What is API7 Enterprise Edition
API7 Enterprise extends the core open-source functionality of Apache APISIX to provide customized, full-lifecycle API management for enterprises. It offers enterprise-level 24/7 support, advanced features, system integration, and SLA guarantees, to unleash the full potential of APISIX-powered API management.
API7 Enterprise includes the most popular enterprise-level functionality. With strong support for security, traffic management, and analytics, combined with a friendly developer experience, API7 Enterprise meets the needs and application scenarios of most industry businesses for API management.
API7 Enterprise allows enterprises to focus on delivering business value through APIs, rather than complex infrastructure operations and maintenance management. Companies can easily leverage the powerful API gateway to accelerate access and optimize the full lifecycle of APIs end-to-end, without spending a lot of time delving into expertise and self-development:
- Security management and authentication access for large-scale APIs
- Improving API observability through lifecycle analysis
- Deep integration of API gateway with existing systems and pipelines
- API infrastructure that follows future technology and management trends, easily adapting to rapid growth needs
- Fine-grained traffic control with dynamic load balancing, circuit breaking, and rate limiting.
Apache APISIX, as a top-tier open-source API gateway, provides a solid foundation for enterprises to control and protect API traffic. With its high-performance architecture and lively open-source community, API7 Enterprise enables companies to unleash the maximum potential of APIs, while tackling the complexity brought by large-scale APIs.
Advantages and Highlights
- Cloud-Native
API7 is a cloud-native gateway that is platform-agnostic and has no risk of vendor lock-in. It supports bare metal, virtual machines, Kubernetes, OpenShift, ARM64, and more. Additionally, API7 can easily integrate with other components such as SkyWalking, Prometheus, Kafka, and Zipkin, empowering enterprises together.
- High Availability
API7 defaults to using etcd as the configuration center. Since etcd naturally supports distributed and high availability and has extensive practical experience in domains like K8s, API7 can easily support millisecond-level configuration updates and support thousands of gateway nodes. The gateway nodes are stateless and can be scaled up or down as needed.
- Protocol Conversion
API7 supports a wide range of protocol types, including TCP/UDP, Dubbo, MQTT, gRPC, SOAP, WebSocket, and more.
- Security Protection
Multiple identity authentication and security protection capabilities are built-in, such as Basic Auth, JSON Web Token, IP blacklist/whitelist, OAuth, etc.
- Extremely High Performance
API7 uses Radixtree algorithm to achieve high-performance and flexible routing. On an AWS 8-core server, QPS is about 140K, and latency is about 0.2ms.
- Fully Dynamic Capability
Modifying gateway configurations, adding or modifying plugins, etc., can be done in real-time without restarting the gateway service. It supports dynamic loading of SSL certificates.
- Strong Extension Capability
With a flexible plugin mechanism, API7 can be tailored to internal business functions. It supports custom load balancing and routing algorithms, unrestricted by API gateway implementation. Runtime executes user-defined functions to implement Serverless and make gateway edge nodes more flexible.
- Rich Governance Capability
Such as fault isolation, circuit breaker degradation, rate limiting, etc. After enabling active health checks, the gateway will support intelligent tracking of unhealthy upstream nodes and automatically filter out unhealthy nodes to improve overall service stability.
Overview of Capacities
API Publishing
Request Routing
- URI parameter matching
- HTTP request header matching
- HTTP request method matching
- Custom matching with Lua code snippets
- Condition expressions
- IPv6
- GeoIP location matching
- Routing time to live (TTL)
- Priority matching
Request rewriting
- URI rewriting
- Add, modify and delete HTTP request headers
- 301, 302 redirections
- Force the redirection to HTTPS
- Response rewriting
Response rewriting
- Add, modify and delete HTTP response headers
- Modify HTTP response codes
- Modify response body
Protocol conversion
- HTTP/1.1, HTTP2
- HTTP/3
- TLS/HTTPS
- MQTT
- UDP
- WebSocket
- Dubbo
- Custom Layer 4 protocol
- Custom Layer 7 protocol
Canary release
- Canary release
- Blue-green deployment
Response caching
Traffic mirroring
Circuit breaking
- API circuit breaking
- Service degradation
Fault injection
Traffic staining
API Consumption
Request authentication
- JWT
- Key-auth
- HMAC
- Basic-auth
- Keycloak
- Casdoor
- OpenID connect
- LDAP
- Lua Casbin
- Open Policy Agent
- External auth servers (Auth0, Okta, etc.)
- OAuth2
Rate limiting
- Request limiting based on a fixed window
- Request limiting based on the leaky bucket principle
- Limiting concurrent requests
API Runtime
Monitoring
- Data throughput
- Response time
- Upstream response time
- Status code
- API call volume
- Gateway instance version and status
- Certificate expiration
Logging
- Push to HTTP/TCP/UDP log servers
- SkyWalking
- Kafka
- RocktMQ
- Clickhouse
- Syslog
- Aliyun SLS
- Google Cloud Logging Service
- Splunk HTTP Event Collector (HEC)
- Specific file on disk
- Elasticsearch
- Tencent Cloud CLS
- Grafana Loki
Tracing
- SkyWalking
- Zipkin
- OpenTracing
API Security
IP restriction
- Blacklist
- Whitelist
- Preventing ReDOS attacks
- Preventing replay attacks
URI restriction
- Blacklist
- Whitelist
CORS
User Management
RBAC
Data Security
- mTLS
- FIPs
- SSL certificate rotation
Tools
- CLI
- Helm charts
- Rollback
- YAML for standalone mode
Advanced
- Data sovereignty
- Configuration hot update
Deployment Method
- Bare Metal
- Virtual Machine
- Kubernetes
- ARM64
- Huawei Kunpeng
- AWS
- GCP
- Alibaba Cloud
- Tencent Cloud