This summer, we were one of the vendors that responded to the research requests for The Forrester Wave™: API Management Solutions, Q4 2018. This research project is led by Forrester’s vice president and principal analyst for application delivery and development, Randy Heffner, with whom I recently chatted about microservices and microgateways in a webinar. Randy’s research is extremely thorough, putting vendors through an exhaustive process answering more than 550 detailed questions with multiple rounds of reviews, followed by a rigorous product demo and discussion. Randy’s particular talent, other than having great technical depth and subject matter expertise, is his ability to sniff out any attempt at pulling the wool over his eyes. I learned many years ago to not try to sugar-coat product weaknesses behind marketing fluff, but that’s another story…
The great thing about Randy’s research is that it provides a very detailed assessment of a product’s strengths and weaknesses. This is why I am especially proud of our team for building a product that received the highest possible scores in the criteria of Portal for API users and API policy and security.
Forrester breaks the portal scoring down into two sub criteria: portal structure and customization, and API/portal searching and browsing. The Akana API Platform received the highest possible score in both. Below, we provide our comments on how we believe Akana performs in those areas:
- Portal structure and customization – The Akana portal can be customized for look and feel, content, layout, features, and much more. Customers that want their own unique portal style can always build their own UI using the published API that sits behind our portal.
- API/portal searching and browsing – The Akana portal uses Elasticsearch to provide rich indexing and search capabilities. It is built to have no resources in any navigation, ensuring that it can scale limitlessly with additional resources, and most importantly that as new resources (Apps, Apps, Groups, etc.) are added to the portal and gateway, they will automatically appear for new developers – depending on security and privacy settings, of course.
API policy and security is a much more complex area where we believe that Forrester answers the questions: How rich are the solution’s API policy and security features? And, what aspects of its policy tooling facilitate policy authoring for large sets of complex APIs? Forrester breaks this down into four sub criteria, with our product again earning the highest possible score in all four. The four sub criteria are shown below, along with our comments on how we believe Akana performs in each area.
- API security and rate limiting – The Akana platform offers a wide range of built-in policy for API authentication, authorization, quotas, and rate-limiting, delivered via a straightforward and usable core policy-authoring tools.
- Data validation and attack protection – The Akana platform offers a wide range of built-in policy for validating API data and preventing API-based attacks, delivered via a straightforward and usable core policy-authoring tools.
- SOAP-related API policy – When the solution is used to front APIs that an organization consumes (e.g., commercial APIs from another API provider, SaaS app APIs, backend legacy apps), the Akana platform provides policies and features to manage and control API consumption.
- Advanced policy tooling – The Akana platform provides advanced features and structures to help to author and manage complex policies across large sets of APIs.
We have long known that our solution is second to none in API security with features like:
- OAuth server deeply integrated with the core portal and gateway
- PKI with key/certificate generation and management
- Support for enforcement and implementation (essential for declarative mediation between REST and SOAP services) of the WS-Security specifications
- Comprehensive implementations of modern security specifications for RESTful APIs including OpenID Connect, JWT, JWS, JWE, and JOSE
- Threat mitigation for content and protocol attacks
There’s much more than this, but I don’t want to go on too much. Suffice it to say that we offer an excellent solution for helping to ensure the security of your enterprise in the face of a growing volume of attacks targeting APIs.
For more on this research and to view the whole report, click here.