Product Summary

The CA APIM product suite uses interoperable products to protect applications exposed as web services, connect applications across security and identity domains, and validate policy compliance end-to-end across a transaction. securespan_product_summary4

gateway83

See also CA API Gateway Components for a more detailed look at the Gateway itself.

API Gateway

The API Gateway is a policy-optimized and ASIC-accelerated XML Firewall and Web services gateway that protects and controls how shared web services are accessed by and exposed to external applications. In accordance with customer needs, the API Gateway is delivered in one of the following form factors:

As a software package running on general application servers or corporate-mandated hardware

As an ASIC-accelerated DMZ appliance, or

As a 64-bit ASIC-accelerated appliance for EAI or ESB implementations.

As the administrative application for the API Gateway, the Policy Manager documentation contains in-depth information for almost all API Gateway features and functions.

API Gateway - XML VPN Client

The API Gateway – XML VPN Client is a cross-domain enablement product designed to speed and secure web services integrations spanning identity and security domains. API Gateway – XML VPN Client is available in three form factors:

As class libraries

As a software executable

Integrated inside a API Gateway for drop-in partner connectivity and web services federation.

Policy Manager

The Policy Manager is a GUI-based application that allows administrators to centrally define, provision, verify, and audit fine-grained security and connectivity policies for cross-domain web services and XML integrations. The Policy Manager is available as software for Red Hat Enterprise Linux, Sun Microsystems Solaris, and Microsoft Windows operating systems. It is also available through a SOAP API. The Policy Manager is available as either a standard desktop client or a browser-based client running on a compliant Web browser.

Assertions by Product

The following table summarizes the assertions available in each version of the API Gateway. Note that your assertion folders may contain encapsulated assertions created by your organization.

For more information about the features available within each Gateway license, see the "Data Sheet" for the API Gateway at https://www.ca.com/content/dam/ca/us/files/data-sheet/ca-api-gateway.PDF

	API Proxy	XML Firewall	SOA Gateway
Access Control
Authenticate Against Identity Provider	X	X	X
Authenticate Against Radius Server			X
Authenticate Against CA Single Sign-On	X	X	X
Authenticate User or Group	X	X	X
Authorize via CA Single Sign-On	X	X	X
Check Protected Resource Against CA Single Sign-On	X	X	X
Exchange Credentials using WS-Trust		X	X
Extract Attributes for Authenticated User	X	X	X
Extract Attributes from Certificate	X	X	X
Perform Cassandra Query	X	X	X
Perform JDBC Query	X	X	X
Query LDAP	X	X	X
Require Encrypted UsernameToken Profile Credentials		X	X
Require FTP Credentials			X
Require HTTP Basic Credentials	X	X	X
Require HTTP Cookie	X	X	X
Require NTLM Authentication Credentials		X	X
Require Remote Domain Identity		X	X
Require SAML Token Profile		X	X
Require SSH Credentials			X
Require SSL or TLS Transport with Client Authentication	X	X	X
Require Windows Integrated Authentication Credentials		X	X
Require WS-Secure Conversation		X	X
Require WS-Security Kerberos Token Profile Credentials		X	X
Require WS-Security Password Digest Credentials		X	X
Require WS-Security Signature Credentials		X	X
Require WS-Security UsernameToken Profile Credentials		X	X
Require XPath Credentials	X	X	X
Retrieve Credentials from Context Variable	X	X	X
Retrieve Kerberos Authentication Credentials		X	X
Retrieve SAML Browser Artifact	X	X	X
Use WS-Federation Credential		X	X
Transport Layer Security (TLS)
Require SSL or TLS Transport	X	X	X
XML Security
(Non-SOAP) Check Results from XML Verification	X	X	X
(Non-SOAP) Decrypt XML Element	X	X	X
(Non-SOAP) Encrypt XML Element	X	X	X
(Non-SOAP) Sign XML Element	X	X	X
(Non-SOAP) Validate SAML Token	X	X	X
(Non-SOAP) Verify XML Element	X	X	X
Add or Remove WS-Security		X	X
Add Security Token		X	X
Add Timestamp	X	X	X
Build RST SOAP Request		X	X
Build RSTR SOAP Response		X	X
Build SAML Protocol Request		X	X
Build SAML Protocol Response		X	X
Cancel Security Context		X	X
Configure WS-Security Decoration		X	X
Create SAML Token	X	X	X
Create Security Context Token		X	X
Create XACML Request			X
Encrypt Element		X	X
Establish Outbound Secure Conversation		X	X
Evaluate SAML Protocol Response		X	X
Evaluate XACML Policy			X
Generate OAuth Signature Base String	X	X	X
Generate Security Hash	X	X	X
Look Up Certificate		X	X
Look Up Outbound Secure Conversation Session		X	X
Process RSTR Response		X	X
Protect Against Message Replay	X	X	X
Require Encrypted Element	X	X	X
Require Signed Element	X	X	X
Require Timestamp	X	X	X
Sign Element	X	X	X
Use WS-Security 1.1		X	X
Message Validation/Transformation
Add or Remove XML Element(s)	X	X	X
Add WS-Addressing		X	X
Apply JSON Transformation	X	X	X
Apply XSL Transformation	X	X	X
Compress Messages to/from SecureSpan XVC		X	X
Create JSON Web Key	X	X	X
Decode ID Token	X	X	X
Decode JSON Web Token	X	X	X
Decode MTOM Message	X	X	X
Encode/Decode Data	X	X	X
Encode JSON Web Token	X	X	X
Encode to MTOM Format	X	X	X
Enforce WS-I BSP Compliance		X	X
Enforce WS-I SAML Compliance		X	X
Enforce WS-Security Policy Compliance		X	X
Evaluate JSON Path Expression	X	X	X
Evaluate Regular Expression	X	X	X
Evaluate Request XPath	X	X	X
Evaluate Response XPath	X	X	X
Evaluate WSDL Operation		X	X
Generate ID Token	X	X	X
Process SAML Attribute Query Request		X	X
Process SAML Authentication Request	X	X	X
Replace Tag Content	X	X	X
Require WS-Addressing		X	X
Set SAML Response Status Code	X	X	X
Translate HTTP Form to MIME			X
Translate MIME to HTTP Form			X
Validate Certificate	X	X	X
Validate HTML Form Data	X	X	X
Validate JSON Schema	X		X
Validate MTOM Message	X	X	X
Validate or Change Content Type	X	X	X
Validate SOAP Attachments	X	X	X
Validate XML Schema	X	X	X
Message Routing
Configure Message Streaming	X	X	X
Copy Request Message to Response	X	X	X
Manage Cookie	X	X	X
Manage Transport Properties/Headers	X	X	X
Return Template Response to Requestor	X	X	X
Route via FTP(S)			X
Route via HTTP(S)	X	X	X
Route via JMS			X
Route via MQ Native			X
Route via Raw TCP			X
Route via SSH2			X
Service Availability
Apply Rate Limit	X	X	X
Apply Throughput Quota	X	X	X
Limit Availability to Time/Days	X	X	X
Look Up in Cache	X	X	X
Query Rate Limit	X	X	X
Query Throughput Quota	X	X	X
Resolve Service	X	X	X
Restrict Access to IP Address Range	X	X	X
Store to Cache	X	X	X
Logging, Auditing and Alerts
Accumulate Data in Memory	X	X	X
Add Audit Details	X	X	X
Audit Messages in Policy	X	X	X
Capture Identity of Requestor	X	X	X
Customize Error Response	X	X	X
Customize SOAP Fault Response	X	X	X
Send Email Alert	X	X	X
Send SNMP Trap	X	X	X
Policy Logic
Add Comment to Policy	X	X	X
All Assertions Must Evaluate to True	X	X	X
At Least One Assertion Must Evaluate to True	X	X	X
Compare Expression	X	X	X
Continue Processing	X	X	X
Create Routing Strategy	X	X	X
Execute Routing Strategy	X	X	X
Export Variables from Fragment	X	X	X
Generate UUID	X	X	X
Handle Errors	X	X	X
Include Policy Fragment	X	X	X
Join Variable	X	X	X
Look Up Context Variable	X	X	X
Look Up Item by Value	X	X	X
Look Up Item by Index Position	X	X	X
Manipulate Multivalued Variable	X	X	X
Map Value	X	X	X
Process Routing Strategy Result	X	X	X
Raise Error	X	X	X
Run All Assertions Concurrently	X	X	X
Run Assertions for Each Item	X	X	X
Set Context Variable	X	X	X
Split Variable	X	X	X
Stop Processing	X	X	X
Threat Protection
Limit Message Size	X	X	X
Protect Against Code Injection	X	X	X
Protect Against Cross-Site Request Forgery	X	X	X
Protect Against XML Document Structure Threats	X	X	X
Protect Against JSON Document Structure Threats	X	X	X
Protect Against Message Replay	X	X	X
Protect Against SQL Attacks	X	X	X
Scan Using ICAP-Enabled Antivirus	X	X	X
Validate JSON Schema	X	X	X
Validate OData Request	X	X	X
Validate or Change Content Type	X	X	X
Validate XML Schema	X	X	X
Internal Assertions
Collect WSDM Metrics	X	X	X
Convert Audit Record to XML	X	X	X
Handle UDDI Subscription Notification	X	X	X
Manage Gateway	X	X	X
REST Manage Gateway	X	X	X
Retrieve Service WSDL	X	X	X
Subscribe to WSDM Resource	X	X	X
Custom Assertions
Access Resource Protected by JSAM	X	X	X
Access Resource Protected by Oracle Access Manager	X	X	X
Authenticate using Tivoli Access Manager	X	X	X
Authenticate with CA Single Sign-On R12 Protected Resource	X	X	X
Execute Salesforce Operation	X	X	X
Scan using Symantec Antivirus	X	X	X

Content feedback and comments

CA API Gateway 9.1

Product Summary