Specifications include, but are not limited to:
• API Creation and Design:
o The ability to generate enterprise-grade API’s from multiple data sources – including RDBMS, existing API’s (REST and OData) and JSON with an efficient point-and-click interface.
Provide wizard-based tools to generate APIs from database tables, database stored procedures, or to create REST APIs from SOAP web services.
• API Publication/Consumption:
o The ability to streamline API publication with a full suite of features including developer enrolment and onboarding, key management, provisioning and reporting.
o The ability to consume third-party APIs (public or private).
• API Access Control:
o Control access and centralize connectivity between on-premise enterprise platforms and cloud applications as well as provide support for single sign-on (SSO) and identity management
o Offer support for common standards such as OAuth 2.0, Open ID Connect, SAML, LDAP, and X.509 certificates to control who can access APIs, through authentication and authorization.
• API Security:
o Provide protection against OWASP vulnerabilities such as SQL injections, cross-site scripting, and DDoS attacks.
o The ability to validate HTTP parameters, REST queries, JSON data structures, XML schemas and other payloads.