openapi: 3.1.0 info: title: RapidAPI Gateway API description: >- The RapidAPI Gateway provides enterprise-grade API gateway capabilities for managing API traffic, security, and routing. It enables organizations to configure custom gateways that handle authentication, rate limiting, and request routing for their APIs. The gateway supports multiple deployment models and can be configured to work with existing infrastructure, providing a centralized point of control for all API traffic flowing through the RapidAPI platform. The Rapid Runtime proxies requests between consumers and providers, adding authentication verification, usage tracking, and billing data collection. version: '1.0' contact: name: RapidAPI Support url: https://docs.rapidapi.com termsOfService: https://rapidapi.com/terms externalDocs: description: RapidAPI Gateway Configuration Documentation url: https://docs.rapidapi.com/docs/gateway-configuration servers: - url: https://gateway.rapidapi.com/v1 description: Production Server tags: - name: Analytics description: >- Endpoints for retrieving gateway traffic analytics, including request counts, response times, error rates, and usage patterns. - name: Authentication description: >- Endpoints for configuring authentication schemes on gateways, including OAuth2, API key, header-based, and basic authentication. - name: Gateways description: >- Endpoints for managing gateway instances, including creating, configuring, and monitoring custom API gateways. - name: Rate Limiting description: >- Endpoints for configuring rate limiting policies to protect APIs from overuse, including request limits, quota management, and request size limits. - name: Routes description: >- Endpoints for configuring request routing rules that determine how incoming API requests are forwarded to backend services. - name: Security description: >- Endpoints for configuring security policies such as IP allow and deny lists, CORS settings, and proxy secret validation. security: - rapidApiKey: [] paths: /gateways: get: operationId: listGateways summary: List gateways description: >- Retrieves all gateway instances configured for the organization, including their status, deployment model, and associated APIs. tags: - Gateways responses: '200': description: A list of gateways content: application/json: schema: type: object properties: gateways: type: array items: $ref: '#/components/schemas/Gateway' '401': description: Unauthorized - invalid or missing API key post: operationId: createGateway summary: Create a gateway description: >- Creates a new gateway instance with the specified deployment model and configuration. The gateway will begin routing traffic once activated. tags: - Gateways requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/GatewayInput' responses: '201': description: Gateway created successfully content: application/json: schema: $ref: '#/components/schemas/Gateway' '400': description: Bad request - invalid gateway configuration '401': description: Unauthorized - invalid or missing API key /gateways/{gatewayId}: get: operationId: getGateway summary: Get a gateway description: >- Retrieves the detailed configuration and status of a specific gateway instance. tags: - Gateways parameters: - $ref: '#/components/parameters/gatewayId' responses: '200': description: Gateway details content: application/json: schema: $ref: '#/components/schemas/Gateway' '401': description: Unauthorized - invalid or missing API key '404': description: Gateway not found put: operationId: updateGateway summary: Update a gateway description: >- Updates the configuration of an existing gateway instance, including its name, deployment model, and associated settings. tags: - Gateways parameters: - $ref: '#/components/parameters/gatewayId' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/GatewayInput' responses: '200': description: Gateway updated successfully content: application/json: schema: $ref: '#/components/schemas/Gateway' '400': description: Bad request - invalid gateway configuration '401': description: Unauthorized - invalid or missing API key '404': description: Gateway not found delete: operationId: deleteGateway summary: Delete a gateway description: >- Deletes a gateway instance and all associated routing and policy configurations. tags: - Gateways parameters: - $ref: '#/components/parameters/gatewayId' responses: '204': description: Gateway deleted successfully '401': description: Unauthorized - invalid or missing API key '404': description: Gateway not found /gateways/{gatewayId}/routes: get: operationId: listRoutes summary: List routes description: >- Retrieves all routing rules configured for a gateway, including path patterns, target backends, and transformation rules. tags: - Routes parameters: - $ref: '#/components/parameters/gatewayId' responses: '200': description: A list of routes content: application/json: schema: type: object properties: routes: type: array items: $ref: '#/components/schemas/Route' '401': description: Unauthorized - invalid or missing API key '404': description: Gateway not found post: operationId: createRoute summary: Create a route description: >- Creates a new routing rule for the gateway, specifying how incoming requests matching a path pattern are forwarded to a backend service. tags: - Routes parameters: - $ref: '#/components/parameters/gatewayId' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/RouteInput' responses: '201': description: Route created successfully content: application/json: schema: $ref: '#/components/schemas/Route' '400': description: Bad request - invalid route configuration '401': description: Unauthorized - invalid or missing API key '404': description: Gateway not found /gateways/{gatewayId}/routes/{routeId}: put: operationId: updateRoute summary: Update a route description: >- Updates an existing routing rule's path pattern, backend target, or transformation settings. tags: - Routes parameters: - $ref: '#/components/parameters/gatewayId' - $ref: '#/components/parameters/routeId' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/RouteInput' responses: '200': description: Route updated successfully content: application/json: schema: $ref: '#/components/schemas/Route' '400': description: Bad request - invalid route configuration '401': description: Unauthorized - invalid or missing API key '404': description: Route not found delete: operationId: deleteRoute summary: Delete a route description: >- Deletes a routing rule from the gateway. Requests matching this route will no longer be forwarded. tags: - Routes parameters: - $ref: '#/components/parameters/gatewayId' - $ref: '#/components/parameters/routeId' responses: '204': description: Route deleted successfully '401': description: Unauthorized - invalid or missing API key '404': description: Route not found /gateways/{gatewayId}/authentication: get: operationId: getAuthenticationConfig summary: Get authentication configuration description: >- Retrieves the authentication configuration for a gateway, including the authentication scheme, required headers, and OAuth2 settings. tags: - Authentication parameters: - $ref: '#/components/parameters/gatewayId' responses: '200': description: Authentication configuration content: application/json: schema: $ref: '#/components/schemas/AuthenticationConfig' '401': description: Unauthorized - invalid or missing API key '404': description: Gateway not found put: operationId: updateAuthenticationConfig summary: Update authentication configuration description: >- Updates the authentication configuration for a gateway. Supports RapidAPI default auth, OAuth2, header-based, query parameter, and basic authentication schemes. Multiple authentication layers can be configured. tags: - Authentication parameters: - $ref: '#/components/parameters/gatewayId' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AuthenticationConfigInput' responses: '200': description: Authentication configuration updated content: application/json: schema: $ref: '#/components/schemas/AuthenticationConfig' '400': description: Bad request - invalid authentication configuration '401': description: Unauthorized - invalid or missing API key '404': description: Gateway not found /gateways/{gatewayId}/rate-limiting: get: operationId: getRateLimitConfig summary: Get rate limiting configuration description: >- Retrieves the rate limiting policies configured for a gateway, including request limits, quota settings, and request size limits. tags: - Rate Limiting parameters: - $ref: '#/components/parameters/gatewayId' responses: '200': description: Rate limiting configuration content: application/json: schema: $ref: '#/components/schemas/RateLimitConfig' '401': description: Unauthorized - invalid or missing API key '404': description: Gateway not found put: operationId: updateRateLimitConfig summary: Update rate limiting configuration description: >- Updates the rate limiting policies for a gateway, including per-user request limits, global quotas, and maximum request size constraints. tags: - Rate Limiting parameters: - $ref: '#/components/parameters/gatewayId' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/RateLimitConfigInput' responses: '200': description: Rate limiting configuration updated content: application/json: schema: $ref: '#/components/schemas/RateLimitConfig' '400': description: Bad request - invalid rate limit configuration '401': description: Unauthorized - invalid or missing API key '404': description: Gateway not found /gateways/{gatewayId}/security: get: operationId: getSecurityConfig summary: Get security configuration description: >- Retrieves the security policies configured for a gateway, including IP allow and deny lists, CORS settings, and proxy secret validation. tags: - Security parameters: - $ref: '#/components/parameters/gatewayId' responses: '200': description: Security configuration content: application/json: schema: $ref: '#/components/schemas/SecurityConfig' '401': description: Unauthorized - invalid or missing API key '404': description: Gateway not found put: operationId: updateSecurityConfig summary: Update security configuration description: >- Updates the security policies for a gateway, including IP filtering, CORS, and request validation settings. tags: - Security parameters: - $ref: '#/components/parameters/gatewayId' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SecurityConfigInput' responses: '200': description: Security configuration updated content: application/json: schema: $ref: '#/components/schemas/SecurityConfig' '400': description: Bad request - invalid security configuration '401': description: Unauthorized - invalid or missing API key '404': description: Gateway not found /gateways/{gatewayId}/analytics: get: operationId: getGatewayAnalytics summary: Get gateway analytics description: >- Retrieves traffic analytics for a gateway over a specified time period, including request counts, response times, error rates, and top endpoints by usage. tags: - Analytics parameters: - $ref: '#/components/parameters/gatewayId' - name: startDate in: query required: true description: Start date for the analytics period schema: type: string format: date - name: endDate in: query required: true description: End date for the analytics period schema: type: string format: date - name: granularity in: query required: false description: Time granularity for the analytics data schema: type: string enum: - hour - day - week - month default: day responses: '200': description: Gateway analytics data content: application/json: schema: $ref: '#/components/schemas/GatewayAnalytics' '400': description: Bad request - invalid date range or parameters '401': description: Unauthorized - invalid or missing API key '404': description: Gateway not found components: securitySchemes: rapidApiKey: type: apiKey name: X-RapidAPI-Key in: header description: >- RapidAPI key used for authenticating requests to the Gateway API. parameters: gatewayId: name: gatewayId in: path required: true description: The unique identifier of the gateway schema: type: string routeId: name: routeId in: path required: true description: The unique identifier of the route schema: type: string schemas: Gateway: type: object properties: id: type: string description: Unique identifier for the gateway name: type: string description: Gateway display name description: type: string description: Description of the gateway's purpose deploymentModel: type: string enum: - cloud - on-premise - hybrid description: How the gateway is deployed status: type: string enum: - active - inactive - provisioning description: Current gateway status baseUrl: type: string format: uri description: The base URL for the gateway proxySecret: type: string description: >- Unique proxy secret added as X-RapidAPI-Proxy-Secret header to verify requests originate from the Rapid Runtime createdAt: type: string format: date-time description: Timestamp when the gateway was created updatedAt: type: string format: date-time description: Timestamp when the gateway was last updated GatewayInput: type: object required: - name properties: name: type: string description: Gateway display name description: type: string description: Description of the gateway's purpose deploymentModel: type: string enum: - cloud - on-premise - hybrid description: How the gateway should be deployed baseUrl: type: string format: uri description: The base URL for the gateway Route: type: object properties: id: type: string description: Unique identifier for the route gatewayId: type: string description: The gateway this route belongs to pathPattern: type: string description: URL path pattern to match incoming requests targetUrl: type: string format: uri description: Backend service URL to forward matching requests to methods: type: array items: type: string enum: - GET - POST - PUT - PATCH - DELETE description: HTTP methods this route handles stripPrefix: type: boolean description: Whether to strip the matched path prefix before forwarding priority: type: integer description: Route priority for matching order enabled: type: boolean description: Whether this route is currently active RouteInput: type: object required: - pathPattern - targetUrl properties: pathPattern: type: string description: URL path pattern to match incoming requests targetUrl: type: string format: uri description: Backend service URL to forward matching requests to methods: type: array items: type: string enum: - GET - POST - PUT - PATCH - DELETE description: HTTP methods this route handles stripPrefix: type: boolean default: false description: Whether to strip the matched path prefix before forwarding priority: type: integer default: 0 description: Route priority for matching order enabled: type: boolean default: true description: Whether this route should be active AuthenticationConfig: type: object properties: gatewayId: type: string description: The gateway this configuration belongs to scheme: type: string enum: - rapidapi_default - oauth2 - header - query - basic description: The primary authentication scheme requireRapidApiKey: type: boolean description: >- Whether the X-RapidAPI-Key header is required for all requests oauth2Config: type: object properties: authorizationUrl: type: string format: uri description: OAuth2 authorization endpoint tokenUrl: type: string format: uri description: OAuth2 token endpoint scopes: type: array items: type: string description: Available OAuth2 scopes description: OAuth2 configuration when scheme is oauth2 headerConfig: type: object properties: headerName: type: string description: Custom header name for authentication description: Header authentication configuration AuthenticationConfigInput: type: object required: - scheme properties: scheme: type: string enum: - rapidapi_default - oauth2 - header - query - basic description: The primary authentication scheme requireRapidApiKey: type: boolean default: true description: Whether the X-RapidAPI-Key header is required oauth2Config: type: object properties: authorizationUrl: type: string format: uri description: OAuth2 authorization endpoint tokenUrl: type: string format: uri description: OAuth2 token endpoint scopes: type: array items: type: string description: Available OAuth2 scopes description: OAuth2 configuration headerConfig: type: object properties: headerName: type: string description: Custom header name for authentication description: Header authentication configuration RateLimitConfig: type: object properties: gatewayId: type: string description: The gateway this configuration belongs to requestsPerSecond: type: integer description: Maximum requests per second per consumer requestsPerMinute: type: integer description: Maximum requests per minute per consumer requestsPerDay: type: integer description: Maximum requests per day per consumer maxRequestSizeBytes: type: integer description: Maximum request body size in bytes burstLimit: type: integer description: Maximum burst of requests allowed RateLimitConfigInput: type: object properties: requestsPerSecond: type: integer minimum: 1 description: Maximum requests per second per consumer requestsPerMinute: type: integer minimum: 1 description: Maximum requests per minute per consumer requestsPerDay: type: integer minimum: 1 description: Maximum requests per day per consumer maxRequestSizeBytes: type: integer minimum: 1024 description: Maximum request body size in bytes burstLimit: type: integer minimum: 1 description: Maximum burst of requests allowed SecurityConfig: type: object properties: gatewayId: type: string description: The gateway this configuration belongs to ipAllowList: type: array items: type: string description: List of allowed IP addresses or CIDR ranges ipDenyList: type: array items: type: string description: List of denied IP addresses or CIDR ranges corsEnabled: type: boolean description: Whether CORS is enabled corsConfig: type: object properties: allowedOrigins: type: array items: type: string description: Allowed CORS origins allowedMethods: type: array items: type: string description: Allowed HTTP methods for CORS allowedHeaders: type: array items: type: string description: Allowed request headers for CORS maxAge: type: integer description: CORS preflight cache duration in seconds description: CORS configuration details validateProxySecret: type: boolean description: >- Whether to validate the X-RapidAPI-Proxy-Secret header on incoming requests SecurityConfigInput: type: object properties: ipAllowList: type: array items: type: string description: List of allowed IP addresses or CIDR ranges ipDenyList: type: array items: type: string description: List of denied IP addresses or CIDR ranges corsEnabled: type: boolean description: Whether to enable CORS corsConfig: type: object properties: allowedOrigins: type: array items: type: string description: Allowed CORS origins allowedMethods: type: array items: type: string description: Allowed HTTP methods allowedHeaders: type: array items: type: string description: Allowed request headers maxAge: type: integer description: CORS preflight cache duration in seconds description: CORS configuration validateProxySecret: type: boolean default: true description: Whether to validate the proxy secret header GatewayAnalytics: type: object properties: gatewayId: type: string description: The gateway the analytics are for period: type: object properties: startDate: type: string format: date description: Start of the analytics period endDate: type: string format: date description: End of the analytics period description: The time period for the analytics totalRequests: type: integer description: Total number of requests in the period totalErrors: type: integer description: Total number of error responses averageResponseTime: type: number format: double description: Average response time in milliseconds dataPoints: type: array items: type: object properties: timestamp: type: string format: date-time description: The time bucket for this data point requests: type: integer description: Number of requests in this time bucket errors: type: integer description: Number of errors in this time bucket averageResponseTime: type: number format: double description: Average response time in milliseconds description: Time-series analytics data points topEndpoints: type: array items: type: object properties: path: type: string description: Endpoint path requestCount: type: integer description: Number of requests to this endpoint averageResponseTime: type: number format: double description: Average response time for this endpoint description: Top endpoints by request volume