Header Image

SOA Gateway

API Gateway with Advanced SOA Adaptation & Mediation Features


The SOA Gateway is Layer 7’s top-of-the-line API Gateway. The SOA Gateway offers all the RESTful features of the API Proxy plus advanced SOA security and mediation features for backend connectivity to databases, mainframes and applications. It can act as a lightweight enterprise service bus (ESB) with API identity, security and management built in.  

The SOA Gateway includes backend connectors to a diverse range of data stores, mainframes and legacy applications. It provides data translation, contextual routing, SLA management, caching, protocol switching and B2B functionality. It can also act as an API composition and virtualization endpoint for more complex orchestrations. 

To support DMZ deployments, the SOA Gateway includes Web application firewalling (WAF), mobile firewalling and API DoS capabilities. Like all Layer 7 Gateways, it has pre-built integrations with a wealth of enterprise infrastructure products, including all commercial IAM and message-oriented middleware solutions as well the most popular business intelligence and event correlation tools.

Key features of the SOA Gateway include

  • Flexible deployment as hardware, software, virtual machine or cloud image
  • Integrated application and API security for Web and mobile
  • Diverse backend connections to databases, applications and mainframes
  • API adaptation and composition features
  • Advanced SLA and performance optimization capabilities
  • Clustering for scaling and high availability


White Papers

SOA Appliances: Simple & Secure Integration

Read the white paper  >>

Not All SOA Gateways are Created Equal

Read the white paper  >>


Solution Brief: Building Data Lenses Using Layer 7


Aggregate & Manage Access
to Data Sources

Layer 7's Data Lens solution gives the hybrid enterprise a new capacity to expose customized data views that can be monetized and accessed for mobile, analytics and Internet of Things use cases.


Read the Solution Brief >>

Turnkey SOA Governance Solution


Centrally enforces policies that ensure security, compliance, reliability and quality of service for all application services, no matter where they reside – in the enterprise or in the Cloud


Security Certifications


Meets the industry’s highest security standards, including FIPS, PCI-DSS, DoD STIG and Common Criteria EAL4+


Security Standards Compliance


Delivers consistent implementation of all key security standards and ensures protection from standards versioning issues


Fine-Grained Access Control


Features support for SAML authentication, authorization and attribute-based policies, as well as OAuth and XACML, allowing organizations to enforce fine-grained entitlement decisions


ESB-Like Web Service Mediation


Delivers easy-to-scale message routing, caching and service mediation functionality, providing a lightweight alternative to a conventional ESB


Extensible Policies


Allows Java programmers to create new policies to address unique requirements, via a custom policy assertion SDK


Centralized SLA Enforcement


Delivers throttling/rate limiting controls that create the ability to support service over-subscription with per-service throttling of excess messages


API Virtualization & Management


Makes it possible to efficiently secure and manage versions of APIs across the development lifecycle, without breaking client applications





 1U standard rack mount


 Dual Intel Xeon E5-2640 2.5GHz CPU


 - Optional onboard HSM and support for external HSMs

 - FIPS 140-2 support in both hardware and software


 4 x Gigabit Network Cards




 Mirrored, hot-swappable 300GB drives


 Dual redundant, hot-swappable; 600 watts


 Able to handle more than 10,000 requests per second




 Operating Systems

 - Solaris 10

 - SUSE Linux

 - Red Hat Linux 5.0


Virtual Appliance



 ESX (VMware Ready certified)


 Amazon EC2 AMI

The SOA Gateway supports:

  • XML
  • SOAP
  • AJAX
  • XPath
  • XSLT
  • WSDL
  • XML Schema
  • LDAP
  • SAML
  • PKCS
  • X.509 Certificates
  • FIPS 140
  • Kerberos
  • W3C XML Signature
  • W3C XML Encryption
  • SNMP
  • SMTP
  • POP3
  • IMAP4
  • WCF
  • IPv6
  • JDBC
  • JSON
  • JMS
  • MQ Series
  • REST
  • Tibco EMS
  • FTP
  • OAuth
  • WS-Security
  • WS-Trust
  • WS-Federation
  • WS-Addressing
  • WSSecureConversation
  • WS-MetadataExchange
  • WS-Policy
  • WS-SecurityPolicy
  • WS-PolicyAttachment
  • WS-SecureExchange
  • WSIL
  • WS-I
  • WS-I BSP
  • UDDI
  • WSRR
  • MTOM


Policy Management

Composition & Editing
  • Compose policy statements from pre-made policy assertions
  • Branch policy based on logical conditions, message content etc.
  • Update policies live across clusters, with no downtime required
Lifecycle Management
  • Manage the policy lifecycle across geographical locations and environments (development, test, staging and production)
  • Quickly create customized policy assertions using a simple Java SDK

Service Management

Operations Management
  • Quickly view audits, events and metrics for multiple Gateways across the enterprise and Cloud
Policy Migration
  • Migrate policies across development, test, staging and production environments and mirror sites
Services Reporting
  • Get quick insight into Gateway operations, service-levels and service user experience
Remote Patching
  • Selectively update any Gateway software, including system files and the operating system
Disaster Recovery
  • Centrally back-up Gateway configuration files and policies from one or more Gateway/cluster and restore remotely
Remote Management
  • Integrate existing third-party management tools into the Gateway, to simplify asset management

API Management

  • Secure, manage, monitor and control access to APIs
  • Throttle API usage to ensure backend services are not overwhelmed
Metrics & Reporting
  • Get quick insight into API performance (utilization, availability etc.)
  • Track failed authentications and policy violations to identify threats
  • Support for all major WS* and WS-I security protocols
  • Support for all major authentication standards, including SAML and OAuth


Data Integration
  • Connect to, query and retrieve results from a wide variety of external databases including MySQL, IBM DB2, Microsoft SQL Server and Oracle Database, via a range of methods, including JDBC