API Gateway provides everything you need to develop, integrate and manage APIs and web services that securely bridge back-end services with digital business applications across cloud and mobile. Consistent high performance and fast response times enable millisecond-latency transactions in demanding SLA-driven environments.
In addition to a graphical “configure-not-code” environment for agile and fast API development and management, you also get true end-to-end and real-time operational monitoring, analytics and reporting that gives all types of users — technical, business, and operational — optimal data-flow visibility into API usage and back-end service performance.
Axway API Gateway Key Capabilities
Manage the end-to-end lifecycle for APIs and web services
APIs and web services have a lifecycle that spans development, testing, deployment, administration and monitoring. Unlike other solutions that cover only parts of the API lifecycle, can’t handle web services, or are merely building blocks for custom integration, Axway API Management provides a comprehensive platform that gives you control of the entire end-to-end lifecycle — from conception to consumption to usage monitoring and management.
Axway API Manager provides consistency across development and management of native REST APIs, developed APIs that require back-end integration, and existing web services. No matter how an API is implemented, it can be defined, registered and published to the API catalog in the same way.
You can also use Axway API Policy Studio to build a library of standardized corporate policies (for caching, threat protection, etc.) that developers can choose from when they register a new API or web service.
Control access, block attacks and govern data flows to satisfy stringent security, compliance and SLA requirements
API security breaches can cause brand damage, revenue loss, and compliance penalties. Axway API Gateway provides comprehensive security and pre-built identity management integrations to thwart attacks on APIs, control access to them, and secure the data they send and receive.
Axway API Gateway security features and certifications include:
- ANSII Certification, as currently required for French government agency customers and their partners
- NIST FIPS- and NSA Suite B-compliant modes available with license key activation
- Embedded API Firewalling engine for enhanced data and API protection. API Firewalling is required for PCI/DSS compliance in the payments industry. Application security providers update blacklisting and whitelisting rules daily.
- SafeNet Luna HSM (hardware security module) integration for dedicated private key storage on Amazon Cloud
- Extensive auditing, monitoring and reporting capabilities to ensure compliance with SLAs and regulatory mandates.
You don’t have to add another user identity repository to control API access. You can:
- Use out-of-the-box integrations with all the leading identity management vendors, such as CA, IBM and Oracle
- Leverage your existing LDAP and other corporate identity repositories to authenticate Axway API Manager and Axway API Portal users
- Create custom authentication policies for any API or web service registered in the API catalog, and provide documentation detailing which credentials developers need to provide
- Manage OAuth token-based authorizations
Enable self-service consumption of existing web services
Axway API Gateway preserves your investments in web services by treating new REST APIs and existing web services equally. You can use it to:
- Register and publish web services in the API catalog on your Axway API Portal to provide a consistent experience for self-service browsing and consumption
- Manage the lifecycle of web services, including organization and application authorization, quota monitoring and management, and API Key support
Monitor API usage
Once you deploy your APIs, it’s important to understand how, how often and by whom they are being used. You can use Axway API Gateway to monitor:
• Application of SLAs to APIs
• Round-trip data flows, including details of back-end service performance
• Per-API and per-client usage
• Client attributes (for example, compare iPhone and Android usage of APIs)
Implement web service and protocol abstraction, transformation, and orchestration
API Gateway performs protocol transformation, such as SOAP-to-REST and XML-to-JSON, on the fly. Acting as an API gateway that mediates protocols, it enables applications to call any partner API without explicit support for the protocol used by that API.
Using a simple drag-and-drop user interface, without coding or scripting, you can:
• Link APIs together to create composite services
• Cache traffic from API calls, or from databases or message queues
• Virtualize third-party APIs to control the propagation of changes from source APIs
You can also use Axway API Gateway to deploy web APIs in front of back-end JMS-based message queues, SQL databases, and more. Advanced messaging capabilities (including Commit/Rollback options, support for Durable Topic Subscribers, a “Read from JMS” filter, and certificate+key selection from JMS dialogs) provide robust reliability, support broad uses cases and enable agile integration with back-end systems.
Build APIs and policies visually
You can integrate existing SOA assets using pre-built integrations with application and infrastructure vendors such as HP Systinet, IBM, JBOSS, .NET, Oracle, Progress, Software AG and TIBCO.
Deploying Axway API Gateway as a mobile backend for peer-to-peer (P2P) mobile payments
Carrying out 18 million monthly transactions with a value of €9 billion
Preparing the largest independent energy supplier in the UK to scale its web platform from 1 million accounts to 3 million and beyond and securely connect to a smart metering platform
Bruno Cambounet of Axway and Asif Faruque of Finextra discuss the digital future of the Financial Services IndustryIn this video, Bruno Cambounet of Axway and Asif Faruque of Finextra discuss this new future of the Financial Services Industry, detailing key elements of the digital transformation in FSI – such as security, legacy services (e.g. credits and loans) and visibility of services and data flow – and how these elements build customer confidence in the security of their financial data.
A foundational aspect of the Web is that the client/browser and the server should understand each other and interact successfully. This session explores the language of Web APIs and how developers and clients must learn to understand them.
Join Bruno Cambounet, Vice President of Finance Services and Insurance and Ivan Schneider, former editor of Bank Systems & Technology and current editor/analyst for UBM TechWeb, as they discuss integration and control of financial data flows in and out of organizations, and the impacts upon “frenemy” partner ecosystems.