Header Image


Securely Publish and Manage Web APIs

Securely Publish & Manage Cloud APIs


The CloudSpan CloudControl Gateway simplifies how Telecoms, SaaS, PaaS and IaaS providers expose their provisioning, application and data APIs to external partners, large customers, white label resellers and value added developers. In many instances service providers will need to expose a mix of their own APIs and those of the cloud platforms they build upon, such as Redhat KVM, Citrix C3, CA 3Tera or VMWare's vCloud Director. This creates a need for providing a unified control, security and adaptation layer across a mix of internal cloud APIs.  Using the CloudControl Cloud API Gateway, service providers can control which APIs get exposed to whom down to an operation level, enforcing how and when those APIs get called while providing a single dashboard for managing security and tracking usage across all the APIs.

Without touching their core application and data systems, CloudControl cloud providers can layer on functions like:


  • Authenticate users using a diverse set of credential and token types
  • Control authorization to specific cloud API operations and methods
  • Rate limit the number of requests coming into specific cloud APIs
  • Guard cloud API endpoints from attacks or malformed requests
  • Ensure availability and uptime to application endpoints
  • Obfuscate the cloud API endpoint address from the outside world


  • Monitor usage of specific cloud APIs
  • Meter access to specific cloud APIs
  • Provide version control and backward compatibility for cloud API changes
  • Institute lifecycle management for cloud API development
  • Customize cloud API views for specific requestors based on their entitlements and capabilities
  • Map between WSDL and REST cloud APIs


  • Create virtual or aggregate service views from disparate cloud APIs
  • Control sequence of how cloud APIs get invoked
  • Create a BPEL like workflow for cloud APIs

CloudControl is sold as clusterable hardware or virtual gateways for platforms like Amazon and VMware vCloud.


Publish APIs – create a layer of abstraction that allows users to quickly build or sequence composite virtual APIs from any combination and/or subset of existing APIs using standard Web services approaches involving XML, SOA and REST.

Secure APIs – CloudControl’s dedicated security appliance provides support for all major WS* and WS-I security protocols, as well as all major authentication and authorization standards, allowing organizations to securely expose application APIs to external users.

Manage APIs – gain visibility into detailed usage tracking and metering data that can be used to extract billing information, validate SLA conformance, or check usage for capacity planning.

Chassis 1RU standard rack mount: 1.71 x 16.75 x 27.0 in. (43.43 x 425.5 x 658.8 mm)
Processor Dual Intel Xeon processor 5500 series (quad core = 8 logical cores)
Hardware Acceleration Offload SSL and XML processing operations to optional acceleration card
  • Optional onboard HSM, as well as support for external HSMs (i.e., SafeNet)
  • FIPS  140-2 support in both hardware (Level 3) and software (Level 1)
Ports 4 x Gigabit Network Cards
Memory 8GB RAM (maximum memory of 72GB)
Storage Mirrored, hot-swappable drives
Power Dual redundant, hot-swappable; 760 watts (W)
Performance Able to handle more than 10,000 requests/sec
Operating Systems
  • Solaris 10 for x86 and Niagara
  • SUSE Linux
  • Red Hat Linux 4.0/5.0
Virtual Appliance
Desktop VMware (VMware Ready certified)
Server ESX (VMware Ready certified)
Cloud Amazon EC2 AMI
  • XML
  • SOAP
  • AJAX
  • XPath
  • XSLT
  • WSDL
  • XML Schema
  • LDAP
  • SAML
  • PKCS
  • X.509 Certificates
  • FIPS 140
  • Kerberos
  • W3C XML Signature
  • W3C XML Encryption
  • SNMP
  • SMTP
  • POP3
  • IMAP4
  • IPv6
  • WCF
  • JMS
  • MQ Series
  • REST
  • Tibco EMS
  • FTP
  • WS-Security
  • WS-Trust
  • WS-Federation
  • WS-Addressing
  • WSSecureConversation
  • WS-MetadataExchange
  • WS-Policy
  • WS-SecurityPolicy
  • WS-PolicyAttachment
  • WS-SecureExchange
  • WSIL
  • WS-I
  • WS-I BSP
  • UDDI
  • WSRR
  • MTOM


API Publication
API Abstraction
  • Expose subsets of existing APIs or renaming API calls without re-coding
  • Access to API methods can be filtered/restricted based on user, time of day, service level, etc.
API Composition
  • Point and click API composer supports quickly building composite virtual APIs from any combination and/or subset of existing APIs
  • Lightweight orchestration supports sequencing of incoming API calls to multiple or concurrent back-end services
Multiple Protocols
  • Supports any combination of XML/REST/SOAP APIs and enables translation between protocols to simplify customer adoption
  • Filter/customize back-end error messages to better fit customers deployment patterns
  • Policy-driven API request sequencing based on administrator-defined conditions and logic
  • Routing based on message content or service availability
  • Run multiple assertions concurrently, thereby reducing overall latency when assembling a response from multiple back-end services
API Security
Access Control
  • Support for all major WS* and WS-I security protocols
  • Support for all major authentication and authorization standards, including SAML, Kerberos, digital signatures, X.509 certificates, LDAP, OAuth, etc
Threat Protection
  • Create custom threat profiles to extend built-in filters for message structure & XML-specific threats
  • Track failed authentications and/or policy violations to identify patterns and potential threats
  • Powerful message content filtering and transformation tools help identify and surpass leakage of sensitive information (i.e. SSNs, credit card numbers, etc.)
  • Support for multiple types of element or message level XML signing and encryption
API Management
API Lifecycle
  • APIs can be smoothly migrated between environments (i.e. from Dev to Test, East to West, etc.) with full dependency resolution and re-mapping
  • Supports automatic API versioning including rollback to any previous version
  • Global security settings, threat detection profiles, etc. can be reused across multiple APIs to save time and ensure consistency
Metrics & Reporting
  • Configurable, out-of-the-box reports provide insight into API performance: track API/method usage for per-user billing, capacity planning, SLA compliance etc.
  • Real time monitoring dashboard provides fine-grained insight into API & network level performance
SLA/ Performance Control
  • Enforce availability through throttling and/or rate limiting to ensure SLAs and QoS priorities
  • Dynamically route traffic based on geography, time of day, fastest back-end response times for optimum performance