Layer7 API Management Reviews

It is primarily used for API Security. It has performed very well on the basic security front, but then this product is a suite of products, so it has multiples of products. We are not using all of the subproducts. Now, we are looking for a new use case where we want to use it for mobile apps. That is what we are currently exploring.

The time to go to market has been improved in developing new things while we use this product. We are able to go to market and deploy our functionalities very quickly. We are able to embrace newer security standards. We are able to do that easier because of this product, because of CA API management.

Security is definitely the top one, and other than that, it is a quite customizable product. I have seen that they are coming up with newer features and they are quick, coming into the market very quickly. Compared to other vendors, this product is much faster in coming up with new features, which is good. 

There is still room for improvement for the CA API Developer Portal. It is still not on par with where the competitors are. Other than that, the Core API seems to be very resilient and strong on the security front, but then the CA API Developer Portal is the only piece which I think can be improved. 

It is quite stable. 

We have more than 100 nodes and things are going well so far. However, there are a few cases where we are learning about some outages and that is when getting good visibility of what is actually happening would be the key. In a few of the sessions of in CA World, I was able to get to know more about what additional add-ons we can do, how we can get good visibility, and what is lacking currently. 

We did use technical CA support and it was really nice. 

There were very few scenarios where I was not able to get the answers, or maybe my use cases were maybe unusual use cases that they were not able to come up with the answers. Therefore, we definitely get good responses from the technical team and they are quite responsive.

There was one scenario where they said there is no solution for the kind of requirement that I had. For all of the scenarios that I have come across, they have been able to give me some solution. There was only one scenario where maybe my use case was quite unique.

The solution was already in my company before I came.

I was not involved in the initial setup, but I have been setting up new instances, and it is quite straightforward. 

Getting new security standards so quickly into the product is definitely a new surprise. In the CA World, I am seeing a lot of new subproducts that they are introducing, which I was not even aware of. I think that definitely surprised me that CA is investing in the CA API management product and building new offerings and new solutions, which is really nice. That is where the industry is going and they are putting their time and efforts in the right solution and the right product.

The gateway and the new offerings that they are coming in are very capable. The two points that I am missing are primarily from the development standpoint. 

I would suggest CA API Gateway to my friends in some other companies who are trying to deliver it: more from the security standpoint, the ease of setting it up, using it, and customizing it. Those were the key factors that I would be promoting about this product to my colleagues or friends.

Most important criteria when selecting a vendor: Support and the new features that they bring into the product. Those are the key things based on which we are selecting the CA API Gateway. 

The most valuable features are reliability and scalability; it's just easy to deploy across our environment. We like those features.

It certainly filled the API management needs of our organization. For example, we were in the process of designing a patient portal for the hospital, and we were able to quickly leverage the UAR tool kit that’s available. The developers didn't really have to think about security, even though in the healthcare industry, security is a big concern. And that was all leveraged from the robust tool kit available in API Management. Taking that heavy lifting away from the developers so they could focus on functionality and we could focus on delivering the secure access they needed, was great.

It's a great product. Just expand on it. I think CA has done a good job bringing the UI component to macOS; that’s good. And I think they're also doing a web UI version where you can create policies. I believe in the past, they had some limitations of what you could or couldn't do, but they are solving some of those issues.

CA is the leader in this space. So we look toward them for coming up with best practices to adopt. I'm not really an expert in that area.

We've had it working for about 4 or 5 years

We've had it working for about 4 or 5 years now and apart from upgrades, we have never had a problem with outages or components breaking down.

We began with just one appliance. Then, as our needs grew, we put in a load balancer. It had multiple VMs talking together, which was fairly easy to do and we never had a problem with that either. From time to time, when we needed to take one server out of the load, it was an easy process; the other servers automatically absorbed the workload. That's a benefit for us.

We had API Management from when it was still Layer 7. Their people were certainly filling a lot of shoes because it was a smaller company at that point and you would see the eagerness for technical support to jump in, be hands on, and help you all the way through. Now, they try to push us towards the solutions and the consultants a little more. In a bigger organization, getting POs signed is not an easy process and when you want something that could take an hour or two hours to fix, now becomes a bigger hassle.

When we looked at this emerging API management need seven years ago, we looked at the Gartner recommendations and then looked at our organization’s needs at that time and kind of picked CA right from the beginning.

I jumped in to the second or third upgrade, not at the initial setup.

I would certainly recommend using this product. We've had a wonderful success story. And we've not had any issues with it. Even when the consultants do come out, they are very knowledgeable. They know the product inside and out and can implement it right on site. That is a plus.

When selecting a vendor, the interoperability between their different products that we have is important, as well as expandability. Additionally, we want to be able to configure the product to our liking. That helps us adopt it.

The most valuable feature is that the API gateway is very strong in security. Most of the enterprises have exposed their back-end services as APIs and everything is okay if the APIs are accessed internally within the enterprise. However, now with all kinds of mobile channels and omnichannel customer experience, the APIs get exposed to the outer world; at such a time, you need something so that you can secure your data. You don't want to be in the news that something bad has happened. Thus, API gateway acts like a security gateway.

It has the ability to enforce security policies on APIs so that the user transaction is secured. Thus making sure that the transaction is a real one and not an unauthorized/hacked transaction.

Whenever there is a new API development our organization does not need to worry about the security aspects in regards to the API because it's already in place.

In my opinion, the policies need to be simplified so that developers are able to understand and taking that into consideration they can build their APIs. The support and maintenance needs to be simpler.

They need to provide more knowledge and it should not be that only CA is able to provide that service. There is need to pass on the knowledge to the enterprise users.

At our organization, we're still not into production but we have some references from other industries like the telecom industry. What we have seen is that there are some initial hiccups, as you encounter with any new technology.

However, once you have proper organizational structure in place to support and manage API gateway appliance, things become smoother.

We have used the technical support and it is excellent. CA is accessible since they have dedicated resources. They provide access to the engineering team and their service is good.

I was involved in the decision-making process to adopt the solution. Initially, we had a normal NetScaler load balancer. However, the challenge with that tool was once your APIs get exposed to the internet/the mobile phone, how to pass the username and password from your mobile phone to your back-ends.

The mobile experience demands that you don't want users to authenticate every time they want to use the application. For example, the Facebook user experience is such that once you enter your username and password you are logged in and whenever you come next time, the token gets refreshed. A similar kind of experience is what we were looking for and that demands API management.

I was not involved in the setup of this product. Since I was an architect, I brought the product in our organization, made people aware of it, socialized it within the enterprise with different stakeholders and now they're leveraging it.

We considered other vendors like IBM DataPower and also looked into Apigee, which is now taken over by Google.

We came up with a reference architecture, so there's got to be some standardization in regards to how you want to build APIs, expose the APIs, naming conventions and so on.

The way to manage the policies needs to be simplified and developers need to be trained. In my opinion, CA API Gateway in that security space is very ideal and it's one of the best out there.

We use Layer7 API Management to manage API gateway and customize policy scripts.

The product works well from an implementation perspective.

Layer7 API Management’s price could be reduced.

I rate the product’s stability an eight out of ten.

We can create multiple gateways using the product. It has good scalability. It is suitable for enterprise customers who have many APIs and microservices.

We have used WSO2, Kong, MuleSoft, and other open-source products.

The initial setup process is easy and flexible.

Our customers found the product’s cost a little higher. They are looking for open-source solutions.

We evaluated Salesforce.

I rate Layer7 API Management an eight out of ten.

The security checking authentication is our primary use case for this solution.

The API gateway is good. 

We have experienced technical difficulties with the product in the past. 

Tech support is helpful. I would give it an 8 out of 10 rating. 

I do not have any experience with the pricing or licensing of the product.

API management, for security.

One of the features that the tool provides is the ability to simply onboard new APIs to an existing security platform. We build all the policies for security upfront, and then we can add those policies pretty simply and straightforwardly to any new API that gets developed in the enterprise. That has been the quickest and easiest thing. 

We're rolling it out across the enterprise as we speak, after that six months or so of heavy usage, and we're finding that the amount of time it takes to secure new APIs has gone down substantially.

The security features are the most important because that's what we're using the application for, specifically.

There is a thick client for configuration that is not as easy to use as you might like. So I would say the design and user experience, from an administrative standpoint, is a little clunky.

There are some really very granular kinds of issues that I've found and they're more related to very specific technical components of the application itself. Aside from these individual complaints that are very bound up with our use cases, I don't have any specific recommendations.

No issues with stability.

In terms of scalability, we haven't encountered any issues. Scalability has been something that we're starting to explore a little bit more now - automated scalability - responding to increases in capacity in the environment. But we haven't had any issues, and I don't necessarily anticipate any issues. CA provides certain containerized versions of their components that are very easy to deploy and scale.

CA has been extremely responsive to any request that we've had for assistance, for support, and for new features. I haven't been able to evaluate the newer version that has recently been released, so we haven't evaluated it yet in terms of feature completeness.

The initial setup was pretty straightforward. They provided us with a container and we got it up and running, and then we just started working on it. You can follow the instructions pretty easily.

We did not have a previous solution, but we did evaluate Mulesoft as an alternative and, possibly, Informatica. We ultimately decided that our relationship with CA, and the type integration with some of the other applications that we had deployed in the enterprise, made the API Gateway a much better option for us.

I would suggest you take a look at all of the components. The API Management Suite that CA offers is broader than simply the API Management Gateway. The Suite has some features, extra components, that really make for a much easier and more accessible way a way of doing API management within the enterprise. There are components like the Mobile API Gateway and Live API Creator. These additional components really expand what the products can do, in a way that makes your value proposition easier to present to the business.

I would say this solution is a solid eight. It does everything that it says that it does. It would get a higher rating if it had a little cleaner interface and was easier to administer, but I think that's a pretty solid rating for a product like this.

We have the API Gateway deployed in production. The primary use case is for the API Gateway to provide API access, and authentication, and authorization for the APIs we expose through our product. 

I am also looking forward to having the API developer portal deploy as well so we get a bit more insights into the analytics part, and also some of the API lifecycle management associated with it.

I love the API Gateway, especially the architecture, in terms of the composability of the policies. We approach it from a very software-engineering approach.We build on the policies, like legal blocks, and we deploy them throughout different environments. It's been working out great for us.

It definitely helps a lot with the DevOps and the support. Reliability is one thing, and having visibility into who is using which APIs. 

Some of the performance matrix that API Gateway gives off - we monitor them via SNMP traps - and then we tie them into our monitoring system. You can actually monitor some of the latencies and some of the performance aspects of both API Gateways, as well back end services. So having that line of sight surely helps in terms DevOps.

The most valuable feature, as I mentioned, is the composability, because we use a lot of functionalities. 

Also, right now we're looking into the Dockerized version of API Gateway because that would allow us to flow nicely into our Microservice Architecture.

The more automation the better. I think CA is stepping in the right direction. I went through the micro API Gateway presentations here at the CA World conference, on how you can automate more of the policy deployment via the JSON format, so you don't even having to touch the Policy Manager. Because every time you touch something in the Policy Manager you think, "Well, that's a GUI, humans need to go in and do something with it." So if we can automate everything with the APIs, that helps a lot in the DevOps lifecycle, where we want to automate everything.

I've always been a fan of API Gateway. In the past we've used various API Gateways, some of them are open source. It's definitely very reliable and robust. The three years that we have them in production, not a single instance of downtime due to the API Gateway. We have issues, but it's mostly because of API backend issues or low balance issues and such, but API Gateway has been pretty reliable for us.

The scalability has been good. Now we have exposed the APIs, we have a four-node cluster of API Gateways in production. It's been scaling out well for us. I haven't had any issue yet.

I have ended up using technical support several times. I think it's fantastic. I've been working with a particular technical person in CA and he's been really, really helpful. He's been very busy, but the support that he gives me is above and beyond the call of duty.

Even going through the 24/7 support I usually get the answer back within 24 hours.

It was three years back, and at that time there wasn't a lot of automation going on with the API Gateway. It was a lot manuals, so we're using the OVA version of the API Gateway. As time went on, with the API Gateway you can pretty much auto-provision things. But two years back at least, I wasn't aware of that, so there was some manual steps. But even manual it was still quite painless to get it done.

We did do some evaluations against other products. Just to name a few, we looked at Mulesoft, WS02. We went with CA because the solution is simple to implement, it fits our use case well, and in terms of price point it also chimes well with our VPs.

I like that CA is continuing to improve the product, looking for new solutions using the API Gateway. That's something that we're familiar with. And that they're trying to make it work for different types of architectures. As I mentioned, we are moving toward Microservice Architecture and having the Docker form and the micro API Gateway to help with those kind of architectures is really helpful.

I'm an engineer, so from my perspective things have to be simple. If things get way too complicated then maybe you don't have the right solution, or you're not using the right solution to solve the right problem. In that case you may want to look for a different solution.

When selecting a vendor, as an engineer the solution that's offered by the vendor needs to be simple enough to solve my problem in an efficient way. Of course, I don't worry too much about cost because I'm not paying for it, but certainly cost does play a part in terms of licensing scheme.

The solution you choose depends a lot on the use case, so without really understanding a colleague's use case it would be hard for me to recommend anything at all. Definitely, if they want functionality like API management, I would recommend looking at CA to see it fits their use case or not.

Primary user case is producing APIs as products, essentially, and creating the environment for developers to sign up to use APIs. 

It has performed well so far. We just got a test instance installed, and did a PoC earlier in the year. We are more or less just getting started with it. 

• For developers to be able to come, sign up, or find APIs. 
• Sign up for the API and start using it in their applications without a Gateway developer having to get involved. 

The benefit of it is being able to create a sense of the API marketplace. It has improved the way our company functions by streamlining the effort and getting people out of the process.

I would like to be able to see the publisher role be able to be organized within organizations, so somebody within that role can only manipulate their particular policies.

We had some problems getting it installed, but it has been running fine ever since.

It is all docker containers. So, it seems to be pretty good.

The technical support is good, knowledgeable, and responsive.

They are all friendly to work with and really seem to care about us being successful.

We were using the API Gateway before. 

The industry is moving is to be more API-oriented and more self-service oriented, which is why we invested in a new solution.

The initial setup was complex. It ran into a lot of problems. It was a new release. It was a 4.1 release. We spent the first day or so, probably almost two days, getting it to accept the proper IP from the DNS name. We ran into certificate problems. Mainly, just the installation script in our particular environment did not work very well. So, instead of what should have taken us a couple hours, or what we planned for a few hours, it ended up taking about three and a half days.

I did a PoC in the earlier part of the year. We built out some APIs on that, then we just installed the test instance a couple weeks ago. 

Purchase 4.0 now and wait until they flush out the 4.1 problems.

We evaluated CA and Google. We chose CA because we already had an embedded solution with them and a good relationship. Pricing was also a factor.

Most important criteria when selecting a vendor:

• Reliability
• Support
• Pricing.

CA is a large company. It is not like they are going to go upside down tomorrow. You want to make sure that the company is going to be around for awhile if you are investing in them.