Skip to main content
Version: latest

API7 API Gateway Overview

API7 API Gateway (referred to as API7 Gateway) is a modern, high-performance API gateway designed for cloud-native applications and microservices. Built on the foundation of the open-source powerhouse Apache APISIX, it provides a robust, scalable, and flexible solution for managing, securing, and observing your APIs.

This document provides a high-level overview of API7 Gateway, tailored for DevOps engineers and solution architects. You will learn about its core concepts, architecture, key features, and how it can be deployed to fit your infrastructure needs.

Why Choose API7 Gateway?

In today's distributed architectures, managing communication between hundreds or even thousands of services creates significant challenges. Organizations need a unified way to handle traffic, enforce security policies, and gain visibility into their API ecosystem without compromising performance. API7 Gateway is engineered to solve these problems.

ChallengeHow API7 Gateway Solves It
Complexity in MicroservicesProvides a central point of control for routing, load balancing, and managing traffic across diverse upstream services, simplifying the overall architecture.
Security and ComplianceSecures APIs with a rich set of authentication and authorization plugins, fine-grained access control, ensuring a strong security posture.
Performance BottlenecksDelivers exceptional performance with sub-millisecond latency, ensuring that the gateway is never a bottleneck, even under heavy traffic loads.
Lack of ObservabilityIntegrates seamlessly with industry-standard observability tools like Prometheus, Grafana, and OpenTelemetry, offering deep insights into API performance and behavior.
Operational InefficiencyFeatures a fully dynamic configuration model that allows for real-time updates without service interruptions, enabling agile and efficient operations.

Core Features

API7 Gateway offers a comprehensive set of features to manage the entire API lifecycle.

  • Advanced Traffic Management: Control how requests are routed to your services with features like dynamic load balancing, canary releases, blue-green deployments, and circuit breaking.
  • Robust Security: Protect your APIs from threats with a wide range of security plugins, including support for OIDC, JWT, HMAC, and mTLS. Enforce access control and protect against common vulnerabilities.
  • Rich Plugin Ecosystem: Extend gateway functionality with a rich set of pre-built plugins or develop custom plugins in Lua to meet specific business requirements.
  • Deep Observability: Gain comprehensive visibility into your API traffic. The gateway supports integration with Prometheus for metrics, OpenTelemetry for distributed tracing, and various logging solutions.
  • Platform Agnostic: Deploy API7 Gateway anywhere—on public cloud, private data centers, or hybrid environments. It runs on bare metal, VMs, and Kubernetes.

Architecture Overview

API7 Gateway is designed with a decoupled architecture, separating the Control Plane (CP) from the Data Plane (DP). This separation provides scalability, flexibility, and resilience.

  • Control Plane: The central management point for all configurations. It provides a user-friendly dashboard and a robust API for administrators to define routes, configure plugins, and manage API policies. The Control Plane pushes configuration changes to the Data Plane in real-time.
  • Data Plane: The high-performance traffic proxy that handles all API requests. It receives configurations from the Control Plane and executes the defined policies, such as authentication, rate limiting, and routing. Data Plane nodes are stateless, allowing them to be scaled horizontally with ease.

Here is a diagram illustrating the basic architecture:


This decoupled design ensures that even if the Control Plane is temporarily unavailable, the Data Plane continues to operate without interruption, guaranteeing high availability for your APIs.

Deployment Modes

API7 Enterprise is designed as a container-first platform, ensuring architectural consistency and operational reliability across different infrastructure environments through immutable images.

1. Production-Grade Orchestration

  • Kubernetes (Standard/Managed): The primary deployment path via Helm Charts. API7 Gateway operates as a high-performance, stateless cluster within Kubernetes. In this mode, it maintains its full API Management capabilities, providing advanced traffic control and security policies for services across the enterprise.
  • OpenShift: Native support for Red Hat OpenShift, including pre-configured Security Context Constraints (SCC) and integration with OpenShift-specific monitoring stacks.

2. Enterprise Infrastructure

  • Private Cloud / Bare Metal (via Docker): For environments where Kubernetes is not utilized, API7 is deployed as Docker containers on Linux hosts. This supports both AMD64 and ARM64 architectures, allowing for high-performance execution while maintaining the benefits of container isolation and simplified upgrades.
  • Air-Gapped Environments: Specifically optimized for secure, isolated networks. Since API7 is distributed via container images, it simplifies the process of mirroring artifacts into private registries for offline deployment in financial or government sectors.

3. Rapid Development & GitOps

  • Lightweight Development: API7 provides Docker Compose templates to spin up a full-stack environment (Control Plane + Data Plane + Dashboard) in minutes for local development, prototyping, and integration testing.
  • GitOps Alignment: All container-based deployments are designed to work with ADC (API7 Declarative CLI), allowing platform engineers to manage gateway configurations through declarative YAML files and automated CI/CD pipelines.

Key Characteristics

Architects and DevOps engineers value API7 Gateway for its robust non-functional characteristics.

  • High Performance: Built on a high-performance tech stack (NGINX + LuaJIT), the gateway processes requests with extremely low latency, making it suitable for the most demanding workloads.
  • High Availability: The stateless nature of the Data Plane allows for seamless scaling and high availability. You can run multiple Data Plane nodes in a cluster to ensure fault tolerance and zero downtime.
  • Dynamic Configuration: All configurations, including routes and plugins, are updated dynamically without requiring a reload or restart of the gateway. This enables a truly agile and CI/CD-friendly workflow.
  • Extensibility: The powerful plugin mechanism allows you to easily extend the gateway's functionality to integrate with existing systems or implement custom logic.
API7.ai Logo

The digital world is connected by APIs,
API7.ai exists to make APIs more efficient, reliable, and secure.

Sign up for API7 newsletter

Product

API7 Gateway
API7 AI Gateway
API7 API Portal

Learn

API Gateway Guide
Plugin Hub
API Gateway Comparison
Customers

Resources

API Gateway Docs
Blog
Demo Hub
APISIX vs Kong

Company

About
Contact
Compliance Standards
Partners
Terms & Privacy
SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN PTE. LTD 2019 – 2026. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the Apache Software Foundation