F5 NGINX Plus: API Gateway

Lightweight, cloud-native API gateway for delivering and securing APIs running in any architecture – monolith or microservices, multi-cloud or hybrid

Secure and High-Performance API Gateway

Designed for distributed architectures and DevOps practices, NGINX Plus acts as a reverse proxy and securely accepts API calls from clients and routes them to the appropriate backend services. It delivers APIs with ultra-low latency and easily scales to process more than 30,000 requests per second.


Deploy across any cloud, any architecture, and any modern protocol with a platform-agnostic API gateway.

  • Modern protocols – Deliver any HTTP based API including synchronous APIs (REST, gRPC, GraphQL, SOAP, and more) and asynchronous APIs (WebSockets, webhooks, and more).
  • Platform–agnostic – Deploy on bare metal, in Kubernetes, on-premises, in the cloud, or at the edge
  • Extensible – Write custom middleware or transform requests with the NGINX JavaScript module


Deliver APIs with speed and scale using the only API gateway capable of processing over 30,000 requests per second with 1000x lower latency than the competition.

  • High availability – Avoid single points of failure with active-active or active-passive high availability (HA) clusters
  • Service discovery – Automate service discovery and load balancing for API runtimes using DNS
  • Advanced routing – Optimize delivery with A/B testing, canary deployments, blue-green deployments, and other techniques


Access real-time metrics and historic data to gain visibility and insights into API traffic.

  • Active health checks – Proactively monitor your services to detect and get ahead of issues
  • Real-time monitoring – Create live dashboards and access more than 200 real-time metrics
  • Unified view – Export logs and metrics to your preferred APM provider


Protect APIs and backend services with policies for authentication, authorization, rate limiting, and more.

  • Access control – Authentication and authorization for APIs using methods like OpenID Connect (OIDC) for single sign-on (SSO), OAuth, JWTs and more
  • Rate limiting – Ensure your backend services are not overwhelmed by buggy code or malicious API clients by applying rate limits based on any attribute of the request
  • Enforce request methods – Protect services by enforcing specific request methods, like GET, to ensure your service is read-only

Next Steps