Open Source API Gateway written in Java for REST APIs, WebSockets, STOMP and legacy Web Services. Featuring:
API Security:
- Authentication with OAuth2, API Keys, NTLM and Basic Authentication
- OAuth2 Authorization server
- Rate Limiting
- XML Protection
OpenAPI:
- Deployment of OpenAPI documents as APIs
- Message validation against OpenAPI
Legacy Web Services:
- SOAP Message Routing
- WSDL configuration, message validation and WSDL rewritting
Other:
- Admin Web console
- Load balancing
- Embeddable reverse proxy HTTP framework for own API gateways
-
Download the binary and unzip it
-
Run
service-proxy.sh
orservice-proxy.bat
in a terminal -
Change the configuration
conf/proxies.xml
Run the samples, follow the REST or SOAP tutorial, see the Documentation or the FAQ.
Try the following snippets by copying them into the conf/proxies.xml
file.
Routing requests from port 2000
to api.predic8.de
when the path starts with /shop
.
<api port="2000">
<path>/shop</path>
<target url="https://api.predic8.de"/>
</api>
Configures APIs from OpenAPI document and validates messages against it. more...
<api port="2000">
<openapi location="fruitshop-api.yml" validateRequests="yes"/>
</api>
Dynamically manipulate and monitor messages with Groovy:
<api port="2000">
<groovy>
exc.request.header.add("X-Groovy", "Hello from Groovy")
CONTINUE
</groovy>
<target host="localhost" port="8080" />
</api>
or Javascript:
<api port="2000">
<javascript>
exc.getRequest().getHeader().add("X-Javascript", "Hello from JavaScript");
CONTINUE;
</javascript>
<target host="localhost" port="8080" />
</api>
Try also the Groovy example and Javascript Example.
<api port="2000">
<rewriter>
<map from="^/goodlookingpath/(.*)" to="/backendpath/$1" />
</rewriter>
<target host="my.backend.server" port="80" />
</api>
Log data about requests and responses to a file or database as CSV or JSON file.
<api port="2000">
<log/> <!-- Logs to the console -->
<statisticsCSV file="./log.csv" /> <!-- Logs finegrained CSV -->
<target url="https://api.predic8.de"/>
</api>
Use the widely adopted OAuth2/OpenID Framework to secure endpoints against Google, Azure AD, github, Keycloak or Membrane authentication servers.
<api name="Resource Service" port="2001">
<oauth2Resource>
<membrane src="https://accounts.google.com"
clientId="INSERT_CLIENT_ID"
clientSecret="INSERT_CLIENT_SECRET"
scope="email profile"
subject="sub"/>
</oauth2Resource>
<groovy>
// Get email from OAuth2 and forward it to the backend
def oauth2 = exc.properties.oauth2
exc.request.header.setValue('X-EMAIL',oauth2.userinfo.email)
CONTINUE
</groovy>
<target host="backend" port="80"/>
</api>
Try the tutorial OAuth2 with external OpenID Providers
Operate your own OAuth2/OpenID AuthorizationServer/Identity Provider:
<api name="Authorization Server" port="2000">
<oauth2authserver location="logindialog" issuer="http:https://localhost:2000" consentFile="consentFile.json">
<staticUserDataProvider>
<user username="john" password="password" email="[email protected]" />
</staticUserDataProvider>
<staticClientList>
<client clientId="abc" clientSecret="def" callbackUrl="http:https://localhost:2001/oauth2callback" />
</staticClientList>
<bearerToken/>
<claims value="aud email iss sub username">
<scope id="username" claims="username"/>
<scope id="profile" claims="username email password"/>
</claims>
</oauth2authserver>
</api>
(Find an example on membrane-soa.org)
<api port="2000">
<basicAuthentication>
<user name="bob" password="secret" />
</basicAuthentication>
<target host="localhost" port="8080" />
</api>
Route to SSL/TLS secured endpoints:
<api port="8080">
<target host="www.predic8.de" port="443">
<ssl/>
</target>
</api>
Secure endpoints with SSL/TLS:
<api port="443">
<ssl>
<keystore location="membrane.jks" password="secret" keyPassword="secret" />
<truststore location="membrane.jks" password="secret" />
</ssl>
<target host="localhost" port="8080" />
</api>
Limit the number of incoming requests:
<api port="2000">
<rateLimiter requestLimit="3" requestLimitDuration="PT30S"/>
<target host="localhost" port="8080" />
</api>
Distribute workload to multiple backend nodes. more ...
<api name="Balancer" port="8080">
<balancer name="balancer">
<clusters>
<cluster name="Default">
<node host="my.backend-1" port="4000"/>
<node host="my.backend-2" port="4000"/>
<node host="my.backend-3" port="4000"/>
</cluster>
</clusters>
</balancer>
</api>
Route and intercept WebSocket traffic:
<api port="2000">
<webSocket url="http:https://my.websocket.server:1234">
<wsLog/>
</webSocket>
<target port="8080" host="localhost"/>
</api>
See documentation
Integrate legacy services.
SOAP proxies configure themselves by analysing WSDL:
<soapProxy wsdl="http:https://thomas-bayer.com/axis2/services/BLZService?wsdl"/>
The validator checks SOAP messages against a WSDL document including referenced XSD schemas.
<soapProxy wsdl="http:https://thomas-bayer.com/axis2/services/BLZService?wsdl">
<validator />
</soapProxy>
See configuration reference for much more.