Skip to main content

Version: 3.2.3.x

What is API7 Enterprise Edition

API7 Enterprise extends the core open-source functionality of Apache APISIX to provide customized, full-lifecycle API management for enterprises. It offers enterprise-level 24/7 support, advanced features, system integration, and SLA guarantees, to unleash the full potential of APISIX-powered API management.

API7 Enterprise includes the most popular enterprise-level functionality. With strong support for security, traffic management, and analytics, combined with a friendly developer experience, API7 Enterprise meets the needs and application scenarios of most industry businesses for API management.

API7 Enterprise allows enterprises to focus on delivering business value through APIs, rather than complex infrastructure operations and maintenance management. Companies can easily leverage the powerful API gateway to accelerate access and optimize the full lifecycle of APIs end-to-end, without spending a lot of time delving into expertise and self-development:

  • Security management and authentication access for large-scale APIs
  • Improving API observability through lifecycle analysis
  • Deep integration of API gateway with existing systems and pipelines
  • API infrastructure that follows future technology and management trends, easily adapting to rapid growth needs
  • Fine-grained traffic control with dynamic load balancing, circuit breaking, and rate limiting.

Apache APISIX, as a top-tier open-source API gateway, provides a solid foundation for enterprises to control and protect API traffic. With its high-performance architecture and lively open-source community, API7 Enterprise enables companies to unleash the maximum potential of APIs, while tackling the complexity brought by large-scale APIs.

Advantages and Highlights


  1. Cloud-Native

API7 is a cloud-native gateway that is platform-agnostic and has no risk of vendor lock-in. It supports bare metal, virtual machines, Kubernetes, OpenShift, ARM64, and more. Additionally, API7 can easily integrate with other components such as SkyWalking, Prometheus, Kafka, and Zipkin, empowering enterprises together.

  1. High Availability

API7 defaults to using etcd as the configuration center. Since etcd naturally supports distributed and high availability and has extensive practical experience in domains like K8s, API7 can easily support millisecond-level configuration updates and support thousands of gateway nodes. The gateway nodes are stateless and can be scaled up or down as needed.

  1. Protocol Conversion

API7 supports a wide range of protocol types, including TCP/UDP, Dubbo, MQTT, gRPC, SOAP, WebSocket, and more.

  1. Security Protection

Multiple identity authentication and security protection capabilities are built-in, such as Basic Auth, JSON Web Token, IP blacklist/whitelist, OAuth, etc.

  1. Extremely High Performance

API7 uses Radixtree algorithm to achieve high-performance and flexible routing. On an AWS 8-core server, QPS is about 140K, and latency is about 0.2ms.

  1. Fully Dynamic Capability

Modifying gateway configurations, adding or modifying plugins, etc., can be done in real-time without restarting the gateway service. It supports dynamic loading of SSL certificates.

  1. Strong Extension Capability

With a flexible plugin mechanism, API7 can be tailored to internal business functions. It supports custom load balancing and routing algorithms, unrestricted by API gateway implementation. Runtime executes user-defined functions to implement Serverless and make gateway edge nodes more flexible.

  1. Rich Governance Capability

Such as fault isolation, circuit breaker degradation, rate limiting, etc. After enabling active health checks, the gateway will support intelligent tracking of unhealthy upstream nodes and automatically filter out unhealthy nodes to improve overall service stability.

Overview of Capacities

API Publishing

Request Routing

  • URI parameter matching
  • HTTP request header matching
  • HTTP request method matching
  • Custom matching with Lua code snippets
  • Condition expressions
  • IPv6
  • GeoIP location matching
  • Routing time to live (TTL)
  • Priority matching

Request rewriting

  • URI rewriting
  • Add, modify and delete HTTP request headers
  • 301, 302 redirections
  • Force the redirection to HTTPS
  • Response rewriting

Response rewriting

  • Add, modify and delete HTTP response headers
  • Modify HTTP response codes
  • Modify response body

Protocol conversion

  • HTTP/1.1, HTTP2
  • HTTP/3
  • MQTT
  • UDP
  • WebSocket
  • Dubbo
  • Custom Layer 4 protocol
  • Custom Layer 7 protocol

Canary release

  • Canary release
  • Blue-green deployment

Response caching

Traffic mirroring

Circuit breaking

  • API circuit breaking
  • Service degradation

Fault injection

Traffic staining

API Consumption

Request authentication

  • JWT
  • Key-auth
  • HMAC
  • Basic-auth
  • Keycloak
  • Casdoor
  • OpenID connect
  • LDAP
  • Lua Casbin
  • Open Policy Agent
  • External auth servers (Auth0, Okta, etc.)
  • OAuth2

Rate limiting

  • Request limiting based on a fixed window
  • Request limiting based on the leaky bucket principle
  • Limiting concurrent requests

API Runtime


  • Data throughput
  • Response time
  • Upstream response time
  • Status code
  • API call volume
  • Gateway instance version and status
  • Certificate expiration


  • Push to HTTP/TCP/UDP log servers
  • SkyWalking
  • Kafka
  • RocketMQ
  • Clickhouse
  • Syslog
  • Aliyun SLS
  • Google Cloud Logging Service
  • Splunk HTTP Event Collector (HEC)
  • Specific file on disk
  • Elasticsearch
  • Tencent Cloud CLS
  • Grafana Loki


  • SkyWalking
  • Zipkin
  • OpenTracing

API Security

IP restriction

  • Blacklist
  • Whitelist
  • Preventing ReDOS attacks
  • Preventing replay attacks

URI restriction

  • Blacklist
  • Whitelist


User Management


Data Security

  • mTLS
  • FIPs
  • SSL certificate rotation


  • CLI
  • Helm charts
  • Rollback
  • YAML for standalone mode


  • Data sovereignty
  • Configuration hot update

Deployment Method

  • Bare Metal
  • Virtual Machine
  • Kubernetes
  • ARM64
  • Huawei Kunpeng
  • AWS
  • GCP
  • Alibaba Cloud
  • Tencent Cloud Logo

API Management for Modern Architectures with Edge, API Gateway, Kubernetes, and Service Mesh.


API7 Cloud

SOC2 Type IRed Herring

Copyright © APISEVEN Ltd. 2019 – 2024. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the

Apache Software Foundation