API Gateway
API Gateway enables API providers to do the following:
Publish your APIs for consumption inside and outside your organization.
Define and enforce policies around aspects of runtime execution, such as user access, required access protocol and keys, data masking, and so on.
Protect your APIs from unauthorized and malicious users, while also having full control and visibility into who is accessing your APIs. The built-in approval process workflow lets you manage third-party access requests.
Enforce standards and practices as every API moves through its life-cycle.
Define and track API versions. Multiple versions can co-exist, and older versions can be retired over time.
Design and configure policies to be applied to your APIs at runtime.
Monetize your APIs by creating API plans and packaged offerings.
View usage statistics and dashboards to make sure your API service level agreements are met, and to understand how your APIs are being accessed and used.
Monitor runtime performance and send alerts when performance conditions are violated, optionally based on an SLA.
In an API management system, one API Gateway sits behind an internal firewall, while another API Gateway acts as intermediary between the internal API Gateway and external clients. In this way, API Gateway protects your applications, services, and data from malicious attacks from outside your organization.