Ambassador Edge Stack and APISIX are sometimes compared for numerous use cases in API Gateway. We have a detailed features table below. You can also customize your requirements and get expert ratings comparing these two solutions against hundreds of data points across Security, Lifecycle, Pricing, Use Case Fit, Attack Protection, Access Controls, Integration, Observability, Traffic Management, Policy Management, Service Orchestration, Compliance, Authentication and Performance.
Ambassador Edge Stack is a cloud native API gateway and a Kubernetes native microservices management platform. Ambassador uses the Envoy proxy as its core proxy. At its core, Ambassador is designed to serve as an ingress controller for Kubernetes. In this capacity, it acts as the entry point for external traffic into the Kubernetes environment.
APISIX is a high-performance, cloud native API gateway designed for microservices and serverless architectures. It offers features including dynamic routing, dynamic upstream, dynamic certificates, A/B testing, canary release, blue-green deployment, limit rate, defense against malicious attacks, metrics, monitoring alarms, service observability, service governance, and more.
Customize these feature priorities in Taloflow and get expert ratings for your exact use case.
| Feature | Dimensions | Description | Ambassador | APISIX |
|---|---|---|---|---|
| Platform Access Revocation |
|
Administrators can block or suspend consumers, revoke developer access, and block all related applications. | Poor | Poor |
| Policy Bundling |
|
Bundle multiple policies. | Poor | Poor |
| Policy Deployment |
|
Live configuration deployment of policies without any downtime. | Poor | Poor |
| Policy Design |
|
Combine service tiers, security policies, mediators, and monetization schemes into a pre-built 'plan' that may be attached to an API definition. | Poor | Poor |
| Policy Enforcement |
|
Enforce API runtime policies and API lifecycle policies. | Poor | OK |
| Policy Tagging |
|
Specify rules that are only applicable to resources when they are tagged. | Poor | OK |
| Policy Versioning |
|
Manage multiple versions of a policy. | OK | OK |
| API Composition |
|
Aggregate results from multiple service interfaces into a single result. | OK | OK |
| GraphQL |
|
Support for GraphQL with Rest APIs to extract data from multiple underlying APIs. | NA | NA |
| OData |
|
Support for Open Data Protocol (OData) for defining and consuming the APIs. | Poor | Poor |
| RAML |
|
Support for Restful API Modelling Language (RAML) which uses YAML for describing the APIs. | OK | OK |
| gRPC |
|
Support for Remote Procedure Calls (RPC) APIs that are sent over HTTP 2.0. | OK | Poor |
| Malformed Message |
|
Protects the API from malformed packet and message attacks. | Poor | Poor |
| Malicious Scripting |
|
Detects cross-site scripting attacks. | Poor | Poor |
| Malware Detection |
|
Detects malware embedded in attachments. | Poor | Poor |
| Message Depth Limit |
|
Detects and prevents excessive XML/JSON depth and breadth attacks. | Poor | Poor |
| Message Injection |
|
Monitors for SQL, JavaScript, and Xpath/Query injection attacks. | Poor | Poor |
| Parameter Inspection |
|
Protects against parameter attacks that exploit the data sent into an API. | OK | Poor |
| System Overload |
|
Throttles throughput based on values you configure to protect downstream systems. | OK | OK |
| API Abuse Detection |
|
Detect abnormal use of API for methods that are outside of the intended or acceptable use cases | OK | OK |
| API Revocation |
|
Ability to block an API subscription and completely restrict an application. | OK | OK |
| Anonymous Platform Access |
|
Expose unrestricted information to anyone, without tracking API usage, consumer applications, or the user's identity. | Poor | Poor |
| Custom Authentication Methods |
|
Define custom authentication methods for allowing access to the services. | OK | OK |
| Domain Policies |
|
Enforce access control across multiple developer communities. | OK | OK |
| Fine-grained Access |
|
Limit access to API operations by API consumer or restrict consumption access to specific API operations. | NA | NA |
| IP White/Blacklisting |
|
Block or allow requests from an IP address without checking whether the requests are malicious. | OK | Poor |
| Platform Access Levels |
|
Define what information different users on the account can access and edit. | Poor | Poor |
| RBAC |
|
Define custom user roles and associated permissions. Administrators, publishers and consumers can have role-based access controls defined by API endpoint. | Great | NA |
| Akamai |
|
Support integration with Akamai. | Poor | OK |
| Amazon CloudFront |
|
Support integration with Amazon CloudFront. | Poor | Poor |
| Authorization Service |
|
Integrate an external OAuth resource server, external right repositories and authorization services. | Poor | OK |
| Azure CDN |
|
Support integration with Azure CDN. | Poor | Poor |
| CacheFly |
|
Support integration with CacheFly. | Poor | Poor |
| CloudFlare |
|
Support integration with CloudFlare. | OK | OK |
| Cyber Ark |
|
Support integration with Cyber Ark. | Good | OK |
| Directory Service |
|
Integrate with existing directory services (e.g. internal LDAP, Microsoft Active Directory). | Poor | Poor |
| Fastly |
|
Support integration with Fastly. | NA | NA |
| ForgeRock |
|
Support integration with ForgeRock. | NA | NA |
| Google Cloud CDN |
|
Support integration with Google Cloud CDN. | Great | NA |
| IBM Security Verify |
|
Support integration with IBM Security Verify. | OK | OK |
| Identity Management |
|
Provides an identity management solution or allows you to work with your pre-existing identity management solution. | Poor | Poor |
| Key Management |
|
Integrate with external secure token services. | Poor | Poor |
| Micro Focus |
|
Support integration with Micro Focus. | Poor | Poor |
| Microsoft Active Directory |
|
Support integration with Microsoft Active Directory. | OK | Poor |
| Okta |
|
Support integration with Okta. | OK | Poor |
| OneLogin |
|
Support integration with OneLogin. | OK | Poor |
| Ping Identity |
|
Support integration with Ping Identity. | Poor | Poor |
| Public Key Infrastructure (PKI) |
|
Integrate with external Public Key Infrastructure (PKI). | Poor | OK |
| Single Sign-on (SSO) |
|
Configure Single Sign-On (SSO) using SAML 2.0 for easy integration with existing web applications. | Great | Great |
| StackPath |
|
Support integration with StackPath. | OK | Poor |
| Basic Authentication |
|
A simple authentication scheme that is built into the HTTP protocol. | Poor | Poor |
| CCPA |
|
Regulation on data protection and privacy of the data tied to residents of California. | OK | OK |
| Digest Access Authentication |
|
Method of authentication wherein a request from a potential user is received by a network server and then sent to a domain controller. | Poor | OK |
| FedRamp |
|
Ensures that the government security requirements outlined in NIST 800-53 are met and supplemented by the PMO of FedRAMP. | NA | NA |
| GDPR |
|
Regulation on data protection and data privacy tied to EU residents. | NA | NA |
| HIPAA |
|
Demonstrates security and compliance with standards of the healthcare industry. | OK | OK |
| HITRUST |
|
Demonstrates compliance with HITRUST CSF which is an industry-agnostic certifiable framework for regulatory compliance and risk management. This framework, developed by the not-for-profit organization HITRUST, contains a set of prescriptive controls that relate to the organizational processes and technical controls for processing, storing, and transmitting sensitive data. | Poor | Poor |
| OAuth |
|
Open standard authorization framework. | Poor | Poor |
| OpenID |
|
Support for pen standard and decentralized authentication protocol OpenID. | OK | Poor |
| PCI |
|
Standard that ensures security guidelines are met for all entities that store, process, or transmit cardholder data and/or sensitive authentication data. | OK | Poor |
| PSD2 |
|
Demonstrates compliance with European regulations related to the Payment Services Directive. | Poor | Poor |
| SAML Support |
|
Support for SAML, an XML based open standard for transferring data between two parties. | NA | NA |
| SOC |
|
Standard promoted by the American Institute of CPAs that ensures the integrity and privacy of customer data. | OK | OK |
| SSL/TLS |
|
Secure server communication using SSL/TLS. | OK | Poor |
| Token-based Authentication |
|
Support for generating application tokens and authenticating using tokens. | NA | NA |
| Traffic Prioritization |
|
Detect abnormal use of API for methods that are outside of the intended or acceptable use cases. | OK | NA |
| WS-Security |
|
Support for WS-Security, an extension of SOAP for more secure web services. | OK | NA |
| Caching |
|
API caching reduces the number of calls made to your endpoint. | Poor | Poor |
| Content-based Routing |
|
Route the requests based on the content. | OK | OK |
| Quota Management |
|
Provide API administrators the ability to assign specific API call limits based on classes of users. | Poor | Poor |
| Rate Limiting |
|
Limits the number of requests an API can accept within a time window. | Poor | OK |
| Throttling |
|
Limits the number of API requests a user can make within a time window. | OK | Poor |
| Low-Cost Pricing Per API Call |
|
Pricing model is economical for medium to high amounts of API calls (3M+ calls a month). | Poor | Poor |
| Low-Cost Pricing for API Gateways |
|
Pricing model is economical for API Gateways. | Poor | Poor |
| Low-Cost Pricing for High Egress |
|
Pricing model is economical for high amounts of egress or data transfer. | Poor | Poor |
| Low-Cost Pricing for Low API Call Volume |
|
Pricing model is economical for a low API call volume (<1M calls a month). | OK | Poor |
| API Request Auditability |
|
Run reports to see requests were made. | OK | Poor |
| API Versioning |
|
Virtual API versioning within the API gateway. | OK | OK |
| API Virtualization |
|
Support for creating a virtual copy of your API. | OK | OK |
| Asia-Pacific Region |
|
Data center available in the Asia-Pacific region. | Poor | Poor |
| AsyncAPI |
|
Support for the API specification format that uses asynchronous messaging and event-based communication patterns. | OK | Poor |
| EU Region |
|
Data center available in the European Union region. | Great | NA |
| JSON to SOAP Conversion |
|
Support for converting SOAP to JSON, or JSON to XML. | OK | OK |
| JSON to XML Conversion |
|
Support for converting SOAP to JSON, or JSON to XML. | Good | OK |
| North America Region |
|
Data center available in the North America region. | Poor | Poor |
| OAS/Swagger |
|
Support for the Open API Standard (OAS) used when designing Restful APIs. | Poor | Poor |
| SOAP to JSON Conversion |
|
Support for converting SOAP to JSON, or JSON to XML. | NA | Great |
| South America Region |
|
Data center available in the South America region. | OK | OK |
| XML to JSON Conversion |
|
Support for converting SOAP to JSON, or JSON to XML. | OK | NA |
Taloflow does not guarantee the accuracy of any information on this page including (but not limited to) information about 3rd party software, product pricing, product features, product compliance standards, and product integrations. All product and company names and logos are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation or endorsement. Vendor views are not represented in any of our sites, content, research, questionnaires, or reports.