API Gateway Requirements Template, Checklist and Gathering Document

This requirements table for API gateway products clearly outlines the key features and functionalities considered when evaluating vendors. We include security protocols supported, the ability to handle high traffic loads and scale automatically, support for multiple languages and frameworks, and customizable request and response handling. Other important considerations may include the level of technical support offered, the availability of detailed documentation and developer resources, and pricing and licensing options.

API Gateway Requirements Table

API Gateway

Customize these requirements in Taloflow and get expert ratings for 15 different vendors against all of the features in the table below, including Amazon API Gateway, Kong Gateway, and other important vendors.

Must have API authentication
Must have the capability to authenticate and authorize users before allowing access to the API.
Basic Authentication, Digest Access Authentication, Token-based Authentication
Compliance
Must have good policy management
Must have the ability to create and enforce policies that dictate how the API can be accessed and used.
Policy Tagging, Policy Bundling, Policy Versioning, Policy Deployment, Policy Design, Policy Enforcement
Policy Management
Must protect against attacks
Must have built-in security features to protect against common web application attacks such as SQL injection, cross-site scripting, and denial of service attacks.
IP Whitelisting/Blacklisting, Malware Detection, Malicious Scripting, System Overload
Attack Protection
Must provide protocol conversion
Must be able to convert between different protocols, such as HTTP to HTTPS, to ensure compatibility with different systems.
SOAP to JSON Conversion, JSON to SOAP Conversion, JSON to XML Conversion, XML to JSON Conversion
Service Orchestration
Must have traffic management
Must have the ability to manage and control incoming traffic to the API, including rate limiting and traffic shaping.
Traffic Prioritization, Quota Management, Caching, Throttling, Rate Limiting
Compliance
Traffic Management
Must support the API lifecycle
Must provide support for the entire API lifecycle, from creation and testing to deployment and management.
API Composition, API Virtualization, API Versioning, API Request Auditability
Service Orchestration
Must have identity management
Must have the ability to manage identities and access control for the API.
Identity Management, Okta, Authorization Services, SAML Support
Integration
Must provide access control
Must have the ability to control access to the API, including authentication and authorization.
Platform Access Levels, Platform Access Revocation, Anonymous Platform Access, Fine-grained Access
Access Control
Must support bulk data transfers
Must be able to handle large scale batch-based or file-based data transfers.
File-driven Message Interaction Mode, Bulk/batch Interaction Mode
Messaging
Must have data centers in different geographies
Must have data centers located in multiple geographic regions to provide low latency and high availability.
North America Region, South America Region, EU Region, Asia-Pacific Region
Service Orchestration
Must have good pricing
Must have a pricing model that is fair, transparent, easy to understand, and fits the use case.
Low Cost Pricing Per API Call, Low Cost Pricing for Low API Call Volume, Low Cost Pricing for API Gateways, Low Cost Pricing for High Egress
Pricing
Must have key management
Must have the ability to manage and secure keys used for encryption and authentication.
Key Management, Public Key Infrastructure (PKI), Single Sign-on (SSO)
Integration
Must provide message-level security
Must have the capability to secure messages at the transport and application layer to protect against eavesdropping and tampering.
Message Injection, Malformed Message, Message Depth Limit
Attack Protection

Confidently make your decision

Save months of soul-sucking research, communication overhead, and costly mistakes. Get your collaborative vendor evaluation today.
Get started