Configuration Generator

Explore every CAPI configuration attribute, toggle features on or off, and generate a ready-to-use config.yaml.

Sections

General

Core gateway identity and operating mode.

Version

capi.version

Configuration schema version. Used for compatibility tracking.

Instance Name

capi.instanceName

Unique name for this gateway instance. Used by Consul to filter which services this instance should discover.

Strict to Instance Name

capi.strictToInstanceName

When enabled, only services tagged with this instance name in Consul metadata will be discovered. Disable to discover all services.

Public Endpoint

capi.publicEndpoint

The externally reachable URL for this gateway. Used in documentation and discovery responses.

Running Mode

capi.runningMode

full: Runs all enabled gateways (REST, WebSocket, gRPC, MCP) and the admin API.
rest: Only REST gateway.
websocket: Only WebSocket gateway.
grpc: Only gRPC gateway.

Admin Port

capi.adminPort

Port for the admin API. Exposes management endpoints for route listing, health, and Swagger aggregation.

Reverse Proxy Host

capi.reverseProxyHost

If CAPI runs behind a reverse proxy (e.g. nginx), set this to the proxy's host. Leave empty if not behind a proxy.

REST Gateway

HTTP reverse proxy for REST API traffic. Routes are discovered automatically from Consul.

Enabled

capi.rest.enabled

Enable or disable the REST gateway.

Port

capi.rest.port

Listening port for REST traffic.

Listening Address

capi.rest.listeningAddress

Bind address. Use 0.0.0.0 for all interfaces or 127.0.0.1 for localhost only.

Context Path

capi.rest.contextPath

Base path prefix for all REST routes (e.g. /api).

I/O Threads

capi.rest.ioThreads

Number of XNIO I/O threads for the Undertow server. Typically set to the number of CPU cores.

Connection Request Timeout

capi.rest.connectionRequestTimeout

Timeout in ms to obtain a connection from the pool to the upstream service.

Request Timeout

capi.rest.requestTimeout

Timeout in ms for the upstream request to begin sending a response.

Response Timeout

capi.rest.responseTimeout

Timeout in ms for the complete response to be received from the upstream. Set higher for large payloads or streaming.

WebSocket Gateway

WebSocket reverse proxy for real-time bidirectional communication.

Enabled

capi.websocket.enabled

Enable or disable the WebSocket gateway.

Port

capi.websocket.port

Listening port for WebSocket traffic.

Listening Address

capi.websocket.listeningAddress

Bind address for the WebSocket server.

Context Path

capi.websocket.contextPath

Base path for WebSocket connections (e.g. /capi/*).

I/O Threads

capi.websocket.ioThreads

Number of XNIO I/O threads for the WebSocket server.

gRPC Gateway

gRPC reverse proxy for protocol-buffer based services.

Enabled

capi.grpc.enabled

Enable or disable the gRPC gateway.

Port

capi.grpc.port

Listening port for gRPC traffic.

SSL / TLS

Configure SSL termination at the gateway level. When enabled, the gateway will serve HTTPS.

Enabled

capi.ssl.enabled

Enable SSL termination. Requires a valid keystore.

Key Store Type

capi.ssl.keyStoreType

Format of the keystore file (e.g. PKCS12, JKS).

Path

capi.ssl.path

File system path to the keystore file.

Password

capi.ssl.password

Password to unlock the keystore.

Trust Store

Custom trust store for upstream TLS connections. Use when upstream services present certificates signed by internal CAs.

Enabled

capi.trustStore.enabled

Enable a custom trust store for outbound connections.

Path

capi.trustStore.path

File system path to the trust store. Leave empty if using encoded.

Encoded

capi.trustStore.encoded

Base64-encoded trust store content. Alternative to providing a file path; useful in containerized environments.

Password

capi.trustStore.password

Password to unlock the trust store.

Consul Discovery

CAPI discovers upstream services from the Consul catalog. Configure the polling interval and Consul endpoints.

Discovery Interval

capi.consulCatalogDiscoverInterval

How often (in ms) to poll the Consul catalog for service changes.

Consul Hosts

capi.consulHosts

List of Consul endpoints. Each entry has an endpoint URL and optional ACL token.

Consul KV Store

Optional Consul KV store integration for persisting gateway state such as API keys.

Enabled

capi.consulStore.enabled

Enable Consul KV store integration.

Endpoint

capi.consulStore.endpoint

Consul HTTP endpoint for KV operations.

Token

capi.consulStore.token

ACL token for Consul KV access.

API Key Store

Enable API key-based authentication. API keys are managed via the admin API and optionally persisted in Consul KV.

Enabled

capi.apiKeyStore.enabled

Enable API key authentication support.

OAuth2 / JWT

JWT-based authentication using OAuth2 JWKS endpoints. When enabled, secured routes will validate bearer tokens against these keys.

Enabled

capi.oauth2.enabled

Enable JWT token validation.

Cookie Name

capi.oauth2.cookieName

Name of the cookie to read the JWT token from (alternative to Authorization header).

JWKS Key URLs

capi.oauth2.keys

List of JWKS endpoint URLs used to fetch public keys for JWT verification.

OPA (Open Policy Agent)

Policy-based authorization using OPA. Supports remote OPA server or in-process Wasm bundle evaluation.

Enabled

capi.opa.enabled

Enable OPA policy evaluation for route authorization.

Endpoint

capi.opa.endpoint

URL of the remote OPA server (used when Wasm is disabled).

Wasm Enabled

capi.opa.wasmEnabled

Evaluate policies in-process using a compiled Wasm bundle instead of calling the remote OPA server.

Wasm Bundle URL

capi.opa.wasmBundleUrl

URL to download the OPA Wasm bundle from.

Bundle Poll Interval

capi.opa.wasmBundlePollIntervalSeconds

How often (in seconds) to re-fetch the Wasm bundle.

Wasm Pool Size

capi.opa.wasmPoolSize

Number of pooled Wasm instances for concurrent evaluation.

Tracing (OpenTelemetry)

Distributed tracing via OpenTelemetry. Sends spans to an OTLP-compatible collector.

Enabled

capi.traces.enabled

Enable distributed tracing.

Service Name

capi.traces.serviceName

Name used to identify this service in traces.

Endpoint

capi.traces.endpoint

OTLP collector endpoint (HTTP).

Extra Metadata Prefix

capi.traces.extraMetadataPrefix

Prefix to match Consul metadata keys to add as span attributes. Leave empty to skip.

CORS & Allowed Headers

Cross-Origin Resource Sharing and managed headers for the REST gateway.

CORS Enabled

capi.corsEnabled

Enable CORS handling for preflight OPTIONS requests.

Allowed Headers

capi.allowedHeaders

Headers that the gateway will accept and forward. These are also used in CORS Access-Control-Allow-Headers.

Logging Traces

Structured logging for request/response traces. Can output to file or a remote destination.

Enabled

capi.loggingTraces.enabled

Enable structured logging traces.

Tenant

capi.loggingTraces.tenant

Tenant identifier added to log entries.

App Name

capi.loggingTraces.appName

Application name added to log entries.

App Environment

capi.loggingTraces.appEnvironment

Environment label (e.g. dev, staging, prod).

Destination

capi.loggingTraces.destination

Remote destination for log shipping (e.g. Logstash endpoint). Leave empty for local-only.

File Path

capi.loggingTraces.filePath

Local file path for log output.

Access Logs

HTTP access logs for auditing and monitoring. Can be sent to a remote collector or written to a file.

Enabled

capi.accessLogs.enabled

Enable access log collection.

Tenant

capi.accessLogs.tenant

Tenant identifier for access logs.

Service

capi.accessLogs.service

Service name for access logs.

Destination

capi.accessLogs.destination

Remote collector endpoint (e.g. host:port).

File Path

capi.accessLogs.filePath

Local file path for access log output.

Throttle

Rate limiting using distributed counters. In Kubernetes, uses the Kubernetes API to coordinate across replicas.

Enabled

capi.throttle.enabled

Enable rate limiting / throttling.

Kubernetes Namespace

capi.throttle.kubernetesNamespace

Namespace of the CAPI deployment. Required for distributed counter coordination via Kubernetes API.

Kubernetes Service Name

capi.throttle.kubernetesServiceName

Name of the CAPI Kubernetes Service. Used to discover peer pods.

MCP Gateway

Model Context Protocol gateway that bridges MCP tool servers to REST/SSE clients.

Enabled

capi.mcp.enabled

Enable the MCP gateway.

Port

capi.mcp.port

Listening port for MCP SSE/HTTP traffic.

Session TTL

capi.mcp.sessionTtl

Session time-to-live in ms. Inactive sessions are evicted after this period.

Tool Call Timeout

capi.mcp.toolCallTimeout

Timeout in ms for individual MCP tool calls to upstream servers.

Circuit Breaker Cooldown

capi.mcp.circuitBreakerCooldownMs

Cooldown period in ms before retrying a tripped circuit breaker.

Server Discovery Timeout

capi.mcp.mcpServerDiscoveryTimeoutMs

Timeout in ms for discovering MCP servers from Consul.

Generated config.yaml