Introduction to webMethods API Gateway
webMethods API Gateway enables an organization to securely expose APIs to external developers, partners, and other consumers for use in building their own applications on their desired platforms. It provides a dedicated, web-based user interface to perform all the administration and API related tasks such as creating APIs, defining and activating policies, creating applications, and consuming APIs. API Gateway gives you rich dashboard capabilities for API Analytics. APIs created in API Gateway can also be published to API Portal for external facing developers' consumption. webMethods API Gateway supports REST-based APIs, SOAP-based APIs, and WebSocket APIs, provides protection from malicious attacks, provides a complete run-time governance of APIs, and information about gateway-specific events and API-specific events.
API Gateway provides the following key features:
Support for SOAP APIs, REST APIs, and WebSocket APIs
API Gateway supports REST-based APIs, SOAP-based APIs, and WebSocket APIs. This support enables organizations to leverage their current investments in SOAP-based APIs while adopting REST for new APIs. The API Gateway's SOAP to REST transformation feature enables an API provider to expose parts of the SOAP API or expose the complete SOAP API with RESTful interface. API Gateway allows you to customize the way the SOAP operations are exposed as REST resources.
Secure APIs
API Gateway protects APIs from malicious attacks initiated by external client applications. Administrators can secure traffic between API consumer requests and the execution of services on API Gateway by filtering requests coming from particular IP addresses and blacklisting specified IP addresses, detecting and filtering requests coming from particular mobile devices. You can avoid additional inbound firewall holes when the native APIs are hosted on webMethods ESB.
Policy enforcement
API Gateway provides complete run-time governance of APIs. API Gateway enforces access tokens such as API key check, OAuth2 token and operational policies such as security policies for run-time requests between applications and native services. API providers can enforce security, traffic management, monitoring, and SLA management policies, can transform requests and responses into expected formats. and collect events metrics on API consumption and policy evaluation. API Policies can be defined globally and applied to a set of APIs. With API Gateway you can also define policy templates that can be applied across APIs.
Mediation
API Gateway provides routing policies such as content-based, and context-based, for run-time requests between applications and native services. These policies perform routing and load balancing of incoming requests to an API.
Message transformation
API Gateway lets you configure an API and to transform the request and response messages to suit your requirements. To do this, you can specify an XSLT file to transform messages during the mediation process. You can also configure an API to invoke Integration Server services to pre-process or post-process the request or response messages.
Easy discovery and testing of APIs
API Gateway provides filter capabilities to quickly find APIs of interest. API descriptions and additional documentation, usage examples, and information about policies enforced at the API level provide more details to the developers that help them decide whether to adopt a particular API. Developers can use the provided samples and expected error and return codes to see how the API works.
Clustering support
Multiple instances of API Gateway can be clustered together to provide scalability and high availability.
Built-in usage analytics
API Gateway provides information about Gateway-specific events and API-specific events, details about which APIs are more popular than others. The Gateway-specific events information is available by way of dashboards to users. With this information, providers can understand how their APIs are being used, which in turn can help identify ways of improving their users' experience and increase API adoption.
Packages and Plans
API Gateway provides capabilities to create and manage packages and plans. This helps the API providers in providing tiered access to their APIs to allow different service levels and pricing plans. Users can view the details of the package, such as included APIs and associated plans. Plans provide information about pricing and quality of service terms defined within them. Consumers can subscribe to any plan available under the package, based on their business needs.
Functional Privileges
API Gateway allows you to assign functional privileges to a user or group (LDAP or local) using access profiles. The functional privileges are grouped together to form an access profile, which is associated to a group. You must have a functional privilege assigned to perform any of the key API Gateway features.
Note: Software AG recommends using API Gateway user interface for all the functionalities provided by API Gateway and not use the Integration Server user interface.