API Management

Oracle Cloud Infrastructure (OCI) provides a comprehensive set of services to manage the lifecycle of APIs (application programming interfaces). The built-in tools make it easy for developer teams to collaborate on prototyping, testing, and validating APIs. Oracle Cloud Infrastructure API Gateway provides integration, acceleration, governance, and security for API and SOA-based systems, enabling teams to manage and deliver web APIs securely. In addition, usage plans and subscriptions allow API operators to monitor and monetize APIs.

API Gateway overview (7:42)
  • Increased Agility

    Innovate quickly to increase efficiency and bump up your bottom line.

  • Greater Visibility

    Have a clear view of your APIs and their performance.

  • Improved Security

    Ensure the most up-to-date security policies are in place.

Build and secure APIs and web applications

Describe APIs with OpenAPI—create, deploy, operate, and protect APIs as well as web/mobile applications with policies.


Prototype APIs easily

Developers can choose from a wide range of tools to create API descriptions in OpenAPI format which is supported by OCI API Gateway.

OpenAPI support

Support for the widely recognized OpenAPI standard enables third-party developers to easily adopt your organization’s APIs.

Improve efficiency in the design process

With stock response API support via OCI API Gateway, an API description can be quickly prototyped and tested by development teams. Having early feedback can help the team eliminate risk in writing the code.

Update API code directly from the OCI console

You can use Code Editor to quickly edit API specifications directly within the OCI console. Code Editor comes with Git integration, automatic versioning, personalization, and built-in integration with OCI services.

API and app security

API security

Secure your APIs using JSON Web Tokens provided by Oracle Identity Cloud Service, Okta, Auth0, and other third-party identity providers. Create APIs that support cross-origin resource sharing (CORS) for web page interoperability.

Rate-limiting policies

Rate limiting for APIs can throttle traffic to back-end services, controlling exposure to the internet and protecting against denial-of-service attacks.

Web application

OpenID Connect is used as a common enforcement point for apps and APIs as well as a means to proxy authentication for applications unable to support the OpenID Connect flows directly.

Deploy APIs

Oracle-managed API front end

Oracle API Gateway is a highly available virtual network appliance that can receive API calls at scale and route them to OCI back-end services, such as load balancers, compute, Kubernetes, and serverless functions.

Deploy APIs privately or publicly

Based on their application’s requirements, API developers can restrict API access within a private network (a regional subnet) or enable API access from the internet.

Serverless APIs

Serverless APIs using OCI API Gateway and Oracle Functions can automatically scale up and scale down resources based on demand, eliminating infrastructure operations.

Track usage and monetize APIs

Create usage plans

API managers can create usage plans within API Gateway and define API access tiers. Usage plans and subscriptions can be shared with internal user groups and the external developer ecosystem.

Manage subscription

API managers can manage subscriptions and entitlements, enabling API consumers to subscribe to APIs.

Drive value from usage

API teams can monitor the traffic and analytics of their APIs based on the usage plan and subscriptions. This enables customers to analyze usage patterns as well as unlock new revenue streams by monetizing APIs.

API Management customer successes

Customers across a wide range of industries use Oracle Cloud for API management.

API Management use cases

  • Extend SaaS applications with cloud native

    Design and deploy a SaaS extension for Oracle Fusion Applications using Oracle Visual Builder, Oracle Functions, and Oracle API Gateway.

    Explore the architecture

  • Build an API

    Prepare, design, and prototype APIs by defining application domain semantics and deciding on the API architectural style.

    Read the technical brief (PDF)

  • Secure, RESTful API Gateway as a façade

    Create a proxy to authenticate with identity providers and provide access to multiple RESTful services both in the cloud and on-premises.

    View the architecture

API Management reference architectures

See all reference architectures
May 6, 2021

API design is essential to cloud native development

Robert Wunderlich, Product Strategy Director

Cloud native is gaining in popularity as more developers look to build highly scalable and maintainable solutions. But what does cloud native really mean, and how are APIs related?

The Cloud Native Computing Foundation provides the following definition of cloud native...

Read the complete post

Related cloud products


Quickly deploy and run code

Integration Cloud

Connect SaaS and on-premises applications

Cloud Native services

Containers, serverless, APIs, and Kafka

DevOps services

CI/CD, Terraform, monitoring, and logging

Get started with API Management

Take a free trial

30 days of access to Oracle Cloud.

Quick start for API Gateway

Instructions to quickly create, deploy, and call your first API

Try Apiary for free

Powerful API design stack that's built for developers.

Contact us

Reach our associates for sales, support, and other questions.