Gravitee APIM uses plans, applications, and subscriptions to govern API exposure. A published Gateway API is visible in the Developer Portal but cannot be consumed without a published plan. A Keyless plan can be consumed immediately, but all other authentication types require the API consumer to register an application and subscribe to a published plan. This system promotes granular control over API access.
| Plans | Instead of requiring external tools and backend modification to support API access, APIM deploys Gateway APIs with plans that can quickly iterate on and extend functionality | plans | |
| Applications | An application allows an API consumer to register and agree to a plan, resulting in a subscription, and allows an API publisher to monitor and control API access | ||
| Subscriptions | An API consumer uses a registered application to create a subscription request to a published plan | subscriptions.md |