Header Image

API Proxy

Guard Against the Growing Threat of Cyber Attacks

Simplify API Management for Mobile and Web

With the proliferation of mobile devices and social Web sites, enterprises are looking for new ways to monetize their information assets on these platforms. But to be successful, enterprises require the ability to not only secure and manage their publicly exposed APIs, but also create a strong following of third party developers that can help them foster innovation, expand their market reach and enhance customer retention.

The Layer 7 SecureSpan API Proxy provides a comprehensive API management solution for RESTful services that incorporates industry-leading security and abstraction, a community-building developer portal and enterprise-scale API lifecycle capabilities. With the SecureSpan API Proxy you can define and enforce API rate limits and SLA metrics; implement SAML & OAuth access methods; mediate between JSON and XML; track and report on API usage and performance; and mediate between API versions to ensure client applications don’t break when APIs are upgraded.

Layer 7 API Proxy in Action

 

The API Proxy provides:

  • API Threat Protection – high speed XML & JSON schema validation
  • SSL / Data Privacy – terminate or initiate SSL sessions to better protect message content
  • API Abstraction and Orchestration – define any number of virtual API views, and sequence them using policy
  • OAuth Support – define OAuth validation, token handling and translation preferences
  • Rate Limiting – throttle APIs based on hits, message volume, backend latency, time of day, etc
  • Developer Onboarding – out-of-the-box developer registration, API key distribution and API reporting

The SecureSpan API Proxy is available as a virtual appliance.

 

Basic API Management Tasks with the Layer 7 API Proxy

Secure your APIs - Enterprise-strength threat protection, OAuth based access controls and data privacy controls.

Understand API Usage - Track usage/performance across APIs, and drill down to the customer level to understand user experience.

Build Developer Communities - Provide developers and partners with self service capabilities for API discovery, key distribution, discussion forums, API reporting and more.

Meter & Monetize APIs - Assign rate limits, T&C’s, pricing, SLA criteria, and more in order to create standard and custom plans for valued partners.

Govern the API Lifecycle - Manage API migration from dev to testing to production with automated versioning, rollback and the ability to mediate between API versions to ensure existing applications don’t break.

Virtualized Appliance for VM
  • Available as 32 and 64-bit VMware/ESX-based appliances (VMware Ready certified)
  • The API Proxy Virtual Appliance is packaged with the virtual disk converted and ready for use on VMware/ESX
  • Supports VMware Server and VMware Infrastructure
  • XML
  • SOAP
  • AJAX
  • XPath
  • XSLT
  • XML Schema
  • LDAP
  • SAML
  • PKCS
  • X.509 Certificates
  • FIPS 140
  • PCI-DSS
  • JSON
  • REST
  • OAuth
  • IPv6
  • W3C XML Signature
  • W3C XML Encryption
  • SSL/TLS
  • SNMP
  • SMTP
  • POP3
  • IMAP4
  • HTTP/HTTPS

 

API Proxy
Threat Protection
  • Protect against Cross-Site Scripting (XSS), SQL Injection, XML content/structural threats & viruses
  • Create custom threat profiles to extend built-in filters for message structure and XML-specific threats
  • Track failed authentications and/or policy violations to identify patterns and potential threats
  • Validate HTTP parameters, REST query/POST parameters, JSON data structures, XML schemas, etc
Access Control
  • Support for HTTP basic, digest, SSL client-side certificate authorization, Microsoft SPNEGO, etc
  • Support for SAML, X.509 certificates, LDAP, OAuth, etc.
Privacy
  • Powerful message content filtering and transformation tools help identify and suppress leakage of sensitive information (i.e. SSNs, credit card numbers, etc.)
  • Support for multiple types of element or message level XML signing and encryption
API Management
API Lifecycle
  • APIs can be smoothly migrated between environments (i.e., from Dev to Test, East to West, etc) with full dependency resolution and re-mapping
  • Supports automatic API versioning including rollback to any previous version
  • Global security settings, threat detection profiles, etc. can be reused across multiple APIs to save time and ensure consistency
API Composition
  • Point and click API composer supports quickly building composite virtual APIs from any combination and/or subset of existing APIs
Orchestration
  • Policy-driven API request sequencing based on administrator-defined conditions and logic
  • Routing based on message content or service availability
  • Run multiple back-end service calls concurrently, thereby reducing overall latency
SLA/Performance Control
  • Enforce availability through throttling and/or rate limiting to ensure SLAs and QoS priorities Prioritize traffic to specific APIs based on SLAs
  • Limit API access based on user, time of day, IP address etc.
  • Route traffic based on geography, IP address, back-end response times, etc for optimum performance
  • Integrated clustering provides scalability and automatic failover between multiple instances of APIs/services
  • Define custom data and identity caching parameters for optimal performance tuning
Developer Portal
Developer Registration
  • Account management capabilities
  • API key management and distribution
Developer Support
  • Discussion forums, integrated messaging, FAQs, issue resolution, etc
  • API documentation, sample code/applications, etc
API Reporting
  • Self-tracking and metering of API usage/billing for developers
  • Tracking and metering of API usage/invoices for API publisher
API Monetization
  • Ability to assign plans to APIs, including SLAs, pricing, rate limits, and other features
API Metering and Reporting
Operational Metrics
  • Configurable, out-of-the-box reports provide insight into API performance: meter and track API/method usage for per-user billing, capacity planning, SLA compliance etc.
  • Real time monitoring dashboard provides fine-grained insight into API & network level performance
Customer Mapping
  • Report on service performance, policy violations and SLA conformance based on specific customers, composites (i.e., processes and transactions using a service) or clients to build a profile of user experience
Audit Transactions
  • Log files provide a granular audit trail of all API connections mediated by the API Proxy