The GitOps-Driven API Gateway for Any Infrastructure

Traefik API Gateway runs identically across VMs and containers from a single control plane on any orchestrator, including AKS, EC2, ECS, RKE2, K3s, SUSE Virtualization, NKP, and Nutanix AHV. It’s a seamless upgrade from Traefik Proxy and every route and policy is defined as code.

Free trial

TRAEFIK LABS IS TRUSTED BY LEADING ENTERPRISES WORLDWIDE

Nasa
Ameri save
Port of rotterdam
Siemens
Allison
Adeo
Big basket
Mozilla
Staples
Ebay
Expedia
Vaudoise
Abax
Axione
Dell
Experian
Teradata
Ippen digital
Nasa
Ameri save
Port of rotterdam
Siemens
Allison
Adeo
Big basket
Mozilla
Staples
Ebay
Expedia
Vaudoise
Abax
Axione
Dell
Experian
Teradata
Ippen digital
3.5 billion plus downloadsTop 15 in Docker hub50K stars on githubOss insight #1 api gateway 2019-presentGartner magic quadrant honorable mention 2023 api managementGartner magic quadrant honorable mention 2024 api managementGartner magic quadrant honorable mention 2025 api management
G2 4.5 stars
Best est. ROI, Summer 2026Best usability, Summer 2026Users most likely to recommend, Summer 2026Momentum leader, Summer 2026Most implementable, Summer 2026High performer EMEA, Summer 2026Highest user adoption, Summer 2026Best results, Summer 2026Fastest implementation, Summer 2026

Why Choose Traefik API Gateway?

Organizations choose Traefik for many reasons (3.5 billion downloads and counting). Here are six of the most common reasons:

Replace Ingress NGINX, WAF Included

Traefik supports over 90% of ingress-nginx annotations used in production and includes native ModSecurity WAF built in, so teams migrate without configuration changes and block SQLi, XSS, and OWASP Top 10 threats from day one.

Migrate from VMware to a Modern Hypervisor

Traefik works across Nutanix AHV, SUSE Virtualization, and other modern hypervisors, providing Layer 7 routing, security, and policy enforcement without assembling separate tools.

Run VMs, Containers, & AI in a Hybrid Environment

Most teams run VMs, containers, & AI across separate stacks. Traefik unifies routing & governance across all three from a single control plane, standardizing routing, auth, & observability without replacing the underlying infrastructure.

Security & Compliance in Regulated Industries

Traefik supports OIDC, JWT, OAuth 2.0, LDAP, WAF, distributed rate limiting, & distributed TLS with FIPS validated cryptography—fully self-hosted, air-gap ready, & suitable for FedRAMP, PCI DSS, & GDPR environments.

Run AI & APIs Across Multiple Orchestrators

Most API gateways require separate policies for each orchestrator. Traefik natively integrates with AKS, EC2, ECS, RKE2, K3s, NKP, & other distributions, enabling organizations to use the same configurations across the board.

Infrastructure as Code

Traefik is fully declarative by design. Every route, policy, & middleware is defined in code, stored in Git, & applied automatically through ArgoCD, FluxCD, or standard CI/CD pipelines. No UI configuration required.

Upgrade from Traefik Proxy in Seconds

Traefik Hub API Gateway is built on top of Traefik Proxy. In literally seconds, you can add enterprise-grade API Gateway capabilities to your existing deployments.

No reconfiguration. No learning curve. All awesome.

Video preview

Compare Traefik Proxy with Traefik API Gateway

Capability
Traefik ProxyTraefik API Gateway
Ingress Controller + Reverse Proxy + Load balancer
Default Ingress in IBM IKS, Nutanix NKP, SUSE Rancher RKE2, K3s
Services Auto-Discovery
HTTP/2/3, TCP, UDP, gRPC, Websockets
Lightweight & Cloud-Native
Real-time Metrics & Distributed Tracing
Public Plugins with Rich Catalog
Ingress-View Dashboard
Canary Deployments
Supports Docker Swarm, Hashicorp Nomad, Azure Service Fabric, K8s Distros, Virtual Machines, & Bare Metal
OpenTelemetry Metrics, Traces, & Logs
Graceful Configuration Reload
Advanced Security & Access Control: LDAP, JWT, API Key, HMAC, OAuth, OIDC, Open Policy Agent
Native Web Application Firewall (WAF)
FIPS 140-2 Compliance (Linux & Windows), 140-3 ready
Distributed Let's Encrypt
Distributed Rate Limiting
HTTP Caching
Multi-Cluster Management
Traefik Elastic AWS Provider
Nutanix Prism Central Provider
HashiCorp Vault Integration
Request-Response Debugger
Add-On
AI Gateway
Add-On
MCP Gateway
Add-On

See Our API Gateway in Action

In This Short Video Demonstration

Watch Demo Video

Benefits for DevOps and Platform Teams

Reduce Complexity and Increase Extensibility

Traefik Hub API Gateway centralizes access control and traffic management to simplify teams' workflows while making it easy to add advanced capabilities (rate limiting, distributed Let's Encrypt, etc.) through turnkey middlewares, custom plugins, and third-party integrations.

  • Access Control: OIDC, LDAP, JWT, HMAC & OAuth2
  • Protocols: HTTP, HTTP/2, TCP, UDP, Websockets, gRPC
  • Distributed Let's Encrypt
  • HashiCorp Vault integration
  • Middlewares (circuit breakers, retries, buffering, etc.)
  • Go- and Wasm-based plugin catalog & custom plugin support (No Lua)
middlewares

Boost Productivity with Cloud Native Automation

Dynamic configuration, automated service discovery and routing, flexible rate limiting, and high availability features enable application teams to deploy quickly with zero downtime and ensure peak performance and availability.

  • Dynamic configuration & service discovery
  • Traffic mirroring
  • Blue / Green & Canary deployments
  • Active health checks
  • Distributed rate limiting
  • High availability & disaster recovery
Dynamic configuration

Adapt to Your Evolving Infrastructure

Because Traefik Hub API Gateway is compatible with any environment—whether cloud, legacy, or hybrid—DevOps and Platform teams can adopt new technologies and services quickly.

  • Centralized control & data planes
  • Automatic configuration & route syncing
  • Infrastructure & orchestrator agnostic
  • Hybrid cloud, multi-cloud, & on-prem compatible
  • Progressive migration & deployment
DevOps and Platform teams

Ensure Consistency, Repeatability, and Scalability

By automating tedious manual configurations and keeping your ecosystem up-to-date with your GitOps repository, Traefik Hub API Gateway saves teams time, increases consistency, and allows them to be more productive.

  • Automated service discovery & configuration
  • Dynamic routing to correct endpoints
  • Distributed rate limiting
  • Circuit breaker protection
  • IP whitelisting & blacklisting
  • Automatic application of Git configuration changes
  • Auditable record of changes over time
manual configurations

Protect Your SLAs and SLOs

Clearly understand the flow of traffic, service dependencies, and where to prioritize team efforts to troubleshoot issues and protect your SLAs and SLOs.

  • Cluster-wide dashboard
  • Proxy health checks
  • Distributed tracing (Jaeger, Open Tracing, Zipkin)
  • Support for OpenTelemetry monitoring (Datadog, Grafana, InfluxDB, Prometheus, StatsD)
  • Embedded caches
  • Developer portal with OpenAPI (Swagger) support
traefik cluster

Get Help When You Need It

While Traefik is built to ensure uptime, our team of experts is here for you 24/7/365. Additionally, we provide extensive resources to help beginners and experts master Traefik in all use cases.

  • 24/7/365 Global Support
  • Onboarding
  • Documentation
  • Community
  • Traefik Academy

Frequently Asked Questions

Traefik Hub API Gateway is an enterprise-grade API gateway built on top of Traefik Proxy, the world's most downloaded cloud-native proxy, with 3.5 billion downloads and counting. It adds centralized access control, distributed security, AI Gateway, MCP Gateway, native WAF, and premium integrations, all in a fully declarative, GitOps-driven platform. It is the only API gateway that is both fully declarative and cloud-native from inception.

Ready to Get Started?