Axway (NYSE Euronext: AXW.PA), a market leader in governing the flow of data, is a global software and services company with more than 11,000 public- and private-sector customers in 100 countries. For more than a decade, Axway has empowered the world’s top organizations with proven solutions that help manage business-critical interactions through the exchange of data flowing across the enterprise, B2B communities, the cloud and mobile devices.
Axway provides cloud integration, API and Identity management software that extends enterprise boundaries and empowers customers to govern the flow of data.
Axway provides Validation Authority software for the DOD CAC Card. They have a new API Gateway that can be added to VA Repeaters and Responders which adds a powerful policy engine that can add fine grained Authentication and Authorization to OCSP. This means that you can have far more control over when how and why users access your network and the data sets they are asking to see. You can even control the amount of data they can download. Axway is on more than 4 million desktops today. This additional level of security is a significant addition to the current OCSP deployment in the DOD.
The DOD is currently evaluating the APG Gateway for information sharing with coalition partners. It has the ability to take a foreign cert, validate it, and then swap it for a DOD Cert and use the DOD cert to fetch the requested information, bring it back to the gateway and hand it off. In this way the foreign user is never in the DOD gateway but all information requests are monitored and tracked and associated with the original requestor.
From the Axway website:
Deploy Web APIs securely and efficiently
Delivering Web APIs requires security, management, and protocol mediation. Underlying SOAP Web Services require conversion to lightweight REST APIs, as well as data transformation. In addition, standards such as OAuth, SAML, and WS-Security must be supported.
Axway API Gateway provides a platform for deploying and managing APIs, internally and across the firewall, regardless of protocol or authentication mechanism.
Axway API Gateway is available as:
- Hardware Appliance
- Virtual Appliance
- Installable Software for Windows, Linux, and Solaris
- Amazon AMI
Manage security requirements
Web APIs require authentication of the calling client, such as a mobile app. Different organizations and APIs use different authentication schemes. For example:
- Mobile APIs use API Keys with OAuth, while SOA Services use WS-Security
- Mutual SSL with X.509 certificates is widely used for authentication
In addition, APIs must be protected from attacks, at the protocol level and at the content level. This involves detecting and blocking attacks such as Denial-of-Service, JSON prototype attacks, and SQL Injection. Recently, a number of high-profile APIs have been successfully attacked.
Using Axway API gateway, an organization can:
- Apply security policies to its Web APIs to control access and block attacks
- In conjunction with the Axway API Portal, manage developer access to Web APIs
- Insert security tokens – including SAML Assertions and JSON Web Tokens (JWT) – into REST and SOAP requests
API protocols come in many varieties. Newer Web-centric APIs tend to be based on REST and JSON, while Web Service-style APIs are typically based on SOAP and XML. Traditional EDI-style APIs rely on FTP-based secure file transfer protocols. Even REST-style APIs have a number of different popular coding patterns. Message and payload also come in a broad range of formats, based on any number of industry standards and proprietary formats.
In addition, SOAP and REST APIs are often deployed in front of protocols such as JMS, or a database using SQL. A common usage of Axway API Gateway is to deploy Web APIs in front of backend JMS based message queues, or SQL databases. Protocol mediation is provided as standard.
Axway API Gateway performs protocol transformation, such as SOAP-to-REST and XML-to-JSON, on the fly. Acting as an API gateway that mediates protocols, it enables applications to call any partner API without explicit support for the protocol used by that API.
Monitor API Usage
Once an organization deploys APIs, it is important to monitor their usage. Axway API Gateway provides full API monitoring, including:
- Application of SLAs (Service Level Agreements) to APIs
- Full round-trip monitoring of APIs, including details of back-end service performance
- Per-API and per-client monitoring
- Ability to monitor client attributes (for example, compare iPhone and Android usage of APIs)
Virtualize, aggregate and mash-up APIs
Through a simple drag-and-drop user interface, without coding or scripting, Axway API Gateway enables organizations to:
- Link APIs together in order to create composite services
- Cache traffic from API calls, or from databases or message queues
- Virtualize third-party APIs to control the propagation of changes from source APIs
For more info see: http://www.axway.com/