Forum Sentry API Security Gateway

API Security and Identity Policy Enforcement Built on a Cyber-secure Product Architecture

API Security Gateway technology is changing the landscape of computing architecture to promote secure, agile, API-based designs. Combining PKI, Data Security, and Identity Access Control in a certified-secure product that can not be compromised. APIs and Identity Policy Enforcement Points are among the most vulnerable points of modern architectures. Lightweight API Gateways built on insecure platforms as well as software-based identity enforcement points (PEPs) will never be able to combat threats and hacks. You need cyber-secure technology to thwart threat, and API Security Gateway technology is purpose-built with a secure OS, and threat mitigation technology that prevents in the gateway itself from being the target of compromise. These same cyber-security principles apply whether the scenario is on-premise, cloud-based, or a hybrid approach of both. With API Security Gateways, you are in control of your security, your keys, and your data.




An API Security Gateway is based upon a security first principle, enabling all applications and services to be securely exposed.  The Forum Sentry API Security Gateway enables code-free, point-and-click building of APIs to integrate legacy and modern systems, connect cloud and mobile technologies, and extend business applications and services securely beyond the enterprise border.

With over 15 years of industry-leading innovation under the hood, Forum Sentry is an essential part of modern architecture design and cyber-security protection of assets and information that enable enterprises to build and manage complex APIs centrally and in a highly secure manner.  The Forum Sentry API Security Gateway converges 3 key functions of technology – identity, security, and integration with key capabilities such as:

  • Secure PEP, SSO, and Federation 
    • Cyber-secure Identity Policy Enforcement Point (PEP) with built-in SSO and Federation
    • Combine identity with payload attributes for multi-context and multi-factor authentication
    • Built-in support for all modern IdM systems, PKI, and identity formats
  • API Security 
    • Build logical APIs with protocol-break, deep-content inspection, and bi-directional information assurance
    • Modern information security combining content-aware cyber-security intrusion, data leakage protection, antivirus, access control, and PKI cryptography
    • SLA enforcement with real-time monitoring and alerting
  • Cloud Integration 
    • Point-and-click policies for REST APIs, SOAP APIs, and REST/SOAP Conversion
    • Supports B2B, Cloud, Mobile, and IoT Technology formats
    • Translates protocols and messages for legacy system modernization

Recognized by KuppingerCole as the Only API Management Vendor “with a Primary Focus on Security” and an overall leader in both product and leadership categories in their Leadership Compass: API Security Management. Forum Sentry has been adopted by enterprises worldwide in processing over 10 billion transactions per day in the most complex real-time environments that exist.

KuppingerCole Report

Executive View: Forum Sentry API Gateway

The Forum Advantage

  • Unmatched Security Pedigree
    • The only gateway to achieve FIPS 140-2 Level II and NIAP Network Device Protection Profile (NDPP) certification in the industry.
  • Low Total Cost of Ownership
    • Forum Sentry is implemented in days/weeks via simple point-and-click rule creation that enables secure access to data and services with centralized enforcement of cutting-edge cyber security protection.
  • Modern and Secure Architecture Design
    • Purpose-built to optimize and simplify your architecture with no-code product features that rapidly enable secure integration among legacy and modern system components both on-premise and in the cloud.  Minimal impact on clients and back-end services allow for modernization without the burden of hand-coding integration.
  • Proven Success 
    • Forum Sentry maintains a 100% deployment success rate for 15 years with U.S. federal agencies, foreign governments and global enterprises, with secure integration across channels, applications and infrastructure.
  • World Class Product Support
    • Ranging from an Amazon-hosted cloud training academy to in-house experts providing best practices, recommendations, and deployment assistance, Forum Systems stands by it’s technology like no other.



  • Data moving between your company and the your partners, customers and cloud providers must be protected with military-grade security. As your enterprise increases its integration, the attack surface area increases along with the risk of corporate data leaks. Using Forum Sentry, your corporation can protect against emerging threats, deploy world-class data privacy, enforce data integrity, and ensure that every corporate transaction is accounted for.

    Threat Mitigation

    • XML Firewall
    • Web App Firewall
    • Rate-Based Rules
    • Size-Based Rules
    • Embedded AV Engine
    • Pattern Recognition
    • Intrusion Detection Prevention (IDP)
    • Data Leakage Prevention (DLP)

    Transaction Privacy

    • XML Encryption
    • WS-Security Encryption
    • Symmetric Encryption
    • SSLv3
    • TLS
    • RSA
    • DSA
    • ECC

    Transaction Integrity

    • XML Signatures
    • WS-Security Signatures
    • DSIG Verification
    • X.509 Authentication
    • XSD Schema Validation
    • XSD Tightening
    • JSON Validation
    • Timestamp Validation
    • HTML Form Validation


    • X509
    • PKCS #1,7,8,12
    • OpenPGP
    • SSH
    • Key Import
    • Key Generation
    • CSR, Self-Sign
    • HSM Security World
    • OID Extraction
    You have to know who you do business with and the extent of information that you are willing to provide to your partners and customers. As a successful company, the number of partners that transact with you continues to increase. Forum Sentry provides a flexible identity platform that lets your corporation rapidly utilize a variety of identity tokens. From social media and cloud-based OAuth tokens to hardened 2-Factor Authentication, Forum Sentry enables code free authentication, authorization, and access control capabilities for rapidly enabling secure data exchange.

    Message-Based Tokens

    • WS-Username
    • WS-Kerberos
    • WS-SAML
    • WS-X509
    • SAML
    • DSIG

    Protocol-Based Credentials

    • HTTP Basic
    • HTTP Digest
    • HTTP Form Post
    • HTTP Cookie
    • SSL X.509 Client Auth
    • REST URI
    • OAUTH

    Access Control

    • Central Authorization
    • XACML
    • Database
    • IdP and SP-Initiated schemes
    • Native Identity Adapters
    • Intelligent Caching
    • Patented Cryptographic Acceleration


    • Cookie Consumption
    • Cookie Generation
    • Cookie Tracking
    • IdP and SP-Initiated SSO Schemes
    • WS-Federation
    • SAML
    • STS
    • Credential Persistence
    Forum Sentry API Gateway is designed to securely integrate clients and services, both modern and legacy, with comprehensive standards built in for optimal interoperability. Leveraging over 14 years in the industry, the Forum Sentry API Gateway inspects and analyzes transaction attributes in the request and response to enable policy-based enforcement. These attributes include: HTTP methods, protocol headers, message data, X.509, IdM attributes, and other dynamic attributes. This enables contextual decisions to be based on HTTP methods such as POST and GET, as well as contextual methods such as URIs, message data content, and any other attribute source. The integration features also enable API-based message enrichment where workflows, data transformation, and APIs can be extended via scripting and service aggregation capabilities.


    • XML, SOAP
    • HTML, JSON
    • AS2, ebXML
    • SAML, WS-Federation
    • XML-Sec, WS-Sec
    • WSDL, XSD
    • WS-Trust, XACML
    • WS-Addressing
    • WS-Reliable Messaging
    • WS-Policy, UDDI
    • XPath
    • XSLT

    Data Mapping

    • SOAP-to-REST Conversion
    • Attribute Mapping
    • Protocol and Message Mapping
    • Identity Token Conversion
    • Data Aggregation
    • Node Encoding and Conversion
    • Transformation
    • Header, Body & Attribute Identification
    • X.509 Attribute Mapping
    • Database Mapping
    • IdM Mapping (LDAP, AD, etc.)
    • API & SOA Data Repository Integration
    • URI Mapping


    • SSL / TLS
    • IBM MQ
    • Tibco EMS
    • Oracle JMS
    • Sun JMS
    • Active MQ, Rabbit MQ
    • Solace JMS
    • AMQP
    • SMTP


    Forum Sentry provides you with granular, real-time and accurate view into your corporations transactions with your customers and partners. With extensive logging, reporting and SLA enforcement capabilities, Forum Sentry can control traffic pattern between your application, cloud providers and users. With extensive throttling and alerting capabilities, Forum Sentry ensures that you are in direct and immediate control of your API traffic.


    • API Traffic Reporting
    • Rates and Size Statistics
    • Latency and Throughput
    • Message Throttling and Shaping
    • Threshold Alerts
    • Enforcement time windows


    • SNMP v3
    • JMX
    • SOAP Logging
    • Database Logging
    • Customized logging

    Transaction Accountability

    • Archiving
    • Logging
    • Reporting
    • Monitoring
    • SNMP
    • JMX
    • Custom SOAP Alerts


    • MySQL
    • IBM DB2
    • Oracle Database
    • Microsoft SQL Server
    • HP-OpenView
    • CheckPoint ELA



    1-U Hardened Appliance

    • FIPS 140-2 Level II Chassis
    • FIPS 140-2 Level III HSM Cryptographic Acceleration
    • Dual Power Supply
    • Integrated Flash
    • Unlimited Cloud Capacity
    • 3 x Gigabit Ethernet (optional 10-Gigabit)

    Forum Sentry



    Virtual Appliance

    Fully encapsulated virtualized rendition of hardware system in a deployable OVA VMware system

    • Virtual OS
    • VMware
    • Cloud

    Virtual Appliance




    Enabled for automated deployment and provisioning

    • Windows
    • Linux
    • Solaris
    • VMware
    • Cloud