Getting Started with STOA
STOA Platform is currently in private beta. Request access to get started, or explore the Architecture Overview and Enterprise Use Cases to learn more.
Welcome to STOA Platform β an open-source, AI-native API management platform designed for the MCP era.
STOA bridges traditional APIs and AI agents through the Model Context Protocol (MCP), enabling Claude, GPT, and other AI agents to discover and call your APIs automatically β with full governance, tenant isolation, and audit trails.
What is STOA?β
STOA is a cloud-native API gateway and management platform built on Kubernetes. It combines the features of a traditional API gateway with native support for AI agent protocols:
- MCP Gateway β AI agents discover and invoke your APIs via the Model Context Protocol, with automatic schema generation and tool registration
- Multi-Tenant Isolation β Each tenant gets its own Kubernetes namespace, Keycloak realm, and database schema for complete data separation
- GitOps-First Configuration β All API definitions, policies, and tenant configurations managed declaratively through Git and ArgoCD
- OIDC/OAuth2 Authentication β Integrated Keycloak for standards-based identity federation, supporting LDAP, SAML, and social providers
- Developer Portal β Self-service API discovery, documentation browsing, and subscription management for developers and API consumers
- Enterprise Observability β Prometheus metrics, Grafana dashboards, and OpenSearch for logs and error snapshots β all built-in
Architecture at a Glanceβ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CONTROL PLANE (Cloud) β
β β
β Console Portal API Auth Observability β
β (React) (React) (FastAPI) (Keycloak) (Grafana+Prom) β
β β
ββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββββ
β orchestrates
βΌ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β DATA PLANE (On-Premise or Cloud) β
β β
β STOA Gateway (Rust) Legacy Adapters β
β β’ MCP Protocol β’ webMethods β
β β’ REST Proxy β’ Kong β
β β’ Rate Limiting β’ Gravitee β
β β’ mTLS β’ Apigee β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
The Control Plane handles API catalog management, authentication, and observability. The Data Plane runs your gateway (Rust-based STOA Gateway or a sidecar alongside existing gateways) close to your APIs.
Quick Startβ
Once you have beta access, you can interact with STOA in three ways:
| Path | URL | Best For |
|---|---|---|
| Console UI | console.gostoa.dev | Visual management, API catalog, observability |
| REST API | api.gostoa.dev/v1 | Automation, CI/CD pipelines, scripting |
| MCP Gateway | mcp.gostoa.dev | AI agents (Claude, GPT, custom agents) |
See the Quickstart Guide for a step-by-step walkthrough.
Key Differentiatorsβ
| Feature | Traditional Gateway | STOA |
|---|---|---|
| AI Agent Support | Not designed for it | Native MCP Gateway |
| API Discovery | Manual documentation | Auto-discovery via MCP |
| First API Call | Days to weeks | Seconds (with MCP) |
| Tenant Isolation | Shared infrastructure | Namespace-level isolation |
| Configuration | GUI or imperative API | GitOps-first (ArgoCD) |
| Hosting | Vendor-managed | Self-hosted, EU-ready |
| License | Proprietary | Apache 2.0 |
Who is STOA For?β
- Platform teams modernizing legacy API gateways (webMethods, DataPower, Oracle OAM)
- Enterprise architects building multi-tenant API platforms with strong isolation
- AI/ML teams connecting AI agents to enterprise APIs through MCP
- Regulated industries (finance, healthcare, government) needing European data sovereignty and NIS2/DORA supportive features
Next Stepsβ
- Architecture Overview β Understand STOA's component architecture
- Quick Start Guide β Deploy your first tenant and register an API
- Authentication Setup β Configure Keycloak OIDC
- MCP Gateway Concepts β Learn how AI agents interact with STOA
- Migration Guides β Migrate from webMethods, Kong, Apigee, or Oracle OAM
- API Reference β Explore the Control Plane API