Skip to main content
Version: latest

Running in Production

Running API7 Gateway in a production environment requires careful planning and adherence to best practices to ensure stability, security, and performance. This guide provides a pre-production checklist and deployment recommendations.

Pre-Production Checklist

Before deploying to production, verify the following:

  • Hardware Sizing: Ensure your gateway nodes meet the recommended hardware requirements.
  • Network Topology: Confirm your network architecture is properly configured for high availability and low latency.
  • TLS Everywhere: Enable TLS for all communication channels, including gateway-to-client and gateway-to-upstream.
  • Backup Strategy: Implement a regular backup and disaster recovery plan for the PostgreSQL database.
  • Monitoring Setup: Integrate with Prometheus and Grafana for real-time performance monitoring.
  • Log Management: Configure centralized logging for auditing and troubleshooting.
  • Security Hardening: Review and apply security best practices to protect your gateway and APIs.

Hardware Sizing Guide

For a typical production environment, the following hardware specifications are recommended:

  • Control Plane Node: 2+ CPU cores, 4GB+ RAM, 20GB+ Disk.
  • Data Plane Node: 4+ CPU cores, 8GB+ RAM, 20GB+ Disk.
  • PostgreSQL Database: Sized according to the number of configurations and historical data being stored.

Network Topology Recommendations

  • High Availability: Deploy at least two Control Plane nodes and multiple Data Plane nodes.
  • Load Balancer: Use a high-performance load balancer in front of your Data Plane nodes.
  • Latency: Keep the Control Plane and Data Plane nodes in the same region to minimize latency.

Monitoring and Logging

Integrate API7 Gateway with your existing monitoring and logging systems for observability.

  • Prometheus: Collect metrics from both CP and DP nodes for performance monitoring.
  • Grafana: Create dashboards to visualize metrics such as QPS, latency, and error rates.
  • Centralized Logging: Send logs to systems like ELK or Splunk for analysis and auditing.

Security Hardening

Protect your API7 Gateway deployment with these security measures:

  • RBAC: Use Role-Based Access Control to manage user permissions in the Control Plane.
  • Admin API Access Control: Restrict access to the Admin API to specific IP addresses.
  • Secret Management: Use a secret manager (e.g., HashiCorp Vault, AWS Secrets Manager) to securely store and manage sensitive information.
  • WAF: Integrate with a Web Application Firewall for protection against common web attacks.

Next Steps

API7.ai Logo

The digital world is connected by APIs,
API7.ai exists to make APIs more efficient, reliable, and secure.

Sign up for API7 newsletter

Product

API7 Gateway
API7 AI Gateway
API7 API Portal

Learn

API Gateway Guide
Plugin Hub
API Gateway Comparison
Customers

Resources

API Gateway Docs
Blog
Demo Hub
APISIX vs Kong

Company

About
Contact
Compliance Standards
Partners
Terms & Privacy
SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN PTE. LTD 2019 – 2026. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the Apache Software Foundation