Layer 7 API Management Suite
A Turnkey Solution for Securing, Managing & Publishing APIs
The Layer 7 API Management Simplify how APIs get delivered to mobile and Web applications
Expand Market Reach Through Open APIs
API Security The number of Internet‐connected mobile devices, personal entertainment systems,
Leverage enterprise‐strength wireless appliances and other gadgets is expanding daily. Creating new applications for
security, access control and these emerging platforms is vital to growing market share but it is also fraught with risk. An
threat protection, including open API strategy allows you to: incent partners and other third‐party developers to take on
a built‐in STS, PKI capabilities the risk for you; build out applications against your APIs; drive revenues by expanding your
and PCI‐DSS compliance. market presence.
API Adaptation & Metering The Layer 7 API Management Suite is a turnkey solution that provides enterprises with
Simplify the adaptation and delivery everything they need to:
of internal APIs to mobile and Web Securely expose application, content and service APIs to partners and developers
consumers. Meter, rate limit and On‐board, manage and foster developer communities
throttle traffic based on subscription Facilitate the building, testing and roll‐out of third‐party applications
terms and to ensure high availability.
Deployed fully on‐premise or as a hosted service, the API Management Suite is ideally suited
API Lifecycle Management for: platform providers that need to foster and grow their developer communities; content
Automate the migration of API policy providers that need to make their content ubiquitously available; enterprises that need to
across dev, test and production, better manage and empower their internal developers.
decreasing migration risk while
gaining the ability to centrally push Manage APIs, Developers & Applications
out changes to APIs across the The Layer 7 API Management Suite comprises a number of products that are delivered pre‐
extended enterprise. integrated out of the box, including:
API Portal – for on‐boarding and managing internal or external developers
Developer Management SecureSpan API Proxy – for securing, adapting and metering API access
Enroll and manage both individual Enterprise Service Manager (ESM) – for managing the API lifecycle
developers and large organizations OAuth Toolkit – for simplifying the implementation of OAuth, which is fast becoming
by providing tiered service levels the access method of choice for APIs
that define who can interact with
which APIs in what ways. The API Portal is the key interface for developers, allowing them to: access documentation,
forums and other resources that enable them to quickly discover and understand your APIs;
OAuth for APIs obtain API keys and OAuth secrets; create applications and track usage. Uniquely, the API
Gain a flexible, centralized OAuth Portal enables enterprises to support internal, partner and third‐party developers
solution that can be tailored simultaneously with their own access privileges and communities.
to your specific needs, allowing
you to expose your APIs without For API publishers, role‐based access control (RBAC) is built in, enabling a separation of
compromising security. concerns between how your IT team works with the API Proxy and embedded ESM to
manage your business‐critical APIs in order to ensure availability and security, versus how
your business owners work with the API Portal to define who can use which APIs in what
To learn more about Layer 7 ways to better empower your developer community. The result is a fully manageable
and how it can address your solution that gives enterprises control over every aspect of their API offerings, as well as
organization’s needs, call 1‐800‐681‐ built‐in reporting to measure and track the evolution of those offerings over time.
9377 (toll‐free within North America)
or +1‐604‐681‐9377. You can also: OAuth is quickly emerging as the dominant access method for APIs. The OAuth Toolkit is
email us at firstname.lastname@example.org; friend packaged together with the API Proxy to simplify the implementation of OAuth by providing
us at facebook.com/layer7; visit a number of two‐ and three‐legged OAuth samples that can be tailored to your specific
us at layer7.com; follow‐us implementation (whether that involves OAuth 1.0, 1.0a or incorporates features from the
on twitter @layer7. emerging OAuth 2.0 specification).
Developer Supports both individual developers and larger partner organizations
On‐Boarding Define registrations as being automatically accepted or subject to an approval process
Supports both self‐signup and managed enrollment
Developer Resources Discussion and support forums, integrated messaging etc.
API documentation, API explorer, API status, application reports etc.
Reporting & Analytics API reports that track and meter API usage, successes versus errors, methods etc.
Application reports that show latency, usage, successes versus errors, methods etc.
API Management Define API plans that implement rate limits, thresholds, quotas, availability etc.
Supports private as well as public APIs
Account Management Define account plans that allow you to provide tiered services to developers
Manage individual developers, organizations and the application roll‐out process
Content Management Define look, feel, brand and content of the Portal
Supports both staging and production environments, as well as a content approval/
publication/roll‐back process, streamlining change management
API Key Management Create, assign and manage API keys and OAuth secrets for each developer application
Threat Protection Protect against XSS, SQL Injection, XML content/structural threats and viruses
Create custom threat profiles to extend built‐in filters for message structure and XML threats
Track failed authentications and/or policy violations to identify patterns and potential threats
Validate HTTP parameters, REST query/POST parameters, JSON data structures, XML schemas
API Aggregation Create and expose virtual APIs tailored to specific consumers/formats (e.g. mobile)
& Orchestration Sequence backend calls and aggregate responses to provide richer results from a single query
Access Control Support for HTTP basic, digest, SSL client‐side certificate authorization, Microsoft SPNEGO etc.
Support for SAML, X.509 certificates, LDAP, OAuth etc.
Throttling & Quality Throttling/rate limiting and quota controls provide fine‐grained control over API traffic
of Service API availability features include support for strict failover, round robin and best effort routing
Security & Compliance Powerful message content filtering and transformation tools help identify and suppress
leakage of sensitive information (SSNs, credit card numbers etc.)
Layer 7’s PCI‐DSS installation and configuration guide allows customers to configure and
deploy the API Proxy as part of a PCI‐compliant process
Auditing/Logging Log files provide a granular audit trail of all API connections mediated by the API Proxy
Enterprise Service Manager
API Migration Automate the migration of API policies between environments (from dev to test, east to west
etc.), with full dependency resolution, thereby decreasing migration risk
Supports automatic API versioning, including roll‐back to any previous version
Operational Metrics Configurable, out‐of‐the‐box reports: provide insight into API performance; meter and track
API/method usage for per‐user billing, capacity planning, SLA compliance etc.
Real‐time monitoring dashboard provides insight into API Proxy and network performance
Change Management Centrally create changes to API policies and push them out to all API Proxies in the enterprise
Specifications Supports OAuth 1.0a, OAuth WRAP and OAuth 2.0
Provides fully configurable sample OAuth implementations (two‐ and three‐legged)
Security Token Built‐in STS can issue and validate OAuth access tokens (optionally with HMAC or RSA
Service (STS) signature methods) and SHA‐1, SHA‐256 or SHA‐512 encryption
The API Management Suite supports the latest versions of the API Portal, SecureSpan API Proxy, Enterprise Service Manager
and OAuth Toolkit.
To learn more about Layer 7 call us today at +1‐800‐681‐9377 (toll‐free within North America) or +1‐604‐681‐9377. You can
also: email us at email@example.com; friend us at facebook.com/layer7; visit us at layer7.com; follow‐us on twitter @layer7.
Copyright © 2012 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are
trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.