Header Image

API Management & Security

API Management and Security

The Opportunity: Create New Value from Web APIs

The Application Programming Interface or API is an old concept for exposing application functionality programmatically to other applications and developers. API Management is important. Increasingly commercial and public sector organizations are looking to expose select data and functionality to outside developers so that they can leverage external innovation for reaching new customers, creating new revenue opportunities and building brand loyalty. In so doing companies are transforming their business into platforms. By remaking their business into a platform organizations can

  • Extend their application to partners (i.e., for part ordering) and customers (i.e., allow them to update their own personal information), increasing collaboration and decreasing maintenance by automating interactions
  • Create more points of access for their application by allowing third parties to embed your application functionality, connecting their business to yours
  • Tap into the creativity of third-party developers, allowing them to create new mash-ups and service offerings from your existing functionality, fostering innovation and creating new revenue streams


The Problem: API Management and Security

However publishing APIs online makes organizations subject to the growing threat of cyber attacks. While network firewalls can provide some measure of protection from standard, Web-based attacks, they cannot address API threats because they lack the ability to deal with the messaging protocols used by API's today like XML and JSON.

Managing APIs also presents a number of problems, primarily around creating, maintaining and updating different versions of APIs for different customers, as well as granting third parties the ability to aggregate and orchestrate across your APIs to create new services and richer responses to queries. APIs are like any other piece of code you create; they are developed, tested, deployed and revised as needed. But moving Web APIs between environments or deploying new versions of APIs can expose hidden dependency issues or break your customers existing integrations, causing downtime or even SLA violations.


The Layer 7 Value: API Management for Publication

Layer 7’s CloudSpan and SecureSpan XML Gateways deliver solutions for proxing API's exposed to the outside world. The Layer 7 Gateways can manage access to the APIs, throttle usage based on SLA contracts, meter the number of requests for billing purposes, create virtual "aggregated" views customized to each developer or group of developers, manage versions and ensure backward compatibility and protect against attack and downtime. Moreover using Layer 7 organizations can customize and tailor their solution for their needs exactly, something not possible with hosted solutions. Example API control benefits from Layer 7 include


  • API Security for SOAP, REST and POX APIs:
    • Support for multiple credential, token types for authentication including X.509, SAML, OAuth
    • Fine-grained access rules tailored to a developer or group of developers, including support for XACML
    • Ability to throttle access to APIs
    • Ability to guard against API attacks
    • End-point obfuscation
  • Manage and Monitor APIs:
    • Manage API lifecycle to eliminate change errors
    • Ensure backward compatibility of API versions
    • Meter API usage for billing purposes
    • Monitor API usage and API uptime
    • Simplify integration with existing reporting, BI tools
  • Orchestrate API Consumption:
    • Create virtualized APIs (aggregate, recompose, remap formats)
    • Customize sequence for when APIs get invoked
    • Create personalized API views for each customer and partner

Basic API Management Tasks with the Layer 7 API Proxy