Skip to main content

Release Notes

Release notes for the AISIX AI Gateway. Each version is a coordinated release of the gateway (data plane) and the control plane, distributed as container images (docker.io/api7/aisix and docker.io/api7/aisix-cp-*), an offline installation package, and the aisix-cp Helm chart. Versions are listed newest first.

0.3.1

A maintenance release that rolls up the 0.3.0 quality-assurance findings and adds directory-based user provisioning.

New Features

  • SCIM 2.0 directory sync — provision and deprovision members automatically from your identity provider (any SCIM 2.0 provider, such as Okta or Microsoft Entra ID) through the new /scim/v2 endpoints.

Improvements and Fixes

  • The gateway image now self-reports its release version — in the Server response header, in aisix --version, and as the data-plane version shown in the dashboard — instead of a static build version.
  • Anthropic prompt-cache tokens are now counted toward rate-limit token budgets on the native /v1/messages and /v1/responses endpoints.
  • Added a cache-inclusive total series to the per-client token metric.
  • In self-hosted installs, the dashboard playground can now reach LLM endpoints on private or internal networks (opt-in via the AISIX_PLAYGROUND_ALLOW_PRIVATE_IPS environment variable).
  • Sign-in now trusts the deployment's own origin (and its loopback twin) and shows clearer messages for rate-limited or untrusted-origin attempts.
  • The guardrail management API is now part of the Cloud Admin API contract.
  • Every proxied response now carries an x-aisix-request-id header for correlation.
  • Deployment cooldown metrics are emitted on health-state transitions.
  • A single malformed telemetry event no longer discards an entire usage-flush batch.
  • The control plane no longer logs benign "constraint already exists" errors on restart.

0.3.0

A large feature release that introduces the MCP and A2A gateways, several new API surfaces, an expanded guardrail catalog, and metric-based routing.

MCP Gateway

  • New aggregating /mcp endpoint that fronts multiple upstream MCP servers behind a single AISIX API key.
  • Manage upstream MCP servers as a first-class resource (registration and full CRUD) from the control plane and dashboard, including an enable/disable toggle and a configurable upstream timeout.
  • Per-key, per-tool access control — govern which MCP tools each API key may call.
  • Upstream authentication to MCP servers via API key or OAuth2 client credentials.
  • MCP tool calls are governed by the same rate-limit, budget, and guardrail (input and output) policies as LLM traffic, and emit usage events and access logs.

A2A Gateway

  • New Agent-to-Agent (A2A) gateway with org-scoped agents managed in the control plane and dashboard.
  • Per-key allowed_agents controls which agents each API key may reach.

New API Surfaces

  • /v1/realtime WebSocket relay for the OpenAI realtime API (OpenAI-family and Azure), with browser subprotocol authentication and per-session usage accounting.
  • First-class /v1/files, /v1/batches, and /v1/fine_tuning endpoints (OpenAI-family and Azure), with cost attribution for batch jobs.
  • Native (non-OpenAI) embeddings for Vertex/Gemini and Bedrock (Titan and Cohere).
  • Cross-provider content blocks — image, tool use, tool result, and document — on /v1/messages.

Guardrails

  • New guardrail kinds: Lakera, Presidio, and OpenAI Moderation.
  • PII detection and redaction (mask or block) over request and response bodies, including streamed responses and non-chat endpoints.
  • Monitor-mode guardrail hits are surfaced on usage events and in the dashboard Logs view.

Routing

  • New metric-based target-selection strategies: least cost, least latency, and least busy.
  • Tag / metadata conditional routing and wildcard model-name routing (provider/* aliases).
  • Sticky weighted routing for A/B testing and canary releases.

Traffic Controls and Authentication

  • API key lifecycle — set an expiration, disable a key, and rotate a key in a single operation.
  • Cluster rate limiting over a shared Redis, adding per-second (rps) and per-hour (rph) request limits alongside the existing per-minute (rpm) and per-day (rpd) limits.
  • Cache and rate-limit keys are scoped by environment so a shared Redis cannot leak state across environments.

Observability

  • Request and response content capture extended to embeddings, rerank, images, and audio.
  • Usage events are emitted for passthrough endpoints (success and failure) with API-key attribution.

Deployment

  • The container image runs as a non-root user and can still bind privileged ports (:80 and :443) via the CAP_NET_BIND_SERVICE file capability.

Dashboard

  • Unified, filterable models page and a single "Create model" kind picker.
  • MCP servers management page, with MCP governance surfaced across the rate-limit, budget, and guardrail views.
  • Drag-to-reorder routing targets and a per-target cost badge under the least-cost strategy.
  • Per-organization usage-log retention.
  • Paginated member and team lists.
API7.ai Logo

The digital world is connected by APIs,
API7.ai exists to make APIs more efficient, reliable, and secure.

Sign up for API7 newsletter

Product

API7 Gateway

SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN PTE. LTD 2019 – 2026. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the Apache Software Foundation