Specifications include, but are not limited to: • API Creation and Design: o The ability to generate enterprise-grade API’s from multiple data sources – including RDBMS, existing API’s (REST and OData) and JSON with an efficient point-and-click interface. Provide wizard-based tools to generate APIs from database tables, database stored procedures, or to create REST APIs from SOAP web services. • API Publication/Consumption: o The ability to streamline API publication with a full suite of features including developer enrolment and onboarding, key management, provisioning and reporting. o The ability to consume third-party APIs (public or private). • API Access Control: o Control access and centralize connectivity between on-premise enterprise platforms and cloud applications as well as provide support for single sign-on (SSO) and identity management o Offer support for common standards such as OAuth 2.0, Open ID Connect, SAML, LDAP, and X.509 certificates to control who can access APIs, through authentication and authorization. • API Security: o Provide protection against OWASP vulnerabilities such as SQL injections, cross-site scripting, and DDoS attacks. o The ability to validate HTTP parameters, REST queries, JSON data structures, XML schemas and other payloads.