API Management : Governing and Securing Your API Management System : API Gateway
API Gateway
API Gateway enables providers to securely expose APIs to consumers. Providers can do the following:
*Create APIs and publish them to API Portal.
*Expose a mocked API implementation to consumers before the actual API exists or is complete.
*Define API policies.
*Monetize a set of APIs by bundling them into a package, providing one or more plans that define pricing and quality of service terms for the package, and publishing the package and plans in API Portal. Consumers can subscribe to API packages, and then use access tokens issued by API Portal upon subscription to access the APIs within the package.
Note:  
API Portal also provides public APIs that providers can use to publish API packages and plans from other sources.
*Configure an approval workflow for creating or updating applications, registering applications to APIs, and managing subscriptions to API packages.
*Gather information about gateway events and API events, as well as details about the popularity of individual APIs. API Portal displays this information in the form of dashboards.
*Version SOAP and REST APIs. CentraSite allows versioning of virtual services and publishing of distinct versions to API Portal. API Gateway can host multiple versions of the same virtual service during run-time, and automatically routes requests to the appropriate version.
API Gateway does the following:
*Makes sure requests from and responses to consumer applications conform to policies you define.
*Transforms requests from and responses to consumer applications as instructed by transformation steps you define.
*Mediates between consumer applications and API providers. API Gateway receives requests from consumer applications and forwards them to back-end services, which could be on an Integration Server or any other system where services are executed, then returns responses from providers to consumer applications.
*Uses request context or content to route requests from consumers to different service endpoints, or to load balance requests.
In an API management system, one API Gateway sits behind an internal firewall and is not allowed to directly interact with external clients through the DMZ. Instead, another API Gateway acts as intermediary between external clients and the internal API Gateway. API Gateway protects these products and their applications, services, and data from malicious attacks from external client applications. Administrators can secure traffic between API consumer requests and the execution of services on API Gateway by:
*Filtering requests from and blacklisting specified IP addresses.
*Detecting and filtering requests from mobile devices.
*Avoiding additional inbound firewall holes.
*Defining custom rules that call a Flow service to perform custom processing within the API Gateway (for example, authentication and authorization).
Copyright © 1998-2017 Software AG, Darmstadt, Germany.
Product LogoContact Support   |   Community   |   Feedback