This document summarizes a presentation about developing custom policies to secure enterprise APIs using CA API Gateway. The presentation covers an introduction to services, policies, and assertions in API Gateway and how they are used to secure APIs. It then demonstrates securing an API in a live demo and discusses performance considerations and troubleshooting policies. The agenda includes introductions to core concepts, securing an API, performance factors, and troubleshooting.

1. Developing Custom Policies to
Secure Your Enterprise APIs
Jamie Williams
Senior Software Engineer
CA Technologies
DO3X47EV
DEVOPS

2. 3 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
© 2016 CA. All rights reserved. All trademarks referenced herein belong to their respective companies.
The content provided in this CA World 2016 presentation is intended for informational purposes only and does not form any type of
warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA.
For Informational Purposes Only
Terms of this Presentation

3. 4 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Abstract
In this session on CA API Gateway we'll focus on basic policy creation and demonstrate the ease
with which enterprise APIs can be secured.
We will also spend some time on policy performance factors, troubleshooting, and
understanding points of failure when securing APIs.
Jamie
Williams
CA Technologies
Senior Software
Engineer

4. 5 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Agenda
INTRODUCTION TO SERVICES, POLICIES, AND ASSERTIONS
SECURING YOUR API
PERFORMANCE CONSIDERATIONS
TROUBLESHOOTING
1
2
3
4

5. 6 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Introduction to Services, Policies, and Assertions
 A Service is a logical construct that represents the sum of the
API calls the client side can call to access the service that the
Gateway is protecting
 Every service has a policy that implements an individual flow
of data between the client and the back-end service
 Assertions are the building blocks of policy that determine the
authentication method, identity credentials, transport
method, and routing method for the service

6. 7 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Live Demo

7. 8 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Recommended Sessions
SESSION # TITLE DATE/TIME
DO3X49E
CA API Gateway: Managing and migrating Gateway
policies with the Gateway Migration Utility
11/14/2016 at 11:00 am
DO3X52E
CA Mobile App Services: Build the Powerful Mobile App
Every Enterprise Needs in Under an Hour
11/14/2016 at 1:00 pm
DO3X51E
Workshop on Policy Creation, Management and Support
for OAuth and OIDC in CA Mobile API Gateway
11/14/2016 at 2:00 pm

8. 9 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Questions?

9. 10 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD
Thank you.
Stay connected at communities.ca.com

10. @CAWORLD #CAWORLD © 2016 CA. All RIGHTS RESERVED.11 @CAWORLD #CAWORLD
DevOps – API Management and
Application Development
For more information on DevOps – API Management and
Application Development, please visit: http://cainc.to/DL8ozQ