Layer7 API Management Reviews

We use CA API Management for our brand mobile app and our outbound traffic. Our brand mobile apps are for Olive Garden, Capital Grill and LongHorn Steak House.

We also use API Management to modernize legacy systems via microservices.

We have our internet application, which is connected to PeopleSoft and other tools so we can export through API gateway. So we have a custom mobile app built for our internal application, where people can check their paychecks, benefits, and other perks, such as gift cards.

One of the main things is the call-ahead feature, where people can call ahead of time with our mobile app to reserve a table at these restaurants. We also have private click-to-call links that are very successful.

Pretty much the whole mobile app is going through our Gateway. People can only access the app through a mutual SSL authentication, plus we make sure that we do geo-location. We also have CA Advanced Authentication to help with this. We put these two tools together to make sure that we are not entertaining anybody outside of our countries that we serve. So security-wise, we feel secure using the gateway.

The out-of-the-box security features are useful. 

Right now, you can just right-click and drag and drop the assertions with the rate limit. That, as well as the x-amount surge protection, is built in so we can bring that in.

On the monitoring side, we need a better way to monitor it. CA has not given a clear understanding of what external tools we can use to do this.

We also need a total dashboard functionality to see how many transactions are going through, where the problems are, etc. There's no out-of-the-box monitoring other than the dashboard, which doesn't give you very much.

Their migration policies are also not the best out there. We just do an export and import of it, which is fairly simple, but they could have made it better.

We do promotions and that's the only time you see some crashes. But overall it's pretty stable product and we haven't had issues with it.

Because we have a physical appliance, we have the capacity with us, but scalability is going to be hard. Our next strategy is for us to figure out if we can use virtual gateways instead of an appliance gateway and then scale horizontally.

As for end users, we have a lot of them. About 200,000-300,000 users have downloaded the application and use it externally. As far as maintaining here locally, it's a team of 5 people.

We are growing. I'm the main implementation architect on the support of it. Now, we have a policy development team, an enterprise architecture team and a performance testing team. Each one of them from their team lend out to us whenever we need it.

I would say we're probably 20 to 30 percent of people have been using it within our organization. We still have a lot of room to go. 

Their support is phenomenal. That's one thing that I like about CA is that they're very good at their support.

There's a big dent right now with the merger with Broadcom. So, it's not working out that well lately. I think they need to get that merger completed quickly to get this all figured out.

This is the first one we've picked and then we were pretty happy with it so far.

It is straightforward, but now we're trying to cache some of the responses and there is no real guidance on how this works.

We had CA Services help us during initial setup and that's about it. 

We see clear ROI with this solution.

I think it's competitive. It's not that expensive when you compare CA with the Oracle product. I also haven't seen the latest pricing for the virtual gateways, but what I have seen seems to be reasonably priced.

We were thinking about the Apache system at that time, as well as the Oracle server and architecture.

I used CA in my previous organization so I'm committed to it. To me, it met our requirements at that time, which helped us choose it for this organization.

At that time, Oracle didn't actually have a gateway. Although they have now acquired a gateway, I think CA API Gateway is more mature. It's been there for a long time, even before CA purchased it, so in this space they are the best. We also did the research and looked at resources like the Gartner Report, and CA API Gateway seems to rank top on the list.

I rate CA API Management as an eight out of ten due to the overall stability of the product. So, we had this implemented and running fine unless we had increased traffic. We never went back and tuned it. In that way, I'm pretty happy with that.

It loses the last two points because of the monitoring, as well as the capacity analysis and planning our day-to-day transaction details.

We use Layer7 API Management to manage API gateway and customize policy scripts.

The product works well from an implementation perspective.

Layer7 API Management’s price could be reduced.

I rate the product’s stability an eight out of ten.

We can create multiple gateways using the product. It has good scalability. It is suitable for enterprise customers who have many APIs and microservices.

We have used WSO2, Kong, MuleSoft, and other open-source products.

The initial setup process is easy and flexible.

Our customers found the product’s cost a little higher. They are looking for open-source solutions.

We evaluated Salesforce.

I rate Layer7 API Management an eight out of ten.

The product has a user-friendly interface. There are customization options, unlike the previous version, where we had to do manual coding. We use the configuration wizard to set it up. It saves us a lot of time.

There could be more integration options included in the product. It needs active connections added in the present version.

We have been using Layer7 API Management for three months. At present, we are using the latest version.

It is a stable product.

We have 12 Layer7 API Management users in our organization.

The initial setup process is easy. The deployment time depends on the custom applications. It takes time to integrate configuration to explain the process to small business vendors.

There are various licensing models for Layer7 API Management. We have to buy additional licenses to get new versions.

I rate Layer7 API Management an eight out of ten. It takes time to learn and understand the product.

I sell this solution to a variety of clients in digital banking, insurance, and health care.

There are many security policies within this solution that help to prevent attacks. We are also able to implement MTLS to allow us to lock a channel from the application from the backend. There are authentication flows inside of the gateway that help us a lot to implement customers improved user experience. 

I would also like the next release to support FAPI-CIBA because there are laws in Brazil that require companies that operate in a digital manner to support CIBA and FAPI. This is more for authentication flows.

I have been a partner with Layer7 since CA Acquisition 

I have never had any concerns in regards to the scalability of the solution as it is able to handle more than 25,000 transactions per gate. We currently have seventy people working with the solution but for one simple gate implementation, only one engineer/technician is required.

The support that is available is only for technical issues, they are not able to help you with your use case.

The initial setup is a piece of cake.

Most of my customers have been able to see an ROI.

Be sure to research this product and its functionalities well prior to moving forward with the solution. Many of my clients will have issues with the solution in regards to their use cases.

This solution is easy to deploy and view data in API but you must have a solid plan to manage the environment.

I would rate it a ten out of ten. 

We use Layer7 API Management for digital banking: for signing, validation, transactions, etc.

We are a partner, so there are roughly 40 people inside my company working with Layer7.

The mobile access gateway (MAG) is tremendous.

Its ID authentication is a little outdated. I think they should start using face ID.

They need a multifactor authentication solution for the API layer and the other layers, as well. Today, we don't have face recognition for the gateway. We don't have palm recognition either. This would add a needed additional security layer.  

I have been using this solution for roughly two to three years.

This solution is very stable. Once you have the other patches applied it's really stable.

Layer7 API Management is very scalable.

Overall, I would give their technical support a rating of six. It was better before Broadcom acquired it from CA. If they improved their response time, I would give the technical support a higher rating.

The initial setup is very easy.

We have implemented this solution for three banks. One bank took three months and another took six months to fully implement due to an additional security layer.

It really depends on the size of the bank and the number of transactions that you have to validate, the board members, and the customer flows within the bank.

If you wish to implement Layer7 API Management, it is paramount that you understand, first, what you need.

Most of the time, the customer doesn't understand the power of APIs and how they should be managed inside an organization. If your customer doesn't have a plan, it doesn't matter what solution they use — nothing will work.

Overall, on a scale from one to ten, I would give this solution a rating of nine.

We had a test version, which was more of an on-prem version, and we also had some on the Docker for a live API creator. 

We are a security service company, and we provide a lot of solutions in that space. We were just trying to have a frictionless authentication product, so we were working on that. We were looking for a Gateway that can serve in an API, and we've already got an open-source solution.

We loved the portal part the most, which had monetization and showed how people were using the stuff. It is a good product as a whole and has a lot of microservices and granular features.

The delivery is bulky in terms of implementation. Its price could also be better. It is a very good product as compared to CA API, Google API, and WSO2 API, but its price is high.

From the cloud-native perspective, some new features need to be added. It could also be made simpler to implement.

We have been using this solution for four to five years.

Technical support was okay. We were getting good support. We had access to the portal, and the support was good enough.

It was a little complex initially. We struggled a bit initially to understand this solution, but later on, it was okay. I do not exactly remember the issues, but initially, our team was facing a lot of problems in terms of virtualization.

It was very high at that time. We are a Broadcom CA partner, and we got it only for testing purposes. We didn't pay anything for it.

I would recommend this solution to others. This is one of the good solutions for microservices and APIs and for people who need to go the digital way. There are a lot of other solutions that are coming into the market, and the infrastructure landscape is changing.

I would rate Layer7 API Management a six out of ten.

This product is used to expose some internal APIs to help us automate different activities.

It is helpful to have a central API that is hosted and managed.  It reduces costs and customers, suppliers, and vendors receive a uniform interface.

The license model and the cost of licensing can be improved. Especially given that we are in a stable operational mode.

We have been using Layer7 API Management for five or six years, and we have been actively using it this year.

It has been working quite well for a long time.

It's been working for us, from a scalability perspective. It's implemented within a central group, so there are just a couple of roles that run it. The APIs we host are stable.

We are in a stable maintenance mode, so we haven't had to engage customer service/technical support for some time.

We did not use another similar solution prior to this one.

It's a complex product, but I would say that the initial setup is straightforward.

Our in-house team handled the deployment.

We have a handful of IT admins and app admins who specialize in maintaining Layer 7 

It is a pricey product, although priced to the market. 

Overall, this is a good product. It's been stable and working for us, and our main difficultly is people calling out the price point on it.

In my company, we use CA API Management for banks in the financial markets. Our primary use case is for the basic protection of the APIs. We also use the authentication feature.

One of the main ways that CA API Management has improved our company is that we do not require a lot of people to work in developing new security code when they are programming for the APIs. They leave all the responsibility to CA API Management. 

In this manner, our developers can focus on just writing the code and on important business.

I work for an information security company. CA API Management is capable of using tokens for authorization to manage access control for the APIs.

One improvement for CA API Management would be better integration with the web access console. Better integration of the web access console would be great.

One specific feature that we need is the ability to authenticate directly to the server with API data. It's not complex nowadays. This is a feature that we need and CA doesn't have it. 

CA API Management can't do the same authentication functionality with the APIs as the other competitive products in the marketplace.

The stability of CA API Management is very good. We have very little problems with the solution. Just once, there were a couple of days that became filled up with logs of reporting information. Overall, CA API Management is certainly stable.

We don't have any problems with scalability. We have only a few customers that have deployed it. We only use it for a total of 4 clients. We don't use it in all of our projects. We work with other technology. 

Our final customer maintains the CA API Management installation and only needs our contractors to make other new improvements.

Technical support is okay. We have opened some cases and all of them were quickly solved.

This was the first tool that we used for API Management.

The initial setup is good. For our requirements, it fits our appliances. 

The initial deployment of the software was two hours, i.e. to have the API data up and running.

We are a reseller company that makes the final setup for our customers. We always do the final installation for our clients.

Our CA API Management license is for five years with no additional cost other than the standard licensing fees.

Nowadays, we are looking at IBM solutions because other customers required it of us.

CA API Management is very helpful. I would rate the product an 8 out of 10. In my opinion, the features are all very good.