Layer7 API Management Reviews

I work for a major healthcare company, it's amongst the top ten Fortune 500 companies and we've been leveraging CA API Management to make our healthcare business services available on the Cloud. To make them available on the Cloud and to enable our healthcare capabilities to be consumed by different consumers in real time across a plethora of channels.

We are leveraging CA API Management - we chose it by doing a huge comparison across different competitors. CA API Management helps us to securely consume various services and also the biggest thing has been to do monetization of services. We have certain rules that have been defined where you basically say that this specific healthcare capability is of greater value and we put a dollar amount to it as to which consumers can consume how much and based on its usage and all that.

CA API Management has been the driver for our digital transformation. It's interesting these days, the entire business is heading towards a completely distributed platform where the consumers are everywhere. You have business to business consumers, you have API management consumers and you have mobile consumers. At the same time, you have data providers that are growing heavily. You have data analytics placed platforms and then companies are heading towards providing helping consumers to make analytics-driven decision. Let the data drive the decision so now you're the middleware industry around microservices is facing its own challenge on how to meet the scores upstream and downstream from these back-end services. That's where the microservices platform, CA API Management heavily helps to make sure that you provide your services on the part.

With scalability, it comes to resiliency. If you cannot scale you're not resilient. If you're not resilient your performance is worse. If your performance is worse your API and services are not available.

Fine lines of availability is one of the key criteria's in the industry - 99.99% availability. That means 6 hours downtime in a year, so can you really ensure that everything is interlinked. If we talk about software architecture, quality attributes from these are all interlinked. I would say that eventually, it comes down to your customer satisfaction from there on. So that's our number one goal.

Right now, scalability is our main goal. Maybe they're not the problems but from the standpoint of onboarding a new API on Layer 7, that's fairly simple. I see that it's an extremely user intuitive and user-friendly software. Our operational personnel who have barely have any experience could get on with it and help the enterprise register as many API's as possible from the get-go.

We've been using it for the past 2.5 to 3 years. However, now we have come to a point where our scale is growing and organization is unable to keep up with the needs of the consumer so we are constantly working with CA API Management's operational personnel. They are helping us out but these are our challenges to be very honest.

It is very good software from the standpoint of making an API commercializable and making an API accessible. The security industry is extremely complex, to provide various security capabilities to an API that's fairly simpler. However, we are facing challenges in scaling the CA API Management software so we have seriously faced certain challenges when if your API usage goes beyond a certain limit, say 100,000 transactions per minute, I'm just throwing out a number, I can't provide you the real number but we are facing seriously challenges in scaling, in clustering the CA API Management software and then making sure that we can reliably meet our transactions as your usage grows on the Cloud.

It's challenging at this point because the healthcare API marketplace is growing.

CA API Management has been chosen as the platform for the entire firm so now as the APIs are growing the API management product capability also has to grow. Some of the challenges we are facing is sometimes you have mainframe systems and these mainframe systems are incredibly slow to respond. Now your product has to be capable of keeping your response times open for that duration, so that's one challenge. The ability to scale up, we face that beyond 90,000 or 100,000 transactions, the product has this limitation and it cannot scale. We are seriously facing challenges around response time per transaction and our business demands .1 milliseconds of response time. However, we are seriously reaching up to 3 seconds for some of it. I think internally we have to make this serious call around leveraging CA API Management for certain kind of transactions. Maybe segregate the platform so there are different architecture strategies for it, different approaches for it and we can really achieve it but we need to tune it a lot better.

Technical support are definitely extremely knowledgeable. However, we have faced some challenges where in our initial discussion we don't get a level 1 support. You want the guy with the most knowledge to be there right up front so it gradually takes 3 or 4 levels but the good things is our internal staff is coming up to speed on this but otherwise CA API Management have great knowledge, they built the product so they are very helpful.

If I'm looking for an API management vendor then I would look at the API management vendor's capability, their products capability to make their services available on the Cloud, monetization, security, availability, performance, resiliency, being flexible enough to provide different security integration mechanisms to different APIs, how flexible that software is and user intuitiveness.

My operational personnel should be able to be running from the get-go. I think these are some of the key attributes that we really look at. We did a comprehensive analysis on CA API Management followed by Apigee, followed by SOA software. We did a comprehensive analysis of balance score card by comparing the capabilities and the attributes across all these softwares on a scale of 1 to 10 and then the scorecard came in such a way that CA API Management stood out on every scale for us.

I think cost was also one of the key factors. We figure that Apigee and other software were on a higher scale from the cost standpoint, so I think that played a major role.

The product overall on a scale of 1 to 10 - from a scalability standpoint I would give it an 8. I would certainly give 8, because although I would have loved to go 9 or 10, no product in this world can scale any needs from the get-go but the customer service and the technical support has been outstanding. They have been very helpful so at least they are helping us out. Considering CA from an holistic perspective, not just the product, their ability to meet our needs, their ability to support us, their ability to answer our calls, and answer our specific technical questions, I think I would rate them an 8.

People tend to support what they have done in the past. It's always the case. If you ask a mainframe programmer he would say mainframe is the most rock solid stable platform in this world. I would say because we have lived in CA API Management I would say absolutely you have to use CA API Management.

Jokes apart, the customer has to know the capability of API management software. I see a lot of people asking me if I decoupled services in API management. API Management software's purpose is not to do decoupled services. It's to make your services available on the Cloud. It acts as a security gateway so that your consumers can access your services. One needs to know what he's looking for. These are the fundamental characteristics of an API management software. If you compare those characteristics CA API Management leads the industry.

We use the API Management tool mostly for the portal application and managing the APIs.

CA has a portal where we can expose the public and private APIs across the globe. We use it as a gateway for security and exposing the internal applications through that layer.

For us, it acts like a proxy as it passes through the API layer. We use it to transmit data from one format to another format, especially to route the data based on the content. This is a seamless process. There are little challenges in regards to the AWS integration but we were able to get through that and CA helped us move towards AWS.

The problem was that it was slow. This product was initially built as an in-house product, but later on they converted it to a pilot product. It was not ready at that time but now it is. We are fine-tuning it to make it available on AWS; so, it's good.

We're moving towards microservices. We do have around 358 to 400 APIs, i.e., monolithic APIs, and we want to convert them into lightweight microservices. We want to deploy them in a container, use the gateway and then expose those microservices to the external world. That’s our main goal and we are using CA API Gateway for this purpose.

I want a more loosely coupled migration utility.

Now they provide a DMU for migration of the code or APIs for continuous delivery. But it's not robust, so I want to see what CA is going to come up with regards to that.

In terms of using the tool itself, it is not user-friendly. You can use the product with ease, but once it starts developing the code, there are a lot of APIs and functions that are not readily available for you. You need to refer to a document to learn about that. They should provide some APIs which will drop down the list of all the functions and that are available and ready to use. The world is changing now; we don't want to be stuck in the 80s or 70s, where we need to search for everything and then try to write a code for it one-by-one. It needs be a good tool; easy for the customers to use it.

The main missing aspect from this tool is that although continuous delivery is available, it is not that straightforward and we have to work on that.

The stability is good except when we went live with AWS; that's when we had initial hiccups but slowly it improved. We are good at this point.

The good thing about McCloud being on AWS is scalability which you get by default. Hence, you don't have to worry about how you want to manage your infrastructure. By default, it will look at your load and there are some alarms set on that and then it will act. When you see the peak, it automatically scales to a new instance and when the load is too low, it will kill that new instance that it has created. AWS will help us with that.

We have used technical support. We had a few bugs in the code, i.e., bugs in the product code for which we had to talk to CA central customer service; they were good and responsive.

Previously, we were using OAG - Oracle Application Gateway. The CDCI was not that good with that. The continuous delivery and continuous integration are not readily available and there are a lot of bugs in the code, in the product. In comparison to that, the CA tool is less buggy.

There were a few reasons for choosing this vendor. The first being the continuous delivery and continuous integration, which was one of the major things we were looking for. Next, we wanted to look at the portal and the API itself; how do you manage the APIs, giving access, access control and all those aspects. The third thing we were looking at was security. So, these are 3 different things that we were considering whilst selecting a vendor.

I was part of the initial setup but CA was there with us to help through the implementation process. It's not complex.

We did do some research and tried to explore some of the API products available in the market. We did speak to all the different product owners, assessed it and then finally we came up with this solution.

Some of the vendors we looked at were Apigee and Amazon API Gateway.

Overall, this is a good product. Those who are interested in a similar product should try to do a PoC first and then see what you want from it.

The Mobile SSO and Developer functions are the most valuable features. The Mobile SSO functionality is not available with most similar products in the market, which makes this a unique product. The Developer function helped the developers to be self-sufficient meaning they did not need a lot of training and they could do things on their own.

API security was another important feature in terms of how you are able to control usage of digital assets and access your systems from the outside world. Thus, security was a good feature.

Lastly, the monetization part was also important. We have not started off yet but monetization was one more thing that we were very happy and keen about when we saw this product.

We have recently implemented it so it is too early for us to say how this product has improved the working of our organization. We wanted it as a feature and capability for the organization so we have invested in it. In the future, it shall proceed in the direction of how we would like to shape-up our organization.

We would want to see the monetization feature to be a standard function. At the moment, it is a third-party solution. This feature helps you to carry out API billings, so as the APIs are consumed from the outside world, you can charge your users for using them. Currently, it is not a standard feature and is more like an add-on where they have worked out ISV pricing with others. So, if it is made as a standard feature of the product it will be really good because it will take the promise of app economy to a true level; thus, it will be truly monetized.

Another improvement we would like to see is that the product should be more relevant with the public cloud infrastructure that is pervasive nowadays. So, the ability to host and run these solutions on Amazon, Azure or Google Cloud should be a standard feature for this product. From what we have been told it is going to be a part of the product’s roadmap.

This product is stable.

We did our own test to verify scalability and found it was quite scalable. We had no issues.

We had done a load test on the application on our own and it was able to scale to a significant number of transactions per second. Based on our architecture and solution that we have, we are comfortable with the level of volume that it can handle.

We have not used any technical support.

We were not using a different solution before. We were looking in the markets for solutions which would help us give this level of scalability, based on the nature of business that we have.

We never had a product like this because API management was always a discussion and we never knew how to implement it. When we saw this product and figured out that they had the features we wanted, then we took our time to perform due diligence and figured out this was the right product for us.

We were involved in the initial setup and found it to be a little difficult. The reason being, we implemented this product on Microsoft Azure and the product features on Microsoft Azure were not updated at that time. So, there were some initial hiccups. However, CA professional services and my team were involved extensively to get it rectified. CA services did play their part in making sure that whatever the shortcomings, if any, were addressed. It was a good involvement from their end.

We did shortlist other usual vendors namely Apigee, Axway, Mashery that are the other competing products in the market. The number one criteria for selecting this product was CA’s pricing policy as well as its presence in that part of the world from where we come from; it is significantly big compared to all the other companies. In Asia where we come from, not all the companies are present to that extent and you need a level of comfort when you're investing in such a magnitude. You would want the organization to be very strongly present there.

Just do your own homework and make sure your own metrics are ready, specific to your organization. Every organization is different and make sure that you maximize the value of the investment that you are putting in.

The roadmap of the product is the most important criteria while selecting a vendor. In addition, another important factor is the ability to invest in continuous releases/new releases that are coming up in the product. In short, how much the vendor is willing to invest in the product to keep it updated.

We had a little bit of mishaps for the installation. Overall, regarding the product features all what we wanted was in there. It's just that we had our share of a little difficulty in implementation, otherwise it is a good product.

The most valuable feature is that the API gateway is very strong in security. Most of the enterprises have exposed their back-end services as APIs and everything is okay if the APIs are accessed internally within the enterprise. However, now with all kinds of mobile channels and omnichannel customer experience, the APIs get exposed to the outer world; at such a time, you need something so that you can secure your data. You don't want to be in the news that something bad has happened. Thus, API gateway acts like a security gateway.

It has the ability to enforce security policies on APIs so that the user transaction is secured. Thus making sure that the transaction is a real one and not an unauthorized/hacked transaction.

Whenever there is a new API development our organization does not need to worry about the security aspects in regards to the API because it's already in place.

In my opinion, the policies need to be simplified so that developers are able to understand and taking that into consideration they can build their APIs. The support and maintenance needs to be simpler.

They need to provide more knowledge and it should not be that only CA is able to provide that service. There is need to pass on the knowledge to the enterprise users.

At our organization, we're still not into production but we have some references from other industries like the telecom industry. What we have seen is that there are some initial hiccups, as you encounter with any new technology.

However, once you have proper organizational structure in place to support and manage API gateway appliance, things become smoother.

We have used the technical support and it is excellent. CA is accessible since they have dedicated resources. They provide access to the engineering team and their service is good.

I was involved in the decision-making process to adopt the solution. Initially, we had a normal NetScaler load balancer. However, the challenge with that tool was once your APIs get exposed to the internet/the mobile phone, how to pass the username and password from your mobile phone to your back-ends.

The mobile experience demands that you don't want users to authenticate every time they want to use the application. For example, the Facebook user experience is such that once you enter your username and password you are logged in and whenever you come next time, the token gets refreshed. A similar kind of experience is what we were looking for and that demands API management.

I was not involved in the setup of this product. Since I was an architect, I brought the product in our organization, made people aware of it, socialized it within the enterprise with different stakeholders and now they're leveraging it.

We considered other vendors like IBM DataPower and also looked into Apigee, which is now taken over by Google.

We came up with a reference architecture, so there's got to be some standardization in regards to how you want to build APIs, expose the APIs, naming conventions and so on.

The way to manage the policies needs to be simplified and developers need to be trained. In my opinion, CA API Gateway in that security space is very ideal and it's one of the best out there.

We acquired this platform to give more agility to inter-development. We are using this platform, for example, to deliver a fast integration between our back-end platform and our front end. CA API Management enables us to very quickly create and manage the business rules, and do the integration. After this implementation, we reduced our lead-time in integration and development by approximately 50%.

It standardized all processes during development with the integration between platforms.

CA can provide more features to help with performing tests, for example, to create a month of simulated data to perform stress tests using the CA. In the past, we had to pay our client to create a database for us to perform tests using credit card information with simulated customers. We want the CA API management platform to include a specific module for creating this test database.

I started my challenge there in March 2016, but the platform was implemented 2015. I received all the benefits of this platform.

It is extremely stable.

It is perfect on scalability. Today, I can say we are performing at a rate of five million requests, or five million transactions, per day using this platform.

We are using local support in Brazil to help us during some specific integration between platforms; but it's very, very specific cases.

This API management software platform is great for us. We are extremely satisfied with the platform.

This product is easy to use. We are able to troubleshoot with the logs that it creates and it's easy to get people up to speed on it.

We use it for managing policies and that process is simple and easy to perform.

We'd like to see an updated migration tool. Right now, the migration process works but it is a little clunky because there's not a good tool for migrating it. It's an older version tool so the services need to be restarted every once in a while.

It's pretty stable. Once in a while we'll have an issue or we have to restart it but the product itself is very stable for us.

I think it scales well. We've got a cluster going and we can increase the size if we have to so it works out well.

I have only used technical support to consult about upgrades. They are very good. They always have answers when we have questions so it has worked out really well.

We used Layer 7 before CA acquired it.

I recommend this product because of how successful we've been with it.

The most important criteria for me when selecting a vendor is the quality of their support and technical staff. If they are able to help us, it makes it a lot easier.

The following features are most valuable to me:

• Extracting credentials for authentication
• Security
  
  • This product handles security in their own and unique way. e.g internal identity providers, connect to any LDAP in organization and validate, Certificate checks etc.
  • It can do certificate authentications ( one way, two way).
  • It can read credentials and connect to any LDAP including its own internal identity provider using the credentials
  • It can generate SAML tokens for security
  • It can extract/parse XML/JSON element.
  • Password once stored in cannot be viewed, but can be extracted, this is major advantage when we use basic credential to any system to connect
• Regular Expressions is one area where it has a big advantage for validation of strings

Our organization relies entirely on it for web services and RESTful APIs. Internal applications never get requests if they are not valid or authenticated, which saves the backend server's processing. Big organizations can track demand of services and drives to ROI.

An as-is string API is not available for manipulating, like we do have in Java all operations of String are not present. The hard way is by using regular expressions, which is little difficult to intermediate and beginners.

Some kinds of errors have to be reworked.

Very recently, I saw a connection reset error message for a handshake (for cipher). Many organizations have recently performed the SHA2 upgrade, so handshake errors are not properly recorded in logs.

When backend system sends error message with different MIME layer7 cannot propogate the same message, most of the times it gives blank message, backend error message is never passed to final consumer.

(observed in 8.3 for MIME application/problem+json and with error code 403)

I have used this solution for four years.

ESM gives a hard time. For example, 7.3 to 8.3 migration is hardest. Also, if we have multiple clusters, we don't have a good migration utility. Most of the time, it fails.

Login (Policy Manager) time for clients is usually not fast.

The Information Guide is very brief.

In big industry stability is always challenge, some times internal users report that 3 out of 4 connections are successful and one is never reached to API Gateway, while diagnose report always says system is healthy, restart will make it work again

Customer Service:

4/5 they are always on par with requests, some times limitations of API gateway are there to answer by Customer Service

Technical Support:

I rate customer service and technical support 8/10.

Our organization moved to this product because Cisco stopped supporting its gateway.

Initial setup was in between straightforward and complex.

We implemented the solution in-house with help from CA.

This is a good tool compared to open source solutions. There still is a lot to be done to improve user experience.

• Security
• Flexibility
• Ease of use
• Message translation

We have been able to accelerate our clients’ transition to digital organizations by using the CA API Gateway to rapidly expose legacy business services as RESTful APIs, adding industry-leading security to the APIs, and providing a Developer Portal that provides governance, control, visibility, and organization of the entire API stack. These features result in faster time to market, cut months off project timelines, and enable businesses to prevent from becoming disrupted by high-tech startups.

The Developer Portal has had some limitations but a new version has already been released which addresses these limitations. It is already available in SaaS form and will also be available as an on-premise solution this October.

The previous version of the Portal was a bit more limited in terms of appearance customization (CMS) than the new version. Some other features lacking in the old portal but available in the new version include API-Enabled (functions that can be executed from within the web-based GUI can also be executed from API calls, allowing you to automate tasks), ad-hoc reporting, support for hybrid deployments (Portal in the cloud, API Gateway on-prem), and Swagger support to name a few of the most commonly requested features.

I have used it for three years.

The CA product has outstanding scalability built-in via their “cluster” concept. The Gateways are organized into clusters and adding a new Gateway into an existing cluster is very simple and does not require an admin to configure the newly added Gateway nor manually deploy policy to it; it is all automatic. Stability of the Gateway is rock-solid so long as you follow CA’s best-practices guidelines when provisioning and configuring servers. We have seen sporadic performance issues when clients’ IT Operations team did not follow the guidelines but these were easily remedied by updating VMware configurations to match CA’s recommendations. DRS configuration is an example of this. One must also pay attention to log and audit data as these can grow fast with the high transaction counts of today’s API utilizations. Implementing a strategy to archive this data is important. We very often forward this data into Splunk to provide our clients with a single source for API analytics.

For most use cases, CA support is very responsive and they even have a group dedicated to making fast-paced product updates and customizations for customers with special needs, which is very unique among API solution providers.

The CA product is very easy to set up. A development environment can be stood up in an hour or two.

As a service provider, we implement API management solutions for many customers. My advice for customers seeking to implement these solutions is to pay close attention to the CA recommendations on VM settings (if using the virtual appliance), and to ensure they seek assistance from someone familiar with implementing this specific solution. CA has their own professional services division, and there are several consulting firms such as ourselves who have experience implementing this solution.

We work with multiple API solution providers. Each has their strengths and weaknesses. We work with our clients to understand their needs, current IT infrastructure, future-state IT infrastructure, and roadmap, then provide them with our solution recommendations based on this input and our own personal experience implementing API management and identity and access management solutions.

API management solutions have many additional valuable features that some IT development purists might not feel “should” be handled by an API gateway. Two examples include the API gateway’s ability to process business rules on a service, and the API gateway’s ability to provide orchestration. One could certainly have a lively debate about whether the API gateway is the “right” place to do this, but the point I try to make is that in the real world, work comes at you fast; you have to be nimble and responsive to customer demands. I have been in situations where a business requirement and deadline could not be met because certain architecture was not ready or the team who would normally handle this work was already fully utilized on other requirements. Because the API gateway can handle these tasks, it provides increased flexibility. The new functionality can be added into the gateway and later moved out to a service bus or microservices architecture as time allows.

From our perspective, the most important aspect is the ability to scale without compromising performance as well as security. That’s the most important aspect, and that’s one of the reasons why we chose the CA product, because it does scale for our needs to grow without compromising performance.

Also, security is very key. We are in a marketplace that companies are being hacked, so we didn’t really want to compromise in any of the security aspects of it.

Good performance and ability to scale not only for now but also in the near future as we organically grow the company.

When we thought about the API platform as a whole, our intention was to provide the solution both for our internal customer as well as for our external customers. What we mean by that is we are a very geo-spread company and there are internal folks who also leverage the same services which are currently consumed by our external customers. So the intention when we thought about this whole solution and the future perspective was to have a single platform that caters the niche for both, without trying to deploy them in a very indifferent way. We have seen in other places and even in the past that you have a solution and deployment that provision for internal users and separately for external users. That was too much cost: maintenance and redundancy. We wanted to bring them together as a whole and that’s the aspect which we like the most using the proxy aspects of it and the ability to configure the different end-points. We point out based on the user base which end-point we hit on without a compromise in any of the scalability, performance and security aspects but at the same time using a single platform per se.

The additional features are to keep up with the security aspects. That’s one aspect, the market is changing. As we started several years back and where we are today, the technology and the security aspects have pretty much changed starting in the good old days with the PKI, SSL, now with the OR, etc.

One thing that I would really look up to is keeping up with all of the evolution and security aspects of it as new features that can be added. The second one is provisioning the users. Right now we do not have a user friendly provisioning utility per se, so we have to do it behind the scenes. Having such a feature would certainly help in the long run, because it could do a lot of internal effort that we have to do in terms of development and maintenance aspects of it if we were using something out of the box.

We are pretty happy with the stability. We had our challenges from the beginning, that’s part of the learning curve that we go through no matter what product we choose. But as we learned a little bit more about the product, and as we started leveraging the key features and the functionality of what it can bring to the table, I think we are pretty happy.

We are able to scale both horizontal and vertically, so we have an internal user base as well as external user base and we are able to provision both for those user needs. We are able to even segment it. One of the features that we like the most is the ability to have a form of servers which provide that scalability and un-scalability at the same time we being able to curve out a part of it exclusively for internal users as well as for external users, but if time demands we can bring that together to scale it. That’s the part which really added a lot more value to the business.

They’re pretty handy and they’re very knowledgeable folks from our experience perspective. In the initial days when we ventured into this product, they said we were in the learning aspects of it so we didn’t know all aspects of every feature and functionality. We did follow up many times. They were patient, they were trying to provide reasonable answers and guide us to the right path and where we could go to look for more information, so it was very helpful.

We were using an in-house built solution which used Tomcat servers and were quite complex. We wanted speed which is the key for success in the current marketplace, so CA did deliver that. We wanted that speed. We were able to really get up and running fairly quickly because it is mostly configuration driven as opposed to doing things from scratch.

Every project starts with something small but in our case we also started small, but eventually it grown into a big elephant in the room, so that’s how we got into. Right now we realize we can be small at the same time as we can be a big elephant in the room. We try to find that medium aspects of it where rubber meets the road and what we really need. It’s not too complex at this point of time. We are scaled down to accommodate what we want to begin with.

The stability of the company and the customer base are the two most important aspect because we want to make sure the company is going to be around for years to come.

Also, who is there customer base at the moment. We want to make sure and learn from their experiences. We don’t want to be a guinea pig to begin with.

Rating: I would say CA is around a nine plus. I would strongly recommend them. The first think I’ll tell anyone is to do your homework because wherever you venture into a new product, there are lots of unknowns and those unknowns are what makes people feel, “Well, this is humongous. It’s too complex.” I would say to first learn the product and what the product has to offer and see how does that benefit your business needs. Then go for it, but with the product suite that we are current using, I would strongly recommend them because it did deliver what we want and we are very happy with it.

What I felt was when we reviewed it along with the multiple other vendors in the market was that the operational side of API Management is pretty simple, so that we can ramp it up very fast in our organization. The way the product is built was really good. 

It simplifies the operational cost because it is self contained in one container, or one image, so when we wanted to scale, when we wanted to deploy a new Gateway, you could literally do it in like 2 to 3 hours or less than 30 minutes. If you have an automated way you can spin up an automated way.

We also have the ability to deploy it in the cloud if we wanted to. That is one of the very powerful things for us to get the buy-in from our operations team. 

The API Management has few products - Gateway, Portal. So far both Gateway and Portal are good but we would like to see a bit more improvements on the Portal side like giving a polished look for the documentation on the Portal. The Gateway is kind of solid.

Today it is not that straightforward to generate a document, even the data generate, and it's not really auto-generating it from the Gateway. I would like to see an auto-generation of the documentation. 

We work with a few other vendors, I don't want to name them but they are leading vendors in the API Management space. We picked the CA solution for a few reasons, because we have some legacy protocol that's being supported only by CA API Management and that is the reason why we picked it. Another reason why we picked it is the operational management is much simpler when compared to other vendors.

It was not that complex. It's pretty straightforward and easy to set up. There are a few optimizations and nuances that you may not be able to do as a starter, but you should be able to get help from CA support to do those. 

We have a process to follow to pick up a vendor. We look at the company to see how the company is doing, what is the market presence for them and the maintainability, manageability, supportability, scalability, and whether they are meeting all the functional requirements. We have an individual line item for every section of this and we score them individually, that's how we pick our vendors.

On a scale of one to ten, I would give CA API Management a nine. The scalability of the Gateway is pretty straightforward and easy, because it's simply contained within as an image, or as a simple container form. You can easily deploy and add, and it supports a cluster architecture so that you can add new nodes on the go and it automatically gets all the things that is already available, so that is pretty neat.

I would always go back and look at the business benefit behind it rather than the technical aspect. We have to think from the business standpoint, "Why do you need API Management? Do you want it to be more of an API company or you're selling your API, or you want to do an omni-channel approach? Or what is the reason, are you simplify the integration?" That drives lots of real value and that gives you full feasibility why you wanted to bring in an API Management solution. I would recommend to analyze that aspect before you try to purchase an API Management solution.