API Gateway: Standard Edition. This edition of API Gateway offers only API protection.API Gateway: Standard Edition. This edition of API Gateway offers only API protection.API Gateway: Advanced Edition. This edition of API Gateway offers both API protection and mediation capabilities.
API Gateway Standard Edition key points | API Gateway Advance Edition key points |
Applicable mainly to on-premise deployments. | Applicable to all the deployments. |
Protects the API Gateway platform from the malicious attacks. For example, Denial of Service (DoS), Global DoS, Injection Attacks, and so on. | Provides security, mediation and other policy enforcement. For example, request-response transformation, conditional error processing, and so on. |
Typically, this layer is just a gate keeper and no APIs can be deployed in the standard edition server. | Typically, this layer hosts all the APIs and therefore, it is the main service virtualization layer delivering the intended business value. |
WAF serves a wider set of edge security concerns and its features vary across products.API Gateway Standard Edition provides the necessary threat protection capabilities applicable in the context of exposing APIs to the external world. There may be an overlap of the features between the API Gateway and the WAF. However, API Gateway Standard Edition is not a replacement for WAF.If you already have a WAF arrangement in place, depending on the comprehensiveness of its capabilities, you may decide not to use the API Gateway Standard Edition. In such a case, you might need to punch a hole in the inner firewall to allow the API Gateway-specific traffic, which is not optimal in comparison to the reverse invoke capability of the API Gateway Standard Edition, which is considered more secure as you do not have to punch holes in the inner firewall.Alternatively, you can combine WAF and API Gateway Standard Edition to leverage the best of both the worlds.