oGaTe includes the following security features:

  • Identity mediation

Through its support for a wide range of security standards, oGaTe enables identity mediation between different identity schemes. For example, oGaTe can authenticate external clients by user name and password, but then issue SAML tokens that are used for identity propagation to application servers.

  • API management

oGaTe enables you to secure Web APIs against attack and abuse. It also enables you to govern and meter access to and usage of Web APIs. oGaTe provides support for API management security standards such as OAuth. This enables you to share private resources with third-party websites without needing to provide credentials.

  • Application-level networking

oGaTe routes data based on sender identity, content, and type. This enables messages to be sent to the appropriate application in a secure manner. It also enables service virtualization, where services are exposed to clients with virtual addresses to mask their actual addresses for security and application delivery. In this way, the oGaTe acts as an important control point for network traffic by shielding endpoint services from direct access.

  • Audit trail

oGaTe satisfies audit requirements by enabling service transactions to be archived in a tamper-proof store for subsequent audit. Also facilitates privacy compliance support by allowing sensitive information, such as customer names, to be encrypted or stripped out of message traffic.

  • Detailed Monitoring and Analytics

oGaTe records detailed analytics about how your APIs are being used, view hourly data that can be easily segmented, track upstream latency and chart it for each API you are managing.

  • API Developer Portal

Publish your managed APIs to your customizable, mobile-enabled API portal and let developers manage their own keys, sign up and enroll to your APIs, with a flexible workflow and developer analytics.

  • API Documentation

Publish your API Documentation to your portal using Swagger or API Blueprint, let users interact with your API using Swagger UI’s sandbox right from your portal.

Quotas and Rate Limiting

Set rate limiting, request throttling, and auto-renewing request quotas, on a per-api basis, or globally, to manage how your users access your API via the Open Source oGaTe.


oGaTe supports access tokens, HMAC request signing, JSON Web tokens, Mutual TLS, OpenID Connect, basic auth, LDAP, Social OAuth and legacy Basic Authentication providers.