Skip to main content
Version: latest

Gateway Groups

A Gateway Group is a logical grouping of API7 Gateway data plane instances that share the same configuration. It serves as the target for publishing services and applying global rules.

How gateway groups work

When you deploy API7 Gateway, you assign each data plane instance to a specific gateway group. The control plane then pushes the relevant configuration to all instances within that group.

A gateway group contains:

  • Published Services: Versions of services that are live on the group.
  • Global Rules: Plugins that apply to every request processed by the group (e.g., centralized logging or global rate limiting).
  • SSL Certificates: Certificates assigned to the group for TLS termination.
  • Consumers: Identity and credentials authorized for the group.

Configuration fields

The following fields define a gateway group:

  • Name: A descriptive name for the group (e.g., us-east-prod).
  • Type:
    • api7_gateway: Standard API7 Gateway group.
    • api7_ingress_controller: Group managed via Kubernetes Ingress/Gateway API.
  • Enforce Service Publishing: When enabled, any changes to services must go through the formal Service Template → Service Version → Publish workflow. If disabled, changes can be applied directly to the live configuration (not recommended for production).
  • Control Plane Key Prefix: The unique path used by the data plane to fetch configuration (e.g., /gateway_groups/us-west-1).
  • Image Tag: The specific version of the API7 Gateway data plane used by this group.

Use cases

Gateway groups are essential for managing multi-environment and multi-region deployments:

  • Environment Isolation: Create separate groups for development, staging, and production. Test configuration in staging before publishing the same service version to production.
  • Regional Deployment: Deploy gateway groups in different geographic regions (e.g., aws-us-east-1 and aws-eu-central-1) while managing them from a single global control plane.
  • Tenant Isolation: Assign dedicated gateway groups to specific business units or high-priority customers to ensure resource isolation and specialized policy enforcement.

Publishing workflow

Configuration is not pushed to a gateway group immediately when modified. Instead, API7 Gateway uses a versioned publishing model:

  1. Service Template: Define the base configuration (routes, upstreams, plugins).
  2. Service Version: Create a snapshot of the template.
  3. Publish: Assign the specific version to a Gateway Group.

This workflow ensures that every change is tracked and can be rolled back to a previous version if necessary.

Next steps

API7.ai Logo

The digital world is connected by APIs,
API7.ai exists to make APIs more efficient, reliable, and secure.

Sign up for API7 newsletter

Product

API7 Gateway
API7 AI Gateway
API7 API Portal

Learn

API Gateway Guide
Plugin Hub
API Gateway Comparison
Customers

Resources

API Gateway Docs
Blog
Demo Hub
APISIX vs Kong

Company

About
Contact
Compliance Standards
Partners
Terms & Privacy
SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN PTE. LTD 2019 – 2026. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the Apache Software Foundation