Ceptor API Gateway

Ceptor Gateway has the unique benefits of Ceptor's proven flexibility and many authentication options

Ceptor API Gateway is a component that exposes and protects your APIs and manages your clients and partners access to them.

Ceptor Gateway is a standards-based Reverse Proxy Server it is fully asynchronous, highly scalable and supports newest available communication protocols. Ceptor Gateway is deployed in front of your applications, protecting them from unauthorized access and takes care of load balancing and failover, stickiness, request throttling, authentication and authorization and response compression.

Learn more about Ceptor Gateway 

Benefits of Ceptor API Gateway

Ceptor API Gateway protects your APIs from unauthorized access and takes care of load balancing and failover, stickiness and request throttling.

Request Throttling

Requests can be throttled and queued up within Ceptor API Gateway to avoid overburdening your API servers, and ensure they survive even loads order of magnitudes higher than they were designed to handle.

  • Request Queuing / Throttling
    • Limit concurrent requests
    • Max requests per second
    • Limits can be qualified, e.g. by IP address, client ID etc.
  • Response Throttling
    • Max bytes per second

Request Throttling and can be based upon not just client, but also e.g. GeoIP information (or any other property or value), allowing you to prioritize API requests from certain clients, network segments or countries over others.


Ceptor supports the usual authentication methods available within the OpenAPI Specification, but add support for using SSL Client Certificates, as well as many other types of authentication.

Pipelines and Tasks

Allows full flexibility and ease of configuration, here you can weave together tasks to e.g. make remote API calls, convert between XML and JSON, modify response content etc.
This allows you absolute flexibility in implementing your APIs where needed.


It is important to consider which REST clients are used to call the APIs and what capabilities they have for calling your APIs.

Typically, these kinds of Authentication are used, but others can be provided as well:

  • API Keys (can be managed by partners using self-service within the Ceptor Developer Portal)
  • Basic Authentication using Client ID / Client Secret
  • Bearer Token (can be issued by Ceptor after authenticating using NemID, SAML or other more advanced form om authentication)
  • OAuth 2.0 / OpenID Connect

Ceptor API Gateway can authorize individual API calls, supporting:

  • Role-Based Access Control (RBAC)
  • Attribute-Based Access Control (ABAC)
  • Subscription checking
  • OAuth 2.0 scope required
  • Custom scripts (JavaScript, Python or Groovy) implemented within Ceptor API Gateway
Request Modification
  • Rewrite URLs
  • Modify request/response headers and cookies

    Rate Limiting

    Add your own custom Rate Limiting implementation or use Ceptor's default

    Ceptor API Gateway has a flexible plugin structure, this allows you to provide your own API Rate Limiting implementations to supporting extremely complex limitations on individual API calls, which goes beyond regular API limiting functionality.

    Our Rate Limiter implementation decides how rate limits are implemented for a location. 

      Rate Limiter Group Confifuaration

      API Usage Reporting

      Ceptor API Gateway has plugins for providing custom API Usage Reporting repositories

      Ceptor API Gateway has the flexibility to decide where to store API Usage information, it could be in Elasticsearch, databases, existing SIEM products or where you prefer to store the data - often large enterprises already have existing products for this sort of information that they prefer to reuse instead of requiring to learn yet another tool.

        Once the Ceptor API Gateway is configured, all API calls will be recorded by the API Usage plugin. If an API requires subscription, or if an API Partner is authenticated in another way, e.g. via specific authentication requirement configured in the gateway, the API Usage information will contain details about who made the call.

          API Usage Reporters

          API Mocking

          Get quick feedback of testing and fix any bugs faster with with Ceptor API Mocking

          You can use a script to generate a response for your clients - this is ideal for creating mocks or testing stubs for APIs.

          If you check one of the override checkboxes for an Operation, you will get a script for this particular operation.

          API Mocking

          Detailed Status Monitoring

          Using Ceptor Console, you can get detailed dashboards providing comprehensive overviews of your system and status.

          Detailed Status Monitoring

          Contact us