webMethods API Gateway
Secure your APIs at runtime
We live in an API-connected world. Make sure yours are secure.
APIs are the tools that let you easily expose your unique data and services in web apps, mobile apps and other connected devices. They have become the standard way of connecting applications, data and devices, providing services directly to partners and creating new models for doing business. webMethods API Gateway provides security and peace of mind in this API-connected world.
webMethods API Gateway enables you to securely expose your APIs to third-party developers, partners and other consumers for use in web, mobile and Internet of Things (IoT) applications. With webMethods API Gateway you can easily create APIs, define Service Level Agreement (SLA) policies, and seamlessly publish your APIs to webMethods API Portal.
- Secure your APIs from malicious external attacks
- Eliminate threats from specific IP addresses and mobile devices
- Reduce or eliminate the need for unnecessary holes in your firewall
- Ensure API access is limited to authorized and authenticated consumers
- Change protocols, message formats or service locations—without impacting consumer-provider relationships
- Make the same underlying services available to new applications or APIs over a different protocol or security standard—without costly recoding
- Collect API usage data for monetization and external billing solutions
- Provide the same quality of service to external and internal developers and consumers
- Improve customer experience across channels and touchpoint
API Gateway provides DMZ-level protection from malicious attacks initiated by external client applications. With API Gateway, you can secure traffic between API consumer requests and the execution of services with Denial of Service (DoS) attacks based on IP address and specific mobile devices as well as message volume. API Gateway also provides virus scanner integration and helps avoid additional inbound firewall holes through the use of reverse invoke, or inside-out, service invocations.
API Gateway provides complete runtime governance of APIs published to external destinations. API Gateway enforces access token and operational policies, such as security policies for runtime requests between consumers and native services. API providers can: enforce security, traffic management, monitoring and SLA management policies; transform requests and responses into expected formats; perform routing and load balancing of requests; and collect events metrics on API consumption and policy evaluation.
Dedicated, web-based user interface
webMethods API Gateway provides a single, web-based UI to perform all the administration and API-related tasks from API creation, policy definition and activation, to the creation of consumer applications and API consumption, as well as administrative activities.
Easy discovery and testing of APIs
API Gateway provides full text search capabilities that help developers quickly find APIs of interest. API descriptions and additional documentation, usage examples, and information about policies enforced at the API level provide more details to help developers decide whether to use a particular API. Developers can use the code samples and expected error and return codes to try out APIs they are interested in, directly from within API Gateway.
Built-in dashboarding and usage analytics
API Gateway provides information about API Gateway events and API-specific events, as well as details about which APIs are more popular than others. This information is available in interactive dashboards so that API providers can understand how their APIs are being used, which in turn can help identify ways
to improve their users’ experience and increase API adoption.
Support for SOAP and REST APIs
API Gateway supports both SOAP-based APIs as well as REST-based APIs. This support enables organizations to leverage their current investments in SOAP-based APIs while they adopt REST for new APIs.
API Portal integration
API Gateway is integrated with webMethods API Portal to provide a complete API management solution. APIs created in API Gateway can be synchronized with API Portal for API discovery and access control, as well as API user documentation and testing. Message transformation, pre-processing and post-processing API Gateway lets you configure an API and transform the request and response messages to suit your requirements. To do this, you can specify an XSLT file to transform messages during the mediation process. You can also configure an API to invoke webMethods Integration Server services to pre-process or post-process the request or response messages.
APIs can be published to API Portal from API Gateway for developers to discover them. Organizations can group APIs and define policy enforcements on them as a single unit, which can then be subscribed by the developers.
Multiple instances of API Gateway can be clustered together to provide scalability. API Gateways can easily allow a load balancer to be placed in front of the clustered API Gateway instance to properly distribute request messages.