1. Kong

Openresty + Lua 技术栈
Kong是一个云原生,快速,可扩展和分布式微服务抽象层(也称为API网关,API中间件或在某些情况下为Service Mesh)。 作为2015年的开源项目,其核心价值在于高性能和可扩展性。
Kong积极维护,广泛应用于从创业公司到Global 5000以及政府组织等公司的生产。

开源API网关大全 原文出处看更新


  • Cloud-Native: Platform agnostic, Kong can run from bare metal to
  • Dynamic Load Balancing: Load balance traffic across multiple upstream
  • Hash-based Load Balancing: Load balance with consistent hashing/sticky
  • Circuit-Breaker: Intelligent tracking of unhealthy upstream services.
  • Health Checks: Active and passive monitoring of your upstream services.
  • Service Discovery: Resolve SRV records in third-party DNS resolvers like
  • Serverless: Invoke and secure AWS Lambda or OpenWhisk functions directly
    from Kong.
  • WebSockets: Communicate to your upstream services via WebSockets.
  • OAuth2.0: Easily add OAuth2.0 authentication to your APIs.
  • Logging: Log requests and responses to your system over HTTP, TCP, UDP,
    or to disk.
  • Security: ACL, Bot detection, whitelist/blacklist IPs, etc…
  • Syslog: Logging to System log.
  • SSL: Setup a Specific SSL Certificate for an underlying service or API.
  • Monitoring: Live monitoring provides key load and performance server
  • Forward Proxy: Make Kong connect to intermediary transparent HTTP proxies.
  • Authentications: HMAC, JWT, Basic, and more.
  • Rate-limiting: Block and throttle requests based on many variables.
  • Transformations: Add, remove, or manipulate HTTP requests and responses.
  • Caching: Cache and serve responses at the proxy layer.
  • CLI: Control your Kong cluster from the command line.
  • REST API: Kong can be operated with its RESTful API for maximum
  • Geo-Replicated: Configs are always up-to-date across different regions.
  • Failure Detection & Recovery: Kong is unaffected if one of your Cassandra
    nodes goes down.
  • Clustering: All Kong nodes auto-join the cluster keeping their config
    updated across nodes.
  • Scalability: Distributed by nature, Kong scales horizontally by simply
    adding nodes.
  • Performance: Kong handles load with ease by scaling and using NGINX at
    the core.
  • Plugins: Extendable architecture for adding functionality to Kong and

点评: 开源版本功能基本够用

2. Gravitee

Gravitee.io – API Management – OpenSource API Gateway
网关是Gravitee.io平台的核心组件。 您可以将其与“智能”代理进行比较,以了解其目标。


  • REST API:通过 Web UI 执行的每个操作都使用内部的 Rest API
  • 一键部署:只需单击一下,API 就会部署到每个 Gravitee.io 网关,并且可以随时使用
  • 高可扩展:可以轻松地将新的 Gravitee.io 网关添加到集群中。并且数据已同步,无需浪费时间进行配置
  • 自定义策略:Gravitee.io 提供了许多开箱即用的策略(速率限制、CORS、IP过滤等)。如果还不够,可以自己进行开发
  • 健康检测:作为 API 提供商,请为你的服务添加运行状况检查,并向你的用户提供有关 API 可用性的反馈

点评: 功能非常全,自带的dashboard也非常好用

3. Zuul

Zuul is a gateway service that provides dynamic routing, monitoring, resiliency, security, and more.

  • Authentication and Security – identifying authentication requirements for each resource and rejecting requests that do not satisfy them.
  • Insights and Monitoring – tracking meaningful data and statistics at the edge in order to give us an accurate view of production.
  • Dynamic Routing – dynamically routing requests to different backend clusters as needed.
  • Stress Testing – gradually increasing the traffic to a cluster in order to gauge performance.
  • Load Shedding – allocating capacity for each type of request and dropping requests that go over the limit.
  • Static Response handling – building some responses directly at the edge instead of forwarding them to an internal cluster
  • Multiregion Resiliency – routing requests across AWS regions in order to diversify our ELB usage and move our edge closer to our members
    点评: 用Spring Cloud全家桶首选

4. Tky

Tyk Open Source API Gateway written in Go
Tyk是一个轻量级的开源API网关,管理平台使您能够控制访问API的人员,访问API以及访问API的方式。 Tyk还将记录用户如何与您的API进行交互以及出现问题时的详细分析。
Key Features of Tyk
Tyk offers powerful, yet lightweight features that allow fine grained control over your API ecosystem.

  • RESTFul API – Full programmatic access to the internals makes it easy to manage your API users, keys and Api Configuration from within your systems
  • Multiple access protocols – Out of the box, Tyk supports Token-based, HMAC Signed, Basic Auth and Keyless access methods
  • Rate Limiting – Easily rate limit your API users, rate limiting is granular and can be applied on a per-key basis
  • Quotas – Enforce usage quotas on users to manage capacity or charge for tiered access
  • Granular Access Control – Grant api access on a version by version basis, grant keys access to multiple API’s or just a single version
  • Key Expiry – Control how long keys are valid for
  • API Versioning – API Versions can be easily set and deprecated at a specific time and date
  • Blacklist/Whitelist/Ignored endpoint access – Enforce strict security models on a version-by-version basis to your access points
  • Analytics logging – Record detailed usage data on who is using your API’s (raw data only)
    Webhooks – Trigger webhooks against events such as Quota Violations and Authentication failures
  • IP Whitelisting – Block access to non-trusted IP addresses for more secure interactions
  • Zero downtime restarts – Tyk configurations can be altered dynamically and the service restarted without affecting any active request