Apigee Edge vs. Salt Security API Protection Platform

Few scenarios 1. For viewing API analytics, I think it is best in the market 2. For earning money via API monetization 3. Securing API 4. Onboarding legacy APIs to provide modern REST endpoints

Incentivized

Salt is highly recommended for anyone who wants to discover, monitor and protect their APIs against various types of attacks. Salt should not be used as a SIEM.

• Better exception handling with the Raise exception policies help to monitor the flow by setting up the flow conditions.
• Easy development of a Proxy and APIs with much less tutoring and helps make getting started for new users easy.
• Very good documentation and blog with details of most common failures and error handling.
• A very very easy to use console.

Incentivized

• PII identification in API traffic.
• Divergence between API traffic and documentation (swagger files).
• Potential attacks with information to take counter measures.

• Only one user can be active in a proxy at a time
• No version control
• Prohibited from using JSON.stringify on Apigee objects (tokens)
• Debugging is difficult
• Unable to rename or delete policies without bumping revision
• Why would anyone give a js policy one name, display name something else, and script a different name?
• 'Trace' limited to only 20 transactions
• UI allows users to add target servers, but users must utilize the api to turn on SSL.
• I'm sure there's more, they just aren't coming to mind right now.
• Apigee forgets (expires?) your password at random intervals without notice. Every few weeks, or days, sometimes even three times in one day, I'll attempt to login to Apigee and my password will be 'wrong'. I've reset my password and Apigee still claims it's wrong. I've had to reset my password three times before it finally let me log back in.

Incentivized

• The platform could have more options for exporting detailed data from attackers' dashboards.
• The Attackers dashboard could also have more options of filters in order to support the investigations of the attack.
• The OAS analysis could present a more detailed view of the found issues.

I am not the one deciding whether to use apigee or not really. But personally, I would recommend the use of it as developing APIs on it is easy. And as a mediator between backend servers, we could easily modify request and responses in it without touching any backend code while having a centralize gateway to access our backend APIs too.

Incentivized

Support has helped us to resolved all the queries and community support was also good.

Incentivized

Quite hard to get support, at least on the coding side, when we encounter blockers. But general concerns, they would schedule a call to you for them to get a whole picture of your concern. Albeit in my experience, bad really as they haven't replied about the progress, but otherwise seems to have been fixed.

Incentivized

Apigee is the best in the market in terms of API Analytics Apigee is having wonderful Documentation with short videos Security is a major concern and Apigee provides an easily configurable policy to secure API Quota and rate-limit is again very easy to configure on every API basis It provides various policies to transform the response from one form to another form e.g. JSON to XML or XML to JSON

Incentivized

We tried controls offered by the IaaS providers but these were hard to manage and did not provide the visibility we wanted. We also protected APIs with a normal WAF but this was only helpful for assets we knew about and API attacks were not caught by the WAF.

• As a public entity it is hard to say how much ROI we can have. We have yet to create a billing and ROI plan. We are thinking of other ways to create ROI, possibly through data/service barter.

Incentivized

• Salt Security API Protection Platform has provided detailed information that is helping us to identify and investigate attacks in our environment