Enterprise Gateway Server
In an API management system, the Integration Server that hosts Mediator sits behind an internal firewall and is not allowed to directly interact with external clients through the DMZ. Instead, another Integration Server in your DMZ, configured as an Enterprise Gateway Server, acts as intermediary between external clients and the internal Integration Server and Mediator. Enterprise Gateway Server protects these products and their applications, services, and data from malicious attacks from external client applications. Administrators can secure traffic between API consumer requests and the execution of services on Enterprise Gateway Server by:
Filtering requests from and blacklisting specified IP addresses.
Detecting and filtering requests from mobile devices.
Avoiding additional inbound firewall holes.
Defining custom rules that call a Flow service to perform custom processing within the
Enterprise Gateway Server (for example, authentication and authorization).