Layer7 API Management

hi guys,
We have a scenario to share with you.

we`ve a service that has a funcionality of generate a PDF file. This means that his response content-type is a application/pdf

The highlights of our architecture is something like this:
APP -> IBM Mobile First Server -> CA API Gateway -> Backend Service

But in this case we`re considering change the architecture to this:
APP -> Backend Service

We`re are considering to change this topology because we`re worried about the overload of these two layers (Mobile First and CA API Gateway) versus the real benefits of them.

What are the points to considere to take a decision about it. Could you help me?

Has someone using CA API Gateway in the middle to service that response a binary? Is there some issue with it?

Good afternoon,

We see a lot of this type of workflow traversing the gateway and if you are not acting against the body of the response you can simply stream it through by not acting in the policy against the body of the response. This could be an audit or such that would cause the stream to stop moving. From the benefit of having the gateway in front we can do message or header based authentication and authorization. Another area we see the need is security teams not allowing direct interaction through DMZ or layers in the network without some level of validation. It would be up to your and your team as to whether you deem the 2 additional components necessary.

Sincerely,

Stephen Hughes

Director, CA Support