OAG 11g

Virtualize and protect Web Services in Oracle API Gateway 11g

Oracle API Gateway is a comprehensive platform for managing, delivering, and securing Web APIs. It provides Integration, Acceleration, Governance and Security for API and SOA-based systems. Some of the features for each functionality are:


Identity Management

Third-party Identity Management infrastructures integration to perform authentication and authorization of message traffic.


Design to offer a highly flexible and scalable solution architecture. Administrators can deploy new API Gateway instances as needed, and deploy the same or different policies across a group of API Gateway instances as required.


REST support enables you to make enterprise application data and operations available using Web APIs. Converting legacy SOAP services, and deploy them as a REST API to be consumed by mobile apps is a great example.


Processing Offload

Offload the heavy lifting of XML from application servers and on to the network with high-performance core XML Acceleration engine (VXA), coupled with hardware acceleration.

Data Enrichment

Automatically populate content in XML and JSON documents from sources such as databases before they reach the consuming services.


Centralized Management

Web-based system management dashboard called API Gateway Manager provides centralized control of API Gateways and services in your domain.

Traffic Throttling

Protect services from unanticipated traffic spikes by smoothing out traffic. It also limits clients to agreed service consumption levels in accordance with service usage agreements.


API Management

Secure Web APIs against attack and abuse and enables to govern and meter access to and usage of Web APIs

Audit Trail

Satisfy audit requirements by enabling service transactions to be archived in a tamper-proof store for subsequent audit.

Basic Architecture

We faced a requirement on a project where we had to expose our current OSB Web Services publicly through the API Gateway, which was in the DMZ.

I made a detailed video on how to achieve this virtualization on the API Gateway, as well as the implementation of a policy to protect them. All of this with Policy Studio, a policy development and configuration tool for remote administration.

Here it is:

For more information on the Oracle API Gateway, please refer to the Oracle Documentation.