CAPI Gateway

The API Gateway that
discovers your services

CAPI is a lightweight gateway built on Undertow's async proxy architecture. Register services in Consul — routes, load balancing, security, and observability are handled automatically. No database. No declarative config files. Just register and go.

Get Started View on GitHub
Build Java 23 License Docker Version
Architecture

How it works

Services register in Consul with metadata that tells CAPI how to route, secure, and observe each API — no gateway config needed.

Clients REST / WS / SSE curl, browser, SDK MCP Clients LLMs / Agents Claude, Cursor, IDEs experimental CAPI Gateway OAuth2 / OIDC Validation OPA Policy Authorization Throttling (Hazelcast) Load Balancer Failover OpenTelemetry Traces + Metrics MCP Gateway (JSON-RPC 2.0) :8383 tool calls Service A REST Service B WebSocket Service C SSE Consul Service catalog + mcp-* metadata register auto-discover OPA Policy engine OpenTelemetry Traces + Logs IdP / Keycloak JWKS endpoint
Features

Everything you need in an API Gateway

Security, observability, and traffic management — configured via Consul metadata, not YAML files.

Auto-Discovery from Consul

Services register in Consul with metadata. CAPI polls the catalog and creates or removes routes dynamically — no restart, no redeploy.

OAuth2 / OIDC Security

Validate JWT tokens from any OIDC provider via JWKS endpoints. Multi-provider support with per-service opt-in through a single metadata flag.

OPA Authorization

Fine-grained policy enforcement using Open Policy Agent. Write Rego policies per service — CAPI evaluates them on every request.

OpenTelemetry Tracing

Distributed traces exported via OTLP. Prometheus metrics at the admin port. Full observability with zero application code changes.

Distributed Throttling

Rate-limit APIs globally or per consumer using Hazelcast distributed maps. Supports Kubernetes-native Hazelcast discovery.

REST, WebSocket & SSE

Gateway for all protocol types. REST with load balancing and failover, plus native WebSocket and Server-Sent Events passthrough.

OpenAPI Aggregation

Automatically collects and serves OpenAPI specs from upstream services through the admin API. One place to discover all your APIs.

Admin API

Built-in endpoints for health checks, Prometheus metrics, route inspection, and truststore management. Everything you need to operate at scale.

Kubernetes & Helm Ready

Production-grade Helm chart with ingress, TLS, security contexts, and Hazelcast Kubernetes discovery out of the box.

MCP Gateway EXPERIMENTAL

Turn any REST API into an MCP tool — no code changes on your backends. Also proxies real MCP Servers. Claude Desktop, Cursor, and custom agents discover and invoke everything via JSON-RPC 2.0 over Streamable HTTP.

gRPC Gateway EXPERIMENTAL

Transparent HTTP/2 reverse proxy for gRPC services. Header-based routing via x-capi-service forwards requests to backends discovered from Consul — no path rewriting needed.
Key Differentiator

REST-to-MCP Bridging

Your REST APIs become MCP tools instantly. No code changes, no MCP SDKs, no protocol rewrites on your backends.

REST backends

Zero-change integration

Register any REST API in Consul with MCP metadata (mcp-tools, descriptions, input schemas). CAPI translates MCP tools/call requests into plain HTTP POST calls and wraps the response in MCP format. Your backend never sees JSON-RPC — it just handles normal HTTP.

MCP Server backends

Native MCP proxy

For services that already speak MCP (JSON-RPC 2.0), register them with mcp-type: server. CAPI discovers tools automatically via tools/list and proxies tools/call transparently — with load balancing, failover, and circuit breaker included.

LLM Agent CAPI Gateway Your REST API (unchanged) tools/list ──────────► reads Consul metadata ◄────────── returns tool catalog tools/call ──────────► extracts arguments POST /endpoint ──────────► handles request wraps response ◄────────── returns JSON ◄────────── MCP-formatted result

Unlike dedicated MCP gateways that require all backends to be MCP Servers, CAPI bridges existing REST infrastructure and LLM-native protocols — aggregating both under one unified /mcp endpoint.

Get started

Up and running in 60 seconds

One command brings up the full ecosystem — CAPI, Consul, Keycloak, OPA, OpenSearch, and sample services.

# Clone the repo git clone https://github.com/surisoft-io/capi-core.git cd capi-core/docker # Bring up the full stack docker compose up -d # CAPI Gateway → http://localhost:8380/api/ # Admin API → http://localhost:8381/info # MCP Gateway → http://localhost:8383/mcp (experimental) # Consul UI → http://localhost:8500 # Keycloak → http://localhost:8080 # OpenSearch Dash → http://localhost:5601 # OPA → http://localhost:8181 # Register a sample service in Consul and call it through CAPI curl http://localhost:8380/api/public-service/dev/hello # Inspect active routes curl http://localhost:8381/info/routes | jq
Why CAPI

How CAPI compares

Purpose-built for Consul-native environments. No database, no declarative routes, no plugins to install.

CAPI Gateway WSO2 API Manager Kong Traefik Spring Cloud GW
Consul auto-discovery Native Not supported Plugin Yes Manual
Route config required None (metadata) Admin portal Admin API / DB Labels / files YAML / code
External database Not needed PostgreSQL / MySQL PostgreSQL Not needed Not needed
OAuth2 / OIDC built-in Yes Yes (Key Manager) Enterprise / Plugin Middleware Yes
OPA integration Built-in Manual / custom Plugin Plugin Manual
WebSocket & SSE Yes Yes Yes Yes Yes
Distributed throttling Hazelcast Traffic Manager Built-in Built-in Manual
OpenTelemetry Native OTLP Custom / ELK Plugin Yes Manual
MCP Gateway (LLM tools) Built-in (REST + MCP) No No No No
Architecture Single process Multi-component Single process Single process Single process
Footprint ~120 MB ~1 GB+ ~500 MB+ ~100 MB ~200 MB

Ready to simplify your API layer?

CAPI is open-source under the Apache 2.0 license. Star us on GitHub, try the Docker Compose stack, or jump straight into the docs.

Star on GitHub Read the Docs