Open Source Licenses
API7 Gateway is built on the foundation of the Apache APISIX open-source project and incorporates various other open-source components. We are committed to license compliance and transparency, providing a clear record of the software that powers our platform.
Key Open Source Components
API7 Gateway utilizes several major open-source projects, each governed by its own license.
| Component | License | Purpose |
|---|---|---|
| Apache APISIX | Apache 2.0 | Core data plane engine and plugin system. |
| OpenResty / Nginx | BSD | High-performance HTTP and reverse proxy server embedded in the data plane. |
| LuaJIT | MIT | Just-in-time compiler for the Lua language used in plugins. |
| PostgreSQL | PostgreSQL License | Primary storage backend for the control plane. |
| kine | Apache 2.0 | etcd-compatible shim that translates the etcd v3 API to PostgreSQL for the DP Manager. |
| Ladon | Apache 2.0 | Policy engine used to evaluate permission policies. |
License Compliance
API7.ai ensures that all open-source components used within our enterprise products are used in accordance with their respective licenses. This includes:
- Attribution: Providing credit to the original authors where required.
- Redistribution: Adhering to the terms for redistributing original or modified source code.
- Patent Retention: Respecting patent clauses included in modern licenses like Apache 2.0.
SBOM (Software Bill of Materials)
For enterprise customers with rigorous compliance requirements, API7.ai can provide a Software Bill of Materials (SBOM) for each release. An SBOM is a formal, machine-readable record of all components, versions, and licenses contained within our container images. To request an SBOM for a specific API7 Enterprise release, contact your API7 account manager or sales@api7.ai.
Next Steps
- Review our Trust Center for additional compliance information.
- Review Vulnerability Scanning practices for these components.