Header Image

API Proxy

API Proxy for API Security and Management

Lightweight API Gateway for Securing, Managing & Scaling APIs


Layer 7’s API Proxy is a virtual API Gateway that gives API publishers a simple tool for securing, orchestrating and optimizing APIs and enforcing SLAs.

The API Proxy can:

  • Protect APIs against attack and misuse
  • Define and enforce API rate limits and SLA metrics
  • Translate between JSON and XML
  • Track and report on API usage and performance
  • Mediate between API versions
  • Cache identity calls or messages, for improved performance
  • Integrate with existing corporate security resources like LDAP, AD and SSO
Layer 7 API Proxy in Action

For end users who want advanced functionality, the API Proxy can be upgraded, through a simple license key, to the API-aware SOA Gateway. Advanced features include:

  • Enhanced functionality for adapting legacy data to REST
  • Greater capabilities for orchestration with external social, cloud or mobile services and internal message queues
  • Enhanced hardware performance and hardware-based cryptography
  • A full-featured SDK for policy and connector customization


Video: Basic API Management Tasks with the API Proxy


Secure APIs


Deploy enterprise-strength threat protection functionality, data privacy assurance and OAuth-based access control


Understand API Usage


Track usage/performance across APIs and drill down to the consumer level to understand the user experience


Meter & Monetize APIs


Assign rate limits, pricing, SLA criteria and more, in order to create standard and custom plans for valued partners


Govern the API Lifecycle


Manage API migration from dev to test to production, with automated versioning, roll-back and the ability to mediate between API versions to ensure existing applications do not break

Virtual Appliance

  • Available as 32- and 64-bit VMware/ESX-based appliances (VMware Ready certified)
  • Packaged with the virtual disk converted and ready for use on VMware/ESX
  • Supports VMware Server and VMware Infrastructure

The API Proxy supports:

  • XML
  • SOAP
  • JSON
  • REST
  • AJAX
  • OAuth
  • SAML
  • LDAP
  • FIPS 140
  • XML Schema
  • JDBC
  • XPath
  • XSLT
  • PKCS
  • X.509 Certificates
  • IPv6
  • W3C XML Signature
  • W3C XML Encryption
  • SNMP
  • SMTP
  • POP3
  • IMAP4



Threat Protection
  • Protect against cross-site scripting, SQL injection, XML content/structural threats and viruses
  • Create custom threat profiles to extend built-in filters for message structure and XML-specific threats
  • Track failed authentications and/or policy violations to identify patterns and potential threats
  • Validate HTTP parameters
Access Control
  • Support for HTTP basic, digest, SSL client-side certificate authorization, Microsoft SPNEGO etc. plus SAML, X.509 certificates, LDAP, OAuth etc.
  • Powerful message content filtering and transformation tools help identify and suppress leakage of sensitive information (credit card numbers etc.)
  • Support provided for multiple types of element or message-level XML signing and encryption


  • APIs can be smoothly migrated between environments (from dev to test, east to west etc.) with full dependency resolution and re-mapping
  • Support provided for automatic API versioning, including roll-back to any previous version
  • Global security settings, threat detection profiles etc. can be reused across multiple APIs to save time and ensure consistency
  • Point-and-click API composer supports quick building of composite virtual APIs from any combination and/or subset of existing APIs
  • Policy-driven API request sequencing
  • Routing based on message content or service availability
  • Latency reduction via concurrent running of multiple back-end calls
Performance Control
  • Enforce availability through throttling and/or rate limiting
  • Prioritize traffic to specific APIs, based on SLAs
  • Route traffic, based on geography, IP address or back-end response times
  • Define custom data and identity caching parameters

Metering & Reporting

Operational Metrics
  • Configurable, out-of-the-box reports provide insight into API performance and usage, for per-user billing, capacity planning, SLA compliance etc.
  • Real-time monitoring dashboard provides fine-grained insight into API- and network-level performance
Customer Mapping
  • Reports on service performance, policy violations and SLA conformance create a profile of the user experience
Transaction Auditing
  • Log files provide a granular audit trail of all API connections mediated by the API Proxy


Data Integration
  • Connect to, query and retrieve results from a wide variety of external databases including MySQL, IBM DB2, Microsoft SQL Server and Oracle Database, via a range of methods, including JDBC