Layer7 API Management Reviews

It has built-in identity management so that when someone logs into the UI, it can confirm their identity and give them access to what they need to see.

Overall, it's a great tool and they keep building in more and more capabilities.

It provides us a needed level of security in restricting access for the user. It’s able to make multiple API calls while looking like it’s just making one.

I was hoping that there would be some deeper dive Gateway training than their two day workshop and the self-paced study provided. The only course that focused on the Gateway was a Sales Certification course, for which I never did get my certificate, and it was only a short intro to the Gateway and the Portal. There was nothing that I could find that was more in depth than that.

Some of the speakers at CA World spoke about how they used the Gateway, but mostly it was mentioned that partners were using it. So it would be good if there could be more deeper dive Gateway training during the Pre-Conference training sessions.

We've had no issues with deployment.

We've had no issues with stability.

We' have no issues with scalability.

They are great, very helpful, and they make sure that you know that they are there to support you. They're responses and have always provided us with solutions.

The initial setup was very straightforward.

I believe that they evaluated several different products and this was the best to fit our needs.

Definitely do your research and, if possible, take the two day workshop to show you how to use the tool.

Also, get recommendations from people and get their feedback.

Security is the most valuable feature for us. We have a lot of threat protections turned on and I think the gateway has inherent security protections for DDoS and a whole list of other security risks. We also have the ability to customize the security of each product that we're doing, which has been really helpful. 

It also provides some load-balancing features. We can choose which traffic goes to which back-end server and the gateway will help us manage all that.

I think it's protecting and exposing our internal APIs externally. We have a lot of different types of back-end technologies that use the APIs -- REST, UIs, and GUIs. So using the API product creates a single set of APIs, even though in the back-end they're much different.

The UI is very dated. I've talked to some of the development and product managers about that, and I think it's a known issue. It's early 2000's technology. We would like to see something online and a better UI that's easier to use and more intuitive.

Reporting could use some enhancements as well. We just moved to the 8.4 version from 7.1, and they've got a new reporting tool called ESM. We're just now starting to use that, so maybe that's going to provide what we need; it's to be determined.

The deployment's taken a little longer than we expected.

We're exposing probably fifty different products externally. We've got thousands of requests, probably, per hour that come through. It's a lot of batched products -- people will run a job and it's sending a lot of things. We have a lot of traffic. The gateway itself has been stable. Downtime has usually been something like the network equipment around the gateway itself, but the gateway itself has been fairly stable.

We have development test-production environments, so to get it on our infrastructure under our own management tools, there's a lot of bureaucracy. So it's not just a push-button type deal; it requires a lot of coordination, tickets, firewall changes, provisioning hardware, things like that. All that to say that the initial setup was not straightforward but rather complex.

There were several other options evaluated, but I wasn't a part of that.

I saw some things this week at CA World which I think will make the product better, more intuitive to use with a better interface and easier deployment. There are things I saw on the road map that they'll address in the near future.

I would advice that someone go through the self-training before just jumping in. I learned from co-workers as well.

Web services authentication. 

So far so good, in terms of performance.

Quick response to the setup authentication for web services. That's important to us because we generally don't have a lot of time.

It's separating web services versus web applications, single sign-on. I would say that is the main benefit.

• More throughput
• More scalability
• Better built-in monitoring

So far stability is pretty good. We haven't experienced lag time or crashes.

Scalability is very good.

I think we have used tech support but the response has been so-so. They need more knowledgeable people.

We didn't have a previous solution.

When selecting a vendor the most important factors for us are 

• cost
• validity of the product
• stable product

It's a very good product to use to initially set up single sign-on for web services authentication.

Live API Creator.

The simple REST based APIs can now be delivered in hours which took days previously.

The product shouldn’t require to be connected to a server for doing development.

Six months.

No.

No.

Good.

No.

Very easy.

Not sure on that front.

Mashery and IBM.

Go ahead. A very good product and a market leader in its segment.

The best features of CA API Management are high quality and high reliability.

It provides a centralized security mechanism so that we can route all our policies and all our traffic through the gateway.

I would like more graphical interfaces for better usability.

API Management is highly reliable and highly available, so we haven't any problems with it.

We haven't had any scalability problems. I don't know how far it can be scaled. We are a mid-sized company.

I would say that the quality of technical support is moderate. It’s better than some, but not as good as others.

I don't know if we had a previous solution before going with API Managment. We have a number of CA products. Some of them, we started with the CA product and some of them we started with other products and then switched to CA because of their high availability and high reliability. We are not looking to switch it. It’s nice and stable.

I was not involved with the initial setup.

Focus on developing a relationship with CA. They have a variety of products and they do a lot of cross selling, so it's important to develop a relationship and figure out how to manage that relationship as you go forward.

When selecting a vendor, the most important element is relationship.

Security. We have a lot of APIs, a lot of web services inside Motorola, and we wanted to have a solution which can secure all our APIs.

So far it has been doing well. But we are looking towards microservices technology. And we heard here, at this CA World conference, that they are coming up with a microservices API gateway. That is something that we would be interested in looking into. 

But as far as far as the classic API gateway goes, I think it is definitely doing well. We were bought by Lenovo, and eventually Lenovo, which did not have this solution, has also been convinced to use it. So overall, as one company, both Lenovo and Mortola will be using this product.

It can be scaled, especially the current version. It can be scaled as we need. And it can be used in different regions. We have different data centers in the U.S. and Beijing. We use it on-premise, on-cloud, and it can be hosted and used at any place and scaled across the regions. That's the primary benefit we have seen; other than providing security and the performance.

What we had before, Forum, obviously was not reaching our performance requirements. This really helped us, because every API that we get from external or from internal goes through this layer first, and it should not be a bottleneck. That was the problem we had before. Now it's no longer a bottleneck. It's more like a throughput, this process is less than 10 milliseconds for any particular API. 

So the number of transactions that we are able to process per second and the number of instances that we can use are benefits. 

Even before microservices API gateway came into the picture, two years back, CA really worked with us and helped us to get hourly pricing, so that we could spin up, spin down instances as we need, like during Thanksgiving or Christmas. So the product, by itself, is great, and the flexibility that CA has given us out of this product is really great.

From the security point of view it provides lot of features, as well as performance. I think it's 4000 transactions per seconds, per node, is what the performance is. So those two are major features that we have been looking for. It does both in a great way.

Microservices gateway is one thing in which we thought would be really good. It has come up, we just have to see how it's going to play out. Obviously, it's not going to replace the classic gateway, although we want to see that something in the microservices gateway that can actually replace classic gateway. That would be really nice. Right now, I don't think it's completely replaceable. It's just a part of it, but eventually they're saying that it will replace. So one day, where we can have a microservices gateway and we will not need the classic gateway at all, that is what we want to see.

We have never had any issues, to be frank. From the time that we had it installed we have never had any issues, whether in the non-prod or in production. So I would give it top rating from the stability point of view.

As mentioned, that's one of the great features, the scalability. We were able to scale up in incidences as needed, and scale down. So again, completely flexible. Top-rate, from the scalability point of view.

We use technical support only when we do the upgrades. My team, we always try to be at the latest and greatest version. Whenever they release, the next week we are already there, both in test and production. So when there's a new release, obviously there are some important technical features of which we are not aware. To learn about them we use the technical team. 

But other than that, from our point of view, as I mentioned, it has been pretty straightforward and pretty stable. We don't have a need to reach out to them, except when there are new features and we are migrating.

They're good. They have been really helping us. As I mentioned, CA as a whole has been a great partner for us and has been helping as we need. Whenever we need their support, they are there. Whenever we need information, they are there.

We were using Forum before, but we wanted a much more flexible solution that scales and has better performance. That's why we chose CA's API Gateway, to resolve our security, and provide the best performance for all the APIs that we have.

It wasn't really all that complex. What we had before was really pretty complex. When compared to that, what we have with CA is not.

We evaluated Forum, obviously. Layer 7 is one we looked into. Axway. IBM, because we use it a lot for e-commerce, so that is an API gateway we have been looking into.

Among most important criteria when selecting a vendor, the first thing is pricing. After that features, obviously, and then the performance and stability.

We would definitely recommend implementing Layer 7. The only reason you might not implement it is if you are looking at open source, but open source comes with its own issues and cons. But if the cost is not an issue, Layer 7 is the top and I would definitely recommend it to anybody.

I sell this solution to a variety of clients in digital banking, insurance, and health care.

There are many security policies within this solution that help to prevent attacks. We are also able to implement MTLS to allow us to lock a channel from the application from the backend. There are authentication flows inside of the gateway that help us a lot to implement customers improved user experience. 

I would also like the next release to support FAPI-CIBA because there are laws in Brazil that require companies that operate in a digital manner to support CIBA and FAPI. This is more for authentication flows.

I have been a partner with Layer7 since CA Acquisition 

I have never had any concerns in regards to the scalability of the solution as it is able to handle more than 25,000 transactions per gate. We currently have seventy people working with the solution but for one simple gate implementation, only one engineer/technician is required.

The support that is available is only for technical issues, they are not able to help you with your use case.

The initial setup is a piece of cake.

Most of my customers have been able to see an ROI.

Be sure to research this product and its functionalities well prior to moving forward with the solution. Many of my clients will have issues with the solution in regards to their use cases.

This solution is easy to deploy and view data in API but you must have a solid plan to manage the environment.

I would rate it a ten out of ten. 

• Digitalization
• API Life Cycle Management

CA API Management powers the next generation of mobile and Internet of Things (IoT) applications by providing reliable connectivity between data, people, apps and devices. You can aggregate and orchestrate data from multiple data sources into modern REST APIs almost instantly. Whether your data is in legacy systems, disparate databases, or the cloud, you will be able to bring it all together to power new digital initiatives at scale in modern apps or SaaS applications.

It improved how we function in the following areas:

• Protecting all enterprise application data from direct access by virtualization.
• Transforming SOAP services to REST services easily on the gateway without impacting existing systems.
• Providing security for all API's exposed through API Gateway at one common location.
• Migration of APIs from one environment to other.
• Providing high availability with horizontal scaling and multi cluster.
• Managing the API lifecycle.
• Exposing enterprise data to the external world.
• Securing Mobile App communication using MAG.
• Integrating easily with other systems.

The most valuable features to me are:

• Different Form Factors: Available as Software, Virtual Appliance, Amazon Machine Image and Hardware.
• API Virtualization: Creating virtual APIs by shielding the actual enterprise resources on API Gateway.
• Security: Enterprise data security and central management in API Gateway.
• API Lifecycle Management: Enable, Disable, Assigning, Deprecating and Deleting APIs on API Portal
• Scalability: API Gateway is easily scalable horizontally and managed easily.
• Mobile SSO is another feature/capability which available.

• The API Development tool can be made more user-friendly by providing folder properties.
• Assertions for common functionalities (like mathematical operations, string manipulations, connecting to non-SQL).
• Masking the user credentials entered in Identity Provider, JDBC based on user role
• Analytics and reporting need to be made better and more user-friendly; add some custom reports both on the Developer Portal and API Gateway; exporting of analytics and an email facility.
• Logging and tracking of changes done by users in the Developer Portal.

CA API Management solution is very stable also scalable.

I did not have any issues with scalability.

Customer Service:

Customer service is good

Technical Support:

The level of technical support is good.

I did not try any other solutions previously.

Initial setup is straightforward. It is simple,easy to do and quick to go to market

Overall cost saving, growth in business

I feel that it is costly for small/medium-sized companies.

I did not evaluate other products, but have read about them and the features they provide.

Check what is required and whether it can be achieved easily without any compromise, see how flexible its to use and maintain.