Header Image

API Proxy

API Proxy for API Security and Management

Lightweight API Gateway for Securing, Managing & Scaling APIs

 

Layer 7’s API Proxy is a virtual API Gateway that gives API publishers a simple tool for securing, orchestrating and optimizing APIs and enforcing SLAs.

The API Proxy can:

  • Protect APIs against attack and misuse
  • Define and enforce API rate limits and SLA metrics
  • Translate between JSON and XML
  • Track and report on API usage and performance
  • Mediate between API versions
  • Cache identity calls or messages, for improved performance
  • Integrate with existing corporate security resources like LDAP, AD and SSO
 
Layer 7 API Proxy in Action
 

For end users who want advanced functionality, the API Proxy can be upgraded, through a simple license key, to the API-aware SOA Gateway. Advanced features include:

  • Enhanced functionality for adapting legacy data to REST
  • Greater capabilities for orchestration with external social, cloud or mobile services and internal message queues
  • Enhanced hardware performance and hardware-based cryptography
  • A full-featured SDK for policy and connector customization

 

Video: Basic API Management Tasks with the API Proxy

 

Secure APIs

 

Deploy enterprise-strength threat protection functionality, data privacy assurance and OAuth-based access control

 

Understand API Usage

 

Track usage/performance across APIs and drill down to the consumer level to understand the user experience

 

Meter & Monetize APIs

 

Assign rate limits, pricing, SLA criteria and more, in order to create standard and custom plans for valued partners

 

Govern the API Lifecycle

 

Manage API migration from dev to test to production, with automated versioning, roll-back and the ability to mediate between API versions to ensure existing applications do not break

Virtual Appliance

 
  • Available as 32- and 64-bit VMware/ESX-based appliances (VMware Ready certified)
  • Packaged with the virtual disk converted and ready for use on VMware/ESX
  • Supports VMware Server and VMware Infrastructure

The API Proxy supports:

  • XML
  • SOAP
  • JSON
  • REST
  • AJAX
  • OAuth
  • SAML
  • LDAP
  • PCI-DSS
  • FIPS 140
  • SSL/TLS
  • XML Schema
  • JDBC
  • XPath
  • XSLT
  • PKCS
  • X.509 Certificates
  • IPv6
  • W3C XML Signature
  • W3C XML Encryption
  • SNMP
  • SMTP
  • POP3
  • IMAP4
  • HTTP/HTTPS

 

Security

Threat Protection
  • Protect against cross-site scripting, SQL injection, XML content/structural threats and viruses
  • Create custom threat profiles to extend built-in filters for message structure and XML-specific threats
  • Track failed authentications and/or policy violations to identify patterns and potential threats
  • Validate HTTP parameters
Access Control
  • Support for HTTP basic, digest, SSL client-side certificate authorization, Microsoft SPNEGO etc. plus SAML, X.509 certificates, LDAP, OAuth etc.
Privacy
  • Powerful message content filtering and transformation tools help identify and suppress leakage of sensitive information (credit card numbers etc.)
  • Support provided for multiple types of element or message-level XML signing and encryption
 

Management

Lifecycle
  • APIs can be smoothly migrated between environments (from dev to test, east to west etc.) with full dependency resolution and re-mapping
  • Support provided for automatic API versioning, including roll-back to any previous version
  • Global security settings, threat detection profiles etc. can be reused across multiple APIs to save time and ensure consistency
Composition
  • Point-and-click API composer supports quick building of composite virtual APIs from any combination and/or subset of existing APIs
Orchestration
  • Policy-driven API request sequencing
  • Routing based on message content or service availability
  • Latency reduction via concurrent running of multiple back-end calls
Performance Control
  • Enforce availability through throttling and/or rate limiting
  • Prioritize traffic to specific APIs, based on SLAs
  • Route traffic, based on geography, IP address or back-end response times
  • Define custom data and identity caching parameters
 

Metering & Reporting

Operational Metrics
  • Configurable, out-of-the-box reports provide insight into API performance and usage, for per-user billing, capacity planning, SLA compliance etc.
  • Real-time monitoring dashboard provides fine-grained insight into API- and network-level performance
Customer Mapping
  • Reports on service performance, policy violations and SLA conformance create a profile of the user experience
Transaction Auditing
  • Log files provide a granular audit trail of all API connections mediated by the API Proxy
 

Integration

Data Integration
  • Connect to, query and retrieve results from a wide variety of external databases including MySQL, IBM DB2, Microsoft SQL Server and Oracle Database, via a range of methods, including JDBC