Announcing IBM API Connect as a Service on Amazon Web Services


Deliver high-speed performance without sacrificing security

IBM® API Connect® leverages the built-in security of IBM DataPower® Gateway to enable access control for both API providers and consumers with role-based permissions, API packaging constructs, and subscription and community management. This built-in security feature also provides centralized common security, traffic, mediation and acceleration functions, optimized in a security-hardened gateway stack.

Working in IBM API Connect

Design view

An intuitive, graphical interface helps manage API security

Design view

Use a graphical user interface, or the simple design view, to manage your API security.

Source view

Source-code interface

Source view

Handle your detailed security needs using source code through the source view.

Assemble view

Drag-and-drop tools in the assemble view

Assemble view

Manage security using drag-and-drop tools or IBM GatewayScript in the assemble view.

Authentication options

Authentication options panel

Authentication options

Choose your authentication — from basic with API keys to modern third-party OAuth.


IBM App Connect leverages the power of IBM DataPower Gateway to secure your APIs


Using C++ for a single, signed, encrypted image, DataPower Gateway is trusted worldwide. Java-based gateways can leave you vulnerable.


DataPower Gateway has a single gateway, so you get more powerful security in one package. Multiple gateways cause complexity, extra work and expense.


DataPower Gateway can achieve up to 30,000 TPS. We publish its performance across both simple and robust policy use cases for transparency.

Multiple levels of security

Open Authentication (OAuth)

Open Authentication (OAuth)

OAuth allows third-party websites or applications to access user data without requiring the user to share personal information.

Transport Layer Security (TLS)

Transport Layer Security (TLS)

TLS profiles, such as ciphers, offer fine-grained control in securing transmission of data, hindering hackers from tampering with information.

User registry authentication

User registry authentication

IBM API Connect supports several user registry types for authenticating users and securing APIs, including LDAP directory, authentication URL and more.

Industry use case

Securing APIs in the credit card industry

To manage access to APIs that contain personal details while managing compliance, credit card companies need a powerful API security solution. 
IBM API Connect offers multi-layered security and can move information through a single gateway using some of the highest levels of encryption.


Get started with IBM API Connect

Take control of your API ecosystem while propelling your API strategy forward.


¹ The Forrester Wave: Cybersecurity Incident Response Services, Q1 2019, by Josh Zelonis, 18 March 2019; (PDF, 492 KB)

² The Telegraph, “Millions of Facebook user records exposed in data breach,” by Margi Murphy, 3 April 2019; (Link resides outside IBM)

³ Business Insider, “The 21 scariest data breaches of 2018,” by Paige Leskin, 30 December 2018; (Link resides outside IBM)