Architecture Overview

Learn about the NGINX Management Suite API Connectivity Manager architecture.

This documentation applies to NGINX Management Suite API Connectivity Manager 1.1.0 and later.


This topic provides an overview of the API Connectivity Manager architecture and personas.


This document introduces the following concepts.


Management Plane The management plane is an abstraction layer used to configure, monitor, and manage the layers of a network stack. API Connectivity Manager, a part of the management plane, establishes guardrails and configures rules for the data plane.
Data Plane NGINX Plus instances in the traffic path that act as load balancers, API gateways, firewalls, ingress controllers, and caching systems read and manage inbound and outbound packets.
Proxy Cluster

NGINX is widely known as a reverse proxy, and a Proxy Cluster is a set of one or more NGINX Plus servers working together. A proxy cluster keeps configurations in sync across all instances and maintains data consistency by sharing the runtime state.


  • API Gateway Cluster: A cluster of one or more NGINX Plus instances acting as a single proxy for API requests.
  • Dev Portal Cluster: A cluster of one or more NGINX Plus instances configured to act as Developer Portals. Developer portals provide a framework for hosting API documentation, provisioning access keys, and managing approval workflows. In addition, you can test your APIs with the “Try It Out” feature.

Platform Services

API Connectivity Manager uses NATS to communicate with the NGINX Management Suite platform services.

Core The core management APIs that allow you to manage licenses, add and configure users, user groups, and roles, as well as analyze data for metrics, events, and alerts.
Data Plane Manager The data plane manager (DPM) service deploys configurations to NGINX Plus instances on the data plane, manages the data plane NGINX Agents that connect back to the management plane, monitors the state of data plane resources, and generates reports and event messages.
Ingestion The ingestion service collects and stores metrics, security violations, and events from the data plane. This information can be forwarded to external data stores.


The following diagram shows how API Connectivity Manager’s components are organized and interact.

API Connectivity Manager takes an API-first approach: commands issued using the web interface are processed using the API Connectivity Manager REST API.
API Connectivity Manager architecture


Infrastructure Admin

Infrastructure Admins, interacting primarily with the management plane, manage the infrastructure for hosts.

Routine tasks

  • Configure SSO
  • Provision the infrastructure
  • Configure domain names
  • Manage data plane hosts
  • Manage certificates
  • Enforce global/enterprise policies

API Owner

API Owners oversee the API lifecycle, which they can maintain using a CI/CD pipeline.

The API Owner relies on the Infrastructure Admin to complete the initial configuration before beginning work.

Routine tasks

  • Set up an API team
  • On-board an API
  • Configure policies to meet Quality of Service (QoS) commitments
  • Select the API Gateway cluster for publishing an API
  • Select the Dev Portal cluster for publishing API documentation

Application Owner

Application Owners develop new digital experiences.

Routine tasks

  • Learn about APIs and API contracts by reading the documentation on the Dev Portal.
  • Test APIs using the “Try It Out” feature in the on-board documentation.