ApiFest is an open-source, Apache 2 Licensed, pure Java solution for managing and securing your API. ApiFest is designed for easy customization, easy usage and easy integration.
The ApiFest architecture allows unlimited horizontal scalability. See more about the architecture here. ApiFest uses pluggable datastore, so you can change the datastore with one of your choice.

Mission Statement

The idea behind ApiFest is to aid developers in their daily work related to API changes, API publishing and API security. ApiFest does not require a special IDE - developers can use their favorite one. Also, ApiFest does not require any product specific knowledge - no steep learning-curve to start using it, it is a simple Java program - you checkout the code, compile it and start it.


ApiFest features could be separated in two main groups - API security and API management.

API Security
  • OAuth 2.0 support
  • Dynamically configured OAuth 2.0 scopes
  • Configurable expiration period of OAuth 2.0 access tokens per OAuth20 scope and client application
  • Revocation of access tokens
  • Custom grant_type
  • Custom event handlers
API management
  • API model (XML format) could be generated from Javadoc
  • Native support for multiple API versions and backend hosts
  • Customizable error responses
  • Request transformations are implemented as simple Java classes
  • Online API model and transformation updates
  • Custom event handlers

ApiFest consists of two main parts - the ApiFest OAuth 2.0 Server and the ApiFest Mapping Server.

ApiFest OAuth 2.0 Server

The ApiFest OAuth 2.0 Server implements OAuth 2.0 server side as per http://tools.ietf.org/html/rfc6749. It enables the usage of access tokens in the ApiFest Mapping Server.

  • register new client app
  • generate access token using auth code
  • generate access token using username and password - grant_type=password
  • generate access token using client credentials - grant_type=client_credentials
  • generate access token using refresh token - grant_type=refresh_token
  • revoke access token
  • validate access token
  • pluggable storage (currently supports MongoDB, Redis, Cassandra and Hazelcast)
  • unlimited horizontal scalability

ApiFest Mapping Server

The ApiFest Mapping Server is for people who have APIs and want to expose them to the world in a safe and convenient way. The ApiFest Mapping Server is used to translate between the outside world and your internal systems. It helps you keep a consistent API facade.

  • mappings are described in xml
  • can validate and authorize requests using the ApiFest OAuth20 Server
  • out-of-the-box flexible mapping options - multiple versions support, different hosts to which API requests could be directed to
  • easy to extend and customize
  • customizable error messages and responses
  • "online" change of all configurations
  • unlimited horizontal scalability