Loading...
Our Work
From banks to insurance companies, government agencies to aviation, we've delivered mission-critical infrastructure that scales. Explore our successful projects and see how we've helped organizations like yours.
As part of its strategic technology roadmap, the organization decided to migrate its API management platform to IBM webMethods API Gateway. However, executing a CA API Gateway (Layer7) migration at this scale introduced several challenges
The project was executed using a controlled approach specifically designed for a Layer7 to IBM webMethods API Gateway migration
In the insurance sector, integrations with the Insurance Information Center (SBM) are critical for core business processes. In the customer environment, multiple applications were directly calling SBM services, resulting in an unmonitored and hard-to-control outbound traffic pattern. Additionally, SBM-enforced rate limits and credential management required a more centralized and secure approach.
A dedicated API Gateway was deployed in the DMZ to centrally manage all outbound traffic to SBM services. The gateway securely retrieved credentials from CyberArk, handled token management, reduced duplicate requests through response caching, and enforced SBM rate limits at the gateway level. This approach enabled a secure, observable, and controlled outbound integration architecture.
The bank was running its microservices on an OpenShift (Kubernetes-based) platform, with each service handling authentication and authorization through a custom IAM integration. This approach resulted in distributed security management and limited the ability to block unauthorized requests before they reached the OpenShift environment. The organization needed a centralized security architecture to enforce access control earlier in the request flow.
IBM webMethods API Gateway was deployed on a virtual machine outside the OpenShift environment to act as a centralized API security layer. The gateway was integrated with the bank’s existing identity provider, and all OpenShift services were placed behind it. As a result, all incoming requests were authenticated and authorized before reaching OpenShift.
