webMethods API Gateway 

Secure your APIs at runtime 

We live in an API-connected world. Make sure yours are secure.

APIs are the tools that let you easily expose your unique data and services in web apps, mobile apps and other connected devices. They have become the standard way of connecting applications, data and devices, providing services directly to partners and creating new models for doing business. webMethods API Gateway provides security and peace of mind in this API-connected world. 

webMethods API Gateway enables you to securely expose your APIs to third-party developers, partners and other consumers for use in web, mobile and Internet of Things (IoT) applications. With webMethods API Gateway you can easily create APIs, define Service Level Agreement (SLA) policies, and seamlessly publish your APIs to webMethods Developer Portal. 

Key benefits

  • Secure your APIs from malicious external attacks 
  • Eliminate threats from specific IP addresses and mobile devices 
  • Reduce or eliminate the need for unnecessary holes in your firewall 
  • Ensure API access is limited to authorized and authenticated consumers 
  • Change protocols, message formats or service locations—without impacting consumer-provider relationships 
  • Make the same underlying services available to new applications or APIs over a different protocol or security standard—without costly recoding 
  • Collect API usage data for monetization and external billing solutions 
  • Provide the same quality of service to external and internal developers and consumers 
  • Improve customer experience across channels and touchpoints


Secure APIs 

API Gateway provides DMZ-level protection from malicious attacks initiated by external client applications. With API Gateway, you can secure traffic between API consumer requests and the execution of services with Denial of Service (DoS) attacks based on IP address and specific mobile devices as well as message volume. API Gateway also provides virus scanner integration and helps avoid additional inbound firewall holes through the use of reverse invoke, or inside-out, service invocations. 


API Gateway provides complete runtime governance of APIs published to external destinations. API Gateway enforces access token and operational policies, such as security policies for runtime requests between consumers and native services. API providers can: enforce security, traffic management, monitoring and SLA management policies; transform requests and responses into expected formats; perform routing and load balancing of requests; and collect events metrics on API consumption and policy evaluation.  

Dedicated, web-based user interface 

webMethods API Gateway provides a single, web-based UI to perform all the administration and API-related tasks from API creation, policy definition and activation, to the creation of consumer applications and API consumption, as well as administrative activities.  

Easy discovery and testing of APIs 

API Gateway provides full text search capabilities that help developers quickly find APIs of interest. API descriptions and additional documentation, usage examples, and information about policies enforced at the API level provide more details to help developers decide whether to use a particular API. Developers can use the code samples and expected error and return codes to try out APIs they are interested in, directly from within API Gateway.  

Packages and Plans

Within API Gateway, users can easily create and manage packages and plans, offering API providers the flexibility to provide tiered access to their APIs, accommodating diverse service levels and pricing structures. Users gain visibility into package specifics, including the contained APIs and associated plans. Plans provide pricing details and quality of service terms, empowering consumers to subscribe to the most suitable plan aligning with their business requirements.

Built-in dashboarding and usage analytics

API Gateway provides information about API Gateway events and API-specific events, as well as details about which APIs are more popular than others. This information is available in interactive dashboards so that API providers can understand how their APIs are being used, which in turn can help identify ways to improve their users’ experience and increase API adoption.  

Support for SOAP and REST APIs

API Gateway supports both SOAP-based APIs as well as REST-based APIs. This support enables organizations to leverage their current investments in SOAP-based APIs while they adopt REST for new APIs.

Developer Portal integration 

API Gateway is integrated with webMethods Developer Portal to provide a complete API management solution. APIs created in API Gateway can be synchronized with Developer Portal for API discovery and access control, as well as API user documentation and testing. Message transformation, pre-processing and post-processing API Gateway lets you configure an API and transform the request and response messages to suit your requirements. To do this, you can specify an XSLT file to transform messages during the mediation process. You can also configure an API to invoke webMethods Integration Server services to pre-process or post-process the request or response messages.  

Developer engagement 

APIs can be published to API Portal from API Gateway for developers to discover them. Organizations can group APIs and define policy enforcements on them as a single unit, which can then be subscribed by the developers.

API Mashups

API Gateway allows you to consolidate services and expose them as a single service. You can create API mashups that extend an API operation by grouping it with other API operations available in API Gateway.


Multiple instances of API Gateway can be clustered together to provide scalability. API Gateways can easily allow a load balancer to be placed in front of the clustered API Gateway instance to properly distribute request messages.

Bulkhead pattern support

You can specify the maximum number of concurrent requests processed by an API at API level or by all APIs at Global level. When the designated number of concurrent requests surpasses the set limit, any additional requests are declined. In these instances, transaction events and policy violation events are generated accordingly.

Track specific APIs

Sign up to track the APIs you are interested in and automatically receive notices of changes to them.

Take the next step:
Schedule a demo with an API management expert
Schedule a live demo with one of our experts to see how API Management can help manage the full API lifecycle.
Try API for free (forever)
Make APIs your advantage. Deliver APIs quickly and stay in complete control through their lifecycle. See how easy it is with API Free Forever edition.
Browse our library of API webinars
All of our webinars are available to watch on demand. Join API experts and analysts as they discuss, elaborate and demonstrate API management best practices.
Are you ready to take control of your APIs?
Take a full-lifecycle approach to your APIs and manage them like products.