at Financial Technnology Year
This content is provided by FinTechBenchmarker.com who are responsible for the content. Please contact them if you have any questions.
Layer7 API Management from Symantec (Broadcom)
Secure API gateway, developer portal, lifecycle management, financial-grade security features, compliance with banking regulations, monitoring, and integration with legacy financial systems.
More about Symantec (Broadcom)
Product analysis by function
API Management for IT and Infrastructure
Systems for developing, managing, securing, and monitoring APIs that connect banking systems internally and with external partners.
More API Management
More IT and Infrastructure ...
API Security
(13 Yes /13 Known /13 Possible features)
|
OAuth 2.0 Support Ability to use OAuth 2.0 protocol for secure authorization. |
Layer7 documentation confirms OAuth 2.0 support for secure API authorization. | |
|
API Key Management Supports creation, issuance, and life-cycle management of API keys. |
API key management is a core API gateway feature, confirmed in public product documentation. | |
|
IP Whitelisting/Blacklisting Enable or restrict API access based on user IP addresses. |
Layer7 supports IP whitelisting/blacklisting as part of API security policies. | |
|
Rate Limiting Limits the number of requests a client can make to avoid abuse. |
Rate limiting is listed as a standard feature for Layer7 for abuse prevention. | |
|
Throttling Ability to control bandwidth and request frequency. |
Product supports API request throttling as a configuration option. | |
|
Data Encryption Supports encryption of data in transit and at rest (e.g., TLS, HTTPS). |
Layer7 provides end-to-end API data encryption (TLS, HTTPS) as part of compliance and security. | |
|
JWT (JSON Web Token) Validation Capability to validate JWTs for API access management. |
JWT token validation is available for modern API security workflows. | |
|
Audit Trails Tracks and stores all API access and activity logs for compliance and debugging. |
Audit trails for compliance and debugging are explicitly listed in security documentation. | |
|
DDoS Protection Protection mechanisms against Distributed Denial of Service attacks. |
DDoS protection included under security product enhancements. | |
|
Mutual TLS (mTLS) Supports mutual TLS authentication to secure API connections. |
Mutual TLS authentication (mTLS) is supported for strong banking/enterprise security. | |
|
Access Control Lists (ACLs) Ability to define detailed access permissions for API consumers. |
Access Control Lists can be configured for APIs per documentation. | |
|
Security Patch Management Automated updates for emerging threats and vulnerabilities. |
Security patching is addressed via Broadcom-managed updates. | |
|
Regulatory Compliance Certifications Supports and maintains compliance (e.g., PCI DSS, PSD2, GDPR) for financial data and operations. |
Layer7 is marketed as PCI DSS, PSD2, and GDPR compliant, for financial verticals. |
API Gateway Functionality
(10 Yes /10 Known /11 Possible features)
|
Request Routing Routes incoming API requests to appropriate backend services. |
Request routing is core to API gateway operations in Layer7. | |
|
API Aggregation Combines multiple API calls into a single request/response. |
API aggregation appears in Layer7's ability to compose/orchestrate API calls. | |
|
Caching Caches API responses to reduce backend load and latency. |
Caching is configurable at policy level, per documentation. | |
|
Load Balancing Distributes incoming API traffic among multiple backends. |
Load balancing described as available for inbound API traffic. | |
|
Protocol Transformation Converts between different protocols (e.g., REST, SOAP, gRPC). |
Protocol transformation (REST, SOAP, etc.) is a well-documented feature. | |
|
Content-Based Routing Routes requests based on content type or header values. |
Content-based routing is part of Layer7 rule-based policies. | |
|
URL Rewriting Ability to rewrite request URLs on the fly for routing efficiency. |
Documentation covers URL rewrite as routing feature. | |
|
Failover Support Automatic rerouting of traffic in case of backend failure. |
Failover support is included for high-availability deployments. | |
|
Timeout Configuration Customizable timeouts for upstream requests. |
Timeouts are configurable at the API/policy level. | |
|
API Mocking Ability to simulate API responses during development and testing. |
API mocking/simulation available for development environments. | |
|
Advanced Traffic Shaping Customizable traffic shaping rules for granular control. |
No information available |
Developer Experience
(10 Yes /10 Known /11 Possible features)
|
Interactive API Documentation Auto-generated documentation with try-it-out features (e.g., Swagger, OpenAPI). |
Interactive API documentation supported through developer portal; Swagger/OpenAPI support present. | |
|
API Sandbox Environment Safe, limited test environment for developer experimentation. |
API sandbox available for developer testing. | |
|
Self-Service Portal Portal for onboarding, documentation access, and API key management. |
Self-service developer portal is a headline feature. | |
|
SDK Generation Automated creation of SDKs in multiple languages for developers. |
SDK generation for developers is provided by Layer7's toolkit integrations. | |
|
Code Samples Includes quick-start code samples for faster developer onboarding. |
Code samples are available in official documentation and SDKs. | |
|
Comprehensive Error Codes Clear and consistent error messages with codes and explanations. |
Clear error code mapping and explanation available via documentation. | |
|
Change Log Communication Automated notifications on API updates and version changes. |
No information available | |
|
API Subscription Management Supports subscription plans for API access levels. |
API subscription level management and monetization are supported. | |
|
End-to-End Testing Tools Supports thorough testing across API endpoints. |
End-to-end testing features are mentioned for API lifecycle in developer portal. | |
|
API Usage Analytics for Developers Provides developers with real-time metrics for their API usage. |
Layer7 provides API analytics for developers. | |
|
Support Ticketing Integration Integrated support system for technical queries and issues. |
Support ticketing system integration is available via developer portal. |
Monitoring and Analytics
(8 Yes /9 Known /11 Possible features)
|
Real-Time Traffic Monitoring Provides live data on API usage metrics and performance. |
Live/real-time API usage metrics are available via analytics dashboard. | |
|
Request Latency Tracking Measures and reports time taken to process API requests. |
No information available | |
|
Error Rate Monitoring Tracks percentage of API requests resulting in errors. |
No information available | |
|
Health Checks Automated and on-demand status checks for API endpoints. |
Health check and monitoring integrations are mentioned as standard Layer7 feature. | |
|
Custom Dashboards User-configurable dashboards for monitoring APIs. |
Dashboards for users are featured in documentation. | |
|
Historical Data Retention Duration for retaining historical API usage and performance data. |
undefined
Historical data retention policies are configurable for compliance. | |
|
Integration with External Monitoring Tools Supports integration with platforms like Splunk, Grafana, Datadog. |
Integration with Splunk, Datadog, and other monitoring tools is supported. | |
|
Alert Notification System Sends alerts for threshold breaches and downtime. |
Configurable alerting/notification for API errors and traffic spikes. | |
|
Log Export and Archival Export logs for long-term storage and regulatory compliance. |
Log export and archival supported for compliance via API or file-based export. | |
|
Anomaly Detection Automatic detection of unusual API behavior. |
Anomaly detection for API traffic is referenced in security/analytics modules. | |
|
SLAs and Uptime Reporting Service Level Agreement and uptime tracking for each API. |
SLAs and uptime reporting are featured in Layer7's offering to financial clients. |
Integration and Interoperability
(9 Yes /9 Known /11 Possible features)
|
Support for Multiple API Protocols REST, SOAP, WebSockets, gRPC compatibility. |
Supports REST, SOAP, WebSockets (with plugins), as well as gRPC via transformation. | |
|
Enterprise Service Bus Integration Compatible with ESB solutions for orchestration and mediation. |
Integrates with ESB (Enterprise Service Bus) per product datasheets. | |
|
Legacy System Connectors Connects easily with mainframes and legacy banking systems. |
Legacy system connectors and mainframe integration are called out for banks. | |
|
Third-party Integration Marketplace Pre-built integrations with common fintech and regtech services. |
Marketplace for third-party fintech/regtech integrations exists for Layer7. | |
|
Event Streaming Support Supports event-driven architectures (e.g., Kafka, MQ). |
Event streaming (Kafka, MQ) supported through native integration and plugins. | |
|
API Orchestration Capability Orchestrates multiple APIs and business processes. |
API orchestration/workflow described in product architecture. | |
|
Standard Data Format Support Understands and processes JSON, XML, CSV, and more. |
JSON, XML, CSV, and others are supported according to documentation. | |
|
Multi-Cloud Support Deployable on different cloud platforms and hybrid architectures. |
Multi-cloud deployment is a described feature (AWS, Azure, hybrid cloud). | |
|
Service Discovery Integration Integrates with service registries (e.g., Consul). |
No information available | |
|
API Versioning Manages and routes multiple versions of APIs seamlessly. |
API version management and migration are documented in Layer7 features. | |
|
BPM/Workflow Engine Integration Interoperates with business process management tools. |
No information available |
Scalability and Performance
(8 Yes /8 Known /10 Possible features)
|
Horizontal Scalability Ability to add nodes and balance load automatically. |
Horizontal scale-out via clustering is supported. | |
|
High Availability Architecture Redundant components and failover to maximize uptime. |
High-availability and redundancy are standard for banking clients. | |
|
Throughput Capacity Total number of API requests handled per second. |
No information available | |
|
Load Testing Tools Includes tools for stress and performance testing APIs. |
Load testing tools are referenced for pre-production deployments. | |
|
Auto-Scaling Policies Automatic scaling based on real-time demand. |
Layer7 provides auto-scaling support in the cloud and elastic deployments. | |
|
Geo-Distributed Deployments Supports deployments across multiple geographic locations. |
Supports geo-distributed installs and hybrid multi-region deployments. | |
|
Low Latency Processing Optimized to minimize request/response latency. |
Low latency specifically promoted for Layer7 banking transactions. | |
|
Concurrent Connection Limits Maximum number of simultaneous client connections supported. |
No information available | |
|
Session Persistence Ability to maintain session/state across distributed systems. |
Session persistence is described in distributed deployment notes. | |
|
Fast Failover and Recovery Quickly re-routes traffic on failure for uninterrupted service. |
Fast failover for high-availability referenced in business continuity architecture. |
API Lifecycle Management
(9 Yes /9 Known /9 Possible features)
|
API Design Tools User-friendly tools for designing APIs (specifications, linting, etc). |
API design tools/formal definition editors are available. | |
|
Automated Deployment Pipelines CI/CD pipelines for consistent API release processes. |
Automated CI/CD deployment is part of Layer7 cloud integrations. | |
|
Version Control Tracks changes and rollbacks for API definitions and implementations. |
Version control and rollback for API configurations is available. | |
|
Lifecycle Stages Tracking Defines and manages API states: development, testing, production, deprecated. |
Lifecycle state management for APIs is in documentation. | |
|
Deprecation and Sunset Policy Enforcement Controlled migration paths and communication for deprecated APIs. |
Deprecation/sunset policy is a best practice enforced by Layer7. | |
|
Change Management Logging Monitors changes and notifies stakeholders. |
Change management and notifications are part of audit trail/logging. | |
|
Automated Testing Integration Integrates with automated test frameworks. |
Automated test framework integrations are possible per dev portal documentation. | |
|
Approval Workflows Multi-step approval for API publishing or promotion. |
Approval workflows for API deployment available for governed environments. | |
|
Rollback Mechanism Quickly revert to previous stable versions. |
Rollback mechanisms for APIs and policies are described in documentation. |
Regulatory and Compliance
(9 Yes /9 Known /9 Possible features)
|
Audit Logging Comprehensive, immutable records of every API activity. |
Audit logging (immutable logs) is standard for compliance in Layer7. | |
|
Privacy Controls Strict controls for personal and sensitive data processing. |
Fine-grained privacy controls are supported to address bank compliance needs. | |
|
GDPR Compliance Supports mechanisms for data rights and protection under GDPR. |
Global financial regulation compliance including GDPR visible in compliance literature. | |
|
PCI DSS Support Meets requirements for processing and storing payment card data. |
PCI DSS certification referenced for payment/financial clients. | |
|
PSD2/Open Banking Readiness Supports open banking standards and frameworks. |
PSD2 support indicated specifically for banking API programs. | |
|
Consent Management Tracks and enforces customer consent for data sharing. |
Consent and data sharing management features included for privacy compliance. | |
|
Data Residency Controls Enforces policies on where data can be physically stored. |
Data residency controls and configurations described for global/regional banks. | |
|
Retention & Deletion Policies Automates retention and deletion per regulatory timelines. |
Retention and automated deletion policy configuration available. | |
|
Automated Compliance Reporting Generates reports to demonstrate compliance. |
Automated compliance reporting is available for audit and regulatory needs. |
User and Access Management
(9 Yes /9 Known /9 Possible features)
|
Role-Based Access Control (RBAC) Granular user permissions based on assigned roles. |
RBAC (Role-based Access Control) supported and configurable. | |
|
Single Sign-On (SSO) Integration with enterprise authentication solutions. |
Single Sign-On integrations included (SAML/LDAP). | |
|
Multi-Factor Authentication (MFA) Enforces strong two-factor user verification. |
Multi-factor authentication (MFA) documented in security features. | |
|
User Provisioning Automation Automated creation, update, and deactivation of user accounts. |
Automated user provisioning and de-provisioning available. | |
|
Delegated Administration Allows specific user groups to manage access. |
Granular delegated admin controls in policy management. | |
|
Session Management Controls and monitors user session durations and activity. |
Session management and monitoring described in administration manual. | |
|
Access Review and Recertification Periodic verification of user access rights. |
Access review/recertification can be audited for compliance checks. | |
|
External User Federation Allows federated login for third-party or partner users. |
External user federation (including partner logins) is supported. | |
|
Entitlement Management Assign and manage granular entitlements to users. |
Granular entitlements and access policies are available. |
Operational and Maintenance Features
(8 Yes /8 Known /8 Possible features)
|
Zero-Downtime Upgrades Ability to patch or upgrade system components without impacting users. |
Zero-downtime upgrades referenced in high-availability documentation. | |
|
Automated Backups Schedules and manages regular backups. |
Regular backups automated as part of operational procedures. | |
|
Disaster Recovery Support Failover and restore processes for high system resilience. |
Full disaster recovery and failover architecture cited for banking/financial clients. | |
|
Rollback Capabilities Quick reversion to previous system states after failed changes. |
Rollback for failed config/system changes is available. | |
|
Remote Management API API for managing infrastructure remotely. |
Remote management API is part of IT administration tooling. | |
|
Automated Configuration Management Tools for managing configuration drifts and automating changes. |
Automated configuration management supported for cloud/hybrid deployments. | |
|
Self-Healing Mechanisms Automated corrective actions for detected failures. |
Self-healing mechanisms referenced in cloud-native deployment practices. | |
|
Maintenance Window Scheduling Automated notifications and controls for system maintenance. |
Maintenance window notifications and controls available. |
Cost Management and Optimization
(8 Yes /8 Known /8 Possible features)
|
Usage-Based Billing Support Cost tracking for internal/external API use, supporting chargebacks. |
Usage-based billing, chargebacks, and metering supported. | |
|
Quota Management Enables the enforcement of usage quotas for users/applications. |
Quota (per user/app) configuration supported in Layer7. | |
|
Cost Analytics and Forecasting Provides insights and trends in API-related expenses. |
Cost analytics and forecasting dashboards available. | |
|
Budget Alerting Sends notifications if API usage approaches or exceeds budget. |
Budget alert/notification system available for API usage. | |
|
Resource Optimization Recommendations Suggests ways to optimize API and infrastructure usage. |
Resource optimization recommendations provided in analytics tooling. | |
|
Granular Cost Allocation Assigns costs to departments, projects, or teams. |
Granular cost allocation (by team/project) referenced. | |
|
License Management Tracks feature/component licensing and compliance with agreements. |
License management supported for compliance with use agreements. | |
|
Pay-as-you-go Support Ability to implement flexible pricing models based on real usage. |
Pay-as-you-go and flexible usage-based pricing supported. |
This data was generated by an AI system. Please check
with the supplier. While you are talking to them, remind them that they need
to update their entry.