Unified API & AI Gateway Platform

One platform for every API request — including agents.

Apinizer is the unified API & AI Gateway platform. HTTP, gRPC, SOAP, WebSocket, GraphQL — alongside LLM, MCP, and agent-to-agent traffic — through one runtime on your own server. Policies in code. Audit and encryption built in.

  • HTTP · gRPC · SOAP · WS · GraphQL
  • Three-tier permissions
  • Audit at the persistence layer
Book a DemoRead the docs
Everything is200OK:)
Apinizer Unified API + AI Gateway

Trusted by 100+ banks, ministries, and defense organizations

Trusted by 100+ organizations across banking, government, and defense

  • Aselsan
  • Havelsan
  • Aktif Bank
  • Takasbank
  • MKK
  • Dünya Katılım
  • Emlak Katılım
  • Ulaştırma Bakanlığı
  • Enerji Bakanlığı

The unified gateway

Legacy SOAP and next-gen AI — through one gateway, governed once.

Banks running WSDL services next to gRPC, GraphQL, and AI traffic don’t need a separate gateway per protocol. The same Worker, the same policy pipeline, the same audit aspect — across every era of API.

One Worker — every protocol

  • Legacy

    SOAP 1.1 / 1.2

    WSDL primed at deploy, WS-Security, WS-Addressing

  • Legacy

    WSDL imports

    Auto-convert to OpenAPI; expose as REST or gRPC

  • Modern

    HTTP / 1.1

    Keep-alive, chunked, content compression

  • Modern

    HTTP / 2

    Multiplexing, server push, binary framing

  • Modern

    REST

    Stateless, HATEOAS, content negotiation, versioning

  • Modern

    GraphQL

    Reverse proxy, query / mutation / subscription

  • Modern

    gRPC

    Protocol Buffers, unary + bidi streams over HTTP/2

  • Modern

    WebSocket

    RFC 6455, binary + text frames, WSS (TLS)

  • Next-gen

    LLM (OpenAI)

    Multi-LLM routing across 17+ providers

  • Next-gen

    MCP

    Model Context Protocol — auto-generated MCP servers

  • Next-gen

    A2A

    Agent-to-agent auth + observability + audit

No gateway sprawl

One Apinizer API/AI Gateway runtime — not three (REST + WebSocket + AI) running side-by-side, eating cluster resources.

One audit trail

WSDL calls, gRPC streams, and LLM prompts all land in the same Elasticsearch index, queryable side-by-side.

One permission model

Three-tier (System / Project / Team) governs SOAP-as-REST proxies, AI routes, and the Manager UI uniformly.

Many teams, one platform

Independent teams. Shared infrastructure. No stepping on each other.

Apinizer’s Project model lets unlimited teams run their own work side-by-side under shared infrastructure. Each Project has its own URL prefix, its own member list, and its own scope — proxies, policies, connections, credentials, variables, task flows. Server-side enforcement, not just UI hiding.

  • Per-project Gateway Path — every proxy lives under /<project>/...
  • Same login, different roles per project — Owner in A, Viewer in B
  • ProjectAuthAspect rejects cross-project access at the framework layer
  • Project switcher persists in localStorage — operators stay in context across reloads

Project switcher

⌘K
payments-coreOwner

/payments-core

  • onboarding
    /onboardingManager
  • risk-engine
    /riskDeveloper
  • partner-portal
    /partnerViewer
  • compliance-reports
    /complianceViewer

  • Owner

    Full control of the project — read, write, deploy, and member management.

  • Manager

    Read, write, and deploy. No member management — that stays with the Owner.

  • Developer

    Read and write the project's proxies, policies, connections — no deploy.

  • Viewer

    Read-only — useful for auditors, partner teams, and read-only integrations.

Many environments, one console

Manage dozens of environments from one screen.

Each Environment is a Kubernetes Namespace — isolated CPU, RAM, and network. The same proxy can run version 1.0 in PROD-EU and version 1.1 in PROD-TR at the same time. No second Manager. No duplicate configuration.

Environments — orders project
6 active

  • dev

    DEPLOYED
    Type
    TEST
    Protocol
    HTTP+WS
    Version
    1.4.0-rc2
    Cluster
    Managed

  • staging

    DEPLOYING
    Type
    TEST
    Protocol
    HTTPS
    Version
    1.3.4
    Cluster
    Managed

  • prod-eu

    DEPLOYED
    Type
    PRODUCTION
    Protocol
    HTTPS
    Version
    1.3.2
    Cluster
    Remote

  • prod-tr

    DEPLOYED
    Type
    PRODUCTION
    Protocol
    HTTPS
    Version
    1.3.2
    Cluster
    Remote

  • prod-air

    IDLE
    Type
    PRODUCTION
    Protocol
    HTTPS
    Version
    1.3.0
    Cluster
    Remote

  • perf-lab

    DEPLOYED
    Type
    TEST
    Protocol
    GRPC
    Version
    1.4.0-rc2
    Cluster
    Managed

  • 1:1 K8s namespace mapping

    Each environment isolates CPU, RAM, network.

  • TEST or PRODUCTION

    Two types drive licensing and resource allocation.

  • HTTP, HTTPS, gRPC, WS

    Four protocol modes per environment.

  • Per-environment versions

    Same proxy, different version, side-by-side.

  • Variables scope by env

    ${var} resolves to a different value in PROD vs TEST.

  • Connections scope by env

    Database / Kafka / SMTP credentials per environment.

Hybrid by design

Managed or remote. One console, both at once.

Some environments live in the cluster Apinizer manages for you. Others run on your own Kubernetes — region-local, sovereign, or air-gapped. Same Manager, same audit trail, same identity, same permissions. The only difference operators see is a small Managed or Remote badge.

Managed

Apinizer-managed cluster

The Apinizer API/AI Gateway runs in the cluster Apinizer operates next to the Manager. Fast iteration, predictable scale, hands-off operations. Ideal for TEST and STAGING.

  • Apinizer scales, monitors, and patches the runtime
  • Same Manager UI, same APIops surface
  • Hot deploy without dropped sockets
Remote

Customer-owned cluster

The Apinizer API/AI Gateway runs on your Kubernetes — EKS, AKS, GKE, OpenShift, Tanzu, RKE2, or on-prem. Sovereign, region-local, air-gapped — the data plane stays where regulation requires it.

  • Connects via apiServerUrl + service account token
  • Credentials stored encrypted (@SecretData)
  • Air-gapped variant for clusters without external network

Real hybrid topology

TEST managed for fast iteration · STAGING remote on AWS EKS in eu-west-1 · PROD remote on on-prem OpenShift, air-gapped · DR remote on Azure AKS in another region. One Manager. One audit trail. One permission model.

Now with AI Gateway

Govern every LLM, MCP, and agent-to-agent request.

The same gateway that runs your REST APIs now governs every AI request your applications make. One audit trail. One permission model. One place to set the rules.

LLM Governance

Token tracking, cost ceilings, leak prevention. Per user, per model, per window.

Multi-LLM Routing

17+ providers behind one OpenAI-compatible facade. Switch models without code changes.

MCP + A2A

Auto-generated MCP servers, agent discovery, agent-to-agent auth and audit.

Semantic Cache + Prompt Guards

Drop token spend on repeat prompts. Block injection patterns. PII sanitization.

17+ LLM providers — one OpenAI-compatible facade

  • OpenAI
  • Anthropic
  • Bedrock
  • Azure OpenAI
  • Gemini
  • Vertex AI
  • Cohere
  • Mistral
  • Hugging Face
  • Llama
  • + 7 more
See AI Gateway

The Apinizer suite

Ten ways to ship safer APIs and AI traffic.

API Gateway and AI Gateway are the data plane. Identity, Analytics, Portal, Designer, Creator, Integrator, Cache, and Monitoring round out the platform — all configured from the API Manager.

CORE PRODUCT

Worker — data plane

API Gateway

Apinizer API/AI Gateway — multi-protocol data plane for HTTP, gRPC, WebSocket, SOAP, GraphQL, and AI traffic on one Java 25 runtime. 50+ policies for auth, traffic, transformation, and observability — out of the box.

Open the Gateway page
NEW

AI Gateway — agentic plane

AI Gateway

Govern every LLM, MCP, and agent request on the Apinizer AI Gateway. Token budgets, cost attribution, response caching, prompt firewalls, and multi-LLM routing across 17+ providers — on the same runtime as your REST APIs.

Open the AI Gateway page

Identity Manager

Identity Manager

OIDC, OAuth 2.0, JWT, JOSE — plus mTLS, SAML, LDAP / AD, and database-backed federation. One identity surface for every Apinizer API and AI request, with three-tier permissions and Repository-layer audit.

Open the Identity page

API Portal

API Portal

Open the front door for developers, partners, and AI agents. Stand up as many portals as you need — Public, Internal, Partner, Agents — each branded as your own. No own database, fully customizable, MCP-ready, live in regulated environments.

Open the Portal page

Analytics Engine

Analytics Engine

Watch every API call. Ship the log everywhere. Answer in seconds. Async traffic capture, fan-out to nine destinations in parallel, dashboards and tracing operators actually use, and anomaly detection with EMA + Bollinger Band — backed by Elasticsearch.

Open the Analytics page

API Designer

API Designer

Design the API. Ship the proxy. One click apart. OpenAPI 3, Swagger 2, and WSDL editing — with a one-click path from spec to a live, governed API on the same gateway, and instant documentation in every format your team needs.

Open the Designer page
DIFFERENTIATOR

API Creator — three ways to skip the microservice

API Creator

Apinizer API Creator — three ways to ship an endpoint without a microservice. DB to API turns SQL into REST. Mock API gives frontends real-shaped responses with auth. Script to API runs JavaScript or Groovy as an endpoint.

Open the Creator page

API Integrator · Task Flow Manager

API Integrator

Connect anything to anything. Without writing the integration. Eighteen task types on one drag-and-drop canvas, chained with output keys and JSON Path, fired by cron, HTTP, or another flow — and governed by the same audit and identity stack as the gateway.

Open the Integrator page

Cache

Cache

Apinizer Cache is a two-tier cache — a local in-pod tier inside every gateway, a Hazelcast cluster on Kubernetes for the distributed tier. Twelve first-party cache scopes, atomic invalidation on redeploy, throttle and quota on the same cluster.

Open the Cache page

Monitoring

Monitoring

Apinizer Monitoring — uptime probes from your regions, anomaly detection with EMA and Bollinger bands, ten platform alert triggers ready on day one, and severity-aware action chains to Slack, Microsoft Teams, ServiceNow, email, webhook, and more.

Open the Monitoring page

Deploy anywhere

Kubernetes, OpenShift, Tanzu — or plain VMs.

One platform, four runtimes. Apinizer ships the same artefacts to every target — no fork, no separate edition. Whether your standard is enterprise Kubernetes, Red Hat OpenShift, VMware Tanzu, or traditional virtual machines, the gateway, manager, and APIops surface stay identical.

Supported

Kubernetes

Vanilla, EKS, AKS, GKE, RKE2.

Helm charts · operator-managed · hot deploy without dropped sockets.

Supported

OpenShift

Red Hat enterprise clusters.

SCC-aware manifests · OpenShift routes · air-gapped registries.

Supported

Tanzu

VMware-native Kubernetes.

TKGm / TKGs supported · vSphere CSI · TMC observability hooks.

Supported

Plain VMs

RHEL, CentOS, Ubuntu, Windows Server.

systemd unit · zero container runtime needed · same artefacts as K8s.

Mix and match — one platform

A single Apinizer environment can blend runtimes. Some workers on Kubernetes, others on legacy virtual machines, a third group on OpenShift in another data centre — all under the same Manager, the same identity, the same audit trail. Move at your own pace; the platform doesn't force a rebuild.

  • Same artefact layer — no per-platform fork
  • One Manager federates K8s + VM workers
  • Promote VM-bound services to containers gradually
  • Air-gapped + connected workers under the same control plane

On-prem · Sovereign cloud · Public cloud · Air-gapped — same binary

Developer experience

Operate APIs the way your team operates code.

Policies as classes, scripts you can drop in today. Apinizer's surface area is small enough to read end-to-end and explicit enough to review.

orders-api.yaml
# Deploy a proxy from CI — references are by name, not internal ID$ apinizer apply -f orders-api.yaml> proxy: orders-api environment: prod> status: deployed revision: 42
0+

Organizations on Apinizer

Banks, ministries, defense — across regulated industries.

0

Native protocols

HTTP / HTTP/2 · REST · SOAP · gRPC · WebSocket · GraphQL.

0+

Codified business invariants

Domain rules enforced by the platform — extend with your own custom plugins.

0

Latest release

Four-month cadence — only the latest major receives patches.

Industries

Designed where APIs are the regulated surface.

All industries

Banking

Audit, encrypted secrets, and three-tier access for the APIs that touch payments and identity.

See how

Government

Bilingual TR + EN, runs entirely on the customer's Kubernetes — no calls home.

See how
DESIGNED FOR

Telecom

Low-latency API tier in front of OSS / BSS, with hot deploy and async logging.

See how

Energy

API tier in front of SCADA-adjacent systems, EMS, and partner billing — with anomaly detection and certificate watchdogs.

See how
DESIGNED FOR

Insurance

Quote, bind, and claim APIs that need versioning and observability without a rewrite.

See how

Defense

Air-gapped or sovereign clusters with strict change control and zero-trust defaults — no calls home, rootless containers, and an audit trail you can present to oversight.

See how

Built on the standards your team already runs

No vendor lock-in. No surprise dependencies.

Apinizer is a JVM-native platform that fits where Java, Spring, and Kubernetes already live.

Runtime

  • Java 25
  • Spring Boot 3.5
  • Undertow
  • MongoDB
  • Elasticsearch
  • Hazelcast

Frontend & DX

  • Angular 19
  • PrimeNG 19
  • Tailwind CSS
  • Groovy
  • Quartz
  • OpenAPI

Standards

  • OAuth 2.0 / OIDC
  • WS-Security
  • GraphQL
  • gRPC
  • WSDL
  • K8s / OpenShift

Ready when you are

Govern every API — including AI — on your cluster.

A 30-minute walkthrough of API Gateway, AI Gateway, Manager, Portal, and the rest of the suite — on a Kubernetes of your choice.

Request a demoRead the docs