webMethods has a long history of providing innovative, industry-leading integration solutions to organizations, both public and private, across the globe.
webMethods API Gateway
webMethods API Gateway enables you to securely expose your APIs to third-party developers, partners, and other consumers for use in web, mobile and Internet of Things (IoT) applications. With webMethods API Gateway you can easily create APIs, define Service Level Agreement (SLA) policies, and seamlessly publish your APIs to webMethods Developer Portal.
- Secure your APIs from malicious external attacks
- Eliminate threats from specific IP addresses and mobile devices
- Reduce or eliminate the need for unnecessary holes in your firewall
- Ensure API access is limited to authorized and authenticated consumers
- Change protocols, message formats or service locations without impacting consumer-provider relationships
- Make the same underlying services available to new applications or APIs over a different protocol or security standard—without costly recoding
- Collect API usage data for monetization and external billing solutions
- Provide the same quality of service to external and internal developers and consumers
- Improve customer experience across channels and touchpoints.
Secure APIs – webMethods API Gateway provides DMZ-level protection from malicious attacks initiated by external client applications. With API Gateway you can secure traffic between API consumer requests and the execution of services on API Gateway with Denial of Service (DoS) attacks based on IP address and specific mobile devices as well as message volume. API Gateway also provides virus scanner integration as well as helps avoid additional inbound firewall holes using reverse invoke, or inside-out, service invocations.
Mediation – webMethods API Gateway provides complete runtime governance of APIs published to external destinations. API Gateway enforces access token and operational policies, such as security policies for runtime requests between consumers and native services. API providers can enforce security, traffic management, monitoring and SLA management policies, transform requests and responses into expected formats, can perform routing and load balancing of requests, and can collect events metrics on API consumption and policy evaluation.
Monetization features – webMethods API Gateway provides API monetization features, including defining and managing API plans and packages, for easily supporting API subscriptions and charge-back services.
Dedicated, web-based user interface – webMethods API Gateway provides a single, web-based UI to perform all the administration and API-related tasks from the API creation, policy definition and activation to the creation of consumer applications and API consumption, as well as administrative activities.
Built-in dashboarding and usage analytics – webMethods API Gateway provides information about API Gateway events and API-specific events, as well as details about which APIs are more popular than others. This information is available in interactive dashboards so that API providers can understand how their APIs are being used, which in turn can help identify ways to improve their users’ experience and increase API adoption.
Support for SOAP and REST APIs – webMethods API Gateway supports both SOAP-based APIs as well as REST-based APIs. This support enables organizations to leverage their current investments in SOAP based APIs while they adopt REST for new APIs.
Developer Portal integration – webMethods API Gateway is integrated with webMethods Developer Portal to provide a complete API management solution. APIs created in API Gateway can be synchronized with webMethods Developer Portal for API discovery and access control, as well as for providing API user documentation and testing.
Message transformation, pre-processing and post-processing – webMethods API Gateway lets you configure an API and transform the request and response messages to suit your requirements. To do this, you can specify an XSLT file to transform messages during the mediation process. You can also configure an API to invoke webMethods Integration Server services to pre-process or post process the request or response messages.
Developers’ engagement – APIs can be published to Developer Portal from API Gateway for developers to discover them. Organizations can group APIs and define policy enforcements on them as a single unit, which can then be subscribed by the developers.
Clustering support – Multiple instances of API Gateway can be clustered together to provide scalability. API Gateways can easily allow a load balancer to be placed in front of the clustered API Gateway instance to properly distribute request messages.
DevOPS (CI/CD) – The solution fully supports automated CI/CD with support for automated deployment using both a scriptable deployment tool and thru APIs.
API-Enabled – All capabilities of the API-Gateway are available thru APIs which can be used for different purposes such as: deployment automation, activate/deactivate APIs, extract monitoring data and audit logs, etc.
Flexible and Distributed Deployment – The solution can be deployed: On-premises, In the DMZ, On private cloud infrastructures (e.g. AWS, Azure, Google) and as a PaaS (webMethods API Cloud). The Gateway is also available as a Docker container which provides an easy way of deploying the Gateway on to new environments.
Secure Deployment – When having API-Gateway both on-premises and in DMZ the solutions supports a unique concept called “Reverse Invoke” which makes firewall administration and security easier to manage since you don’t need to allow any incoming traffic from DMZ to the Intranet. The communication channel between the two gateways will be established inside out (from the Intranet to the DMZ).
webMethods Developer Portal
The API economy
Application Programming Interfaces (APIs) enable the efficient sharing of information and data across real-time, distributed cloud and mobile applications. Through that sharing, APIs can connect products or services to massive new communities, driving growth across a wide range of industries. This “API economy” broadens a company’s reach beyond direct sales, OEMs, and distributors to include virtually any developer interested in incorporating a company’s features and services into new social and mobile applications—driving up revenue opportunities.
For the developer community to find, read about, discuss, and test your APIs, you need webMethods Developer Portal. Developer Portal provides a consumer-centric UI for the discovery of APIs.
The portal exposes API documentation to third-party developers, manages the developer on-boarding process, and allows these developers to use the exposed APIs for creative new uses. When developers leverage your APIs with new mashups and apps or to support new devices, your reach is extended, and new channels are opened to your corporate assets. If you want to get on board the new API economy to reach new customers and unlock the business value of your corporate assets, you must make your APIs easily accessible to developers.
- Single solution for both external and internal developers
- Analytics at the portal to better understand your users
- Intuitive user interface
- Highly customizable look and feel
- API security is ensured using API keys and OAuth2 credentials support
- Seamless integration with other webMethods components
Branding – Customize and brand the portal in accordance with your company’s corporate identity (i.e., logos, skins and corporate colors). Add additional pages. Make it entirely your own!
Easy discovery and testing of APIs – webMethods API Gateway provides full text search capabilities that helps developers quickly find APIs of interest. API descriptions and additional documentation, usage examples, and information about policies enforced at the API level provide more details to help developers decide whether to use a particular API. Developers can use the code samples and expected error and return codes to try out APIs they are interested in, directly from within the Developer Portal.
Documentation – Rich descriptions of the APIs, examples of how to use the APIs, file attachments for additional documentation and information about policies enforced on the API level are all available on the portal.
Community Support – A collaborative community environment allows users to rate APIs and contribute to open discussions with other developers. Create groups for collaboration on single or multiple APIs. Administrators can announce administrative events and moderate discussions, as can coordinators who are defined during group creation.
API support – Designed for REST APIs, webMethods Developer Portal also fully supports traditional SOAP based APIs. This allows you to leverage your current investments in SOAP-based APIs while adopting REST for new APIs – Integrated API testing Developers can easily try out APIs directly within webMethods Developer Portal to see first-hand how the API behaves. Code samples and expected error/return codes with descriptions are provided. Try test invocations with different input parameters and quickly see the results.
Built-in usage analytics – Understand where your visitors are coming from, what pages gather most interest, which APIs are popular, and which are not. API providers can use this information to gain valuable API insights, improve the portal’s customer experience and increase API adoption by developers. This is especially useful to line-of-business and marketing executives to determine what is working and what is not, so that immediate corrective actions can be implemented. In addition, the Google Analytics™ plug-in can be used for additional insight on visitor traffic and how your marketing programs are performing.
Search – Developers can quickly find the APIs they need with full text search capabilities.
Design – Count on responsive design for both desktop and mobile access. Use the Web-based administration interface to manage users, groups, and permissions.
API grouping – Group APIs using definable criteria help developers discover APIs in larger API catalogs, such as free vs. paid, business domains, or public vs. B2B partner. Also, you can group APIs based on configurable maturity level, for example, beta APIs vs. final APIs.
Multiple deployment options – Deploy behind the firewall, in the DMZ, in your private cloud or in the public cloud. The choice is yours.
Built-in workflows – Use an approval process workflow to manage API access requests. Access tokens are automatically provisioned to the gateway infrastructure. Use an on-boarding workflow to allow users to sign up as a developer on the Developer Portal.
Track specific APIs – Sign up to track the APIs you are interested in and automatically receive notices of changes to them.
Along with distributed microservices architectures comes the challenge of managing microservices security. Designed to sit closer to business logic and protect it, webMethods Microgateway is your solution. This independent gateway—lightweight, agile and fast—works with webMethods API Gateway or as a stand-alone solution to secure your microservices in a distributed environment. Highly efficient, the gateway uses a very small footprint and is fast to deploy.
Microservices and Micro-gateways go hand in hand
IT needs better and faster ways to scale infrastructures to meet dynamic business demands. That’s why microservices architectures are trending. Small, independently deployable services built around business capabilities are ideal for rapid development and continuous delivery. With a distributed architecture, you need to be able to scale up and down quickly while serving many more systems and gateways you don’t want to overload.
webMethods Microgateway answers this requirement perfectly. With a “micro” footprint, you can:
- Manage API access to your microservices across a distributed architecture
- Prevent main gateways from overloading
- Reduce the impact from routing and traffic through a single gateway while supporting east-west traffic
- Secure and mediate API access to microservices
- Apply routing policies and throttling to manage consumer-provider connectivity
- Optionally federate Micro-gateways with API Gateway for centralized management and monitoring
- Deploy in multiple form factors to support different scalability and management goals
- Easily provision and scale across microservices architecture
- Very low runtime footprint
- Fast spin up
Manage API access to microservices with webMethods Microgateway
Multiple form factors
Provision webMethods Microgateway as a Java® instance or as a Docker® container with a micro-Linux® host. As a self-contained Java app, the Microgateway is a “headless” implementation that’s independent, lightweight and agile. In a “Dockerized” configuration, the Microgateway includes a micro-Linux host and is scalable and lean.
Flexible deployment patterns
Microservices architectures need different levels of granularity and control—so webMethods Microgateway gives you options. In a stand-alone deployment, the Microgateway can run independently from the microservice. When the microservice dies, the Microgateway continues to function. This option is preferable when the Microgateway is hosting multiple APIs and needs to be scaled independently. In a sidecar deployment, the Microgateway runs close to the business logic. It scales together with the microservice but likely only contains policies for a single microservice. This option leaves no network gaps and eliminates potential latency issues.
Seamless failover with service registry support
In a microservice landscape, service registries maintain information about service instances and their endpoints. If a microservice becomes unavailable in the cloud, a service registry will enable you to automatically failover to another running instance. If you choose a service registry, the Microgateway sends a request to the service registry to discover the IP address and port where the service is running. Improve service availability in the cloud by configuring a registry for endpoint management.
Traffic monitoring and control
Throttle traffic with policies to manage the load on provider services. Apply limits to service invocations during a specific time interval for identified clients. Log all traffic requests and responses for analysis.
The webMethods API Management Platform provides a powerful solution for API monetization, helping you manage the entire API life cycle more easily and expose APIs to external developers and other consumers.
With webMethods, you can:
- Manage the process of designing, developing, deploying, versioning, and retiring APIs and services
- Securely provision APIs, providing authentication, mediation, payload transformation and API monetization
- Analyze usage of APIs, collecting metrics for performance dashboards, SLA violations and invoicing for API monetization
- Gain real-time visibility into the status of service transactions as they flow across heterogeneous architecture
- Get notification of events and alerts so you can take immediate action to address problems
- Enable process automation and automatically create API documentation and provision policies
- Integrate easily with back-end systems and applications
- The rapidly expanding use of Application Programming Interfaces (APIs) is creating a virtual API economy, where APIs are the new distribution channel for products and services. With ever-increasing user demand for apps, companies are exploiting the new API economy by not only developing APIs internally but exposing APIs to thousands of third-party developers through API portal technology. APIs are enabling companies to reach new customers, target new sources of revenue and connect cloud applications to back-end services.
- But even with growing user demand, turning APIs into profits is no simple feat. API monetization requires an API management solution that not only handles the development and implementation of APIs but streamlines authorization, billing and payment for API usage.
API Packages, Plans & Subscription Module
webMethods API Management provides a rich set of features and tools that let you participate more easily and profitably in the API economy. With webMethods, you can:
- Ensure standards and best practices are met as APIs move through their life cycle
- Enable developers to easily find, read about, discuss and test your APIs
- Accelerate adoption by cataloguing your APIs for discovery, re-use and life-cycle management
- Browse and search for APIs using built-in or custom taxonomies or powerful keyword search capabilities
- Receive change notifications when any event impacts your APIs
- Secure and mediate your APIs, monitoring API traffic to collect metrics for monetization
- Gain real-time visibility into service transaction to easily find root-cause location of SLA violations
With API Gateway, you can define and manage API plans and packages to easily support API subscriptions. API monetization lets you create groups of APIs and offer them together as a subscription offering. You can even create different plans that support higher or lower numbers of transactions or customer support levels.
Fees Module & Payment Gateways
API Portal ships with default gateways that will help to configure your subscription module to respected gateway so that real-time metering can be achieved. It also possible to send these metrics to external source via REST API.
Enabling payment gateways (WorldPay or Stripe) from plug-in section.
Once the appropriate configurations are done consumer can add their credits while their registration.
Secure API Gateway
webMethods API Gateway is the security and policy enforcer for APIs and their internal applications and systems. The gateway provides a robust API runtime security that only welcomes authorized consumers by using reverse invoke or inside-out service invocations. This protective technique reduces the need to open holes in your firewall.
More specifically, webMethods API Gateway protects you from security threats with DMZlevel protection. You can securely expose your APIs to third-party developers, RAQMIYATs and other consumers with peace of mind. Secure the traffic between API requests and the runtime execution of your services in the gateway. Get protection from malicious attacks such as Denial of Service (DoS) based on IP address, specific mobile devices and even message volume.
Additionally, webMethods API Gateway also provides virus scanner integration, eliminating the need for additional inbound firewall holes using Software AG’s reverse invoke, or inside-out, service invocation technology. As a baseline measurement, webMethods API Gateway provides complete protection against the Top 10 API Security Risks identified by the Open
Web Application Security Project (OWASP).
OWASP’s top 10 API security risks as mitigated by webMethods API Gateway:
- Broken Object Level Access Control
- Broken Authentication
- Improper Data Filtering
- Lack of Resources & Rate Limiting
- Missing Function/Resource Level Access Control
- Mass Assignment
- Security Misconfiguration
- Injection Flaws
- Improper Assets Management
- Insufficient Logging & Monitoring
webMethods Integration Server
webMethods Integration Server is the enterprise-class foundation for service-based integration of applications and Web services and is the foundation of the webMethods Integration Platform. The webMethods Integration Platform will allow organisations to break free from the costly constraints of point-to-point integrations and siloed systems. With webMethods you can easily integrate your disconnected IT assets to streamline information exchange.
Our Integration Platform is standards-based and offers the most complete application integration infrastructure available. It “speaks” any technology so all your Web services, JMS messaging, packaged and custom apps and legacy systems – just about anything you might use to run your business – can communicate efficiently. You can service-enable any technology from any vendor. That means you can extend existing IT assets and innovate quickly and cost effectively to meet new business needs. Plus, because webMethods Integration Server is at the core of the webMethods suite, you can build on your investment by adding additional capabilities and technologies, such as BPM, all of which are designed to work together.
Software AG’s Integration Platform Benefits
- Connect application silos: Custom, packaged and mainframe applications and databases can all interoperate and exchange information easily.
- Reduce maintenance costs: Reduce time and cost to integrate new applications by eliminating complex point-to-point connections.
- Improve time to market for applications: Re-use existing assets and build new applications faster without jeopardizing quality.
- Address big data: Maintain an authoritative database in-memory that combines data from multiple sources while ensuring its currency.
- Enable enterprise mobile apps: Provision back-end data and capabilities to power enterprise mobile apps in a secure and well-managed fashion.
- Improve partner relations: On-board partners faster and improve partner collaboration.
- Unlock business value of unique data: Expose APIs to third-party developers to build new cloud, web, and mobile apps to reach new customers and opening new revenue streams.
- Ensure enterprise data quality: Ensure a single version of reference
Software AG’s Terracotta In-Memory Data Management Platform is the first-choice platform for distributed in-memory data management with extremely low, predictable latency at any scale.
Terracotta technology has been deeply integrated into the webMethods suite to provide API result caching that can be used to cache any kind of data in a local or distributed cache on commodity hardware without running into java garbage collection pauses or out-of-memory errors.
- Data access: in-memory real-time access to information
- Broad applicability: real-time access to data from multiple client platforms
- Predictable latency at extreme scale: ability to scale to even higher data limits—up to 100s of terabytes while providing greater fault tolerance
- Lower TCO and operational flexibility: simple to use on commodity hardware
- Continuous uptime: continuous availability of data with zero downtime across different deployment topologies
- Cost-effective scaling: 10-100x more data on a single server (versus classic P2P In-Memory grids like Oracle® Coherence) delivers cost-effective scaling—1,000x faster than disk
- Support for extended hybrid storage: leverages SSD® & Flash® technologies in addition to DRAM® in order to scale to high TB data levels predictably and economically
- BigMemory SQL: support for SQL to query in memory data
- Cross-language client support: access to BigMemory data from multiple client platforms (Java®, .NET/C# and C++)
- High availability: Full fault-tolerance and Fast Restartable Store technology delivers 99.999 percent uptime
- Multi-data center support: WAN data replication to keep data in sync across regions while offering support for disaster recovery
- Management: Terracotta Management Console provides a customizable Web dashboard for advanced monitoring and administration of Terracotta deployments
- Other features include:
- Configurable consistency keeps data in sync across your array
- Ehcache interface (Java’s de facto get/put API) means no need to rip up code
- Additional platform certifications.
With an integrated infrastructure from Software AG, you can manage the entire lifecycle of your APIs. API Management powered by webMethods allows you to securely expose your APIs to external developers and partners.