Security guidance

This guide describes the security features of API Gateway, API Manager, and API Portal and provides instructions and best practices for strengthening their security.

This guide provides instructions and recommendations to help you strengthen the security of API Gateway, API Manager, and API Portal. Security descriptions include:

  • How the product was developed in a secure way
  • A list of main security features
  • Secure configuration parameters, including the Secure by Default configuration
  • Identity and access management in this product
  • Best practices to use this product in a secure way

This guide is targeted at the following audiences:

  • Security teams in charge of auditing the security of the product
  • Global network engineers
  • Product administrators

Secure Development Lifecycle

Describes the Axway global secure development lifecycle (SDL).

Certifications and compliance

Certifications API management products have received, and standards they comply with.

Security features

Summary of the main security features of API Gateway, API Manager, and API Portal.

Identity and access management

Summary of the identity and access management features of API Gateway.

Security architecture

Architecture of API Gateway and API Portal from a security perspective.

Security configuration

Describes the main configurable security features of API Gateway, API Manager, and API Portal.

Secure by default configuration

Summary of the secure-by-default settings for API Gateway, API Manager, and API Portal.

Product certificates

Details of signed certificates used by API Gateway, and sample certificates that are shipped with API Gateway and API Portal.

Security best practices

Recommended best practices for securing API Gateway, API Manager, and API Portal.

Compliant configuration settings for Policy Studio

Reference to compliant settings for FIPS, NIST Suite B, and NIST Suite B TS.