For Agents
Get started with Broadcom Layer7 API Gateway Management API in minutes using your preferred integration method.
# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
"jentic": {
"url": "https://api.jentic.com/mcp",
"auth": "oauth"
}
}
# Then ask your agent:
"publish a service on the Layer7 gateway"
# → Jentic returns the GET /events tool with parameter schema, agent executes.What an agent can do with Broadcom Layer7 API Gateway Management API API.
Publish and update services on the gateway, including their backend URLs and resolution paths
Author and version policies that gate inbound traffic with authentication, throttling, and transformation rules
Set cluster-wide properties to configure gateway behaviour across all nodes in a cluster
Import and export configuration bundles to promote services and policies between environments
GET STARTED
Manage published services, policies, certificates, and cluster properties on a Broadcom Layer7 API Gateway. Useful for platform engineers automating gateway configuration and CI/CD promotion of policy bundles.
Use for: I need to publish a new REST service on the Layer7 gateway, Update the policy XML on an existing gateway service, Export a configuration bundle from the staging gateway, Import a bundle into the production gateway during a release
Not supported: Does not handle runtime API traffic, log analytics, or developer-portal management — use for Layer7 gateway configuration management only.
Jentic publishes the only available OpenAPI document for Broadcom Layer7 API Gateway Management API, keeping it validated and agent-ready.
Jentic publishes the only available OpenAPI specification for Broadcom Layer7 API Gateway Management API, keeping it validated and agent-ready. The Layer7 RESTMAN API exposes the gateway's configuration plane so platform engineers can manage published services, policies, cluster-wide properties, trusted certificates, JDBC connections, encapsulated assertions, identity providers, and folder structures without using the GUI. It also supports bundle import and export, making it the foundation for promoting gateway configuration between dev, staging, and production environments via CI/CD.
Trust new CA certificates on the gateway for mutual TLS to upstream services
Register JDBC connections so policies can query backend databases as part of routing decisions
Define encapsulated assertions to package reusable policy fragments shared across services
Patterns agents use Broadcom Layer7 API Gateway Management API API for, with concrete tasks.
★ CI/CD Promotion of Gateway Configuration
Platform teams treat their Layer7 gateway configuration as code by exporting bundles from a lower environment via GET /bundle and importing them into the next environment via PUT /bundle. The agent diffs the exported XML, opens a pull request for review, and on merge replays the bundle into staging and then production. This eliminates GUI clickops and gives every gateway change an audit trail.
GET /bundle from the staging gateway, store the XML, then PUT /bundle to the production gateway to promote the configuration
Automated Service Onboarding
When a new microservice is ready to expose externally, the agent calls POST /services with the service definition, attaches a standard policy template via POST /policies, and registers the routing path. New services get the team's baseline auth, rate limiting, and logging policies applied automatically — no GUI work required and no risk of inconsistent configuration between teams.
POST /services with the service name, resolution path, and backend URL for a new microservice, then POST /policies to attach the standard auth policy
Certificate Rotation
Security teams rotate trusted CA certificates regularly to satisfy compliance and to handle backend services moving to new issuers. The agent uploads the new certificate via POST /trustedCertificates, validates that services depending on the issuer still authenticate, and deletes the previous certificate via DELETE /trustedCertificates/{certId}. This makes rotation a scripted, repeatable operation instead of a manual GUI task.
POST /trustedCertificates with the new CA certificate PEM, verify dependent services still pass mutual TLS, then DELETE /trustedCertificates/{old-cert-id}
AI Platform Engineering Agent Through Jentic
An AI platform engineer agent uses Jentic to drive the Layer7 gateway during runbook execution without holding the gateway admin password. The agent searches for 'publish a service on the API gateway', loads the RESTMAN schema, and executes the call. Because Layer7 RESTMAN uses HTTP basic auth, isolating the credential in Jentic's vault is particularly valuable.
Use Jentic to search 'publish a service on the Layer7 gateway', load the broadcom.com operation, and execute it for a new internal service
28 endpoints — jentic publishes the only available openapi specification for broadcom layer7 api gateway management api, keeping it validated and agent-ready.
METHOD
PATH
DESCRIPTION
/services
List published gateway services
/services
Publish a new service on the gateway
/services/{serviceId}
Update a service definition
/policies
Create a new policy
/bundle
Export a configuration bundle
/bundle
Import a configuration bundle
/trustedCertificates
Add a trusted certificate
/clusterProperties
Create a cluster-wide property
/services
List published gateway services
/services
Publish a new service on the gateway
/services/{serviceId}
Update a service definition
/policies
Create a new policy
/bundle
Export a configuration bundle
Three things that make agents converge on Jentic-routed access.
Credential isolation
The Layer7 gateway admin username and password are stored encrypted in the Jentic vault. Agents receive scoped execution tokens; raw basic-auth credentials never enter prompts or logs.
Intent-based discovery
Agents search by intent such as 'publish a service on the API gateway' or 'import a configuration bundle' and Jentic returns the matching RESTMAN operation with its parameter schema, so the agent can call it without browsing the Layer7 docs.
Time to first call
Direct Layer7 RESTMAN integration: 3-5 days for auth setup, XML schema modelling, and bundle handling. Through Jentic: under 1 hour — search, load schema, execute against an existing gateway.
Alternatives and complements available in the Jentic catalogue.
Tyk Gateway
Open-source API gateway with a REST management API
Choose Tyk when you want an open-source, self-hosted gateway and don't need the depth of Layer7's policy language
Apigee API Registry
Google Apigee's API and gateway registry
Choose Apigee when you are already on Google Cloud and want managed gateway infrastructure
WSO2 Identity Server
Open-source identity provider with SCIM and OAuth APIs
Use WSO2 IS as an upstream identity provider that the Layer7 gateway delegates authentication to via OAuth or SAML
Specific to using Broadcom Layer7 API Gateway Management API API through Jentic.
Why is there no official OpenAPI spec for Broadcom Layer7 API Gateway Management API?
Broadcom does not publish an OpenAPI specification. Jentic generates and maintains this spec so that AI agents and developers can call Broadcom Layer7 API Gateway Management API via structured tooling. It is validated against the live API and kept up to date. Get started at https://app.jentic.com/sign-up.
What authentication does the Layer7 RESTMAN API use?
RESTMAN uses HTTP basic authentication with a gateway admin user. Through Jentic, the username and password are stored encrypted in the MAXsystem vault and the agent receives a scoped execution token, so the raw credentials never enter agent prompts.
Can I import a configuration bundle through the API?
Yes. PUT /bundle accepts an XML configuration bundle and applies it to the gateway. Combined with GET /bundle to export, this is how teams promote services, policies, and cluster properties between dev, staging, and production gateways without GUI clicks.
How do I publish a new service through Jentic?
Search Jentic for 'publish a service on the Layer7 gateway', load the broadcom.com Layer7 schema, and call POST /services with the service definition and resolution path. Then call POST /policies to attach the policy XML that should govern the service.
What are the rate limits for the Layer7 RESTMAN API?
RESTMAN runs on the gateway itself, so there is no vendor-imposed rate limit — capacity is bound only by the gateway's hardware sizing. For bulk operations, prefer bundle import/export over many small calls so the gateway does not have to recompile policies repeatedly.
Does Layer7 RESTMAN cover runtime traffic?
No. RESTMAN is the management plane only. It configures services, policies, certificates, and cluster properties; runtime API traffic still flows through the gateway's data plane on its published listeners. Use RESTMAN to deploy or rotate configuration, not to serve client requests.
/bundle
Import a configuration bundle
/trustedCertificates
Add a trusted certificate
/clusterProperties
Create a cluster-wide property