What are the parts of the Apiable platform?

Four parts work together: the dashboard control plane, your branded API Portal, your API gateways, and your authorization servers or identity providers. Apiable hosts the first two and connects to the last two.

Where does Apiable store gateway and authorization-server credentials?

In AWS Secrets Manager. The credentials you provide for a gateway or authorization server are written to Secrets Manager and are not persisted on the stored configuration record.

Platform

Platform overview

How Apiable fits together: a control plane and a branded API Portal that configure your own API gateways and authorization servers. Your API traffic runs on your gateway, not through Apiable.

Apiable is a control plane and a branded API Portal that sit on top of the infrastructure you already run. You connect your API gateways and authorization servers once, and Apiable configures them and runs the portal your consumers use. Your API traffic stays on your own gateway.

What is Apiable's architecture?

Apiable is a control plane plus a branded API Portal. The control plane configures your own API gateways and authorization servers. The API Portal is the site your consumers use to discover APIs, subscribe to plans, and manage their access and credentials.

Four parts work together:

Part	What it is	Who hosts it
Dashboard (control plane)	Where you connect gateways, build products and plans, and manage consumers	Apiable, on AWS
API Portal	Your branded site where consumers subscribe and get credentials	Apiable, on AWS
Your API gateways	The gateway that runs your APIs and serves live traffic	You
Your authorization servers	The identity and OAuth2 layer that issues and validates tokens	You

Apiable hosts the first two. The last two are yours. Apiable connects to them and configures them, but it does not replace them. See Hosting and infrastructure for where each part runs.

Does my API traffic flow through Apiable?

No. Your API traffic runs on your own gateway. When a consumer calls your API, the request goes from the consumer to your gateway to your backend. Apiable is the control plane that configures the gateway, not a proxy in the request path.

This is the no-proxy model. Apiable creates plans, API keys, and OAuth clients on your gateway, then steps out of the live request path. See The no-proxy model for how data flows and what it means for latency and data residency.

Which API gateways does Apiable work with?

Apiable is gateway-agnostic. It resolves a dedicated adapter for each gateway type, so you connect the gateway that already runs your APIs rather than moving to a new one.

Apiable connects to Amazon API Gateway, Azure API Management, Kong, and Apigee. Amazon API Gateway is the deepest, fully implemented adapter. For what each gateway supports today, see API Gateways.

How does Apiable secure access without holding your traffic?

Apiable configures the access controls on your own gateway and authorization server. Scopes are issued in the OAuth2 token by your authorization server, and your gateway enforces them per endpoint before a request reaches your backend.

A gateway resolves OAuth either natively or by binding an external Authorization Server such as Keycloak or Auth0. Apiable provisions an OAuth client per subscription through Dynamic Client Registration. See Access control for how scopes are assigned and enforced, and Security and compliance for the full list of security mechanisms.

Where to next

The no-proxy model

Why your API traffic stays on your gateway, and what gateway-bound and catalog-bound coupling mean for data flow.

Security and compliance

The security mechanisms Apiable uses: Secrets Manager, MFA, audit log, signed webhooks, and scoped OAuth2.

Hosting and infrastructure

Where the control plane and API Portal run, SSL and custom domains, and per-portal separation.

Platform positioning

The product view of what Apiable does and the problems it solves.