Deliver high-speed performance without sacrificing security
Security for IBM API Connect® is built on the powerful IBM DataPower® Gateway, which was developed on a foundation of performance. With more than 2,000 clients and 15 years of success in mission-critical environments, DataPower Gateway is one of the most resilient, feature-rich, performant and secure gateway platforms on the market.
While DataPower Gateway is the ultimate enforcer at runtime, API Connect’s built-in security includes the ability to set up access control for both API providers and consumers by using role-based permissions, API packaging constructs, and subscription and community management.

When it comes to security, DataPower Gateway has you covered
Complete
Using C++ for a single, signed, encrypted image, DataPower Gateway is trusted by defense departments and banks worldwide. Competitors use Java™-based gateways, which can leave you open to hacks.
Efficient
With DataPower Gateway, there’s a single gateway, so you get more powerful security in one simple package. Other solutions introduce complexity with multiple gateways, causing extra work and expense.
Reliable
DataPower Gateway can achieve up to 30,000 TPS* and we proudly publish its performance across both simple and robust policy use cases for transparency where competitors don’t. *on the appliance
Get to know a leading security platform
DataPower Gateway is a purpose-built gateway platform that centralizes common security, traffic, mediation and acceleration functions, and optimizes them in a security-hardened gateway stack. It comes with advanced drag-and-drop security policies to help protect against threats, authenticate users and applications, and ensure only the right parties access your data.
Specifically, the platform includes rate-limiting to help prevent overload of your systems of record, mediation policies to transform data — from JSON to XML, for example — and traffic management policies to intelligently route incoming traffic to the correct services. It can run natively in IBM CloudTM or anywhere OVA or Docker files can be installed, including third-party public clouds like Amazon Web Services, Microsoft Azure and Google Cloud Platform, and on-premises data centers and private clouds like IBM Cloud Private and standard Kubernetes.

API Connect offers multiple levels of security
Open Authentication (OAuth)
OAuth is a token-based authorization protocol that allows third-party websites or applications to access user data without requiring the user to share personal information. This can help enhance security for application users and developers as well as for you as the API provider.
Transport Layer Security (TLS)
API Connect employs enhanced TLS profiles, such as ciphers, for fine-grained control in securing transmission of data through websites, hindering hackers from tampering with information you submit.
Enterprise user registry authentication
API Connect supports a variety of user registry types for authenticating users and securing APIs, including LDAP directory, authentication URL, SCIM and local user registry.
Securing APIs in the credit card industry
Credit card companies deal with highly sensitive customer information that is useful to organizations in other industries. To manage who has access to APIs that contain personal details while managing compliance, the companies need a powerful API security solution. API Connect offers multi-layered security and can move information through a single gateway using some of the highest levels of encryption.

Testimonials
“ The DataPower Gateway devices handle all inbound traffic and act as a first line of defense for our enterprise. ”
- Jagadish Vemugunta
- Lead Technical Architect
- Availity
Secure your APIs with DataPower Gateway, integrated into API Connect
Go deeper into DataPower Gateway
Accelerate productivity with powerful products that work with API Connect.
Try these related products
Footnotes
¹ The Forrester Wave: Cybersecurity Incident Response Services, Q1 2019, by Josh Zelonis, 18 March 2019; https://www.ibm.com/downloads/cas/KE05GBKV (477 KB) ² The Telegraph, “Millions of Facebook user records exposed in data breach,” by Margi Murphy, 3 April 2019; https://www.telegraph.co.uk/technology/2019/04/03/millions-facebook-user-records-exposed-data-breach/ (link resides outside ibm.com) ³ Business Insider, “The 21 scariest data breaches of 2018,” by Paige Leskin, 30 December 2018; https://www.businessinsider.com/data-hacks-breaches-biggest-of-2018-2018-12#1-aadhar-11-billion-21 (link resides outside ibm.com)