Skip to main content

API Management

API Management allows you to manage the entire process of planning, designing, developing and securely exposing your APIs to external developers, partners and other consumers.

DATA SECURITY FIRST!

API Management allows you to manage the entire process of planning, designing, developing and securely exposing your APIs to external developers, partners and other consumers.

We offer both an on-premises API Management called webMethods API Management Platform, as well as a cloud-based API Management as a Service offering.

With API Management you can:

  • Design and compose APIs
  • Protect and secure your APIs
  • Engage with developers and partners to build your ecosystem
  • Manage the API lifecycle
  • Monitor the health of your APIs
  • Catalog your APIs for discovery, reuse and lifecycle management
  • Manage the consumption of 3rd party APIs

The expertise of Palmira and the integrated infrastructure from Software AG, enable you to manage the entire lifecycle of your APIs. API Management powered by webMethods allows you to securely expose your APIs to external developers and partners.

SECURITY: IT’S ESSENTIAL IN OUR API CONNECTED WORLD

Once your APIs are “out there,” hackers have a “way in” to your business. Lock that door! Protect your data, applications—even your company’s reputation—with robust API runtime security. The right API gateway will keep out wrong-doers and welcome only authorised consumers.

With cybercrime costs surging to $2 trillion by 2019, look for the most impermeable API gateway you can find. You’ll need basic security features, like authentication, authorization, digital encryption and digital signatures. You’ll get that with Software AG’s end-to-end API management solution—and another lock on top.

webMethods API Gateway uses reverse invoke, or inside-out, service invocations. This protective technique reduces the need to open holes in your firewall. It’s one more way we help you lock down your APIs—and protect your business from malicious attacks.

Palmira implements webMethods API Gateway because it uses reverse invoke, or inside-out, service invocations. This protective technique reduces the need to open holes in your firewall. It’s one more way we help you lock down your APIs—and protect your business from malicious attacks.

As each organisation builds APIs using API Gateway for easy consumption and monetization, the continuous integration and delivery are integral parts of the API Gateway solutions to meet the consumer demands.  We need to automate the management of APIs and policies to speed up the deployment, introduce continuous integration concepts and place API artefacts under source code management. As new apps are deployed, the API definitions can change and those changes have to be propagated to other external products like API portal. This requires the API owner to update the associated documentation and in most cases this process is a tedious manual exercise. In order to address this issue, it is key to bring in DevOps style automation to the API lifecycle management process in API Gateway. 


This is an important capability for enterprises to deliver continuous innovation with speed and agility, ensuring that new updates and capabilities are automatically, efficiently and securely delivered to their developers and partners in a timely fashion and without manual intervention. We enable a team of API Gateway policy developers to work in parallel developing APIs and policies to be deployed as a single API Gateway configuration.

Benefits of adopting our API Management:

  • Highly reproducible configuration deployments, with the right configuration set applied to the right target, every time
  • Much faster time to recreate environments from scratch, where configurations can be applied in seconds onto a “raw” just-installed deployment
  • Reduce time-consuming for manual configurations that can lead to mistakes and security issues
  • No more configuration inconsistencies between environments, data centres, or clouds
  • Easy to see the complete details of the changes made to the configurations of a particular environment by simply reviewing the changes committed to the source control system (what, who, when)
  • Easy to “go-back-in-time” by recalling the configuration sets stored in source control, and re-applying them in seconds onto an environment of choice 

Palmira delivers pioneer API Management services to several reputable names in Government, Banking and Telecommunication sectors. We delivered API management projects that serve great initiatives. From Digital government to Open Finance and from paperless government initiatives to and Open Banking. Opening their business to the world with a secure and easy to use API Management tool. 

API Managemnet in Hybrid integration

API Gateway

webMethods API Gateway enables you to securely expose your APIs to third-party developers, partners, and other consumers for use in web, mobile and Internet of Things (IoT) applications.  With webMethods API Gateway you can easily create APIs, define Service Level Agreement (SLA) policies, and seamlessly publish your APIs to webMethods Developer Portal.

Key benefits

  • Secure your APIs from malicious external attacks
  • Eliminate threats from specific IP addresses and mobile devices
  • Reduce or eliminate the need for unnecessary holes in your firewall
  • Ensure API access is limited to authorized and authenticated consumers
  • Change protocols, message formats or service locations without impacting consumer-provider relationships
  • Make the same underlying services available to new applications or APIs over a different protocol or security standard—without costly recoding
  • Collect API usage data for monetization and external billing solutions
  • Provide the same quality of service to external and internal developers and consumers
  • Improve customer experience across channels and touchpoints.

 

Features

Secure APIs – webMethods API Gateway provides DMZ-level protection from malicious attacks initiated by external client applications. With API Gateway you can secure traffic between API consumer requests and the execution of services on API Gateway with Denial of Service (DoS) attacks based on IP address and specific mobile devices as well as message volume. API Gateway also provides virus scanner integration as well as helps avoid additional inbound firewall holes using reverse invoke, or inside-out, service invocations.

Mediation – webMethods API Gateway provides complete runtime governance of APIs published to external destinations. API Gateway enforces access token and operational policies, such as security policies for runtime requests between consumers and native services. API providers can enforce security, traffic management, monitoring and SLA management policies, transform requests and responses into expected formats, can perform routing and load balancing of requests, and can collect events metrics on API consumption and policy evaluation.

Monetization features – webMethods API Gateway provides API monetization features, including defining and managing API plans and packages, for easily supporting API subscriptions and charge-back services.

Dedicated, web-based user interface – webMethods API Gateway provides a single, web-based UI to perform all the administration and API-related tasks from the API creation, policy definition and activation to the creation of consumer applications and API consumption, as well as administrative activities.

Built-in dashboarding and usage analytics – webMethods API Gateway provides information about API Gateway events and API-specific events, as well as details about which APIs are more popular than others. This information is available in interactive dashboards so that API providers can understand how their APIs are being used, which in turn can help identify ways to improve their users’ experience and increase API adoption.

Support for SOAP and REST APIs – webMethods API Gateway supports both SOAP-based APIs as well as REST-based APIs. This support enables organizations to leverage their current investments in SOAP based APIs while they adopt REST for new APIs.

Developer Portal integration – webMethods API Gateway is integrated with webMethods Developer Portal to provide a complete API management solution. APIs created in API Gateway can be synchronized with webMethods Developer Portal for API discovery and access control, as well as for providing API user documentation and testing.

Message transformation, pre-processing and post-processing – webMethods API Gateway lets you configure an API and transform the request and response messages to suit your requirements. To do this, you can specify an XSLT file to transform messages during the mediation process. You can also configure an API to invoke webMethods Integration Server services to pre-process or post process the request or response messages.

Developers’ engagement – APIs can be published to Developer Portal from API Gateway for developers to discover them. Organizations can group APIs and define policy enforcements on them as a single unit, which can then be subscribed by the developers.

Clustering support – Multiple instances of API Gateway can be clustered together to provide scalability. API Gateways can easily allow a load balancer to be placed in front of the clustered API Gateway instance to properly distribute request messages.

DevOPS (CI/CD) – The solution fully supports automated CI/CD with support for automated deployment using both a scriptable deployment tool and thru APIs.

API-Enabled – All capabilities of the API-Gateway are available thru APIs which can be used for different purposes such as: deployment automation, activate/deactivate APIs, extract monitoring data and audit logs, etc.

Flexible and Distributed Deployment – The solution can be deployed: On-premises, In the DMZ, On private cloud infrastructures (e.g. AWS, Azure, Google) and as a PaaS (webMethods API Cloud). The Gateway is also available as a Docker container which provides an easy way of deploying the Gateway on to new environments.

Secure Deployment – When having API-Gateway both on-premises and in DMZ the solutions supports a unique concept called “Reverse Invoke” which makes firewall administration and security easier to manage since you don’t need to allow any incoming traffic from DMZ to the Intranet. The communication channel between the two gateways will be established inside out (from the Intranet to the DMZ).

Monetization

The webMethods API Management Platform provides a powerful solution for API monetization, helping you manage the entire API life cycle more easily and expose APIs to external developers and other consumers.

With webMethods, you can:

  • Manage the process of designing, developing, deploying, versioning, and retiring APIs and services
  • Securely provision APIs, providing authentication, mediation, payload transformation and API monetization
  • Analyze usage of APIs, collecting metrics for performance dashboards, SLA violations and invoicing for API monetization
  • Gain real-time visibility into the status of service transactions as they flow across heterogeneous architecture
  • Get notification of events and alerts so you can take immediate action to address problems
  • Enable process automation and automatically create API documentation and provision policies
  • Integrate easily with back-end systems and applications
  • The rapidly expanding use of Application Programming Interfaces (APIs) is creating a virtual API economy, where APIs are the new distribution channel for products and services. With ever-increasing user demand for apps, companies are exploiting the new API economy by not only developing APIs internally but exposing APIs to thousands of third-party developers through API portal technology. APIs are enabling companies to reach new customers, target new sources of revenue and connect cloud applications to back-end services.
  • But even with growing user demand, turning APIs into profits is no simple feat. API monetization requires an API management solution that not only handles the development and implementation of APIs but streamlines authorization, billing and payment for API usage.

API Packages, Plans & Subscription Module

webMethods API Management provides a rich set of features and tools that let you participate more easily and profitably in the API economy. With webMethods, you can:

  • Ensure standards and best practices are met as APIs move through their life cycle
  • Enable developers to easily find, read about, discuss and test your APIs
  • Accelerate adoption by cataloguing your APIs for discovery, re-use and life-cycle management
  • Browse and search for APIs using built-in or custom taxonomies or powerful keyword search capabilities
  • Receive change notifications when any event impacts your APIs
  • Secure and mediate your APIs, monitoring API traffic to collect metrics for monetization
  • Gain real-time visibility into service transaction to easily find root-cause location of SLA violations

With API Gateway, you can define and manage API plans and packages to easily support API subscriptions. API monetization lets you create groups of APIs and offer them together as a subscription offering. You can even create different plans that support higher or lower numbers of transactions or customer support levels.

Fees Module & Payment Gateways

API Portal ships with default gateways that will help to configure your subscription module to respected gateway so that real-time metering can be achieved. It also possible to send these metrics to external source via REST API.

Enabling payment gateways (WorldPay or Stripe) from plug-in section.

Once the appropriate configurations are done consumer can add their credits while their registration.

Secure API Gateway

webMethods API Gateway is the security and policy enforcer for APIs and their internal applications and systems. The gateway provides a robust API runtime security that only welcomes authorized consumers by using reverse invoke or inside-out service invocations. This protective technique reduces the need to open holes in your firewall.

More specifically, webMethods API Gateway protects you from security threats with DMZlevel protection. You can securely expose your APIs to third-party developers, RAQMIYATs and other consumers with peace of mind. Secure the traffic between API requests and the runtime execution of your services in the gateway. Get protection from malicious attacks such as Denial of Service (DoS) based on IP address, specific mobile devices and even message volume.

Additionally, webMethods API Gateway also provides virus scanner integration, eliminating the need for additional inbound firewall holes using Software AG’s reverse invoke, or inside-out, service invocation technology. As a baseline measurement, webMethods API Gateway provides complete protection against the Top 10 API Security Risks identified by the Open

Web Application Security Project (OWASP).

OWASP’s top 10 API security risks as mitigated by webMethods API Gateway:

  1. Broken Object Level Access Control
  2. Broken Authentication
  3. Improper Data Filtering
  4. Lack of Resources & Rate Limiting
  5.  Missing Function/Resource Level Access Control
  6. Mass Assignment
  7. Security Misconfiguration
  8. Injection Flaws
  9. Improper Assets Management
  10. Insufficient Logging & Monitoring

webMethods API Gateway comprehensively covers all of the top 10 API security risks identified by OWASP. In addition to restating that OWASP is an independent organization, it should be noted, that the foundation has no affiliations with Software AG. That said, clearly, we value their work and agree with their current API threat analysis.

We also note that mitigating threats to your API implementation is not only about protecting the technical accuracy and availability of your APIs, but also about protecting the mode and speed by which you conduct business.

With cyber crimes continuously surging, freeing your data, while protecting your APIs from unauthorized access, requires the best possible API Gateway available.