Layer7 API Management Reviews

RESTful API implementation and exposure.

Being a key partner of CA, the strong product has helped us make joint pitches to multiple enterprises and to implement an efficient API gateway for enterprises, enabling them to manage the end-to-end lifecycle of APIs.

API discovery using CA Live API Creator is helpful for integrating with multiple backends, for discovering and kickstarting the API creation process. It is a very good feature.

Mobile app capabilities are good for building mobile apps to consume developed APIs.

API Portal capabilities are very nice, up to and including the ability to do monetization. Security features are exhaustive, with several adapters to all leading identity suites.

The development toolkit used for creating APIs should be more online and user-friendly. 

Deployment and tracking could also be improved. Tools like Apigee provide a complete online experience along with RESTful APIs, to manage all activities. It is a very nice and user-friendly solution compared to CA.

No issues with stability.

No issues with scalability.

Technical support is very good. Response times are very good. As a partner, technical support is available via phone and email as well as in several countries.

As a systems integrator, we use several API management products, with CA being one of our key tools.

Setup was ok. CA was always available for any support issues.

Pricing is competitive. CA is ready to offer attractive discounts.

Apigee, IBM API Connect, and MuleSoft are some of the other key products we have evaluated and used.

CA API suite is a strong solution with very good security capabilities and end-to-end lifecycle management of APIs. It has been proven over the years and is a very good option for implementing the API gateway for an enterprise.

I use CA Live API Creator to integrate data from a variety of sources, and then to provide an API response to calls from my client applications.

There are a couple aspects of performance. One is just speed and uptime, and it's stellar in that regard. The other is, how much effort is it to put it in place in the first place, and then how much effort is it to keep it operational. That's where its real strength is. I'm able to do things quickly and easily that I couldn't do before.

The benefits are rapid development and deployment of APIs, which means that your information, your ability to handle information, to receive it and to send it, to visualize it, to report on it, to get intelligence out of it, happens fast and happens with accuracy. Faster is better.

It really allows us to do things that we just weren't doing before, things that we always talked about doing. Some things that we talked about doing for decades.

One of the things that we talked about doing for decades was the ability to bring data together from different sources, sources that maybe wouldn't otherwise be available. Maybe they were not ours to own. Maybe they were in a place where we just couldn't connect securely to them and enforce our security policies. What we can do is, as those things have developed APIs, we can consume APIs so we're building an API to consume an API to deliver an API. People can keep their roles and responsibilities, they can be responsible for their data integrity, and yet we can use that information to do what we need to do.

The most valuable feature is that it enables me to present data in the format that the client wants to consume it. That client might be a visualization tool, that client might be a report, that client might be a customer's API requirements.

The challenge is, how do you get the data structured in the way they want it, as opposed to how do you get them to change. My job isn't to make them change, my job is to give them what they want. Honestly, when you give people what they want, it's easy. When you try to get people to change what they're doing, it's hard.

The latest version that just came out at the first of October really was a powerful move in the right direction. I was very, very pleased with that because it allows now beginning to use information of things. We've got this IOT infrastructure that we can plug into, and for my use cases there are a lot of outdoor sensors that provide valuable information to my customers.

As we've brought on MQQT, and other ways of talking to those sensors, that just makes my life easier. I'd to continue to see them expand the scope of the product. But I can say that I've been extremely pleased with the work they're doing. They're not sitting around, every six months we get a release with major improvements.

Larger organizations have a real challenge. They have to control all the people that touch their data, and when it goes wrong - you've seen it on the news recently - it ends up being major headline news story. "Equifax exposes data to 150 million customers." That's intolerable to these customers.

What happens is that the companies that are working with that type of data have extremely rigid policies for who can get access to what. As we continue to develop the product in that regard, we would like to see continued integration with other CA products that accomplish that goal. I'm not saying that it doesn't do it now, I'm just saying that scenario where there can be continuous improvement.

I've used it for four years and I have not had any issues with downtime or with performance. That's partly because it's leveraging networks; modern networks are stable. Ultimately, people want their Netflix and their movies over the networks. There is a lot of money going into uptime, and performance, and speed of mobile networks, of physical networks, that we just leverage.

We benefit because of the performance of those networks. All we're doing is leveraging public networks to move data securely.

In my use case, I've not dealt with the type of data that usually responds to the scalability issue. Generally, when people ask that question, they're talking about scalability of hits, scalability of users. Where, all of a sudden now, you have tens of thousands of records happening within a very short period of time - will this scale? I don't have tens of thousands of records happening in split seconds. However, I do know that the product's been tested to that and has demonstrated outstanding scalability results in that regard.

There are other aspects of scalability. You might consider how well can I bring on new customers, how well can I scale my development team, how well can I handle additional API integration. Because of the efficiency of the product actually doing that, pulling data from disparate sources, and integrating it into the response format that I want, that my customer demands, that's so easy. It's 10 times, 40 times, 100 times faster than the way we used to do it, and that makes it very scalable.

I use the technical support extensively. I actually read the documentation. I know that's not something that people normally do, but I actually read the documents. One of the guys said, "If so and so, whoever writes it, knew that, she'd kiss you." And I said, "Well, maybe we shouldn't go there, but... "

I actually call them, and they've been wonderful because I have their cell phones, I can text, I can call. They probably don't want everybody to do that, but they want their products to succeed, they want me to succeed, and I want to work with a vendor that wants me to succeed.

You look where your pain is. If you can perceive pain, you know what you need to do. Where does it hurt? That's what you need to work on.

A different solution didn't exist. You developed things in code. You used C++, you used Java, because that was the only way to do it, to build it yourself. Now, much of the lifting is done, but the extensibility is still in the product. What you're forced into, or what you have the opportunity to take advantage of, is a system that has done a lot of the hard and mind-numbing, repetitive tasks; simplified so many of the things that you would have to do. Incidentally, that creates an opportunity for a mistake. Those things are automated, but the extensibility is still there on the product, so you can still do the things that are specific to your business's needs.

I'm going to assume that this question is asking, "Was I involved when we got on board with this product?" Yes, because I bought it. They were there for support but the question is not relevant because it's so easy. It's deploying a WAR file. If you can deploy a WAR file, you're done.

Where I got involved with CA on this product, there were not really competitive products. Since that time, there probably are some companies that have come out, but honestly, I am busy enough, I don't really look because there's no reason to divorce myself from CA on this product.

When selecting a vendor, there are a couple of things that you have to look at. One is: Are they going to be around? That's always a concern because if you've committed to something and the rug gets pulled out from under you, then you're scrambling. Depending on the time that happens, you might not have the time or the money to scramble. What if you're in the middle of a big implementation? CA has been around since the beginning. They're a four billion dollar a year company, something like 13,000 employees, I'm not worried about that. Yet they're easy to work with.

There are a couple of products that I work with that have not let me down, and there are a lot of products that have. I always use Microsoft Excel of an example of this. Excel is a wonderful product, you can do so much with Excel, it's an incredibly powerful product. But there are many times where Excel just leaves me short. I just can't do what I need to do with it. It has limitations, fundamentally.

There are a couple of products that I've worked with in my life that I haven't run into that. Maybe I still will someday, I don't want to be delusional, but this product, when I've had a need, I've been able to get it to work and that's nice, I like that.

It's hard for me to give tens, but I would give it a 10 out of 10.

My advice would be: Focus on its extensibility because of that exact issue we just discussed. There are so many times when you look at a product that is a tool to make something easier. Maybe you're building a web-based application. There are a number of tools on the market that make that a drag-and-drop opportunity or a drag-and-drop process. Those tools are great for the weekend warrior, you can get something done quickly. Maybe you're a high school kid and you want to build an app for something. (Access database would be like that too. You can get a database and it's not that hard, and you can make a form, but they're not enterprise class). 

This product, at first blush, looks something like it's one of those weekend warrior tools, but it's not. It's an enterprise-class tool with the kind of usability that you wouldn't expect. And with that usability - how do you have your cake and eat it too? Well, it's because of the product's extensibility. It's very well-integrated with your existing Java library of processes and procedures, as well as your ability to write new extensions to it. You get so much of the base functionality but you don't give up the ability customize.

We use the product for HTTP traffic. It supports DNS and FDP protocols. 

The product supports more than just HTTP protocols; it also caters to JMS and FTP protocols.

The solution should prioritize ease of use and align with the growing trend of cloud-native environments. Customers are increasingly leaning towards cloud-native solutions, and while you can configure your topology in the cloud as a private solution, having a more inherently cloud-native approach is crucial.

Layer7 API Management also should feature built-in policies to minimize the need for extensive code writing. It needs to include more plug-ins. 

I have been using the product since 2018. 

I haven't seen many issues with the product's stability. 

I rate the product's scalability a seven out of ten. 

Layer7 API Management's deployment was straightforward. 

Layer7 API Management is cheaper than Apigee. 

I would choose Layer7 API Management's alternatives since it is not current. I rate it a five out of ten. 

API Enhanced Portal 4.1 looks very promising. API Gateway policy manager for writing policies is excellent. It is the best in the industry for policy writing.

CA is the first in the market from the time they acquired Layer 7. They deliver the best API Management solutions.

From 2012, our clients evolved a lot from API Management perspective after using CA.

We are able to expose mission critical APIs to the external world, monetize them, and generate revenue from them in the most secure manner.

CA also drastically improved the capabilities from Gateway, Portal, and OAuth perspective in the last couple of years. This adds more value to our API Management wing.

CA API Portal 3.5 does not support Swagger documentation. If they were to support that, it would be great. However, their focus is on a newer, enhanced version of their API Portal 4.1 Release. However, it is not very mature and there is no direct migration available in the near future. It is not possible for clients to migrate to a newer version.

CA might lose clients mainly for this reason (Swagger Support on API Portal 3.5), unless they develop seamless migration utilities from API portal 3.5 to 4.1.

I have used CA API Management from 2011, when Layer 7 had not yet been acquired by CA.

From an API Portal 4.1 perspective, I did encounter multiple issues.

From an API Portal 4.1 perspective, I encountered scalability issues. They confirmed that they are working on it and in the very near future, it will be available.

CA has very good API Management support. They are very helpful.

We didn’t use a solution before this one. CA is the best in the market in terms of stability, scalability, and policy development. They are the best at achieving custom scenarios related to clients (customization) in all perspectives, besides the current API Portal 4.1, as it is not yet matured enough. There is nothing to worry about in the 4.1 portal.

The initial setup was straightforward. CA documentation is pretty clear for anything to do with CA products. They are masters in this industry.

If the CA pricing for API management would be a little lower, they would be able to cover a broader market.

I don’t remember the story from 2011, but very recently I did an analysis of MuleSoft, Google, AWS, Apigee, and WSO2. WSO2 came in first, and CA standards came in second.

Follow CA documentation thoroughly.

It’s central to our mobile-first strategy. The API layer is becoming the interface to all of our legacy back-end and all of our new app development is being built on top of our API layer.

Key features – integration with SiteMinder and its ability provide security in general, content-based routing, and ability to turn our existing SOAP service back-ends into new REST-JSON APIs.

As the APIs are built and published and made available to developers, we can build applications on top of those APIs in days and weeks as opposed to months.

In a traditional web application you’re building your UI, your integration layer, your back end, all at the same time, and there are dependencies – you can’t built the UI until you have database access, etc.

With the API model, all that access to the backend is already available so all you have to concentrate on is building a good user experience.

They have really stabilized the API gateway in the last couple of releases. There’s a developer portal that is used to document your APIs that is woefully behind the times, in terms of being able to provide a really good robust experience for the developers consuming your APIs. You can’t document all of the details you need in the current developer portal and really need a separate web site just to document your API.

You need to understand what you want from an enterprise API, what your vision, what your plans are for rolling out an enterprise API, before you just go out and buy a product.

It’s been rock-solid. When we’ve had problems with a gateway – we have a whole group of them – we typically get very good support from CA and production downtime has not happened.

Because it’s a clustered environment, we can scale horizontally as many as we need to go. So far two production gateways that are in a cluster and they’re processing transactions for one of our APIs at 30 calls a second and there’s barely a blip on CPU.

In general, I’d give them about a 7/10 or 8/10. They’re good – sometimes it can take a little while to get to the right person. They tend to come back to us with obvious suggestions, which we try before we call tech support. When we get to the right person we get an answer immediately.

It was an architecture decision to move towards a mobile-first API strategy. We realized that in order to meet the requirements of an API of a really good, strong enterprise API we needed to centralize that. That started us looking at APIM technologies. We scored a number of different vendors and brought in some to do POCs.

Nothing in IS is ever simple. However, the install went very smoothly. The OVA files that you install into your VMware infrastructure -- configuration and getting them set up in the clusters went smoothly (respecting internal processes). The setup and config wasn’t that difficult. There was much more of a learning curve on our end to leverage and learn how to use the API gateway. It’s sort of like a Swiss army knife in that you have to learn how to use which tools and when.

I look for stability in the vendor. I look for their ability to understand our needs. We get a lot of vendors who are not used to working with a Fortune 500 company and the size and complexity of our operation is big and complex. We need vendors that are flexible and who understand that their solution might solve a problem, but that might not solve it the way we need it solve. The flexible vendor that is able to provide multiple solutions typically ends up winning.

It serves our development purposes, enabling the connection of both external and internal clients, for example.

It's a comprehensive tool that allows us to perform all the necessary tasks in one place. With other middleware API management tools, we might need multiple tools and layers to achieve the same results. This tool provides a single platform for managing security, real transformation, connectivity, and development, eliminating the need for additional add-ons.

It's quite satisfactory. However, I don't focus much on the cost perspective, but I understand that clients are often concerned about costs. They might be exploring other options due to the high cost associated with our current package.

Currently, we don't have any major issues, and any past issues we encountered were promptly resolved. Perhaps in terms of improvement, we could explore more robust connectivity options, but for our current needs, it's been solid. As for my company, we might consider migration, and there are tools like GMU migration, provided by the same vendor, which could potentially help us in that regard.

I have been using Layer7 API Management for the past eight years.

It is stable, as per our observations.

I've been primarily utilizing the on-premises version, and it has proven to be scalable as we've added more clients. However, I haven't yet ventured into the cloud aspect, so there's potential for further exploration in that regard.

It's not overly challenging. The documentation is quite comprehensive, and the support from the dot command is also reliable. Overall, it's a comfortable experience, and I haven't encountered any significant issues or concerns.

I would rate it an eight out of ten.

Our clients use the solution for a secured layer to protect their API. Most of them have two kinds of API, the frontend, and backend.

There are many beneficial features in this solution that protect against attacks, such as SQL, injection, and the internet.

The Policy Manager tool that is used to manage the solution is very heavy to use because it is based in Java. Sometimes it takes a long time to load. There could be some improvements to it. If they could make Policy Manager on a web page that would be a good alternative.

I have been using the solution for approximately three years.

I have found the stability very good.

When I have used technical support they helped me a lot. Sometimes they took a long time to respond because we had very complex issues that we asked them for help with, but I think it is a very good service.

The initial setup was very easy and straightforward. However, the first and second time we did it was a bit complex because we were not used to the installation.

We have done the implementation and the time it takes depends on the client's use case. You can do the installation and have some APIs working to generate some values for the clients in approximately 30 days.

This solution is a bit more expensive than competitors.

My clients evaluate others solutions before they chose this one, such as AWS, and Apigee from Google. The most common option that they evaluated was Apigee because of the price.

The main difference was AWS and Apigee to this solution is they have a lower price but they do not have all the features that this solution has. It depends on the client, they have to decide between what features they want to implement. If there are not many features to implement they can go with Apigee or AWS, but if there are more complex implementations they try to go with Layer7.

I would recommend this solution to others. I really like the solution.

I rate Layer7 API Management a nine out of ten.

Our primary use case is as an API gateway for authentication and authorization, and then lightweight transformation or lightweight mediation. But it's mostly, authentication and authorization, mostly security-based.

We mostly use this product for our internal customers, so it's not a revenue generator for us. We use it for internal customers to contact the IT systems. In terms of benefits, it's not for external customer satisfaction. It's not that kind of a usage here. The benefit that IT sees is, it is a single developer portal for IT; it has helped us provide an API platform to our customers.

• The lightweight mediation
• Transformation from JSON to XML and XML to JSON
• API portal and API key management
• The Developer Portal
• Some of the key SSL sessions, inside the gateway
  
• Circuit Breaker is a cool feature, too

One area where it certainly needs to improve is the way it allocates requests, in terms of rate limiting. Let's say I have set the rate-limiting to 1000 requests per second and I have four nodes in a cluster. It divides the request into four, that is 250 per node. If I have a node-balancer in front which has the least connection mechanism it sends the first request to a node. It has to improve in terms of API rate-limiting.

Also, there is no native Kafka connectivity. If they provided native Kafka connectivity, that would be good.

We found a lot of stability issues in the 8.3 version. But even after reaching out to the CA engineering team, they were not able to diagnose the issue, so we upgraded it to 9.2. Most of the stability issues have been resolved and we're not seeing that many issues now. So the stability issues have calmed down but we faced a lot of them in 8.3.

The scalability is always an issue, as we cannot add gateways on the fly because there are a lot of moving parts; endpoint connectivity is one of them. If we add more nodes then the rate-limiting feature is affected. This kind of gateway always has the scalability issue. But, I think CA is coming up with its Microgateway, which is in Beta. If they stabilize their Microgateway platform, we could do very well in terms of scalability.

Their tech support is pretty good and their documentation is also good. The community's support is also good, so I would rate them pretty well here.

The setup itself is not that complicated since we used a VM form factor. The software setup, obviously, is a different story. But the network part that goes in, the firewall connection that goes in, and then, the load-balancers, the global traffic managers, all these things are not really that complicated. The gateway setup itself is not that complicated.

It's my manager who takes care of the pricing. But I keep on hearing that it's a little pricey, it's on the higher side. That is what he says. We have around 20 licenses so for that, the pretty is pretty high. That's what he says.

This product existed here before I started with this team so it has been here for last six or seven years. I've only been here for two and a half years. I'm not sure what kind of evaluation took place, what the criteria were for the evaluation. But, I'm pretty sure that they would have evaluated two or three products before choosing CA API Gateway. Our company itself already has two gateways.

I think the main criteria here were in terms of software security, mostly securing the APIs in terms of SQL insertion attacks or XML structure attacks. They were looking more at securing the APIs and CA was probably the best at it.

My advice would depend on the use case. If it's just a proxy solution that you are looking for, I would say don't go for CA API Gateway because API Gateway is much more than that. If you're looking for a complete API developer platform and securing your APIs, then CA API Gateway is a good product.

I give this solution an eight out of 10 because, as an end customer, in terms of managing my API lifecycle, end-to-end, it is pretty good.