Skip to main content

The Cloud Native API & AI Gateway for Modern Architectures

Otoroshi is a lightweight, high-performance reverse proxy and API gateway with dynamic hot configuration, enterprise security, and deep observability β€” built for teams who need control without complexity.

Get StartedRead the DocsGitHub
docker run -p "8080:8080" maif/otoroshi
GitHub stars
Otoroshi
200+
Built-in Plugins
15+
Event Exporters
10+
Auth Protocols
50+
LLM Providers supported

Everything You Need for API Management

A single binary that replaces your API gateway, reverse proxy, and service mesh β€” with zero external dependencies.

⚑

Blazing Fast Reverse Proxy

Handle tens of thousands of concurrent routes with a high-performance engine supporting HTTP/1.1, HTTP/2, HTTP/3 (QUIC), WebSocket, gRPC, and GraphQL.

πŸ›‘οΈ

Enterprise-Grade Security

Built-in mTLS, API keys with quotas, JWT token validation, Eclipse Biscuit validation*, OAuth2/OIDC, LDAP, SAML, WASM-based auth, powerful WAF* (using OWASP CoreRuleSet), and fine-grained RBAC.

🧩

200+ Built-in Plugins

Circuit breakers, rate limiting, CORS, body transformation, caching, compression, traffic mirroring, and much more β€” all configurable at runtime.

πŸ€–

AI Gateway*

Turn Otoroshi into a full-featured AI Gateway*. Connect 50+ LLM providers through a unified OpenAI-compatible API with load balancing, fallback, guardrails, prompt engineering, semantic caching, cost tracking, and MCP (Model Context Protocol) support.

πŸ”„

Dynamic Hot Configuration

Change any configuration at runtime without restarts or reloads. Every setting is instantly propagated across your cluster.

πŸ”

Full-Featured PKI

Internal certificate authority with ACME/Let's Encrypt, OCSP, on-the-fly certificate generation, and JWKS exposition.

☸️

Kubernetes Native

Ingress controller, CRD support, Gateway API, admission webhooks, sidecar injection, and bidirectional TLS sync.

πŸ“Š

Powerful Observability

Export events to Elasticsearch, Kafka, Datadog, Prometheus, OpenTelemetry, and 15+ other backends. Real-time metrics and analytics.

πŸ”Œ

Truely Extensible

Write custom plugins in Scala or any language compiled to WebAssembly. Extend auth, transformations, and traffic policies with full flexibility.

πŸ”€

No-Code Workflows

Build automation pipelines and no-code plugins with a visual workflow editor. Chain HTTP calls, transformations, and logic without writing a single line of code.

πŸš€

GitOps Ready

Remote Catalogs with reconciliation from GitHub, GitLab, Bitbucket, S3, and more. Declarative config with webhook-triggered deployments.

AI capabilities

AI Gateway built-in*

Connect, secure and control 50+ LLM providers with a unified API*.

  • Multi-modal
  • Guardrails
  • Cost tracking & Bugets management
  • MCP support
  • Observability

Why Otoroshi?

What makes Otoroshi different from other API gateways. Unlike traditional API gateways, Otoroshi is a runtime programmable gateway that lets you execute logic directly on traffic.

Single Binary

No external database required. Run with in-memory storage, Redis, PostgreSQL, Cassandra, S3, or HTTP β€” your choice.

True Hot Reload

Unlike Nginx or HAProxy, every configuration change is instant. No process restarts, no dropped connections.

Admin UI Included

A beautiful, full-featured admin dashboard out of the box. No separate tooling or complex CLI workflows needed.

Developer Friendly

Complete REST API, expression language, WASM plugins in any language, visual workflow editor, and comprehensive documentation.

Traditional gatewaysOtoroshi
Configure APIsProgram your gateway
Static policiesDynamic runtime logic
API-onlyHTTP + API + AI + workflows
Reload to changeChange instantly
Limited extensibilityUnlimited (WASM + Workflows + plugins)
Vendor lock-inOpen & sovereign
Manage endpointsControl flows

Built for Real-World Use Cases

From startups to enterprises, Otoroshi adapts to your architecture.

🌐

API Control Plane

Centralize API traffic management with authentication, rate limiting, and monitoring.

πŸ•ΈοΈ

Traffic Orchestration

Manage inter-service communication with mTLS, circuit breakers, and retry policies.

☁️

Multi-Cloud Proxy

Route traffic across cloud providers with relay routing and network tunnels.

πŸ‘©β€πŸ’»

Developer Portal

Combine with Daikoku for a complete API marketplace with self-service onboarding.

πŸ€–

AI Gateway*

Secure and manage LLM access with guardrails, cost controls, MCP integration, and a unified API for 50+ providers*.

Up and Running in Seconds

One command. That's all it takes.

Using Docker

docker run -p "8080:8080" maif/otoroshi

Using Java

curl -L -o otoroshi.jar \
  'https://github.com/MAIF/otoroshi/releases/latest/download/otoroshi.jar'
java -jar otoroshi.jar
View all installation options

Open Source & Sovereign by Design

Otoroshi is built from the ground up as an open source project. Your infrastructure, your rules β€” no strings attached.

πŸ”“

No Vendor Lock-in

Apache 2.0 licensed, community-driven. Switch, fork, or extend β€” you're always in control.

🌍

Deploy Anywhere

On-premises, any cloud, Kubernetes, bare metal, or edge. Otoroshi runs wherever you need it β€” no call-home, no telemetry walls.

πŸ—„οΈ

Full Control Over Your Data

Every request, every config, every secret stays in your perimeter. Choose your own storage backend and export events on your terms.

Ready to Get Started?

Join the community and start managing your APIs with Otoroshi today.

Quick Start GuideJoin Discord

* These features require open source extensions from the Otoroshi ecosystem.