Getting Started

Get up and running with API-Fence in minutes

API-Fence is a high-performance Envoy HTTP filter that validates requests and responses against your OpenAPI specification. This guide will help you get started quickly.

Prerequisites

Envoy Proxy 1.28+ with dynamic module support
An OpenAPI 3.x specification file

Installation

Using Pre-built Binary

Download the latest release from GitHub Releases:

# Download the latest release
curl -LO https://github.com/proxyconf/api-fence/releases/latest/download/api_fence.so

# Move to Envoy's module directory
mv api_fence.so /etc/envoy/modules/

Building from Source

git clone https://github.com/proxyconf/api-fence.git
cd api-fence
cargo build --release

Basic Configuration

Add API-Fence to your Envoy configuration:

http_filters:
  - name: envoy.filters.http.dynamic_modules
    typed_config:
      "@type": type.googleapis.com/envoy.extensions.filters.http.dynamic_modules.v3.DynamicModuleFilter
      dynamic_module_config:
        name: api_fence
        do_not_close: true
      filter_name: api_fence
      filter_config: |
        {
          "api_name": "my_api",
          "openapi_spec_path": "/etc/envoy/openapi.yaml",
          "validation": {
            "validate_request": true,
            "validate_response": false
          }
        }

What’s Next?

Configuration Reference - Full configuration options
ModSecurity WAF - Enable WAF protection with bundled CRS
Examples - Real-world configuration examples