AWS offers the Amazon API Gateway supports the creation and publication of an API for web applications, as well as its monitoring and maintenance. The Amazon API Gateway is able to support thousands of API calls concurrently and provides traffic management, as well as monitoring and access control.
$0.90
Per Million
Azure API Management
Score 8.6 out of 10
N/A
Microsoft's Azure API Management supports creation of API.
$0.04
per 10,000 calls
PortSwigger Burp Suite
Score 9.4 out of 10
N/A
The Burp Suite, from UK-based alcohol-themed software company PortSwigger Web Security, is an application security and testing solution.
N/A
Pricing
Amazon API Gateway
Azure API Management
PortSwigger Burp Suite
Editions & Modules
Past 300 Million
$0.90
Per Million
First 300 Million
$1.00
Per Million
Consumption
0.042 per 10,000 calls
Lightweight and serverless version of API Management service, billed per execution
Developer
$48.04
per month Non-production use cases and evaluations
Basic
$147.17
per month Entry-level production use cases
Standard
$686.72
per month Medium-volume production use cases
Premium
$2,795.17
per month High-volume or enterprise production use cases
Isolated
TBA
per month Enterprise production use cases requiring high degree of isolation
No answers on this topic
Offerings
Pricing Offerings
Amazon API Gateway
Azure API Management
PortSwigger Burp Suite
Free Trial
No
No
No
Free/Freemium Version
No
No
No
Premium Consulting/Integration Services
No
No
No
Entry-level Setup Fee
No setup fee
No setup fee
No setup fee
Additional Details
—
—
—
More Pricing Information
Community Pulse
Amazon API Gateway
Azure API Management
PortSwigger Burp Suite
Considered Multiple Products
Amazon API Gateway
Verified User
Technician
Chose Amazon API Gateway
When we tested Azure API Management at the time, it had serious connectivity issues, it was very unstable, and it needed to do a lot using the command line. Comparing with the AWS solution, which was more mature, and the fact that we have services in use on AWS, we ended up …
Compared to other solutions, Azure is much easier to use and setup, but probably for hybrid solution Talend API in the cloud is the best solution and Talend API can take advantage of Amazon API Gateway, thus all this hard work is done by other software solution. Additionally, …
As AWS API comes with more security and API key authentication functions, it's easy for the organization to handle the various customers based with different level of permission. And also very easy comparable to others for tracking the API calls. Also, scalability and …
It’s a great tool, and so easy to seamlessly connect into your current Azure world that it’s hard not to look at it or even test the waters with it. It’s priced well, and is feature-rich enough to accomplish most tasks. I think the ease of having everything together and the …
Experienced a lack of available programming languages while working on a minor project. I had to halt the project and wait for it to be added later. It took ages and had a hit on our productivity. It has a centralized management system which helps and an easy interface which helps to manage multiple tasks in case of large-scale operations and projects.
1) Securing your back-end APIs - If you have a legacy back-end web service that has a basic authentication scheme, you can add some additional security by placing APIM in front, and requiring subscription keys. Leverage your existing firewall to ensure only your APIM instance can communicate with your back-end API, and you've basically added a layer of protection.
2) Lift and shift - there are always going to be clients that don't want to update their clients to use a newer API; in some cases you can make a newer API look like an older one by implementing some complex policies in APIM. You can also do the opposite, making older APIs look new, such as making an XML back-end accept both JSON and XML.
3) Centralizing your APIs - if you've acquired another company and want to make their API set look as if it's a part of the larger whole, APIM is an easy way to provide a consistent front-end interface for developers.
Burp Suite is a good general tool to test websites as long as your website is not too large or you have the time for it to complete. We have some websites that only about five to ten minutes for Burp Suite to complete an attack and a spider only takes about two minutes. Other websites have taken a few hours to complete. I have seen a tester actually run Burp Suite against one of our websites and it took all day to complete.
API Gateway integrates well with AWS Lambda. This allows us to build a web server in the language and framework of our choice, deploy it as a Lambda function, and expose it through API Gateway.
API Gateway manages API keys. Building rate limiting and request quota features are not trivial (or interesting).
API Gateway's pricing can be very attractive for services that are accessed infrequently.
Lack of robustness is a bit of an issue. Several other providers offer more options and capabilities, but then, they are lacking in interface ease.
As with anything Azure, pricing is really hard to stay on top of. I always find that you really don’t know what you’re paying for until you get the bill. Having an excellent Azure Administrator can help resolve that.
Integrating with app services outside of Azure can be a challenge, or at least much more challenging than just using Azure App Services.
The interface is a big problem: No matter how many features a software provides you, if the features are not well presented, you will miss most of them when they are actually required. The presentation of the software should be improvised and made more presentable.
Tutorial videos for beginners: This software lacks a lot in tutorials. A beginner almost wastes most of the time in finding and understanding the features and the implementation of the same. The software vendor should work on providing more in-depth videos so that people can learn and understand the concepts.
It is a great product very reliable and stable for connecting various aws services like we connected with lambda function and it is working very well, never faced any issue after the setup. It also saves out lots of money as well as time after we implemented the automatic ec2 server recovery system
The workflow between features like Proxy, Scanner, Intruder, and Repeater feels seamless, making it easy to intercept, manipulate, and analyze web traffic. Despite its advanced capabilities, the tool remains accessible and flexible, which significantly speeds up testing without overwhelming the user.
We always had a great experience with the AWS support team. They were always on time and very dependable. It was a good partnership while we worked to resolve our issues.
BurpSuite does not have an amazing customer support. All the major help that you will find is from public forums and Google. Although you will find all the required information on Google, still at time professional support helps you solve the problem in much less time and make your operations go smoothly.
When we tested Azure API Management at the time, it had serious connectivity issues, it was very unstable, and it needed to do a lot using the command line. Comparing with the AWS solution, which was more mature, and the fact that we have services in use on AWS, we ended up choosing to continue using AWS products. This so as not to run the risk of increasing latency in accesses, and of some functionality not working, due to being developed yet.
Each tool is specific and are good for what they do. While Burp Suite can perform some level of the same functions, somehow security consultants prefer these tools as additional to the Burp Suite. Maybe due to open source and easy setup when compared to Burp Suite. But Burp Suite allows for one tool for many templates for each project.
