Skip to main content

Architecture

One platform. Your infrastructure. Full control. Configure and audit who uses your APIs—and how—from one place, with the same rules for apps and AI.

Run it on-prem, hybrid, or in your cloud.

Admins

Config & policy

Developers

Portal & try-it

Apps & AI

APIs & AI

Zerq

Gateway core
Management UI
Developer portal
Data store
Observability
Workflow
AI & platform automation

Your IdP

SSO & auth

Data store

Config & audit

Your APIs

Backend services

Admins, developers, and apps (including AI agents) integrate through Zerq. Zerq connects to your identity provider, data store, and backend APIs—all in your environment.

Tech stack

Built with industry-standard technologies. Run and operate Zerq with familiar tooling.

Gateway core Go

Single binary, no vendor runtime lock-in—so you can deploy and scale without dependency on a proprietary runtime.

High-performance runtime that handles traffic, workflows, and policies. Deploy with Docker or Kubernetes.

Management UI Next.js & React

One place to configure APIs, access, and workflows—so your team can manage policy without touching code.

Modern web app with visual workflow builder and dashboards. Runs in your environment.

Developer portal Next.js & React

Partners get self-service discovery and try-it—so you reduce support load and speed integrations.

Partner-facing portal for API discovery, try-it, and self-service. Brandable.

Data store MongoDB & Redis

Your config and audit data stay in your perimeter—so you meet data residency and compliance requirements.

Config and audit in MongoDB (your instance or managed). Optional Redis for caching.

Workflow Built-in

Visual workflow builder and conditional routing—so you customize behavior per API without shipping custom code into the gateway.

No-code backend logic: conditional branches, custom response nodes, and reference to previous step data. Optional code node for one-off logic.

AI & platform automation Built-in

AI tools use your APIs with the same credentials as REST. Ops and automation manage the platform with the same sign-on and permissions as the admin UI.

AI clients discover and call your APIs; every request goes through the same gateway, access control, and observability. Manage collections, proxies, and workflows via standard tools—same identity, no second integration.

Deployment

Same product and controls whether you run in your data center, your cloud, or fully offline.

On-prem / fully offline

No outbound dependency at runtime. Ideal for regulated and air-gapped environments. Run the full stack in your data center.

Hybrid

Gateway and data in your environment; optional external identity or monitoring as allowed by your policy.

Cloud

Same product and controls in your cloud tenant. Deploy via Kubernetes on AWS, Azure, or GCP. Docker Compose for dev; Kubernetes for production.

Scale & reliability

High availability and zero-downtime updates so you can scale without dropping traffic.

Multi-replica scaling

Scale without dropping traffic—multiple gateway and service replicas with zero-downtime rolling updates and health checks.

Your data store

You own the data—config and audit in your own store; optional caching for performance.

Structured logging

Logs ready for your pipelines—filter by product, partner, and time; plug into your security and logging tools.

Metrics & dashboards

See volume, latency, and errors—export metrics to your preferred tools and build dashboards.

Compliance & security

Full audit trail and encryption so you can meet regulatory and security questionnaires—with your data staying in your environment.

  • Audit trail

    Every configuration change and API call is logged. Answer who did what, when—for regulators and internal review.

  • Encryption & access control

    Credentials encrypted at rest; role-based access and separation of duties. Integrate with your identity provider and SSO.

  • Data in your environment

    Config and audit data stay in your database and your perimeter. No requirement to send sensitive data to third-party control planes.

  • Regulated industries

    Built with banking, healthcare, and government in mind: audit role, configurable logging, and deployment flexibility including fully offline.

Observability

Track every API call and plug results into your existing monitoring and security tools. All data stays in your environment.

  • Structured logs and metrics export—integrate with your logging and monitoring stack.
  • Request volume, latency, and error rates by product, partner, and endpoint.
  • Pre-built views for audit reviews and capacity planning.

Learn more: Monitoring & analytics

Request Enterprise Demo