API Gateways—the Digital Traffic Controller

Maintain the security of your APIs

An API gateway maintains a secure connection between your data and APIs, and manages API traffic, both inside and outside your company.

The Mashery API gateway provides a wide range of policies for fine-grained control over how, when, and from where your user community can access your APIs. The API Management Control Center gives you the tools to fully control your API once it is live. The traffic manager acts as an information highway “traffic cop” ensuring that your servers remain protected against unauthorized access and overloading. Define security and runtime policies for your API traffic so that you can stay in complete control of your assets. Security and API behavior is managed through endpoint policies such as authentication, throttling, and caching that optimize runtime performance of your APIs. The gateway is available in SaaS, in your own private cloud or on-prem. This allows for a single system view of all gateways, mixing embedded microgateways, on-prem, or SaaS.

What is an API Gateway?

An API Gateway is a wrapper around a service that separates the interface from the actual backend service or data, and applies policies, authentication, and general access control for API calls to protect valuable data.


Prevent Unauthorized Access

APIs deliver strong business value, but can also present a serious business risk if your data is compromised. The TIBCO Cloud™ Mashery® API gateway prevents unauthorized access to your production data and backend systems.

Secure Data Transmission

Access control is just one layer of security. Mashery's API management platform also ensures that all data in-transit is fully encrypted to protect against attempts to monitor or intercept it.

API Gateways to Control API Traffic Spikes

Control API Traffic Spikes

The Mashery API Gateway is designed to scale as needed to support API call volumes, but also provides a wide range of policies for fine-grained control over how, when, and from where, your user community can access your APIs.

Choose from Hybrid Deployment Options

Manage your API traffic in the SaaS cloud, on-premises, or any combination of the two. Deploy your API gateways as required to align with the needs of your business and your app infrastructure.

Event-driven API Microgateway

TIBCO Flogo® Enterprise—the commercial, fully supported version of open source Project Flogo®—is a microgateway that works seamlessly with TIBCO Cloud™ Mashery® to enable developers to created API-led and event-driven microservices. This embeddable microgateway can then be deployed to any infrastructure: on-premises, at the edge in devices, and in web-scale serverless environments.


Federated API Gateways

Federated Gateways

Deploy and run your API gateways on-premises or in the cloud—and manage them centrally as a single pane of glass.

API Gateway to provide Traffic Throttling & Caching

Traffic Throttling & Caching

Set API traffic limits at the API, method, developer, or key level. Enforce local or global caching and geo routing policies.

API Gateway - Secure Access Control

Secure Access Control

Use SAML and/or OAuth2 authentication and allow local control of SSL termination and secrets management for keys.

API Gateway with Full Data Encryption

Full Data Encryption

Fully encrypt both inbound and outbound data traffic using SSL. Mashery also supports industry security specifications, such as PCI, HITRUST

API Gateway Runs in Docker

Runs in Docker

Deploy Mashery Local to any environment that supports Docker containers, such as Amazon Web Services, Kubernetes, or Azure.

API Gateway with Custom Extension Points

Custom Extension Points

Using our adapter SDK,write your own custom logic for integrating with existing IT infrastructure, such as identity management systems.

Learn more about API Management

See how TIBCO Cloud Mashery is a leader in API Management.