API Gateway

Deploy Web APIs securely and efficiently

Delivering Web APIs requires security, management, and protocol mediation. Underlying SOAP Web Services require conversion to lightweight REST APIs, as well as data transformation. In addition, standards such as OAuth, SAML, and WS-Security must be supported.  

Axway API Gateway provides a platform for deploying and managing APIs, internally and across the firewall, regardless of protocol or authentication mechanism.

Axway API Gateway is available as:

  • Hardware Appliance
  • Virtual Appliance
  • Installable Software for Windows, Linux, and Solaris
  • Amazon AMI

Manage security requirements

Web APIs require authentication of the calling client, such as a mobile app.  Different organizations and APIs use different authentication schemes. For example:

  • Mobile APIs use API Keys with OAuth, while SOA Services use WS-Security
  • Mutual SSL with X.509 certificates is widely used for authentication

In addition, APIs must be protected from attacks, at the protocol level and at the content level. This involves detecting and blocking attacks such as Denial-of-Service, JSON prototype attacks, and SQL Injection. Recently, a number of high-profile APIs have been successfully attacked.

Using Axway API gateway, an organization can:

  • Apply security policies to its Web APIs to control access and block attacks
  • In conjunction with the Axway API Portal, manage developer access to Web APIs
  • Insert security tokens – including SAML Assertions and JSON Web Tokens (JWT) – into REST and SOAP requests

Mediate protocols

API protocols come in many varieties. Newer Web-centric APIs tend to be based on REST and JSON, while Web Service-style APIs are typically based on SOAP and XML. Traditional EDI-style APIs rely on FTP-based secure file transfer protocols. Even REST-style APIs have a number of different popular coding patterns. Message and payload also come in a broad range of formats, based on any number of industry standards and proprietary formats.

In addition, SOAP and REST APIs are often deployed in front of protocols such as JMS, or a database using SQL. A common usage of Axway API Gateway is to deploy Web APIs in front of backend JMS based message queues, or SQL databases. Protocol mediation is provided as standard.

Axway API Gateway performs protocol transformation, such as SOAP-to-REST and XML-to-JSON, on the fly. Acting as an API gateway that mediates protocols, it enables applications to call any partner API without explicit support for the protocol used by that API.

Monitor API Usage

Once an organization deploys APIs, it is important to monitor their usage. Axway API Gateway provides full API monitoring, including:

  • Application of SLAs (Service Level Agreements) to APIs
  • Full round-trip monitoring of APIs, including details of back-end service performance
  • Per-API and per-client monitoring
  • Ability to monitor client attributes (for example, compare iPhone and Android usage of APIs)

Virtualize, aggregate and mash-up APIs

Through a simple drag-and-drop user interface, without coding or scripting, Axway API Gateway enables organizations to:

  • Link APIs together in order to create composite services
  • Cache traffic from API calls, or from databases or message queues
  • Virtualize third-party APIs to control the propagation of changes from source APIs
  • Follow Axway on Facebook
  • Follow Axway on Twitter
  • Axway YouTube Channel
  • Axway RSS Feeds
  • Axway Blogs