API Economy
The API Economy is Apiway’s cross-organisation marketplace. Producers publish APIs for external consumption; consumers discover, subscribe, and integrate — with governance, metering, and isolation at every step.
Publishing to the Marketplace
Section titled “Publishing to the Marketplace”Producers control visibility with exposure flags:
| Exposure | Visibility |
|---|---|
| Internal | Only your organisation |
| Partner | Specific partner organisations |
| Public | Anyone on the platform |
Set the exposure level when creating or updating an API. Public and partner APIs appear in the marketplace catalogue. Products (bundles of APIs) have the same exposure controls.
Trust Signals
Section titled “Trust Signals”The marketplace isn’t a free-for-all. Apiway’s quality toolchain provides trust signals for every listed API or Product:
- Compliance score — How well the API meets design standards
- Recommendation count — Outstanding improvement suggestions
- SLA definition — Clear service level commitments
- Governance history — Has this API been reviewed and approved?
Consumers can assess quality before subscribing.
Cross-Tenant Subscribe Pipeline
Section titled “Cross-Tenant Subscribe Pipeline”Subscribes across tenants are orchestrated by a programme pipeline with two cooperating runners and a Redis-stream transport — never in-process tenant impersonation.
-
Consumer initiates — a tenant clicks Subscribe on a marketplace API or Product. The request carries the marketplace
catalogueId(string). -
Consumer-side onboard —
ConsumerOnboardServicecreates a local Api mirror (prospect → promoted API withCatalogueIdback-link to the marketplace row), imports the spec, and records an in-progress dependency. For Product subscribes, a consumer-sideApiProductmirror is also created with a bundle subscription row set toStatus = Requested. -
Originator publishes —
CrossTenantSubscribeOriginatorRunnerpublishes a request message to the cross-tenant request Redis stream, keyed on the producer tenant. The programme records “awaiting producer approval”. -
Producer receives —
CrossTenantSubscribeReceiverRunneron the producer pod consumes the stream, resolves catalogue → producer tenant + API, ensures a localConsumerrecord, and creates the producer-sideApiSubscription+ApprovalFlow. Scopes requested by the consumer are intersected with the producer API’s OAS-declared scopes — unknowns are dropped. -
Producer approves — governance runs (auto or manual). On approval,
GovernanceApiServicepublishes a response message on the cross-tenant response stream with the credential, granted scopes, granted SLA variant, and producer gateway URL. -
Consumer reconciles — the Originator’s callback reconciliation phase creates/updates the consumer’s upstream subscription row, snapshots the producer’s OSS into a consumer-side OpenSlaSpecification with
Distribute = true(so it resolves as the currently-applied SLA), triggers a consumer-side deploy, and marks the dependencyCompleted.
Public URL Invariants
Section titled “Public URL Invariants”Consumer-facing rows must never carry a producer-internal URL (e.g. *.svc.cluster.local inside the producer’s cluster). The production invariants:
InstanceDto.PublicBaseUrlis derived server-side from the gateway instance’s hostname +ProjectCodeName. For in-cluster gateways this maps tohttps://{first-label}.gateway.apiway.net/{ProjectCodeName}; otherwise the host/port pass through verbatim.DeploymentJob.GatewayBaseUrlis stamped fromPublicBaseUrl(single source of truth).- When the worker’s response carries an internal URL,
DeploymentResponseStoreCommand.ComposePublicGatewayPathUrlretargets onto the public base before persisting. - Integration tests enforce the rule via
ConsumerFacingUrlInvariants.AssertPublic.
Custom domains take precedence — when set on the deployment’s CustomDomains, the marketplace publisher uses https://{customDomain} instead of the derived public base.
API-Level P&L
Section titled “API-Level P&L”Apiway tracks economics at the API and Product level:
| Metric | Meaning |
|---|---|
| Revenue RU | Resource units consumed by subscribers of your APIs |
| Cost RU | Resource units you consume from external APIs |
| Margin | Revenue minus cost per API |
The Wealth Engine aggregates this into a portfolio-level balance sheet:
- Which APIs generate the most revenue?
- Which APIs cost the most to consume?
- Are any produced APIs running at negative margin?
- What’s the total API economy balance for the organisation?
Dependency Mapping
Section titled “Dependency Mapping”When a produced API depends on a consumed external API (the aggregator pattern), Apiway tracks the dependency with a SupplierId back-link:
- Cost attribution — The consumed API’s cost is attributed to the produced API
- Margin calculation — Revenue from the produced API minus the cost of its dependencies
- Risk awareness — If a dependency’s SLA is worse than the produced API’s SLA, it’s flagged
- Supplier chip — The consumer subscription view surfaces supplier metadata (display name, support email, status page, verified badge)
Onboarding External APIs
Section titled “Onboarding External APIs”For APIs that exist outside the Apiway marketplace (third-party APIs), the consumer onboarding pipeline brings them under management:
curl -X POST https://core.api.apiway.net/v1/programmes/consume \ -H "Authorization: Bearer $TOKEN" \ -d '{ "name": "Stripe Payments", "specification": "<base64-encoded OAS>", "targetUrl": "https://api.stripe.com" }'This deploys the external API through your gateway for metering and compliance — without the marketplace / governance / cross-tenant handshake.