Solutions
Solutions
Digital Workspaces

DaaS and VDI

Secure Access

Zero Trust Network Access (ZTNA)

Application Delivery

Analytics

Content Collaboration

Collaborative Work Management

SD-WAN

BY USE CASE

Modernize IT

Deploy DaaS

Simplify hybrid cloud

Accelerate employee onboarding

Secure Distributed Work

Modernize your IT security

Get a VPN alternative

Protect apps and APIs

Boost Productivity

Enable remote work

Collaborate securely

Enhance user experience

See all use cases

BY INDUSTRY

Healthcare

Education

Government

Financial Services

Manufacturing

Retail

BY BUSINESS SIZE

Small business and departments
Products

Products

Build your own digital workspace

DAAS AND VDI

Citrix DaaS
Citrix Virtual Apps and Desktops
Citrix Analytics for Performance

CONTENT COLLABORATION AND WORK MANAGEMENT

Citrix ShareFile
Citrix Podio
Citrix RightSignature

APP DELIVERY AND SECURITY

Citrix App Delivery and Security Service
Citrix ADC
Citrix Analytics for Security
Citrix Secure Private Access
Citrix Web App and API Protection

View all products

See Citrix DaaS in action

Choose from a quick overview tour, deep-dive admin experience, or 1:1 demo.

Download Citrix Workspace app

Citrix Workspace app is the easy-to-install client software that provides seamless secure access to everything you need to get work done.
Resources
Resources
Blogs

Fieldwork

Trust Center

Events & Webinars

Tech Zone

Customer Stories

Citrix Discussions

View all resources

Rethink the way you work with Citrix DaaS for Google Cloud

Get the solution brief

How to avoid surprise costs with desktop as a service

Get the report
Customers
Customers
GET HELP

Support

Downloads

Community

CUSTOMER SUCCESS

Success Programs

Consulting Services

Premium Training

Onboarding & Adoption

Customer Stories

Success Center

Get expert guidance, resources, and step-by-step instructions to navigate your path to the cloud.

Fundamental Training

Learn about planning, deployment, and management of Citrix solutions, so you can maximize the value of your investment.
Company
Company
COMPANY

About Us

Corporate Citizenship

Diversity & Inclusion

Sustainability

News

PARTNERS

Strategic Alliances

Partner with Citrix

Partner Central

Citrix Ready Marketplace

Find a Local Partner

What you need to know about hybrid cloud strategy in 2022

The right cloud strategy can unlock billions in business value. Learn how to master hybrid cloud strategy and design a cloud infrastructure that best fits your business.

Read the article

What is an API gateway?

An API gateway is a single-entry point for all application programming interface (API) calls made by client devices to a particular set of backend services, such as containerized web applications within a Kubernetes cluster. The API gateway sits directly between desktop and mobile clients and the different services they are trying to connect to.

The API gateway functions as a reverse proxy that fetches and aggregates appropriate resources before delivering a response to each API request. At the same time, it can perform multiple actions including IP filtering, token-based API authentication, rate limiting, and integration of web application firewall (WAF) functionality—all to support secure and reliable access to APIs as well as to microservices.

Explore additional API security topics:

Benefits of using an API gateway
How an API gateway works
Citrix API gateway solutions

Benefits of using an API gateway

Applications and the broader internet economy are both API-driven. Because API calls constitute a large and growing share of network traffic, businesses need the right practices and API management tools in place to optimize performance and protection.

More specifically, as organizations pursue digital transformation initiatives and navigate the challenges of scaling and securing APIs along the way, they can benefit from an API gateway that helps them:

Consistently enforce authentication and WAF policies for API access
Use load balancing and content routing to optimally direct API requests
Know if APIs are being abused, for instance by excessive API calls
Rate limit and audit API traffic as needed to protect backend services
Collect detailed analytics on API requests and traffic
Determine if microservices architectures are working as designed
Reduce operational complexity by consolidating network functions
Improve app performance with fewer TCP and TLS decryption hops
Apply rewrite and responder policies to HTTP transactions
Broadly shield APIs from threats like injection attacks and data exposure

With an API gateway configuration, it’s possible to gain comprehensive API management and protection for fulfilling these core tasks and others as they emerge.

How an API gateway works

An API gateway performs a wide range of management and protective functions.

Authentication and authorization: Organizations can use an API gateway to authenticate all API calls—via such mechanisms as token validation and inspection of JSON Web Tokens—and authorize their requests. An API gateway configuration can also be customized to limit API access by application and user.

Rate limiting and traffic analysis: API gateways can throttle API requests to prevent backend services from being overwhelmed. Granular controls may be available for limiting request frequency and response size, setting rules-based responder policies, and sending alerts about anomalous API traffic.

WAF policy configuration and enforcement: To protect API instances and endpoints against injection attacks, an API gateway makes it easy to maintain WAF policy configurations, automatically update applicable security signatures, and check for buffer overflows.

Content routing and optimization: With an API gateway, you can guarantee API calls are routed to the best available destinations through a combination of load balancing and content switching capabilities. Parameters for routing include URL path, HTTP method, and policy expression.

Rewrite and responder policy management: Protocol-aware policy expressions can be used for transforming HTTP transactions as they pass through an API gateway. Through rewrite and responder policies, client requests can be reliably directed to the optimal destinations.

Single-Pass security insights and enforcement: Modern API gateways consolidate multiple API security functions into one appliance that handles WAF, load balancing, content routing, and more in a single pass. This simplification of the API security architecture within the API gateway architecture improves application performance as well.

WHITE PAPER

Adopting web app and API protection with Citrix

Learn how to ensure comprehensive protection for your applications and APIs.

Get the white paper

Citrix API gateway solutions

Organizations can easily deploy a customizable API gateway through Citrix ADC to manage and protect backend services within environments such as Kubernetes clusters. The Citrix API gateway functionality is integrated into Citrix ADC, which serves as the ingress gateway for all north-south traffic into the cluster.

Working in tandem with the Citrix Application Delivery Management, Citrix ADC simplifies the creation, publication, maintenance, and security of APIs. Advanced traffic management and security features, coupled with centralized controls and API definitions, defend APIs from the biggest threats while ensuring legitimate clients can still reliably access them.