CA has a portal where we can expose the public and private APIs across the globe. We use it as a gateway for security and exposing the internal applications through that layer.

          For us, it acts like a proxy as it passes through the API layer. We use it to transmit data from one format to another format, especially to route the data based on the content. This is a seamless process. There are little challenges in regards to the AWS integration but we were able to get through that and CA helped us move towards AWS.

          The problem was that it was slow. This product was initially built as an in-house product, but later on they converted it to a pilot product. It was not ready at that time but now it is. We are fine-tuning it to make it available on AWS; so, it's good.

          How has it helped my organization?

          We're moving towards microservices. We do have around 358 to 400 APIs, i.e., monolithic APIs, and we want to convert them into lightweight microservices. We want to deploy them in a container, use the gateway and then expose those microservices to the external world. That’s our main goal and we are using CA API Gateway for this purpose.

          What needs improvement?

          I want a more loosely coupled migration utility.

          Now they provide a DMU for migration of the code or APIs for continuous delivery. But it's not robust, so I want to see what CA is going to come up with regards to that.

          In terms of using the tool itself, it is not user-friendly. You can use the product with ease, but once it starts developing the code, there are a lot of APIs and functions that are not readily available for you. You need to refer to a document to learn about that. They should provide some APIs which will drop down the list of all the functions and that are available and ready to use. The world is changing now; we don't want to be stuck in the 80s or 70s, where we need to search for everything and then try to write a code for it one-by-one. It needs be a good tool; easy for the customers to use it.

          The main missing aspect from this tool is that although continuous delivery is available, it is not that straightforward and we have to work on that.

          What do I think about the stability of the solution?

          The stability is good except when we went live with AWS; that's when we had initial hiccups but slowly it improved. We are good at this point.

          What do I think about the scalability of the solution?

          The good thing about McCloud being on AWS is scalability which you get by default. Hence, you don't have to worry about how you want to manage your infrastructure. By default, it will look at your load and there are some alarms set on that and then it will act. When you see the peak, it automatically scales to a new instance and when the load is too low, it will kill that new instance that it has created. AWS will help us with that.

          How are customer service and technical support?

          We have used technical support. We had a few bugs in the code, i.e., bugs in the product code for which we had to talk to CA central customer service; they were good and responsive.

          Which solution did I use previously and why did I switch?

          Previously, we were using OAG - Oracle Application Gateway. The CDCI was not that good with that. The continuous delivery and continuous integration are not readily available and there are a lot of bugs in the code, in the product. In comparison to that, the CA tool is less buggy.

          There were a few reasons for choosing this vendor. The first being the continuous delivery and continuous integration, which was one of the major things we were looking for. Next, we wanted to look at the portal and the API itself; how do you manage the APIs, giving access, access control and all those aspects. The third thing we were looking at was security. So, these are 3 different things that we were considering whilst selecting a vendor.

          How was the initial setup?

          I was part of the initial setup but CA was there with us to help through the implementation process. It's not complex.

          Which other solutions did I evaluate?

          We did do some research and tried to explore some of the API products available in the market. We did speak to all the different product owners, assessed it and then finally we came up with this solution.

          Some of the vendors we looked at were Apigee and Amazon API Gateway.

          What other advice do I have?

          Overall, this is a good product. Those who are interested in a similar product should try to do a PoC first and then see what you want from it.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user558360
          Head of Group Technology at a logistics company with 1,001-5,000 employees
          Vendor
          Controls usage of digital assets and access to systems from the outside world. Monetization should be standard, not an add-on.

          What is most valuable?

          The Mobile SSO and Developer functions are the most valuable features. The Mobile SSO functionality is not available with most similar products in the market, which makes this a unique product. The Developer function helped the developers to be self-sufficient meaning they did not need a lot of training and they could do things on their own.

          API security was another important feature in terms of how you are able to control usage of digital assets and access your systems from the outside world. Thus, security was a good feature.

          Lastly, the monetization part was also important. We have not started off yet but monetization was one more thing that we were very happy and keen about when we saw this product.

          How has it helped my organization?

          We have recently implemented it so it is too early for us to say how this product has improved the working of our organization. We wanted it as a feature and capability for the organization so we have invested in it. In the future, it shall proceed in the direction of how we would like to shape-up our organization.

          What needs improvement?

          We would want to see the monetization feature to be a standard function. At the moment, it is a third-party solution. This feature helps you to carry out API billings, so as the APIs are consumed from the outside world, you can charge your users for using them. Currently, it is not a standard feature and is more like an add-on where they have worked out ISV pricing with others. So, if it is made as a standard feature of the product it will be really good because it will take the promise of app economy to a true level; thus, it will be truly monetized.

          Another improvement we would like to see is that the product should be more relevant with the public cloud infrastructure that is pervasive nowadays. So, the ability to host and run these solutions on Amazon, Azure or Google Cloud should be a standard feature for this product. From what we have been told it is going to be a part of the product’s roadmap.

          What do I think about the stability of the solution?

          This product is stable.

          What do I think about the scalability of the solution?

          We did our own test to verify scalability and found it was quite scalable. We had no issues.

          We had done a load test on the application on our own and it was able to scale to a significant number of transactions per second. Based on our architecture and solution that we have, we are comfortable with the level of volume that it can handle.

          How are customer service and technical support?

          We have not used any technical support.

          Which solution did I use previously and why did I switch?

          We were not using a different solution before. We were looking in the markets for solutions which would help us give this level of scalability, based on the nature of business that we have.

          We never had a product like this because API management was always a discussion and we never knew how to implement it. When we saw this product and figured out that they had the features we wanted, then we took our time to perform due diligence and figured out this was the right product for us.

          How was the initial setup?

          We were involved in the initial setup and found it to be a little difficult. The reason being, we implemented this product on Microsoft Azure and the product features on Microsoft Azure were not updated at that time. So, there were some initial hiccups. However, CA professional services and my team were involved extensively to get it rectified. CA services did play their part in making sure that whatever the shortcomings, if any, were addressed. It was a good involvement from their end.

          Which other solutions did I evaluate?

          We did shortlist other usual vendors namely Apigee, Axway, Mashery that are the other competing products in the market. The number one criteria for selecting this product was CA’s pricing policy as well as its presence in that part of the world from where we come from; it is significantly big compared to all the other companies. In Asia where we come from, not all the companies are present to that extent and you need a level of comfort when you're investing in such a magnitude. You would want the organization to be very strongly present there.

          What other advice do I have?

          Just do your own homework and make sure your own metrics are ready, specific to your organization. Every organization is different and make sure that you maximize the value of the investment that you are putting in.

          The roadmap of the product is the most important criteria while selecting a vendor. In addition, another important factor is the ability to invest in continuous releases/new releases that are coming up in the product. In short, how much the vendor is willing to invest in the product to keep it updated.

          We had a little bit of mishaps for the installation. Overall, regarding the product features all what we wanted was in there. It's just that we had our share of a little difficulty in implementation, otherwise it is a good product.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user558309
          Enterprise Architect at a retailer with 1,001-5,000 employees
          Vendor
          Enforces security policies on APIs so that the user transaction is secured, real, and authorized.

          What is most valuable?

          The most valuable feature is that the API gateway is very strong in security. Most of the enterprises have exposed their back-end services as APIs and everything is okay if the APIs are accessed internally within the enterprise. However, now with all kinds of mobile channels and omnichannel customer experience, the APIs get exposed to the outer world; at such a time, you need something so that you can secure your data. You don't want to be in the news that something bad has happened. Thus, API gateway acts like a security gateway.

          It has the ability to enforce security policies on APIs so that the user transaction is secured. Thus making sure that the transaction is a real one and not an unauthorized/hacked transaction.

          How has it helped my organization?

          Whenever there is a new API development our organization does not need to worry about the security aspects in regards to the API because it's already in place.

          What needs improvement?

          In my opinion, the policies need to be simplified so that developers are able to understand and taking that into consideration they can build their APIs. The support and maintenance needs to be simpler.

          They need to provide more knowledge and it should not be that only CA is able to provide that service. There is need to pass on the knowledge to the enterprise users.

          What do I think about the stability of the solution?

          At our organization, we're still not into production but we have some references from other industries like the telecom industry. What we have seen is that there are some initial hiccups, as you encounter with any new technology.

          However, once you have proper organizational structure in place to support and manage API gateway appliance, things become smoother.

          How are customer service and technical support?

          We have used the technical support and it is excellent. CA is accessible since they have dedicated resources. They provide access to the engineering team and their service is good.

          Which solution did I use previously and why did I switch?

          I was involved in the decision-making process to adopt the solution. Initially, we had a normal NetScaler load balancer. However, the challenge with that tool was once your APIs get exposed to the internet/the mobile phone, how to pass the username and password from your mobile phone to your back-ends.

          The mobile experience demands that you don't want users to authenticate every time they want to use the application. For example, the Facebook user experience is such that once you enter your username and password you are logged in and whenever you come next time, the token gets refreshed. A similar kind of experience is what we were looking for and that demands API management.

          How was the initial setup?

          I was not involved in the setup of this product. Since I was an architect, I brought the product in our organization, made people aware of it, socialized it within the enterprise with different stakeholders and now they're leveraging it.

          Which other solutions did I evaluate?

          We considered other vendors like IBM DataPower and also looked into Apigee, which is now taken over by Google.

          What other advice do I have?

          We came up with a reference architecture, so there's got to be some standardization in regards to how you want to build APIs, expose the APIs, naming conventions and so on.

          The way to manage the policies needs to be simplified and developers need to be trained. In my opinion, CA API Gateway in that security space is very ideal and it's one of the best out there.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user558432
          Head of Digital at Banco Votorantim
          Vendor
          We are using it to integrate our back-end platform and our front end.

          What is most valuable?

          We acquired this platform to give more agility to inter-development. We are using this platform, for example, to deliver a fast integration between our back-end platform and our front end. CA API Management enables us to very quickly create and manage the business rules, and do the integration. After this implementation, we reduced our lead-time in integration and development by approximately 50%.

          How has it helped my organization?

          It standardized all processes during development with the integration between platforms.

          What needs improvement?

          CA can provide more features to help with performing tests, for example, to create a month of simulated data to perform stress tests using the CA. In the past, we had to pay our client to create a database for us to perform tests using credit card information with simulated customers. We want the CA API management platform to include a specific module for creating this test database.

          For how long have I used the solution?

          I started my challenge there in March 2016, but the platform was implemented 2015. I received all the benefits of this platform.

          What do I think about the stability of the solution?

          It is extremely stable.

          What do I think about the scalability of the solution?

          It is perfect on scalability. Today, I can say we are performing at a rate of five million requests, or five million transactions, per day using this platform.

          How is customer service and technical support?

          We are using local support in Brazil to help us during some specific integration between platforms; but it's very, very specific cases.

          What other advice do I have?

          This API management software platform is great for us. We are extremely satisfied with the platform.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user558333
          Leads System Engineer at a consultancy with 1,001-5,000 employees
          Consultant
          The logs help us troubleshoot. Easy to manage policies.

          What is most valuable?

          This product is easy to use. We are able to troubleshoot with the logs that it creates and it's easy to get people up to speed on it.

          How has it helped my organization?

          We use it for managing policies and that process is simple and easy to perform.

          What needs improvement?

          We'd like to see an updated migration tool. Right now, the migration process works but it is a little clunky because there's not a good tool for migrating it. It's an older version tool so the services need to be restarted every once in a while.

          What do I think about the stability of the solution?

          It's pretty stable. Once in a while we'll have an issue or we have to restart it but the product itself is very stable for us.

          What do I think about the scalability of the solution?

          I think it scales well. We've got a cluster going and we can increase the size if we have to so it works out well.

          How are customer service and technical support?

          I have only used technical support to consult about upgrades. They are very good. They always have answers when we have questions so it has worked out really well.

          Which solution did I use previously and why did I switch?

          We used Layer 7 before CA acquired it.

          What other advice do I have?

          I recommend this product because of how successful we've been with it.

          The most important criteria for me when selecting a vendor is the quality of their support and technical staff. If they are able to help us, it makes it a lot easier.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user491508
          Sr Software XML Gateway Developer at a manufacturing company with 10,001+ employees
          Vendor
          We rely exclusively on it for web services and RESTful APIs.

          What is most valuable?

          The following features are most valuable to me:

          • Extracting credentials for authentication
          • Security
            • This product handles security in their own and unique way. e.g internal identity providers, connect to any LDAP in organization and validate, Certificate checks etc.
            • It can do certificate authentications ( one way, two way).
            • It can read credentials and connect to any LDAP including its own internal identity provider using the credentials
            • It can generate SAML tokens for security
            • It can extract/parse XML/JSON element.
            • Password once stored in cannot be viewed, but can be extracted, this is major advantage when we use basic credential to any system to connect
          • Regular Expressions is one area where it has a big advantage for validation of strings

          How has it helped my organization?

          Our organization relies entirely on it for web services and RESTful APIs. Internal applications never get requests if they are not valid or authenticated, which saves the backend server's processing. Big organizations can track demand of services and drives to ROI.

          What needs improvement?

          An as-is string API is not available for manipulating, like we do have in Java all operations of String are not present. The hard way is by using regular expressions, which is little difficult to intermediate and beginners.

          Some kinds of errors have to be reworked.

          Very recently, I saw a connection reset error message for a handshake (for cipher). Many organizations have recently performed the SHA2 upgrade, so handshake errors are not properly recorded in logs.

          When backend system sends error message with different MIME layer7 cannot propogate the same message, most of the times it gives blank message, backend error message is never passed to final consumer.

          (observed in 8.3 for MIME application/problem+json and with error code 403)

          For how long have I used the solution?

          I have used this solution for four years.

          What was my experience with deployment of the solution?

          ESM gives a hard time. For example, 7.3 to 8.3 migration is hardest. Also, if we have multiple clusters, we don't have a good migration utility. Most of the time, it fails.

          Login (Policy Manager) time for clients is usually not fast.

          The Information Guide is very brief.

          What do I think about the stability of the solution?

          In big industry stability is always challenge, some times internal users report that 3 out of 4 connections are successful and one is never reached to API Gateway, while diagnose report always says system is healthy, restart will make it work again

          How are customer service and technical support?

          Customer Service:

          4/5 they are always on par with requests, some times limitations of API gateway are there to answer by Customer Service

          Technical Support:

          I rate customer service and technical support 8/10.

          Which solution did I use previously and why did I switch?

          Our organization moved to this product because Cisco stopped supporting its gateway.

          How was the initial setup?

          Initial setup was in between straightforward and complex.

          What about the implementation team?

          We implemented the solution in-house with help from CA.

          What other advice do I have?

          This is a good tool compared to open source solutions. There still is a lot to be done to improve user experience.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user497217
          Vice President of API Management Division at a tech company with 51-200 employees
          Vendor
          We have been able to accelerate our clients’ transition to digital organizations by using the CA API Gateway to rapidly expose legacy business services as RESTful APIs.

          Valuable Features

          • Security
          • Flexibility
          • Ease of use
          • Message translation

          Improvements to My Organization

          We have been able to accelerate our clients’ transition to digital organizations by using the CA API Gateway to rapidly expose legacy business services as RESTful APIs, adding industry-leading security to the APIs, and providing a Developer Portal that provides governance, control, visibility, and organization of the entire API stack. These features result in faster time to market, cut months off project timelines, and enable businesses to prevent from becoming disrupted by high-tech startups.

          Room for Improvement

          The Developer Portal has had some limitations but a new version has already been released which addresses these limitations. It is already available in SaaS form and will also be available as an on-premise solution this October.

          The previous version of the Portal was a bit more limited in terms of appearance customization (CMS) than the new version. Some other features lacking in the old portal but available in the new version include API-Enabled (functions that can be executed from within the web-based GUI can also be executed from API calls, allowing you to automate tasks), ad-hoc reporting, support for hybrid deployments (Portal in the cloud, API Gateway on-prem), and Swagger support to name a few of the most commonly requested features.

          Use of Solution

          I have used it for three years.

          Scalability Issues

          The CA product has outstanding scalability built-in via their “cluster” concept. The Gateways are organized into clusters and adding a new Gateway into an existing cluster is very simple and does not require an admin to configure the newly added Gateway nor manually deploy policy to it; it is all automatic. Stability of the Gateway is rock-solid so long as you follow CA’s best-practices guidelines when provisioning and configuring servers. We have seen sporadic performance issues when clients’ IT Operations team did not follow the guidelines but these were easily remedied by updating VMware configurations to match CA’s recommendations. DRS configuration is an example of this. One must also pay attention to log and audit data as these can grow fast with the high transaction counts of today’s API utilizations. Implementing a strategy to archive this data is important. We very often forward this data into Splunk to provide our clients with a single source for API analytics.

          Customer Service and Technical Support

          For most use cases, CA support is very responsive and they even have a group dedicated to making fast-paced product updates and customizations for customers with special needs, which is very unique among API solution providers.

          Initial Setup

          The CA product is very easy to set up. A development environment can be stood up in an hour or two.

          Implementation Team

          As a service provider, we implement API management solutions for many customers. My advice for customers seeking to implement these solutions is to pay close attention to the CA recommendations on VM settings (if using the virtual appliance), and to ensure they seek assistance from someone familiar with implementing this specific solution. CA has their own professional services division, and there are several consulting firms such as ourselves who have experience implementing this solution.

          Other Solutions Considered

          We work with multiple API solution providers. Each has their strengths and weaknesses. We work with our clients to understand their needs, current IT infrastructure, future-state IT infrastructure, and roadmap, then provide them with our solution recommendations based on this input and our own personal experience implementing API management and identity and access management solutions.

          Other Advice

          API management solutions have many additional valuable features that some IT development purists might not feel “should” be handled by an API gateway. Two examples include the API gateway’s ability to process business rules on a service, and the API gateway’s ability to provide orchestration. One could certainly have a lively debate about whether the API gateway is the “right” place to do this, but the point I try to make is that in the real world, work comes at you fast; you have to be nimble and responsive to customer demands. I have been in situations where a business requirement and deadline could not be met because certain architecture was not ready or the team who would normally handle this work was already fully utilized on other requirements. Because the API gateway can handle these tasks, it provides increased flexibility. The new functionality can be added into the gateway and later moved out to a service bus or microservices architecture as time allows.

          Disclosure: My company has a business relationship with this vendor other than being a customer: My company is a CA partner. We are resellers of CA Identity Management and API Management products and we provide implementation services to clients.
          it_user484275
          Sr. Manager - Technology Governance and Architecture at a tech company with 10,001+ employees
          Video Review
          Vendor
          Provides good performance and the ability to scale.

          What is most valuable?

          From our perspective, the most important aspect is the ability to scale without compromising performance as well as security. That’s the most important aspect, and that’s one of the reasons why we chose the CA product, because it does scale for our needs to grow without compromising performance.

          Also, security is very key. We are in a marketplace that companies are being hacked, so we didn’t really want to compromise in any of the security aspects of it.

          Good performance and ability to scale not only for now but also in the near future as we organically grow the company.

          How has it helped my organization?

          When we thought about the API platform as a whole, our intention was to provide the solution both for our internal customer as well as for our external customers. What we mean by that is we are a very geo-spread company and there are internal folks who also leverage the same services which are currently consumed by our external customers. So the intention when we thought about this whole solution and the future perspective was to have a single platform that caters the niche for both, without trying to deploy them in a very indifferent way. We have seen in other places and even in the past that you have a solution and deployment that provision for internal users and separately for external users. That was too much cost: maintenance and redundancy. We wanted to bring them together as a whole and that’s the aspect which we like the most using the proxy aspects of it and the ability to configure the different end-points. We point out based on the user base which end-point we hit on without a compromise in any of the scalability, performance and security aspects but at the same time using a single platform per se.

          What needs improvement?

          The additional features are to keep up with the security aspects. That’s one aspect, the market is changing. As we started several years back and where we are today, the technology and the security aspects have pretty much changed starting in the good old days with the PKI, SSL, now with the OR, etc.

          One thing that I would really look up to is keeping up with all of the evolution and security aspects of it as new features that can be added. The second one is provisioning the users. Right now we do not have a user friendly provisioning utility per se, so we have to do it behind the scenes. Having such a feature would certainly help in the long run, because it could do a lot of internal effort that we have to do in terms of development and maintenance aspects of it if we were using something out of the box.

          What do I think about the stability of the solution?

          We are pretty happy with the stability. We had our challenges from the beginning, that’s part of the learning curve that we go through no matter what product we choose. But as we learned a little bit more about the product, and as we started leveraging the key features and the functionality of what it can bring to the table, I think we are pretty happy.

          What do I think about the scalability of the solution?

          We are able to scale both horizontal and vertically, so we have an internal user base as well as external user base and we are able to provision both for those user needs. We are able to even segment it. One of the features that we like the most is the ability to have a form of servers which provide that scalability and un-scalability at the same time we being able to curve out a part of it exclusively for internal users as well as for external users, but if time demands we can bring that together to scale it. That’s the part which really added a lot more value to the business.

          How are customer service and technical support?

          They’re pretty handy and they’re very knowledgeable folks from our experience perspective. In the initial days when we ventured into this product, they said we were in the learning aspects of it so we didn’t know all aspects of every feature and functionality. We did follow up many times. They were patient, they were trying to provide reasonable answers and guide us to the right path and where we could go to look for more information, so it was very helpful.

          Which solution did I use previously and why did I switch?

          We were using an in-house built solution which used Tomcat servers and were quite complex. We wanted speed which is the key for success in the current marketplace, so CA did deliver that. We wanted that speed. We were able to really get up and running fairly quickly because it is mostly configuration driven as opposed to doing things from scratch.

          How was the initial setup?

          Every project starts with something small but in our case we also started small, but eventually it grown into a big elephant in the room, so that’s how we got into. Right now we realize we can be small at the same time as we can be a big elephant in the room. We try to find that medium aspects of it where rubber meets the road and what we really need. It’s not too complex at this point of time. We are scaled down to accommodate what we want to begin with.

          What other advice do I have?

          The stability of the company and the customer base are the two most important aspect because we want to make sure the company is going to be around for years to come.

          Also, who is there customer base at the moment. We want to make sure and learn from their experiences. We don’t want to be a guinea pig to begin with.

          Rating: I would say CA is around a nine plus. I would strongly recommend them. The first think I’ll tell anyone is to do your homework because wherever you venture into a new product, there are lots of unknowns and those unknowns are what makes people feel, “Well, this is humongous. It’s too complex.” I would say to first learn the product and what the product has to offer and see how does that benefit your business needs. Then go for it, but with the product suite that we are current using, I would strongly recommend them because it did deliver what we want and we are very happy with it.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user482415
          Principal Architect at a tech services company with 1,001-5,000 employees
          Video Review
          Consultant
          The operational side of API Management is pretty simple.

          What is most valuable?

          What I felt was when we reviewed it along with the multiple other vendors in the market was that the operational side of API Management is pretty simple, so that we can ramp it up very fast in our organization. The way the product is built was really good. 

          How has it helped my organization?

          It simplifies the operational cost because it is self contained in one container, or one image, so when we wanted to scale, when we wanted to deploy a new Gateway, you could literally do it in like 2 to 3 hours or less than 30 minutes. If you have an automated way you can spin up an automated way.

          We also have the ability to deploy it in the cloud if we wanted to. That is one of the very powerful things for us to get the buy-in from our operations team. 

          What needs improvement?

          The API Management has few products - Gateway, Portal. So far both Gateway and Portal are good but we would like to see a bit more improvements on the Portal side like giving a polished look for the documentation on the Portal. The Gateway is kind of solid.

          Today it is not that straightforward to generate a document, even the data generate, and it's not really auto-generating it from the Gateway. I would like to see an auto-generation of the documentation. 

          Which solution did I use previously and why did I switch?

          We work with a few other vendors, I don't want to name them but they are leading vendors in the API Management space. We picked the CA solution for a few reasons, because we have some legacy protocol that's being supported only by CA API Management and that is the reason why we picked it. Another reason why we picked it is the operational management is much simpler when compared to other vendors.

          How was the initial setup?

          It was not that complex. It's pretty straightforward and easy to set up. There are a few optimizations and nuances that you may not be able to do as a starter, but you should be able to get help from CA support to do those. 

          Which other solutions did I evaluate?

          We have a process to follow to pick up a vendor. We look at the company to see how the company is doing, what is the market presence for them and the maintainability, manageability, supportability, scalability, and whether they are meeting all the functional requirements. We have an individual line item for every section of this and we score them individually, that's how we pick our vendors.

          What other advice do I have?

          On a scale of one to ten, I would give CA API Management a nine. The scalability of the Gateway is pretty straightforward and easy, because it's simply contained within as an image, or as a simple container form. You can easily deploy and add, and it supports a cluster architecture so that you can add new nodes on the go and it automatically gets all the things that is already available, so that is pretty neat.

          I would always go back and look at the business benefit behind it rather than the technical aspect. We have to think from the business standpoint, "Why do you need API Management? Do you want it to be more of an API company or you're selling your API, or you want to do an omni-channel approach? Or what is the reason, are you simplify the integration?" That drives lots of real value and that gives you full feasibility why you wanted to bring in an API Management solution. I would recommend to analyze that aspect before you try to purchase an API Management solution.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user482193
          Sr. Manager - Delivery, Enterprise & Platform Architect at a tech company with 10,001+ employees
          Video Review
          Vendor
          Most valuable feature is security along with performance and scalability.

          What is most valuable?

          The most valuable feature is security, which is the most important to our company. Then comes performance, scalability, and I see tremendous performance value without compromising the security. It gives us peace of mind, for example there are so many penetration attacks happening, DDoS kind of attacks happen in our API infrastructure if you don't have the security. With the out of the box security features from CA API Management, I can focus on the business logic to deliver the real value to the consumers, without worrying about the security. It's very stable, we've been in production for the last year and we didn't have a single production incident because of the API Management solution. I'm really happy with that actually. It's very stable and very reliable.

          What needs improvement?

          I see a lot in the developer portal. It's not that flexible the way we want it to be, so it's kind of out of the box and we can only do the standard features that they have. If you want to customize, it's a little bit hard for us, so I really want to see some flexibility in the developer portal. For the monitoring module, I also want to see some stability in the ESM module.

          What do I think about the scalability of the solution?

          Scalability is really good and they could do an average transaction size of probably 50-100KB with around 20,000 transactions per second, which is really impressive. Initially we thought we needed many licenses, but we ended up using only one part of the licenses.

          How are customer service and technical support?

          Technical support is really good. Their level 1 and level 2 support is really good. Sometimes when we try to add new features, when the team really gets stuck and we open the ticket, we usually get a response within a few hours.

          Which solution did I use previously and why did I switch?

          We were using the ESB solution, we were using SOAP services and then we wanted to move to REST based services so that we could open up our internal assets to our customers directly.

          How was the initial setup?

          Initial setup is good. It's straightforward. It's not that tough and it's an appliance, so that kind of took away wireless installation and base installation time, so our IT infrastructure team really loved it.

          Which other solutions did I evaluate?

          We looked at Apigee, Axway, Intel Mashery and a few more vendors.

          The main thing is whether the product is really good. Look at the Forester and Gartner reports and how the support is, because a lot of good products are out there but we have seen in the past that we don't get good support. These are the major criteria I look at.

          What other advice do I have?

          Rating: for CA API Management I would give it a 9 out of 10, but for the developer portal I would give it a 6 out of 7. ESM I would give a 5 out of 6.

          It's definitely a great product, I would ask to have an open mind and check out the features. I haven't seen any problems, and I have seen so many problems in my previous product, with ESB, so it's definitely a top notch product.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user479772
          VP Product Development at a financial services firm with 10,001+ employees
          Video Review
          Vendor
          I like the scalability, uptime and the way that it's versatile.

          Valuable Features

          In terms of priority: the scalability, uptime and the way that it's versatile. You can load up multiple different kinds of services at the same time. We have multiple different services going live on a particular platform, concurrently. It happens a lot. It's important for a system to handle that. Then CA's API solution also works with multiple solutions which are provided by CA, like LISA tools and all that. Altogether, it's a very cohesive unit.

          Room for Improvement

          Some of the things that we see as room of improvement are how do you integrate with other systems out there. Integration with the existing systems and infrastructure, which is not necessarily related. How do you integrate those systems in? Examples could be: how does CA integrate with IBM or existing systems? Lot's of large organizations have existing systems they don't want to replace with other systems. How does CA's systems work with those systems concurrently? Those would be important considerations.

          Stability Issues

          So far the stability has been really good, we haven't had any problem. I believe we have been using it for sometime. As per the industry standards, it's been quite stable. Personally, I have been involved for almost 2 years but I understand that our organization has been using it for quite some time. We are in a business which sees lots of volume, trillions of volumes of calls. The system that we work with has to handle those trillion number of volumes of calls. All of that also happens in the real time, so the system has to scale up to spikes. Sometimes during holiday season and all that, we see quite a lot of spikes going in. The system has to manage all those spikes and CA has been able to do that.

          Customer Service and Technical Support

          The technical support has been good. They have dedicated technical support for us, we have dedicated account managers from CA, as well as specialists. It's great to have those kind of partnerships with CA.

          Other Advice

          I'll definitely give it 8.5. Whether they can put up the solutions that we want, that's number 1. How long they would take, is it going to provide value addition at this point of time or in the future would we have to invest in technology dollars in order to improve that? What is the pricing? What's the scalability? What's the uptime? All those features. It's been very good.

          I think CA's API Management technology is in the top 3 in the industry. It depends upon what kind of things you're looking for or what kind of features you're looking for.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user479754
          Founding Partner - Principal at Vanick Digital
          Video Review
          Consultant
          The most valuable features of the solution is the gateway and the power of the gateway.

          Valuable Features:

          The most valuable features of the solution is the gateway and the power of the gateway. The CA solution, as far as how it rates with other products in the marketplace, gives you one of the most robust sets of gateway functionality and security capabilities out of the box in a configurable fashion. Instead of having to actually write code to achieve those things, the CA Layer 7 product gives you the ability to actually configure a very broad range of capabilities and policies directly out of the box.

          Improvements to My Organization:

          If it's implemented correctly and you take advantage of some of the capabilities, like the ability to use APIM on the side and integrate that in with policies, it removes a lot of the weight of building all of those rules into the underlying services. It allows you to escalate that up and put that into policy management that can be managed in real time, which creates a faster move to market with capabilities.

          Room for Improvement:

          Based on a lot of the other tools in the marketplace, the user interface itself is more linear and programmatic based. For a developer it seems to be a very natural interface, but for someone that you'd like to get in there, just doing more configuration, I think there's an opportunity there.

          Scalability Issues:

          It's enterprise class software. It gives you the ability to scale and load balance, and based on how the technology is being managed today using a database as an underlying component that allows you to synchronize multiple gateways to the database. And then the ability to cluster the data technology. It can scale as much as you need to scale.

          Initial Setup:

          The initial setup and the configuration is relatively straightforward. I think the more challenging aspect of it is, like any solution that's an enterprise scale solution, is just getting the base infrastructure agreed upon, configured and implemented. Once that's accomplished it's very easy to configure and set up.

          Other Solutions Considered:

          Looking at broad capabilities, looking at stability of the company, today you need to look at vendors that are staying up with the demands of the market and where the market is heading, and making sure that the improvements being made to the software are in line with that. I think it's important to look at vendors that are releasing more than twice a year so that you can see rapid deployment of technology.

          Other Advice:

          It depends on the customer and the industry. Typically, the customers are choosing CA because of the broad capabilities of the gateway, the performance of the gateway; the gateway is one of the top performing gateways in the market, and security. It's absolutely the best security product in the market from a gateway perspective.

          I give it a 9, because everybody's got room for improvement. I would definitely recommend the product. As you start looking at releasing APIs, some of the biggest concerns that we have are performance, because consumption is based on how usable the API is. When you start looking at the architecture that CA has put together in giving you the ability to cache information from the front side request, cache information from the back side request, and then create your own caching capabilities to improve that performance, that is a huge benefit and a huge consideration in making a product determination.

          Disclosure: My company has a business relationship with this vendor other than being a customer: Partners
          it_user351327
          Sales Engineer at a tech services company with 51-200 employees
          Real User
          It has built-in identity management so that when someone logs into the UI, it can confirm their identity and give them access to what they need to see.

          Valuable Features

          It has built-in identity management so that when someone logs into the UI, it can confirm their identity and give them access to what they need to see.

          Overall, it's a great tool and they keep building in more and more capabilities.

          Improvements to My Organization

          It provides us a needed level of security in restricting access for the user. It’s able to make multiple API calls while looking like it’s just making one.

          Room for Improvement

          I was hoping that there would be some deeper dive Gateway training than their two day workshop and the self-paced study provided. The only course that focused on the Gateway was a Sales Certification course, for which I never did get my certificate, and it was only a short intro to the Gateway and the Portal. There was nothing that I could find that was more in depth than that.

          Some of the speakers at CA World spoke about how they used the Gateway, but mostly it was mentioned that partners were using it. So it would be good if there could be more deeper dive Gateway training during the Pre-Conference training sessions.

          Deployment Issues

          We've had no issues with deployment.

          Stability Issues

          We've had no issues with stability.

          Scalability Issues

          We' have no issues with scalability.

          Customer Service and Technical Support

          They are great, very helpful, and they make sure that you know that they are there to support you. They're responses and have always provided us with solutions.

          Initial Setup

          The initial setup was very straightforward.

          Other Solutions Considered

          I believe that they evaluated several different products and this was the best to fit our needs.

          Other Advice

          Definitely do your research and, if possible, take the two day workshop to show you how to use the tool.

          Also, get recommendations from people and get their feedback.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user348429
          Manager - API Management at a insurance company with 5,001-10,000 employees
          Vendor
          With the API model, access to the backend is already available so you can concentrate on building a good user experience. You can’t document all details in the current developer portal.

          What is most valuable?

          It’s central to our mobile-first strategy. The API layer is becoming the interface to all of our legacy back-end and all of our new app development is being built on top of our API layer.

          Key features – integration with SiteMinder and its ability provide security in general, content-based routing, and ability to turn our existing SOAP service back-ends into new REST-JSON APIs.

          How has it helped my organization?

          As the APIs are built and published and made available to developers, we can build applications on top of those APIs in days and weeks as opposed to months.

          In a traditional web application you’re building your UI, your integration layer, your back end, all at the same time, and there are dependencies – you can’t built the UI until you have database access, etc.

          With the API model, all that access to the backend is already available so all you have to concentrate on is building a good user experience.

          What needs improvement?

          They have really stabilized the API gateway in the last couple of releases. There’s a developer portal that is used to document your APIs that is woefully behind the times, in terms of being able to provide a really good robust experience for the developers consuming your APIs. You can’t document all of the details you need in the current developer portal and really need a separate web site just to document your API.

          You need to understand what you want from an enterprise API, what your vision, what your plans are for rolling out an enterprise API, before you just go out and buy a product.

          What do I think about the stability of the solution?

          It’s been rock-solid. When we’ve had problems with a gateway – we have a whole group of them – we typically get very good support from CA and production downtime has not happened.

          What do I think about the scalability of the solution?

          Because it’s a clustered environment, we can scale horizontally as many as we need to go. So far two production gateways that are in a cluster and they’re processing transactions for one of our APIs at 30 calls a second and there’s barely a blip on CPU.

          How are customer service and technical support?

          In general, I’d give them about a 7/10 or 8/10. They’re good – sometimes it can take a little while to get to the right person. They tend to come back to us with obvious suggestions, which we try before we call tech support. When we get to the right person we get an answer immediately.

          Which solution did I use previously and why did I switch?

          It was an architecture decision to move towards a mobile-first API strategy. We realized that in order to meet the requirements of an API of a really good, strong enterprise API we needed to centralize that. That started us looking at APIM technologies. We scored a number of different vendors and brought in some to do POCs.

          How was the initial setup?

          Nothing in IS is ever simple. However, the install went very smoothly. The OVA files that you install into your VMware infrastructure -- configuration and getting them set up in the clusters went smoothly (respecting internal processes). The setup and config wasn’t that difficult. There was much more of a learning curve on our end to leverage and learn how to use the API gateway. It’s sort of like a Swiss army knife in that you have to learn how to use which tools and when.

          Which other solutions did I evaluate?

          I look for stability in the vendor. I look for their ability to understand our needs. We get a lot of vendors who are not used to working with a Fortune 500 company and the size and complexity of our operation is big and complex. We need vendors that are flexible and who understand that their solution might solve a problem, but that might not solve it the way we need it solve. The flexible vendor that is able to provide multiple solutions typically ends up winning.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user354006
          Team Lead at a pharma/biotech company with 1,001-5,000 employees
          Vendor
          We needed a way to secure our externally-facing services. This solution was a lot more lightweight and its security chops were more apparent.

          Improvements to My Organization:

          We needed a way to secure our externally-facing services. Layer 7 was a lot more lightweight and its security chops were more apparent. For deployment, it needed the ability to go with a VM image because it was not going to be on-premise. It was going to be in a cloud offering in front of our commerce spot.

          Room for Improvement:

          Because of our experience with our cloud-hosting provider's image requirements versus what CA provided them, I think an area of improvement would be additional form factors for virtualization.

          Initial Setup:

          There were some issues during the initial setup. Our cloud-hosting partner required certain things, such as ESXi hosts and images. They were very particular about what kind of image they wanted versus what kind of image CA provided. So what I think would be an improvement would be support for additional virtualized form factors.

          Implementation Team:

          CA helped with the architecture, the design, the implementation and it's in place but it's not actively being used because the backing system isn't there yet. I can't tell you qualitatively like, "Oh, yes, it's working very well." I don't know how it's working because nobody's using it. It's waiting for the system to be ready and operational. The implementation, though, was done very well.

          Other Solutions Considered:

          Layer 7 was top-of-class in the Gartner Magic Quadrant, Forrester, and all that stuff, so I did the selection process there and looked at a couple of different competitors.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user353421
          IT Analyst at a retailer with 1,001-5,000 employees
          Vendor
          It will fill a lot of the gaps where we are developing in new spaces, especially in mobile spaces, and I predict it's going to be adopted globally in the near future.

          Valuable Features

          Considering the various features of the API Management suite, the most obvious useful feature that we value the most is that it gives us more security, control and visibility over how our APIs are being used throughout our company and how our users are using it. It gives us more data and information so that we can target where to concentrate our resources a lot better.

          The other thing is also it's in the right place at the right time. APIs are a huge thing right now especially with the mobile economy growing as rapidly as it is. The API gateway could not have come at a better time for us.

          The UI on it is actually better than SiteMinder. It has a much more IDE type of feel to it.

          Improvements to My Organization

          The API Management suite for us is still fairly new as it's not as expanded as SiteMinder is. However, the potential for it to expand is still there. As an organization we can see that this is another one of those products that will be ubiquitous in the near future, just as SiteMinder is.

          Organizationally speaking, it will fill a lot of the gaps where we are developing in new spaces, especially in mobile spaces, and it's going to be adopted globally in the near future in my prediction.

          Room for Improvement

          I don't have enough experience to say what I would like to see improved because I'm still building it into my repertoire right now.

          I wouldn't say, however, that the setup is simple. It's mildly complex, but given the documentation and the linearity of it, it was fairly straightforward.

          Deployment Issues

          It deployed just fine.

          Stability Issues

          It's stable, lightweight, works as expected and we don't see any problems with it.

          Scalability Issues

          We can see that it will scale very easily as well. It handles traffic efficiently, no hiccups there, and we're happy with it.

          Customer Service and Technical Support

          No experience of technical support on API Management so far. However, if I may also add that the support team on it in terms of sales and product management from CA is excellent.

          Initial Setup

          API Management setup was very straightforward. I was involved with that, and the documentation was helpful.

          Other Advice

          The problem with API Management is it's solving a problem that not many people understand. If you look at the options in the market, there's not much. I would a to a it only advise to get it because it's actually very friendly in what it's trying to do in terms of UI. The learning curve is very short and it's something that you can rely on to work properly.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user352995
          Expert Architect at a tech services company with 1,001-5,000 employees
          Consultant
          Using it creates a single set of APIs, even though the back-end REST, UI, and GUI technologies are different. Its UI is very outdated and we'd like something easier and more intuitive.

          Valuable Features:

          Security is the most valuable feature for us. We have a lot of threat protections turned on and I think the gateway has inherent security protections for DDoS and a whole list of other security risks. We also have the ability to customize the security of each product that we're doing, which has been really helpful. 

          It also provides some load-balancing features. We can choose which traffic goes to which back-end server and the gateway will help us manage all that.

          Improvements to My Organization:

          I think it's protecting and exposing our internal APIs externally. We have a lot of different types of back-end technologies that use the APIs -- REST, UIs, and GUIs. So using the API product creates a single set of APIs, even though in the back-end they're much different.

          Room for Improvement:

          The UI is very dated. I've talked to some of the development and product managers about that, and I think it's a known issue. It's early 2000's technology. We would like to see something online and a better UI that's easier to use and more intuitive.

          Reporting could use some enhancements as well. We just moved to the 8.4 version from 7.1, and they've got a new reporting tool called ESM. We're just now starting to use that, so maybe that's going to provide what we need; it's to be determined.

          Deployment Issues:

          The deployment's taken a little longer than we expected.

          Scalability Issues:

          We're exposing probably fifty different products externally. We've got thousands of requests, probably, per hour that come through. It's a lot of batched products -- people will run a job and it's sending a lot of things. We have a lot of traffic. The gateway itself has been stable. Downtime has usually been something like the network equipment around the gateway itself, but the gateway itself has been fairly stable.

          Initial Setup:

          We have development test-production environments, so to get it on our infrastructure under our own management tools, there's a lot of bureaucracy. So it's not just a push-button type deal; it requires a lot of coordination, tickets, firewall changes, provisioning hardware, things like that. All that to say that the initial setup was not straightforward but rather complex.

          Other Solutions Considered:

          There were several other options evaluated, but I wasn't a part of that.

          Other Advice:

          I saw some things this week at CA World which I think will make the product better, more intuitive to use with a better interface and easier deployment. There are things I saw on the road map that they'll address in the near future.

          I would advice that someone go through the self-training before just jumping in. I learned from co-workers as well.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user351495
          Chief Engineer (R&D for VoIP, Networking and P2P) at a tech services company with 1,001-5,000 employees
          Consultant
          I used to use a proxy to publish APIs, and now we want to use the CA API gateway, as it's more advantageous. They need to fix a bug so that we can publish new APIs with a socket.

          What is most valuable?

          The published API is easy. We don’t have any idea how to create or add value to the API to aggregate security, and we want to add the CA API gateway.

          How has it helped my organization?

          The API gateway is a great solution.

          What needs improvement?

          In two months, we want a new API publishing system to be opened. We need them to have fixed the issues of the API gateway by then.

          What was my experience with deployment of the solution?

          We had no issues with deployment, but it's not a stable solution.

          What do I think about the stability of the solution?

          It's not stable. I want to publish new APIs with a socket, but it’s not stable enough for this. They need to fix this bug in order for it to be stable.

          What do I think about the scalability of the

          What is most valuable?

          The published API is easy. We don’t have any idea how to create or add value to the API to aggregate security, and we want to add the CA API gateway.

          How has it helped my organization?

          The API gateway is a great solution.

          What needs improvement?

          In two months, we want a new API publishing system to be opened. We need them to have fixed the issues of the API gateway by then.

          What was my experience with deployment of the solution?

          We had no issues with deployment, but it's not a stable solution.

          What do I think about the stability of the solution?

          It's not stable. I want to publish new APIs with a socket, but it’s not stable enough for this. They need to fix this bug in order for it to be stable.

          What do I think about the scalability of the solution?

          We introduced it on triad, but we haven’t tested the scalability of it yet. We'll know more in the coming weeks as we test the system.

          How are customer service and technical support?

          We always consult with technical support.

          Which solution did I use previously and why did I switch?

          I used to use a proxy to publish APIs, and now we want to use the CA API gateway, as it's more advantageous.

          How was the initial setup?

          The initial setup was easy, but I had some issues with the software. I want them to simplify the upgrade method.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          ITCS user
          VP, EIM Data Architect at a financial services firm with 1,001-5,000 employees
          Vendor
          It provides us security on the gateway to handle the throughput from digital channel projects that require back-end integration. I'd like to be able to import a Swagger file through the gateway.

          Valuable Features

          The most valuable aspects for us are the security features, such as OAuth and access control. Furthermore, it's a flexible tool that performs well.

          Improvements to My Organization

          It's a great tool, but I wouldn’t say it streamlined anything. It does just exactly what we acquired for, which is to connect and manage data from our legacy system to the cloud and to mobile. We had some digital channel projects that required back-end integration and needed security on the gateway to handle the throughput that would be coming, so we chose API Management.

          Room for Improvement

          I'd like to be able to import a Swagger file through the gateway.

          Use of Solution

          We have been using it for three years.

          Deployment Issues

          We've had no issues with deployment.

          Stability Issues

          It has been stable from day one. We haven’t seen anything to suggest it won’t continue to be.

          Scalability Issues

          It's scaled just fine.

          Customer Service and Technical Support

          The online material is fantastic and the CA API Academy videos are excellent.

          Initial Setup

          The initial setup was complex and difficult mainly because we didn’t have heavy Linux support guys.

          Other Advice

          It takes longer than you would think; timing it is essential.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user17886
          Manager, IT Security & IT Office of the CIO at a engineering company with 1,001-5,000 employees
          Vendor
          It provides a simple endpoint for applications to call and for customers to call, so it reduces a lot of the complication of API services. But, in order to get OAUTH, we had to buy the MAG product.

          Valuable Features

          It’s a way for us to secure our externally-sourced API calls that come into the organization. The two things are 1) protocol translation where we can let a REST call come in and get converted to some legacy protocol, and 2) security token translation support because we need to convert a standard industry token to something an internal system will understand.

          Improvements to My Organization

          It provides a simple endpoint for applications to call and for customers to call, so it reduces a lot of the complications of API services. Most of these APIs the user never sees, like a mobile app that does something below the water line, or another partner is calling our application – such as an order purchasing system at another customer, whose app calls our app. It eliminates the need to deal with users in a lot of cases, so if users don’t have to deal with the system it’s convenient for them. It helps us automate as well.

          Room for Improvement

          One item that we’ve had discussions – and they’ve fixed some of it – you had to buy extra products, specifically the CA Mobile API Gateway, to get certain types of token support even though you didn’t need that product for anything else.

          So, foundational token support should be part of the base product and you shouldn’t have to buy the mobile feature to get those features. For example, in order to get OAUTH we had to buy the MAG product, but I think they’ve fixed that now. But we’re not sure they’ve fixed everything.

          Stability Issues

          I think it’s a solid product. We’ve had some issues with the proprietary hardware that we’re running it on, but we’re getting rid of that and going to VMs, so the issue will probably go away. At one point in order to do certain types of upgrades to not only do it through a web interface, but we had to get deep into the system – multiple things we had to do in order to upgrade so it wasn’t as seamless as we had hoped.

          Scalability Issues

          It's not been an issue.

          Customer Service and Technical Support

          I think they’ve got really sharp people. When there’s a serious problem, they’re quick to triage and get an authoritative person to respond quickly.

          Initial Setup

          Pretty straightforward; the biggest issue was the initial hardware that we purchased. CA sold the product on a certain kind of UNIX box, but those boxes weren’t appropriate for the solution – it was well before CA took over.

          Pricing, Setup Cost and Licensing

          We knew we needed some kind of API security gateway to basically sit on the edge of our network and police what could get in, and do other things like translate API calls. We wanted a simple API call to be translatable to multiple backend system. Before we were just using traditional web proxy servers, not really API focused.

          Other Solutions Considered

          We knew we needed some kind of API security gateway to basically sit on the edge of our network and police what could get in, and do other things like translate API calls. We wanted a simple API call to be translatable to multiple backend system. Before we were just using traditional web proxy servers, not really API focused.

          We used IBM DataPower at the time. Both HP and Oracle were OEMing the Layer7 product at the time, and the fact that HP was OEMing it was certainly a factor. We were looking for someone that’s innovative; someone we can trust to be a long-term partner.

          Other Advice

          It fits in well with our other security middleware. We’re also a SiteMinder customer so there are some synergies there. When CA bought Layer 7, that was a good thing for us, and we sort of fell into those kinds of synergies.

          They should make sure they find a product that supports industry security standards, and has good management capabilities, good manageability.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          it_user345549
          IT Mobile/Web Solution Delivery Manager at a insurance company with 5,001-10,000 employees
          Vendor
          It allows you to much more rapidly expose enterprise services to front-end applications, but the user experience for developers to discover and develop APIs needs work.

          What is most valuable?

          I'd say the API gateway that routes traffic in REST-to-SOAP conversions is a feature we find most valuable. SOAP is a type of web service, and REST is another.

          How has it helped my organization?

          It allows you to much more rapidly expose enterprise services to front-end applications, such as mobile and web.

          What needs improvement?

          The products developer portals can be better. It needs a better look and feel.

          Also, the user experience for developers to discover and develop APIs needs work.

          For how long have I used the solution?

          We've been using it for two years.

          What do I think about the stability of the solution?

          It's very good.

          What do I think about the scalability of the solution?

          We've just started so there's not a lot of traffic yet.

          How are customer service and technical support?

          They've been responsive, but they're pricey.

          Which solution did I use previously and why did I switch?

          This is the first API gateway product we’ve used, and we looked for a vendor who has a reputation for establishing long-term partnerships.

          How was the initial setup?

          Initial setup was pretty straightforward.

          Which other solutions did I evaluate?

          We also looked at Axway, IBM, and Mashery. We went through a long evaluation and CA's number one strength was the built-in security management features.

          What other advice do I have?

          As part of your evaluation, make sure that the companies can set up a proof of concept to check real situations.

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          Product Categories
          API Management
          Buyer's Guide
          Download our free Layer7 API Management Report and get advice and tips from experienced pros sharing their opinions.