Ship APIs that
scale and stay safe.
Put a gateway in front of any service to issue keys, enforce rate limits, cache responses and watch every request in real time — all from one dashboard, with milliseconds of overhead.
requests today
2ms
overhead
99.98%
success
63%
cache hit
2ms
Added latency
14
Edge regions
63%
Avg cache hit rate
1
Dashboard for it all
Control, secure and observe
Drop zAPI in front of what you already have and get the controls of a mature API platform — without rewriting a line of business logic.
Smart routing
Map clean public routes to any upstream — services, serverless or third-party APIs — with versioning and path rewrites.
API keys & auth
Issue, scope and revoke keys, or plug in JWT and OAuth. Every request is authenticated before it reaches your code.
Rate limiting & quotas
Protect upstreams with per-key, per-route and per-plan limits, burst control and friendly 429 responses.
Edge caching
Cache responses at 14 regions with smart invalidation to cut latency and shield your origin from load.
Analytics & logs
See traffic, latency, error rates and top consumers live — then drill into individual requests and replay them.
Transforms & policies
Rewrite headers and payloads, validate schemas and chain reusable policies without redeploying your service.
Every request, checked in milliseconds
Keys, limits and caching run at the edge before traffic ever reaches your service — so your origin only sees requests it should.
Incoming request
receivedGET /v1/orders
Authenticate key
Verify & scope the API key
Rate limit
Check quota & burst window
Cache lookup
Serve from edge if fresh
Your service
Only clean traffic gets through
Lock down access by default
Issue scoped API keys, enforce JWT or OAuth, and revoke compromised credentials instantly. Per-key permissions mean each consumer reaches only the routes you allow.
- Scoped keys, JWT & OAuth support
- Instant revocation & rotation
- Schema validation blocks bad payloads
Protect your origin
Per-plan rate limits, burst windows and edge caching absorb spikes before they reach your service. Friendly 429s and retries keep good clients happy while abusive ones are throttled.
- Per-key, per-route & per-plan quotas
- Edge caching with smart invalidation
- Automatic retries & graceful 429s
Know exactly what's happening
Live dashboards show traffic, latency percentiles, error rates and your top consumers. Drill into any request, inspect headers and payloads, and replay it to reproduce an issue.
- Real-time traffic & p95 latency
- Per-consumer usage & error breakdowns
- Alerts & log streaming to your stack
38ms
p95
0.04%
errors
acme-corp
top
Config as code, live in seconds
Declare routes, policies and keys from the CLI, the API or the dashboard. Version your gateway config in git and roll changes out with confidence — no redeploys of your service.
- Declarative routes & policies in git
- CLI, REST API and dashboard parity
- Zero-downtime config rollouts
# expose an upstream behind the gateway zapi route add \ --path /v1/orders \ --upstream https://orders.internal \ --auth key
The gateway that just works
No rewrite required
Point the gateway at services you already run and get keys, limits and analytics without touching your business logic.
Secure from day one
Authentication, validation and revocation are built in, so your APIs are protected before your first public call.
Resilient under load
Edge caching and rate limiting absorb spikes and abuse, keeping your origin fast and your bills predictable.
Total visibility
Live analytics and per-request tracing mean you always know who's calling, how often and how fast.