Lua Perl Perl 6 Shell Makefile Liquid Ruby
Clone or download
davidor Merge pull request #837 from 3scale/document-oidc-log-level
Latest commit 7147864 Aug 14, 2018
Failed to load latest commit information.
.circleci [circleci] temporarily disable jobs that are not used Aug 6, 2018
.github [github] change owner to core team Jun 7, 2018
benchmark [test] lua port of benchmark-ips May 30, 2018
bin [busted] cache ffi cdef Jul 4, 2018
doc document APICAST_OIDC_LOG_LEVEL env var Aug 9, 2018
examples [example] update add-ssl example Jun 26, 2018
fixtures Add limits exceeded error in example config files Oct 12, 2017
gateway change the checkin function Aug 13, 2018
openshift Set LOG_LEVEL param to required Jul 23, 2018
script [s2i] do not include lua_modules when not running on CI Jun 28, 2018
spec change the checkin function Aug 13, 2018
t [resty.http] implement http proxy support Aug 6, 2018
travis [travis] build with latest openresty May 3, 2017
.busted [ci] print busted tests in the log as well as junit May 31, 2018
.codeclimate.yml [codeclimate] luacheck was released to the stable channel Jun 28, 2018
.codecov.yml codecov.yml: ignore files that codecov picks from outside gateway/src May 30, 2018
.dockerignore [make] improve development environment Jun 11, 2018
.env [proxy] introduce second cache handler Aug 4, 2017
.gitattributes [git] allow merge=union on the changelog file Mar 14, 2017
.gitignore [git] ignore tmp directory Jun 20, 2018
.lgtm [lgtm] configure lgtm approvals Sep 5, 2016
.luacheckrc Merge remote-tracking branch 'origin/master' into semaphores Oct 5, 2017
.luacov run luacov Aug 21, 2016
.mailmap .mailmap: map authors to their names/addresses Nov 22, 2016
.travis.yml [travis] don't build builder image on travis May 31, 2018
3scale-gateway-openshift-template.yml rename to APIcast Oct 3, 2016
3scale-portal-endpoint-secret.yml rename to APIcast Oct 3, 2016
Brewfile [brew] link installed dependencies so they are available as commands Jun 6, 2018 CHANGELOG: add fix for empty redis_url in rate-limit policy Aug 13, 2018
Dangerfile [danger] require changelog only when merging to master May 9, 2017
LICENSE Change license file to have contents of Apache2.0 license Nov 25, 2016
Makefile [circleci] install native apicast for profiling Jun 28, 2018
NOTICE Add NOTICE Nov 25, 2016 [readme] simplyfy macOS install instructions Jun 6, 2018
Vagrantfile [circleci] install native apicast for profiling Jun 28, 2018
docker-compose-devel.yml [make] improve development environment Jun 11, 2018
docker-compose.benchmark.yml [benchmark] more stable benchmark output Jun 28, 2018
docker-compose.yml [compose] provide jaeger all-in-one to try opentracing Apr 27, 2018
luarocks.config use resty-cli as lua interpreter Oct 12, 2017
openresty.repo Install openresty using the official RPM's Sep 2, 2016
package.json use yarn to install npm dependencies Mar 20, 2017
rockspec circleci Jul 3, 2017
schema.json minimal json schema specification for the config Sep 12, 2016
yarn.lock use yarn to install npm dependencies Mar 20, 2017


CircleCI Docker Repository on Quay codecov

APIcast is an NGINX based API gateway used to integrate your internal and external API services with 3scale’s API Management Platform.

To learn more about deployment options, environments provided, and how to get started, go to the APIcast overview.

master branch is not stable and not recommended for production use. For the latest release, go to Releases page.


This Dockerfile creates a 3scale gateway, and configures itself according to your 3scale params.


To run APIcast on OpenShift, just use template and create a Secret to point to your 3scale Admin Portal.

oc secret new-basicauth apicast-configuration-url-secret --password=
oc new-app -f


You can download a ready to use Docker image from our repository:

docker pull

The 3scale gateway image requires one of two environment variables. The first option will pull the latest gateway configuration from the 3scale API Manager. The second points to a local configuration file which has already been downloaded from 3scale:


URI that includes your password and portal endpoint in following format: schema://access-token@domain. The password can be either the provider key or an access token for the 3scale Account Management API. Note: these should not be confused with service tokens Example: (where the host name is the same as the domain for the URL when you are logged into the admin portal from a browser.

When THREESCALE_PORTAL_ENDPOINT environment variable is provided, the gateway will download the configuration from the 3scale on initializing. The configuration includes all the settings provided on the Integration page of the API(s).

docker run --name apicast --rm -p 8080:8080 -e THREESCALE_PORTAL_ENDPOINT=

Path to saved JSON file with configuration for the gateway. The configuration can be downloaded from the 3scale admin portal using the URL (replace ACCOUNT with your 3scale account name). The file has to be injected to the docker image as read only volume, and the path should indicate where the volume is mounted, i.e. path local to the docker container.

docker run --name apicast --rm -p 8080:8080 -v $(pwd)/config.json:/opt/app/config.json:ro -e THREESCALE_CONFIG_FILE=/opt/app/config.json

In this example config.json is located in the same directory where the docker command is executed, and it is mounted as a volume at /opt/app/config.json. :ro indicates that the volume will be read-only.

The JSON file needs to follow the schema, see an example file with the fields that are used by the gateway.

In some 3scale plans it is possible to create multiple API services (see an example of the configuration file). The optional APICAST_SERVICES environment variable allows filtering the list of services, so that the gateway only includes the services explicitly specified, the value of the variable should be a comma-separated list of service IDs. This setting is useful when you have many services configured on 3scale, but you want to expose just a subset of them in the gateway.

docker run --name apicast --rm -p 8080:8080 -e THREESCALE_PORTAL_ENDPOINT= -e APICAST_SERVICES=1234567890987

Docker options

Here are some useful options that can be used with docker run command:

  • --rm Automatically remove the container when it exits

  • -d or --detach Run container in background and print container ID. When it is not specified, the container runs in foreground mode, and you can stop it by CTRL + c. When started in detached mode, you can reattach to the container with the docker attach command, for example, docker attach apicast.

  • -p or --publish Publish a container's port to the host. The value should have the format <host port>:<container port>, so -p 80:8080 will bind port 8080 of the container to port 80 of the host machine.

For example, the Management API uses port 8090, so you may want to publish this port by adding -p 8090:8090 to the docker run command.

  • -e or --env Set environment variables
  • -v or --volume Mount a volume. The value is typically represented as <host path>:<container path>[:<options>]. <options> is an optional attribute, it can be set to :ro to specify that the volume will be read only (it is mounted in read-write mode by default). Example: -v /host/path:/container/path:ro.

See the Docker commands reference for more information on available options.

Auto updating

The gateway is able of checking the configuration from time to time and self update, you can enable this by adjusting the APICAST_CONFIGURATION_CACHE (seconds) to some value greater than 60:


This variable is set to 0 by default.


Signals are the same as normal NGINX.

Use docker kill -s $SIGNAL CONTAINER to send them, where CONTAINER is the container ID or name.

Development & Testing

Tools and dependencies

For developing and testing APIcast the following tools are needed:

 make dependencies
  • busted - unit testing framework, used for unit testing.
 luarocks install busted
 cpan install Carton
 cpan install Test::Nginx
  • redis in-memory data store is used for caching. The tests for the OAuth flow require a redis instance running on localhost.

  • Docker and s2i

Having dependency errors? Majority of the time the below will resolve it:

 rm -rf lua_modules
 make dependencies

There are tests that run in Docker container, to execute these Docker needs to be installed, and to build the images Source-To-Image is used. To install it, download it from the releases page, and put the extracted s2i executable on your PATH.

Running the tests

To run all the tests at once, execute:

make test

To run just the unit tests:

make busted

To run just the integration tests:

make prove

To see additional test targets (such as testing produced Docker images) use:

make help

Development using Docker

This option requires a single step:

make development

That will create a Docker container and run bash inside it. This command will take care of installing all dependencies.

The project's source code will be available in the container and sync'ed with your local apicast directory, so you can edit files in your preferred environment and still be able to run whatever you need inside the Docker container.

To run the tests inside the container, just run:



For details on how to contribute to this repo see CONTRIBUTING


To build a release run:

make runtime-image IMAGE_NAME=apicast:release-name

Test the release:

make test-runtime-image IMAGE_NAME=apicast:release-name

Push the release to the registry (optional REGISTRY value, defaults to

make push IMAGE_NAME=apicast:release-name