API Gateway Platform and Vendor Analysis Best Practices

Story

When evaluating API Gateway platforms, there are a number of capabilities to consider. Below I have provided a list of such capabilities for API Gateways that you should score the platforms (and vendors) on. This is a high level list, and I have a more detailed list if interested in reviewing for evaluation purposes. Also, this article is focused just on API Gateway capabilities. I will publish 2 more articles focused on 2 more capabilities to evaluate platforms (and vendors) on: (1) API Management (2) API Portals.

Please reach out to me if you would like to discuss or review these capabilities in more detail with your team at: Jordan.Braunstein@visualintegrator.com . I have personally evaluated and score-carded the following API Gateway Platforms (in no particular order):

  • MuleSoft
  • WSO2
  • Kong
  • AWS API Gateway
  • Azure API Gateway
  • Gravitee
  • Boomi
  • Redhat 3Scale
  • CA Layer 7
  • Apigee

Pricing and Vendor Overview

  1. Core Product Pricing Model
  2. Product Support Model

Security

  1. Support for HIPAA and PHI Protection
  2. PCI Compliance
  3. Use of Open Source Software and Plugins that are vulnerable to Security
  4. Support for OAuth 2.0, JWT, OpenID Connect and SAML
  5. Security Policies provided out of the box (OAuth 2 validation, IP Filtering, Client Certificates, JWT Validation, OpenID Connect, Integration with External Identity Provider)
  6. Integration with Identity Management Platforms

Infrastructure and Architecture

  1. Scalability and Redundancy
  2. Support for Containers, Docker, etc.
  3. Cloud vs On-Premise Installations
  4. Support for Serverless Architecture on a Cloud Provider

Configuration and Development Features

  1. Installation Complexity
  2. Custom Policy Development Kit
  3. Throttling solution
  4. Documenting APIs on the Gateway

Enterprise Runtime Features

  1. Logging
  2. Monitoring and Alerts, including Integration with External Monitoring Platforms
  3. Technical Analytics
  4. Caching
  5. Micro Gateways
  6. Business Analytics (Scraping or dripping Payloads for BI)
  7. Training
  8. Debugging and Testing Tools
Jordan Braunstein, CTO