Layer 7’s API Portal Offers “Managed Access” to Deeper Pool of Talented Devs

Layer 7 Technologies is helping companies safely work with a wider range of innovative developers without compromising security or compliance. The API Portal expands Layer 7’s gateway-based API management suite, and gives companies broader-yet-managed access to a whole new pool of talented devs working in mobile, social, business process, cloud and SaaS.

Tags: APIs, Layer 7, SOA Gateway, identity, compliance, ALM, mobile, social, SaaS, management,

layer7_apiportalLayer 7 Technologies is helping companies safely work with a wider range of innovative developers without compromising security or compliance. The API Portal expands Layer 7’s gateway-based API management suite to give companies broader yet managed access to new, talented devs working in mobile, social, business process, cloud and SaaS.

“API Portal represents a new constituency, and allows companies to reach out to casual developers to build interesting things,” Layer 7 CTO Scott Morrison told IDN. While the advent of cloud and REST is dramatically increasing the willingness of firms to expand their “casual developer” pool, IT admins still need to easily monitor and govern their activities, Morrison added.

The API Portal approach is founded on a simple idea: As APIs are today’s ‘lingua franca” for diverse on-premise and off-premise developer stakeholders, the question becomes:

 

How can companies impose corporate governance and security on a new class of casual developers – without imposing undue admin burdens on either the devs or IT admins?

 

The answer lays in the way Layer 7’s API Portal extends its SOA Gateway API management suite to let firms work ad hoc with new developers with easy on-boarding, on-going reporting, real-time tracking and even ensuring compliance with a firm’s security and policy rules, according to Morrison.   

In specific, Layer 7’s API Portal provides real-time insight into how APIs are being used, supports end-to-end processes for API management, provides enterprise-grade security controls and comes with tools to simplify management of both dev accounts and API keys.

Layer 7’s API Portal offers these features:

  • Integration with an API proxy to provide enterprise-grade security and PCI DSS compliance
  • Deployable on-premise, eliminating the need to send API responses (which may include sensitive or private information) to the cloud
  • Customizable API security definitions to fit enterprise requirements for keys, certificates and/or tokens
  • Comprehensive API reporting, spanning third-party dev and internal enterprise roles (API owners, operations and security officers, etc.)
  • Manages API versioning to ensure all versions of an API will be supported as new versions are updated
  • Ensure carrier-grade performance, handling up to 25 billion transactions per month on a single API proxy, when deployed with a Layer 7 API Proxy


Layer 7 Execs Says API Portal an
Extension of a ‘Registry/Repository’ Model

“When you think about it, the API Portal is registry/repository 2.0,” Morrison said. “It’s about providing customers a more agile R/R and identity management approach. In the end, our gateway makes sure the transaction is validated, the developer is authorized to access an API, and most importantly, makes certain are policies enforced.“

 

"The API Portal [makes] sure developers can do self-service provisioning with a new API, and within constraints of security and policy."

Scott Morrison
CTO
Layer 7 Technologies

The API Portal is also a logical evolution of Layer 7’s long-standing API management and gateway portfolio, Morrison said. “Many of our customers use Layer 7 now for a consistent approach to identity, security, tokens and certificates among stakeholders – and not as a one-off validation, but with a consistent approach.” With API Portal, Layer 7 is extending this rigor to casual or ad hoc developer relationships, he said.

“Today, development can get delegated quickly and may cross many organizational boundaries, so we spent a lot of time building up the role-based access control system,” Morrison said. “This supports not just making sure developers can do self-service provisioning with a new API, but that those devs can do that within constraints of security and policy.”

 




back