SOA Software’s API Gateway Unifies, Integrates Core API Project Capabilities
This month, SOA Software continues to expand its API-focused portfolio with a unified and integrated API Gateway. It provides a flexible virtual and cloud appliance to speed up the design and launch of API projects with bundled security, integration and a developer community portal. IDN speaks with SOA Software CTO Alistair Farquharson.
“Some API solutions tout the [developer] portal but not the security gateway. We feel you need both to balance the risk and reward.”
This month, SOA Software continues to expand its API-focus portfolio with a unified and integrated API Gateway. The new API Gateway provides a flexible virtual and cloud appliance to speed up the design and launch of API projects with bundled security, integration and a developer community portal.
The virtual and integrated approach means SOA Software’s API Gateway can deploy either from on-premise, the cloud or in a hybrid approach that can seamlessly connect the two.
SOA Software’s launch of API Gateway underscores a rapidly growing interest in APIs by enterprises, CTO Alistair Farquharson told IDN. “The API market is evolving and the market is looking for a quick solution for API projects. SOA and web services have prepared IT to be ready to quickly adopt APIs, but today the focus is on improving the business, not just architecture,” he said.
The API Gateway is a virtual appliance designed to streamline management, deployment, development and operation of APIs, while assuring security and regulatory compliance, Farquharson added. “Customers are now able to extend their business processes and data for consumption as APIs by leveraging our unified API Gateway’s unique ability to centrally secure and rapidly connect applications across platforms, devices and channels,” he said.
SOA Software’s API Gateway is designed for quick deployment and operations that will expose and secure APIs end-to-end, avoiding the need to add components between the enterprise and the API portal platform. But the need for speed (quick-to-launch) also must be tempered with strong security and management policies and controls, Farquharson said.
SOA Software’s API Gateway’s integrated design, which brings together security, management and a developer portal, takes a bit of a different tact than other API technology providers, Farquharson added.
“Some companies offering API solutions tout the [developer] portal but not the security gateway. We feel you need both to balance the risk and reward,” he said. “In fact these capabilities should be well integrated so they can work together hand-in-hand to let companies meet a complete set of requirements rather than cobble together components.”
Importance of Balancing Access, Security for API Projects
When enterprises launch API projects, they are inviting partners and outside developers to pass into (or through) their DMZs to access their APIs. As such, API programs need to be designed to balance security and accessibility, Farquharson told IDN.
In specific, Farquharson illustrated the point this way: On the one hand, API programs need to be able to authenticate credentials and protect against unwanted attacks, but on the other hand, they also need to avoid putting too many roadblocks in front of qualified partners and developers who would like to use their APIs.
API Gateway’s policy-based enforcement mechanisms, including the mediation of security and identity services, is designed to simply and securely converge connectivity of APIs across mobile, web and cloud platforms.
Under the covers, SOA Software’s API Gateway provides a wide range of security features, including denial-of-service attack prevention, authentication and authorization. This delivers this balance between security and granting access to trusted communities, Farquharson said
An integrated OAuth Server enables use of existing enterprise security systems to manage access rights to APIs and data. It also leverages a centralized policy manager capability to ensure uniform administration and management across the unified gateway fabric. API Gateway’s security features also prevent in-flight tampering of valuable data, he added.
Because API solutions also need to support the new wave of protocols, such as JSON and WebSockets, the API Gateway adds this support. “APIs don’t talk XML, so that can be an issue when a vendor’s [API] solution is built on an aging platform,” Farquharson added.
Beyond balancing security with easy access by trusted users, APIs need to be designed and launched to meet business requirements. “No matter how you open or secure your API, companies still need to make sure they meet a business need, for their own company and for the communities they are trying to attract,” Farquharson said.
Key Features of SOA Software’s API Gateway
The SOA Software API Gateway also enables enterprises to:
- Rapidly publish their internal services and APIs to a cloud hosted developer community, reducing time and cost.
- Obtain central definition and management of security, routing, reliability, mediation, auditing and overall operational governance – even across multiple instances.
- Flexibly deploy API programs on-premise, in-cloud or as a hybrid solution.
- Simplify brokering of authorized web services through the API Gateway’s support for dynamic routing (based on incoming messages or tagged metadata). It also transforms non-XML messages into formats more readily consumed by back-end services or applications and mediates between XML and SOAP-based services and JSON and REST without writing code.
The API Gateway also provides a developer community platform as a connecting point to manage, share, and promote APIs and services in a secure, scalable environment to help enterprises drive developer adoption and reach new channels. An extensive set of social capabilities is included to promote the creation of dev communities.
To further enrich the value from the API Gateway, SOA Software’s Lifecycle Manager is an add-on offering to help companies make the most of their API investments.
“The lifecycle management of an API is very important,” Farquharson said. “Even as companies are rapidly embracing APIs, they still struggle with making the right decisions about APIs and how to present them to the rest of the world.” Lifecycle Manager provides companies with all the most effective business attributes of an API, including best practices, workflows, approvals and even ways to track funding and budgeting.
Just as important to an API’s success is the ability to iterate and improve an API, based on comments from partners and developers. “With Lifecycle Manager, we let the [corporate] developer interact with the community to learn more about how to design, build and provide documentation for the API,” Farquharson added.