Skip to main content
Feedback

API Gateway

Overview

The Boomi API Gateway is a centralized control point designed to efficiently and securely route API traffic within your organization. It serves as the single entry point for all API consumers, providing essential features for security, traffic management, and observability. By decoupling API consumers from backend implementation details, the Gateway allows for streamlined access management, policy enforcement, and usage monitoring from a single platform. As a critical component of the Boomi API Management solution, the API Gateway facilitates the creation, deployment, and governance of both internal and external APIs, ensuring that organizations can effectively manage their evolving API ecosystems.

Key features

The Boomi API Gateway provides the tools necessary to ensure secure, efficient, and scalable API interactions:

  • Centralized API Management: Enables access and management of Boomi API Gateways through the Configure Server > Gateways page, simplifying the administration process across various environments.

  • Security and Authentication: Centralizes authentication (for example, API Keys, OAuth) and authorization policy enforcement to protect backend services and sensitive data.

  • Traffic Management & Control: Handles incoming requests efficiently, enabling features like rate limiting and throttling to optimize performance and maintain service stability.

  • API Policy Management: Serves as a centralized control layer that intercepts and processes API traffic before it reaches your backend services. It provides a comprehensive library of policies (20+) that allow you to enforce governance, security, and traffic control rules at the Network Edge. This ensures that backend processes are protected from unauthorized access, misuse, and malformed data without requiring code changes to the integration logic itself.

  • Lifecycle Management: Functions as the execution environment for the entire API lifecycle, from initial deployment to versioning and eventual retirement. It allows teams to seamlessly promote APIs across different environments (Dev, Test, Prod) and manage multiple versions simultaneously, ensuring consumers always have access to stable, up-to-date services without service disruption.

  • Centralized Dashboard: Provides a comprehensive and unified view of the health, performance, and usage of your entire API ecosystem. It aggregates real-time data from all deployed Gateways and environments, enabling operations teams to monitor traffic patterns, detect anomalies, and ensure reliability without the need to navigate through separate systems.

  • Developer Portal Integration: Complements the Boomi API Gateway by enabling developers to discover, register, and access APIs without requiring full access to the Boomi Platform.

  • Observability: Provides centralized analytics, logging, and monitoring for operational visibility into all API transactions, including support for integration with external monitoring tools (for example, New Relic).

  • High Availability: Supports clustered environments, ensuring continuous availability and load distribution across multiple nodes.

Boomi API Gateway architecture

important

API Management and API Gateways operate as single-tenant solutions. You can leverage them only within the account where you installed them and cannot share them across different accounts.

The Boomi API Gateway functions as a decoupling layer, or the "API front door," strategically positioned between external consumers (such as clients, mobile apps, partners) and your internal backend systems. This architecture allows you to manage interactions without exposing internal network structures, regardless of whether the backend service is a Boomi Process, a microservice, a legacy application, or a data source.

The Boomi API Gateway provides a single, unified entry point for all API traffic, managing both internal APIs exposed by the Boomi Runtime and external APIs exposed by other systems. It hosts the required authentication sources and acts as the deployment target for multiple API components. This design centralizes security and governance at the network edge.

For network placement, the decision depends entirely on the consumers: install the Gateway in the internal application zone if it primarily serves internal clients, or place it in the highly protected DMZ when it needs to serve external consumers. This strategic placement strengthens the overall security posture.

You can also manage environment flexibility and separation based on organizational needs. In most cases, you do not need to install a Gateway for each Boomi Runtime environment because multiple environments can share a single instance. However, if your organization enforces strict policy separation between pre-production and production zones for compliance, the best practice is to deploy two separate Gateways—one for all pre-production environments and another for all production environments.

Integration with API components

The Boomi API Gateway manages all inbound HTTP traffic for two core types of API components:

  • API Service Components: Define the actual endpoints for your APIs, supporting REST, SOAP, OData, or a combination of these types. Each endpoint typically runs a Boomi Process to handle requests and process data.

  • API Proxy Components: Connect external hosts (targets outside of Boomi) as recipients of HTTP traffic through the Boomi API Gateway.

On this Page