What standards does Apiable speak?

OpenAPI 3.0 and 3.1 for catalog sync from your gateway, OAuth 2.0 (RFC 6749) for standard token flows, and OpenID Connect 1.0 with Dynamic Client Registration (RFC 7591) for partner onboarding.

Which API gateways does Apiable support?

AWS API Gateway is the primary integration with native Cognito pairing. Apigee X, Kong (self-managed), and Azure API Management are also supported out of the box. More gateways are available on demand.

Which identity providers does Apiable work with?

AWS Cognito (recommended on AWS), Microsoft Entra ID, and Auth0 are named integrations. Any OIDC-compliant provider can federate — including Okta, Ping, ForgeRock, and Keycloak.

What's the implementation timeline?

Standard deployments (existing AWS API Gateway + Cognito) take about 1 week. Customized deployments (multi-gateway or multi-IdP) take about 4 weeks. Enterprise deployments (regulated industry, custom federation) take about 12 weeks.

Is Apiable a fit for my stack?

Apiable is built for teams that already run an API gateway, expose REST APIs (with OpenAPI specs), and want partners to onboard themselves. It's probably not for you if your program is GraphQL-only, deployment must be fully on-premise, or you don't have an API gateway today.

Platform · Architecture

Built on open standards.

OpenAPI 3.1, OAuth 2.0, and OpenID Connect — the protocols your platform team already runs in production. Apiable plugs in as a thin layer on top of your existing stack. We don't proxy your API traffic, and we don't ask your engineers to learn a proprietary auth model.

Request a Demo See the live developer portal

① Onboarding

Consumer signs up

A developer or partner discovers your API and registers through your branded portal.

② Subscription

Backend provisions access

Apiable creates an OAuth client in your IdP through DCR and registers a key in your API gateway.

③ Credentials

Delivered to the consumer

Scoped credentials surface in the portal. The consumer is ready to make their first API call.

④ Runtime

API calls bypass Apiable

At runtime, traffic flows directly from the API consumer to your IdP and gateway.

How it fits

Three layers, one principle.

Your gateway and IdP keep doing what they're already doing. Apiable adds onboarding, plans, quotas, billing, and a self-serve developer portal on top — and talks to the layers below through open standards wherever they exist (OpenAPI, OAuth 2.0, OIDC). Where a gateway exposes only a vendor API, we integrate against that — but the protocols your developers and partners touch stay open.

Standards

Three protocols do all the work.

Same protocols your platform team already runs in production.

RFC · OpenAPI 3.x OAS

OpenAPI 3.0 & 3.1

We sync your API catalog from your gateway using your existing OpenAPI specs.

Specs can be pulled from your gateway, uploaded manually, or synchronized through your CI/CD pipeline. We store and version the spec — when it changes, the portal catalog updates.

Read the API Gateway sync page

RFC 6749 OAuth

OAuth 2.0

Standard token flows, scopes, and grant types. No proprietary auth.

Authorization code, client credentials, and refresh-token grants. Scope-based access control mapped to plans and products. Your engineers don't learn a new auth model.

Read the API Security page

OIDC core 1.0 OIDC

OpenID Connect

Federated authentication with your existing OIDC-compliant provider.

Partner onboarding via DCR (RFC 7591) — Apiable provisions OAuth clients in Cognito, Keycloak, Auth0, or Duende. No custom adapter, no proprietary protocol.

Read the API Security page

API gateways

Four supported out of the box. More on demand.

Primary integration AWS

AWS API Gateway

Native Cognito pairing. Reference architecture is the most-deployed Apiable setup today.

OpenAPI 3.x spec sync from API Gateway stages
Per-tenant Cognito user pools — one pool per customer, isolated by design
Usage plans & API keys provisioned automatically
Access logs streamed via Firehose for billing & analytics

Read the reference architecture

APG

Apigee X

Apiable plans mapped 1:1 to Apigee API products. Service-account-based access.

Reference architecture

KNG

Kong Gateway self-managed

Consumer provisioning via Kong Admin API. Rate-limiting & ACL plugin for plan access control.

Reference architecture

Azure API Management

Apiable plans mapped to APIM products, subscriptions provisioned automatically.

Reference architecture

More gateways available on demand. Talk to us.

Identity providers

Three named integrations, plus any OIDC-compliant provider.

CGN

AWS Cognito

Most common deployment. One Cognito user pool per Customer.

Recommended on AWS

Microsoft Entra ID

Enterprise path; common in larger organization stacks where compliance is paramount.

Auth0

Federation pattern for orgs already standardized on Auth0 — including custom rules and post-login actions.

Any OIDC-compliant provider

If your IdP speaks OIDC, Apiable can federate. Okta, Entra ID, Ping, ForgeRock — talk to us about edge cases.

Does Apiable proxy my API traffic?

No.

Apiable does not sit in your API request path.

Traffic between your developers and your gateway never passes through Apiable's infrastructure. Onboarding, plans, quotas, and billing happen in Apiable; the API calls themselves do not.

Optionally, Apiable retrospectively reads your gateway's log files to track usage, generate insights, and drive billing. Log access is read-only and runs on your schedule, not in the request path.

"If Apiable required network traffic to pass through their data center, that would be a dead route."
— security architect, Convera

Read the security and data-flow page

Hosting

Where is Apiable hosted?

eu-central-1 Frankfurt · AWS

Customer data and configuration are stored in Frankfurt. Additional regions are available for enterprise customers — talk to us if you need US, APAC, or another EU region.

Read the security page

Implementation timeline