API Security and Management

  • CA API Management

    The industry-leading family of API management gateways from CA Technologies offers unmatched flexibility, performance and security. Building on the foundation of its industry-leading SOA application gateway technology for exposing, securing and managing backend applications, network systems or infrastructure via APIs, CA Technologies has added critical mobile, cloud and REST composition features. With this additional functionality, CA API Gateways represent the best available solution for enterprises looking to open data and services to partners, developers, mobile apps, cloud services and smart devices.

    CA API Gateway features include:

    • Integrated Web, mobile and XML firewalling
    • Backend SOA connectivity across databases, applications, mainframes and middleware
    • Protocol transformation from legacy to REST and JSON
    • Advanced SAML, OAuth and XACML identity and access capabilities
    • Military-grade security certifications
    • Customizable API composition and virtualization capabilities
    • Cloud, mobile and social connectivity for simplified orchestration with outside services
    • SDK and API readiness for easy extensibility
    • Built-in clustering and availability features
    • Unmatched SLA and mobile optimization functionality

    The family of API Gateways from CA Technologies comes in multiple editions, based on your needs.

    API Proxy—a lightweight API Gateway for securing, managing, and scaling APIs

    CA Technologies API Proxy is a virtual API Gateway that gives API publishers a simple tool for securing, orchestrating and optimizing APIs and enforcing SLAs.

    The API Proxy can:

    • Protect APIs against attack and misuse.
    • Define and enforce API rate limits and SLA metrics.
    • Translate between JSON and XML.
    • Track and report on API usage and performance.
    • Mediate between API versions.
    • Cache identity calls or messages, for improved performance.
    • Integrate with existing corporate security resources like LDAP, AD and SSO.

    SOA Gateway—Advanced SOA Adaptation and Mediation Features

    The SOA Gateway is CA Technologies top-of-the-line API Gateway. The SOA Gateway offers all the RESTful features of the API Proxy plus advanced SOA security and mediation features for backend connectivity to databases, mainframes and applications. It can act as a lightweight enterprise service bus (ESB) with API identity, security and management built in.

    The SOA Gateway includes backend connectors to a diverse range of data stores, mainframes and legacy applications. It provides data translation, contextual routing, SLA management, caching, protocol switching and B2B functionality. It can also act as an API composition and virtualization endpoint for more complex orchestrations.

    To support DMZ deployments, the SOA Gateway includes Web application firewalling (WAF), mobile firewalling and API DoS capabilities. Like all CA Technologies Gateways, it has pre-built integrations with a wealth of enterprise infrastructure products, including all leading commercial IAM and message-oriented middleware solutions as well the most popular business intelligence and event correlation tools.

    Key features of the SOA Gateway include:

    • Flexible deployment as hardware, software, virtual machine or cloud image.
    • Integrated application and API security for Web and mobile.
    • Diverse backend connections to databases, applications and mainframes.
    • API adaptation and composition features.
    • Advanced SLA and performance optimization capabilities.
    • Clustering for scaling and high availability.

    Provide Seamless, Secure Access to API-Based Resources

    CA Technologies Identity Management products simplify the process of applying industry-standard identity and access management (IAM) technologies to apps and services that use APIs to access backend enterprise IT systems. CA Technologies products make it simple to use key standards like OAuth and SAML to implement API access control, Single Sign-On (SSO) and social login.

    CA Technologies simplifies implementation of key IAM technologies, which will prove crucial to the success of any enterprise API program by making it possible to:

    • Prevent unauthorized individuals from accessing sensitive backend IT assets.
    • Provide authorized users with seamless access to valuable data and functionality.

    Key Identity & Access Functionality for Enterprise APIs

    CA Technologies offers two core technology components that cover a wide range of identity and access use cases for enterprise APIs:

    • OAuth Toolkit: a complete OAuth implementation that leverages the CA API Gateway technology to enable both resource servers and authorization servers, including a set of configurable policy templates covering key OAuth use cases.
    • Security Token Service: A SAML-based Security Token Service that leverages the API Gateway Technology to perform general token mappings, generation of custom attribute-based tokens and a range of OAuth token operations in combination with the OAuth Toolkit.

    For advanced mobile use cases, CA Mobile API Gateway includes an SDK that simplifies implementation of Single Sign-On to enterprise-level apps.

  • api security management