Skip to main content

Why We Built an AI-Native Open-Source API Gateway

Β· 3 min read
Christophe Aboulicam
Christophe Aboulicam
Founder & CTO at HLFH
STOA Team
STOA Team
The STOA Platform Team

STOA Platform is an open-source, AI-native API gateway built for the Model Context Protocol (MCP) era. It bridges legacy APIs and AI agents with unified governance, European sovereignty, and zero vendor lock-in β€” all under Apache 2.0.

We're excited to announce STOA β€” an API Gateway built for the AI era.

Why STOA?​

The rise of AI agents and the Model Context Protocol (MCP) has created new challenges for enterprise API management:

  • AI agents need secure access to enterprise tools and data
  • Traditional API gateways were not originally designed for MCP traffic
  • Enterprises need governance over how AI interacts with their systems

STOA bridges this gap by providing a unified platform for both traditional APIs and MCP-enabled AI agents.

What is STOA?​

STOA is a cloud-native, multi-tenant gateway platform that combines:

  • MCP Gateway β€” Secure AI agent access to enterprise tools
  • API Gateway β€” Traditional REST/GraphQL API management
  • Developer Portal β€” Self-service API/tool discovery and subscription
  • Admin Console β€” Centralized governance and monitoring

Architecture​

STOA follows a Control Plane / Data Plane separation:

Control Plane: Core API, Portal, Console
     ↓ config sync
Data Plane: MCP Gateway, webMethods Gateway

This architecture enables independent scaling and deployment of management vs. traffic components.

Key Features​

For Developers​

  • Browse and subscribe to APIs and MCP tools
  • Generate API keys with fine-grained scopes
  • View usage dashboards and documentation

For Platform Teams​

  • Multi-tenant isolation
  • RBAC with 6 personas and 12 scopes
  • 35 MCP tools for platform operations
  • GitOps-native with ArgoCD support

For Security Teams​

  • mTLS / OAuth2 / Hybrid security modes
  • OPA policy engine integration
  • Audit logging and compliance

What's Next?​

We're targeting MVP release (v0.1.0) on February 26, 2026.

Check out our Roadmap for the full timeline, including:

  • Q2 2026: Rate limiting, usage metering, audit logging
  • Q3 2026: CLI tool, Terraform provider, SDKs
  • Q4 2026: High-performance Rust gateway (planned)

Get Started​

We're building in public and welcome contributions. Join us!

Frequently Asked Questions​

Is STOA free?​

Yes, STOA is fully open source under Apache 2.0. There are no enterprise-only features or paywalls. Multi-tenancy, the developer portal, admin console, and all governance capabilities are included in the open-source distribution. Read more about our licensing philosophy in Why Apache 2.0, Not BSL.

What makes STOA different from Kong or Envoy?​

STOA is the first open-source gateway with native MCP support β€” the protocol that AI agents use to discover and invoke tools. While Kong and Envoy are excellent HTTP proxies, STOA is built from the ground up for multi-tenancy, European data sovereignty, and hybrid deployment models. See our detailed comparison in Open Source API Gateway Guide 2026.

How do I get started?​

The fastest way to try STOA is with our Docker Compose quick start. You can have a running instance with the gateway, portal, and console in under 15 minutes. Check out the Quick Start Guide for step-by-step instructions.

The STOA Team