November 28th, 2011

New Tutorial Series: OAuth 2.0 with Layer 7 Gateways

Layer 7 OAuth Tutorial 1OAuth is fast becoming the most widely recognized standard for access control with REST and Web APIs. And OAuth 2.0 – the latest version of the protocol – is impressively rich, with many grant types addressing many use cases (two-legged, three-legged, with or without redirection etc).

I recently launched a series of video tutorials in which I provide practical instructions on using OAuth with Layer 7’s SecureSpan and CloudSpan Gateways. Layer 7’s OAuth 2.0 template implementation provides a standard-compliant OAuth solution to which you integrate your API, identity providers, API keys and so forth.

The Layer 7 OAuth Toolkit also includes client applications for testing each grant type defined by the specification. This is very similar to what Google provides with the Google OAuth Playground. You can test the OAuth handshake and test calling an API using the access token provided by the handshake. You can also test token revocation and token refresh.

Embedded below, the first tutorial in the series – Incorporate an Existing API & Identity Provider – shows how our template allows you to leverage existing resources in an OAuth deployment.  Over the coming weeks I’ll be posting all the tutorials in the series. In the meantime, for more information on how our Gateways enable OAuth, download the OAuth Toolkit data sheet.

OAuth 2.0 with Layer 7 Gateways, Tutorial 1: Incorporate an Existing API & Identity Provider

November 25th, 2011

FROM THE VAULT: White Paper – Choosing the Right API Management Solution for the Enterprise User

API White PaperWhile APIs may be nothing new, the whole concept of “API management” is still pretty fresh. It’s probably a term you’re going to start hearing more and more, though – simply because more and more organizations are going to start discovering they need ways to secure and manage their APIs.

Over the last few years, social media and mobile devices have provided all sorts of organizations with the motivation they need to start publicly exposing data and services they would previously have kept private. Clearly, this raises security and management concerns, especially for larger enterprises with valuable data to protect and reputations to maintain.

While API management products have been on the market since at least 2006, there’s still fairly limited understanding of what a fully-functional API management solution looks like – or should look like. Earlier this year, we published our Choosing the Right API Management Solution for the Enterprise User white paper, to help enterprises fill in the blanks.

So, if you’d like to learn the key functional and operational requirements for an API management solution, just download this white paper.

November 24th, 2011

Nothing Succeeds Like Success: Analysts Place Layer 7 On Top Once Again

Written by

We’ve had a good Fall here at Layer 7. Last month, Gartner declared that Layer 7 is a leader in its 2011 Magic Quadrant (MQ) for SOA Governance Technologies. To be placed by Gartner in the Leaders Quadrant is a formal recognition of a company’s excellence in its vision and its ability to execute. We’ve achieved this honour with Gartner before (it was the last time they evaluated the SOA Governance space, back in 2009); but this year the firm raised the bar considerably by emphasizing the greater scope of SOA governance, including the overall life cycle of policy and services. We’ve worked hard to develop a complete SOA governance solution—something that Gartner clearly recognized, as are the only SOA gateway vendor to be included in this year’s leaders quadrant. This is an achievement our whole team is very proud of.

But the honours didn’t stop there. Last week, Forrester published The Forrester Wave™: SOA Application Gateways, Q4 2011. I am very pleased to announce that Forrester has also recognized Layer 7 as a leader. Forrester evaluates vendors based on 45 criterion that cover current offering, strategy, and market presence. Layer 7 achieved the highest scores in both the current offering and strategy categories.

As with the Gartner MQ, the actual placement of Layer 7 on the Forrester Wave is dramatic—and it is very flattering. I can’t reproduce either graphic here, but I would encourage you to use your Gartner and Forrester subscriptions to see the reports for yourself. Both studies offer comprehensive information about the state of SOA governance and technology in 2011.

Finally, Layer 7 was ranked as number 71 in Deloitte’s 2011 Technology Fast 500™. The Fast 500 recognizes the 500 fastest growing North American companies in technology, media, telecommunications, life sciences and clean technology. Deliotte ranks organizations based on their percentage of revenue growth over the five-year period between 2006 and 2011. Being named to the Fast 500 brings us full circle: from vision, to execution, to concrete revenue growth.

I’m looking forward to 2012.

November 18th, 2011

Forrester Wave for SOA Application Gateways 2011 – Layer 7 Positioned as a Leader

Written by

Forrester Wave for SOA Application GatewaysAt the end of last month, we announced that Layer 7 had been named a Deloitte Technology Fast 500 growth company and had been positioned as a leader in Gartner’s 2011 Magic Quadrant for SOA Governance Technologies. Today, we’re very proud to announce that Forrester Research, Inc. has named Layer 7 a Leader in a new report, The Forrester Wave™: SOA Application Gateways, Q4 2011.

The report groups its criteria into three high-level categories: Current Offering, Strategy and Market Presence. Layer 7’s “SecureSpan SOA Gateway scored well in all of the major functional categories.” In fact, we actually had the highest score in the Current Offering category and the Strategy category. As a Leader, we were recognized for our broad and deep support for messaging styles, attack protection, trust enablement and content transformation.

Top vendors were evaluated, so we feel it’s a great honor to be positioned as a Leader in this SOA Application Gateways Wave. For more information on the report, read our press release.

November 16th, 2011

API Portal Demos at Cloud Expo

Jamie Ryan at Cloud ExpoLast week, I was in Santa Clara, California for SYS-CON Media’s Ninth International Cloud Expo. While there, I was demonstrating Layer 7’s API Portal, which helps organizations build communities of third-party developers around their APIs. I’m pleased to say my demos were very well attended.

Our comprehensive API management solution addresses the varied needs of an enterprise looking to securely publish and manage APIs: runtime policy enforcement using our API Proxy and intelligent lifecycle management and operational reporting through our Enterprise Service Manager. The addition of design-time developer on-boarding tools and robust usage reporting within the API Portal really completes the picture. Here’s the thing – just because you’re securely publishing APIs doesn’t mean anyone will be able to find and use them, or that the people who do will use them appropriately.

For a true full-featured API management solution, you also need ways to bring developers on board and to manage these developers. You need to make it easy for them to register for your APIs and manage their own accounts. You need your API owners to have the administrative capability to define service levels, account plans and access rules that will be enforced on a flexible, scalable runtime platform. And you need both business managers and developers to be able to analyze usage patterns for prioritizing future API investments. The fact that my demos were so well attended tells me there’s a growing awareness of these requirements, which is a good thing for all concerned.