This article will discuss the topic of third-party products, responsibilities as well as where the support lines are drawn when a third-party product or tool is used on an API Management product such as the API Gateway or API Developer Portal.

It may be desired to install a third-party application for additional functionality on the API Gateway appliance or other servers running API Management products.

Examples of such third-party applications/programs/software include (but are not limited to):

• Monitoring / SNMP agents
  • Nagios
  • Dynatrace
  • SCOM
• Syslog agents
  • Splunk
  • Elk / Logstash
• Development or Automation tools
  • Git
  • Ansible
  • Jenkins
• Security tools
  • Any antivirus or malware detection programs
  • Cylance Protect
  • PowerBroker
  • BeyondTrust
• Mail servers
  
  • Postfix
  • Exim
  • Dovecot
  • SSD (authentication)

Yes, third-party applications may be installed on an API Management product. This does not void the warranty or support agreement.

An official statement on third-party (3rd party) applications is below, along with a list of highlights first. The statements should be well understood and clarification should be requested from Broadcom if needed.

• Broadcom may request the additional components be removed if it is believed it may be interfering with the normal operations or troubleshooting of the API Management product.
• Thorough testing should be conducted in non-critical environments (i.e. development or testing) before being promoted to production.
• Broadcom is not responsible for the installation of third-party applications, nor for troubleshooting issues related to it, nor for the third-party application itself. Installation of any third-party application is considered to be "at your own risk".
• Third-party applications may bring additional attack/vulnerability vectors to the product, making it less secure than if it was kept in an "out-of-the-box" state. Broadcom does not issue updates to third-party applications outside of the dependencies of the API Management product.

If there is a need to open a support case on the matter, Broadcom requests that the support case be filed as a P4 severity level and that all details are provided such as the specific version and product from Broadcom as well as the specific version and product of the third-party tool.

Official statement on third-party applications from the Broadcom API Management team

When possible, we recommend that you utilize the API Gateway's built-in functionality before installing external applications. When the API Gateway's built-in functionality does not meet your requirements, we permit our customers to install additional applications without terminating or negatively impacting the support agreement between your organization and ours.

As with any change to the API Gateway, we strongly recommend that thorough testing in non-critical environments is carried out before escalating the deployment to more business-critical production systems. Please keep in mind that we may request that this software / application be removed from the system during subsequent support requests where we feel the third-party application may be interfering with the proper operation of the API Gateway.

Lastly, we do not include updates for external applications, tools, or their dependencies in API Gateway patches or platform updates. Upgrading an appliance may cause previously working configurations of your third-party tool to break, and such action would not be supported by Broadcom. Since we do not provide updates for these external applications, we also do not test them. As such, external applications may create security vulnerabilities in our product that would not be present on a certified API Gateway appliance.

• Broadcom does not officially endorse any third-party products. Examples provided in this article are for context and searchability only.