Production-ready — Running in government hybrid environments

The API Gateway that discovers your services

Register in Consul. Routes, load balancing, security, and observability are configured automatically through metadata. No database. No YAML routes. No restarts.

Get Started View on GitHub
4 years
In production
~120 MB
Runtime footprint
0
Databases required
Java 23
Apache Camel + Undertow
Powering production workloads in complex hybrid government environments since 2021. Apache 2.0 licensed.
How It Works

Register. Discover. Route.

No gateway configuration files. Services declare their own routing, security, and throttling policies as Consul metadata. CAPI does the rest.

01
Register in Consul
Your service registers itself in Consul with metadata tags — context path, security requirements, throttling rules, protocol type.
02
CAPI auto-discovers
CAPI polls the Consul catalog, detects new or removed services, and dynamically creates or tears down Camel routes. No restart needed.
03
Traffic flows
Clients call CAPI. OAuth2 tokens are validated, OPA policies enforced, requests load-balanced across healthy instances. Traces exported via OTLP.
consul-service-registration.json 
{
  "ID": "order-service-1",
  "Name": "order-service",
  "Address": "10.0.1.50",
  "Port": 8080,
  "Meta": {
    "group": "production",           // route: /api/order-service/production/*
    "root-context": "/api/v2",       // forwarded path prefix
    "schema": "https",              // upstream protocol
    "secured": "true",              // enable OAuth2/OIDC validation
    "oidc-provider": "keycloak",     // which OIDC provider to use
    "throttling-max": "100",         // max requests per period
    "type": "rest"                  // rest | websocket | sse
  }
}
Capabilities

Everything you need. Nothing you don't.

Security, observability, and traffic management — configured via service metadata, not gateway configuration files.

Consul Auto-Discovery
Services register with metadata. CAPI polls the catalog, creates routes dynamically, and removes them when services deregister. Zero config.
OAuth2 / OIDC Security
Validate JWT tokens from any OIDC provider via JWKS endpoints. Multi-provider support with per-service opt-in through a single metadata flag.
OPA Authorization
Fine-grained policy enforcement with Open Policy Agent. Write Rego policies per service — CAPI evaluates them on every request.
REST, WebSocket & SSE
Gateway for all protocol types. REST with round-robin load balancing and failover, plus native WebSocket and Server-Sent Events passthrough.
OpenTelemetry Tracing
Distributed traces exported via OTLP. Prometheus metrics at the admin port. Full observability with zero application code changes.
Distributed Throttling
Rate-limit APIs globally using Hazelcast distributed maps. Supports Kubernetes-native Hazelcast discovery for clustered deployments.
OpenAPI Aggregation
Collects and serves OpenAPI specs from upstream services through the admin API. One endpoint to discover all your APIs.
Kubernetes & Helm
Production-grade Helm chart with ingress, TLS, security contexts, and Hazelcast Kubernetes discovery out of the box.
Experimental
MCP Gateway
Turn any REST API into an MCP tool for LLM agents. Also proxies native MCP Servers. JSON-RPC 2.0 over Streamable HTTP.
Key Differentiator

REST-to-MCP Bridging

Your REST APIs become MCP tools instantly. No code changes, no MCP SDKs, no protocol rewrites on your backends.

Zero-change REST integration
Register any REST API in Consul with MCP metadata — tool names, descriptions, input schemas. CAPI translates MCP tools/call into plain HTTP requests. Your backend never sees JSON-RPC.
Native MCP Server proxy
For services that already speak MCP (JSON-RPC 2.0), register them with mcp-type: server. CAPI discovers tools via tools/list and proxies transparently — with load balancing and failover.
Unified /mcp endpoint
Both REST and MCP Server backends are aggregated under one endpoint. Claude Desktop, Cursor, and custom agents discover everything through a single connection.
Unlike dedicated MCP gateways
CAPI doesn't require backends to be MCP Servers. It bridges existing REST infrastructure and LLM-native protocols — meeting your services where they already are.
Request Flow
LLM Agent tools/list CAPI
reads Consul metadata, returns tool catalog

LLM Agent tools/call CAPI
extracts arguments from JSON-RPC

CAPI POST /endpoint REST API
CAPI JSON response REST API

LLM Agent MCP-formatted result CAPI
Comparison

How CAPI compares

Purpose-built for Consul-native environments. No database, no declarative routes, no plugins to install.

CAPI Kong Traefik WSO2 Spring Cloud GW
Consul auto-discovery ● Native Plugin Yes Manual
Route config required ● None Admin API / DB Labels / files Admin portal YAML / code
External database ● Not needed PostgreSQL Not needed PostgreSQL / MySQL Not needed
OAuth2 / OIDC built-in ● Yes Enterprise / Plugin Middleware Yes Yes
OPA integration ● Built-in Plugin Plugin Manual Manual
WebSocket & SSE ● Yes Yes Yes Yes Yes
OpenTelemetry ● Native OTLP Plugin Yes Custom Manual
MCP Gateway (LLM tools) ● Built-in
Runtime footprint ● ~120 MB ~500 MB+ ~100 MB ~1 GB+ ~200 MB
Get Started

Up and running in 60 seconds

One command brings up the full ecosystem — CAPI, Consul, Keycloak, OPA, OpenSearch, and sample services.

Docker Compose
Full stack with all integrations
# Clone and start
git clone https://github.com/surisoft-io/capi-core.git
cd capi-core/docker
docker compose up -d

# Your endpoints
# Gateway     → http://localhost:8380
# Admin API   → http://localhost:8381
# MCP Gateway → http://localhost:8383
# Consul UI   → http://localhost:8500

# Try it
curl http://localhost:8380/api/public-service/dev/hello
JAR / Kubernetes
Standalone or Helm chart
# Run from JAR
CAPI_CONFIG_FILE=config/config.yaml \
  java -jar capi-core.jar

# Or deploy with Helm
helm install capi-core helm/capi-core

# With custom values
helm install capi-core helm/capi-core \
  -f my-values.yaml

# Enable SSL
helm install capi-core helm/capi-core \
  --set capi.ssl.enabled=true \
  --set capi.ssl.keystoreBase64=<b64>
Professional Services

Need hands-on expertise?

CAPI was built and battle-tested inside a complex hybrid government environment over four years. The team behind it offers consulting and professional services to help organizations deploy, customize, and get the most out of their API infrastructure.

CAPI Deployment & Customization
Production deployment of CAPI in your environment — on-premises, cloud, or hybrid. Custom configuration, TLS setup, Consul integration, Hazelcast clustering, and monitoring with OpenTelemetry.
API Architecture & Strategy
Design your API gateway layer, service discovery strategy, security policies, and traffic management. Guidance on migrating from legacy gateways or building greenfield API platforms.
MCP Integration for LLM Agents
Connect your internal REST APIs to LLM agents through CAPI's MCP Gateway. We help you define tool schemas, configure Consul metadata, and set up secure access for Claude, Cursor, and custom agents.
Apache Camel Consulting
Deep expertise in Apache Camel for integration patterns, custom route development, performance tuning, and building production-grade systems on the Camel runtime.
Get in touch [email protected]
4 years in government production
Hybrid cloud expertise
Built by the creators of CAPI
Open Source

Ready to simplify your API layer?

CAPI is open-source under the Apache 2.0 license. Try the Docker Compose stack, explore the docs, or talk to us about professional deployment.

Star on GitHub Read the Docs Contact Us