This article will discuss the topic of third-party products, responsibilities as well as where the support lines are drawn when a third-party product or tool is used on an API Management product such as the API Gateway or API Developer Portal.
It may be desired to install a third-party application for additional functionality on the API Gateway appliance or other servers running API Management products.
Examples of such third-party applications/programs/software include (but are not limited to):
This article applies to all API Management products, regardless of form factor.
Yes, third-party applications may be installed on an API Management product. This does not void the warranty or support agreement.
An official statement on third-party (3rd party) applications is below, along with a list of highlights first. The statements should be well understood and clarification should be requested from Broadcom if needed.
When possible, we recommend that you utilize the API Gateway's built-in functionality before installing external applications. When the API Gateway's built-in functionality does not meet your requirements, we permit our customers to install additional applications without terminating or negatively impacting the support agreement between your organization and ours.
As with any change to the API Gateway, we strongly recommend that thorough testing in non-critical environments is carried out before escalating the deployment to more business-critical production systems. Please keep in mind that we may request that this software / application be removed from the system during subsequent support requests where we feel the third-party application may be interfering with the proper operation of the API Gateway.
Lastly, we do not include updates for external applications, tools, or their dependencies in API Gateway patches or platform updates. Upgrading an appliance may cause previously working configurations of your third-party tool to break, and such action would not be supported by Broadcom. Since we do not provide updates for these external applications, we also do not test them. As such, external applications may create security vulnerabilities in our product that would not be present on a certified API Gateway appliance.