| accessControl | Blocks requests whose origin TCP/IP address (hostname or IP address) is not allowed to access the requested resource. | 0..1 |
| accessLog | Writes exchange metrics into a Log4j appender | 0..1 |
| accountBlocker | Keeps track of blocked user accounts (accounts become blocked after too many failed logins). | 0..1 |
| accountRegistration | Allows account registration (!Experimental!) | 0..1 |
| acme | Configures an ACME (RFC 8555) client, e.g. to retrieve TLS certificates from Let's Encrypt. | 0..1 |
| acmeHttpChallenge | See the documentation of the <acme /> element for usage details. | 0..1 |
| adminConsole | Displays up-to-date statistics, recent exchanges and, by default, allows live modification of Membrane's configuration. | 0..1 |
| api | The api proxy extends the serviceProxy with API related functions like OpenAPI support and path parameters. | 0..1 |
| apiKey | Validates API keys extracted from incoming requests and looks up permissions (scopes) via configured key stores. Extractors can read the keys from HTTP headers, query parameters and may other message part. When validation succeeds, the interceptor adds an ApiKeySecurityScheme with the resolved scopes to the Exchange. Scopes can be checked in later plugins using the SpEL function hasScope("..."). | 0..1 |
| apiKeyFileStore | Loads API keys and optional scopes from a text file. Each non-empty line must contain a key. | 0..1 |
| azureIdentity | Specifies an Azure identity for authentication. | 0..1 |
| balancer | Performs load-balancing between several nodes. Nodes sharing session state may be bundled into a cluster. | 0..1 |
| balancerHealthMonitor | Health monitor for a {@link LoadBalancingInterceptor} {@link Cluster}. Periodically checks the health of all clusters registered on the router and updates each {@link Node}'s status accordingly. When initialized, it schedules a task to call each {@link Node}'s health endpoint and marks nodes as {@link Status#UP} or {@link Status#DOWN} based on the result: If a health URL is configured for the node, it performs an HTTP request against that endpoint. Otherwise, it performs a TCP check against the node's host and port. This ensures the load balancer always has up-to-date status for routing decisions. | 0..1 |
| basicAuthentication | Blocks requests which do not have the correct RFC 1945 basic authentication credentials (HTTP header "Authentication: Basic ...."). | 0..1 |
| bean | "bean" should be used for Kubernetes only. Experimental. | 0..1 |
| beautifier | Beautifies request and response bodies. Supported are the Formats: JSON, JSON5, XML, TEXT | 0..1 |
| cache | Don't use, this does NOT implement valid HTTP caching. | 0..1 |
| call | Calls an external endpoint | 0..1 |
| chain | A Chain groups multiple interceptors into reusable components, reducing redundancy in API configurations. | 0..1 |
| chainDef | Defines a reusable chain of interceptors that can be applied to multiple APIs. | 0..1 |
| clamav | Delegates virus checks to an external Virus Scanner. | 0..1 |
| clusterNotification | Receives control messages to dynamically modify the configuration of a {@link LoadBalancingInterceptor}. | 0..1 |
| cookie | Holder for a single cookie's attributes. | 0..1 |
| cors | Cross-Origin Resource Sharing (CORS) plugin that enables secure cross-origin HTTP requests. | 0..1 |
| databaseApiKeyStore | JDBC database store for API keys and their associated scopes. Uses two tables: | 0..1 |
| defaultConfig | Default configuration for the router. | 0..1 |
| destination | Sets the destination URL for the exchange. This overrides any previous destination. | 0..1 |
| dispatching | This interceptor adds the destination specified in the target element to the list of destinations of the exchange object. It must be placed into the transport to make Service Proxies Work properly. It has to be placed after the ruleMatching interceptor. The ruleMatching interceptor looks up a service proxy for an incoming request and places it into the exchange object. The dispatching interceptor needs the service proxy to get information about the target. | 0..1 |
| elasticSearchExchangeStore | Used for storing exchanges in the Elasticsearch. | 0..1 |
| exchangeStore | Adds the current state of HTTP requests and responses to an "exchange store". | 0..1 |
| exclude | Contains a Java regex for excluding message headers. | 0..1 |
| faultMonitoringStrategy | Monitors the outcome of requests to each node to quickly disable/re-enable faulty ones. | 0..1 |
| fileUserDataProvider | A user data provider utilizing htpasswd formatted files. | 0..1 |
| for | Iterates over a collection extracted from the Exchange and applies its nested interceptors for each element. The current element is exposed in the exchange under the property key "it". Example configuration: | 0..1 |
| formValidation | Using the formValidation interceptor you can validate the input of HTML forms. | 0..1 |
| global | The global chain applies plugins to all endpoints, enabling centralized features such as global user authentication, logging, and other cross-cutting concerns. | 0..1 |
| graphQLProtection | Check GraphQL-over-HTTP requests, enforcing several limits and/or restrictions. This effectively helps to reduce the attack surface. | 0..1 |
| groovy | Executes a Groovy script. The script can access and manipulate data from the request and response. Use this or the Javascript plugin to extend the functions of Membrane by scripting. See: example/groovy for working samples | 0..1 |
| groovyTemplate | Uses the groovy template markup engine to produce HTML-based responses. <groovyTemplate><![CDATA[ html { head { title('Resource') } body { p('Hello from Membrane!') } } ]]></groovyTemplate> | 0..1 |
| headerFilter | Removes message headers matching a list of patterns. The first matching child element will be acted upon by the filter. | 0..1 |
| httpClient | The httpClient sends the request of an exchange to a Web Server using the HTTP protocol. Usually it will be globally used inside the transport. However, it is also possible to use it inside a proxy to give the proxy an individual configuration for its outgoing HTTP connection that is different from the global configuration in the transport. | 0..1 |
| httpClientConfig | Configuration container for Membrane's HTTP client. Allows defining proxy, connection, authentication, TLS, and retry behavior. Can be used as a reusable bean and referenced via . Most of its sub-elements are optional. | 0..1 |
| idempotency | Prevents duplicate request processing based on a dynamic idempotency key. | 0..1 |
| if | if allows conditional execution of nested interceptors. | 0..1 |
| include | Contains a Java regex for including message headers. | 0..1 |
| index | The index feature lists available proxys at a simple Web page. To use this feature just add a serviceProxy containing the index element. Of course you can protect the service proxy by using SSL or Username and Password. | 0..1 |
| internal | Internal proxy that can only be invoked by other proxies within the gateway. An internal proxy does not listen on any port. | 0..1 |
| javascript | Executes a Javascript. The script can access and manipulate data from the request and response. Use this or the Groovy plugin to extend the functions of Membrane by scripting. See the samples in examples/javascript. | 0..1 |
| jSessionIdExtractor | The jSessionIdExtractor extracts the JSESSIONID from a message and provides it to the {@link Balancer}. | 0..1 |
| json2Xml | Converts JSON message bodies into XML. The converter wraps the JSON document into a root element. The name of the root element is configurable. If unset, JSON objects default to "root" and JSON arrays default to "array". This interceptor reads the JSON body, converts it into XML and updates the message body and Content-Type header. The resulting XML is always UTF-8 encoded and starts with an XML prolog. | 0..1 |
| key | Experimental. | 0..1 |
| keyGenerator | Experimental. | 0..1 |
| keystore | Configuration element for a keystore holding private keys and certificates. | 0..1 |
| kubernetesValidation | Kubernetes Integration is still experimental. | 0..1 |
| limit | Limits the maximum length of a HTTP message body. | 0..1 |
| limitedMemoryExchangeStore | Stores exchange objects in-memory until a memory threshold is reached. When the threshold is reached and new exchanges arrive then old exchanges will be dropped (starting from oldest ascending) until the exchange can be stored. The LimitedMemoryExchangeStore is the default ExchangeStore Membrane uses. | 0..1 |
| log | Logs request and response messages. The messages will appear either on the console or in a log file depending on the log configuration. | 0..1 |
| login | The login interceptor can be used to restrict and secure end user access to an arbitrary web application. | 0..1 |
| memoryExchangeStore | Stores all exchanges in-memory. The Java heap will overflow if this store is used to store too many Exchanges. Use for Membrane Monitor only. | 0..1 |
| mongoDBApiKeyStore | Uses a MongoDB collection as a store for API keys and their scopes. Each document in the collection must use the API key as its _id} and may define an array field scopes listing the allowed scopes. | 0..1 |
| oauth2Resource2 | Allows only authorized HTTP requests to pass through. Unauthorized requests get a redirect to the authorization server as response. This interceptor does Session Management and can thereby translate Session IDs to OAuth2/OIDC Access Tokens. Beyond regular OIDC-compliant authorization servers, this interceptor can also be used with Azure B2C. | 0..1 |
| openapiPublisher | The openapiPublisher serves OpenAPI documents | 0..1 |
| openapiValidator | Validator for OpenAPI documents | 0..1 |
| openTelemetry | Creates an OpenTelemetry span for each HTTP request passing through. Sends the tracing data to the speficied OpenTelemetry collector. See also examples/monitoring-tracing/opentelemetry for a demo, including screenshots. | 0..1 |
| priorityStrategy | Dispatch strategy that selects cluster nodes based on ascending priority and health. Nodes are grouped by ascending priority. The highest-priority group with one or more healthy nodes (status UP) is chosen. If multiple nodes are healthy at that priority, one is selected at random. If no nodes are UP, falls back to the first node in sorted order. | 0..1 |
| prometheus | Exposes some of Membrane's internal metrics in the Prometheus format. See also examples/monitoring-tracing/prometheus for a demo, including a screenshot. | 0..1 |
| proxy | Clients can send HTTP requests to a proxy that forward the request to a Web server. It acts on behalf of the client. | 0..1 |
| rateLimiter | The rateLimiter plugin limits the number of requests of a client in a period of time. As a default the client requests are grouped by client-Ip address and then counted. There are lots of possibilities to group the requests using the keyExpression. The requests can even be counted from different clients together. | 0..1 |
| redisOriginalExchangeStore | Used for storing exchanges temporarily in Redis. Supports authentication with or without password and username | 0..1 |
| regExReplacer | Runs a regular-expression-replacement on either the message body (default) or all header values. | 0..1 |
| rest2Soap | Converts REST requests into SOAP messages. | 0..1 |
| return | Terminates the exchange flow. The returned response is determined in the following order: | 0..1 |
| reverseProxying | Rewrites the scheme, hostname and port in the "Location" header in HTTP responses, as well as in the "Destination" header in HTTP requests. The rewriting reflects the different schemes, hostnames and ports used to access Membrane vs. the target HTTP server. | 0..1 |
| router | Membrane API Gateway's main object. | 0..1 |
| serviceProxy | A service proxy can be deployed on front of a Web server, Web Service or a REST resource. It conceals the server and offers the same interface as the target server to its clients. | 0..1 |
| setCookies | Adds one or more Set-Cookie headers to the HTTP response for session handling, user preferences, or tracking purposes. Supports computing expiry, setting standard attributes like Domain and Path, and building a compliant cookie string. Useful for enriching responses with configurable cookies directly at gateway level without backend involvement. | 0..1 |
| shutdown | Shutdown interceptor. | 0..1 |
| soap2Rest | Converts SOAP messages into REST requests. | 0..1 |
| soapBody | Renders a SOAP body for legacy integration | 0..1 |
| soapProxy | A SOAP proxy automatically configures itself using a WSDL description. It reads the WSDL to extract: | 0..1 |
| soapStackTraceFilter | The soapStackTraceFilter removes SOAP stack traces from message bodies. | 0..1 |
| ssl | Configures inbound or outbound SSL connections. | 0..1 |
| staticUserDataProvider | A user data provider listing all user data in-place in the config file. | 0..1 |
| statisticsCSV | Writes statistics (time, status code, hostname, URI, etc.) about exchanges passing through into a CSV file (one line per exchange). | 0..1 |
| statisticsJDBC | Writes statistics (time, status code, hostname, URI, etc.) about exchanges passing through into a database (one row per exchange). | 0..1 |
| stompProxy | Proxies incoming STOMP CONNECT requests. Use a <stompClient> to forward these requests so some other machine. | 0..1 |
| tcp | Allow HTTP protocol upgrades to the TCP protocol. After the upgrade, the connection's data packets are simply forwarded and not inspected. | 0..1 |
| template | Renders the body content of a message from a template. The template can produce plain text, Json or XML. Variables in the template are substituted with values from the body, header, query parameters, etc. If the extension of a referenced template file is .xml it will use XMLTemplateEngine otherwise StreamingTemplateEngine. Have a look at the samples in examples/template. | 0..1 |
| throttle | The throttle feature can slow down traffic to thwart denial of service attacks. | 0..1 |
| time | Measures the end-to-end processing time of the child interceptor flow and logs an aligned summary. If an OpenTelemetry parent Span is present on the {@link Exchange}, a child sub-span is created around the measured section so timing data is exported to OTel as well. | 0..1 |
| transform | The transform feature applies an XSLT transformation to the content in the body of a message. After the transformation the body content is replaced with the result of the transformation. | 0..1 |
| transport | The transport receives messages from clients and invokes interceptors in the request and response flow. The interceptors that are engaged with the transport are global and are invoked for each message flowing through the router. | 0..1 |
| trust | Allows to insert one or more PEM blocks containing the certificates to be trusted directly into the proxies.xml file. | 0..1 |
| truststore | Configuration element for a truststore containing trusted CA certificates. | 0..1 |
| urlNormalizer | Replaces "/./" in the request URI's path by "/". | 0..1 |
| webServer | Serves static files based on the request's path. | 0..1 |
| webSocket | Allow HTTP protocol upgrades to the WebSocket protocol. After the upgrade, the connection's data packets are simply forwarded and not inspected. | 0..1 |
| wsdlPublisher | The wsdlPublisher serves WSDL files (and attached XML Schema Documents), if your backend service does not already do so. | 0..1 |
| wsdlRewriter | The wsdlRewriter rewrites endpoint addresses of services and XML Schema locations in WSDL documents. | 0..1 |
| xml2Json | If enabled converts body content from xml to json. | 0..1 |
| xmlContentFilter | The xmlContentFilter removes certain XML elements from message bodies. The elements are described using an XPath expression. | 0..1 |
| xmlProtection | Prohibits XML documents to be passed through that look like XML attacks on older parsers. Too many attributes, too long element names are such indications. DTD definitions will simply be removed. | 0..1 |
| xmlSessionIdExtractor | Extracts a session ID from an XML HTTP request body based on the qualified name of an XML element. | 0..1 |