Layer7 API Management Reviews

We use CA API Management to publish APIs for secure and fast integration with customers and partners.

It helps to improve customer satisfaction. When customers need to integrate with our platform, they are able to self-serve by using the online documentation and tool and then test their integration independently in a sandbox environment. Once the testing is complete they can request the switch to production.

It provides us with a resilient solution and robust policy configuration. It is able to withstand the number of API calls and handle different API requirements to secure, transform, log, and track API usage patterns.

They should incorporate deeper monitoring features into the solution to make the offering more complete. Doing so would help to showcase traffic patterns and usage to better engage customers and partners proactively. It would also help with API management and capacity planning.

It is a very resilient solution.

No issues.

Technical support is very knowledgeable and helpful.

The initial setup was somewhere between straightforward and complex, requiring an intermediate level of effort on our part due to our particular requirements. Otherwise, the solution is relatively straightforward to set up.

Subscription licensing and pricing are competitive with other solutions.

Axway API Management Plus and Apigee.

Familiarise yourself with its policy management to match your requirements for API management and governance.

API security and API onboarding. We have on-premise deployment with legacy backends.

It improved the integration channel between partner companies. It also improved the time it took to onboard a new partner.

API security. Implementing security is hard in general but for this product, almost all security features are available out-of-the-box and can be deployed rapidly.

The product needs to keep up with newer trends even though customers might not be requesting it yet. For example, the usage of newer versions of Swagger and YAML format.

We use it primary for API management in my data center, for mobile applications and application-to-application integration.

It has improved API governance, gives analytics to API performance, and provided abstraction to the solution providers.

• Policy assertion
• Policy manager
• SSO
• Authentication
• HA features
• Analytics
• Very extension logs

• Better GUI for the policy manager.
• Needs better professional services in my country. 
• Better mobile features.
• Better HA configuration.

We use it for public API security.

The governance of the new business models generated by the APIs has been simplified and is improving the daily control over them.

• Current security models which are the focus of the industry. 
• The product documentation helps the client and/or user to evolve quickly while using the tool.
• Support has efficiently combined with the forum.

The portal is an important point in the lifecycle of the APIs. Right now, the portal lacks many features. We hope that the new version will have them and that there will be a quality jump, which is needed.

None.

There is no real problem. However, as the number of instances increases, its complexity of installation increases if you do not use the OVA.

Support through the forum is very good and efficient for partners.

I work in a consultancy, so we do projects with other products. However, our partner product is with CA Technologies.

They have different installation models. Therefore, there are always small drawbacks. Fortunately, if you use the OVA, your installation is direct.

We are a partner with our own prices.

We evaluated the following solutions: IBM, WSO2, and Oracle.

Begin by using the installation offered on an OVA, then in production environments make use of your own installation, e.g., in CentOS.

Managing all of our APIs and the security around them.

• Standardization of our API deployment
• Improve security

The Portal API helps us with deployments. It also helps to have a catalog of everything.

The replication is also a critical feature for us. It helps to have a more robust architecture and makes our systems are highly available.

The portal is not the most intuitive and the way things are displayed makes it difficult to find the information we need. We never completely read the info. The way it's written does not make me want to read it.

Lately, we have had a replication problem, but it's possible the problem is on our side. We are still unsure.

No issues with scalability.

The technical support is fast and efficient.

It was a complicated setup but we had help.

You need a team to manage it.

My company is a CA partner. We do implementations for end-customers, using CA API Management. So my company doesn't use the product, but we install, configure, and implement the product for our end-customers.

Primary use for the solution is to have access to APIs that are generally difficult and not available. An example would be critical APIs that should be available 24/7 but they are not available most of the time, because of one or another constraint. That is where the API Management solution is used to the maximum by end-customers.

Let me give you an example from one of my customers, a tier-two telco in the UK. This customer was getting an API that was available to their developers for only two hours a day, and because of this restriction, they had to plan everything precisely for their developers to access the API in those two hours.

Now, with the CA API Management implementation, the third-party API is available to this customer 24/7. It's available any time the development team requires access to the data or the information. This result has quickened the development pace and the testing cycle, and it has saved a lot of our dollars for my end-customer.

Security is the most important parameter of the solution, for me, because whenever you are exposing your APIs to third-parties, it is critical that the data remains anonymous and that data is retained within the system, that it is not leaked. CA API Management provides good security features and that is very critical.

The CA API Management solution has good security features, but when it comes to being used in areas like enterprise integration, where it is being used as middleware for all the IT environments, that particular feature is quite limited. It doesn't support as many protocols as an industry standard, competing product should.

No issues with stability.

I have never had any issues with scalability.

I would rate tech support at nine out of 10.

I still use multiple solutions. I use some open-source solutions, I use some of the competing enterprise solutions, and I use CA as well. It really depends on what my end-customer really wants. It depends on the use.

The initial setup was quite straightforward.

I feel the product's pricing is a good value.

In terms of licensing, currently, they are available for as perpetual from CA. What is really important is that they offer the solution as a service, on a subscription or monthly basis,  which will make it more attractive. That is where the market is headed. There are competitors within the industry that are doing that currently. I would encourage CA to do that.

The options that I had were Apigee and Mulesoft.

My advice would be, if it is a really complex integration with multiple protocols, multiple APIs, where security is the key, I think you should look at the CA solution. That is where it fits best. If it is you're looking at it more as an enterprise integrator, that you need to integrate internally within an organization and its IT functions, then I would suggest that you talk to CA and see how best the product can be used; you will consultation.

It's a very stable, scalable product with good security features. It does the job well.

API management, for security.

One of the features that the tool provides is the ability to simply onboard new APIs to an existing security platform. We build all the policies for security upfront, and then we can add those policies pretty simply and straightforwardly to any new API that gets developed in the enterprise. That has been the quickest and easiest thing. 

We're rolling it out across the enterprise as we speak, after that six months or so of heavy usage, and we're finding that the amount of time it takes to secure new APIs has gone down substantially.

The security features are the most important because that's what we're using the application for, specifically.

There is a thick client for configuration that is not as easy to use as you might like. So I would say the design and user experience, from an administrative standpoint, is a little clunky.

There are some really very granular kinds of issues that I've found and they're more related to very specific technical components of the application itself. Aside from these individual complaints that are very bound up with our use cases, I don't have any specific recommendations.

No issues with stability.

In terms of scalability, we haven't encountered any issues. Scalability has been something that we're starting to explore a little bit more now - automated scalability - responding to increases in capacity in the environment. But we haven't had any issues, and I don't necessarily anticipate any issues. CA provides certain containerized versions of their components that are very easy to deploy and scale.

CA has been extremely responsive to any request that we've had for assistance, for support, and for new features. I haven't been able to evaluate the newer version that has recently been released, so we haven't evaluated it yet in terms of feature completeness.

The initial setup was pretty straightforward. They provided us with a container and we got it up and running, and then we just started working on it. You can follow the instructions pretty easily.

We did not have a previous solution, but we did evaluate Mulesoft as an alternative and, possibly, Informatica. We ultimately decided that our relationship with CA, and the type integration with some of the other applications that we had deployed in the enterprise, made the API Gateway a much better option for us.

I would suggest you take a look at all of the components. The API Management Suite that CA offers is broader than simply the API Management Gateway. The Suite has some features, extra components, that really make for a much easier and more accessible way a way of doing API management within the enterprise. There are components like the Mobile API Gateway and Live API Creator. These additional components really expand what the products can do, in a way that makes your value proposition easier to present to the business.

I would say this solution is a solid eight. It does everything that it says that it does. It would get a higher rating if it had a little cleaner interface and was easier to administer, but I think that's a pretty solid rating for a product like this.

API security, API management, OAuth security, microservices, mobile app security.

Secure API exposure and driving Innovation through microservices.

Security, out-of-the-box policies.

Cloud-native architecture of the product.

We haven't encountered any issues with stability. The hardware and virtual appliance-based form factor are solid. It's a stable product.

The product does not scale the way cloud-native architecture does.

Technical support is good.

The initial setup was moderately complex, due to various deployment models and integration with its own components.

It is in the lowest price range for such products but the pricing model needs to be changed.

I have experimented with all of the APIM solutions. Each one is fit for different situations but, overall, CA API Management is the best product for the expected functionality.

I have evaluated Apigee, Mulesoft, SoftwareAG, Akana, Kong, and IBM API Connect.

If you are truly looking for API management features, CA API Management is the best solution. It might be a bit old in terms of cloud-native architecture but they are moving towards that.