AWS offers the Amazon API Gateway supports the creation and publication of an API for web applications, as well as its monitoring and maintenance. The Amazon API Gateway is able to support thousands of API calls concurrently and provides traffic management, as well as monitoring and access control.
$0.90
Per Million
Azure API Management
Score 8.7 out of 10
N/A
Microsoft's Azure API Management supports creation of API.
$0.04
per 10,000 calls
Imperva Web Application Firewall (WAF)
Score 7.5 out of 10
N/A
The Imperva Web Application Firewall (WAF) is based on technology acquired with Incapsula and the former WebSphere WAF.
N/A
Pricing
Amazon API Gateway
Azure API Management
Imperva Web Application Firewall (WAF)
Editions & Modules
Past 300 Million
$0.90
Per Million
First 300 Million
$1.00
Per Million
Consumption
0.042 per 10,000 calls
Lightweight and serverless version of API Management service, billed per execution
Developer
$48.04
per month Non-production use cases and evaluations
Basic
$147.17
per month Entry-level production use cases
Standard
$686.72
per month Medium-volume production use cases
Premium
$2,795.17
per month High-volume or enterprise production use cases
Isolated
TBA
per month Enterprise production use cases requiring high degree of isolation
No answers on this topic
Offerings
Pricing Offerings
Amazon API Gateway
Azure API Management
Imperva Web Application Firewall (WAF)
Free Trial
No
No
No
Free/Freemium Version
No
No
No
Premium Consulting/Integration Services
No
No
No
Entry-level Setup Fee
No setup fee
No setup fee
No setup fee
Additional Details
—
—
—
More Pricing Information
Community Pulse
Amazon API Gateway
Azure API Management
Imperva Web Application Firewall (WAF)
Considered Multiple Products
Amazon API Gateway
Verified User
Technician
Chose Amazon API Gateway
When we tested Azure API Management at the time, it had serious connectivity issues, it was very unstable, and it needed to do a lot using the command line. Comparing with the AWS solution, which was more mature, and the fact that we have services in use on AWS, we ended up …
Compared to other solutions, Azure is much easier to use and setup, but probably for hybrid solution Talend API in the cloud is the best solution and Talend API can take advantage of Amazon API Gateway, thus all this hard work is done by other software solution. Additionally, …
As AWS API comes with more security and API key authentication functions, it's easy for the organization to handle the various customers based with different level of permission. And also very easy comparable to others for tracking the API calls. Also, scalability and …
It’s a great tool, and so easy to seamlessly connect into your current Azure world that it’s hard not to look at it or even test the waters with it. It’s priced well, and is feature-rich enough to accomplish most tasks. I think the ease of having everything together and the …
Experienced a lack of available programming languages while working on a minor project. I had to halt the project and wait for it to be added later. It took ages and had a hit on our productivity. It has a centralized management system which helps and an easy interface which helps to manage multiple tasks in case of large-scale operations and projects.
1) Securing your back-end APIs - If you have a legacy back-end web service that has a basic authentication scheme, you can add some additional security by placing APIM in front, and requiring subscription keys. Leverage your existing firewall to ensure only your APIM instance can communicate with your back-end API, and you've basically added a layer of protection.
2) Lift and shift - there are always going to be clients that don't want to update their clients to use a newer API; in some cases you can make a newer API look like an older one by implementing some complex policies in APIM. You can also do the opposite, making older APIs look new, such as making an XML back-end accept both JSON and XML.
3) Centralizing your APIs - if you've acquired another company and want to make their API set look as if it's a part of the larger whole, APIM is an easy way to provide a consistent front-end interface for developers.
Imperva web application firewall does a great job in giving us control over access to our public web servers. With our regular hosting provider, we couldn't block access based on geography, or really anything. So we had to rely on traditional access controls to protect the data. But with the WAF, we can block countries such as North Korea, or we could stop any SQL Injection attempts, or even do a temporary block of IP in the case of detected brute-forcing.
API Gateway integrates well with AWS Lambda. This allows us to build a web server in the language and framework of our choice, deploy it as a Lambda function, and expose it through API Gateway.
API Gateway manages API keys. Building rate limiting and request quota features are not trivial (or interesting).
API Gateway's pricing can be very attractive for services that are accessed infrequently.
Alert Aggregation - Correlates different violations into perceived correlated attacks.
Ease of deployment - as one of the only WAFs that allow bridge mode deployment, this can be deployed with without downtime and no Network Architecture modifications. If the need for proxy is required at a later time, Transparent Reverse Proxy can be deployed within seconds and minimal configuration.
Custom Policies - Custom security policies are easy to configure.
Reporting - There are a good amount of pre-configured reports available by default.
Lack of robustness is a bit of an issue. Several other providers offer more options and capabilities, but then, they are lacking in interface ease.
As with anything Azure, pricing is really hard to stay on top of. I always find that you really don’t know what you’re paying for until you get the bill. Having an excellent Azure Administrator can help resolve that.
Integrating with app services outside of Azure can be a challenge, or at least much more challenging than just using Azure App Services.
It is a great product very reliable and stable for connecting various aws services like we connected with lambda function and it is working very well, never faced any issue after the setup. It also saves out lots of money as well as time after we implemented the automatic ec2 server recovery system
There are just a couple of points that are hard to find, that probably could be elsewhere. But these are minor; everything else is right where you'd expect it to be.
We always had a great experience with the AWS support team. They were always on time and very dependable. It was a good partnership while we worked to resolve our issues.
We haven't needed support from Imperva since implementation. But during that time, their personnel were very quick to respond to questions. Since then, it's been largely doing its thing for us (which is exactly what we'd hoped).
When we tested Azure API Management at the time, it had serious connectivity issues, it was very unstable, and it needed to do a lot using the command line. Comparing with the AWS solution, which was more mature, and the fact that we have services in use on AWS, we ended up choosing to continue using AWS products. This so as not to run the risk of increasing latency in accesses, and of some functionality not working, due to being developed yet.
Ultimately, it was the easiest to work with that was still a "known" company (we've been burned too many times by up-and-comers). We needed something that gave us a lot of control but then didn't need its handheld on a daily basis. Imperva gives us a lot of that and we are still able to navigate it with ease.
Better Insight into web application - Absolutely great, checks all the traffic against RFC standards and will alert on common development mistakes that duplicate application traffic or provide attack vectors for potential attackers.
Have had several issues blocking a customer without producing alerts, while it happened only one week out of 2 years of working with the devices, it did produce a lot of headaches.
