Capabilities

One place to define, version, and publish your APIs so teams and partners stay in sync.

• Import and export standard API specs; bulk operations and drafts.
• Drafts and publishing workflow for controlled releases.
• Organize APIs by products and versions; manage who can access what.

Customize behavior per API without shipping custom code—visual logic your team can own.

• Visual workflow builder with no-code backend logic.
• Conditional routing, branches, and custom response nodes.
• Reference data from previous steps; optional code node for custom logic.

Every request is verified; compliance and audit in one place.

• Role-based access: view, edit, admin, and audit roles with separation of duties.
• Single sign-on (SSO) and enterprise authentication; token and certificate validation.
• IP allowlists, credential encryption, and key rotation.
• Secrets from your environment (e.g. Vault) so sensitive values stay out of config.

Partners get self-service discovery and try-it—so you reduce support load and speed integrations.

• Passwordless sign-in (magic link) for developers and partners.
• Per-partner access: partners only see the API products they are allowed to use.
• Self-service API discovery, try-it-in-browser, and standard API spec download.
• Try-it in the browser with parameter and header configuration; copy CURL commands to test outside the portal.
• Switch between API profiles (e.g. sandbox vs production) from the same portal with persistent selection.

Same credentials as your existing API access—no separate identity or keys for AI tools.

• AI tools can discover and call your APIs; every request goes through the same gateway, access control, and audit.
• One gateway path: every request goes through the same access control, logging, rate limits, and audit.
• One deployment: AI agent access is an additional route on the same gateway.

Let AI or automation manage your API catalog and workflows with the same permissions as your admin UI.

• Platform engineers and AI agents can list, create, update, and delete collections and proxies; get and update workflow definitions via standard tools.
• One auth model for both the admin UI and automation; optional standards-based discovery so clients connect using your existing identity provider.

Natural language for platform teams and for API consumers: Management MCP for control-plane work; Gateway MCP in the Developer Portal—bring your own model, gateway-enforced security.

• Operations: conversational control of collections, proxies, workflows, policies, clients, credentials, audit, and metrics—under your OIDC session with the same RBAC as the console.
• Developer Portal: optional consumer assistant with the same interaction model; discover endpoints and run profile-scoped test calls (server-side LLM config; threads scoped per profile).
• Runtime-configurable providers; credentials remain server-side.

See volume, latency, and errors by product and partner—ready for your dashboards and security tools.

• Prometheus integration and structured logging.
• Real-time dashboards, request logs, and response times.
• Filter by product, partner, and time range; logs that plug into your security tools (SIEM).

Run where you need to—your data center, your cloud, or fully offline.

• Docker Compose for development; Kubernetes for production.
• Multi-replica scaling and zero-downtime updates.
• On-prem, fully offline (air-gapped), and hybrid deployment options.

Answer who did what, when—for regulators and internal review.

• Full audit trail of configuration changes and API usage.
• Configurable logs and dedicated audit role for compliance teams.
• Enterprise authentication ready for regulated industries.

Handle real-time and streaming traffic while protecting backends from overload.

• Real-time and streaming support; optional response caching.
• Protection against duplicate requests to avoid redundant upstream calls.
• Health checks and readiness probes for orchestrators.