awesome-repositories.com
Blog
awesome-repositories.com

Discover the best open-source repositories with AI-powered search.

ExploreCurated searchesOpen-source alternativesSelf-hosted softwareBlogSitemap
ProjectAboutHow we rankPressMCP server
LegalPrivacyTerms
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

API security platform

Ranking updated Jun 30, 2026

For a native security platform for APIs, the strongest matches are tyktechnologies/tyk (Tyk is an open-source API gateway that routes, secures), apache/apisix (Apache APISIX is a comprehensive, self-hosted API gateway that) and kong/kong (Kong is a high-performance API gateway with a extensive). gravitee-io/gravitee-api-management and traefik/traefik round out the shortlist. Each is ranked by relevance to your query, popularity and recent activity.

Find the best native API security platforms. Compare top open-source tools ranked by activity and features to find the best fit for your stack.

API security platform

Find the best repos with AI.We'll search the best matching repositories with AI.
  • tyktechnologies/tykTykTechnologies avatar

    TykTechnologies/tyk

    10,744View on GitHub↗

    Tyk is an open-source API gateway written in Go that routes, secures, and monitors network traffic across REST, GraphQL, TCP, and gRPC protocols. It functions as a multi-protocol proxy designed to deliver requests to backend services while managing the end-to-end API lifecycle. The system distinguishes itself through a plugin-based architecture that allows for the injection of custom logic into the request and response middleware chain. It also features native Kubernetes integration, operating as an ingress controller that uses operators and custom resource definitions to deploy security poli

    Tyk is an open-source API gateway that routes, secures, and monitors API traffic with built-in rate limiting, authentication standards (OAuth2/OIDC/JWT), API key management, analytics, and self-hosted deployment, directly covering the core security and management capabilities you're looking for.

    GoAPI Usage Analytics
    View on GitHub↗10,744
  • apache/apisixapache avatar

    apache/apisix

    16,767View on GitHub↗

    This project is a high-performance, distributed API gateway designed to manage, secure, and observe traffic for microservices, serverless functions, and artificial intelligence model providers. It functions as a dynamic service proxy and cloud-native ingress controller, centralizing policy enforcement and traffic routing through a unified configuration interface that synchronizes state across multiple nodes in real time. The platform distinguishes itself through a highly extensible architecture that utilizes a high-performance scripting engine to execute modular logic directly within the requ

    Apache APISIX is a comprehensive, self-hosted API gateway that provides built-in rate limiting, OAuth2/OIDC/JWT authentication, schema validation, and observability, directly addressing the need to secure, manage, and protect APIs.

    LuaOIDC Authentication PluginsRequest Logs
    View on GitHub↗16,767
  • kong/kongKong avatar

    Kong/kong

    43,653View on GitHub↗

    Kong is a high-performance API gateway and service connectivity platform designed to manage, secure, and monitor traffic across distributed microservices and hybrid cloud environments. It functions as a centralized control plane for service governance, providing essential traffic routing, load balancing, and request transformation capabilities to ensure consistent policy enforcement across all service endpoints. The platform distinguishes itself through a modular plugin architecture and a declarative configuration engine that allows infrastructure behavior to be defined via version-controlled

    Kong is a high-performance API gateway with a extensive plugin ecosystem that delivers the security, management, and protection features you need—rate limiting, OAuth2/JWT authentication, API key management, schema validation, and self-hosted deployment—making it a comprehensive API security and gateway platform.

    LuaAPI GatewaysKubernetes Traffic ControllersService Governance Platforms
    View on GitHub↗43,653
  • gravitee-io/gravitee-api-managementgravitee-io avatar

    gravitee-io/gravitee-api-management

    423View on GitHub↗

    Gravitee.io - OpenSource API Management

    Gravitee is an open-source API management platform with a built-in gateway, comprehensive security policies (OAuth2/JWT, rate limiting, API key management), analytics, and self-hosting support — directly addressing the need for a native API security and management tool.

    JavaAPI Management
    View on GitHub↗423
  • traefik/traefiktraefik avatar

    traefik/traefik

    63,644View on GitHub↗

    Traefik is a cloud-native edge router and API gateway designed to manage service communication and traffic flow across distributed infrastructure. It functions as a dynamic service proxy that automatically discovers backend services and configures routing rules in real time, eliminating the need for manual restarts or complex configuration updates. By integrating directly with container orchestrators and service registries, it maintains a consistent state for network traffic, load balancing, and security policy enforcement. The project distinguishes itself through its deep integration with di

    Traefik is a cloud-native API gateway that can secure APIs with middleware for rate limiting, authentication (OAuth2/JWT), and policy enforcement, but lacks dedicated API key management, WAF, threat detection, or schema validation, so it fits the category but not as a comprehensive API security platform.

    GoNative API Security
    View on GitHub↗63,644
  • alibaba/higressalibaba avatar

    alibaba/higress

    7,558View on GitHub↗

    Higress is an AI API gateway and cloud-native traffic manager that functions as a Kubernetes ingress controller. It provides a centralized system for routing, securing, and optimizing traffic directed toward large language models, AI agents, and microservice architectures. The project distinguishes itself through deep AI orchestration, including the ability to host and manage Model Context Protocol servers that transform REST APIs into tools for AI agents. It features specialized AI infrastructure for model request proxying, protocol translation across multiple providers, and semantic-based c

    Higress is a cloud-native API gateway and ingress controller that secures and manages traffic, including AI workloads, making it a valid choice for an API security/gateway platform — though its AI focus means some traditional security features like OAuth2, WAF, or rate limiting are not explicitly highlighted in its description.

    GoJWT AuthenticationOIDC Authentication Plugins
    View on GitHub↗7,558
  • apache/shenyuA

    apache/shenyu

    8,794View on GitHub↗

    Shenyu is a microservices API gateway designed to route external traffic to backend services using dynamic rules and protocol conversion. It functions as a central entry point that manages traffic flow through a combination of an API traffic governor, a distributed configuration manager, and a security layer for protecting endpoints. The project features a dynamic plugin architecture that allows for the injection of custom request processing logic without restarting the server. It utilizes a distributed coordination service to synchronize routing and policy updates across a gateway cluster in

    Shenyu is an API gateway with a security layer and plugin-based extensibility for traffic management and access control, which fits the intended category of an API security/gateway platform, though its coverage of explicit WAF, threat detection, and advanced authentication features is not strongly highlighted in the description.

    JavaAPI GatewayMicroservice Traffic ManagementAPI Access Security
    View on GitHub↗8,794
  • wso2/product-apimwso2 avatar

    wso2/product-apim

    989View on GitHub↗

    WSO2 API Manager is a complete platform for building, integrating, and exposing your digital services as managed APIs in the cloud, on-premise, and hybrid architectures to drive your digital transformation strategy.

    WSO2 API Manager is a comprehensive API management platform that includes a gateway with security features like OAuth2, rate limiting, and analytics, fitting the need for an API security and gateway tool.

    JavaAPI GatewaysAPI Management
    View on GitHub↗989
  • chaitin/safelinechaitin avatar

    chaitin/SafeLine

    21,527View on GitHub↗

    SafeLine is a containerized web application firewall and reverse proxy designed to secure web services by inspecting incoming HTTP traffic. It acts as a security gateway that sits in front of backend infrastructure to filter malicious requests and enforce access policies before they reach the application server. The platform distinguishes itself through advanced bot mitigation and content protection capabilities. It employs challenge-response mechanisms to verify human users and dynamically obfuscates HTML and JavaScript content to prevent unauthorized scraping and code tampering. These featu

    SafeLine is a containerized web application firewall and reverse proxy that secures HTTP traffic with rate limiting, bot mitigation, and threat detection, fitting the API security gateway role despite not explicitly offering OAuth2 or schema validation.

    GoWeb Application FirewallsBot BlockingReverse Proxies
    View on GitHub↗21,527

Related searches

  • an open source platform for API management
  • a service mesh for microservice traffic
  • an automated security scanner for web applications
  • a mobile app security scanner
  • a toolkit for detecting prompt injection attacks
  • a platform for building native integrations
  • a vulnerable web application for security training
  • a learning path into security engineering