Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 2 TIBCO API Exchange Gateway : Gateway Functional Overview
Gateway Functional Overview
TIBCO API Exchange Gateway controls API access and associated event flows by enforcing policies that determine the following:
Whose requests are handled (authorization, authentication).
When requests are handled (throttling)
Where requests are handled (routing)
How requests are handled (transformation, mediation).
Figure 3 shows a functional diagram of API Gateway.
Figure 3 Functional View of the API Gateway
Policies
TIBCO API Exchange Gateway allows API providers to enforce business and technical requirements, including security, validation, and service level agreements through declarative policies.
TIBCO API Exchange includes the following policies:
Security Policies  Provide authentication, authorization, encryption, validation, and digital signature and certificate management. Support is provided for WSS Username Token, SAML, X.509, Kerberos, OAuth, and LDAP.
Validation Policies  Check content against schemas or rules and reject invalid or hostile messages.
Throttle Policies  Provide limits or quotas by partner, service, or other criteria. Throttles can be based on request rate, concurrent load, or error rate and used to restrict access at the façade (such as through a commercial SLA or product plan), or against the target service (technical throttle).
Transformation and Mediation Policies  Transformation policies provide transformation of request, response, and fault messages.
Logging  Traces requests for audit or debugging.
Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved