Extensible Open Source API Management
Apiman makes managing your APIs easy.
With just a few clicks you can get Apiman running, putting a platform at your fingertips that covers the whole API Management lifecycle. Whether you want to offer existing APIs to external consumers in a secure way, or have a centralised location to discover and govern APIs, Apiman has you covered.
But that's not all. Apiman is designed to be easy to customise, and you can implement your own functionality by writing simple Java plugins.
Just a few of Apiman's features
Real Open Source
Permissively licensed under Apache License, 2.0.
No artificial limitations or restrictions.
No features hidden behind paywalls.
Govern Your APIs
Flexible, policy-based runtime governance for your APIs.
Offer the same API through multiple plans, allowing different levels of service to different API consumers.
Insight into your traffic with support for a wide array of metrics stores & analytics.
Rich Management Layer
A full REST API, Apiman Manager UI, and standalone Apiman Developer Portal.
Apiman Manager has a breadth and depth of features spanning the API Management Lifecycle: multi-tenancy, events, notifications, permissions, approvals, and so much more.
Extensible & Flexible
A comprehensive plugin system that allows developers to easily create, test, and deploy custom policies and components.
That means you can extend Apiman to do almost anything you need with some simple Java code.
Refer to our developer's guide for more.
Key API Management Use Cases
Covers a range of classic API Management use cases, and so much more.
- Throttling & Quotas: Limit the number of requests consumers of your APIs can make within a given time period (per API contract or per end-user).
- Centralised Security: Add authentication and IP filtering capabilities in a central location, freeing your back-end APIs to focus on functionality.
- Billing & Metrics: Easily get metrics for all your APIs so you can see what's popular or charge your consumers for their usage.
Run Anywhere, At Scale
There are no limitations on where or how you can run Apiman.
Whether you need to run on air-gapped bare metal or in the cloud, Apiman has been deployed to run critical API Management workloads.
Apiman Gateways are decoupled from the Apiman Manager, so even if a manager goes down, your gateways continue running.
The latest from the Apiman Blog
Apiman 3.1.2 released!
I’m delighted to announce that I have released Apiman 3.1.2.Final.
One particularly useful change I’d like to highlight is that the Vert.x Gateway’s API, when secured by Keycloak, now accepts a list of additionally accepted issuers using
allowed-issuers, which is useful for users with more complex auth setups.
Apiman 3.1.0 released!
I’m delighted to announce that I have released Apiman 3.1.0.Final.
Aside from numerous bug fixes and a few interesting new features, this includes a security fix for CVE-2023-28640.
Due to an issue with the release pipeline, we ended up having to cut a 3.1.1.Final release also, but it’s identical to 3.1.0.Final.
Potential permissions bypass in Apiman 3.0.0.Final (CVE-2023-28640)
A vulnerability in Apiman has been disclosed that you need to be aware of and respond to. It has CVE ID CVE-2023-28640.