Select region

Benefits of Ceptor API Gateway

Ceptor Gateway is deployed in front of your applications, protecting them from unauthorized access and takes care of load balancing and failover, stickiness, request throttling, authentication and authorization and response compression.

Request throttling 

Requests can be throttled and queued up within Ceptor API Gateway to avoid overburdening your API servers, and ensure they survive even loads order of magnitudes higher than they were designed to handle.

  • Request Queuing / Throttling

    • Limit concurrent requests

    • Max requests per second
    • Limits can be qualified, e.g. by IP address, client ID etc.

  • Response Throttling

    • Max bytes per second

Request Throttling and can be based upon not just client, but also e.g. GeoIP information (or any other property or value), allowing you to prioritize API requests from certain clients, network segments or countries over others.


Ceptor supports the usual authentication methods available within the OpenAPI Specification, but add support for using SSL Client Certificates, as well as many other types of authentication.

Pipelines and Tasks

Allows full flexibility and ease of configuration, here you can weave together tasks to e.g. make remote API calls, convert between XML and JSON, modify response content etc.
This allows you absolute flexibility in implementing your APIs where needed.


It is important to consider which REST clients are used to call the APIs and what capabilities they have for calling your APIs.

Typically, these kinds of Authentication are used, but others can be provided as well:

  • API Keys (can be managed by partners using self-service within the Ceptor Developer Portal)
  • Basic Authentication using Client ID / Client Secret
  • Bearer Token (can be issued by Ceptor after authenticating using NemID, SAML or other more advanced form om authentication)
  • OAuth 2.0 / OpenID Connect


Ceptor API Gateway can authorize individual API calls, supporting:

  • Role-Based Access Control (RBAC)
  • Attribute-Based Access Control (ABAC)
  • Subscription checking
  • OAuth 2.0 scope required
  • Custom scripts (JavaScript, Python or Groovy) implemented within Ceptor API Gateway

Request Modification

  • Rewrite URLs
  • Modify request/response headers and cookies

Rate Limiting

Add your own custom Rate Limiting implementation or use Ceptor’s default

Ceptor API Gateway has a flexible plugin structure, this allows you to provide your own API Rate Limiting implementations to supporting extremely complex limitations on individual API calls, which goes beyond regular API limiting functionality.

Our Rate Limiter implementation decides how rate limits are implemented for a location. 

API Usage Reporting

Ceptor API Gateway has plugins for providing custom API Usage Reporting repositories

Ceptor API Gateway has the flexibility to decide where to store API Usage information, it could be in Elasticsearch, databases, existing SIEM products or where you prefer to store the data – often large enterprises already have existing products for this sort of information that they prefer to reuse instead of requiring to learn yet another tool.

Once the Ceptor API Gateway is configured, all API calls will be recorded by the API Usage plugin. If an API requires subscription, or if an API Partner is authenticated in another way, e.g. via specific authentication requirement configured in the gateway, the API Usage information will contain details about who made the call.

API Mocking

Get quick feedback of testing and fix any bugs faster with with Ceptor API Mocking

You can use a script to generate a response for your clients – this is ideal for creating mocks or testing stubs for APIs.

If you check one of the override checkboxes for an Operation, you will get a script for this particular operation.

Detailed Status Monitoring

Using Ceptor Console, you can get detailed dashboards providing comprehensive overviews of your system and status.