Header Image

Layer 7 XML Gateways

The Industry-Leading XML Gateway for SOA, API, Cloud & Mobile


All Layer 7 API Gateways include XML Gateway technology for accelerating and securing XML-based API message formats like SOAP. Layer 7’s SOA, CloudConnect and Mobile Access Gateways include full support for the WS-* standards stack. They also feature wire-speed XML acceleration for common latency-inducing operations like XSLT-based message transformation, XML schema validation and XPath-based message parsing.  


The XML enhancements included with Layer 7 API Gateways provide the following advantages, not available with non-XML-optimized Gateways:

  • Native XML acceleration for transformation, validation and parsing
  • Streamlined XML/SOAP <-> JSON conversion
  • Streamlined XML/WSDL <-> REST mapping
  • XML firewalling for API and DoS protection
  • WS-* (Web services) standards support 
  • FIPS, PCI, STIG, HIPAA and EAL4+ security compliance
  • PKI integration and provisioning
  • Full SAML Web services profile support (for validation and token generation)

To learn more about Layer 7 API Gateways with XML Gateway capabilities:

Turnkey SOA Governance Solution


Centrally enforces policies that ensure security, compliance, reliability and quality of service for all application services, no matter where they reside – in the enterprise or in the Cloud


Security Certifications


Meets the industry’s highest security standards, including FIPS, PCI-DSS, DoD STIG and Common Criteria EAL4+


Security Standards Compliance


Delivers consistent implementation of all key security standards and ensures protection from standards versioning issues


Fine-Grained Access Control


Features support for SAML authentication, authorization and attribute-based policies, as well as OAuth and XACML, allowing organizations to enforce fine-grained entitlement decisions


ESB-Like Web Service Mediation


Delivers easy-to-scale message routing, caching and service mediation functionality, providing a lightweight alternative to a conventional ESB


Extensible Policies


Allows Java programmers to create new policies to address unique requirements, via a custom policy assertion SDK


Centralized SLA Enforcement


Delivers throttling/rate limiting controls that create the ability to support service over-subscription with per-service throttling of excess messages


API Virtualization & Management


Makes it possible to efficiently secure and manage versions of APIs across the development lifecycle, without breaking client applications



  • 1RU standard rack mount
  • Dual Six-Core Intel Xeon L5640 2.26 GHz CPU
Hardware Acceleration
  • Optional acceleration card for offloading XML processing
  • Optional onboard HSM and support for external HSMs
  • FIPS 140-2 support in both hardware and software
  • 4 x Gigabit Network Cards
  • 12GB RAM (maximum memory of 72GB)
  • Mirrored, hot-swappable 146GB RAID 1 SAS HDD
  • Dual redundant, hot-swappable, 760 watts (W)
  • Able to handle more than 10,000 requests per second


Operating Systems
  • Solaris 10 for x86 and Niagara
  • SUSE Linux
  • Red Hat Linux 4.0/5.0

Virtual Appliance

  • VMware (VMware Ready certified)
  • ESX
  • Amazon EC2 AMI

Layer 7 XML Gateways support:

  • XML
  • SOAP
  • AJAX
  • XPath
  • XSLT
  • WSDL
  • XML Schema
  • LDAP
  • SAML
  • PKCS
  • X.509 Certificates
  • FIPS 140
  • Kerberos
  • W3C XML Signature
  • W3C XML Encryption
  • SNMP
  • SMTP
  • POP3
  • IMAP4
  • WCF
  • IPv6
  • JSON
  • JMS
  • MQ Series
  • REST
  • Tibco EMS
  • FTP
  • OAuth
  • WS-Security
  • WS-Trust
  • WS-Federation
  • WS-Addressing
  • WSSecureConversation
  • WS-MetadataExchange
  • WS-Policy
  • WS-SecurityPolicy
  • WS-PolicyAttachment
  • WS-SecureExchange
  • WSIL
  • WS-I
  • WS-I BSP
  • UDDI
  • WSRR
  • MTOM


Policy Management

Composition & Editing
  • Compose policy statements from pre-made policy assertions
  • Branch policy based on logical conditions, message content etc.
  • Update policies live across clusters, with no downtime required
Lifecycle Management
  • Manage the policy lifecycle across geographical locations and environments (development, test, staging and production)
  • Quickly create customized policy assertions using a simple Java SDK

Service Management

Operations Management
  • Quickly view audits, events and metrics for multiple Gateways across the enterprise and Cloud
Policy Migration
  • Migrate policies across development, test, staging and production environments and mirror sites
Services Reporting
  • Get quick insight into Gateway operations, service-levels and service user experience
Remote Patching
  • Selectively update any Gateway software, including system files and the operating system
Disaster Recovery
  • Centrally back-up Gateway configuration files and policies from one or more Gateway/cluster and restore remotely
Remote Management
  • Integrate existing third-party management tools into the Gateway, to simplify asset management

API Management

  • Secure, manage, monitor and control access to APIs
  • Throttle API usage to ensure backend services are not overwhelmed
Metrics & Reporting
  • Get quick insight into API performance (utilization, availability etc.)
  • Track failed authentications and policy violations to identify threats
  • Support for all major WS* and WS-I security protocols
  • Support for all major authentication standards, including SAML and OAuth