Why you need powerful API protection

Deliver high-speed performance without sacrificing security

Security for IBM API Connect® is built on the powerful IBM DataPower® Gateway, which was developed on a foundation of performance. With more than 2,000 clients and 15 years of success in mission-critical environments, DataPower Gateway is one of the most resilient, feature-rich, performant and secure gateway platforms on the market.

While DataPower Gateway is the ultimate enforcer at runtime, API Connect’s built-in security includes the ability to set up access control for both API providers and consumers by using role-based permissions, API packaging constructs, and subscription and community management.

Get ten times increased performance with a natively built API security gateway

When it comes to security, DataPower Gateway has you covered


Using C++ for a single, signed, encrypted image, DataPower Gateway is trusted by defense departments and banks worldwide. Competitors use Java™-based gateways, which can leave you open to hacks.


With DataPower Gateway, there’s a single gateway, so you get more powerful security in one simple package. Other solutions introduce complexity with multiple gateways, causing extra work and expense.


DataPower Gateway can achieve up to 30,000 TPS* and we proudly publish its performance across both simple and robust policy use cases for transparency where competitors don’t. *on the appliance

Get to know a leading security platform

DataPower Gateway is a purpose-built gateway platform that centralizes common security, traffic, mediation and acceleration functions, and optimizes them in a security-hardened gateway stack. It comes with advanced drag-and-drop security policies to help protect against threats, authenticate users and applications, and ensure only the right parties access your data.

Specifically, the platform includes rate-limiting to help prevent overload of your systems of record, mediation policies to transform data — from JSON to XML, for example — and traffic management policies to intelligently route incoming traffic to the correct services. It can run natively in IBM CloudTM or anywhere OVA or Docker files can be installed, including third-party public clouds like Amazon Web Services, Microsoft Azure and Google Cloud Platform, and on-premises data centers and private clouds like IBM Cloud Private and standard Kubernetes.

How an API security gateway works as a secure gate between traditional systems of record and end users

API Connect offers multiple levels of security

Open Authentication (OAuth)

More about OAuth

OAuth is a token-based authorization protocol that allows third-party websites or applications to access user data without requiring the user to share personal information. This can help enhance security for application users and developers as well as for you as the API provider.

Transport Layer Security (TLS)

More about TLS

API Connect employs enhanced TLS profiles, such as ciphers, for fine-grained control in securing transmission of data through websites, hindering hackers from tampering with information you submit.

Enterprise user registry authentication

More about user registries

API Connect supports a variety of user registry types for authenticating users and securing APIs, including LDAP directory, authentication URL, SCIM and local user registry.

Securing APIs in the credit card industry

Credit card companies deal with highly sensitive customer information that is useful to organizations in other industries. To manage who has access to APIs that contain personal details while managing compliance, the companies need a powerful API security solution. API Connect offers multi-layered security and can move information through a single gateway using some of the highest levels of encryption.

Credit card companies can protect customers from data exposure with API gateway security


Secure your APIs with DataPower Gateway, integrated into API Connect

Get started with API Connect

Take control of your API ecosystem while propelling your API strategy forward. API Connect is a market-leading API management solution for automated API creation, simple asset discovery, self-service developer access and built-in security and governance.


¹ The Forrester Wave: Cybersecurity Incident Response Services, Q1 2019, by Josh Zelonis, 18 March 2019; https://www.ibm.com/downloads/cas/KE05GBKV (477 KB)

² The Telegraph, “Millions of Facebook user records exposed in data breach,” by Margi Murphy, 3 April 2019; https://www.telegraph.co.uk/technology/2019/04/03/millions-facebook-user-records-exposed-data-breach/ (link resides outside ibm.com)

³ Business Insider, “The 21 scariest data breaches of 2018,” by Paige Leskin, 30 December 2018; https://www.businessinsider.com/data-hacks-breaches-biggest-of-2018-2018-12#1-aadhar-11-billion-21 (link resides outside ibm.com)