Branding and customization. API Portal administrators can customize their portal’s logo, colors, and fonts to match their organization’s corporate identity. Administrators can further customize their portal by modifying pages, incorporating widgets, and changing the appearance and organization of APIs in the gallery for easier discovery. For example, APIs in a large catalog can be grouped by business domain, free versus paid, or public versus B2B partner. APIs can also be flagged based on maturity level (for example, beta versus production or release).

Support for SOAP and REST APIs. API Portal supports traditional SOAP-based APIs as well as REST-based APIs. This support enables organizations to leverage their current investments in SOAP-based APIs while they adopt REST for new APIs.

Quick, secure providing of access tokens. Approval workflows simplify the provisioning of API keys and OAuth2 credentials. These workflows enable the API provider to individually approve access token requests that developers submit from API Portal.

Easy discovery and testing of APIs. Full text search capabilities help developers quickly find APIs of interest. API descriptions and additional documentation, usage examples, and information about policies enforced at the API level provide more details to help developers decide whether to adopt a particular API. From there, developers can use the provided code samples and expected error and return codes to try out APIs they are interested in, directly from within API Portal, to see first-hand how the API works.

Quick, secure onboarding of new users. Easy to configure approval workflows in API Portal graphical user interface to define how the user onboarding should take place, with or without confirmations.

Community support. API Portal provides a collaborative community environment where API consumers can rate APIs and contribute to open discussions with other developers.

Built-in usage analytics. API Portal provides dashboarding capabilities. API Portal Administrator, API Providers, and API Consumers can access the dashboard that are visible to them based on their roles to view KPIs based on API Portal page views and API views by users, lifecycle and access token events for an API, monitor the subscriptions per package, and access token requests per API, track total number of logins, active sessions, number of consumers, the success and failure of logins, user registrations, and user audit log, study the API's invocations per user and its performance during runtime, study the API invocation trends by response time, success and failure rates, and track the total API requests over a period of time, requests over time per API, and API request log. This information helps you understand how the APIs are being used, which in turn can help identify ways to improve users’ portal web experience and increase API adoption.

webMethods API Portal. In API Portal, API consumers browse the catalog of APIs that a provider has published. When the consumer finds an API of interest, the consumer can sign up and request an access token to download the API for further investigation and testing.

CentraSite. CentraSite provides a registry and repository for APIs and offers complete design-time governance of those APIs. API providers add APIs to CentraSite by defining the APIs and their associated resources as objects. When APIs are ready to be made available to consumers, API providers publish the APIs from CentraSite to API Portal.

Register instances of API Portal.

Manage API provider and API consumer user accounts.

Manage the API catalog.

Deploy virtualized APIs to webMethods Mediator.

Configure policies to be enforced at run time.

Manage API and OAuth2 keys and API access tokens.

webMethods Mediator. Mediator provides complete run-time governance of APIs published to API Portal. Mediator acts as an intermediary between service consumers and service providers. Mediator also enforces access token and operational policies such as security policies for run-time requests between consumers and native services. Using Mediator, API providers can do the following:

Enforce security, traffic management, monitoring, and SLA management policies.

Transform requests and responses into expected formats as necessary.

Perform routing and load balancing of requests.

Collect run-time metrics on API consumption and policy evaluation.

webMethods Integration Server. Integration Server hosts Mediator and initiates connections to webMethods Enterprise Gateway. Integration Server also orchestrates the services and provides the connection to back-end systems.

webMethods Enterprise Gateway. Enterprise Gateway protects the APIs on Mediator and other webMethods products installed behind the firewall from malicious attacks initiated by external client applications. Administrators can secure traffic between API consumer requests and the execution of services on Mediator by doing the following:

Filter requests coming from particular IP addresses and blacklist specified IP addresses.

Detect and filter requests coming from particular mobile devices.

Avoid additional inbound firewall holes through the use of reverse invoke.

webMethods API Gateway. API Gateway enables an organization to securely expose APIs to external developers, partners, and other consumers for use in building their own applications on their desired platforms. It provides a dedicated, web-based user interface to perform all the administration and API related tasks from the API creation, policy definition and activation, creation of applications, and API consumption. API Gateway gives you rich dashboard capabilities for API Analytics. APIs created in API Gateway can also be published to API Portal for external facing developers' consumption. API Gateway supports REST-based APIs, SOAP-based APIs, and WebSocket APIs, provides protection from malicious attacks, provides a complete run-time governance of APIs, and information about gateway-specific events and API-specific events.